sqlmap-users Mailing List for sqlmap (Page 25)
Brought to you by:
inquisb
You can subscribe to this list here.
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(4) |
Oct
(11) |
Nov
(24) |
Dec
(13) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2009 |
Jan
(23) |
Feb
(17) |
Mar
(13) |
Apr
(48) |
May
(22) |
Jun
(18) |
Jul
(22) |
Aug
(13) |
Sep
(23) |
Oct
(6) |
Nov
(11) |
Dec
(25) |
2010 |
Jan
(21) |
Feb
(33) |
Mar
(61) |
Apr
(47) |
May
(48) |
Jun
(30) |
Jul
(24) |
Aug
(37) |
Sep
(52) |
Oct
(59) |
Nov
(32) |
Dec
(57) |
2011 |
Jan
(166) |
Feb
(93) |
Mar
(65) |
Apr
(117) |
May
(87) |
Jun
(124) |
Jul
(102) |
Aug
(78) |
Sep
(65) |
Oct
(22) |
Nov
(71) |
Dec
(79) |
2012 |
Jan
(93) |
Feb
(55) |
Mar
(45) |
Apr
(49) |
May
(56) |
Jun
(93) |
Jul
(95) |
Aug
(42) |
Sep
(26) |
Oct
(36) |
Nov
(32) |
Dec
(46) |
2013 |
Jan
(36) |
Feb
(78) |
Mar
(38) |
Apr
(57) |
May
(35) |
Jun
(39) |
Jul
(23) |
Aug
(33) |
Sep
(28) |
Oct
(38) |
Nov
(22) |
Dec
(16) |
2014 |
Jan
(33) |
Feb
(23) |
Mar
(41) |
Apr
(29) |
May
(12) |
Jun
(20) |
Jul
(21) |
Aug
(23) |
Sep
(18) |
Oct
(34) |
Nov
(12) |
Dec
(39) |
2015 |
Jan
(2) |
Feb
(51) |
Mar
(10) |
Apr
(28) |
May
(9) |
Jun
(22) |
Jul
(32) |
Aug
(35) |
Sep
(29) |
Oct
(50) |
Nov
(8) |
Dec
(2) |
2016 |
Jan
(8) |
Feb
(2) |
Mar
(3) |
Apr
(14) |
May
|
Jun
|
Jul
|
Aug
(12) |
Sep
|
Oct
|
Nov
(1) |
Dec
(19) |
2017 |
Jan
|
Feb
(18) |
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
2018 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
(3) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2019 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Doritos <dor...@ya...> - 2014-03-18 12:40:48
|
Thank you. It's working fine now. On 14-03-2014 17:35, Miroslav Stampar wrote: > Hi. > > Please update to the latest revision [1] and try it again. > > Kind regards, > Miroslav Stampar > > [1] > https://github.com/sqlmapproject/sqlmap/commit/56d76e6bfdb29968af352e2bf960b5ab257daa9a > > > On Fri, Mar 14, 2014 at 9:18 PM, Doritos > <dor...@ya... > <mailto:dor...@ya...>> wrote: > > I'm trying again. > It always stucks at .doc/docx files > > Is there any way on command line that I can exclude some extensions / > file names? > > Thanks. > > > > On 06-02-2014 13:12, Miroslav Stampar wrote: > > Hi. > > > > Lower the --crawl to something like --crawl=2. Also, you are most > > probably accessing some binary files. If you could provide > problematic > > extensions we could exclude those (we are already excluding known > binary > > extensions). > > > > Bye > > > > > > On Thu, Feb 6, 2014 at 1:09 PM, Doritos > > <dor...@ya... > <mailto:dor...@ya...> > > <mailto:dor...@ya... > <mailto:dor...@ya...>>> wrote: > > > > I've been trying to use sqlmap to crawl our site, but it > doesn't even > > end the link search phase… > > > > Looks like the site doesn't respond to some requests but the > timeout > > takes a long time to trigger the timeout… > > > > Look at the timestamps. > > > > The site is working. At least, I can access it via browser. > > > > > > ./sqlmap.py -u http://www.site.com --level 3 --risk 5 -b > --threads=4 > > --batch --random-agent --crawl=5 > > > > [09:04:15] [INFO] fetched random HTTP User-Agent header from file > > '/opt/sqlmap-dev/txt/user-agents.txt': Mozilla/4.0 > (compatible; MSIE > > 7.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR > 3.5.30729; .NET > > CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) > > [09:04:15] [INFO] starting crawler > > [09:04:15] [INFO] searching for links with depth 1 > > sqlmap got a 302 redirect to 'http://www.site:80/page.php'. > Do you want > > to follow? [Y/n] Y > > [09:04:15] [INFO] searching for links with depth 2 > > > > > > [09:04:15] [INFO] starting 4 threads > > [09:04:16] [INFO] 25/64 links visited (39%) > > [09:04:16] [INFO] heuristics detected web page charset > 'ISO-8859-5' > > [09:04:19] [INFO] searching for links with depth 3 > > > > > > [09:04:19] [INFO] starting 4 threads > > [09:04:20] [INFO] 31/602 links visited (5%) > > [09:04:20] [INFO] heuristics detected web page charset 'IBM855' > > [09:04:28] [INFO] 182/602 links visited (30%) > > [09:04:28] [INFO] heuristics detected web page charset > 'ISO-8859-2' > > [09:04:34] [INFO] 317/602 links visited (53%) > > [09:04:34] [INFO] heuristics detected web page charset 'UTF-8' > > [09:04:49] [INFO] 484/602 links visited (80%) > > [09:04:49] [INFO] heuristics detected web page charset 'ascii' > > [09:04:51] [INFO] searching for links with depth 4 > > > > > > [09:04:51] [INFO] starting 4 threads > > [09:12:46] [INFO] searching for links with depth 5 > > > > > > [09:12:46] [INFO] starting 4 threads > > [09:38:56] [INFO] 527/4622 links visited (11%) > > [09:38:56] [CRITICAL] unable to connect to the target URL or > proxy. > > sqlmap is going to retry the request > > [09:38:56] [WARNING] if the problem persists please check > that the > > provided target URL is valid. In case that it is, you can try > to rerun > > with the switch '--random-agent' turned on and/or proxy switches > > ('--ignore-proxy', '--proxy',...) > > [10:01:44] [INFO] 1556/4622 links visited (34%) > > [10:01:44] [INFO] heuristics detected web page charset > 'windows-1251' > > [10:01:45] [INFO] 1560/4622 links visited (34%) > > > > > > > > > > What options can I try to sucessfully crawl and scan the site? > > > > > > > ------------------------------------------------------------------------------ > > Managing the Performance of Cloud-Based Applications > > Take advantage of what the Cloud has to offer - Avoid Common > Pitfalls. > > Read the Whitepaper. > > > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > <mailto:sql...@li...> > > > <mailto:sql...@li... > <mailto:sql...@li...>> > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > > > -- > > Miroslav Stampar > > http://about.me/stamparm > > > > > > > ------------------------------------------------------------------------------ > > Managing the Performance of Cloud-Based Applications > > Take advantage of what the Cloud has to offer - Avoid Common > Pitfalls. > > Read the Whitepaper. > > > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk > > > > > > > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > <mailto:sql...@li...> > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and > their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > sqlmap-users mailing list > sql...@li... > <mailto:sql...@li...> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
From: Nate K. <nk...@gm...> - 2014-03-17 19:56:30
|
I wondered, as I was manually trying all the norms to generate a "false" response. I had just never seen an error response like that inside of the header. Was wondering if sqlmap would pick it up. Thanks for the clarification! Cheers, Nate On Mar 17, 2014, at 2:51 PM, Miroslav Stampar <mir...@gm...> wrote: Hi. sqlmap should be able to spot this kind of SQLi out of the box. Problem in your case is that it appears (IMHO) that your target is not vulnerable. Error message != SQL injection ! Target warns you that targeted value can't be casted to the desired type and that means that it's most probably not prone to SQL injection. Kind regards, Miroslav Stampar On Mon, Mar 17, 2014 at 4:09 PM, Nate Kettlewell <nk...@gm...> wrote: > Hey guys, just ran across this one, SQL error comes back in the HTTP > header. > > Anyone else ran across something like this? If so, how did you get SQLMap > to pick up on it? > > Vulnerable Param is GET -> ECTID > > Request - Target Info Redacted > GET /cgi/ > search_page.pl?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321&USER=admin&P=lwJLt5inR&ECTID=9'&ABHOME=1<http://search_page.pl/?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321&USER=admin&P=lwJLt5inR&ECTID=9%27&ABHOME=1> > HTTP/1.1 > Host: X.X.X.X > User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 > Firefox/22.0 Iceweasel/22.0 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-US,en;q=0.5 > Accept-Encoding: gzip, deflate > Referer: > http://stuff.stuff.com/cgi/MRABdetails.pl?USER=admin&ECTID=9&MRP=lwJLt5inR&LASTID=30323&ABMASTER=2&ANDOR=and&ANCHOR=anchoron&SESS_ID=52a3435e497351139f35330ca0a3d81d& > Cookie: popupBlockerDisabled=true; __unam=f2242fe-14489b9a9cd-4e848782-1; > DocumentWidth=1400 > Connection: keep-alive > > > Response - > HTTP/1.1 200 OK > Cache-Control: no-cache,no-store,max-age=0 > ETag: "" > Server: Microsoft-IIS/7.5 > Can't get config data from generic config table: getFromConfigFile: Can't > execute sql select * from SomeTable where ECTID= ? AND URE= ? AND Deleted > is null AND rKey in ('P', 'S') Order by mOrder asc, values: [9' > KBStatuses][Microsoft][ODBC SQL Server Driver]Invalid character value for > cast specification (SQL-22018) at C:\Stuff\\cgi\SUBS\FP\GenericConfig.pl > line 179. > Date: Thu, 13 Mar 2014 21:39:00 GMT > Connection: close > Content-Length: 0 > > Cheers, > > N8 > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Miroslav S. <mir...@gm...> - 2014-03-17 19:51:29
|
Hi. sqlmap should be able to spot this kind of SQLi out of the box. Problem in your case is that it appears (IMHO) that your target is not vulnerable. Error message != SQL injection ! Target warns you that targeted value can't be casted to the desired type and that means that it's most probably not prone to SQL injection. Kind regards, Miroslav Stampar On Mon, Mar 17, 2014 at 4:09 PM, Nate Kettlewell <nk...@gm...> wrote: > Hey guys, just ran across this one, SQL error comes back in the HTTP > header. > > Anyone else ran across something like this? If so, how did you get SQLMap > to pick up on it? > > Vulnerable Param is GET -> ECTID > > Request - Target Info Redacted > GET /cgi/ > search_page.pl?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321&USER=admin&P=lwJLt5inR&ECTID=9'&ABHOME=1<http://search_page.pl/?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321&USER=admin&P=lwJLt5inR&ECTID=9%27&ABHOME=1> > HTTP/1.1 > Host: X.X.X.X > User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 > Firefox/22.0 Iceweasel/22.0 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-US,en;q=0.5 > Accept-Encoding: gzip, deflate > Referer: > http://stuff.stuff.com/cgi/MRABdetails.pl?USER=admin&ECTID=9&MRP=lwJLt5inR&LASTID=30323&ABMASTER=2&ANDOR=and&ANCHOR=anchoron&SESS_ID=52a3435e497351139f35330ca0a3d81d& > Cookie: popupBlockerDisabled=true; __unam=f2242fe-14489b9a9cd-4e848782-1; > DocumentWidth=1400 > Connection: keep-alive > > > Response - > HTTP/1.1 200 OK > Cache-Control: no-cache,no-store,max-age=0 > ETag: "" > Server: Microsoft-IIS/7.5 > Can't get config data from generic config table: getFromConfigFile: Can't > execute sql select * from SomeTable where ECTID= ? AND URE= ? AND Deleted > is null AND rKey in ('P', 'S') Order by mOrder asc, values: [9' > KBStatuses][Microsoft][ODBC SQL Server Driver]Invalid character value for > cast specification (SQL-22018) at C:\Stuff\\cgi\SUBS\FP\GenericConfig.pl > line 179. > Date: Thu, 13 Mar 2014 21:39:00 GMT > Connection: close > Content-Length: 0 > > Cheers, > > N8 > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Nate K. <nk...@gm...> - 2014-03-17 15:10:02
|
Hey guys, just ran across this one, SQL error comes back in the HTTP header. Anyone else ran across something like this? If so, how did you get SQLMap to pick up on it? Vulnerable Param is GET -> ECTID Request - Target Info Redacted GET /cgi/ search_page.pl?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321&USER=admin&P=lwJLt5inR&ECTID=9'&ABHOME=1<http://search_page.pl/?ABMASTER=2&DOWHAT=SEARCH&LASTID=94321&USER=admin&P=lwJLt5inR&ECTID=9%27&ABHOME=1> HTTP/1.1 Host: X.X.X.X User-Agent: Mozilla/5.0 (X11; Linux i686; rv:22.0) Gecko/20100101 Firefox/22.0 Iceweasel/22.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://stuff.stuff.com/cgi/MRABdetails.pl?USER=admin&ECTID=9&MRP=lwJLt5inR&LASTID=30323&ABMASTER=2&ANDOR=and&ANCHOR=anchoron&SESS_ID=52a3435e497351139f35330ca0a3d81d& Cookie: popupBlockerDisabled=true; __unam=f2242fe-14489b9a9cd-4e848782-1; DocumentWidth=1400 Connection: keep-alive Response - HTTP/1.1 200 OK Cache-Control: no-cache,no-store,max-age=0 ETag: "" Server: Microsoft-IIS/7.5 Can't get config data from generic config table: getFromConfigFile: Can't execute sql select * from SomeTable where ECTID= ? AND URE= ? AND Deleted is null AND rKey in ('P', 'S') Order by mOrder asc, values: [9' KBStatuses][Microsoft][ODBC SQL Server Driver]Invalid character value for cast specification (SQL-22018) at C:\Stuff\\cgi\SUBS\FP\GenericConfig.pl line 179. Date: Thu, 13 Mar 2014 21:39:00 GMT Connection: close Content-Length: 0 Cheers, N8 |
From: Miroslav S. <mir...@gm...> - 2014-03-14 20:35:43
|
Hi. Please update to the latest revision [1] and try it again. Kind regards, Miroslav Stampar [1] https://github.com/sqlmapproject/sqlmap/commit/56d76e6bfdb29968af352e2bf960b5ab257daa9a On Fri, Mar 14, 2014 at 9:18 PM, Doritos <dor...@ya...> wrote: > I'm trying again. > It always stucks at .doc/docx files > > Is there any way on command line that I can exclude some extensions / > file names? > > Thanks. > > > > On 06-02-2014 13:12, Miroslav Stampar wrote: > > Hi. > > > > Lower the --crawl to something like --crawl=2. Also, you are most > > probably accessing some binary files. If you could provide problematic > > extensions we could exclude those (we are already excluding known binary > > extensions). > > > > Bye > > > > > > On Thu, Feb 6, 2014 at 1:09 PM, Doritos > > <dor...@ya... > > <mailto:dor...@ya...>> wrote: > > > > I've been trying to use sqlmap to crawl our site, but it doesn't even > > end the link search phase... > > > > Looks like the site doesn't respond to some requests but the timeout > > takes a long time to trigger the timeout... > > > > Look at the timestamps. > > > > The site is working. At least, I can access it via browser. > > > > > > ./sqlmap.py -u http://www.site.com --level 3 --risk 5 -b --threads=4 > > --batch --random-agent --crawl=5 > > > > [09:04:15] [INFO] fetched random HTTP User-Agent header from file > > '/opt/sqlmap-dev/txt/user-agents.txt': Mozilla/4.0 (compatible; MSIE > > 7.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; > .NET > > CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) > > [09:04:15] [INFO] starting crawler > > [09:04:15] [INFO] searching for links with depth 1 > > sqlmap got a 302 redirect to 'http://www.site:80/page.php'. Do you > want > > to follow? [Y/n] Y > > [09:04:15] [INFO] searching for links with depth 2 > > > > > > [09:04:15] [INFO] starting 4 threads > > [09:04:16] [INFO] 25/64 links visited (39%) > > [09:04:16] [INFO] heuristics detected web page charset 'ISO-8859-5' > > [09:04:19] [INFO] searching for links with depth 3 > > > > > > [09:04:19] [INFO] starting 4 threads > > [09:04:20] [INFO] 31/602 links visited (5%) > > [09:04:20] [INFO] heuristics detected web page charset 'IBM855' > > [09:04:28] [INFO] 182/602 links visited (30%) > > [09:04:28] [INFO] heuristics detected web page charset 'ISO-8859-2' > > [09:04:34] [INFO] 317/602 links visited (53%) > > [09:04:34] [INFO] heuristics detected web page charset 'UTF-8' > > [09:04:49] [INFO] 484/602 links visited (80%) > > [09:04:49] [INFO] heuristics detected web page charset 'ascii' > > [09:04:51] [INFO] searching for links with depth 4 > > > > > > [09:04:51] [INFO] starting 4 threads > > [09:12:46] [INFO] searching for links with depth 5 > > > > > > [09:12:46] [INFO] starting 4 threads > > [09:38:56] [INFO] 527/4622 links visited (11%) > > [09:38:56] [CRITICAL] unable to connect to the target URL or proxy. > > sqlmap is going to retry the request > > [09:38:56] [WARNING] if the problem persists please check that the > > provided target URL is valid. In case that it is, you can try to > rerun > > with the switch '--random-agent' turned on and/or proxy switches > > ('--ignore-proxy', '--proxy',...) > > [10:01:44] [INFO] 1556/4622 links visited (34%) > > [10:01:44] [INFO] heuristics detected web page charset 'windows-1251' > > [10:01:45] [INFO] 1560/4622 links visited (34%) > > > > > > > > > > What options can I try to sucessfully crawl and scan the site? > > > > > > > ------------------------------------------------------------------------------ > > Managing the Performance of Cloud-Based Applications > > Take advantage of what the Cloud has to offer - Avoid Common > Pitfalls. > > Read the Whitepaper. > > > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > <mailto:sql...@li...> > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > > > -- > > Miroslav Stampar > > http://about.me/stamparm > > > > > > > ------------------------------------------------------------------------------ > > Managing the Performance of Cloud-Based Applications > > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > > Read the Whitepaper. > > > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk > > > > > > > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm |
From: Doritos <dor...@ya...> - 2014-03-14 20:19:21
|
I'm trying again. It always stucks at .doc/docx files Is there any way on command line that I can exclude some extensions / file names? Thanks. On 06-02-2014 13:12, Miroslav Stampar wrote: > Hi. > > Lower the --crawl to something like --crawl=2. Also, you are most > probably accessing some binary files. If you could provide problematic > extensions we could exclude those (we are already excluding known binary > extensions). > > Bye > > > On Thu, Feb 6, 2014 at 1:09 PM, Doritos > <dor...@ya... > <mailto:dor...@ya...>> wrote: > > I've been trying to use sqlmap to crawl our site, but it doesn't even > end the link search phase… > > Looks like the site doesn't respond to some requests but the timeout > takes a long time to trigger the timeout… > > Look at the timestamps. > > The site is working. At least, I can access it via browser. > > > ./sqlmap.py -u http://www.site.com --level 3 --risk 5 -b --threads=4 > --batch --random-agent --crawl=5 > > [09:04:15] [INFO] fetched random HTTP User-Agent header from file > '/opt/sqlmap-dev/txt/user-agents.txt': Mozilla/4.0 (compatible; MSIE > 7.0; Windows NT 6.1; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET > CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) > [09:04:15] [INFO] starting crawler > [09:04:15] [INFO] searching for links with depth 1 > sqlmap got a 302 redirect to 'http://www.site:80/page.php'. Do you want > to follow? [Y/n] Y > [09:04:15] [INFO] searching for links with depth 2 > > > [09:04:15] [INFO] starting 4 threads > [09:04:16] [INFO] 25/64 links visited (39%) > [09:04:16] [INFO] heuristics detected web page charset 'ISO-8859-5' > [09:04:19] [INFO] searching for links with depth 3 > > > [09:04:19] [INFO] starting 4 threads > [09:04:20] [INFO] 31/602 links visited (5%) > [09:04:20] [INFO] heuristics detected web page charset 'IBM855' > [09:04:28] [INFO] 182/602 links visited (30%) > [09:04:28] [INFO] heuristics detected web page charset 'ISO-8859-2' > [09:04:34] [INFO] 317/602 links visited (53%) > [09:04:34] [INFO] heuristics detected web page charset 'UTF-8' > [09:04:49] [INFO] 484/602 links visited (80%) > [09:04:49] [INFO] heuristics detected web page charset 'ascii' > [09:04:51] [INFO] searching for links with depth 4 > > > [09:04:51] [INFO] starting 4 threads > [09:12:46] [INFO] searching for links with depth 5 > > > [09:12:46] [INFO] starting 4 threads > [09:38:56] [INFO] 527/4622 links visited (11%) > [09:38:56] [CRITICAL] unable to connect to the target URL or proxy. > sqlmap is going to retry the request > [09:38:56] [WARNING] if the problem persists please check that the > provided target URL is valid. In case that it is, you can try to rerun > with the switch '--random-agent' turned on and/or proxy switches > ('--ignore-proxy', '--proxy',...) > [10:01:44] [INFO] 1556/4622 links visited (34%) > [10:01:44] [INFO] heuristics detected web page charset 'windows-1251' > [10:01:45] [INFO] 1560/4622 links visited (34%) > > > > > What options can I try to sucessfully crawl and scan the site? > > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > <mailto:sql...@li...> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk > > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
From: Brandon P. <bpe...@gm...> - 2014-03-13 21:33:13
|
Works great! web server operating system: Linux Ubuntu 13.04 or 12.04 or 12.10 (Raring Ringtail or Precise Pangolin or Quantal Quetzal) web application technology: PHP 5.4.9, Apache 2.2.22 back-end DBMS operating system: Linux Ubuntu back-end DBMS: MySQL >= 5.0.0 banner: '5.5.34-0ubuntu0.13.04.1' On 03/13/2014 04:08 AM, Miroslav Stampar wrote: > Hi. > > Just updated server signatures [1]. You can try it again with the > latest revision. > > In your case it will now say: 12.04|12.10|13.04 (Precise > Pangolin|Quantal Quetzal|Raring Ringtail) - as those all use the same > version of Apache (httpd) [2]. > > Kind regards, > Miroslav Stampar > > References: > [1] https://github.com/sqlmapproject/sqlmap/commit/ae36c08f12aa578cb93b59cc14615a9fee1875d9 > [2] http://distrowatch.com/table.php?distribution=ubuntu > > > On Thu, Mar 13, 2014 at 2:37 AM, Brandon Perry > <bpe...@gm... <mailto:bpe...@gm...>> wrote: > > Hey! > > While playing around with the Joomla sqli I realized that my vm > was being slightly mis-fingerprinted. > > web server operating system: Linux Ubuntu 12.04 (Precise Pangolin) > web application technology: PHP 5.4.9, Apache 2.2.22 > back-end DBMS operating system: Linux Ubuntu > back-end DBMS: MySQL >= 5.0.0 > banner: '5.5.34-0ubuntu0.13.04.1' > > > The OS is 13.04 server, and this is visible in the banner. sqlmap > believes it is 12.04. > > Here is the lsb-release: > bperry@unknown000C29E20B0B:~$ cat /etc/lsb-release > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=13.04 > DISTRIB_CODENAME=raring > DISTRIB_DESCRIPTION="Ubuntu 13.04" > bperry@unknown000C29E20B0B:~$ > > Thanks! > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases > and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > sqlmap-users mailing list > sql...@li... > <mailto:sql...@li...> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
From: Miroslav S. <mir...@gm...> - 2014-03-13 09:08:58
|
Hi. Just updated server signatures [1]. You can try it again with the latest revision. In your case it will now say: 12.04|12.10|13.04 (Precise Pangolin|Quantal Quetzal|Raring Ringtail) - as those all use the same version of Apache (httpd) [2]. Kind regards, Miroslav Stampar References: [1] https://github.com/sqlmapproject/sqlmap/commit/ae36c08f12aa578cb93b59cc14615a9fee1875d9 [2] http://distrowatch.com/table.php?distribution=ubuntu On Thu, Mar 13, 2014 at 2:37 AM, Brandon Perry <bpe...@gm...>wrote: > Hey! > > While playing around with the Joomla sqli I realized that my vm was being > slightly mis-fingerprinted. > > web server operating system: Linux Ubuntu 12.04 (Precise Pangolin) > web application technology: PHP 5.4.9, Apache 2.2.22 > back-end DBMS operating system: Linux Ubuntu > back-end DBMS: MySQL >= 5.0.0 > banner: '5.5.34-0ubuntu0.13.04.1' > > > The OS is 13.04 server, and this is visible in the banner. sqlmap believes > it is 12.04. > > Here is the lsb-release: > bperry@unknown000C29E20B0B:~$ cat /etc/lsb-release > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=13.04 > DISTRIB_CODENAME=raring > DISTRIB_DESCRIPTION="Ubuntu 13.04" > bperry@unknown000C29E20B0B:~$ > > Thanks! > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Brandon P. <bpe...@gm...> - 2014-03-13 01:37:13
|
Hey! While playing around with the Joomla sqli I realized that my vm was being slightly mis-fingerprinted. web server operating system: Linux Ubuntu 12.04 (Precise Pangolin) web application technology: PHP 5.4.9, Apache 2.2.22 back-end DBMS operating system: Linux Ubuntu back-end DBMS: MySQL >= 5.0.0 banner: '5.5.34-0ubuntu0.13.04.1' The OS is 13.04 server, and this is visible in the banner. sqlmap believes it is 12.04. Here is the lsb-release: bperry@unknown000C29E20B0B:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=13.04 DISTRIB_CODENAME=raring DISTRIB_DESCRIPTION="Ubuntu 13.04" bperry@unknown000C29E20B0B:~$ Thanks! -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
From: Miroslav S. <mir...@gm...> - 2014-03-07 14:59:02
|
Hi. Thank you for your report. Find it fixed with the latest commit. Kind regards, Miroslav Stampar On Fri, Mar 7, 2014 at 8:28 AM, Manuel Zwettler <man...@gm...>wrote: > Hi, > > I got an error running sqlmap on WebGoat vulnerable web application with > the following data. Please find the file containing the used request > attached to the mail. > > sqlmap version: 1.0-dev > Python version: 2.7.6 > Operating system: nt > Command line: > C:\Users\Administrator\Downloads\sqlmapproject-sqlmap-0.9-3446-g490d512\sqlmapproject-sqlmap-490d512\sqlmap.py > -v 3 -r request_burp.txt --auth-type Basic --auth-cred *********** > --fingerprint --os-cmd calc.exe --file-read c:\mytest.txt --tables salaries > Technique: BOOLEAN > Back-end DBMS: HSQLDB (fingerprinted) > Traceback (most recent call last): > File > "C:\Users\Administrator\Downloads\sqlmapproject-sqlmap-0.9-3446-g490d512\sqlmapproject-sqlmap-490d512\sqlmap.py", > line 95, in main > start() > File > "C:\Users\Administrator\Downloads\sqlmapproject-sqlmap-0.9-3446-g490d512\sqlmapproject-sqlmap-490d512\lib\controller\controller.py", > line 583, in start > action() > File > "C:\Users\Administrator\Downloads\sqlmapproject-sqlmap-0.9-3446-g490d512\sqlmapproject-sqlmap-490d512\lib\controller\action.py", > line 109, in action > conf.dumper.dbTables(conf.dbmsHandler.getTables()) > File > "C:\Users\Administrator\Downloads\sqlmapproject-sqlmap-0.9-3446-g490d512\sqlmapproject-sqlmap-490d512\plugins\generic\databases.py", > line 335, in getTabl > es > query = rootQuery.blind.query % (unsafeSQLIdentificatorNaming(db), > index) > TypeError: %d format: a number is required, not unicode > > Thanks for taking a look at it in advance! > I'd appreciate hearing more about the progress concerning this problem > > Kind regards, > Manuel Zwettler > > > ------------------------------------------------------------------------------ > Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization and > the > freedom to use Git, Perforce or both. Make the move to Perforce. > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Manuel Z. <man...@gm...> - 2014-03-07 07:28:10
|
<?xml version="1.0"?> <!DOCTYPE items [ <!ELEMENT items (item*)> <!ATTLIST items burpVersion CDATA ""> <!ATTLIST items exportTime CDATA ""> <!ELEMENT item (time, url, host, port, protocol, method, path, extension, request, status, responselength, mimetype, response, comment)> <!ELEMENT time (#PCDATA)> <!ELEMENT url (#PCDATA)> <!ELEMENT host (#PCDATA)> <!ATTLIST host ip CDATA ""> <!ELEMENT port (#PCDATA)> <!ELEMENT protocol (#PCDATA)> <!ELEMENT method (#PCDATA)> <!ELEMENT path (#PCDATA)> <!ELEMENT extension (#PCDATA)> <!ELEMENT request (#PCDATA)> <!ATTLIST request base64 (true|false) "false"> <!ELEMENT status (#PCDATA)> <!ELEMENT responselength (#PCDATA)> <!ELEMENT mimetype (#PCDATA)> <!ELEMENT response (#PCDATA)> <!ATTLIST response base64 (true|false) "false"> <!ELEMENT comment (#PCDATA)> ]> <items burpVersion="1.5" exportTime="Fri Mar 07 07:45:18 CET 2014"> <item> <time>Fri Mar 07 07:34:26 CET 2014</time> <url><![CDATA[http://localhost/WebGoat/attack?Screen=6&menu=1100]]></url> <host ip="127.0.0.1">localhost</host> <port>80</port> <protocol>http</protocol> <method>POST</method> <path><![CDATA[/WebGoat/attack?Screen=6&menu=1100]]></path> <extension>null</extension> <request base64="true"><![CDATA[UE9TVCAvV2ViR29hdC9hdHRhY2s/U2NyZWVuPTYmbWVudT0xMTAwIEhUVFAvMS4xDQpIb3N0OiBsb2NhbGhvc3QNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IHJ2OjI3LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMjcuMA0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgNCkFjY2VwdC1MYW5ndWFnZTogZGUtZGUsZGU7cT0wLjgsZW4tdXM7cT0wLjUsZW47cT0wLjMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KUmVmZXJlcjogaHR0cDovL2xvY2FsaG9zdC9XZWJHb2F0L2F0dGFjaw0KQ29va2llOiBKU0VTU0lPTklEPTE0MTI3MjUxNDIzNDE2MkIwODJGMzU0OERDQ0Y2MEM4DQpBdXRob3JpemF0aW9uOiBCYXNpYyBaM1ZsYzNRNlozVmxjM1E9DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZA0KQ29udGVudC1MZW5ndGg6IDI2DQoNCnVzZXJpZD1qc21pdGgmU1VCTUlUPUdvJTIx]]></request> <status>200</status> <responselength>30452</responselength> <mimetype>HTML</mimetype> <response base64="true"><![CDATA[SFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IEFwYWNoZS1Db3lvdGUvMS4xDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbDtjaGFyc2V0PUlTTy04ODU5LTENCkRhdGU6IEZyaSwgMDcgTWFyIDIwMTQgMDY6MzQ6MjYgR01UDQpDb250ZW50LUxlbmd0aDogMzAzMDINCg0KDQoNCg0KPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFsLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25hbC5kdGQiPg0KDQo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PUlTTy04ODU5LTEiIC8+DQo8dGl0bGU+QWRkIERhdGEgd2l0aCBTUUwgSW5qZWN0aW9uPC90aXRsZT4NCjxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iY3NzL3dlYmdvYXQuY3NzIiB0eXBlPSJ0ZXh0L2NzcyIgLz4NCjxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iY3NzL2xlc3Nvbi5jc3MiIHR5cGU9InRleHQvY3NzIiAvPg0KPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJjc3MvbWVudS5jc3MiIHR5cGU9InRleHQvY3NzIiAvPg0KPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSJjc3MvbGF5ZXJzLmNzcyIgdHlwZT0idGV4dC9jc3MiIC8+DQo8c2NyaXB0IGxhbmd1YWdlPSJKYXZhU2NyaXB0MS4yIiBzcmM9ImphdmFzY3JpcHQvamF2YXNjcmlwdC5qcyIgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij48L3NjcmlwdD4NCjxzY3JpcHQgbGFuZ3VhZ2U9IkphdmFTY3JpcHQxLjIiIHNyYz0iamF2YXNjcmlwdC9tZW51X3N5c3RlbS5qcyIgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij48L3NjcmlwdD4NCjxzY3JpcHQgbGFuZ3VhZ2U9IkphdmFTY3JpcHQxLjIiIHNyYz0iamF2YXNjcmlwdC9sZXNzb25OYXYuanMiIHR5cGU9InRleHQvamF2YXNjcmlwdCI+PC9zY3JpcHQ+DQo8c2NyaXB0IGxhbmd1YWdlPSJKYXZhU2NyaXB0MS4yIiBzcmM9ImphdmFzY3JpcHQvbWFrZVdpbmRvdy5qcyIgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij48L3NjcmlwdD4NCjxzY3JpcHQgbGFuZ3VhZ2U9IkphdmFTY3JpcHQxLjIiIHNyYz0iamF2YXNjcmlwdC90b2dnbGUuanMiIHR5cGU9InRleHQvamF2YXNjcmlwdCI+PC9zY3JpcHQ+DQo8L2hlYWQ+DQoNCjxib2R5IGNsYXNzPSJwYWdlIiBvbmxvYWQ9InNldE1lbnVNYWdpYzEoMTAsNDAsMTAsJ21lbnVib3R0b20nLCdtZW51NScsJ3N1Ym1lbnU1JywnbWJ1dDUnLCdtZW51MTAwJywnc3VibWVudTEwMCcsJ21idXQxMDAnLCdtZW51MjAwJywnc3VibWVudTIwMCcsJ21idXQyMDAnLCdtZW51NDAwJywnc3VibWVudTQwMCcsJ21idXQ0MDAnLCdtZW51NTAwJywnc3VibWVudTUwMCcsJ21idXQ1MDAnLCdtZW51NjAwJywnc3VibWVudTYwMCcsJ21idXQ2MDAnLCdtZW51NzAwJywnc3VibWVudTcwMCcsJ21idXQ3MDAnLCdtZW51ODAwJywnc3VibWVudTgwMCcsJ21idXQ4MDAnLCdtZW51OTAwJywnc3VibWVudTkwMCcsJ21idXQ5MDAnLCdtZW51MTAwMCcsJ3N1Ym1lbnUxMDAwJywnbWJ1dDEwMDAnLCdtZW51MTEwMCcsJ3N1Ym1lbnUxMTAwJywnbWJ1dDExMDAnLCdtZW51MTIwMCcsJ3N1Ym1lbnUxMjAwJywnbWJ1dDEyMDAnLCdtZW51MTMwMCcsJ3N1Ym1lbnUxMzAwJywnbWJ1dDEzMDAnLCdtZW51MTQwMCcsJ3N1Ym1lbnUxNDAwJywnbWJ1dDE0MDAnLCdtZW51MTUwMCcsJ3N1Ym1lbnUxNTAwJywnbWJ1dDE1MDAnLCdtZW51MTYwMCcsJ3N1Ym1lbnUxNjAwJywnbWJ1dDE2MDAnLCdtZW51MTcwMCcsJ3N1Ym1lbnUxNzAwJywnbWJ1dDE3MDAnLCdtZW51MTgwMCcsJ3N1Ym1lbnUxODAwJywnbWJ1dDE4MDAnLCdtZW51MTkwMCcsJ3N1Ym1lbnUxOTAwJywnbWJ1dDE5MDAnLCdtZW51MjAwMCcsJ3N1Ym1lbnUyMDAwJywnbWJ1dDIwMDAnLCdtZW51MzAwMCcsJ3N1Ym1lbnUzMDAwJywnbWJ1dDMwMDAnKTt0cmlnTU0xdXJsKCdtZW51JywxKTtNTV9wcmVsb2FkSW1hZ2VzKCdpbWFnZXMvYnV0dG9ucy9oaW50TGVmdE92ZXIuanBnJywnaW1hZ2VzL2J1dHRvbnMvaGludE92ZXIuanBnJywnaW1hZ2VzL2J1dHRvbnMvaGludFJpZ2h0T3Zlci5qcGcnLCdpbWFnZXMvYnV0dG9ucy9wYXJhbXNPdmVyLmpwZycsJ2ltYWdlcy9idXR0b25zL2h0bWxPdmVyLmpwZycsJ2ltYWdlcy9idXR0b25zL2Nvb2tpZXNPdmVyLmpwZycsJ2ltYWdlcy9idXR0b25zL2phdmFPdmVyLmpwZycsJ2ltYWdlcy9idXR0b25zL3BsYW5zT3Zlci5qcGcnLCdpbWFnZXMvYnV0dG9ucy9sb2dvdXQuanBnJywnaW1hZ2VzL2J1dHRvbnMvaGVscE92ZXIuanBnJyk7IGluaXRJZnJhbWUoKTsiPg0KDQoJPGRpdiBpZD0id3JhcCI+DQoJDQoJCTxkaXYgaWQ9Im1lbnU1IiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjE0MHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMDUiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnU1JywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQ1IiBib3JkZXI9IjAiIGFsdD0iIi8+SW50cm9kdWN0aW9uPC9hPjwvZGl2Pg0KCQkNCgkJPGRpdiBpZD0ibWVudTEwMCIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0OjMwcHg7IHRvcDoxNzBweDsgd2lkdGg6MTYwcHg7IHotaW5kZXg6MTA2Ij48YSBocmVmPSJqYXZhc2NyaXB0OjsiIG9uY2xpY2s9InRyaWdNZW51TWFnaWMxKCdtZW51MTAwJywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQxMDAiIGJvcmRlcj0iMCIgYWx0PSIiLz5HZW5lcmFsPC9hPjwvZGl2Pg0KCQkNCgkJPGRpdiBpZD0ibWVudTIwMCIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0OjMwcHg7IHRvcDoyMDBweDsgd2lkdGg6MTYwcHg7IHotaW5kZXg6MTA3Ij48YSBocmVmPSJqYXZhc2NyaXB0OjsiIG9uY2xpY2s9InRyaWdNZW51TWFnaWMxKCdtZW51MjAwJywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQyMDAiIGJvcmRlcj0iMCIgYWx0PSIiLz5BY2Nlc3MgQ29udHJvbCBGbGF3czwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnU0MDAiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDozMHB4OyB0b3A6MjMwcHg7IHdpZHRoOjE2MHB4OyB6LWluZGV4OjEwOCI+PGEgaHJlZj0iamF2YXNjcmlwdDo7IiBvbmNsaWNrPSJ0cmlnTWVudU1hZ2ljMSgnbWVudTQwMCcsMSk7cmV0dXJuIGZhbHNlIiBvbmZvY3VzPSJpZih0aGlzLmJsdXIpdGhpcy5ibHVyKCkiPjxpbWcgc3JjPSJpbWFnZXMvbWVudV9pbWFnZXMvMXgxLmdpZiIgd2lkdGg9IjEiIGhlaWdodD0xIjIwIiBuYW1lPSJtYnV0NDAwIiBib3JkZXI9IjAiIGFsdD0iIi8+QUpBWCBTZWN1cml0eTwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnU1MDAiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDozMHB4OyB0b3A6MjYwcHg7IHdpZHRoOjE2MHB4OyB6LWluZGV4OjEwOSI+PGEgaHJlZj0iamF2YXNjcmlwdDo7IiBvbmNsaWNrPSJ0cmlnTWVudU1hZ2ljMSgnbWVudTUwMCcsMSk7cmV0dXJuIGZhbHNlIiBvbmZvY3VzPSJpZih0aGlzLmJsdXIpdGhpcy5ibHVyKCkiPjxpbWcgc3JjPSJpbWFnZXMvbWVudV9pbWFnZXMvMXgxLmdpZiIgd2lkdGg9IjEiIGhlaWdodD0xIjIwIiBuYW1lPSJtYnV0NTAwIiBib3JkZXI9IjAiIGFsdD0iIi8+QXV0aGVudGljYXRpb24gRmxhd3M8L2E+PC9kaXY+DQoJCQ0KCQk8ZGl2IGlkPSJtZW51NjAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjI5MHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMTAiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnU2MDAnLDEpO3JldHVybiBmYWxzZSIgb25mb2N1cz0iaWYodGhpcy5ibHVyKXRoaXMuYmx1cigpIj48aW1nIHNyYz0iaW1hZ2VzL21lbnVfaW1hZ2VzLzF4MS5naWYiIHdpZHRoPSIxIiBoZWlnaHQ9MSIyMCIgbmFtZT0ibWJ1dDYwMCIgYm9yZGVyPSIwIiBhbHQ9IiIvPkJ1ZmZlciBPdmVyZmxvd3M8L2E+PC9kaXY+DQoJCQ0KCQk8ZGl2IGlkPSJtZW51NzAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjMyMHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMTEiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnU3MDAnLDEpO3JldHVybiBmYWxzZSIgb25mb2N1cz0iaWYodGhpcy5ibHVyKXRoaXMuYmx1cigpIj48aW1nIHNyYz0iaW1hZ2VzL21lbnVfaW1hZ2VzLzF4MS5naWYiIHdpZHRoPSIxIiBoZWlnaHQ9MSIyMCIgbmFtZT0ibWJ1dDcwMCIgYm9yZGVyPSIwIiBhbHQ9IiIvPkNvZGUgUXVhbGl0eTwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnU4MDAiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDozMHB4OyB0b3A6MzUwcHg7IHdpZHRoOjE2MHB4OyB6LWluZGV4OjExMiI+PGEgaHJlZj0iamF2YXNjcmlwdDo7IiBvbmNsaWNrPSJ0cmlnTWVudU1hZ2ljMSgnbWVudTgwMCcsMSk7cmV0dXJuIGZhbHNlIiBvbmZvY3VzPSJpZih0aGlzLmJsdXIpdGhpcy5ibHVyKCkiPjxpbWcgc3JjPSJpbWFnZXMvbWVudV9pbWFnZXMvMXgxLmdpZiIgd2lkdGg9IjEiIGhlaWdodD0xIjIwIiBuYW1lPSJtYnV0ODAwIiBib3JkZXI9IjAiIGFsdD0iIi8+Q29uY3VycmVuY3k8L2E+PC9kaXY+DQoJCQ0KCQk8ZGl2IGlkPSJtZW51OTAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjM4MHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMTMiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnU5MDAnLDEpO3JldHVybiBmYWxzZSIgb25mb2N1cz0iaWYodGhpcy5ibHVyKXRoaXMuYmx1cigpIj48aW1nIHNyYz0iaW1hZ2VzL21lbnVfaW1hZ2VzLzF4MS5naWYiIHdpZHRoPSIxIiBoZWlnaHQ9MSIyMCIgbmFtZT0ibWJ1dDkwMCIgYm9yZGVyPSIwIiBhbHQ9IiIvPkNyb3NzLVNpdGUgU2NyaXB0aW5nIChYU1MpPC9hPjwvZGl2Pg0KCQkNCgkJPGRpdiBpZD0ibWVudTEwMDAiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDozMHB4OyB0b3A6NDEwcHg7IHdpZHRoOjE2MHB4OyB6LWluZGV4OjExNCI+PGEgaHJlZj0iamF2YXNjcmlwdDo7IiBvbmNsaWNrPSJ0cmlnTWVudU1hZ2ljMSgnbWVudTEwMDAnLDEpO3JldHVybiBmYWxzZSIgb25mb2N1cz0iaWYodGhpcy5ibHVyKXRoaXMuYmx1cigpIj48aW1nIHNyYz0iaW1hZ2VzL21lbnVfaW1hZ2VzLzF4MS5naWYiIHdpZHRoPSIxIiBoZWlnaHQ9MSIyMCIgbmFtZT0ibWJ1dDEwMDAiIGJvcmRlcj0iMCIgYWx0PSIiLz5JbXByb3BlciBFcnJvciBIYW5kbGluZzwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnUxMTAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjQ0MHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMTUiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnUxMTAwJywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQxMTAwIiBib3JkZXI9IjAiIGFsdD0iIi8+SW5qZWN0aW9uIEZsYXdzPC9hPjwvZGl2Pg0KCQkNCgkJPGRpdiBpZD0ibWVudTEyMDAiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDozMHB4OyB0b3A6NDcwcHg7IHdpZHRoOjE2MHB4OyB6LWluZGV4OjExNiI+PGEgaHJlZj0iamF2YXNjcmlwdDo7IiBvbmNsaWNrPSJ0cmlnTWVudU1hZ2ljMSgnbWVudTEyMDAnLDEpO3JldHVybiBmYWxzZSIgb25mb2N1cz0iaWYodGhpcy5ibHVyKXRoaXMuYmx1cigpIj48aW1nIHNyYz0iaW1hZ2VzL21lbnVfaW1hZ2VzLzF4MS5naWYiIHdpZHRoPSIxIiBoZWlnaHQ9MSIyMCIgbmFtZT0ibWJ1dDEyMDAiIGJvcmRlcj0iMCIgYWx0PSIiLz5EZW5pYWwgb2YgU2VydmljZTwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnUxMzAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjUwMHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMTciPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnUxMzAwJywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQxMzAwIiBib3JkZXI9IjAiIGFsdD0iIi8+SW5zZWN1cmUgQ29tbXVuaWNhdGlvbjwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnUxNDAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjUzMHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMTgiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnUxNDAwJywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQxNDAwIiBib3JkZXI9IjAiIGFsdD0iIi8+SW5zZWN1cmUgQ29uZmlndXJhdGlvbjwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnUxNTAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjU2MHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMTkiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnUxNTAwJywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQxNTAwIiBib3JkZXI9IjAiIGFsdD0iIi8+SW5zZWN1cmUgU3RvcmFnZTwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnUxNjAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjU5MHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMjAiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnUxNjAwJywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQxNjAwIiBib3JkZXI9IjAiIGFsdD0iIi8+TWFsaWNpb3VzIEV4ZWN1dGlvbjwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnUxNzAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjYyMHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMjEiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnUxNzAwJywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQxNzAwIiBib3JkZXI9IjAiIGFsdD0iIi8+UGFyYW1ldGVyIFRhbXBlcmluZzwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnUxODAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjY1MHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMjIiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnUxODAwJywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQxODAwIiBib3JkZXI9IjAiIGFsdD0iIi8+U2Vzc2lvbiBNYW5hZ2VtZW50IEZsYXdzPC9hPjwvZGl2Pg0KCQkNCgkJPGRpdiBpZD0ibWVudTE5MDAiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDozMHB4OyB0b3A6NjgwcHg7IHdpZHRoOjE2MHB4OyB6LWluZGV4OjEyMyI+PGEgaHJlZj0iamF2YXNjcmlwdDo7IiBvbmNsaWNrPSJ0cmlnTWVudU1hZ2ljMSgnbWVudTE5MDAnLDEpO3JldHVybiBmYWxzZSIgb25mb2N1cz0iaWYodGhpcy5ibHVyKXRoaXMuYmx1cigpIj48aW1nIHNyYz0iaW1hZ2VzL21lbnVfaW1hZ2VzLzF4MS5naWYiIHdpZHRoPSIxIiBoZWlnaHQ9MSIyMCIgbmFtZT0ibWJ1dDE5MDAiIGJvcmRlcj0iMCIgYWx0PSIiLz5XZWIgU2VydmljZXM8L2E+PC9kaXY+DQoJCQ0KCQk8ZGl2IGlkPSJtZW51MjAwMCIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0OjMwcHg7IHRvcDo3MTBweDsgd2lkdGg6MTYwcHg7IHotaW5kZXg6MTI0Ij48YSBocmVmPSJqYXZhc2NyaXB0OjsiIG9uY2xpY2s9InRyaWdNZW51TWFnaWMxKCdtZW51MjAwMCcsMSk7cmV0dXJuIGZhbHNlIiBvbmZvY3VzPSJpZih0aGlzLmJsdXIpdGhpcy5ibHVyKCkiPjxpbWcgc3JjPSJpbWFnZXMvbWVudV9pbWFnZXMvMXgxLmdpZiIgd2lkdGg9IjEiIGhlaWdodD0xIjIwIiBuYW1lPSJtYnV0MjAwMCIgYm9yZGVyPSIwIiBhbHQ9IiIvPkFkbWluIEZ1bmN0aW9uczwvYT48L2Rpdj4NCgkJDQoJCTxkaXYgaWQ9Im1lbnUzMDAwIiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MzBweDsgdG9wOjc0MHB4OyB3aWR0aDoxNjBweDsgei1pbmRleDoxMjUiPjxhIGhyZWY9ImphdmFzY3JpcHQ6OyIgb25jbGljaz0idHJpZ01lbnVNYWdpYzEoJ21lbnUzMDAwJywxKTtyZXR1cm4gZmFsc2UiIG9uZm9jdXM9ImlmKHRoaXMuYmx1cil0aGlzLmJsdXIoKSI+PGltZyBzcmM9ImltYWdlcy9tZW51X2ltYWdlcy8xeDEuZ2lmIiB3aWR0aD0iMSIgaGVpZ2h0PTEiMjAiIG5hbWU9Im1idXQzMDAwIiBib3JkZXI9IjAiIGFsdD0iIi8+Q2hhbGxlbmdlPC9hPjwvZGl2Pg0KCQkgICAgDQoJCTxkaXYgaWQ9InN1Ym1lbnU1IiBjbGFzcz0icHZpaW1lbnVkaXYiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDoyMDBweDsgdG9wOjcycHg7IHdpZHRoOjE1MHB4OyB2aXNpYmlsaXR5OiBoaWRkZW47IHotaW5kZXg6MTI2Ij4NCgkgIAkJPHRhYmxlIHdpZHRoPSIxNTAiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjYiIGNlbGxwYWRkaW5nPSIwIj48dHI+DQoJICAgICAgCQk8dGQ+PGltZyBzcmM9ImltYWdlcy9idXR0b25zL2xlc3NvbkNvbXBsZXRlLmpwZyI+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0zMiZtZW51PTUiPkhvdyB0byB3b3JrIHdpdGggV2ViR29hdDwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj00OCZtZW51PTUiPlRvbWNhdCBDb25maWd1cmF0aW9uPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTUmbWVudT01Ij5Vc2VmdWwgVG9vbHM8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NDImbWVudT01Ij5Ib3cgdG8gY3JlYXRlIGEgTGVzc29uPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCQ0KCSAgCQk8L3RhYmxlPg0KCQk8L2Rpdj4gICAgDQoJCTxkaXYgaWQ9InN1Ym1lbnUxMDAiIGNsYXNzPSJwdmlpbWVudWRpdiIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0OjIwMHB4OyB0b3A6MTAycHg7IHdpZHRoOjE1MHB4OyB2aXNpYmlsaXR5OiBoaWRkZW47IHotaW5kZXg6MTI3Ij4NCgkgIAkJPHRhYmxlIHdpZHRoPSIxNTAiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjYiIGNlbGxwYWRkaW5nPSIwIj48dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0xNiZtZW51PTEwMCI+SHR0cCBCYXNpY3M8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MyZtZW51PTEwMCI+SFRUUCBTcGxpdHRpbmc8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJDQoJICAJCTwvdGFibGU+DQoJCTwvZGl2PiAgICANCgkJPGRpdiBpZD0ic3VibWVudTIwMCIgY2xhc3M9InB2aWltZW51ZGl2IiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MjAwcHg7IHRvcDoxMzJweDsgd2lkdGg6MTUwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsgei1pbmRleDoxMjgiPg0KCSAgCQk8dGFibGUgd2lkdGg9IjE1MCIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iNiIgY2VsbHBhZGRpbmc9IjAiPjx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTUzJm1lbnU9MjAwIj5Vc2luZyBhbiBBY2Nlc3MgQ29udHJvbCBNYXRyaXg8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NTcmbWVudT0yMDAiPkJ5cGFzcyBhIFBhdGggQmFzZWQgQWNjZXNzIENvbnRyb2wgU2NoZW1lPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTY1Jm1lbnU9MjAwIj5MQUI6IFJvbGUgQmFzZWQgQWNjZXNzIENvbnRyb2w8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJICAgIAkJPHRyPjx0ZCBjbGFzcz0icHZpaW1lbnVkaXZzdGFnZSI+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj02NSZtZW51PTIwMCZzdGFnZT0xIj5TdGFnZSAxOiBCeXBhc3MgQnVzaW5lc3MgTGF5ZXIgQWNjZXNzIENvbnRyb2w8L2E+DQoJCQkJCQk8L3RkPjwvdHI+DQoJCQkJDQoJCQkgICAgCQk8dHI+PHRkIGNsYXNzPSJwdmlpbWVudWRpdnN0YWdlIj48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTY1Jm1lbnU9MjAwJnN0YWdlPTIiPlN0YWdlIDI6IEFkZCBCdXNpbmVzcyBMYXllciBBY2Nlc3MgQ29udHJvbDwvYT4NCgkJCQkJCTwvdGQ+PC90cj4NCgkJCQkNCgkJCSAgICAJCTx0cj48dGQgY2xhc3M9InB2aWltZW51ZGl2c3RhZ2UiPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NjUmbWVudT0yMDAmc3RhZ2U9MyI+U3RhZ2UgMzogQnlwYXNzIERhdGEgTGF5ZXIgQWNjZXNzIENvbnRyb2w8L2E+DQoJCQkJCQk8L3RkPjwvdHI+DQoJCQkJDQoJCQkgICAgCQk8dHI+PHRkIGNsYXNzPSJwdmlpbWVudWRpdnN0YWdlIj48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTY1Jm1lbnU9MjAwJnN0YWdlPTQiPlN0YWdlIDQ6IEFkZCBEYXRhIExheWVyIEFjY2VzcyBDb250cm9sPC9hPg0KCQkJCQkJPC90ZD48L3RyPg0KCQkJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MTAmbWVudT0yMDAiPlJlbW90ZSBBZG1pbiBBY2Nlc3M8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJDQoJICAJCTwvdGFibGU+DQoJCTwvZGl2PiAgICANCgkJPGRpdiBpZD0ic3VibWVudTQwMCIgY2xhc3M9InB2aWltZW51ZGl2IiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MjAwcHg7IHRvcDoxNjJweDsgd2lkdGg6MTUwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsgei1pbmRleDoxMjkiPg0KCSAgCQk8dGFibGUgd2lkdGg9IjE1MCIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iNiIgY2VsbHBhZGRpbmc9IjAiPjx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTQxJm1lbnU9NDAwIj5TYW1lIE9yaWdpbiBQb2xpY3kgUHJvdGVjdGlvbjwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj00OSZtZW51PTQwMCI+TEFCOiBET00tQmFzZWQgY3Jvc3Mtc2l0ZSBzY3JpcHRpbmc8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NTUmbWVudT00MDAiPkxBQjogQ2xpZW50IFNpZGUgRmlsdGVyaW5nPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTc0Jm1lbnU9NDAwIj5ET00gSW5qZWN0aW9uPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTU5Jm1lbnU9NDAwIj5YTUwgSW5qZWN0aW9uPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTQ0Jm1lbnU9NDAwIj5KU09OIEluamVjdGlvbjwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj02OCZtZW51PTQwMCI+U2lsZW50IFRyYW5zYWN0aW9ucyBBdHRhY2tzPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTIyJm1lbnU9NDAwIj5EYW5nZXJvdXMgVXNlIG9mIEV2YWw8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NDMmbWVudT00MDAiPkluc2VjdXJlIENsaWVudCBTdG9yYWdlPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCQ0KCSAgCQk8L3RhYmxlPg0KCQk8L2Rpdj4gICAgDQoJCTxkaXYgaWQ9InN1Ym1lbnU1MDAiIGNsYXNzPSJwdmlpbWVudWRpdiIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0OjIwMHB4OyB0b3A6MTkycHg7IHdpZHRoOjE1MHB4OyB2aXNpYmlsaXR5OiBoaWRkZW47IHotaW5kZXg6MTMwIj4NCgkgIAkJPHRhYmxlIHdpZHRoPSIxNTAiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjYiIGNlbGxwYWRkaW5nPSIwIj48dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj02NiZtZW51PTUwMCI+UGFzc3dvcmQgU3RyZW5ndGg8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NjQmbWVudT01MDAiPkZvcmdvdCBQYXNzd29yZDwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0zNSZtZW51PTUwMCI+QmFzaWMgQXV0aGVudGljYXRpb248L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MzMmbWVudT01MDAiPk11bHRpIExldmVsIExvZ2luIDI8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NjEmbWVudT01MDAiPk11bHRpIExldmVsIExvZ2luIDE8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJDQoJICAJCTwvdGFibGU+DQoJCTwvZGl2PiAgICANCgkJPGRpdiBpZD0ic3VibWVudTYwMCIgY2xhc3M9InB2aWltZW51ZGl2IiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MjAwcHg7IHRvcDoyMjJweDsgd2lkdGg6MTUwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsgei1pbmRleDoxMzEiPg0KCSAgCQk8dGFibGUgd2lkdGg9IjE1MCIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iNiIgY2VsbHBhZGRpbmc9IjAiPjx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTUwJm1lbnU9NjAwIj5PZmYtYnktT25lIE92ZXJmbG93czwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQkNCgkgIAkJPC90YWJsZT4NCgkJPC9kaXY+ICAgIA0KCQk8ZGl2IGlkPSJzdWJtZW51NzAwIiBjbGFzcz0icHZpaW1lbnVkaXYiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDoyMDBweDsgdG9wOjI1MnB4OyB3aWR0aDoxNTBweDsgdmlzaWJpbGl0eTogaGlkZGVuOyB6LWluZGV4OjEzMiI+DQoJICAJCTx0YWJsZSB3aWR0aD0iMTUwIiBib3JkZXI9IjAiIGNlbGxzcGFjaW5nPSI2IiBjZWxscGFkZGluZz0iMCI+PHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NDAmbWVudT03MDAiPkRpc2NvdmVyIENsdWVzIGluIHRoZSBIVE1MPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCQ0KCSAgCQk8L3RhYmxlPg0KCQk8L2Rpdj4gICAgDQoJCTxkaXYgaWQ9InN1Ym1lbnU4MDAiIGNsYXNzPSJwdmlpbWVudWRpdiIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0OjIwMHB4OyB0b3A6MjgycHg7IHdpZHRoOjE1MHB4OyB2aXNpYmlsaXR5OiBoaWRkZW47IHotaW5kZXg6MTMzIj4NCgkgIAkJPHRhYmxlIHdpZHRoPSIxNTAiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjYiIGNlbGxwYWRkaW5nPSIwIj48dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj02OSZtZW51PTgwMCI+VGhyZWFkIFNhZmV0eSBQcm9ibGVtczwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0xNSZtZW51PTgwMCI+U2hvcHBpbmcgQ2FydCBDb25jdXJyZW5jeSBGbGF3PC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCQ0KCSAgCQk8L3RhYmxlPg0KCQk8L2Rpdj4gICAgDQoJCTxkaXYgaWQ9InN1Ym1lbnU5MDAiIGNsYXNzPSJwdmlpbWVudWRpdiIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0OjIwMHB4OyB0b3A6MzEycHg7IHdpZHRoOjE1MHB4OyB2aXNpYmlsaXR5OiBoaWRkZW47IHotaW5kZXg6MTM0Ij4NCgkgIAkJPHRhYmxlIHdpZHRoPSIxNTAiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjYiIGNlbGxwYWRkaW5nPSIwIj48dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj01NCZtZW51PTkwMCI+UGhpc2hpbmcgd2l0aCBYU1M8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MjAmbWVudT05MDAiPkxBQjogQ3Jvc3MgU2l0ZSBTY3JpcHRpbmc8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJICAgIAkJPHRyPjx0ZCBjbGFzcz0icHZpaW1lbnVkaXZzdGFnZSI+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0yMCZtZW51PTkwMCZzdGFnZT0xIj5TdGFnZSAxOiBTdG9yZWQgWFNTPC9hPg0KCQkJCQkJPC90ZD48L3RyPg0KCQkJCQ0KCQkJICAgIAkJPHRyPjx0ZCBjbGFzcz0icHZpaW1lbnVkaXZzdGFnZSI+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0yMCZtZW51PTkwMCZzdGFnZT0yIj5TdGFnZSAyOiBCbG9jayBTdG9yZWQgWFNTIHVzaW5nIElucHV0IFZhbGlkYXRpb248L2E+DQoJCQkJCQk8L3RkPjwvdHI+DQoJCQkJDQoJCQkgICAgCQk8dHI+PHRkIGNsYXNzPSJwdmlpbWVudWRpdnN0YWdlIj48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTIwJm1lbnU9OTAwJnN0YWdlPTMiPlN0YWdlIDM6IFN0b3JlZCBYU1MgUmV2aXNpdGVkPC9hPg0KCQkJCQkJPC90ZD48L3RyPg0KCQkJCQ0KCQkJICAgIAkJPHRyPjx0ZCBjbGFzcz0icHZpaW1lbnVkaXZzdGFnZSI+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0yMCZtZW51PTkwMCZzdGFnZT00Ij5TdGFnZSA0OiBCbG9jayBTdG9yZWQgWFNTIHVzaW5nIE91dHB1dCBFbmNvZGluZzwvYT4NCgkJCQkJCTwvdGQ+PC90cj4NCgkJCQkNCgkJCSAgICAJCTx0cj48dGQgY2xhc3M9InB2aWltZW51ZGl2c3RhZ2UiPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MjAmbWVudT05MDAmc3RhZ2U9NSI+U3RhZ2UgNTogUmVmbGVjdGVkIFhTUzwvYT4NCgkJCQkJCTwvdGQ+PC90cj4NCgkJCQkNCgkJCSAgICAJCTx0cj48dGQgY2xhc3M9InB2aWltZW51ZGl2c3RhZ2UiPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MjAmbWVudT05MDAmc3RhZ2U9NiI+U3RhZ2UgNjogQmxvY2sgUmVmbGVjdGVkIFhTUzwvYT4NCgkJCQkJCTwvdGQ+PC90cj4NCgkJCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTcwJm1lbnU9OTAwIj5TdG9yZWQgWFNTIEF0dGFja3M8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MzEmbWVudT05MDAiPlJlZmxlY3RlZCBYU1MgQXR0YWNrczwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj01MiZtZW51PTkwMCI+Q3Jvc3MgU2l0ZSBSZXF1ZXN0IEZvcmdlcnkgKENTUkYpPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTQ1Jm1lbnU9OTAwIj5DU1JGIFByb21wdCBCeS1QYXNzPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTImbWVudT05MDAiPkNTUkYgVG9rZW4gQnktUGFzczwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj04Jm1lbnU9OTAwIj5IVFRQT25seSBUZXN0PC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTc1Jm1lbnU9OTAwIj5Dcm9zcyBTaXRlIFRyYWNpbmcgKFhTVCkgQXR0YWNrczwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQkNCgkgIAkJPC90YWJsZT4NCgkJPC9kaXY+ICAgIA0KCQk8ZGl2IGlkPSJzdWJtZW51MTAwMCIgY2xhc3M9InB2aWltZW51ZGl2IiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MjAwcHg7IHRvcDozNDJweDsgd2lkdGg6MTUwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsgei1pbmRleDoxMzUiPg0KCSAgCQk8dGFibGUgd2lkdGg9IjE1MCIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iNiIgY2VsbHBhZGRpbmc9IjAiPjx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTM5Jm1lbnU9MTAwMCI+RmFpbCBPcGVuIEF1dGhlbnRpY2F0aW9uIFNjaGVtZTwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQkNCgkgIAkJPC90YWJsZT4NCgkJPC9kaXY+ICAgIA0KCQk8ZGl2IGlkPSJzdWJtZW51MTEwMCIgY2xhc3M9InB2aWltZW51ZGl2IiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MjAwcHg7IHRvcDozNzJweDsgd2lkdGg6MTUwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsgei1pbmRleDoxMzYiPg0KCSAgCQk8dGFibGUgd2lkdGg9IjE1MCIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iNiIgY2VsbHBhZGRpbmc9IjAiPjx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTExJm1lbnU9MTEwMCI+Q29tbWFuZCBJbmplY3Rpb248L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NzcmbWVudT0xMTAwIj5OdW1lcmljIFNRTCBJbmplY3Rpb248L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NzYmbWVudT0xMTAwIj5Mb2cgU3Bvb2Zpbmc8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NDYmbWVudT0xMTAwIj5YUEFUSCBJbmplY3Rpb248L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MzYmbWVudT0xMTAwIj5TdHJpbmcgU1FMIEluamVjdGlvbjwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj03MSZtZW51PTExMDAiPkxBQjogU1FMIEluamVjdGlvbjwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQkgICAgCQk8dHI+PHRkIGNsYXNzPSJwdmlpbWVudWRpdnN0YWdlIj48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTcxJm1lbnU9MTEwMCZzdGFnZT0xIj5TdGFnZSAxOiBTdHJpbmcgU1FMIEluamVjdGlvbjwvYT4NCgkJCQkJCTwvdGQ+PC90cj4NCgkJCQkNCgkJCSAgICAJCTx0cj48dGQgY2xhc3M9InB2aWltZW51ZGl2c3RhZ2UiPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NzEmbWVudT0xMTAwJnN0YWdlPTIiPlN0YWdlIDI6IFBhcmFtZXRlcml6ZWQgUXVlcnkgIzE8L2E+DQoJCQkJCQk8L3RkPjwvdHI+DQoJCQkJDQoJCQkgICAgCQk8dHI+PHRkIGNsYXNzPSJwdmlpbWVudWRpdnN0YWdlIj48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTcxJm1lbnU9MTEwMCZzdGFnZT0zIj5TdGFnZSAzOiBOdW1lcmljIFNRTCBJbmplY3Rpb248L2E+DQoJCQkJCQk8L3RkPjwvdHI+DQoJCQkJDQoJCQkgICAgCQk8dHI+PHRkIGNsYXNzPSJwdmlpbWVudWRpdnN0YWdlIj48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTcxJm1lbnU9MTEwMCZzdGFnZT00Ij5TdGFnZSA0OiBQYXJhbWV0ZXJpemVkIFF1ZXJ5ICMyPC9hPg0KCQkJCQkJPC90ZD48L3RyPg0KCQkJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxpbWcgc3JjPSJpbWFnZXMvYnV0dG9ucy9sZXNzb25Db21wbGV0ZS5qcGciPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MzgmbWVudT0xMTAwIj5Nb2RpZnkgRGF0YSB3aXRoIFNRTCBJbmplY3Rpb248L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxpbWcgc3JjPSJpbWFnZXMvYnV0dG9ucy9sZXNzb25Db21wbGV0ZS5qcGciPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NiZtZW51PTExMDAiPkFkZCBEYXRhIHdpdGggU1FMIEluamVjdGlvbjwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGltZyBzcmM9ImltYWdlcy9idXR0b25zL2xlc3NvbkNvbXBsZXRlLmpwZyI+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0xMiZtZW51PTExMDAiPkRhdGFiYXNlIEJhY2tkb29ycyA8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NCZtZW51PTExMDAiPkJsaW5kIE51bWVyaWMgU1FMIEluamVjdGlvbjwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0xMyZtZW51PTExMDAiPkJsaW5kIFN0cmluZyBTUUwgSW5qZWN0aW9uPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCQ0KCSAgCQk8L3RhYmxlPg0KCQk8L2Rpdj4gICAgDQoJCTxkaXYgaWQ9InN1Ym1lbnUxMjAwIiBjbGFzcz0icHZpaW1lbnVkaXYiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDoyMDBweDsgdG9wOjQwMnB4OyB3aWR0aDoxNTBweDsgdmlzaWJpbGl0eTogaGlkZGVuOyB6LWluZGV4OjEzNyI+DQoJICAJCTx0YWJsZSB3aWR0aD0iMTUwIiBib3JkZXI9IjAiIGNlbGxzcGFjaW5nPSI2IiBjZWxscGFkZGluZz0iMCI+PHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NjMmbWVudT0xMjAwIj5EZW5pYWwgb2YgU2VydmljZSBmcm9tIE11bHRpcGxlIExvZ2luczwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQkNCgkgIAkJPC90YWJsZT4NCgkJPC9kaXY+ICAgIA0KCQk8ZGl2IGlkPSJzdWJtZW51MTMwMCIgY2xhc3M9InB2aWltZW51ZGl2IiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MjAwcHg7IHRvcDo0MzJweDsgd2lkdGg6MTUwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsgei1pbmRleDoxMzgiPg0KCSAgCQk8dGFibGUgd2lkdGg9IjE1MCIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iNiIgY2VsbHBhZGRpbmc9IjAiPjx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTY3Jm1lbnU9MTMwMCI+SW5zZWN1cmUgTG9naW48L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJDQoJICAJCTwvdGFibGU+DQoJCTwvZGl2PiAgICANCgkJPGRpdiBpZD0ic3VibWVudTE0MDAiIGNsYXNzPSJwdmlpbWVudWRpdiIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0OjIwMHB4OyB0b3A6NDYycHg7IHdpZHRoOjE1MHB4OyB2aXNpYmlsaXR5OiBoaWRkZW47IHotaW5kZXg6MTM5Ij4NCgkgIAkJPHRhYmxlIHdpZHRoPSIxNTAiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjYiIGNlbGxwYWRkaW5nPSIwIj48dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0zNyZtZW51PTE0MDAiPkZvcmNlZCBCcm93c2luZzwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQkNCgkgIAkJPC90YWJsZT4NCgkJPC9kaXY+ICAgIA0KCQk8ZGl2IGlkPSJzdWJtZW51MTUwMCIgY2xhc3M9InB2aWltZW51ZGl2IiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MjAwcHg7IHRvcDo0OTJweDsgd2lkdGg6MTUwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsgei1pbmRleDoxNDAiPg0KCSAgCQk8dGFibGUgd2lkdGg9IjE1MCIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iNiIgY2VsbHBhZGRpbmc9IjAiPjx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTYyJm1lbnU9MTUwMCI+RW5jb2RpbmcgQmFzaWNzPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCQ0KCSAgCQk8L3RhYmxlPg0KCQk8L2Rpdj4gICAgDQoJCTxkaXYgaWQ9InN1Ym1lbnUxNjAwIiBjbGFzcz0icHZpaW1lbnVkaXYiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDoyMDBweDsgdG9wOjUyMnB4OyB3aWR0aDoxNTBweDsgdmlzaWJpbGl0eTogaGlkZGVuOyB6LWluZGV4OjE0MSI+DQoJICAJCTx0YWJsZSB3aWR0aD0iMTUwIiBib3JkZXI9IjAiIGNlbGxzcGFjaW5nPSI2IiBjZWxscGFkZGluZz0iMCI+PHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MTgmbWVudT0xNjAwIj5NYWxpY2lvdXMgRmlsZSBFeGVjdXRpb248L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJDQoJICAJCTwvdGFibGU+DQoJCTwvZGl2PiAgICANCgkJPGRpdiBpZD0ic3VibWVudTE3MDAiIGNsYXNzPSJwdmlpbWVudWRpdiIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0OjIwMHB4OyB0b3A6NTUycHg7IHdpZHRoOjE1MHB4OyB2aXNpYmlsaXR5OiBoaWRkZW47IHotaW5kZXg6MTQyIj4NCgkgIAkJPHRhYmxlIHdpZHRoPSIxNTAiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjYiIGNlbGxwYWRkaW5nPSIwIj48dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj01MSZtZW51PTE3MDAiPkJ5cGFzcyBIVE1MIEZpZWxkIFJlc3RyaWN0aW9uczwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0zNCZtZW51PTE3MDAiPkV4cGxvaXQgSGlkZGVuIEZpZWxkczwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj00NyZtZW51PTE3MDAiPkV4cGxvaXQgVW5jaGVja2VkIEVtYWlsPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCTx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTE3Jm1lbnU9MTcwMCI+QnlwYXNzIENsaWVudCBTaWRlIEphdmFTY3JpcHQgVmFsaWRhdGlvbjwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQkNCgkgIAkJPC90YWJsZT4NCgkJPC9kaXY+ICAgIA0KCQk8ZGl2IGlkPSJzdWJtZW51MTgwMCIgY2xhc3M9InB2aWltZW51ZGl2IiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MjAwcHg7IHRvcDo1ODJweDsgd2lkdGg6MTUwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsgei1pbmRleDoxNDMiPg0KCSAgCQk8dGFibGUgd2lkdGg9IjE1MCIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iNiIgY2VsbHBhZGRpbmc9IjAiPjx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTcyJm1lbnU9MTgwMCI+SGlqYWNrIGEgU2Vzc2lvbjwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj03MyZtZW51PTE4MDAiPlNwb29mIGFuIEF1dGhlbnRpY2F0aW9uIENvb2tpZTwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj01NiZtZW51PTE4MDAiPlNlc3Npb24gRml4YXRpb248L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJDQoJICAJCTwvdGFibGU+DQoJCTwvZGl2PiAgICANCgkJPGRpdiBpZD0ic3VibWVudTE5MDAiIGNsYXNzPSJwdmlpbWVudWRpdiIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0OjIwMHB4OyB0b3A6NjEycHg7IHdpZHRoOjE1MHB4OyB2aXNpYmlsaXR5OiBoaWRkZW47IHotaW5kZXg6MTQ0Ij4NCgkgIAkJPHRhYmxlIHdpZHRoPSIxNTAiIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjYiIGNlbGxwYWRkaW5nPSIwIj48dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0xOSZtZW51PTE5MDAiPkNyZWF0ZSBhIFNPQVAgUmVxdWVzdDwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQk8dHI+DQoJICAgICAgCQk8dGQ+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj0yMyZtZW51PTE5MDAiPldTREwgU2Nhbm5pbmc8L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NyZtZW51PTE5MDAiPldlYiBTZXJ2aWNlIFNBWCBJbmplY3Rpb248L2E+PC90ZD4NCgkgICAgCQk8L3RyPg0KCSAgICAJCQ0KCQkJPHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NjAmbWVudT0xOTAwIj5XZWIgU2VydmljZSBTUUwgSW5qZWN0aW9uPC9hPjwvdGQ+DQoJICAgIAkJPC90cj4NCgkgICAgCQkNCgkJCQ0KCSAgCQk8L3RhYmxlPg0KCQk8L2Rpdj4gICAgDQoJCTxkaXYgaWQ9InN1Ym1lbnUyMDAwIiBjbGFzcz0icHZpaW1lbnVkaXYiIHN0eWxlPSJwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDoyMDBweDsgdG9wOjY0MnB4OyB3aWR0aDoxNTBweDsgdmlzaWJpbGl0eTogaGlkZGVuOyB6LWluZGV4OjE0NSI+DQoJICAJCTx0YWJsZSB3aWR0aD0iMTUwIiBib3JkZXI9IjAiIGNlbGxzcGFjaW5nPSI2IiBjZWxscGFkZGluZz0iMCI+PHRyPg0KCSAgICAgIAkJPHRkPjxhIGhyZWY9ImF0dGFjaz9TY3JlZW49MjUmbWVudT0yMDAwIj5SZXBvcnQgQ2FyZDwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQkNCgkgIAkJPC90YWJsZT4NCgkJPC9kaXY+ICAgIA0KCQk8ZGl2IGlkPSJzdWJtZW51MzAwMCIgY2xhc3M9InB2aWltZW51ZGl2IiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7IGxlZnQ6MjAwcHg7IHRvcDo2NzJweDsgd2lkdGg6MTUwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsgei1pbmRleDoxNDYiPg0KCSAgCQk8dGFibGUgd2lkdGg9IjE1MCIgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iNiIgY2VsbHBhZGRpbmc9IjAiPjx0cj4NCgkgICAgICAJCTx0ZD48YSBocmVmPSJhdHRhY2s/U2NyZWVuPTkmbWVudT0zMDAwIj5UaGUgQ0hBTExFTkdFITwvYT48L3RkPg0KCSAgICAJCTwvdHI+DQoJICAgIAkJDQoJCQkNCgkgIAkJPC90YWJsZT4NCgkJPC9kaXY+DQoJCTxkaXYgaWQ9InRvcCI+PC9kaXY+DQoJCTxkaXYgaWQ9InRvcExlZnQiPg0KCQk8ZGl2IGFsaWduPSJsZWZ0Ij4NCgkJDQoJCQlJbnRlcm5hdGlvbmFsaXphdGlvbiBpcyBub3QgYXZhaWxhYmxlIGZvciB0aGlzIGxlc3Nvbg0KCQkNCgkJPC9kaXY+PC9kaXY+DQoJCTxkaXYgYWxpZ249InJpZ2h0IiBpZD0idG9wUmlnaHQiPg0KCQk8YSBocmVmPSJhdHRhY2s/YWN0aW9uPUxvZ291dCIgb25tb3VzZW91dD0iTU1fc3dhcEltZ1Jlc3RvcmUoKSINCgkJCW9ubW91c2VvdmVyPSJNTV9zd2FwSW1hZ2UoJ2xvZ291dCcsJycsJ2ltYWdlcy9idXR0b25zL2xvZ291dE92ZXIuanBnJywxKSI+PGltZw0KCQkJc3JjPSJpbWFnZXMvYnV0dG9ucy9sb2dvdXQuanBnIiBhbHQ9IkxvZ091dCIgbmFtZT0ibG9nb3V0IiB3aWR0aD0iNDUiDQoJCQloZWlnaHQ9IjIyIiBib3JkZXI9IjAiIGlkPSJsb2dvdXQiIC8+PC9hPiA8YSBocmVmPSIjZ2V0RkFRKCkiDQoJCQlvbm1vdXNlb3V0PSJNTV9zd2FwSW1nUmVzdG9yZSgpIg0KCQkJb25tb3VzZW92ZXI9Ik1NX3N3YXBJbWFnZSgnaGVscCcsJycsJ2ltYWdlcy9idXR0b25zL2hlbHBPdmVyLmpwZycsMSkiPjxpbWcNCgkJCXNyYz0iaW1hZ2VzL2J1dHRvbnMvaGVscC5qcGciIGFsdD0iSGVscCIgbmFtZT0iaGVscCIgd2lkdGg9IjIyIg0KCQkJaGVpZ2h0PSIyMiIgYm9yZGVyPSIwIiBpZD0iaGVscCIgLz48L2E+DQoJCTwvZGl2Pg0KPGRpdiBpZD0ibGVzc29uVGl0bGUiIGFsaWduPSJyaWdodCI+QWRkIERhdGEgd2l0aCBTUUwgSW5qZWN0aW9uPC9kaXY+DQoJCQk8ZGl2IGlkPSJoTWVudUJhciI+DQoJCQkJDQoJCQkJPGEgaHJlZj0iYXR0YWNrP1NjcmVlbj02Jm1lbnU9MTEwMCZzaG93PVByZXZpb3VzSGludCIgdGFyZ2V0PSJfdG9wIiBvbmNsaWNrPSJNTV9uYkdyb3VwKCdkb3duJywnZ3JvdXAxJywnaGludExlZnQnLCcnLDEpIiANCgkJCQlvbm1vdXNlb3Zlcj0iTU1fbmJHcm91cCgnb3ZlcicsJ2hpbnRMZWZ0JywnaW1hZ2VzL2J1dHRvbnMvaGludExlZnRPdmVyLmpwZycsJycsMSkiIA0KCQkJCW9ubW91c2VvdXQ9Ik1NX25iR3JvdXAoJ291dCcpIj4NCgkJCQk8aW1nIHNyYz0iaW1hZ2VzL2J1dHRvbnMvaGludExlZnQuanBnIiBhbHQ9IlByZXZpb3VzIEhpbnQiIG5hbWU9ImhpbnRMZWZ0IiB3aWR0aD0iMjAiIGhlaWdodD0iMjAiIGJvcmRlcj0iMCIgaWQ9ImhpbnRMZWZ0Ii8+DQoJCQkJPC9hPg0KCQkJCTxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NiZtZW51PTExMDAmc2hvdz1OZXh0SGludCIgdGFyZ2V0PSJfdG9wIiBvbmNsaWNrPSJNTV9uYkdyb3VwKCdkb3duJywnZ3JvdXAxJywnaGludCcsJycsMSkiIA0KCQkJCW9ubW91c2VvdmVyPSJNTV9uYkdyb3VwKCdvdmVyJywnaGludCcsJ2ltYWdlcy9idXR0b25zL2hpbnRPdmVyLmpwZycsJycsMSkiIA0KCQkJCW9ubW91c2VvdXQ9Ik1NX25iR3JvdXAoJ291dCcpIj4NCgkJCQk8aW1nIHNyYz0iaW1hZ2VzL2J1dHRvbnMvaGludC5qcGciIGFsdD0iSGludHMiIG5hbWU9ImhpbnQiIHdpZHRoPSIzNSIgaGVpZ2h0PSIyMCIgYm9yZGVyPSIwIiBpZD0iaGludCIvPg0KCQkJCTwvYT4NCgkJCQk8YSBocmVmPSJhdHRhY2s/U2NyZWVuPTYmbWVudT0xMTAwJnNob3c9TmV4dEhpbnQiIHRhcmdldD0iX3RvcCIgb25jbGljaz0iTU1fbmJHcm91cCgnZG93bicsJ2dyb3VwMScsJ2hpbnRSaWdodCcsJycsMSkiIA0KCQkJCW9ubW91c2VvdmVyPSJNTV9uYkdyb3VwKCdvdmVyJywnaGludFJpZ2h0JywnaW1hZ2VzL2J1dHRvbnMvaGludFJpZ2h0T3Zlci5qcGcnLCcnLDEpIiANCgkJCQlvbm1vdXNlb3V0PSJNTV9uYkdyb3VwKCdvdXQnKSI+DQoJCQkJPGltZyBzcmM9ImltYWdlcy9idXR0b25zL2hpbnRSaWdodC5qcGciIGFsdD0iTmV4dCBIaW50IiBuYW1lPSJoaW50UmlnaHQiIHdpZHRoPSIyMCIgaGVpZ2h0PSIyMCIgYm9yZGVyPSIwIiBpZD0iaGludFJpZ2h0Ii8+DQoJCQkJPC9hPg0KCQkJCQ0KCQkJCTxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NiZtZW51PTExMDAmc2hvdz1QYXJhbXMiIHRhcmdldD0iX3RvcCIgb25jbGljaz0iTU1fbmJHcm91cCgnZG93bicsJ2dyb3VwMScsJ3BhcmFtcycsJycsMSkiIA0KCQkJCW9ubW91c2VvdmVyPSJNTV9uYkdyb3VwKCdvdmVyJywncGFyYW1zJywnaW1hZ2VzL2J1dHRvbnMvcGFyYW1zT3Zlci5qcGcnLCcnLDEpIiANCgkJCQlvbm1vdXNlb3V0PSJNTV9uYkdyb3VwKCdvdXQnKSI+DQoJCQkJPGltZyBzcmM9ImltYWdlcy9idXR0b25zL3BhcmFtcy5qcGciIGFsdD0iU2hvdyBQYXJhbXMiIG5hbWU9ImF0dGFjaz9TY3JlZW49NiZtZW51PTExMDAmc2hvdz1QYXJhbXMiIHdpZHRoPSI4NyIgaGVpZ2h0PSIyMCIgYm9yZGVyPSIwIiBpZD0icGFyYW1zIi8+DQoJCQkJPC9hPg0KCQkJCTxhIGhyZWY9ImF0dGFjaz9TY3JlZW49NiZtZW51PTExMDAmc2hvdz1Db29raWVzIiB0YXJnZXQ9Il90b3AiIG9uY2xpY2s9Ik1NX25iR3JvdXAoJ2Rvd24nLCdncm91cDEnLCdjb29raWVzJywnJywxKSIgDQoJCQkJb25tb3VzZW92ZXI9Ik1NX25iR3JvdXAoJ292ZXInLCdjb29raWVzJywnaW1hZ2VzL2J1dHRvbnMvY29va2llc092ZXIuanBnJywnJywxKSIgDQoJCQkJb25tb3VzZW91dD0iTU1fbmJHcm91cCgnb3V0JykiPg0KCQkJCTxpbWcgc3JjPSJpbWFnZXMvYnV0dG9ucy9jb29raWVzLmpwZyIgYWx0PSJTaG93IENvb2tpZXMiIG5hbWU9ImNvb2tpZXMiIHdpZHRoPSI5OSIgaGVpZ2h0PSIyMCIgYm9yZGVyPSIwIiBpZD0iY29va2llcyIvPg0KCQkJCTwvYT4NCgkJCQk8YSBocmVmPSJqYXZhc2NyaXB0OnRvZ2dsZSgnbGVzc29uUGxhbnMnKSIgdGFyZ2V0PSJfdG9wIiBvbmNsaWNrPSJNTV9uYkdyb3VwKCdkb3duJywnZ3JvdXAxJywncGxhbnMnLCcnLDEpIiANCgkJCQlvbm1vdXNlb3Zlcj0iTU1fbmJHcm91cCgnb3ZlcicsJ3BsYW5zJywnaW1hZ2VzL2J1dHRvbnMvcGxhbnNPdmVyLmpwZycsJycsMSkiIA0KCQkJCW9ubW91c2VvdXQ9Ik1NX25iR3JvdXAoJ291dCcpIj4NCgkJCQk8aW1nIHNyYz0iaW1hZ2VzL2J1dHRvbnMvcGxhbnMuanBnIiBhbHQ9Ikxlc3NvbiBQbGFucyIgd2lkdGg9Ijg5IiBoZWlnaHQ9IjIwIiBib3JkZXI9IjAiIGlkPSJwbGFucyIvPg0KCQkJCTwvYT4NCgkJCQkNCgkJCQk8YSBocmVmPSJzb3VyY2UiIG9uY2xpY2s9Im1ha2VXaW5kb3codGhpcy5ocmVmKyAnP3NvdXJjZT10cnVlJywgJ0phdmEgU291cmNlJyk7cmV0dXJuIGZhbHNlOyIgdGFyZ2V0PSJqYXZhV2luIg0KCQkJCW9ubW91c2VvdmVyPSJNTV9uYkdyb3VwKCdvdmVyJywnamF2YScsJ2ltYWdlcy9idXR0b25zL2phdmFPdmVyLmpwZycsJycsMSkiIA0KCQkJCW9ubW91c2VvdXQ9Ik1NX25iR3JvdXAoJ291dCcpIj4NCgkJCQk8aW1nIHNyYz0iaW1hZ2VzL2J1dHRvbnMvamF2YS5qcGciIGFsdD0iU2hvdyBKYXZhIiBuYW1lPSJqYXZhIiB3aWR0aD0iNzUiIGhlaWdodD0iMjAiIGJvcmRlcj0iMCIgaWQ9ImphdmEiLz4NCgkJCQk8L2E+DQoJCQkJPGEgaHJlZj0ic291cmNlIiBvbmNsaWNrPSJtYWtlV2luZG93KHRoaXMuaHJlZiArICc/c29sdXRpb249dHJ1ZScsICdKYXZhIFNvbHV0aW9uJyk7cmV0dXJuIGZhbHNlOyIgdGFyZ2V0PSJqYXZhV2luIg0KCQkJCW9ubW91c2VvdmVyPSJNTV9uYkdyb3VwKCdvdmVyJywnc29sdXRpb25zJywnaW1hZ2VzL2J1dHRvbnMvc29sdXRpb25zT3Zlci5qcGcnLCcnLDEpIiANCgkJCQlvbm1vdXNlb3V0PSJNTV9uYkdyb3VwKCdvdXQnKSI+DQoJCQkJPGltZyBzcmM9ImltYWdlcy9idXR0b25zL3NvbHV0aW9ucy5qcGciIGFsdD0iU2hvdyBTb2x1dGlvbiIgbmFtZT0ic29sdXRpb25zIiB3aWR0aD0iNzMiIGhlaWdodD0iMjAiIGJvcmRlcj0iMCIgaWQ9InNvbHV0aW9ucyIvPg0KCQkJCTwvYT4NCgkJCQkNCgkJCQkJCQkJDQoJCQk8L2Rpdj4NCgkJCTxkaXYgaWQ9InR3b0NvbCI+DQoJIAkgCTxkaXYgaWQ9Im1lbnVTcGFjZXIiPjwvZGl2Pg0KCSAJIAk8ZGl2IGlkPSJsZXNzb25BcmVhVG9wIj4NCgkgCSAJDQoJCQkgICAgCTxkaXYgaWQ9InRyYWluaW5nX3dyYXAiPg0KCQkJICAgIAk8ZGl2IGlkPSJ0cmFpbmluZyIgY2xhc3M9ImluZm8iPjxhIGhyZWY9Imh0dHA6Ly95ZWhnLm5ldC9sYWIvcHIwanMvdHJhaW5pbmcvd2ViZ29hdC5waHAiIHRhcmdldD0iX2JsYW5rIj5Tb2x1dGlvbiBWaWRlb3M8L2E+PC9kaXY+DQoJCQkgICAgCTxkaXYgaWQ9InJlc2V0IiBjbGFzcz0iaW5mbyI+PGEgaHJlZj0iYXR0YWNrP1NjcmVlbj02Jm1lbnU9MTEwMCZSZXN0YXJ0PTYiPlJlc3RhcnQgdGhpcyBMZXNzb248L2E+PC9kaXY+DQoJCQkgICAgCTwvZGl2Pg0KCSAgICAJCQkNCgkgCSAJPC9kaXY+DQoJIAkgCTxkaXYgaWQ9Imxlc3NvbkFyZWEiPg0KCSAJIAkNCgkJCQk8ZGl2IGlkPSJsZXNzb25QbGFucyIgc3R5bGU9InZpc2liaWxpdHk6aGlkZGVuOyBoZWlnaHQ6MXB4OyBwb3NpdGlvbjphYnNvbHV0ZTsgbGVmdDoyNjBweDsgdG9wOjEzMHB4OyB3aWR0aDo0MjVweDsgei1pbmRleDoxMDU7Ij5Db3VsZCBub3QgZmluZCBsZXNzb24gcGxhbiBmb3I6IFNxbEFkZERhdGEgYW5kIGxhbmd1YWdlIEVuZ2xpc2gNCgkJCQk8YnIvPg0KCQkJCTxici8+DQoJCQkJPGEgaHJlZj0iamF2YXNjcmlwdDp0b2dnbGUoJ2xlc3NvblBsYW5zJykiIHRhcmdldD0iX3RvcCIgb25jbGljaz0iTU1fbmJHcm91cCgnZG93bicsJ2dyb3VwMScsJ3BsYW5zJywnJywxKSI+Q2xvc2UgdGhpcyBXaW5kb3c8L2E+DQoJCQkJPC9kaXY+DQoJCQkJPGRpdiBpZD0ibGVzc29uQ29udGVudCI+DQoJCSAgICAJCQ0KCQkJCVRoZSBmb3JtIGJlbG93IGFsbG93cyBhIHVzZXIgdG8gdmlldyBzYWxhcmllcyBhc3NvY2lhdGVkIHdpdGggYSB1c2VyaWQgKGZyb20gdGhlIHRhYmxlIG5hbWVkIDxiPnNhbGFyaWVzPC9iPikuICBUaGlzIGZvcm0gaXMgdnVsbmVyYWJsZSB0byBTdHJpbmcgU1FMIEluamVjdGlvbi4gIEluIG9yZGVyIHRvIHBhc3MgdGhpcyBsZXNzb24sIHVzZSBTUUwgSW5qZWN0aW9uIHRvIGFkZCBhIHJlY29yZCB0byB0aGUgdGFibGUuPC9kaXY+DQoJCQkJPGRpdiBpZD0ibWVzc2FnZSIgY2xhc3M9ImluZm8iPjwvZGl2Pg0KCQ0KCQkJDQoJCQk8ZGl2IGlkPSJsZXNzb25Db250ZW50Ij48Zm9ybSBhY2NlcHQtY2hhcnNldD0nVU5LTk9XTicgbWV0aG9kPSdQT1NUJyBuYW1lPSdmb3JtJyBhY3Rpb249J2F0dGFjaz9TY3JlZW49NiZtZW51PTExMDAnIGVuY3R5cGU9Jyc+PHA+RW50ZXIgeW91ciB1c2VyaWQ6PGlucHV0IG5hbWU9J3VzZXJpZCcgdHlwZT0nVEVYVCcgdmFsdWU9J2pzbWl0aCc+PGlucHV0IG5hbWU9J1NVQk1JVCcgdHlwZT0nU1VCTUlUJyB2YWx1ZT0nR28hJz48dGFibGUgY2VsbHBhZGRpbmc9JzEnIGJvcmRlcj0nMSc+PHRyPjx0ZD48Yj5VU0VSSUQ8L2I+PC90ZD48dGQ+PGI+U0FMQVJZPC9iPjwvdGQ+PC90cj48dHI+PHRkPmpzbWl0aDwvdGQ+PHRkPjIwMDAwPC90ZD48L3RyPjwvdGFibGU+PC9mb3JtPjwvZGl2Pg0KCQkJDQoJCQkJPGRpdiBpZD0iY3JlZGl0cyI+DQoJCSAgCQk8dGFibGUgYWxpZ249J1JJR0hUJyBjZWxsc3BhY2luZz0nMCcgd2lkdGg9JzkwJScgYm9yZGVyPScwJyBjZWxscGFkZGluZz0nMCc+PHRyPjx0ZCB2YWxpZ249J01JRERMRScgd2lkdGg9JzEwMCUnIGFsaWduPSdSSUdIVCc+Q3JlYXRlZCBieSBDaHVjayBXaWxsaXMmbmJzcDs8L3RkPjx0ZCB2YWxpZ249J01JRERMRScgYWxpZ249J1JJR0hUJz48YSBocmVmPSdodHRwOi8vd3d3Lm1hbmRpYW50LmNvbSc+PGltZyBoc3BhY2U9JzAnIHZzcGFjZT0nMCcgYm9yZGVyPScwJyBhbHQ9J01BTkRJQU5UJyBzcmM9J2ltYWdlcy9sb2dvcy9tYW5kaWFudC5wbmcnPjwvYT48L3RkPjwvdHI+PC90YWJsZT4NCg0KCQkgIAkJPC9kaXY+DQoJCQk8L2Rpdj4NCgkgIAk8L2Rpdj4NCg0KCQk8ZGl2IGlkPSJib3R0b20iPg0KCQkJPGRpdiBhbGlnbj0iY2VudGVyIj48YSBocmVmPSJodHRwOi8vd3d3Lm93YXNwLm9yZyI+T1dBU1AgRm91bmRhdGlvbjwvYT4gfCANCgkJCQkJCQkJPGEgaHJlZj0iaHR0cDovL3d3dy5vd2FzcC5vcmcvaW5kZXgucGhwL09XQVNQX1dlYkdvYXRfUHJvamVjdCI+UHJvamVjdCBXZWJHb2F0PC9hPiB8IA0KCQkJCQkJCQk8YSBocmVmPSJyZXBvcnRCdWcuanNwIj5SZXBvcnQgQnVnPC9hPg0KCQkJPC9kaXY+DQoJICAJPC9kaXY+DQoJPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=]]></response> <comment></comment> </item> </items> |
From: <Lou...@be...> - 2014-02-26 15:05:17
|
Its working fine now, thanks :) From: Miroslav Stampar [mailto:mir...@gm...] Sent: Wednesday, February 26, 2014 2:57 AM To: Jonathon Brenner, (jobrenne) Cc: Louis Nadeau; SqlMap List Subject: Re: [sqlmap-users] Trouble with "json" like data It should be implemented now. Please update to the latest revision. Kind regards, Miroslav Stampar On Tue, Feb 25, 2014 at 5:20 PM, Miroslav Stampar <mir...@gm...<mailto:mir...@gm...>> wrote: I'll see what can be done tomorrow. Most probably I'll put a support for this. Bye On Feb 25, 2014 5:03 PM, "Jonathon Brenner (jobrenne)" <job...@ci...<mailto:job...@ci...>> wrote: To be fair, I frequently see developers use all kinds of crazy non-standard JSON "formats." These behaviors are usually indicative of poorly developed code that is ripe for exploitation. When I need to deal with something like this, I manually reformat the request into something that sqlmap can deal with. Then I write a simple burp extension (or if I'm luckily, use a proxy match and replace rule) to reformat the request into the form that the application expects and proxy sqlmap's traffic through burp. -- Jonathon Brenner .:|:.:|:. Cisco From: Miroslav Stampar <mir...@gm...<mailto:mir...@gm...>> Date: Monday, February 24, 2014 4:52 PM To: "Lou...@be...<mailto:Lou...@be...>" <Lou...@be...<mailto:Lou...@be...>> Cc: SqlMap List <sql...@li...<mailto:sql...@li...>> Subject: Re: [sqlmap-users] Trouble with "json" like data Dear Louis. >From when are JSON string values enclosed with single quotes? Please go to the: http://www.json.org/ and study the official JSON forms/structures. Kind regards, Miroslav Stampar On Mon, Feb 24, 2014 at 8:29 PM, <Lou...@be...<mailto:Lou...@be...>> wrote: Hi, I saw a couple messages saying sqlmap should support json post data now. However, I'm having trouble with a pretty simple payload. I'm using the following request that I extracted from Burp and censored a bit : POST /SomeUrl/ HTTP/1.1 Host: www.SomeUrl.org.uk<http://org.uk> Proxy-Connection: keep-alive Content-Length: 28 Accept: application/json, text/javascript, */*; q=0.01 Origin: http://www. SomeUrl.org.uk<http://org.uk> X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 Content-Type: application/json; charset=UTF-8 Referer: http://www. SomeUrl.org.uk/<http://org.uk/> Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4 Cookie: SomeCookies Connection: close {'address':'peanut'} I tried using "sqlmap -r request" or "sqlmap -r request -p address" or with -p "peanut". I also tried adding $$ before and after peanut and trying with -sufix and -prefix to no avail. I also tried a full command line without using the raw request like this (and multiple variant) : python sqlmap.py -u "http://www.someurl.co.uk" --data "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$" Whatever I'm doing, I'm ending up with a message like : [14:27:08] [INFO] target URL is stable [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1<http://www.site.com/index.php?id=1>') Or [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp' [14:27:47] [CRITICAL] all testable parameters you provided are not present within the given request data I tried sqlmap/1.0-dev out of Kali linux and also downloaded the nightlies with GIT. Can you help me ? Thanks Louis ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ sqlmap-users mailing list sql...@li...<mailto:sql...@li...> https://lists.sourceforge.net/lists/listinfo/sqlmap-users -- Miroslav Stampar http://about.me/stamparm -- Miroslav Stampar http://about.me/stamparm |
From: Miroslav S. <mir...@gm...> - 2014-02-26 07:57:08
|
It should be implemented now. Please update to the latest revision. Kind regards, Miroslav Stampar On Tue, Feb 25, 2014 at 5:20 PM, Miroslav Stampar < mir...@gm...> wrote: > I'll see what can be done tomorrow. Most probably I'll put a support for > this. > > Bye > On Feb 25, 2014 5:03 PM, "Jonathon Brenner (jobrenne)" <job...@ci...> > wrote: > >> To be fair, I frequently see developers use all kinds of crazy >> non-standard JSON "formats." These behaviors are usually indicative of >> poorly developed code that is ripe for exploitation. >> >> When I need to deal with something like this, I manually reformat the >> request into something that sqlmap can deal with. Then I write a simple >> burp extension (or if I'm luckily, use a proxy match and replace rule) to >> reformat the request into the form that the application expects and proxy >> sqlmap's traffic through burp. >> >> -- >> Jonathon Brenner >> >> .:|:.:|:. >> Cisco >> >> From: Miroslav Stampar <mir...@gm...> >> Date: Monday, February 24, 2014 4:52 PM >> To: "Lou...@be..." <Lou...@be...> >> Cc: SqlMap List <sql...@li...> >> Subject: Re: [sqlmap-users] Trouble with "json" like data >> >> Dear Louis. >> >> From when are JSON string values enclosed with single quotes? >> >> Please go to the: http://www.json.org/ and study the official JSON >> forms/structures. >> >> Kind regards, >> Miroslav Stampar >> >> >> On Mon, Feb 24, 2014 at 8:29 PM, <Lou...@be...> wrote: >> >>> Hi, >>> >>> >>> >>> I saw a couple messages saying sqlmap should support json post data now. >>> However, I'm having trouble with a pretty simple payload. I'm using the >>> following request that I extracted from Burp and censored a bit : >>> >>> >>> >>> POST /SomeUrl/ HTTP/1.1 >>> >>> Host: www.SomeUrl.org.uk >>> >>> Proxy-Connection: keep-alive >>> >>> Content-Length: 28 >>> >>> Accept: application/json, text/javascript, */*; q=0.01 >>> >>> Origin: http://www. SomeUrl.org.uk >>> >>> X-Requested-With: XMLHttpRequest >>> >>> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 >>> (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 >>> >>> Content-Type: application/json; charset=UTF-8 >>> >>> Referer: http://www. SomeUrl.org.uk/ >>> >>> Accept-Encoding: gzip,deflate,sdch >>> >>> Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4 >>> >>> Cookie: SomeCookies >>> >>> Connection: close >>> >>> >>> >>> {'address':'peanut'} >>> >>> >>> >>> I tried using "sqlmap -r request" or "sqlmap -r request -p address" or >>> with -p "peanut". I also tried adding $$ before and after peanut and trying >>> with -sufix and -prefix to no avail. >>> >>> >>> >>> I also tried a full command line without using the raw request like this >>> (and multiple variant) : >>> >>> >>> >>> python sqlmap.py -u "http://www.someurl.co.uk" --data >>> "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$" >>> >>> >>> >>> Whatever I'm doing, I'm ending up with a message like : >>> >>> >>> >>> [14:27:08] [INFO] target URL is stable >>> >>> [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided >>> data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1') >>> >>> >>> >>> Or >>> >>> >>> >>> [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp' >>> >>> [14:27:47] [CRITICAL] all testable parameters you provided are not >>> present within the given request data >>> >>> >>> >>> I tried sqlmap/1.0-dev out of Kali linux and also downloaded the >>> nightlies with GIT. >>> >>> >>> >>> Can you help me ? >>> >>> >>> >>> Thanks >>> >>> >>> >>> Louis >>> >>> >>> >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Flow-based real-time traffic analytics software. Cisco certified tool. >>> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer >>> Customize your own dashboards, set traffic alerts and generate reports. >>> Network behavioral analysis & security monitoring. All-in-one tool. >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> > -- Miroslav Stampar http://about.me/stamparm |
From: Miroslav S. <mir...@gm...> - 2014-02-25 16:20:36
|
I'll see what can be done tomorrow. Most probably I'll put a support for this. Bye On Feb 25, 2014 5:03 PM, "Jonathon Brenner (jobrenne)" <job...@ci...> wrote: > To be fair, I frequently see developers use all kinds of crazy > non-standard JSON "formats." These behaviors are usually indicative of > poorly developed code that is ripe for exploitation. > > When I need to deal with something like this, I manually reformat the > request into something that sqlmap can deal with. Then I write a simple > burp extension (or if I'm luckily, use a proxy match and replace rule) to > reformat the request into the form that the application expects and proxy > sqlmap's traffic through burp. > > -- > Jonathon Brenner > > .:|:.:|:. > Cisco > > From: Miroslav Stampar <mir...@gm...> > Date: Monday, February 24, 2014 4:52 PM > To: "Lou...@be..." <Lou...@be...> > Cc: SqlMap List <sql...@li...> > Subject: Re: [sqlmap-users] Trouble with "json" like data > > Dear Louis. > > From when are JSON string values enclosed with single quotes? > > Please go to the: http://www.json.org/ and study the official JSON > forms/structures. > > Kind regards, > Miroslav Stampar > > > On Mon, Feb 24, 2014 at 8:29 PM, <Lou...@be...> wrote: > >> Hi, >> >> >> >> I saw a couple messages saying sqlmap should support json post data now. >> However, I'm having trouble with a pretty simple payload. I'm using the >> following request that I extracted from Burp and censored a bit : >> >> >> >> POST /SomeUrl/ HTTP/1.1 >> >> Host: www.SomeUrl.org.uk >> >> Proxy-Connection: keep-alive >> >> Content-Length: 28 >> >> Accept: application/json, text/javascript, */*; q=0.01 >> >> Origin: http://www. SomeUrl.org.uk >> >> X-Requested-With: XMLHttpRequest >> >> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 >> (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 >> >> Content-Type: application/json; charset=UTF-8 >> >> Referer: http://www. SomeUrl.org.uk/ >> >> Accept-Encoding: gzip,deflate,sdch >> >> Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4 >> >> Cookie: SomeCookies >> >> Connection: close >> >> >> >> {'address':'peanut'} >> >> >> >> I tried using "sqlmap -r request" or "sqlmap -r request -p address" or >> with -p "peanut". I also tried adding $$ before and after peanut and trying >> with -sufix and -prefix to no avail. >> >> >> >> I also tried a full command line without using the raw request like this >> (and multiple variant) : >> >> >> >> python sqlmap.py -u "http://www.someurl.co.uk" --data >> "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$" >> >> >> >> Whatever I'm doing, I'm ending up with a message like : >> >> >> >> [14:27:08] [INFO] target URL is stable >> >> [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided >> data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1') >> >> >> >> Or >> >> >> >> [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp' >> >> [14:27:47] [CRITICAL] all testable parameters you provided are not >> present within the given request data >> >> >> >> I tried sqlmap/1.0-dev out of Kali linux and also downloaded the >> nightlies with GIT. >> >> >> >> Can you help me ? >> >> >> >> Thanks >> >> >> >> Louis >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> Flow-based real-time traffic analytics software. Cisco certified tool. >> Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer >> Customize your own dashboards, set traffic alerts and generate reports. >> Network behavioral analysis & security monitoring. All-in-one tool. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > |
From: Miroslav S. <mir...@gm...> - 2014-02-24 21:52:21
|
Dear Louis. >From when are JSON string values enclosed with single quotes? Please go to the: http://www.json.org/ and study the official JSON forms/structures. Kind regards, Miroslav Stampar On Mon, Feb 24, 2014 at 8:29 PM, <Lou...@be...> wrote: > Hi, > > > > I saw a couple messages saying sqlmap should support json post data now. > However, I'm having trouble with a pretty simple payload. I'm using the > following request that I extracted from Burp and censored a bit : > > > > POST /SomeUrl/ HTTP/1.1 > > Host: www.SomeUrl.org.uk > > Proxy-Connection: keep-alive > > Content-Length: 28 > > Accept: application/json, text/javascript, */*; q=0.01 > > Origin: http://www. SomeUrl.org.uk > > X-Requested-With: XMLHttpRequest > > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/33.0.1750.117 Safari/537.36 > > Content-Type: application/json; charset=UTF-8 > > Referer: http://www. SomeUrl.org.uk/ > > Accept-Encoding: gzip,deflate,sdch > > Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4 > > Cookie: SomeCookies > > Connection: close > > > > {'address':'peanut'} > > > > I tried using "sqlmap -r request" or "sqlmap -r request -p address" or > with -p "peanut". I also tried adding $$ before and after peanut and trying > with -sufix and -prefix to no avail. > > > > I also tried a full command line without using the raw request like this > (and multiple variant) : > > > > python sqlmap.py -u "http://www.someurl.co.uk" --data > "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$" > > > > Whatever I'm doing, I'm ending up with a message like : > > > > [14:27:08] [INFO] target URL is stable > > [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided > data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1') > > > > Or > > > > [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp' > > [14:27:47] [CRITICAL] all testable parameters you provided are not present > within the given request data > > > > I tried sqlmap/1.0-dev out of Kali linux and also downloaded the nightlies > with GIT. > > > > Can you help me ? > > > > Thanks > > > > Louis > > > > > > > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: Miroslav S. <mir...@gm...> - 2014-02-24 21:38:16
|
If all those fail, you probably have problems with permissions at the target side. That's a perfectly normal behavior. For example, to be able to run --os-shell against the MsSQL xp_cmdshell has to be enabled and running user has to have permissions to execute it. Bye On Mon, Feb 24, 2014 at 7:23 PM, Nikos Tzounakos <tar...@ho...>wrote: > Sorry my fault I mean --os-shell instead of --sql-shell. > > Also when I use -b it finds the operating system. Is it possible though > SQL server is completely seperated? Every time it says no output when I > execute a command. I have tried also --os-cmd. > > Thank you for your response. > > > > > > Date: Sun, 23 Feb 2014 14:20:48 -0600 > > From: bpe...@gm... > > To: tar...@ho...; sql...@li... > > Subject: Re: [sqlmap-users] Execute os commands > > > > --sql-shell is not --os-shell. > > > > You can also try --os-cmd if you want to execute a one-off command. > > > > See --help for explanations. > > > > > > On 02/23/2014 02:18 PM, Nikos Tzounakos wrote: > > > Hello, > > > there is an sqli in SQL SERVER 2008. When I execute sqlmap with the > > > parameter --sql-shell it gives me the shell but when I try to execute > > > a command > > > it cannot get the output and it says that xp_cmdshell is disabled. > > > (tried --no-cast and --hex as it suggests) > > > > > > I don't know if the output filtered by firewall, but how sqlmap is > > > able to create a cmd-shell while xp_cmdshell is disabled? > > > > > > > > > > ------------------------------------------------------------------------------ > > > Managing the Performance of Cloud-Based Applications > > > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > > > Read the Whitepaper. > > > > http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk > > > > > > > > > _______________________________________________ > > > sqlmap-users mailing list > > > sql...@li... > > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |
From: <Lou...@be...> - 2014-02-24 20:31:40
|
Wait, if I put an asterix in between the quote instead of peanut and record the traffic, SQLMAP will send hundreds of request with the exact some content : {'address': ''} If I remove the single quote and put the asterix straight in there, then the quote are obviously not there and I’m getting parsing error from the server. From: Brandon Perry [mailto:bpe...@gm...] Sent: Monday, February 24, 2014 3:12 PM To: Louis Nadeau Cc: <sql...@li...> Subject: Re: [sqlmap-users] Trouble with "json" like data Use an asterisk. Sent from a computer On Feb 24, 2014, at 1:29 PM, <Lou...@be...<mailto:Lou...@be...>> wrote: Hi, I saw a couple messages saying sqlmap should support json post data now. However, I’m having trouble with a pretty simple payload. I’m using the following request that I extracted from Burp and censored a bit : POST /SomeUrl/ HTTP/1.1 Host: www.SomeUrl.org.uk<http://org.uk> Proxy-Connection: keep-alive Content-Length: 28 Accept: application/json, text/javascript, */*; q=0.01 Origin: http://www. SomeUrl.org.uk<http://org.uk> X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 Content-Type: application/json; charset=UTF-8 Referer: http://www. SomeUrl.org.uk/<http://org.uk/> Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4 Cookie: SomeCookies Connection: close {'address':'peanut'} I tried using “sqlmap –r request” or “sqlmap –r request –p address” or with –p “peanut”. I also tried adding $$ before and after peanut and trying with –sufix and –prefix to no avail. I also tried a full command line without using the raw request like this (and multiple variant) : python sqlmap.py -u "http://www.someurl.co.uk" --data "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$" Whatever I’m doing, I’m ending up with a message like : [14:27:08] [INFO] target URL is stable [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1'<http://www.site.com/index.php?id=1'>) Or [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp' [14:27:47] [CRITICAL] all testable parameters you provided are not present within the given request data I tried sqlmap/1.0-dev out of Kali linux and also downloaded the nightlies with GIT. Can you help me ? Thanks Louis ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ sqlmap-users mailing list sql...@li...<mailto:sql...@li...> https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
From: <Lou...@be...> - 2014-02-24 20:23:04
|
Thanks From: Brandon Perry [mailto:bpe...@gm...] Sent: Monday, February 24, 2014 3:12 PM To: Louis Nadeau Cc: <sql...@li...> Subject: Re: [sqlmap-users] Trouble with "json" like data Use an asterisk. Sent from a computer On Feb 24, 2014, at 1:29 PM, <Lou...@be...<mailto:Lou...@be...>> wrote: Hi, I saw a couple messages saying sqlmap should support json post data now. However, I’m having trouble with a pretty simple payload. I’m using the following request that I extracted from Burp and censored a bit : POST /SomeUrl/ HTTP/1.1 Host: www.SomeUrl.org.uk<http://org.uk> Proxy-Connection: keep-alive Content-Length: 28 Accept: application/json, text/javascript, */*; q=0.01 Origin: http://www. SomeUrl.org.uk<http://org.uk> X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 Content-Type: application/json; charset=UTF-8 Referer: http://www. SomeUrl.org.uk/<http://org.uk/> Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4 Cookie: SomeCookies Connection: close {'address':'peanut'} I tried using “sqlmap –r request” or “sqlmap –r request –p address” or with –p “peanut”. I also tried adding $$ before and after peanut and trying with –sufix and –prefix to no avail. I also tried a full command line without using the raw request like this (and multiple variant) : python sqlmap.py -u "http://www.someurl.co.uk" --data "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$" Whatever I’m doing, I’m ending up with a message like : [14:27:08] [INFO] target URL is stable [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1'<http://www.site.com/index.php?id=1'>) Or [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp' [14:27:47] [CRITICAL] all testable parameters you provided are not present within the given request data I tried sqlmap/1.0-dev out of Kali linux and also downloaded the nightlies with GIT. Can you help me ? Thanks Louis ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ sqlmap-users mailing list sql...@li...<mailto:sql...@li...> https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
From: Brandon P. <bpe...@gm...> - 2014-02-24 20:12:08
|
Use an asterisk. Sent from a computer > On Feb 24, 2014, at 1:29 PM, <Lou...@be...> wrote: > > Hi, > > I saw a couple messages saying sqlmap should support json post data now. However, I’m having trouble with a pretty simple payload. I’m using the following request that I extracted from Burp and censored a bit : > > POST /SomeUrl/ HTTP/1.1 > Host: www.SomeUrl.org.uk > Proxy-Connection: keep-alive > Content-Length: 28 > Accept: application/json, text/javascript, */*; q=0.01 > Origin: http://www. SomeUrl.org.uk > X-Requested-With: XMLHttpRequest > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 > Content-Type: application/json; charset=UTF-8 > Referer: http://www. SomeUrl.org.uk/ > Accept-Encoding: gzip,deflate,sdch > Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4 > Cookie: SomeCookies > Connection: close > > {'address':'peanut'} > > I tried using “sqlmap –r request” or “sqlmap –r request –p address” or with –p “peanut”. I also tried adding $$ before and after peanut and trying with –sufix and –prefix to no avail. > > I also tried a full command line without using the raw request like this (and multiple variant) : > > python sqlmap.py -u "http://www.someurl.co.uk" --data "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$" > > Whatever I’m doing, I’m ending up with a message like : > > [14:27:08] [INFO] target URL is stable > [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1') > > Or > > [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp' > [14:27:47] [CRITICAL] all testable parameters you provided are not present within the given request data > > I tried sqlmap/1.0-dev out of Kali linux and also downloaded the nightlies with GIT. > > Can you help me ? > > Thanks > > Louis > > > > ------------------------------------------------------------------------------ > Flow-based real-time traffic analytics software. Cisco certified tool. > Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer > Customize your own dashboards, set traffic alerts and generate reports. > Network behavioral analysis & security monitoring. All-in-one tool. > http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
From: <Lou...@be...> - 2014-02-24 19:41:35
|
Hi, I saw a couple messages saying sqlmap should support json post data now. However, I'm having trouble with a pretty simple payload. I'm using the following request that I extracted from Burp and censored a bit : POST /SomeUrl/ HTTP/1.1 Host: www.SomeUrl.org.uk Proxy-Connection: keep-alive Content-Length: 28 Accept: application/json, text/javascript, */*; q=0.01 Origin: http://www. SomeUrl.org.uk X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 Content-Type: application/json; charset=UTF-8 Referer: http://www. SomeUrl.org.uk/ Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4 Cookie: SomeCookies Connection: close {'address':'peanut'} I tried using "sqlmap -r request" or "sqlmap -r request -p address" or with -p "peanut". I also tried adding $$ before and after peanut and trying with -sufix and -prefix to no avail. I also tried a full command line without using the raw request like this (and multiple variant) : python sqlmap.py -u "http://www.someurl.co.uk" --data "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$" Whatever I'm doing, I'm ending up with a message like : [14:27:08] [INFO] target URL is stable [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1') Or [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp' [14:27:47] [CRITICAL] all testable parameters you provided are not present within the given request data I tried sqlmap/1.0-dev out of Kali linux and also downloaded the nightlies with GIT. Can you help me ? Thanks Louis |
From: Nikos T. <tar...@ho...> - 2014-02-24 18:23:50
|
Sorry my fault I mean --os-shell instead of --sql-shell. Also when I use -b it finds the operating system. Is it possible though SQL server is completely seperated? Every time it says no output when I execute a command. I have tried also --os-cmd. Thank you for your response. > Date: Sun, 23 Feb 2014 14:20:48 -0600 > From: bpe...@gm... > To: tar...@ho...; sql...@li... > Subject: Re: [sqlmap-users] Execute os commands > > --sql-shell is not --os-shell. > > You can also try --os-cmd if you want to execute a one-off command. > > See --help for explanations. > > > On 02/23/2014 02:18 PM, Nikos Tzounakos wrote: > > Hello, > > there is an sqli in SQL SERVER 2008. When I execute sqlmap with the > > parameter --sql-shell it gives me the shell but when I try to execute > > a command > > it cannot get the output and it says that xp_cmdshell is disabled. > > (tried --no-cast and --hex as it suggests) > > > > I don't know if the output filtered by firewall, but how sqlmap is > > able to create a cmd-shell while xp_cmdshell is disabled? > > > > > > ------------------------------------------------------------------------------ > > Managing the Performance of Cloud-Based Applications > > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > > Read the Whitepaper. > > http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk > > > > > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > |
From: Brandon P. <bpe...@gm...> - 2014-02-23 20:20:57
|
--sql-shell is not --os-shell. You can also try --os-cmd if you want to execute a one-off command. See --help for explanations. On 02/23/2014 02:18 PM, Nikos Tzounakos wrote: > Hello, > there is an sqli in SQL SERVER 2008. When I execute sqlmap with the > parameter --sql-shell it gives me the shell but when I try to execute > a command > it cannot get the output and it says that xp_cmdshell is disabled. > (tried --no-cast and --hex as it suggests) > > I don't know if the output filtered by firewall, but how sqlmap is > able to create a cmd-shell while xp_cmdshell is disabled? > > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk > > > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
From: Nikos T. <tar...@ho...> - 2014-02-23 20:18:18
|
Hello, there is an sqli in SQL SERVER 2008. When I execute sqlmap with the parameter --sql-shell it gives me the shell but when I try to execute a command it cannot get the output and it says that xp_cmdshell is disabled. (tried --no-cast and --hex as it suggests) I don't know if the output filtered by firewall, but how sqlmap is able to create a cmd-shell while xp_cmdshell is disabled? |
From: Nikos T. <tar...@ho...> - 2014-02-23 12:50:52
|
I want to post to sqlmap-users list. This is my email thank you :) ~Tzoun |
From: Miroslav S. <mir...@gm...> - 2014-02-18 08:37:47
|
Hi. Can you please send a full sqlmap command used? Bye On Tue, Feb 18, 2014 at 9:28 AM, SpindizZzy L <spi...@gm...> wrote: > Hi, > Encountered a small issue: > > sqlmap won't read from a file.. > using the -r flag > getting the "[critical] the specified HTTP request file does not > exist"-error every time > :( > and all I did was copy a POST request from burpsuite to a .txt file > any ideas on this ? > problem with the parser perhaps ? > > Thx in Advance !! > > SpindizZzy > > > ------------------------------------------------------------------------------ > Managing the Performance of Cloud-Based Applications > Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. > Read the Whitepaper. > > http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |