Paros version 3.2.5 and below may contain a flaw where a remote attackers can connect to a database port opened on the machine running Paros, without supplying any credentials.
e15f1f6aa00303b3b7411b2126695817306f14c95f70b336426ec3af0f2137ffThis is an S/MIME signed message.
---------z25841_boundary_sign
Content-Type: multipart/alternative;
boundary="=_alternative 004E3375C125709F_="
This is a multipart message in MIME format.
--=_alternative 004E3375C125709F_=
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Title: Paros proxy 3.2.5 and below blank "sa" database password=20
Summary:=20
Paros is an intercepting HTTP/HTTPS proxy for use in security=20
testing web applications.=20
Paros version 3.2.5 and below may contain a flaw where a remote=20
attacker can connect to a=20
database port opened on the machine running Paros, without=20
supplying any credentials.=20
The problem stems from use of a blank "sa" password on the=20
open-source database ("HSQLDB")=20
which is integrated with Paros.=20
The database server (which is written in Java) contains=20
functionality for executing arbitrary Java=20
statements. This is how HSQLDB provides Stored Procedure=20
functionality.=20
Impact of successful exploitation:=20
The issue may result in disclosure of confidential data, and=20
possible execution of commands on=20
the victim machine.=20
A remote attacker may find credentials for web applications, valid=20
session IDs, and confidential=20
data downloaded from the website being tested with Paros. This=20
information is is present in the=20
database.=20
Additionally, the possibility of executing Java statements on the=20
database server may mean that=20
an attacker can gain access to files or execute command at the OS=20
level (by performing the=20
Java equivalent of a "system()" call). This has not been=20
investigated fully, but appears possible.
History:=20
The overall time-to-correction was EXCEEDINGLY fast:
October 3rd 2005: Problem discovered / reported=20
October 7th 2005: Issue re-reported via sourceforge, as mail =
appeared lost in transit=20
October 7th 2005: Paros developer releases updated version=20
where DB listes on localhost only
Countermeasures:=20
Upgrade to version 3.2.6.=20
Firewall the host running Paros.=20
Demonstration:=20
To demonstrate this, first start Paros on the victim host (here,=20
192.168.0.1).
On the attacking host, ensure HSQLDB is installed, and add the following=20
lines to the file=20
$HOME/sqltool.rc on the attacking host:=20
# connect to victimhost as sa, victimhost has IP 192.168.0.1=20
urlid victimhost-sa=20
url: jbdc:hsqldb:hsql://192.168.0.1=20
username sa=20
password =20
To connect using the "victimhost-sa" block above run:=20
=20
java -jar $HSQLDB=5FHOME/jsqldb.jar victimhost-sa=20
At this point, it is possible to pull data from the tables in the database =
(browsing state, history, credentials).=20
The page at http://hsqldb.org/doc/guide/ch09.html#call-section also states =
it is possible to execute Java statements=20
by writing them in the format "java.lang.Math.sqrt"(2.0).=20
Andrew Christensen
FortConsult ApS
Tranevej 16-18
2400 K=F8benhavn NV
tlf. (+45) 7020 7525
www.fortconsult.net=20
FortConsult er som de f=F8rste i Skandinavien blevet certificeret af VISA o=
g=20
MasterCard til at udf=F8re sikkerhedsgennemgange af virksomheders kritiske =
betalingssystemer.
FortConsult is the only Scandinavian firm certified by VISA to perform=20
security audits on critical card-payment systems.=20
--=_alternative 004E3375C125709F_=
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
<br><font size=3D2 face=3D"sans-serif">Title: Pa=
ros
proxy 3.2.5 and below blank "sa" database password <br>
<br>
Summary:</font><font size=3D3> </font><font size=3D2 face=3D"sans-serif"><b=
r>
<br>
Paros is an intercepting HTTP/HTTPS proxy for use
in security testing web applications.</font><font size=3D3> </font><font si=
ze=3D2 face=3D"sans-serif"><br>
<br>
Paros version 3.2.5 and below may contain a
flaw where a remote attacker can connect to a </font>
<br><font size=3D2 face=3D"sans-serif"> database
port opened on the machine running Paros, without supplying any credentials=
.</font><font size=3D3>
</font><font size=3D2 face=3D"sans-serif"><br>
<br>
The problem stems from use of a blank "sa"
password on the open-source database ("HSQLDB")</font><font size=
=3D3>
</font><font size=3D2 face=3D"sans-serif"><br>
which is integrated with Paros.</font><font size=3D3>
</font><font size=3D2 face=3D"sans-serif"><br>
<br>
The database server (which is written in Java) contai=
ns
functionality for executing arbitrary Java </font>
<br><font size=3D2 face=3D"sans-serif"> statement=
s.
This is how HSQLDB provides Stored Procedure functionality.</font><font siz=
e=3D3>
<br>
</font><font size=3D2 face=3D"sans-serif"><br>
<br>
Impact of successful exploitation:</font><font size=3D3> </font><font size=
=3D2 face=3D"sans-serif"><br>
<br>
The issue may result in disclosure of confidential
data, and possible execution of commands on</font><font size=3D3> </font><f=
ont size=3D2 face=3D"sans-serif"><br>
the victim machine.</font><font size=3D3> </font><fon=
t size=3D2 face=3D"sans-serif"><br>
<br>
A remote attacker may find credentials for web applic=
ations,
valid session IDs, and confidential</font><font size=3D3> </font><font size=
=3D2 face=3D"sans-serif"><br>
data downloaded from the website being tested with
Paros. This information is is present in the <br>
database.</font><font size=3D3> </font><font size=3D2=
face=3D"sans-serif"><br>
<br>
Additionally, the possibility of executing Java state=
ments
on the database server may mean that</font><font size=3D3> </font><font siz=
e=3D2 face=3D"sans-serif"><br>
an attacker can gain access to files or execute comma=
nd
at the OS level (by performing the <br>
Java equivalent of a "system()" call).</fon=
t><font size=3D3>
This has not been investigated fully, but appears possible.<br>
</font><font size=3D2 face=3D"sans-serif"><br>
<br>
History: <br>
</font>
<br><font size=3D2 face=3D"sans-serif"> The overa=
ll
time-to-correction was EXCEEDINGLY fast:</font>
<br><font size=3D2 face=3D"sans-serif"><br>
October 3rd 2005: Problem
discovered / reported <br>
October 7th 2005: Issue
re-reported via sourceforge, as mail appeared lost in transit</font><font s=
ize=3D3>
</font><font size=3D2 face=3D"sans-serif"><br>
October 7th 2005: Paros
developer releases updated version</font><font size=3D3> where DB listes
on localhost only</font>
<br><font size=3D2 face=3D"sans-serif"><br>
<br>
Countermeasures:</font><font size=3D3> </font><font size=3D2 face=3D"sans-s=
erif"><br>
<br>
Upgrade to version 3.2.6. <br>
Firewall the host running Paros.</font><font size=3D3>
<br>
</font><font size=3D2 face=3D"sans-serif"><br>
<br>
Demonstration:</font><font size=3D3> </font><font size=3D2 face=3D"sans-ser=
if"><br>
<br>
To demonstrate this, first start Paros on the victim host (here, 192.168.0.=
1).</font>
<br>
<br><font size=3D2 face=3D"sans-serif">On the attacking host, ensure HSQLDB
is installed, and add the following lines to the file </font>
<br><font size=3D2 face=3D"sans-serif">$HOME/sqltool.rc on the attacking ho=
st:</font><font size=3D3>
</font><font size=3D2 face=3D"sans-serif"><br>
<br>
# connect to victimhost as sa, victimhost has IP
192.168.0.1 <br>
urlid victimhost-sa <br>
url: jbdc:hsqldb:hsql://192.168.0.1 <br>
username sa <br>
password </font><font size=3D3> </font><font si=
ze=3D2 face=3D"sans-serif"><br>
<br>
To connect using the "victimhost-sa" block above run:</font><font=
size=3D3>
<br>
</font><font size=3D2 face=3D"sans-serif"><br>
java -jar $HSQLDB=5FHOME/jsqldb.jar victimhost-sa <br>
<br>
At this point, it is possible to pull data from the tables in the database
(browsing state, history, credentials).</font><font size=3D3> </font><font =
size=3D2 face=3D"sans-serif"><br>
<br>
The page at http://hsqldb.org/doc/guide/ch09.html#call-section also states
it is possible to execute Java statements <br>
by writing them in the format "java.lang.Math.sqrt"(2.0).</font><=
font size=3D3>
<br>
</font>
<br><font size=3D2 face=3D"sans-serif"><br>
Andrew Christensen<br>
FortConsult ApS<br>
Tranevej 16-18<br>
2400 K=F8benhavn NV<br>
tlf. (+45) 7020 7525<br>
www.fortconsult.net</font><font size=3D3> </font><font size=3D2 face=3D"san=
s-serif"><br>
<br>
FortConsult er som de f=F8rste i Skandinavien blevet certificeret af VISA
og MasterCard til at udf=F8re sikkerhedsgennemgange af virksomheders kritis=
ke
betalingssystemer.<br>
FortConsult is the only Scandinavian firm certified by VISA to perform
security audits on critical card-payment systems.</font><font size=3D3> </f=
ont><font size=3D2 face=3D"sans-serif"><br>
</font>
--=_alternative 004E3375C125709F_=--
---------z25841_boundary_sign
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIIWSwIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBoIIUojCCBRkw
ggQBoAMCAQICBD5IvcQwDQYJKoZIhvcNAQEFBQAwMTELMAkGA1UEBhMCREsxDDAKBgNVBAoTA1RE
QzEUMBIGA1UEAxMLVERDIE9DRVMgQ0EwHhcNMDMwMjExMDgzOTMwWhcNMzcwMjExMDkwOTMwWjAx
MQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxi9mEgss/AxoXX43nmzO3yOZKkly5ko4Rbh5xM/aTz
xF8hvVYQ69suYeyTaeOjzL2ZwwX8BrjKNhz+kI5JTMRWmi9WvM97DPFvR6YNQ03i6R05NM2NLNkS
mPnj4cFKfIY4xKnEYYjSXq8aJk3V5KAiR4TZZLcZlvzsGeSylyZOSkzLjySLVBgcSGF71Yho2l21
6s0aMMGAg3ZQqk/R1N048O8W9OEMUAa/6vt6SaEoKxz2/BUyo3Rqj6nDYilxMeU7pGAXXnTm2hPt
6R8fG9GyaHPGEDR1RhAQ45AAdkDLi7dDCSH/q06TxljppYLbd8Q6mbFylUkE8Lcr+ntZjt0CAwEA
AaOCAjcwggIzMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIHsBgNVHSAEgeQwgeEw
gd4GCCqBUIEpAQEBMIHRMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNlcnRpZmlrYXQuZGsvcmVw
b3NpdG9yeTCBnQYIKwYBBQUHAgIwgZAwChYDVERDMAMCAQEagYFDZXJ0aWZpa2F0ZXIgZnJhIGRl
bm5lIENBIHVkc3RlZGVzIHVuZGVyIE9JRCAxLjIuMjA4LjE2OS4xLjEuMS4gQ2VydGlmaWNhdGVz
IGZyb20gdGhpcyBDQSBhcmUgaXNzdWVkIHVuZGVyIE9JRCAxLjIuMjA4LjE2OS4xLjEuMS4wEQYJ
YIZIAYb4QgEBBAQDAgAHMIGBBgNVHR8EejB4MEigRqBEpEIwQDELMAkGA1UEBhMCREsxDDAKBgNV
BAoTA1REQzEUMBIGA1UEAxMLVERDIE9DRVMgQ0ExDTALBgNVBAMTBENSTDEwLKAqoCiGJmh0dHA6
Ly9jcmwub2Nlcy5jZXJ0aWZpa2F0LmRrL29jZXMuY3JsMCsGA1UdEAQkMCKADzIwMDMwMjExMDgz
OTMwWoEPMjAzNzAyMTEwOTA5MzBaMB8GA1UdIwQYMBaAFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0G
A1UdDgQWBBRgtYXsVmR+EhknZx1QFUtzrjv5EjAdBgkqhkiG9n0HQQAEEDAOGwhWNi4wOjQuMAMC
BJAwDQYJKoZIhvcNAQEFBQADggEBAAq6JiZG03OoCfNrCzCZ/YrhV3oR07iU1wkQbqOxOAPRtvJD
QSlip3LY+3wF5jFwJ1QYTop8TuXRyox4iM8b05CL5iP4Cw4zQ32c4goZj8kBPnRddMmLHAPlGMgB
TD/LlwVdmHGmmG+2fL03f77hkyVtb/AKrRcY4QO8BynIrSbo+GHw/SEJfpqOqWh9SGJyvQDqAZm4
BoJRgU7x9bSRVLkjegCan12N4DxkuRoSkirHgkRyOdziPMbYVfUVTsgFDtvG0GKm7BW0tQKC26yM
ooHwm5kx9SAgqIhhCgeflPzQ1xvMLhfzBCd2Z+tUg/2kkH4GPQSjQy3a/Ati6i9fYlMwggUZMIIE
AaADAgECAgQ+SL3EMA0GCSqGSIb3DQEBBQUAMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNUREMx
FDASBgNVBAMTC1REQyBPQ0VTIENBMB4XDTAzMDIxMTA4MzkzMFoXDTM3MDIxMTA5MDkzMFowMTEL
MAkGA1UEBhMCREsxDDAKBgNVBAoTA1REQzEUMBIGA1UEAxMLVERDIE9DRVMgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsYvZhILLPwMaF1+N55szt8jmSpJcuZKOEW4ecTP2k88Rf
Ib1WEOvbLmHsk2njo8y9mcMF/Aa4yjYc/pCOSUzEVpovVrzPewzxb0emDUNN4ukdOTTNjSzZEpj5
4+HBSnyGOMSpxGGI0l6vGiZN1eSgIkeE2WS3GZb87BnkspcmTkpMy48ki1QYHEhhe9WIaNpdterN
GjDBgIN2UKpP0dTdOPDvFvThDFAGv+r7ekmhKCsc9vwVMqN0ao+pw2IpcTHlO6RgF1505toT7ekf
HxvRsmhzxhA0dUYQEOOQAHZAy4u3Qwkh/6tOk8ZY6aWC23fEOpmxcpVJBPC3K/p7WY7dAgMBAAGj
ggI3MIICMzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjCB7AYDVR0gBIHkMIHhMIHe
BggqgVCBKQEBATCB0TAvBggrBgEFBQcCARYjaHR0cDovL3d3dy5jZXJ0aWZpa2F0LmRrL3JlcG9z
aXRvcnkwgZ0GCCsGAQUFBwICMIGQMAoWA1REQzADAgEBGoGBQ2VydGlmaWthdGVyIGZyYSBkZW5u
ZSBDQSB1ZHN0ZWRlcyB1bmRlciBPSUQgMS4yLjIwOC4xNjkuMS4xLjEuIENlcnRpZmljYXRlcyBm
cm9tIHRoaXMgQ0EgYXJlIGlzc3VlZCB1bmRlciBPSUQgMS4yLjIwOC4xNjkuMS4xLjEuMBEGCWCG
SAGG+EIBAQQEAwIABzCBgQYDVR0fBHoweDBIoEagRKRCMEAxCzAJBgNVBAYTAkRLMQwwCgYDVQQK
EwNUREMxFDASBgNVBAMTC1REQyBPQ0VTIENBMQ0wCwYDVQQDEwRDUkwxMCygKqAohiZodHRwOi8v
Y3JsLm9jZXMuY2VydGlmaWthdC5kay9vY2VzLmNybDArBgNVHRAEJDAigA8yMDAzMDIxMTA4Mzkz
MFqBDzIwMzcwMjExMDkwOTMwWjAfBgNVHSMEGDAWgBRgtYXsVmR+EhknZx1QFUtzrjv5EjAdBgNV
HQ4EFgQUYLWF7FZkfhIZJ2cdUBVLc647+RIwHQYJKoZIhvZ9B0EABBAwDhsIVjYuMDo0LjADAgSQ
MA0GCSqGSIb3DQEBBQUAA4IBAQAKuiYmRtNzqAnzawswmf2K4Vd6EdO4lNcJEG6jsTgD0bbyQ0Ep
Yqdy2Pt8BeYxcCdUGE6KfE7l0cqMeIjPG9OQi+Yj+AsOM0N9nOIKGY/JAT50XXTJixwD5RjIAUw/
y5cFXZhxpphvtny9N3++4ZMlbW/wCq0XGOEDvAcpyK0m6Phh8P0hCX6ajqlofUhicr0A6gGZuAaC
UYFO8fW0kVS5I3oAmp9djeA8ZLkaEpIqx4JEcjnc4jzG2FX1FU7IBQ7bxtBipuwVtLUCgtusjKKB
8JuZMfUgIKiIYQoHn5T80NcbzC4X8wQndmfrVIP9pJB+Bj0Eo0Mt2vwLYuovX2JTMIIFMDCCBBig
AwIBAgIEP9JA9zANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQw
EgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wNTEwMDcwNzMyMjhaFw0wNzEwMDcwODAyMjhaMHsxCzAJ
BgNVBAYTAkRLMSgwJgYDVQQKEx9GT1JUQ09OU1VMVCBBcFMgLy8gQ1ZSOjI2MzczNTQ5MUIwGQYD
VQQDExJBbmRyZXcgQ2hyaXN0ZW5zZW4wJQYDVQQFEx5DVlI6MjYzNzM1NDktUklEOjExMjg0OTk0
OTI2OTkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJgniAQNYj+nuTJ6yGpx2gGb5HiFOtZB
o0emuB8QdxDGdI3uWvKyRTiczO06VzaodQsMjqQc85qgUfeU2PJ3B2Fh5nWustWyOW/iEUqZMVc4
KWOluEm8vcRGEDCkW2e5ojuX5OmkmAfTAK8edfPcCMP49rFTBTocyt5Kmtrkb0MfAgMBAAGjggKI
MIIChDAOBgNVHQ8BAf8EBAMCA/gwKwYDVR0QBCQwIoAPMjAwNTEwMDcwNzMyMjhagQ8yMDA3MTAw
NzA4MDIyOFowggE3BgNVHSAEggEuMIIBKjCCASYGCiqBUIEpAQEBAgMwggEWMC8GCCsGAQUFBwIB
FiNodHRwOi8vd3d3LmNlcnRpZmlrYXQuZGsvcmVwb3NpdG9yeTCB4gYIKwYBBQUHAgIwgdUwChYD
VERDMAMCAQEagcZGb3IgYW52ZW5kZWxzZSBhZiBjZXJ0aWZpa2F0ZXQgZ+ZsZGVyIE9DRVMgdmls
a+VyLCBDUFMgb2cgT0NFUyBDUCwgZGVyIGthbiBoZW50ZXMgZnJhIHd3dy5jZXJ0aWZpa2F0LmRr
L3JlcG9zaXRvcnkuIEJlbeZyaywgYXQgVERDIGVmdGVyIHZpbGvlcmVuZSBoYXIgZXQgYmVncuZu
c2V0IGFuc3ZhciBpZnQuIHByb2Zlc3Npb25lbGxlIHBhcnRlci4wHgYDVR0RBBcwFYETYW5jQGZv
cnRjb25zdWx0Lm5ldDCBgwYDVR0fBHwwejBKoEigRqREMEIxCzAJBgNVBAYTAkRLMQwwCgYDVQQK
EwNUREMxFDASBgNVBAMTC1REQyBPQ0VTIENBMQ8wDQYDVQQDEwZDUkw4NjIwLKAqoCiGJmh0dHA6
Ly9jcmwub2Nlcy5jZXJ0aWZpa2F0LmRrL29jZXMuY3JsMB8GA1UdIwQYMBaAFGC1hexWZH4SGSdn
HVAVS3OuO/kSMB0GA1UdDgQWBBRjdh/xaJnfa5lRyX8b4vSVuJ7YFjAJBgNVHRMEAjAAMBkGCSqG
SIb2fQdBAAQMMAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQAsLvdEtsRAK4NZmo1LjpZk
VHQWe0H2XaL+pp9tfdhvgzukvdJsFgEwiXa+tLTuJYIgCQlqsPY4zfosI0pLhggW8fc/7LQM4hVZ
W4nU0v9nwZx6wIxw1ASMpZj4wOrq/uAwk9m8dSKPFZxQsNUrkxqYMNDl074uSR6a9k61v0ni6alz
4t+KXAbuwGX5ifMpWQ0NT/tbfhP1Z7q+LasttOaqqKwC2b+0Gkm3b7Po4h/Mo/Dxlv6OS4uBdpZ0
D6y7BViv3E7smCDRmFvONbACKecOO/RoufDFG6s4jdzSw704+3WUh4JZXIqpybzDPETIEtXxi5rr
QDjSJsGzPMTis8yfMIIFMDCCBBigAwIBAgIEP9JA9zANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQG
EwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wNTEwMDcwNzMyMjha
Fw0wNzEwMDcwODAyMjhaMHsxCzAJBgNVBAYTAkRLMSgwJgYDVQQKEx9GT1JUQ09OU1VMVCBBcFMg
Ly8gQ1ZSOjI2MzczNTQ5MUIwGQYDVQQDExJBbmRyZXcgQ2hyaXN0ZW5zZW4wJQYDVQQFEx5DVlI6
MjYzNzM1NDktUklEOjExMjg0OTk0OTI2OTkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJgn
iAQNYj+nuTJ6yGpx2gGb5HiFOtZBo0emuB8QdxDGdI3uWvKyRTiczO06VzaodQsMjqQc85qgUfeU
2PJ3B2Fh5nWustWyOW/iEUqZMVc4KWOluEm8vcRGEDCkW2e5ojuX5OmkmAfTAK8edfPcCMP49rFT
BTocyt5Kmtrkb0MfAgMBAAGjggKIMIIChDAOBgNVHQ8BAf8EBAMCA/gwKwYDVR0QBCQwIoAPMjAw
NTEwMDcwNzMyMjhagQ8yMDA3MTAwNzA4MDIyOFowggE3BgNVHSAEggEuMIIBKjCCASYGCiqBUIEp
AQEBAgMwggEWMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmNlcnRpZmlrYXQuZGsvcmVwb3NpdG9y
eTCB4gYIKwYBBQUHAgIwgdUwChYDVERDMAMCAQEagcZGb3IgYW52ZW5kZWxzZSBhZiBjZXJ0aWZp
a2F0ZXQgZ+ZsZGVyIE9DRVMgdmlsa+VyLCBDUFMgb2cgT0NFUyBDUCwgZGVyIGthbiBoZW50ZXMg
ZnJhIHd3dy5jZXJ0aWZpa2F0LmRrL3JlcG9zaXRvcnkuIEJlbeZyaywgYXQgVERDIGVmdGVyIHZp
bGvlcmVuZSBoYXIgZXQgYmVncuZuc2V0IGFuc3ZhciBpZnQuIHByb2Zlc3Npb25lbGxlIHBhcnRl
ci4wHgYDVR0RBBcwFYETYW5jQGZvcnRjb25zdWx0Lm5ldDCBgwYDVR0fBHwwejBKoEigRqREMEIx
CzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNUREMxFDASBgNVBAMTC1REQyBPQ0VTIENBMQ8wDQYDVQQD
EwZDUkw4NjIwLKAqoCiGJmh0dHA6Ly9jcmwub2Nlcy5jZXJ0aWZpa2F0LmRrL29jZXMuY3JsMB8G
A1UdIwQYMBaAFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GA1UdDgQWBBRjdh/xaJnfa5lRyX8b4vSV
uJ7YFjAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQMMAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUA
A4IBAQAsLvdEtsRAK4NZmo1LjpZkVHQWe0H2XaL+pp9tfdhvgzukvdJsFgEwiXa+tLTuJYIgCQlq
sPY4zfosI0pLhggW8fc/7LQM4hVZW4nU0v9nwZx6wIxw1ASMpZj4wOrq/uAwk9m8dSKPFZxQsNUr
kxqYMNDl074uSR6a9k61v0ni6alz4t+KXAbuwGX5ifMpWQ0NT/tbfhP1Z7q+LasttOaqqKwC2b+0
Gkm3b7Po4h/Mo/Dxlv6OS4uBdpZ0D6y7BViv3E7smCDRmFvONbACKecOO/RoufDFG6s4jdzSw704
+3WUh4JZXIqpybzDPETIEtXxi5rrQDjSJsGzPMTis8yfMYIBhDCCAYACAQEwOTAxMQswCQYDVQQG
EwJESzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQQIEP9JA9zAJBgUrDgMCGgUA
oIGiMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MTAxOTE0MTQw
OVowIwYJKoZIhvcNAQkEMRYEFFseWP0W1qZiuU4yJL2jrM++teULMEMGCSqGSIb3DQEJDzE2MDQw
BwYFKw4DAh0wDgYIKoZIhvcNAwICAgCAMAoGCCqGSIb3DQMHMA0GCCqGSIb3DQMCAgEoMA0GCSqG
SIb3DQEBAQUABIGAfyfAymIgLdU9B/Q8mAiHCUCBwG/E0nW80acJHySygDiGixeuNTRXjriJldi8
YE5QiJjz/IkxLbQZZ8tqKe4ltcaPJIT1gPdZBWVU1eo7rxxyOpCjv1qQT6GK6qrk1DoD9Mq8vhEX
lIZs1nhc2bdAMqQ11vjdeWXeTmz0F9JkvkEAAAAA
---------z25841_boundary_sign--
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed