ࡱ> 945678zakW7{y3T( <( / 0DTimes New RomanTTtܖ 0ܖDStarSymbolomanTTtܖ 0ܖ DCourier NewmanTTtܖ 0ܖ10DZedier NewmanTTtܖ 0ܖ@DSymbol NewmanTTtܖ 0ܖPDMicrosoft Sans Serifܖ 0ܖ"`Dcmsy10ft Sans Serifܖ 0ܖ"d(.2  @n?" dd@  @@`` 8 0 (,034555446544#%&DFGH(LMFPQRSXYZ[\]v_cdefjklm]FGL3$!g4W3?a=IM@$N/X$r$kW7{y3Ti 0e0e    A A5% XX     ?1 d0u0@Ty2 NP'p<'pA)BCD|E|| "0e@     @ABC DEEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN E5%  N E5%  N F   5%    !"?N@ABC DEFFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab fff3@8DO g4BdBd 0ppp@ <4 k 0TPg4;d;d0 0(p@ pp?O ʚ;U_8ʚ;<4dddd l 0 <4BdBd l 0 ]0___PPT10 ___PPT9nsgXVUPNG  IHDR ?PLTE)g?]mS tRNSSOx?IDATx% 0@Plb DأH/3U }yRʒDhYD \&i_RJDgIENDB`nLb$C#PNG  IHDR+PLTEBvNan&BA ! tRNSSOx7IDATx5YAE7 Rp"p&gƝxdTU6cy~[/åIENDB` nbRpFPNG  IHDR ?PLTE> i -=Psb tRNSSOxBIDATx- 1 1+^H& Z$9>\̀wָtO 7m>H"IENDB`0nda"FPNG  IHDR+PLTE^.?-d,?" !_D E  kE" +0E @E-P v?" dd   " @ `Pu" ddu dd u" dd@u dd`udd`dpu" ddu dd u" dd@u dd`uddu" ddu dd u" dd@u dd`udd +#@(    H31  1 W#Click to edit the title text format$ $  B61 , 1 Click to edit the outline text format Second Outline Level Third Outline Level Fourth Outline Level Fifth Outline Level Sixth Outline Level Seventh Outline Level Eighth Outline Level Ninth Outline Level&g <  c $ ? ̙33___PPT10e.+D=' = @B +f___PPT9HJPJpJJ  1_Default Design* 0  F(  ^  S  ?z7     0d  92  0 <  c $vn ? ̙3380___PPT10.X5W  0L0 f^0 (      ND0 x   F2 X  x @   N 3 m  J6  X  x @B  s *?rs ? ̙33y___PPT10Y+D=' = @B +-  0L0 '' (   r   S    B   3 EFQvUVW33XX?""bBH`T>H; tA+computr1"`m +B   H33XX?"6@`NNN?N wB   jEPFPQFUVW33TT`T`T`T`T~V#V# ~ ~**=7`T=7o- P Po-o-o- P P o- o- o- P Po-o-o-TOTO o- o-o-dQ0dQ0o-o-d@8d";d";@8@8dYBd;Ed;EYBYBd*Md Pd P*M*Mdo-%Q0%Q0(o-(o-%@8%";%";(@8(@8%YB%;E%;E(YB(YB%*M% P% P(*M(*M%*=7*<*NN*`T*=7** ***%(@`@@@@@@@@@@@@@@@@ 0*`T`T0*`T`T0*`T`T0*WMRznserver"`     6  XX?"6@ NNN?N}W U Web browser (2      6 XX?"6@ NNN?N   U Application (2      6 XX?"6@ NNN?NM'7m RDatabase (2       0e0e    B CDEF 5% XX     ?A)BCD|E|| @s "0e@    @ABC DEEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN E5%  N E5%  N F   5%    !"?N@ABC DEFFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab ' ,$@ 02   <6 XX?"6@ NNN?N  ,$ 0 T User input (2   B   BDXX?"0@NNN?N 7 ,$@ 06   <P XX?"6@ NNN?N G ,$ 0 XDatabase query(2  W   < XX?"6@ NNN?N ,$ 0 y/Application generates query based on user input0(20 0 B $ @ N DXX?"0@NNN?N g' ,$@  08 %  H>pXX?"0@NNN?NM gWm ,$ 0 T Result set (2   6 &  H5XX?"0@NNN?N W ,$  0 RWeb page (2   B '  N DXX?"0@NNN?N- g= ,$@ 0H   0?rs ? ̙33kc___PPT10C..l u+qD' = @B D' = @BA?%,( < +O%,( < +D' =%(Du' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =%(Du' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<* %(D' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*' %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*% %(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*$ %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*& %(++0+ 0 ++0+ 0 ++0+ 0 ++0+% 0 ++0+& 0 +   0L0 `Z(     N    F2 X  x @4  0 String query =  SELECT * FROM users WHERE username =   + strUName +   AND password =   + strPasswd +   ; ;|{ 2)ffffff@=  $       0g ,$ 0 tExpected input: SELECT * FROM users WHERE username =  John AND password =  JohnsPass ;t\'ffff ff&P      0 ',$ 0 ^Result: John logs in 2  B  s *?rs ? ̙33LD___PPT10$+qoD' = @B DS' = @BA?%,( < +O%,( < +DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(+p+0+0 ++0+0 +   0L0 `(     Z>    R>t X  x @  0d>` ,$ 0 <Malicious input: SELECT * FROM users WHERE username =   AND password =   OR   =   ;T]=ff ff ] Q  0,$ 0 uResult: Malicious user logs in as first user identified in the database. Frequently, the administrator!v 2v v 4  0 String query =  SELECT * FROM users WHERE username =   + strUName +   AND password =   + strPasswd +   ; ;|{ 2)ffffff@=  $     B  s *?rs ? ̙33LD___PPT10$+~zD' = @B DS' = @BA?%,( < +O%,( < +DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(+p+0+0 ++0+0 +  0 |P(  |r | S m    | S ,<$@ 0  H | 0?rs ? ̙33  ___PPT10 .t 1+ED^ ' = @B D ' = @BA?%,( < +O%,( < +D' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*|Tv%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*|v%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*|%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*|%(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*|%(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*|%(+z  0 800(  r  S d   &  < XX?"6@ NNN?N7,$@ 0 HAttacker registers online: Username: admin -- Password: password INSERT INTO users VALUES( admin  -- ,  password )(2& 2(23 2 ff  ff ffffffff&U    2  N338cXX?"6@`NNN?N 7 ,$D 0H  0?rs ? ̙33___PPT10.&fs+\GD' = @B DQ' = @BA?%,( < +O%,( < +DL' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*.%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*.A%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*Bu%(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(+  0 @j(  d  <4 XX?"6@ NNN?N7?  Attacker changes password: Username: admin -- OldPass: password NewPass: backdoor (27 2(2 ff  ff  ff @.         T    *@H  0?rs ? ̙33___PPT10i.&fs+D=' = @B +   0  P(    < XX?"6@ NNN?N,$@ 0 dApplication checks correctness of old password: sql =  SELECT * FROM users WHERE username =  admin  -- AND password =  password  ; rso.open( sql, cn ); if (rso.EOF) {...}0(2 2/ /ffffff.ff0  X           Tl    &q@H  0?rs ? ̙33___PPT10.&fs+DZ' = @B D' = @BA?%,( < +O%,( < +DL' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*0%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(+*   0 `(    < XX?"6@ NNN?Nw ,$D 0 Admin s password gets changed: sql =  UPDATE users SET password =   + newpass +   WHERE username =   + rso( username ) +    ; UPDATE users SET password =  backdoor WHERE username =  admin -- (2 2 ffffffh   '     O   Tp    &q@H  0?rs ? ̙33___PPT10.&fs+ CD~' = @B D9' = @BA?%,( < +O%,( < +D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(+0?  0L0 P/d(     N    F2 X  x @   N m<$ 0  F2 X  x @"  T $33XX?"6@`NNN?N  ,$D 0 6Application code query =& (   , l  ]  (  ,$D  02  HXX?"6@`NNN?N w r  NG!XX?"6@`NNN?N= ] 2  HXX?"6@`NNN?N} 2  HXX?"6@`NNN?N  2  HXX?"6@`NNN?NW= G- R  B TZGn HkIn XX?"0@NNN?NT  b ! NG0*H6IXX?"0@NNN?N W b " NG0*H[IuXX?"0@NNN?NG  B # BDXX?"0@NNN?NW M M R $ TGHIXX?"0@NNN?No  b %B TG0*H2ILXX?"0@NNN?NZ z` b & TGHk.I,hXX?"0@NNN?NT  ' HXX?"6@`NNN?N .  3 * <\* XX?"6@ NNN?N ' ' ,$  0 U Table lists (2   ? + <. XX?"6@ NNN?N ,$  0 aConditional expressions(2  r , H XX?"6@`NNN?NC > ,$@ 0r - H XX?"6@`NNN?N Gw ,$@ 08 . <2 XX?"6@ NNN?Ne,$ 0 ZSelect statement(2  r / H2,d XX?"6@`NNN?NG',$@ 0B  s *?rs ?o !"$%& ̙33*)")___PPT10)+D&' = @B D&' = @BA?%,( < +O%,( < +DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =%(D' =%(D7' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*(%(D' =-s6Bwipe(left)*<3<*(D ' =%(DX ' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%9%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*.%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*/%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*-%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*,%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<**%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*+%(D, ' =%(D ' =%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*(%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<*%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<*.%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*/%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*,%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*-%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<*+%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<**%(D' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*9I%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*Io%(D' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*o{%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*{%(++0+0 ++0+0 ++0+0 ++0+*0 ++0+*0 ++0++0 ++0++0 ++0+.0 ++0+.0 +  0L0 H@0(  0 0 0Wmw% ,$ 0 String query =  SELECT * FROM stock WHERE  + strID +  = id ; for( int i = 0; i < dat.length(); i++) query = query +  AND  + dat[i] +  =  + inp[i];  2 ff ff]ff*ff4  (        8    0  Zj    R>t X  x @ 0 08mmws,$ 0 pString query =  SELECT * FROM stock WHERE  + strID +  = id ; j_ 2"ff ff&6  $ B 0 s *?rs ? ̙33;3___PPT10+X]DO' = @B D ' = @BA?%,( < +O%,( < +Da' =%(%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*0%(D' =%(D' =%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<*0%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*0%(++0+00 ++0+00 ++0+00 +   0L0    @ (  @ @ 0xmw%  lString query =  SELECT * FROM stock WHERE  + strID +  = id ; for( int i = 0; i < dat.length(); i++) query = query +  AND  + dat[i] +  =  + inp[i];   2ff ff\ffff 2  (        8    @ HXX?"6@`NNN?N g "  @ HXX?"6@`NNN?N" g r  @  Z    R>t X  x @   @ <ě XX?"6@ NNN?Ng Gm  bfrom dropdown menu(2    @ HXX?"6@`NNN?N-0  b  @ TG0*H,NI@XX?"0@NNN?N / g  @ < XX?"6@ NNN?N g K  Vyear min (2     @ <P XX?"6@ NNN?N '   _dat(2  B @ s *?rs ?  @ @ @ ̙33y___PPT10Y+D=' = @B +   0L0 `(  ` ` 0$mw%  TString query =  SELECT * FROM stock WHERE  + strID +  = id ; for( int i = 0; i < dat.length(); i++) query = query +  AND  + dat[i] +  =  + inp[i];   2ff ff\ff(fft2  (        A  ` HXX?"6@`NNN?N "  ` HXX?"6@`NNN?N g "  ` HXX?"6@`NNN?N" g r  ` HXX?"6@`NNN?N" r  `  Zh    R>t X  x @  ` <p XX?"6@ NNN?Ng Gm  bfrom dropdown menu(2    ` <p XX?"6@ NNN?Ng m  V from textbox (2     ` HXX?"6@`NNN?N-0    ` HXX?"6@`NNN?N- b  ` TG0*H,NI@XX?"0@NNN?N / g b  ` TG0*HIXXX?"0@NNN?N Og  ` <P XX?"6@ NNN?N g K  Vyear min (2     ` < XX?"6@ NNN?N '   _dat(2   ` <, XX?"6@ NNN?N WK  U2004 15(2    ` < XX?"6@ NNN?N   _inp(2  B ` s *?rs ?/@` ` ` ` ` ` ̙33y___PPT10Y+D=' = @B +    0L0 /'p(  pr p 0mw%  String query =  SELECT * FROM stock WHERE  + strID +  = id ; for( int i = 0; i < dat.length(); i++) query = query +  AND  + dat[i] +  =  + inp[i];  2ff ff]ff*fft2  (        A  p HXX?"6@`NNN?N "  p HXX?"6@`NNN?N g "  p HXX?"6@`NNN?N" g r  p HXX?"6@`NNN?N" r  p  Z    R>t X  x @  p HXX?"6@`NNN?N-0    p HXX?"6@`NNN?N-  p < XX?"6@ NNN?N g K  Vyear min (2     p <X XX?"6@ NNN?N '   _dat(2   p < XX?"6@ NNN?N WK  U2004 15(2    p < XX?"6@ NNN?N   _inp(2   p < XX?"6@ NNN?N= ' )  pFiltered with { delete ,  xp\_ ,  = ,  from ,  or }69 2'&   B p s *?rs ? ̙33y___PPT10Y+D=' = @B +u  0L0 | H(  HR H 0mw%  String query =  SELECT * FROM stock WHERE  + strID +  = id ; for( int i = 0; i < dat.length(); i++) query = query +  AND  + dat[i] +  =  + inp[i];  2ff ff]ff*ff t2  (        A  H HXX?"6@`NNN?N "  H HXX?"6@`NNN?N g "  H HXX?"6@`NNN?N" g r  H HXX?"6@`NNN?N" r  H  Z*    R>t X  x @  H HXX?"6@`NNN?N-0    H HXX?"6@`NNN?N-  H <0 XX?"6@ NNN?N g K  Vyear min (2     H <2 XX?"6@ NNN?N '   _dat(2   H <6 XX?"6@ NNN?N WK  U2004 15(2    H <: XX?"6@ NNN?N   _inp(2  W H <A XX?"6@ NNN?N-w ASELECT * FROM stock WHERE 982 = id AND year = 2004 AND min = 15<B 2ffffffffff B  H < P XX?"6@ NNN?N= ' )  rFiltered with { delete ,  xp\_ ,  = ,  from ,  or }J: 2'&   B H s *?rs ? ̙33y___PPT10Y+D=' = @B +[   0L0 jbh(  hR h 0Xmw%  String query =  SELECT * FROM stock WHERE  + strID +  = id ; for( int i = 0; i < dat.length(); i++) query = query +  AND  + dat[i] +  =  + inp[i];  2ff ff]ff*ff t2  (        A  h HXX?"6@`NNN?N "  h HXX?"6@`NNN?N g "  h HXX?"6@`NNN?N" g r  h HXX?"6@`NNN?N" r  h  Zm    R>t X  x @ h HXX?"6@`NNN?N-0    h HXX?"6@`NNN?N-   h <\p XX?"6@ NNN?N g K  Umin min(2     h < u XX?"6@ NNN?N '   _dat(2    h <8x XX?"6@ NNN?N W'K  T14 15)(2     h <| XX?"6@ NNN?N   _inp(2  W h < XX?"6@ NNN?N-w ASELECT * FROM stock WHERE NOT(1 = id AND min = 14 AND min = 15)<B 2ffffffffff B  h < XX?"6@ NNN?N= ' )  pFiltered with { delete ,  xp\_ ,  = ,  from ,  or }<9 2'&   B h s *?rs ? ̙33y___PPT10Y+D=' = @B +?  0L0  ??@ ;(     Z$    R>t X  x @ t B XX?"6@ NNN?N   O)(2   p B XX?"6@ NNN?N w  O=(2   s B4 XX?"6@ NNN?N   Oz(2   ^ B XX?"6@ NNN?N 7  Pid(2   ] B XX?"6@ NNN?N   O=(2   [ B8 XX?"6@ NNN?N   O((2   \ B XX?"6@ NNN?N WG  Ox(2   n B XX?"6@ NNN?N W  Qmin(2   _ B< XX?"6@ NNN?N G  QAND(2   K B XX?"6@ NNN?N 7  QNOT(2   E B XX?"6@ NNN?N= ' ']  Sstock(2    B@ XX?"6@ NNN?N] 7 }  SWHERE(2    B XX?"6@ NNN?N=  ]  RFROM(2    B XX?"6@ NNN?N= W]  TSELECT(2  2  NXX?"6@`NNN?N ] 2  NXX?"6@`NNN?N '] 2  NXX?"6@`NNN?N 7 ]   BXX?"0@NNN?N- '-   BXX?"0@NNN?N- 7 - 2  NXX?"6@`NNN?N ]   BXX?"0@NNN?N- -   BXX?"0@NNN?N- - 2 # NXX?"6@`NNN?N ] 2 2 NXX?"6@`NNN?N 7 2 4 NXX?"6@`NNN?N   B B XX?"6@ NNN?N= ]  O*(2   M s 0e0e    BCDE(F A@  A5% XX     ?A)BCD|E|| XptX ( Xp8P @   # "0e@       @ABC DEEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN E5%  N E5%  N F   5%    !"?N@ABC DEFFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab-  2 N NXX?"6@`NNN?N W 2 O NXX?"6@`NNN?N w 2 P NXX?"6@`NNN?N ' 2 Q NXX?"6@`NNN?N 7 2 R NXX?"6@`NNN?N G 2 S NXX?"6@`NNN?N} G T BXX?"0@NNN?N   V BXX?"0@NNN?N 7  W BXX?"0@NNN?N Ww  X BXX?"0@NNN?N   Y BXX?"0@NNN?N '  Z BXX?"0@NNN?N 7 2 ` ZԔXX?"6@`NNN?N 7 2 b NXX?"6@`NNN?N W 2 c NXX?"6@`NNN?N  2 d NXX?"6@`NNN?N ' 2 e NXX?"6@`NNN?N} 7  g BXX?"0@NNN?N } h@ BXX?"0@NNN?N7  i BXX?"0@NNN?N   } j BD XX?"6@ NNN?N  O=(2   k B XX?"6@ NNN?N- 'M Qmin(2   l B XX?"6@ NNN?N-  M Oy(2   m BXX?"0@NNN?N G'  o BXX?"0@NNN?N   q BXX?"0@NNN?N W  r BXX?"0@NNN?N  b v@ ZZG@4HtPIXX?"0@NNN?N   w B XX?"6@ NNN?N]w} T (2d2 | NXX?"6@`NNN?N=W } BXX?"0@NNN?N '=  HXX?"0@NNN?NmW -  HXX?"0@NNN?N g-  HXX?"0@NNN?N-' g-W  < XX?"6@ NNN?Nw ASELECT * FROM stock WHERE NOT(1 = id AND min = 14 AND min = 15)<B 2ffffffffff B B  s *?rs ?o##42T!2NV#NOW%OPX'PQY)QRZ-RSg/Seh1eQi2Rdm4dco6cbq8b`r:42v@4|}B|C`D ̙33y___PPT10Y+D=' = @B +uK  0L0 !CCD ?(     ZL    R>t X  x @<F = 7-  = 7- % s 0e0e    BCDE(F @  5% XX     ?A)BCD|E|| XptX ( Xp8P @   # "0e@       @ABC DEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN 5%  N 5%  N    5%    !"?N@ABC DEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab-    B XX?"6@ NNN?N   O)(2    Bd XX?"6@ NNN?N w  O=(2    B XX?"6@ NNN?N   Oz(2    B XX?"6@ NNN?N 7  Pid(2     B XX?"6@ NNN?N  O=(2     Bt# XX?"6@ NNN?N   O((2     B' XX?"6@ NNN?NW G  Ox(2      B* XX?"6@ NNN?N W  Qmin(2      B`. XX?"6@ NNN?N G  QAND(2     B2 XX?"6@ NNN?N 7  QNOT(2     B5 XX?"6@ NNN?N7 ] }  SWHERE(2  2 ! NXX?"6@`NNN?N 7 2 " NXX?"6@`NNN?N  2 & NXX?"6@`NNN?N W 2 ' NXX?"6@`NNN?Nw  2 ( NXX?"6@`NNN?N ' 2 ) NXX?"6@`NNN?N 7 2 * NXX?"6@`NNN?N G 2 + NXX?"6@`NNN?N }G , BXX?"0@NNN?N   - BXX?"0@NNN?N7   . BXX?"0@NNN?NW w  / BXX?"0@NNN?N  0 BXX?"0@NNN?N'  1 BXX?"0@NNN?N7 2 2 ZԔXX?"6@`NNN?N 7 2 3 NXX?"6@`NNN?NW  2 4 NXX?"6@`NNN?N  2 5 NXX?"6@`NNN?N'  2 6 NXX?"6@`NNN?N }7  7 BXX?"0@NNN?N } 8B BXX?"0@NNN?N7   9 BXX?"0@NNN?N  } : B > XX?"6@ NNN?N   O=(2    ; BA XX?"6@ NNN?N -'M Qmin(2   < BE XX?"6@ NNN?N - M Oy(2   = BXX?"0@NNN?NG '  > BXX?"0@NNN?N   ? BXX?"0@NNN?N W  @ BXX?"0@NNN?N  b AB ZZG@4HtPIXX?"0@NNN?N    B B|J XX?"6@ NNN?N]w} T (2d2 G NXX?"6@`NNN?N=W H BXX?"0@NNN?N '= I BO XX?"6@ NNN?N7' F(2   J HXX?"0@NNN?NWm - K HXX?"0@NNN?Ng - L HXX?"0@NNN?N' -g- N BTT XX?"6@ NNN?N ]w } F(2    Q BpV XX?"6@ NNN?N' = ']  Sstock(2    R B$[ XX?"6@ NNN?N =  ]  RFROM(2    S B,Y XX?"6@ NNN?N= W]  TSELECT(2  2 T NXX?"6@`NNN?N ] 2 U NXX?"6@`NNN?N' ] 2 V NXX?"6@`NNN?N 7 ]  W BXX?"0@NNN?N- '-  X BXX?"0@NNN?N7 - - 2 Y NXX?"6@`NNN?N ]  Z BXX?"0@NNN?N - -  [ BXX?"0@NNN?N- - 2 \ NXX?"6@`NNN?N ]  ] Bc XX?"6@ NNN?N= ]  O*(2  r  H XX?"6@`NNN?N 'w ,$D 0:  <g XX?"6@ NNN?N= ],$ 0 \Boolean expression(2  B  s *?rs ?o"!,!&- &'. '(/ ()0 )*1 *+7+686)9*5=5>43?32@"!A"GHGJ2KLTUWV\X\YZUV[ ̙33___PPT10+SfDh' h= @B D#' = @BA?%,( < +O%,( < +DZ' =%(D' =%(D-' =4@BBBB%()?)?D' =.I7 BBBBB[M 3.86843E-6 -5.54273E-7 L 0.00314 -0.29729 *3>*B ppt_xB ppt_y=@0BBAApBB\H:B6<*Du' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(+8+0+0 +mv  0L0 FFpH C(     Zlx    R>t X  x @ H s 0e0e    BCDE(F @  5% XX     ?A)BCD|E|| XptX ( Xp8P @   # "0e@  `    @ABC DEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN 5%  N 5%  N    5%    !"?N@ABC DEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab,C I B| XX?"6@`NNN?NSs O)(2   J BX~ XX?"6@`NNN?NSs O=(2   K B` XX?"6@`NNN?NS s Oz(2   P B XX?"6@`NNN?NS ls Qmin(2   S B XX?"6@`NNN?NL  SWHERE(2  2 T NXX?"6@`NNN?NLs2 U NXX?"6@`NNN?N s2 V NXX?"6@`NNN?N ls2 W NXX?"6@`NNN?Ns2 X NXX?"6@`NNN?N < s2 Y NXX?"6@`NNN?N L s2 Z NXX?"6@`NNN?N \s2 [ NXX?"6@`NNN?N \S 2 b ZԔXX?"6@`NNN?NLs2 c NXX?"6@`NNN?Nls2 d NXX?"6@`NNN?Ns2 e NXX?"6@`NNN?N<s2 f NXX?"6@`NNN?N L S  L B XX?"6@`NNN?NS L s Pid(2   M B< XX?"6@`NNN?NS s O=(2   N B XX?"6@`NNN?NS s O((2   O B XX?"6@`NNN?NSl\s Ox(2   Q B@ XX?"6@`NNN?NS \s QAND(2   R B XX?"6@`NNN?NSLs QNOT(2   \ BXX?"0@NNN?NC C ] BXX?"0@NNN?NCL C ^ BXX?"0@NNN?NClC _ BXX?"0@NNN?NC C ` BXX?"0@NNN?NC< C a BXX?"0@NNN?NCL C g BXX?"0@NNN?Ns,,  h@ BXX?"0@NNN?N# L #  i BXX?"0@NNN?Ns   j B XX?"6@`NNN?N3 S  O=(2   k B4 XX?"6@`NNN?N <  Qmin(2   l B XX?"6@`NNN?N,   Oy(2   m BXX?"0@NNN?NC\<C n BXX?"0@NNN?NCC o BXX?"0@NNN?NClC p BXX?"0@NNN?NCCb q@ ZZG@4HtPIXX?"0@NNN?Nef r Bh XX?"6@`NNN?N  T (2d2 s NXX?"6@`NNN?N l  t BXX?"0@NNN?Ns<  u B` XX?"6@`NNN?N L<#  F(2   v HXX?"0@NNN?N l  w HXX?"0@NNN?N|  x HXX?"0@NNN?N < |  y B XX?"6@`NNN?N  F(2   z B XX?"6@`NNN?N< < Sstock(2   { B XX?"6@`NNN?N   RFROM(2   | B XX?"6@`NNN?Nl TSELECT(2  2 } NXX?"6@`NNN?Ns 2 ~ NXX?"6@`NNN?Ns<2  NXX?"6@`NNN?NsL   BXX?"0@NNN?N <  BXX?"0@NNN?NL 2  NXX?"6@`NNN?Ns  BXX?"0@NNN?N   BXX?"0@NNN?N2  NXX?"6@`NNN?Ns   B8 XX?"6@`NNN?N O*(2    HXX?"0@NNN?Nm  ,$ 0 &NOT ( x = id and min = y and min = z )~'(2  ' B  ND8cXX?"0@NNN?N]'W ],$@ 0B  TD8cXX?"0@NNN?N ,$@ 0  HTXX?"0@NNN?N} ,$ 0 PTheorem: We discover a tautology over linear arithmetic iff the FSA accepts one.Q(2Q&8   l L I  ]F  ,$D 042 B CS\ENHgQ8cXX? `TTS\`TTS\`TTS\`T"6@`NNN?Nx h "2 B # ϝBCME$GfgI`TQ8cXX? 2@M`T2@M`T`T`T2@M`T`T`T"6@`NNN?NL I B  s *?rs ?\]^_`a g!h"i#Zem$en%dco&cbp'UTq(Ust)sv*bw+x,}~-./~9: ̙33//___PPT10.+D-' = @B D,' = @BA?%,( < +O%,( < +D"' =%(Dz"' =%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*w%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*x%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*v%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*s%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*t%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*H%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<*z%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<*{%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<*%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*~%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<*|%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*}%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<*S%(D' =A@BBBB0B%(D' =1:Bhidden*o3>+B#style.visibility<*r%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*q%(D' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(DA' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*%(++0+S0 ++0+r0 ++0+z0 ++0+{0 ++0+|0 ++0+0 ++0+0 ++0+0 +  0  lP(  lr l S     l S l,<$@ 0  H l 0?rs ? ̙33___PPT10.v +EDZ' = @B D' = @BA?%,( < +O%,( < +DL' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*l?X%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*lXc%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*lck%(+I  0 )) "?hf((  hr h S d    h S d] <$ 0    h < XX?"6@ NNN?N `+c.(23   h <" XX?"6@ NNN?N Ob(23   h <' XX?"6@ NNN?N} g Re" (2d   h <$+ XX?"6@ NNN?N  Oa(23  2  h HXX?"6@`NNN?Nmw 2  h HXX?"6@`NNN?Nm'2  h HXX?"6@`NNN?Nm7 h <XX?"0@NNN?N 72 h HXX?"6@`NNN?NmG h <XX?"0@NNN?NG h <XX?"0@NNN?N h@ ZGpH&IXX?"0@NNN?Nw  h <0 XX?"6@ NNN?N= ] l+c:(23   h BXX?"0@NNN?N2  h HXX?"6@`NNN?Nmb (h  `GHfTI`XX?"0@NNN?N{y |b )h@  `ZG@4H#IXX?"0@NNN?Ny  *h <5 XX?"6@ NNN?Nm  Ob(23   +h NXX?"0@NNN?N''L ,h N:XX?"0@NNN?Nm,$ 0 bin = 1,(2  ; -h N>XX?"0@NNN?NMG,$ 0 QW (2  ; .h NAXX?"0@NNN?N,$ 0 QX (2  ; /h N@FXX?"0@NNN?N}w w,$ 0 QY (2  ; 0h NIXX?"0@NNN?N ,$ 0 QZ (2  M 1h NMXX?"0@NNN?NmGG,$ 0 cout = 1,(2  4 2h TQjJXX?"6@`NNN?Nz  ,$D 0 >${W,Y,Z ! 1; X ! 0}(2fGf G fGfG f  f  f    5h T]jJXX?"6@`NNN?N} 7 ,$@ 0 b+c e" b+c (2g3gg3fg3gg34    B 6h ND8cXX?"0@NNN?NW,$@  02 7h S gBRCNTENGjZHJNTQ8cXX? `TwRC`TwRCNTwRCNT"6@`NNN?N [ ,$@  0F >h  0e0e    BCDEXF(A 8c XX     ?1 d0u0@Ty2 NP'p<'pA)BCD|E||l08H``H0@@H(h(P(@XXL@@       "0e@`     @ABC DEEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN E5%  N E5%  N F   5%    !"?N@ABC DEFFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab- ,$@ 0B ?h TD8cXX?"0@NNN?Nwg w,$@ 0H h 0?rs ? h hh hhhh hh h hh hh h h(h h h)h h+h7h ̙33___PPT10.$;+⼛Dr' = @B D-' = @BA?%,( < +O%,( < +D> ' =%(D ' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*,h%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*.h%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*-h%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*/h%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*0h%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*1h%(D ' =%(D' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*h %(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*h 2%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*h2:%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*h:_%(D ' =%(D ' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*6h%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*7h%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*>h%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*?h%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*5h%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*2h%(++0+h0 ++0+,h0 ++0+-h0 ++0+.h0 ++0+/h0 ++0+0h0 ++0+1h0 ++0+2h0 ++0+5h0 +r  0 NXFX `pR(  pr p S     p BXX?"0@NNN?NO U2 #p HXX?"6@`NNN?N ? e2 $p HXX?"6@`NNN?N%  2 -p HXX?"6@`NNN?NG]2 .p HXX?"6@`NNN?N O 2 /p HXX?"6@`NNN?N? %  0p BXX?"0@NNN?NW1 U  1p BXX?"0@NNN?N ? U  6p BXX?"0@NNN?N? 5 7p BXX?"0@NNN?NO G- 8p BXX?"0@NNN?NA M  9p@ BXX?"0@NNN?N  %  Ap < XX?"6@ NNN?Ne? /  Oa(23   Bp < XX?"6@ NNN?N 5 Ob(23   Cp <H XX?"6@ NNN?N 5 Ob(23    Ep NXX?"0@NNN?NG '  TOR"(2e   Fp BXX?"0@NNN?NW   Gp BXX?"0@NNN?NO# l 7=  pM ,$@ 0 up BXX?"0@NNN?Nw2 vp HXX?"6@`NNN?N7-2 wp HXX?"6@`NNN?NMw2 xp HXX?"6@`NNN?N%2 yp HXX?"6@`NNN?NG -2 zp HXX?"6@`NNN?NM {p BXX?"0@NNN?N} |p BXX?"0@NNN?Nw} }p BXX?"0@NNN?N G] ~p BXX?"0@NNN?N U p BXX?"0@NNN?N pB BXX?"0@NNN?NG-wM p < XX?"6@ NNN?N Oa(23   p < XX?"6@ NNN?N7= '] Ob(23   p < XX?"6@ NNN?N= ] Ob(23  # l  =  pM O ,$@ 0 p BXX?"0@NNN?N w 2 p HXX?"6@`NNN?N - 2 p HXX?"6@`NNN?N M_ 2 p HXX?"6@`NNN?N % 2 p HXX?"6@`NNN?N/ -2 p HXX?"6@`NNN?N  M p BXX?"0@NNN?Nq  } p BXX?"0@NNN?N_  } p BXX?"0@NNN?N / ] p BXX?"0@NNN?N U p BXX?"0@NNN?N   pB BXX?"0@NNN?N/ -_ M p <8 XX?"6@ NNN?N o  Oa(23   p <P XX?"6@ NNN?N =  ] Ob(23   p < XX?"6@ NNN?N = ] Ob(23  # l w= ? pM ? ,$@ 0 p BXX?"0@NNN?N7w2 p HXX?"6@`NNN?Nw-2 p HXX?"6@`NNN?NWM2 p HXX?"6@`NNN?N%?2 p HXX?"6@`NNN?N -2 p HXX?"6@`NNN?N7M p BXX?"0@NNN?NW} p BXX?"0@NNN?N} p BXX?"0@NNN?N ] p BXX?"0@NNN?N U p BXX?"0@NNN?N pB BXX?"0@NNN?N-M p < XX?"6@ NNN?N Oa(23   p < XX?"6@ NNN?Nw= g] Ob(23   p < XX?"6@ NNN?N7= '] Ob(23  # l = g pM ,$@ 0 p BXX?"0@NNN?N_w2 p HXX?"6@`NNN?N-2 p HXX?"6@`NNN?NM2 p HXX?"6@`NNN?N%g2 p HXX?"6@`NNN?N -2 p HXX?"6@`NNN?N_M p BXX?"0@NNN?N} p BXX?"0@NNN?N} p BXX?"0@NNN?N ] p BXX?"0@NNN?N U p BXX?"0@NNN?N  pB BXX?"0@NNN?N-M p < XX?"6@ NNN?N Oa(23   p < XX?"6@ NNN?N= ] Ob(23   p < XX?"6@ NNN?N_= O] Ob(23   p HXX?"0@NNN?Ne m ,$@ 0 p HXX?"0@NNN?Ne O ? m ,$@ 0 p HXX?"0@NNN?Ne m ,$@ 0> p NXX?"0@NNN?N}  ,$  0 TOR"(2e  > p NXX?"0@NNN?N} ,$  0 TOR"(2e  > p NXX?"0@NNN?N} wW ,$  0 TOR"(2e   p BXX?"0@NNN?Nm gm ,$@  0 p BXX?"0@NNN?Ne m ,$@  0r p ZXX?"6@`NNN?N ,$@ 0S p NXX?"0@NNN?N ,$ 0 in+2 = 42(2d3d   p  0e0e    BCHDELF$A A5% XX     ?1 d0u0@Ty2 NP'p<'pA)BCD|E||HHpxXXh0H8XX@L H@      "0e@     @ABC DEEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN E5%  N E5%  N F   5%    !"?N@ABC DEFFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab_ -2 p TjJXX?"6@`NNN?N=  ,$D 0H p 0?rs ?@/p-pp #p$p0p $p/p1p#p.p6p.p-p7p/p.p8p.p$p9p#pFp-pGp.zpxpup/vpwp{p0wpzp|p1vpyp}p2ypxp~p3zpypp4ypwpp5ppp6ppp7ppp8ppp9ppp:ppp;ppp<ppp=ppp>ppp?ppp@pppApppBpppCpppDpppEpppFpppGpppHpppIpppKxpppLpppMpppNvppOpp ̙33RJ___PPT10*.v@]+2D' = @B D' = @BA?%,( < +O%,( < +D' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*p%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*p%(++0+p0 ++0+p0 ++0+p0 ++0+p0 +<  0 88 8M?6(    <  XX?"6@ NNN?N UPDATE users SET password =  backdoor WHERE username =  admin -- hC(2ffffff C   T    &q@o3l   M ,$D 0 = B XX?"6@ NNN?N  P--(2    B XX?"6@ NNN?Ng W  O=(2    B ! XX?"6@ NNN?N w  P (2     B$ XX?"6@ NNN?N 7  Vpassword (2       Bh( XX?"6@ NNN?N g =  SWHERE(2      B , XX?"6@ NNN?Nw  QSET(2      B/ XX?"6@ NNN?NG   TUPDATE(2  2   NXX?"6@`NNN?NG]  2  NXX?"6@`NNN?N]  2  NXX?"6@`NNN?Nw]    BXX?"0@NNN?N    BXX?"0@NNN?N 2  NXX?"6@`NNN?N7]    BXX?"0@NNN?N 7   BXX?"0@NNN?N w 2  NXX?"6@`NNN?N ]     B4 XX?"6@ NNN?N   Susers(2    BXX?"0@NNN?N    BXX?"0@NNN?N w 2  NXX?"6@`NNN?N]    B8 XX?"6@ NNN?N'   P (2  2  NXX?"6@`NNN?N] G   BXX?"0@NNN?NW    BD= XX?"6@ NNN?N  O=(2    BA XX?"6@ NNN?N  Vusername (2   2  NXX?"6@`NNN?N   BXX?"0@NNN?N2 ! NXX?"6@`NNN?N7 " BXX?"0@NNN?N 2 # NXX?"6@`NNN?Nw]   $ BXX?"0@NNN?N  2 % NXX?"6@`NNN?N] W  & BF XX?"6@ NNN?N   Ow(2   ' B BXX?"0@NNN?N o2 H ZԔXX?"6@`NNN?NW} I s 0e0e    BPC`DE(F 5% XX     ?1 d0u0@Ty2 NP'p<'pA)BCD|E|| lP hPP` @   "0e@      @ABC DEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN 5%  N 5%  N    5%    !"?N@ABC DEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab  J TXX?"0@NNN?NI I  K TXX?"0@NNN?N' +2 - NXX?"6@`NNN?N W 2 L NXX?"6@`NNN?N W H  0?rs ?  #%!  )" #%$ )-( /+, -/.;H8+;>-LJL;K ̙33___PPT10n.&fs+gDB' = @B D' = @BA?%,( < +O%,( < +D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*M%(+   0 $ `P(  P P <a XX?"6@ NNN?N  jsql =  UPDATE users SET password =   + newpass +   WHERE username =   + rso( username ) +    ; ,f(2 2gffN '        P T,n    &q@^ _P BoXX?"0@NNN?N T ,$ 0 4This code may also generate a query with a tautology5(25 5 ( `P <t XX?"6@ NNN?Nh GP,$D 0 JUPDATE users SET password =  backdoor WHERE username =   OR a = a ; tF(2 2ffff ff&:    H P 0?rs ? ̙33g____PPT10?.&fs+JMD' = @B D' = @BA?%,( < +O%,( < +D' =%(Du' =%(D' =A@BBBB0B%(D' =1:Bvisible*o3>+B#style.visibility<*_P%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*`PF%(+8+0+_P0 +L  0 .H&Hp ILdD(  d d T     &q@Al   Ld ,$D 0 d B$ XX?"6@ NNN?Ng W  O=(2   d B XX?"6@ NNN?N w  P (2   d B` XX?"6@ NNN?N 7  Vpassword (2     d B XX?"6@ NNN?N g =  SWHERE(2    d B XX?"6@ NNN?Nw  QSET(2     d B XX?"6@ NNN?NG   TUPDATE(2  2  d NXX?"6@`NNN?NG]  2  d NXX?"6@`NNN?N]  2  d NXX?"6@`NNN?Nw]    d BXX?"0@NNN?N   d BXX?"0@NNN?N 2 d NXX?"6@`NNN?N7]   d BXX?"0@NNN?N 7  d BXX?"0@NNN?N w 2 d NXX?"6@`NNN?N ]    d BD XX?"6@ NNN?N   Susers(2   d BXX?"0@NNN?N   d BXX?"0@NNN?N w 2 d NXX?"6@`NNN?N]   d B< XX?"6@ NNN?N'   P (2  2 d NXX?"6@`NNN?N] G  d BXX?"0@NNN?NW   d BT XX?"6@ NNN?N  O=(2   d BL XX?"6@ NNN?N  Vusername (2   2 d NXX?"6@`NNN?N d BXX?"0@NNN?N2 d NXX?"6@`NNN?N7 d BXX?"0@NNN?N 2  d NXX?"6@`NNN?Nw]   !d BXX?"0@NNN?N  2 "d NXX?"6@`NNN?N] W  #d Bl XX?"6@ NNN?N   Ow(2   $d B  XX?"6@ NNN?N  P (2   %d BXX?"0@NNN?Ng  2 &d NXX?"6@`NNN?N g  'd B XX?"6@ NNN?N  P (2  2 (d NXX?"6@`NNN?Ng   )d BXX?"0@NNN?N g 2 *d NXX?"6@`NNN?N W  +d BXX?"0@NNN?NW w 2 ,d NXX?"6@`NNN?Nw   -d B$ XX?"6@ NNN?NW G  Ox(2   .d B XX?"6@ NNN?N  O=(2  2 /d NXX?"6@`NNN?N 0d BXX?"0@NNN?N' 1d BT XX?"6@ NNN?N'  P (2   2d BXX?"0@NNN?N2 3d NXX?"6@`NNN?N' 4d Bl XX?"6@ NNN?N  P (2   5d BXX?"0@NNN?N{2 6d NXX?"6@`NNN?Nw 7d BXX?"0@NNN?Nw2 8d NXX?"6@`NNN?N 9d B\ XX?"6@ NNN?Nw g Oz(2   :d B XX?"6@ NNN?N  POR(2   ;d BXX?"0@NNN?N  d NXX?"6@`NNN?Nw ?d B XX?"6@ NNN?N  P (2   Ad BXX?"0@NNN?N2 Bd NXX?"6@`NNN?Ng Cd BXX?"0@NNN?Ng2 Dd NXX?"6@`NNN?N Ed B XX?"6@ NNN?Ng W Oy(2  2 Fd ZԔXX?"6@`NNN?N Gd s 0e0e    BPC`DE(F 5% XX     ?1 d0u0@Ty2 NP'p<'pA)BCD|E|| lP hPP` @   "0e@      @ABC DEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `abN 5%  N 5%  N    5%    !"?N@ABC DEFGHIJK5%LMNOPQRSTUWYZ[ \]^_ `ab  Hd TXX?"0@NNN?NI  Id TXX?"0@NNN?N Jd < XX?"6@ NNN?NG  JUPDATE users SET password =  backdoor WHERE username =   OR a = a ; tF(2 2ffff ff&:    H d 0?rs ? d d d dddddd d dddddd dd"dddddd d&dd d"d!d &d*d%d ,d(d)d *d,d+d/d3d0d3d6d2d8dFd5d6d8d7d(d>d;d>dBd=dDd/dAdBdDdCd*dHd8dId ̙33___PPT10n.&fs+ڃDB' = @B D' = @BA?%,( < +O%,( < +D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*Ld%(+   0 PP(  r  S      S l,<$@ 0  H  0?rs ? ̙33  ___PPT10r .ǶpyU+EDF ' = @B D ' = @BA?%,( < +O%,( < +D' =%(Dh' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*Ks%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*s%(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(D4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*%(+}  0  $(  r  S $1  1 r  S 1, 1 H  0?rs ? ̙33___PPT10i.A+D=' = @B +#  0  #tT(  tr t S    L 7-T  t# xB  t  `DfA)XX?"0@NNN?N7-7B  t ND8cXX?"0@NNN?NT=TR 7-T  t3 fw}B t  fDfA)XX?"0@NNN?N7-7B t TD8cXX?"0@NNN?NT=TL 7-T t#  B t  `DfA)XX?"0@NNN?N7-7B t ND8cXX?"0@NNN?NT=TL 7-T t# dUJ g iB t  `DfA)XX?"0@NNN?N7-7B t ND8cXX?"0@NNN?NT=TF 7-T t f2QnAB t  `DfA)XX?"0@NNN?N7-7B t ND8cXX?"0@NNN?NT=TR 7-T t3 ;dC G B t  fDfA)XX?"0@NNN?N7-7B t TD8cXX?"0@NNN?NT=TL 7-T t#  MJ g sB t  `DfA)XX?"0@NNN?N7-7B t ND8cXX?"0@NNN?NT=T( 7-T !t3 ;dC3,$@ 0B "t  fDfA)XX?"0@NNN?N7-7B #t TD8cXX?"0@NNN?NT=T2  t T8cXX?"6@`NNN?N ' ,$D 0H t 0?rs ? ̙33___PPT10.0T+%Dl' = @B D'' = @BA?%,( < +O%,( < +D\ ' =%(D ' =%(De' =4@BB BB%(D' =1:B 0.25*3>%Bstyle.opacity= B PPT<* tD' =-6B image0BIE*x3=4Bopacity: 0.25 BIE<* tDe' =4@BB BB%(D' =1:B 0.25*3>%Bstyle.opacity= B PPT<*tD' =-6B image0BIE*x3=4Bopacity: 0.25 BIE<*tDe' =4@BB BB%(D' =1:B 0.25*3>%Bstyle.opacity= B PPT<* tD' =-6B image0BIE*x3=4Bopacity: 0.25 BIE<* tDe' =4@BB BB%(D' =1:B 0.25*3>%Bstyle.opacity= B PPT<*tD' =-6B image0BIE*x3=4Bopacity: 0.25 BIE<*tD4' =%(D' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<* t%(D' =%(Df' =%(D' =4@BBBB%(D' =1:Bvisible*o3>+B#style.visibility<*!t%(D' =4@BBBB%(D' =1:Bhidden*o3>+B#style.visibility<*t%(+ 0 0&(  ^  S  ?z7     S w  93   " B  s *vn ? ̙33 0 P&(  ^  S  ?z7   1  S 1  93  1 " B  s *vn ? ̙33 0 `&(  ^  S  ?z7   1  S 1  93  1 " B  s *vn ? ̙33 0 pD(  ^  S  ?z7   1  <1  93  1 " B  s *vn ? ̙33 0 4D(  4^ 4 S  ?z7    4 <w  93   " B 4 s *vn ? ̙33  0 DD(  D^ D S  ?z7    D <|  93   " B D s *vn ? ̙33  0 0LD(  L^ L S  ?z7    L <  93   " B L s *vn ? ̙33  0 dD(  d^ d S  ?z7    d <Ј  93   " B d s *vn ? ̙33 0 lD(  l^ l S  ?z7    l <Ȏ  93   " B l s *vn ? ̙33 0 tD(  t^ t S  ?z7    t <X  93   " B t s *vn ? ̙33 0 D(  ^  S  ?z7     <H  93   " B  s *vn ? ̙33 0 D(  ^  S  ?z7     <  93   " B  s *vn ? ̙33( 0  D(   ^   S  ?z7      <\  93   " B   s *vn ? ̙33r@<pRT $ & D"HX)52HZXjP~tj`b4:}=j VL!xz}B# ͍`/ 0 D8%1Oh+'0@H TEfficient and Precise Datarace Detection for Multithreaded Object-Oriented ProgramsGary T. Leavens23@H?t@pD0LC՜.+,0,   CustomH6  %Times New Roman StarSymbol Courier NewZedSymbolMicrosoft Sans Serifcmsy10Default Design1_Default Design8An Analysis Framework for Security in Web ApplicationsWeb Application ArchitectureCommand Injection AttacksCommand Injection Attacks MotivationExample: change admin passwordExample: change admin passwordExample: change admin passwordExample: change admin passwordOverview of Analysis FrameworkExample with cyclesExample with cyclesExample with cyclesExample with cyclesExample with cyclesExample with cycles String Analysis (previous work)$Structure Discovery (previous work)Tautology checkingOverview of Tautology Checking%Tautology Checking: Arithmetic Loops"Tautology Checking: Boolean LoopsEarlier Example RevisitedEarlier Example RevisitedEarlier Example Revisited Conclusions Slide 27 Why n+2?  Fonts UsedDesign Template Slide Titles'_$&0Gary T. LeavensGary T. Leavens  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#%&'()*+-./0123:Root EntrydO)PicturesCurrent User,SummaryInformation(PowerPoint Document(H&DocumentSummaryInformation8$