From 9d9a21666ed637033e2113b1f36c88f0b8d25fd0 Mon Sep 17 00:00:00 2001 From: breakthesec Date: Sun, 25 Jan 2015 13:53:13 +0530 Subject: [PATCH 01/19] removed netbeans project --- LICENSE | 339 ---- README.md | 15 - build.xml | 71 - nbproject/ant-deploy.xml | 37 - nbproject/build-impl.xml | 1448 ----------------- nbproject/genfiles.properties | 8 - nbproject/private/private.properties | 8 - nbproject/private/private.xml | 7 - nbproject/project.properties | 88 - nbproject/project.xml | 31 - src/conf/MANIFEST.MF | 2 - src/java/controller/AddPage.java | 116 -- src/java/controller/EmailCheck.java | 108 -- src/java/controller/ForwardMe.java | 92 -- src/java/controller/LoginValidator.java | 122 -- src/java/controller/Logout.java | 87 - src/java/controller/Register.java | 123 -- src/java/controller/SendMessage.java | 112 -- src/java/controller/UsernameCheck.java | 108 -- src/java/controller/XPathQuery.java | 115 -- src/java/controller/install.java | 227 --- src/java/controller/open.java | 91 -- src/java/controller/xxe.java | 106 -- src/java/model/DBConnect.java | 43 - src/java/model/HashMe.java | 37 - web/ForgotPassword.jsp | 54 - web/META-INF/context.xml | 2 - web/Register.jsp | 51 - web/WEB-INF/AdminPanel.jsp | 7 - web/WEB-INF/config.properties | 10 - web/WEB-INF/users.xml | 36 - web/WEB-INF/web.xml | 99 -- web/admin/AddPage.jsp | 21 - web/admin/Configure.jsp | 33 - web/admin/admin.jsp | 9 - web/admin/adminlogin.jsp | 57 - web/admin/index.jsp | 12 - web/admin/manageusers.jsp | 31 - web/changeCardDetails.jsp | 70 - web/docs/doc1.pdf | Bin 11027 -> 0 bytes web/docs/exampledoc.pdf | Bin 16531 -> 0 bytes web/footer.jsp | 12 - web/header.jsp | 169 -- web/images/Thumbs.db | Bin 4608 -> 0 bytes web/images/bg.png | Bin 102 -> 0 bytes web/index.jsp | 10 - web/install.jsp | 28 - web/jquery.min.js | 4 - web/login.jsp | 31 - web/myprofile.jsp | 65 - web/robots.txt | 9 - web/style.css | 224 --- web/vulnerability/DisplayMessage.jsp | 46 - web/vulnerability/Injection/1.xsl | 41 - web/vulnerability/Injection/2.xsl | 35 - web/vulnerability/Injection/courses.xml | 19 - web/vulnerability/Injection/xpath_login.jsp | 14 - web/vulnerability/Injection/xslt.jsp | 17 - web/vulnerability/Injection/xxe.jsp | 26 - web/vulnerability/Messages.jsp | 33 - web/vulnerability/SendMessage.jsp | 34 - web/vulnerability/UserDetails.jsp | 34 - web/vulnerability/baasm/SiteTitle.jsp | 45 - web/vulnerability/baasm/URLRewriting.jsp | 9 - web/vulnerability/csrf/change-info.jsp | 48 - web/vulnerability/csrf/changepassword.jsp | 62 - web/vulnerability/forum.jsp | 82 - web/vulnerability/forumUsersList.jsp | 28 - web/vulnerability/forumposts.jsp | 30 - web/vulnerability/idor/change-email.jsp | 49 - web/vulnerability/idor/download.jsp | 45 - web/vulnerability/mfac/SearchEngines.jsp | 4 - web/vulnerability/sde/hash.jsp | 6 - web/vulnerability/securitymisconfig/pages.jsp | 39 - web/vulnerability/sqli/download.jsp | 8 - web/vulnerability/sqli/download_id.jsp | 65 - web/vulnerability/sqli/download_id_union.jsp | 65 - web/vulnerability/sqli/union2.jsp | 9 - web/vulnerability/unvalidated/OpenForward.jsp | 7 - web/vulnerability/unvalidated/OpenURL.jsp | 4 - web/vulnerability/xss/flash/exss.jsp | 10 - web/vulnerability/xss/flash/xss1.swf | Bin 59563 -> 0 bytes web/vulnerability/xss/flash/xss2.swf | Bin 9416 -> 0 bytes web/vulnerability/xss/search.jsp | 29 - web/vulnerability/xss/xss4.jsp | 24 - 85 files changed, 5552 deletions(-) delete mode 100644 LICENSE delete mode 100644 README.md delete mode 100644 build.xml delete mode 100644 nbproject/ant-deploy.xml delete mode 100644 nbproject/build-impl.xml delete mode 100644 nbproject/genfiles.properties delete mode 100644 nbproject/private/private.properties delete mode 100644 nbproject/private/private.xml delete mode 100644 nbproject/project.properties delete mode 100644 nbproject/project.xml delete mode 100644 src/conf/MANIFEST.MF delete mode 100644 src/java/controller/AddPage.java delete mode 100644 src/java/controller/EmailCheck.java delete mode 100644 src/java/controller/ForwardMe.java delete mode 100644 src/java/controller/LoginValidator.java delete mode 100644 src/java/controller/Logout.java delete mode 100644 src/java/controller/Register.java delete mode 100644 src/java/controller/SendMessage.java delete mode 100644 src/java/controller/UsernameCheck.java delete mode 100644 src/java/controller/XPathQuery.java delete mode 100644 src/java/controller/install.java delete mode 100644 src/java/controller/open.java delete mode 100644 src/java/controller/xxe.java delete mode 100644 src/java/model/DBConnect.java delete mode 100644 src/java/model/HashMe.java delete mode 100644 web/ForgotPassword.jsp delete mode 100644 web/META-INF/context.xml delete mode 100644 web/Register.jsp delete mode 100644 web/WEB-INF/AdminPanel.jsp delete mode 100644 web/WEB-INF/config.properties delete mode 100644 web/WEB-INF/users.xml delete mode 100644 web/WEB-INF/web.xml delete mode 100644 web/admin/AddPage.jsp delete mode 100644 web/admin/Configure.jsp delete mode 100644 web/admin/admin.jsp delete mode 100644 web/admin/adminlogin.jsp delete mode 100644 web/admin/index.jsp delete mode 100644 web/admin/manageusers.jsp delete mode 100644 web/changeCardDetails.jsp delete mode 100644 web/docs/doc1.pdf delete mode 100644 web/docs/exampledoc.pdf delete mode 100644 web/footer.jsp delete mode 100644 web/header.jsp delete mode 100644 web/images/Thumbs.db delete mode 100644 web/images/bg.png delete mode 100644 web/index.jsp delete mode 100644 web/install.jsp delete mode 100644 web/jquery.min.js delete mode 100644 web/login.jsp delete mode 100644 web/myprofile.jsp delete mode 100644 web/robots.txt delete mode 100644 web/style.css delete mode 100644 web/vulnerability/DisplayMessage.jsp delete mode 100644 web/vulnerability/Injection/1.xsl delete mode 100644 web/vulnerability/Injection/2.xsl delete mode 100644 web/vulnerability/Injection/courses.xml delete mode 100644 web/vulnerability/Injection/xpath_login.jsp delete mode 100644 web/vulnerability/Injection/xslt.jsp delete mode 100644 web/vulnerability/Injection/xxe.jsp delete mode 100644 web/vulnerability/Messages.jsp delete mode 100644 web/vulnerability/SendMessage.jsp delete mode 100644 web/vulnerability/UserDetails.jsp delete mode 100644 web/vulnerability/baasm/SiteTitle.jsp delete mode 100644 web/vulnerability/baasm/URLRewriting.jsp delete mode 100644 web/vulnerability/csrf/change-info.jsp delete mode 100644 web/vulnerability/csrf/changepassword.jsp delete mode 100644 web/vulnerability/forum.jsp delete mode 100644 web/vulnerability/forumUsersList.jsp delete mode 100644 web/vulnerability/forumposts.jsp delete mode 100644 web/vulnerability/idor/change-email.jsp delete mode 100644 web/vulnerability/idor/download.jsp delete mode 100644 web/vulnerability/mfac/SearchEngines.jsp delete mode 100644 web/vulnerability/sde/hash.jsp delete mode 100644 web/vulnerability/securitymisconfig/pages.jsp delete mode 100644 web/vulnerability/sqli/download.jsp delete mode 100644 web/vulnerability/sqli/download_id.jsp delete mode 100644 web/vulnerability/sqli/download_id_union.jsp delete mode 100644 web/vulnerability/sqli/union2.jsp delete mode 100644 web/vulnerability/unvalidated/OpenForward.jsp delete mode 100644 web/vulnerability/unvalidated/OpenURL.jsp delete mode 100644 web/vulnerability/xss/flash/exss.jsp delete mode 100644 web/vulnerability/xss/flash/xss1.swf delete mode 100644 web/vulnerability/xss/flash/xss2.swf delete mode 100644 web/vulnerability/xss/search.jsp delete mode 100644 web/vulnerability/xss/xss4.jsp diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 23cb7903..00000000 --- a/LICENSE +++ /dev/null @@ -1,339 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - {description} - Copyright (C) {year} {fullname} - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - {signature of Ty Coon}, 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. diff --git a/README.md b/README.md deleted file mode 100644 index 8560b23a..00000000 --- a/README.md +++ /dev/null @@ -1,15 +0,0 @@ -This is Vulnerable Web Application developed for course by Cyber Security and Privacy Foundation -(www.cysecurity.org) for Java programmers - -Get the VulnerableSpring Project from here: -https://github.com/breakthesec/VulnerableSpring - ----------------------------------- -The full course on Hacking and Securing Web Java Programs is available in ------------------------------------ -https://www.udemy.com/hacking-securing-java-web-programming/ - ----------------------------------- -VirtualBox VM can be found here: ----------------------------------- -http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.ova/download diff --git a/build.xml b/build.xml deleted file mode 100644 index 841659cb..00000000 --- a/build.xml +++ /dev/null @@ -1,71 +0,0 @@ - - - - - - - - - - - Builds, tests, and runs the project JavaVulnerableLab. - - - diff --git a/nbproject/ant-deploy.xml b/nbproject/ant-deploy.xml deleted file mode 100644 index 5ca2a427..00000000 --- a/nbproject/ant-deploy.xml +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/nbproject/build-impl.xml b/nbproject/build-impl.xml deleted file mode 100644 index df502d08..00000000 --- a/nbproject/build-impl.xml +++ /dev/null @@ -1,1448 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Must set src.dir - Must set test.src.dir - Must set build.dir - Must set build.web.dir - Must set build.generated.dir - Must set dist.dir - Must set build.classes.dir - Must set dist.javadoc.dir - Must set build.test.classes.dir - Must set build.test.results.dir - Must set build.classes.excludes - Must set dist.war - - - - - - - - - -The Java EE server classpath is not correctly set up - server home directory is missing. -Either open the project in the IDE and assign the server or setup the server classpath manually. -For example like this: - ant -Dj2ee.server.home=<app_server_installation_directory> - - -The Java EE server classpath is not correctly set up. Your active server type is ${j2ee.server.type}. -Either open the project in the IDE and assign the server or setup the server classpath manually. -For example like this: - ant -Duser.properties.file=<path_to_property_file> (where you put the property "j2ee.platform.classpath" in a .properties file) -or ant -Dj2ee.platform.classpath=<server_classpath> (where no properties file is used) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Must set javac.includes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - No tests executed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -The libs.CopyLibs.classpath property is not set up. -This property must point to -org-netbeans-modules-java-j2seproject-copylibstask.jar file which is part -of NetBeans IDE installation and is usually located at -<netbeans_installation>/java<version>/ant/extra folder. -Either open the project in the IDE and make sure CopyLibs library -exists or setup the property manually. For example like this: - ant -Dlibs.CopyLibs.classpath=a/path/to/org-netbeans-modules-java-j2seproject-copylibstask.jar - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Must set JVM to use for profiling in profiler.info.jvm - Must set profiler agent JVM arguments in profiler.info.jvmargs.agent - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Must select some files in the IDE or set javac.includes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Must select some files in the IDE or set javac.jsp.includes - - - - - - - - - - - - - - - - - - - - - - - - - - Must select a file in the IDE or set jsp.includes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Browser not found, cannot launch the deployed application. Try to set the BROWSER environment variable. - - - Launching ${browse.url} - - - - - - Must select one file in the IDE or set run.class - - - - Must select one file in the IDE or set run.class - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Must select one file in the IDE or set debug.class - - - - - - - - - - - - Must select one file in the IDE or set debug.class - - - - - Must set fix.includes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - This target only works when run from inside the NetBeans IDE. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Must select some files in the IDE or set javac.includes - - - - - - - - - - - - - - - - - - - Some tests failed; see details above. - - - - - - - - - Must select some files in the IDE or set test.includes - - - - Some tests failed; see details above. - - - - Must select some files in the IDE or set test.class - Must select some method in the IDE or set test.method - - - - Some tests failed; see details above. - - - - - Must select one file in the IDE or set test.class - - - - Must select one file in the IDE or set test.class - Must select some method in the IDE or set test.method - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/nbproject/genfiles.properties b/nbproject/genfiles.properties deleted file mode 100644 index cb66364d..00000000 --- a/nbproject/genfiles.properties +++ /dev/null @@ -1,8 +0,0 @@ -build.xml.data.CRC32=903755fa -build.xml.script.CRC32=8f523743 -build.xml.stylesheet.CRC32=651128d4@1.67.1.1 -# This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. -# Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. -nbproject/build-impl.xml.data.CRC32=903755fa -nbproject/build-impl.xml.script.CRC32=084958d7 -nbproject/build-impl.xml.stylesheet.CRC32=99ea4b56@1.67.1.1 diff --git a/nbproject/private/private.properties b/nbproject/private/private.properties deleted file mode 100644 index a50452d9..00000000 --- a/nbproject/private/private.properties +++ /dev/null @@ -1,8 +0,0 @@ -deploy.ant.properties.file=/home/breakthesec/.netbeans/8.0/tomcat80.properties -j2ee.server.domain=/home/breakthesec/.netbeans/8.0/apache-tomcat-8.0.3.0_base -j2ee.server.home=/home/breakthesec/apache-tomcat-8.0.3 -j2ee.server.instance=tomcat80:home=/home/breakthesec/apache-tomcat-8.0.3:base=apache-tomcat-8.0.3.0_base -javac.debug=true -javadoc.preview=true -selected.browser=default -user.properties.file=/home/breakthesec/.netbeans/8.0/build.properties diff --git a/nbproject/private/private.xml b/nbproject/private/private.xml deleted file mode 100644 index 6807a2ba..00000000 --- a/nbproject/private/private.xml +++ /dev/null @@ -1,7 +0,0 @@ - - - - - - - diff --git a/nbproject/project.properties b/nbproject/project.properties deleted file mode 100644 index 6ea3de55..00000000 --- a/nbproject/project.properties +++ /dev/null @@ -1,88 +0,0 @@ -annotation.processing.enabled=true -annotation.processing.enabled.in.editor=true -annotation.processing.processors.list= -annotation.processing.run.all.processors=true -annotation.processing.source.output=${build.generated.sources.dir}/ap-source-output -build.classes.dir=${build.web.dir}/WEB-INF/classes -build.classes.excludes=**/*.java,**/*.form -build.dir=build -build.generated.dir=${build.dir}/generated -build.generated.sources.dir=${build.dir}/generated-sources -build.test.classes.dir=${build.dir}/test/classes -build.test.results.dir=${build.dir}/test/results -build.web.dir=${build.dir}/web -build.web.excludes=${build.classes.excludes} -client.urlPart= -compile.jsps=false -conf.dir=${source.root}/conf -debug.classpath=${build.classes.dir}:${javac.classpath} -debug.test.classpath=\ - ${run.test.classpath} -display.browser=true -# Files to be excluded from distribution war -dist.archive.excludes= -dist.dir=dist -dist.ear.war=${dist.dir}/${war.ear.name} -dist.javadoc.dir=${dist.dir}/javadoc -dist.war=${dist.dir}/${war.name} -endorsed.classpath=\ - ${libs.javaee-endorsed-api-6.0.classpath} -excludes= -file.reference.json-20090211.jar=/media/breakthesec/Extra/GuestFolder/jar libs/json-20090211.jar -file.reference.mysql-connector-java-5.1.33-bin.jar=../mysql-connector-java-5.1.33-bin.jar -includes=** -j2ee.compile.on.save=true -j2ee.copy.static.files.on.save=true -j2ee.deploy.on.save=true -j2ee.platform=1.7-web -j2ee.platform.classpath=${j2ee.server.home}/lib/annotations-api.jar:${j2ee.server.home}/lib/catalina-ant.jar:${j2ee.server.home}/lib/catalina-ha.jar:${j2ee.server.home}/lib/catalina-storeconfig.jar:${j2ee.server.home}/lib/catalina-tribes.jar:${j2ee.server.home}/lib/catalina.jar:${j2ee.server.home}/lib/ecj-4.3.1.jar:${j2ee.server.home}/lib/el-api.jar:${j2ee.server.home}/lib/jasper-el.jar:${j2ee.server.home}/lib/jasper.jar:${j2ee.server.home}/lib/jsp-api.jar:${j2ee.server.home}/lib/servlet-api.jar:${j2ee.server.home}/lib/tomcat-api.jar:${j2ee.server.home}/lib/tomcat-coyote.jar:${j2ee.server.home}/lib/tomcat-dbcp.jar:${j2ee.server.home}/lib/tomcat-i18n-es.jar:${j2ee.server.home}/lib/tomcat-i18n-fr.jar:${j2ee.server.home}/lib/tomcat-i18n-ja.jar:${j2ee.server.home}/lib/tomcat-jdbc.jar:${j2ee.server.home}/lib/tomcat-jni.jar:${j2ee.server.home}/lib/tomcat-spdy.jar:${j2ee.server.home}/lib/tomcat-util-scan.jar:${j2ee.server.home}/lib/tomcat-util.jar:${j2ee.server.home}/lib/tomcat-websocket.jar:${j2ee.server.home}/lib/websocket-api.jar -j2ee.server.type=Tomcat -jar.compress=false -javac.classpath=\ - ${file.reference.mysql-connector-java-5.1.33-bin.jar}:\ - ${file.reference.json-20090211.jar}:\ - ${libs.jstl.classpath} -# Space-separated list of extra javac options -javac.compilerargs= -javac.debug=true -javac.deprecation=false -javac.processorpath=\ - ${javac.classpath} -javac.source=1.6 -javac.target=1.6 -javac.test.classpath=\ - ${javac.classpath}:\ - ${build.classes.dir} -javac.test.processorpath=\ - ${javac.test.classpath} -javadoc.additionalparam= -javadoc.author=false -javadoc.encoding=${source.encoding} -javadoc.noindex=false -javadoc.nonavbar=false -javadoc.notree=false -javadoc.preview=true -javadoc.private=false -javadoc.splitindex=true -javadoc.use=true -javadoc.version=false -javadoc.windowtitle= -lib.dir=${web.docbase.dir}/WEB-INF/lib -persistence.xml.dir=${conf.dir} -platform.active=default_platform -resource.dir=setup -run.test.classpath=\ - ${javac.test.classpath}:\ - ${build.test.classes.dir} -# Space-separated list of JVM arguments used when running a class with a main method or a unit test -# (you may also define separate properties like run-sys-prop.name=value instead of -Dname=value): -runmain.jvmargs= -source.encoding=UTF-8 -source.root=src -src.dir=${source.root}/java -test.src.dir=test -war.content.additional= -war.ear.name=${war.name} -war.name=JavaVulnerableLab.war -web.docbase.dir=web -webinf.dir=web/WEB-INF diff --git a/nbproject/project.xml b/nbproject/project.xml deleted file mode 100644 index fe0dff12..00000000 --- a/nbproject/project.xml +++ /dev/null @@ -1,31 +0,0 @@ - - - org.netbeans.modules.web.project - - - JavaVulnerableLab - 1.6.5 - - - ${file.reference.mysql-connector-java-5.1.33-bin.jar} - WEB-INF/lib - - - ${file.reference.json-20090211.jar} - WEB-INF/lib - - - ${libs.jstl.classpath} - WEB-INF/lib - - - - - - - - - - - - diff --git a/src/conf/MANIFEST.MF b/src/conf/MANIFEST.MF deleted file mode 100644 index 59499bce..00000000 --- a/src/conf/MANIFEST.MF +++ /dev/null @@ -1,2 +0,0 @@ -Manifest-Version: 1.0 - diff --git a/src/java/controller/AddPage.java b/src/java/controller/AddPage.java deleted file mode 100644 index 0b8da423..00000000 --- a/src/java/controller/AddPage.java +++ /dev/null @@ -1,116 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.BufferedWriter; -import java.io.File; -import java.io.FileWriter; -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * - * @author breakthesec - */ -public class AddPage extends HttpServlet { - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = response.getWriter(); - try { - String fileName=request.getParameter("filename"); - String content=request.getParameter("content"); - if(fileName!=null && content!=null) - { - String pagesDir=getServletContext().getRealPath("/pages"); - String filePath=pagesDir+"/"+fileName; - File f=new File(filePath); - if(f.exists()) - { - f.delete(); - } - if(f.createNewFile()) - { - BufferedWriter bw=new BufferedWriter(new FileWriter(f.getAbsoluteFile())); - bw.write(content); - bw.close(); - out.print("Successfully created the file: "+fileName+""); - } - else - { - out.print("Failed to create the file"); - } - } - else - { - out.print("filename or content Parameter is missing"); - } - - } - catch(Exception e) - { - out.print(e); - } - finally { - out.close(); - } - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/EmailCheck.java b/src/java/controller/EmailCheck.java deleted file mode 100644 index cbcf1c5f..00000000 --- a/src/java/controller/EmailCheck.java +++ /dev/null @@ -1,108 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.IOException; -import java.io.PrintWriter; -import java.sql.Connection; -import java.sql.ResultSet; -import java.sql.Statement; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import model.DBConnect; -import org.json.JSONObject; - -/** - * - * @author breakthesec - */ -public class EmailCheck extends HttpServlet { - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("application/json"); - PrintWriter out = response.getWriter(); - try { - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - String email=request.getParameter("email").trim(); - JSONObject json=new JSONObject(); - if(con!=null && !con.isClosed()) - { - ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where email='"+email+"'"); - if (rs.next()) - { - json.put("available", "1"); - } - else - { - json.put("available", new Integer(0)); - } - } - out.print(json); - } - catch(Exception e) - { - out.print(e); - } - finally { - out.close(); - } - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/ForwardMe.java b/src/java/controller/ForwardMe.java deleted file mode 100644 index 56cca1c5..00000000 --- a/src/java/controller/ForwardMe.java +++ /dev/null @@ -1,92 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * - * @author breakthesec - */ -public class ForwardMe extends HttpServlet { - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = response.getWriter(); - try { - if(request.getParameter("location")!=null) - { - String location=request.getParameter("location"); - //Forwarding - RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(location); - dispatcher.forward(request,response); - } - else - { - out.print("Location Parameter is missing"); - } - } finally { - out.close(); - } - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/LoginValidator.java b/src/java/controller/LoginValidator.java deleted file mode 100644 index 81993bd9..00000000 --- a/src/java/controller/LoginValidator.java +++ /dev/null @@ -1,122 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.IOException; -import java.io.PrintWriter; -import java.sql.Connection; -import java.sql.ResultSet; -import java.sql.Statement; -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import model.DBConnect; - - - -/** - * - * @author breakthesec - */ -public class LoginValidator extends HttpServlet { - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - - - String user=request.getParameter("username").trim(); - String pass=request.getParameter("password").trim(); - try - { - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - if(con!=null && !con.isClosed()) - { - ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'"); - if(rs != null && rs.next()){ - HttpSession session=request.getSession(); - session.setAttribute("isLoggedIn", "1"); - session.setAttribute("userid", rs.getString("id")); - session.setAttribute("user", rs.getString("username")); - session.setAttribute("avatar", rs.getString("avatar")); - Cookie privilege=new Cookie("privilege","user"); - response.addCookie(privilege); - if(request.getParameter("RememberMe")!=null) - { - Cookie username=new Cookie("username",user); - Cookie password=new Cookie("password",pass); - response.addCookie(username); - response.addCookie(password); - } - response.sendRedirect(response.encodeURL("ForwardMe?location=/index.jsp")); - } - else - { - response.sendRedirect("ForwardMe?location=/login.jsp&err=Invalid Username or Password"); - } - - } - } - catch(Exception ex) - { - response.sendRedirect("login.jsp?err=something went wrong"); - } - - } - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/Logout.java b/src/java/controller/Logout.java deleted file mode 100644 index 7bd07bef..00000000 --- a/src/java/controller/Logout.java +++ /dev/null @@ -1,87 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -/** - * - * @author breakthesec - */ -public class Logout extends HttpServlet { - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("text/html;charset=UTF-8"); - try { - PrintWriter out = response.getWriter(); - /* TODO output your page here. You may use following sample code. */ - HttpSession session=request.getSession(); - session.invalidate(); - response.sendRedirect("index.jsp"); - } - catch(Exception e) - { - - } - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/Register.java b/src/java/controller/Register.java deleted file mode 100644 index 4b679e3c..00000000 --- a/src/java/controller/Register.java +++ /dev/null @@ -1,123 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.IOException; -import java.io.PrintWriter; -import java.sql.Connection; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import model.DBConnect; - -/** - * - * @author breakthesec - */ -public class Register extends HttpServlet { - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("text/html;charset=UTF-8"); - try { - PrintWriter out = response.getWriter(); - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - String user=request.getParameter("username"); - String pass=request.getParameter("password"); - String email=request.getParameter("email"); - String about=request.getParameter("About"); - String secret=request.getParameter("secret"); - if(secret==null || secret.equals("")) - { - secret="nosecret"; - } - try - { - if(con!=null && !con.isClosed()) - { - - Statement stmt = con.createStatement(); - stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')"); - stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi
This is admin of this page.
Welcome to Our Forum')"); - - response.sendRedirect("index.jsp"); - - } - else - { - response.sendRedirect("Register.jsp"); - } - } - catch(SQLException ex) - { - System.out.println("SQLException: " + ex.getMessage()); - System.out.println("SQLState: " + ex.getSQLState()); - System.out.println("VendorError: " + ex.getErrorCode()); - - } - - } - catch(Exception e) - { - - } - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/SendMessage.java b/src/java/controller/SendMessage.java deleted file mode 100644 index 11bfe52d..00000000 --- a/src/java/controller/SendMessage.java +++ /dev/null @@ -1,112 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.IOException; -import java.io.PrintWriter; -import java.sql.Connection; -import java.sql.PreparedStatement; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import model.DBConnect; - -/** - * - * @author breakthesec - */ -public class SendMessage extends HttpServlet { - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("text/html;charset=UTF-8"); - - try - { - PrintWriter out = response.getWriter(); - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - String recipient=request.getParameter("recipient"); - String subject=request.getParameter("subject"); - String msg=request.getParameter("msg"); - String sender=request.getParameter("sender"); - if(con!=null && !con.isClosed() && request.getParameter("send")!=null) - { - //PreparedStatement to Prevent SQL Injection attack: - PreparedStatement pstmt=con.prepareStatement("INSERT into UserMessages(recipient, sender, subject, msg) values (?,?,?,?)"); - pstmt.setString(1, recipient); - pstmt.setString(2, sender); - pstmt.setString(3, subject); - pstmt.setString(4, msg); - pstmt.executeUpdate(); - response.sendRedirect(request.getContextPath()+"/vulnerability/SendMessage.jsp?status=* Message successfully sent *"); - - } - else - { - response.sendRedirect(request.getContextPath()+"/vulnerability/SendMessage.jsp?status=* Something Went Wrong"); - - } - } - catch(Exception ex) - { - response.sendRedirect(request.getContextPath()+"/vulnerability/SendMessage.jsp?status=* Something Went Wrong
"+ex); - - } - - - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/UsernameCheck.java b/src/java/controller/UsernameCheck.java deleted file mode 100644 index 231f1a81..00000000 --- a/src/java/controller/UsernameCheck.java +++ /dev/null @@ -1,108 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.IOException; -import java.io.PrintWriter; -import java.sql.Connection; -import java.sql.ResultSet; -import java.sql.Statement; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import model.DBConnect; -import org.json.JSONObject; - -/** - * - * @author breakthesec - */ -public class UsernameCheck extends HttpServlet { - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("application/json"); - PrintWriter out = response.getWriter(); - try { - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - String user=request.getParameter("username").trim(); - JSONObject json=new JSONObject(); - if(con!=null && !con.isClosed()) - { - ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where username='"+user+"'"); - if (rs.next()) - { - json.put("available", "1"); - } - else - { - json.put("available", new Integer(0)); - } - } - out.print(json); - } - catch(Exception e) - { - out.print(e); - } - finally { - out.close(); - } - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/XPathQuery.java b/src/java/controller/XPathQuery.java deleted file mode 100644 index 0a0bb606..00000000 --- a/src/java/controller/XPathQuery.java +++ /dev/null @@ -1,115 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.xpath.XPath; -import javax.xml.xpath.XPathFactory; - -import org.w3c.dom.Document; -/** - * - * @author breakthesec - */ -public class XPathQuery extends HttpServlet { - - - - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = response.getWriter(); - try { - String user=request.getParameter("username"); - String pass=request.getParameter("password"); - - //XML Source: - String XML_SOURCE=getServletContext().getRealPath("/WEB-INF/users.xml"); - - //Parsing XML: - DocumentBuilderFactory factory=DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder=factory.newDocumentBuilder(); - Document xDoc=builder.parse(XML_SOURCE); - - XPath xPath=XPathFactory.newInstance().newXPath(); - - //XPath Query: - String xPression="/users/user[username='"+user+"' and password='"+pass+"']/name"; - - //running Xpath query: - String name=xPath.compile(xPression).evaluate(xDoc); - out.println(name); - if(name.isEmpty()) - { - response.sendRedirect(response.encodeURL("ForwardMe?location=/vulnerability/Injection/xpath_login.jsp?err=Invalid Credentials")); - } - else - { - HttpSession session=request.getSession(); - session.setAttribute("isLoggedIn", "1"); - session.setAttribute("user", name); - response.sendRedirect(response.encodeURL("ForwardMe?location=/index.jsp")); - } - } - catch(Exception e) - { - out.print(e); - } - finally { - out.close(); - } - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/install.java b/src/java/controller/install.java deleted file mode 100644 index ad6b9cc6..00000000 --- a/src/java/controller/install.java +++ /dev/null @@ -1,227 +0,0 @@ - package controller; - -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.PrintWriter; -import java.security.NoSuchAlgorithmException; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.Properties; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import model.HashMe; - -/** - * - * @author breakthesec - */ -public class install extends HttpServlet { - - static String dburl; - static String jdbcdriver; - static String dbuser; - static String dbpass; - static String dbname; - static String siteTitle; - static String adminuser; - static String adminpass; - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - String configPath=getServletContext().getRealPath("/WEB-INF/config.properties"); - - //Getting Database Configuration from User Input - dburl = request.getParameter("dburl"); - jdbcdriver = request.getParameter("jdbcdriver"); - dbuser = request.getParameter("dbuser"); - dbpass = request.getParameter("dbpass"); - dbname = request.getParameter("dbname"); - siteTitle= request.getParameter("siteTitle"); - adminuser= request.getParameter("adminuser"); - adminpass= HashMe.hashMe(request.getParameter("adminpass")); - - //Moifying Configuration Properties: - Properties config=new Properties(); - config.load(new FileInputStream(configPath)); - config.setProperty("dburl",dburl); - config.setProperty("jdbcdriver",jdbcdriver); - config.setProperty("dbuser",dbuser); - config.setProperty("dbpass",dbpass); - config.setProperty("dbname",dbname); - config.setProperty("siteTitle",siteTitle); - FileOutputStream fileout = new FileOutputStream(configPath); - config.store(fileout, null); - fileout.close(); - - String i=request.getParameter("setup"); - response.setContentType("text/html;charset=UTF-8"); - try { - PrintWriter out = response.getWriter(); - /* TODO output your page here. You may use following sample code. */ - out.println(""); - out.println(""); - out.println(""); - out.println("Servlet install"); - out.println(""); - out.println(""); - if(setup(i)) - { - out.print("successfully installed"); - } - else - { - out.print("Something went wrong. Unable to install"); - } - out.println(""); - out.println(""); - } - catch(Exception e) - { - - } - } - protected boolean setup(String i) throws IOException - { - - if(i.equals("1")) - { - - try - { - Class.forName(jdbcdriver); - Connection con= DriverManager.getConnection(dburl,dbuser,dbpass); - if(con!=null && !con.isClosed()) - { - //Database creation - Statement stmt = con.createStatement(); - stmt.executeUpdate("DROP DATABASE IF EXISTS "+dbname); - - stmt.executeUpdate("CREATE DATABASE "+dbname); - con.close(); - con= DriverManager.getConnection(dburl+dbname,dbuser,dbpass); - stmt = con.createStatement(); - if(!con.isClosed()) - { - //User Table creation - stmt.executeUpdate("Create table users(ID int NOT NULL AUTO_INCREMENT, username varchar(30),email varchar(60), password varchar(60), about varchar(50),privilege varchar(20),avatar TEXT,secretquestion int,secret varchar(30),primary key (id))"); - stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('"+adminuser+"','"+adminpass+"','admin@localhost','I am the admin of this application','default.jpg','admin',1,'rocky')"); - stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('victim','victim','victim@localhost','I am the victim of this application','default.jpg','user',1,'max')"); - stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('attacker','attacker','attacker@localhost','I am the attacker of this application','default.jpg','user',1,'bella')"); - stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('NEO','trinity','neo@matrix','I am the NEO','default.jpg','user',1,'sentinel')"); - stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('trinity','NEO','trinity@matrix','it is Trinity','default.jpg','user',1,'sentinel')"); - stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('Anderson','java','anderson@1999','I am computer programmer','default.jpg','user',1,'C++')"); - - //Posts table creation - stmt.executeUpdate("create table posts(postid int NOT NULL AUTO_INCREMENT, content TEXT,title varchar(100), user varchar(30), primary key (postid))"); - stmt.executeUpdate("INSERT into posts(content,title, user) values ('Feel free to ask any questions about Java Vulnerable Lab','First Post', 'admin')"); - stmt.executeUpdate("INSERT into posts(content,title, user) values ('Hello Guys, this is victim','Second Post', 'victim')"); - stmt.executeUpdate("INSERT into posts(content,title, user) values ('Hello This is attacker','Third Post', 'attacker')"); - stmt.executeUpdate("INSERT into posts(content,title, user) values ('Trinity! Help!','Help','neo')"); - - - stmt.executeUpdate("create table tdata(id int, page varchar(30))"); - stmt.executeUpdate("Insert into tdata values(1,'ext1.html')"); - stmt.executeUpdate("Insert into tdata values(2,'ext2.html')"); - - //Messages Table Creation - stmt.executeUpdate("Create table Messages(msgid int NOT NULL AUTO_INCREMENT,name varchar(30),email varchar(60), msg varchar(500),primary key (msgid))"); - stmt.executeUpdate("INSERT into Messages(name,email, msg) values ('TestUser','Test@localhost', 'Hi admin, how are you')"); - - //User Messages Table Creation recipient, sender, email, msg - stmt.executeUpdate("Create table UserMessages(msgid int NOT NULL AUTO_INCREMENT,recipient varchar(30),sender varchar(30),subject varchar(60), msg varchar(500),primary key (msgid))"); - stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('attacker','admin','Hi','Hi
This is admin of this page.
Welcome to Our Forum')"); - stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('victim','admin','Hi','Hi
This is admin of this page.
Welcome to Our Forum')"); - - - //Credit Card Table Creation - stmt.executeUpdate("Create table cards(id int,cardno varchar(80), cvv varchar(6),expirydate varchar(15))"); - stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('1','4000123456789010','123','12/2014')"); - stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('2','4111111111111111 ','321','7/2015')"); - stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('3','5111111111111118','111','1/2017')"); - - //Files List Table Creation - stmt.executeUpdate("Create table FilesList(fileid int NOT NULL AUTO_INCREMENT,path text,primary key (fileid))"); - stmt.executeUpdate("INSERT into FilesList(path) values ('/docs/doc1.pdf')"); - stmt.executeUpdate("INSERT into FilesList(path) values ('/docs/exampledoc.pdf')"); - - return true; - } - return false; - } - } - catch(SQLException ex) - { - System.out.println("SQLException: " + ex.getMessage()); - System.out.println("SQLState: " + ex.getSQLState()); - System.out.println("VendorError: " + ex.getErrorCode()); - } - catch(ClassNotFoundException ex) - { - System.out.print("JDBC Driver Missing:
"+ex); - } - - } - return false; - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/open.java b/src/java/controller/open.java deleted file mode 100644 index b45ff108..00000000 --- a/src/java/controller/open.java +++ /dev/null @@ -1,91 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * - * @author breakthesec - */ -public class open extends HttpServlet { - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("text/html;charset=UTF-8"); - try { - PrintWriter out = response.getWriter(); - String url=request.getParameter("url"); - if(url!=null) - { - response.sendRedirect(url); - } - else - { - out.print("Missing url parameter"); - } - } - catch(Exception e) - { - - } - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/controller/xxe.java b/src/java/controller/xxe.java deleted file mode 100644 index 9e0d61c7..00000000 --- a/src/java/controller/xxe.java +++ /dev/null @@ -1,106 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package controller; - -import java.io.IOException; -import java.io.InputStream; -import java.io.PrintWriter; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; -import org.xml.sax.InputSource; - -/** - * - * @author breakthesec - */ -public class xxe extends HttpServlet { - - /** - * Processes requests for both HTTP GET and POST - * methods. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = response.getWriter(); - try - { - InputStream xml=request.getInputStream(); - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - DocumentBuilder builder = factory.newDocumentBuilder(); - InputSource is = new InputSource(xml); - Document doc = builder.parse(is); - Element element = doc.getDocumentElement(); - NodeList nodes = element.getChildNodes(); - out.print("
Result:
"); - out.print("---------------------
"); - for (int i = 0; i < nodes.getLength(); i++) { - out.print(nodes.item(i).getNodeName()+" : " + nodes.item(i).getTextContent()); - out.print("
"); - } - } - catch(Exception ex) - { - out.print(ex); - } - finally { - out.close(); - } - } - - // - /** - * Handles the HTTP GET method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// - -} diff --git a/src/java/model/DBConnect.java b/src/java/model/DBConnect.java deleted file mode 100644 index 9dd95fdc..00000000 --- a/src/java/model/DBConnect.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package model; - - -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.SQLException; -import java.util.Properties; - -/** - * - * @author breakthesec - */ -public class DBConnect { - public Connection connect(String path) throws IOException,ClassNotFoundException,SQLException - { - Properties properties=new Properties(); - properties.load(new FileInputStream(path)); - String dbuser=properties.getProperty("dbuser"); - String dbpass = properties.getProperty("dbpass"); - String dbfullurl = properties.getProperty("dburl")+properties.getProperty("dbname"); - String jdbcdriver = properties.getProperty("jdbcdriver"); - Connection con=null; - try - { - Class.forName(jdbcdriver); - con= DriverManager.getConnection(dbfullurl,dbuser,dbpass); - return con; - } - finally - { - - } - } -} diff --git a/src/java/model/HashMe.java b/src/java/model/HashMe.java deleted file mode 100644 index 5cea4546..00000000 --- a/src/java/model/HashMe.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ - -package model; - -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; - -/** - * - * @author breakthesec - */ -public class HashMe { - public static String hashMe(String str) - { - StringBuffer sb=null; - try - { - MessageDigest md = MessageDigest.getInstance("MD5"); - md.update(str.getBytes()); - byte byteData[] = md.digest(); - sb= new StringBuffer(); - for (int i = 0; i < byteData.length; i++) - { - sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1)); - } - } - catch(NoSuchAlgorithmException e) - { - - } - return sb.toString(); - } -} diff --git a/web/ForgotPassword.jsp b/web/ForgotPassword.jsp deleted file mode 100644 index ea6a01fd..00000000 --- a/web/ForgotPassword.jsp +++ /dev/null @@ -1,54 +0,0 @@ - - <%@page import="model.DBConnect"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Connection"%> -<%@ include file="header.jsp" %> - - -Password Recovery: -
- - - - -
Username:
What's Your Pet's name?:
-

- -<% -if(request.getParameter("secret")!=null) - { - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where username='"+request.getParameter("username").trim()+"' and secret='"+request.getParameter("secret")+"'"); - if(rs != null && rs.next()){ - out.print("Hello "+rs.getString("username")+", Your Password is: "+rs.getString("password")); - } - else - { - out.print(" Secret/Email is wrong"); - } - } - -%> - - <%@ include file="footer.jsp" %> \ No newline at end of file diff --git a/web/META-INF/context.xml b/web/META-INF/context.xml deleted file mode 100644 index 6f508867..00000000 --- a/web/META-INF/context.xml +++ /dev/null @@ -1,2 +0,0 @@ - - diff --git a/web/Register.jsp b/web/Register.jsp deleted file mode 100644 index 2a7c0862..00000000 --- a/web/Register.jsp +++ /dev/null @@ -1,51 +0,0 @@ -<%-- - Document : Register - Created on : 2 Dec, 2014, 10:47:44 AM - Author : breakthesec ---%> - <%@ include file="header.jsp" %> - -
- - - - - - - -
UserName:
Email:
Describer Yourself:
What's Your Pet's name?:
Password :
-
-<%@ include file="footer.jsp" %> \ No newline at end of file diff --git a/web/WEB-INF/AdminPanel.jsp b/web/WEB-INF/AdminPanel.jsp deleted file mode 100644 index 6dcc5072..00000000 --- a/web/WEB-INF/AdminPanel.jsp +++ /dev/null @@ -1,7 +0,0 @@ - <%@ include file="/header.jsp" %> - -This is Admin Panel located in WEB-INF. You can't directly visit this page ;)

- - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/WEB-INF/config.properties b/web/WEB-INF/config.properties deleted file mode 100644 index 452aa0b8..00000000 --- a/web/WEB-INF/config.properties +++ /dev/null @@ -1,10 +0,0 @@ -# To change this license header, choose License Headers in Project Properties. -# To change this template file, choose Tools | Templates -# and open the template in the editor. - -dbuser=root -dbpass=root -dbname=abc -dburl=jdbc:mysql://localhost:3306/ -jdbcdriver=com.mysql.jdbc.Driver -siteTitle=Java Vulnerable Lab \ No newline at end of file diff --git a/web/WEB-INF/users.xml b/web/WEB-INF/users.xml deleted file mode 100644 index 70f21219..00000000 --- a/web/WEB-INF/users.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - NEO - neo - trinity - neo@matrix - I am the NEO - - - Trinity - trinity - neo - trinity@matrix - it is Trinity - - - Oracle - oracle - java - - - Anderson - anderson - java - anderson@1999 - Computer Programmer - - diff --git a/web/WEB-INF/web.xml b/web/WEB-INF/web.xml deleted file mode 100644 index d208798c..00000000 --- a/web/WEB-INF/web.xml +++ /dev/null @@ -1,99 +0,0 @@ - - - - install - controller.install - - - loginValidator - controller.LoginValidator - - - Register - controller.Register - - - Logout - controller.Logout - - - open - controller.open - - - SendMessage - controller.SendMessage - - - ForwardMe - controller.ForwardMe - - - AddPage - controller.AddPage - - - UsernameCheck - controller.UsernameCheck - - - EmailCheck - controller.EmailCheck - - - XPathQuery - controller.XPathQuery - - - xxe - controller.xxe - - - install - /install - - - loginValidator - /LoginValidator - - - Register - /AddUser - - - Logout - /Logout - - - open - /open - - - SendMessage - /SendMessage.do - - - ForwardMe - /ForwardMe - - - AddPage - /admin/AddPage.do - - - UsernameCheck - /UsernameCheck.do - - - EmailCheck - /EmailCheck.do - - - XPathQuery - /XPathQuery.do - - - xxe - /vulnerability/Injection/xxe.do - - diff --git a/web/admin/AddPage.jsp b/web/admin/AddPage.jsp deleted file mode 100644 index 2bcf0443..00000000 --- a/web/admin/AddPage.jsp +++ /dev/null @@ -1,21 +0,0 @@ - <%@ include file="/header.jsp" %> - <% - if(session.getAttribute("privilege")!=null && session.getAttribute("privilege").equals("admin")) -{ - %> - -
- - - - -
File Name:
Content :
-
- <% - } - else - { - out.print(" x You Are not Authorized to view this Page x "); - } - %> - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/admin/Configure.jsp b/web/admin/Configure.jsp deleted file mode 100644 index d60ca8b0..00000000 --- a/web/admin/Configure.jsp +++ /dev/null @@ -1,33 +0,0 @@ - <%@page import="java.io.FileOutputStream"%> -<%@ include file="/header.jsp" %> - <% - if(session.getAttribute("isLoggedIn")!=null) -{ - - %> -
- - - -
Website Title:
-
- - <% - if(request.getParameter("save")!=null) - { - Properties props=new Properties(); - - props.load(new FileInputStream(configPath)); - props.setProperty("siteTitle",request.getParameter("siteTitle")); - FileOutputStream fileout = new FileOutputStream(configPath); - props.store(fileout, null); - fileout.close(); - out.print(" Configuration saved "); - } - } - else - { - out.print(" x You Are not Authorized to view this Page x "); - } - %> - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/admin/admin.jsp b/web/admin/admin.jsp deleted file mode 100644 index dd364f88..00000000 --- a/web/admin/admin.jsp +++ /dev/null @@ -1,9 +0,0 @@ - <%@ include file="/header.jsp" %> - -Welcome to the Admin Panel

- - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/admin/adminlogin.jsp b/web/admin/adminlogin.jsp deleted file mode 100644 index 208ae80e..00000000 --- a/web/admin/adminlogin.jsp +++ /dev/null @@ -1,57 +0,0 @@ - <%@page import="model.HashMe"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.SQLException"%> -<%@page import="model.DBConnect"%> -<%@page import="java.sql.Connection"%> -<%@ include file="/header.jsp" %> - - Admin Login Panel:
-
- - - - -
UserName:
Password :
-
-<% -if(request.getParameter("Login")!=null) -{ - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - String user=request.getParameter("username"); - String pass=HashMe.hashMe(request.getParameter("password")); //Hashed Password - try - { - if(con!=null && !con.isClosed()) - { - ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"' and privilege='admin'"); - if(rs != null && rs.next()){ - session.setAttribute("isLoggedIn", "1"); - session.setAttribute("userid", rs.getString("id")); - session.setAttribute("user", rs.getString("username")); - session.setAttribute("avatar", rs.getString("avatar")); - session.setAttribute("privilege", rs.getString("privilege")); - - Cookie privilege=new Cookie("privilege","admin"); - privilege.setPath(path); - response.addCookie(privilege); - - response.sendRedirect("admin.jsp"); - } - else - { - out.print("Username/Password is wrong"); - } - - } - } - catch(SQLException ex) - { - - response.sendRedirect("Something went wrong"); - } -} -%> - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/admin/index.jsp b/web/admin/index.jsp deleted file mode 100644 index 2e6fc9bf..00000000 --- a/web/admin/index.jsp +++ /dev/null @@ -1,12 +0,0 @@ - <%@ include file="/header.jsp" %> - <% - if(session.getAttribute("privilege")!=null && session.getAttribute("privilege").equals("admin")) -{ - response.sendRedirect("admin.jsp"); -} -else - { - response.sendRedirect("adminlogin.jsp"); - } - %> - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/admin/manageusers.jsp b/web/admin/manageusers.jsp deleted file mode 100644 index 5c927883..00000000 --- a/web/admin/manageusers.jsp +++ /dev/null @@ -1,31 +0,0 @@ - <%@ include file="/header.jsp" %> - <%@page import="java.sql.Statement"%> -<%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.SQLException"%> -<%@page import="model.DBConnect"%> -<%@page import="java.sql.Connection"%> - - <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - Statement stmt = con.createStatement(); - if(request.getParameter("delete")!=null) - { - String user=request.getParameter("user"); - stmt.executeUpdate("Delete from users where username='"+user+"'"); - } - %> -
-<% - ResultSet rs=stmt.executeQuery("select * from users where privilege='user'"); - while(rs.next()) - { - out.print(" "+rs.getString("username")+"
"); - } - %> -
- - -
-
- Back to Admin Panel - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/changeCardDetails.jsp b/web/changeCardDetails.jsp deleted file mode 100644 index 0df3868d..00000000 --- a/web/changeCardDetails.jsp +++ /dev/null @@ -1,70 +0,0 @@ - <%@ include file="/header.jsp" %> - <%@page import="java.sql.Connection"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.SQLException"%> - -<%@page import="java.sql.ResultSetMetaData"%> -<%@page import="java.sql.ResultSet"%> -<%@ page import="java.util.*,java.io.*"%> -<%@ page import="model.DBConnect"%> - - -<% -if(session.getAttribute("isLoggedIn")!=null) -{ - %> - Change Credit Card Info:

-
- - - - - -
Card Number:
CVV:
Expiry Date:
-
-
- <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - - String id=session.getAttribute("userid").toString(); //Gets User ID - String action=request.getParameter("action"); - try - { - - if(action!=null && action.equalsIgnoreCase("add") ) - { - - String cardno=request.getParameter("cardno"); - String cvv=request.getParameter("cvv"); - String expirydate=request.getParameter("expirydate"); - if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals("")) - { - Statement stmt = con.createStatement(); - stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')"); - out.print(" * Card details added *"); - } - else - { - out.print("* Please Fill all the details * "); - } - } - - out.print("

Return to Profile Page >>"); - - } - catch(Exception e) - { - out.print(e); - } -} -else -{ - out.print("Please login to view this page"); -} - - %> - - - - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/docs/doc1.pdf b/web/docs/doc1.pdf deleted file mode 100644 index 0e18f85e3d2be568b887385578aa29e0c3b4e3bd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11027 zcma)i1z42Z*8iY{pmYf+42YD(4B*f`ba%%9L&Fe5cZYzK64D(aQUW3%0s=~dba#iO zKK-^_8#uo)0?0^S3IwT8g9T71vEKRV`9_$0|+5zSrtEl zPWiyC*awp9qtgxI)Jk;u$*S*jk_yM?JLC)zr1fl0rN85#`{AYIz9cw-|;*8 zdi2-94C+d$rMr!Sgtd`Hprl$?$(XworIo9{iv+(>SjD7mmnrHS_U>=8wya`CK zgb|N}g;yc8y{m80@z;aZtnf1$tZP?lGQvyx<_L}?N$B@N1)##~TKz8K2#i$mFwwKD zv@`s+>->p^*O8NFgafa2?iA2ciuzFlm{NG?}#x)pgWm> z=YvS%(4atal7QOmhe<)@CXB_HuGxg#!4SuX$Uw7sZeA?*!0#sL(`afSyvzXReViUq zf{@TI0#dbbBv7L3QB|l;9M$q&3<*M&M@jddN{GwcAr;-qRx5r~8n&5Zv97<)grxik zz?G=WR<$BJC-uU50>UnA)q789hf!^!%zH03guJzTpOcq{J*e*UE62M&1iK;1ZOQY5 zIyfSMMT7wag#5WLK!jvpq{QPr=&=cD%i@Ug?^ugY#!=_fG(^e77j@~AU`k4YRTPr$ zf1@D{UCe!*qm={6D^-*LGA{Q!O@<%92c zPb4;rmWenT`(22PI17v|Ct*N}SH51}LyVs2I6|r2F*l$-Oh;A_DyaPEY4cN684G#{ zb09sfJ?#!-2Hgx@6ELw`${gQWP*-7A+<_sBc8;+{HJe3;1)XW1MC;iI6OzS1)uS*% zn_J^Z!{BX7g-(tK)Jf)`gvh8{CbGO;Rj)uJ52>*cHdMo@IU&WT!6)Ha?fl{=#)>ov zYe&SQ#DZ!R(*=_ylbJ?HsWM!>VZ?PrYEyTU7gvI-5Mw~ix}XMO6nJwWO z@f{f+sVi|WnHv_hPO%QLUAEaCRtH7w6AvKOJo4Z&FcoKb z@8cef)yCd%wgECFGVvFfFQ^oVh7(iU?BKC_Lu|op_t_d*vvetRI`r+UH|x%=>=79b zGgiKxVWz}Z>Q=*Mhh^odY-1n3o=h72G?;5BTXXC8b+B~kteY}(AI`L)F>PsW9=i?> z&I|6!>4gmqeg+R#jvipX_=;m@Z;|0HF5t;m?#91*G&<3$yX`ani=4brK283`_dL(9 zhi8YBYcUO*4bBEzh6N4}>Y#N^4r=a(?y=s%7kBY}@iV0pJ41>}EKAqK`Ynw{jp!=y zD#q+APvlOR5$#j`jqTn8;fus8>N_rT+WkBebwAv{_0J+g=a~I#{NrvQH&kePXww0! z0VSfHpI-&~isffxi2V@559$q)Y!#w)lriZ#iEBK>UAw>L9vU(z4JhnW`^<(uNm zcR>x2;yLl}J^$Dsn^#h^(dM_{w-Fd|*S9yex0fxA4PNe8mhbx0EgnXh(b zh@!e=>O0}|;ne@ShI#92zKS?R*BTsJp1mWR!n+NSQtU+Y@uQ5R{a zRDRr7m4=%@A>mCS{(Y0yU;(q~N=6a*&5_@yb=qIBj*vd+;gc!pP6l5_4iTd>k4xFn z#MGh=k!Lps7d^`p?kygdoFGzx=hp^Dm%|lrjEh^wZ-#c^d&u#lD{YDj3!~&us{StX zY+Lp>jVbQLTn&4bd(T8t{MLUxJUZAdidN3@yL%dPcyW8w{PVc@=b@APZ--6^F(4Rq zuGH{!gabJwJ&@AsNYv>QMKOcj4xo;je+u#bP3V6=se(ZNJffDzH{yK(J&<&7{_=!k zb5dzB{}~46sKs3ddI;J14G|kX25tKg-rzyZ$}^G84`%g8DlhE>#_8h%V(y4Zs>{SV zsO$-W^0(B9kCGoDcT!q{v+=3hb3Wd)zTbHq84=c*nqaNC5|{gK&a3#9PR;kD)pWe~ z@?{i?%zEb&N$e(>jARuW|4d`45egC7ZXyHg;SNX_;H{g~Q0`NN zn_I)g5gtH&5Q+i;a{_tzI1Nz)DllghBg(gb@TtLF5U$QQ*pwYX?gd{kEs0Y-$5HyXCs=Ng(VH&gzaZGx)8TggO{_TXCoXZ^!-}Ow^FH zItX|hb~V%p>ibu~RbZB=SpPf7w_5#Gjz}O}f9r|EA#ZK&0@S}XR}FY;!XL?UE9>$P z;s0|ngYw2dikOQV#4}>RJ&QZF|LtY)t^fYgNzBFU)_FYO+geCM7OD39Nvo;fRu(X4t zL~uCNk#Ku0Aei^|{ttiMPI{}7v$Z1<;rw^U-NyPa3vY|W-)ZpwTIdg}%wZ@EQ4^x# zg0c=3m|L|a9Z)snZK`m{nxougjr3%bxmCs06#095-|F#OAB3iZ_3!c${8t+OTgAUC z_Iv98vu3yP@N_}hE$d)`xXnj3xTQ7f$>RxR5nd`Bp=wzcfS<)mKnR5AUyX~43wYajQSFv~dk+SoGKia-`(K1xq9Mx1f7>d5-z)$71CbA<%-?Hv z!@+KcU=RW3ynr&e^N64lU7UrMUYsaWg8bD9+GlDeHSlXN)@*ZZCsdO!K$xqg?%?~T zTBKO;%{vCIyf6m>g9SmhDB7BF{5zjOcZ5MrgMQ=VGW$M>6=S+fI*|@RtcM~!{kmnO zZWvj5K6h>uoiu{iVcJe4UIS$mZ^@bc9l67R{efogS=$Bi6}=JjQ`>%JbN;W6vl99> z>7d*MLxtn*POot#ene2We!p|L95>UG7#tpSQ*qBs?!)5?2a>1aiT8qdyCdUQz|MjM zh*|CSBp3$c`6epPW;h|U4;q&Cx3hvZZ2M1>^cl&qUwW-*{MlREa#H=%Q7bmj) z5c+(s%A=hNx6>&^%Uq*!07$$mgn{5?e$Lt1{7;WhSW-sNE|Vy!AeeXRuPi`TXysR? z2cPVHYSGXA1FlQg9ajU*Oy7~xnlT^gFLtZ!^TcWqA2nuk;9}7{{H5R8E#@C`MBKU% zp>a4%xSl21HS?JAyNs_u)aaeEQ-Uugt?@YvjQ)*#kHj^b?nM^HYnbO>G#punT*5-? zje+waaRE^Dp-nTSNdMG*tkVwRA(*`Jn38l$VWw7q^Sw%CcLl@DflkelfTIP?Ik4a*=(9d zy?SR2ru^w$%l&-~vF$d|fmsv_d#kw9B0Y6KJF+xhXjfPG$6c*$S5%3h2M!)g@3ou8 zeF@acZbCa;UG(ipSLA#RajtGK#u_Dp8aTM{5$Fj&nKa-cOK#({;xbU8FZt1*wF*{_A}d$N;6Q=8GZ4WDOY8s$!2P9RcB?T<;TMx`7K{hKax$jGTTdK7%3Al(t7yzcJeeL?XUktYbtGC*P|_29NuIC~#$4VFkyjhxE z4B^AeTFG27k0qDPXtf%k!iZhVB9ATz0tj8nX6Td-M^eQQOZ8b1@U^n;YlR@as@1vI z6)uy2>qQL6@xnHKLqf~;Lgt9Ddof|J$-E`({cmc+CT&e_EJh}Wh9)N$nQV7Om`BfE zyqvlw%v|w9BWP+JHMP<;4nL>00&)B8lbldiCXY=u;V)V`J#NO^^`L7!FwX45i_l(U z^8j9qU*cVUNu0o!JrYD$ELV{52o~##m)Fz25Avq7ZkNi_75y~3O>o4Bl>CSut~fc) zXs0hK7UA<%?<&2sVqtD+th!g%+l}j9*3y3G<7wYR4&v^;&~YcR?W8Bz$5`JK81hsF zpTIU`qdQj6@(P@ODU>Lt_x554N~!1ZsxRAAnU&n3VpJ@QlC2@?;1$GfEQS@NPzBwj z(KN?}kHrSa^wtts8EI35j23=X%vIVif4c|~pZ;+lZ*7xuTfby%Lvk#puE&;##>)Cg zYr*BBnn&2{;${E5mcaovM8OhYFU%{*y&STTj5k_a!BnDuwY`y-;{Qw8qYZhoWZV~x z>rf#8a0@0_{$#>K-EbGeB&_5RwI&H_`K*2@FPK<@xy)-mk_&$|(>J=G`X70(O)wZDbfm5swEBuo8 z*7*p(P(>0?qi<21Z9>J|wGd39RSXe}Po&gKR7WTj1v`aI zA+OT->>y4l!EeRLm?p@E?RLvQOX*{e&=MmCx6r92*tpZ!@PhGvN|D%my8XsF-Q|Q1|qaWT<0BzaFJDZ7R86?o~h0%}z)sF4kCrFr`e>(KVrgKR`PNQc#_!Kc4n+DCR z^{85(5->}4#H6GaL!5IduZ(7Q>M*jg0GNkNKEgeI$LWpD_CZO{ zBhZExjaMg7N zHdWON-1j6qCHL$cs<(uTl|TqCY-a9UNt)BUVjgIr-4EK$9c;ZXg+R+$i?yn0T?S)=5-~G07);Wkh>K_4MWs~$Cd^vzC7?u^- zKQ(RPfN$Khx5#nWLIVBxhV+WCHrv;P7H>m^Z4#aALjGFb#FBHWTX_vW*~R^|oWcvI zuQigugcslah4({tD=VnE7-86!$>qJa<6@e84M!@Kk|VdzJjB@O)Mxqw0uRUsSdN4{ zB5NRa=Jf%)pGir^2)%rG+5)K&MfI6OG%(&A|CB{c{%gUu?laOTDzPYuGs7^mWz!4F zz~+=KbKaMF^}=EIDJcnGxo|xgqa}BbU+_Y{@_w~|snJhkSx;!cU~Ew@Ti<#^-qve1 z;25(&M)KT^>r>a|{UzmxM$spzlixIEouwwGz&s93;@2>S7~Ec{dr?&IZr>J3oz*%U z<+&;6ZmBtMbmMM*eav`!ZN|c#QsyVntxBQ@mE=Q27jvU^s+C%2oah#w!0mARlFKX@#DUqKS zq4ki|galAxf_V2Jl!5d`zU=^B5|o)cI*2KD7n4;AjBOtXi4b20&FiJn^GAGjB1}q@ zUO*jCaVtfN^TPvW)km(gNJI!11-^u zJF{``KBb@#&(nB4qUfe0?KxvG6>58`(rnETjK0!{xr`WjYgD9LzCw{#g@MMY@e<@n zStv+4hkH!{0U8h|fj&nu5lX1C2Pj7<5zBArU!G>F0xDR*6Z;RdxLD&Y0R*iA*a~ zjl`4DG6`)+iJs!@5l~SSynZ*>?wDX<95u<+mn$r8W|C5_`YU{W6a2w4dP8=VlT}=k z>cNm;boF46rdiJi*+S{)p_fBOv>e0SRf`%Q-$=IukFyidpo#a&V?y2#k>a$_o4-v{ zkJ^dEj1r!-doY|4zFu5)&D7JLa&u4d(dD~#X`)Hm6e_dVTD-+SnOvXr(MjZzJpk{R zjhH#fafu&FMYf|G>Q*zoGy9d2U~+=C`U=K!Kk^&+^$WR}$hCrpg-znqrF?qt$HjNV z?Op~awK3H?dx&XB&C3a<)jf;cR55B1(<17MOwIb4DQ>xZnww;2 z-n8`BZvD zIj5h04dP|(AZxHlTQxI9@ncGk6zP<{y?oY?JMJ2y+e}bW=bk`%nWts`V+w0yn^)+` z4W~z8sUZ`lcsjHh9#=|X1wbD$UYoy5fQ_Lp5>3;g~QLOwfJ0D``~zj#E5D>!m$3EAMIXu>QecFwy zkA_LfpJYmExrxxJ3P1-~&MA75rzaPg^nuXkRJCvdFO98p+#sz(GpU;|MWnhr&4IF# z$d{bTTyW^^M?#@fHKE~c^hh6CN}}~|`fedwJKW^}+v2x!%Xl31{cL>`!0!dTjbou3 zk%gJ7A;V0K!(V@%PSH1F*^aTj!wt>g{KfN0)vHBKOXJDPsGyu@Vx`$HQfoabPCJE4 z%_#T*xxL~Fn`jdsbi7GX&s^DA$roBqVE+2Spe9TUH(@*MKp@Pr@pX}y-T~NCU?!g3?!h)K*ZFb^DMjowXc;S9GgNK{#%lgrt zoE^?l3cvARa98SZ%ewL|7B4!PYl@junKOKkf3UuDxk;(JFR-?ALszO|!xt~mxwCx_ z`2`2oG{8Ll#0PtFRli&hTJVF*iE6S0DX`uYG0hQ4gJ`k=Yerq^J^Zwi7OJtRsS$W5 z&8;;{CG^`MZHRNr)28V?tNR|1OmCXO+6kRq_rDZx*>|(w*`oF zTI*zdS;J<$)bznbw9lbm>H}5)Egf@hLhIVRQL(LlhFh>5np>XH5x~k}J-qRZ-4A{e$HmxxJ~a?=po@;Cf{+?LU(Gp~H^YYSPF# zZEP|^%<+#Je|XPvSZ42k^sQ^*(RGxB5Y?XBe2t?DV{9&2694j)Sru%SD-a`FN1)Hg!b_{!J zPe2;l-N|_Q`latFbOzEFhRM9Rl85uqxxT zs73;Yi4ql0w9JmG^`vyqAob&b(K=GC8RVm|82cv1CKm_P@4VZ@Zt@;lly_{?+G^3% zcQc|5CFQK7Wy`&-AAMf3Q)6S=cz2ZRE&^ylwjwnc8q5`j+U4u*4+yAvp(lbQ^v)k> z5(<^2i{HLfrC_r5PU2;7{># z!O~9K`_i)aa%9?5K0`;Y^h;=SwfN+*=o1kRwLAQDR^b(9CSD)g7+n?c6|gK_h_QSV zdUzp5<_JMEv*5fVqV%OvX>noi|?3tvE?#nFY(Npl>A@Ty)U`q>k2v<`y_?IFGGFe*d{* zY)mFZ_$X58vF-_Ss&lpokO|<$+UNaj9iR?iL@NX^piyJ;qB%awz8?1&cX2A6J>;qC zIIJ?*Yd|-7b#TbIC1gqS?lc`OC8dM>B-twy)1!25HxvjIS(62f z!61-jrJhsSalmoNF}&95Yqp$+6LwGb&#Yi;Hnqhl)T*MZfdDW6exUg*%yc+y=8AV+Ampv5?xm z+R`|yMa?g}x>1|DWIIv+p7Vz){9g+k8GUCWEBH4ir|r8Z;~V9Ep_CV-A*Ry+_1KfQ#H2XJ^>&eme&++YPJ+e-iUzqrAF$7TOO*Zv95NWf4a z6TF v9OY6VhZ+KbLR@bXRSgBr-Qs-U-$?aucnju?{Ox@(2*SyS^Yp2tvef?ow#J($ diff --git a/web/docs/exampledoc.pdf b/web/docs/exampledoc.pdf deleted file mode 100644 index 60108dd03152af8e513b9b8014b8e14cfd3a8264..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16531 zcma)@1y~%(7N`S+;3PmGxO4*@4oN7 z{=S~-K7Gngo$7}A>yXI`iO>S+nBd7evOAhOYC6*383+M{R(huJTwL^$AWI{AV?su- zM2=p>#M~ZaOD|%sYY!3v>023qczEFL>}^517Vyr=apC-Ckid8TC%5Q!7>-Vc(S64P zuyqaa%kghq-&tAsC-` zDL^RL{xw-6$MSADT@3{w_-mGf)Id8@FlEZwhH_4gAZNJd44Tv2CN=Zev*EO{?6Ze# zN1E)moQ!OXfJcVrYYIB-*vcnQY+clh*zfE~J4F(XK&02-*bgQ^!feeAhiak{m)1ZN z`##nXcD->P_a|-O_8z?WWFB?*d_Ww8wCvTv2k*xZ3c5^XTM0N(Us=gr^s^wQ{fq+g+Ys!B*GO&RW+NWU22$FDOqh1adUd2g!*F z&`S{7+d90M{?E~2ga4PIf&cs1K)nJV5dYE(=D%7j$WI8MV}>UrB&65Z{p}K5!k;~3 z{Y&o;mtX@+{>>%+XcUkT2xJDZ{k;)eu4XC<%JI8e_sQ~#0qe3|@{yu=Y=ob5(UpRH ztc&E*X?!9C`1yT(WFdKeL{l?&N|OcwgRwtp)0_0zA4o3jegEb!<{p}Y9MfmdvD8-; z(~{z5H^I%2VBb>8nQ>*vQD3`2>2xFy%@aNBzLIk9anr*+$!=6!J!4kde7$U@jB>oN zM{#E0W!Tn1@p#1Gg5x;%IZ?tNtt>j2}`0W!P>`g1|7=q@) z9c!Aioe?LI$a^u5tc8{31i*8Ew7@27B%l=s4v&>!n&gRW{dQ@g;|3IR;|$jqhjL?q zU|%((z^xwc{O)Z1=;#J|z#cx}mwezr^U=a1C~Yj_-7^Z&8z;a!_=w1LF#$tH58JX4 zg5=h^OvE9U( z)FK_}PS4uJbUCCyw;+m0Pn9=*o}T(T>3NP<vay3%(G}GB^h}}87w_8M z+CIkKTMJwKv>xEa_2@`%?H={G#Pi3ScP`&?J9$#Q@EQCbEH>X4QQ$;kH?zFsga|4R7txF!t=SMkibSVF7~Azv+uQ(R~{xkBgp&EBFKSYC-U z*ByX{iKxK6glu=0@LRYUbH7xIfA7m>F>}uwpYyb`^D`5j<1cZvJ}v*0$;_ahA2itV zoMnGl&nuTXIVn;kY4%uP!g*CIDIi1%_;|j$^SUuh(%qFJhg)O}{W~uO;-!u=3=DVh zA(lCgc`JauOe|`sf7RIiL8lCZMAChT(n0s!>MclwD?puiyT(!l^PtE`(Sx*J*Tc>a z!+G=AF?+QqXEWYto4iKy?AMbVV;i3i8z8s7zGx$WuC9+K>I)h)7P> zkA962rYusr&*8Qi2terYk*h_}$pu95SAHdRNAZv{$n;hX60`O9G5wyZmQzD}JvWsS z4!_AxhEmGRaTzv*;)Dcwd_9Xf6&^qTIkOol;76VaPD`LBoQPa3*~CWQV!@H>Qc+N6 zCo$C&%J?)&Oz^Ck*>_OAV_7lzKIB9W6O%USaNpUOi|w|AG($wyBw)MBbg)ph+IJ`= zi6p*eP&(NpX={6MF|ZLDrcT)8y0%QH19k{s)UH0U3%1zOyhOWrlC{W;E`lA^LTCS% z&wS$~e-2-Ckx2@dXkEn})rl@{7A7 z1~nQ7r9o%F2jm<`i9FMjSQb3N&ob4ljJ0H}u0vEAvot-3S$^KoQ=C(s=&RyhOu?p1 zs39PZ0hfB!vyZgmwYWC-iK;6q&Q+8>J{etHEJ|TcILEQ+Q-o9ADD(uK` z1SWAtnK8=oUz9_|W3&EQvCCn=?yE+nV}p&0;`rmX8jSc2QX~=|ftFPa$rwJWL!#e1N%+lk(zZFLj0t#kp2U<(IOJoORI;YH% zoLjZfKS^iveppL}t^Ax0105bDkPFL!!q7RF7_Pr=GFkA9N1aO$Xszalf(FHs<(YB#QGCgxH+$ALz(jH2DwGb zaXA!8V*5vdCgO2eUo3}Do25b40$d~v90c!mvtTVzXbv|7zIr)B;*5M~gsR&P?lrZpso}9R0dX zAmI{(J&zC0gz zKfrdJ0X=}n*#8)SV>P=MQoU3iTzuAYhw~P}YQ-JkB<7N#l|%tku1|d(G!zr5zJ7@> zY0aqJZ}%qEMJqY+c+15X6Yu9oVxdl8RO&k-O60)F%&=SLVt#|eAQ$N6IJIF|a-O)N zZr>!c_AN-<;{2$+0}083GIiD}4hmd5iI{=peBA4;)dBien%)uK=N%i*wW~Ct4Nc%J zl~Z^r1wwD(ac-GKTG$)8n_T1^TlI-_9iI0_0{dL=jHz?FlLv7Vweu)DL(1u-ay$Ac zVo3TlY`eV5>4sCHHo`(ao|OzPf0x=a@3kz%EKG+&m(92;E1Nwicx4Ao`VF?ygP|{A z?ZNDpiC3G2;+G$b{^%!|P#q?Clg_QG+GBuBr~*7Ur% znm4zaIs}Y(U*%XkH2bPOO(uvf*q^1ueAzvZ#Nz96HmB>ooOny^%Z6Xjl1dK^5NMjax}dMoF+b{)9c4wKjvYIFtXq5eI9o7dME~KR5fkJL3>bUPQLZ zEl*o}Z?tYZGlUvuUe>O489?uSaj_C&MkH&Y`7-goPsQx((GL~uQSpi2qqpq`wIdT> zsd>e{E_nx4df3dEIzyOr$dR zfU1$ij{RKq&9TBX*QCP3TM5U~j|<<=A9|;KKiX1it2XQE=H{2pC+sdaw7Z&I<_^vL zwBz?Bvg7Y~a0!b$*DsM;tH8iV#XHzfTu>Rt*D-tDUF}tj;u5nlkNw%p?6o(V0V z8y|cRJpG6859j*+I@EsN0+h*WBn<1^`l#>vXyU{-#+k(cpRhR6x{}SKPh(GPg_K)M z)k$ovw6Rq@+3o5Sb|%}~6bHZ0Y>rRANq?UTtwC6q5TaypR^(P!9@$c7JFq^;F7=ja zk*&RWxUiIN3V{qgj_Mi&nj^d68FT6I{Ae^@ZlyZgSZuk#0SXbA*)s3TkV+^$^!G8GdFn)eko4!lMB7GyT1gGWn>C_~G)AC^2dNAp*pd*T$BVVJ`& zX4szQ(xMvz_)kU?vdUd=PLkOV4h|!s7+Ws}JmQ9WR+@P|PU}w$S1O%iYL*9omfv%? zMq=){S)P1`zo)_ly3g?4Bb}BVFK{$Sz=-xb!5vYQ5n4Lo4h8$(yL{UAmI%0CedP}G z3+t}uQf8k$g$VhQi$2(Jt$mZ(DTffASTuBdt{a|YD~!sx?N|930?Ex+6p>IFoDr;g z50OzUBP{Ojq3%Z!k$X7Xz&9k_M{)KcGoRRV`zUP*ZP9VVHb{$*m)1VEUK~fK%lj~+ zPJRMt`?$l6ldh8eQn?ezJQ4T8a!~T|82`K%+xbYg&Dt8dN&>eWvx)>aEM_eZnX(x* z{pmgjWzS@fV%%-KCz{RYRotws76LjwEZL6VTRs z2DuLPL~wGXgBq7km5+|c&23W#eVI(+xBW*Q29kczf7KtqM}3@cY06XGTGoO8&WazT zU8Z^wFa|yJe7lco<^S3R)p#Q8DXMFaL7L+j1otLecQ3ospUgNW{WE0k>kHCIvQeRn z=<#L>G8!@2VG3xn?&67_vnG6Nj9p2;bp?lpWHCl+)V98Uq=WFiLMwgkG{r*pTq^mg z0p(BAoZ_*i)~Yr{yC0n@ikZ~rV>xX^D;5R@#wt44Yh$HS!fGY9gVO_7CwVlEhgKFJ zRvnyox6!NwAUj(fF5qV0@;0anN*K2fU7h;kd}%tfv?u6hmdaagD$Op{ChdyZpvMZ; zx`iyUh=JWy)axRg<2qS*HptsK1S~A;@fz>gJ37yM4nL(n>T`Y>MQ%JC)q_dl9y%_! zbLA|t;|)SSdD#7qnSDUrl+#lBB)vtKZ!PIBNPYR^ky^7=Qshr2EVPoBQODj$-CzO@TQv0ZY^MDXnoFO2=Et9_-o z+8;j|(b9fghTbKLmwS}DidKI1Z%s5XU5v37hE}lqn$KP`-aMF4Os$zOkOO~<{ZTE+ zkYm^$DZfhI-xXa$lJ>hoh`JdEgM za_(m2tjy{gT{iHBoCZTp#&(fSRsd2{EZ^aiQKqeCDJKlsT60IYVUK+gsE;*^n(WOE zBP>5#}T!*T5__ZO&g-8sO%N6 zowPWnI-$?w?t1L9|MCPoooQY}cCgXp5RZXSJW;#5=V|Gu@77+o;BQ|s>4AC>Sm0f+ zO8yp@G?cS#X1J^quHan=@1xkEI4K7mqXZI7Jq*MxNs{D-$0#g)!=+w2S>FwsN=U7aIP^M{4y3$~Jj*-98QX4xXw#Mx-s#Ctz zY|}3mF3nZ8Y{)Ym5ML;2ut>cN@3&8^-8ugxZ$}X)@v+jX2DU-K3IxR0O+hdkF09PE zOLgAK7|yGS+o?|Rq_NkFanL=1t6@P}*N<}agsa=JNd-cFn=2JIloKyOS?25ZH-l^@ z<`cq1+l7PhY4_rj@)1s-dCk}GQ|VID(G*38VV;Xz1EU+-psm;&#F(n3X2scBwz=Q& zlkIGh;aA1!b=pq(yfIR$Vo4?e#yY9nqFK`UgNuENeu%FUAKvJ#O)4ApIhH%`m&hH5 zJEljvM^EmwLz@pV8QFzmO!?+~TBc*(bSf+wBD5fY>KlE~28fA-ISBKJ$2Z~quR4{v z!%>a-Hq)GZHC6S)ImMsUx{1capgpdUHy8c0{3s(B@c3+mEFAKROv>B8+8$3H@VHub zVtu>6?z!~aTy}pMQJYk1w0B!7QoS+1qA{^k*E-aKp^B8=DP4GPRQ)03^zoq2f0?=v zQ(0Dx1r1)gLk z$(c-#JP!|9Dt4D-6t=&l_c@cl9Jk?R8Jy%TRL*T=DIQCib5rzNED72-fb3u3ui}{3 z>Kp`=x7(pY_p%z=&!UvZegL-ix6Ch39pRO37#&swT&H{gYA+>jSO;H;jkcM00zVyR3rG zh`W?t$jAl}U3#a<1}pc2-PCMY(da9ZAx+Bo(WSjjG$Tv{U(7cdqeH^^7K32lAX44pt$hPt#w6nPpn+R;~$n zMmLk!R2mD(b(b)Vln)ytM9WLlbSyOZ?v|=aa0drzhc&+sfJmJe9XBGQS`7V&HsCh0 zqZl!ey>`T(rrgEPhi-G6W4DoRqjsqX<(!Knr7;8mj@wbQ2{2CKRhyH}dWjsXDsxVZ z^VlURukQ?{JA)HC^BWQ*3_uvnol^4l-SCAvmSketo=5Q{knJnK3Sx z^`THm?h=L@jTud|26%srP8Z$(hAh5FgztP+TrV%}Dr*oPW~sZT|mask8N2~ru(d+E+vqcR>Pw*7>)Bto1Iw&W z`TAYNMJM0kZo03>-ZV!B68wV1PW*N}yL_Id=GcLDD#87ET?2U(=xfNGy9$qg>?78MCr%x5`ms$L+IIe(<6;ej|@oyykyJ|t*AHz#1S1y zn}jl-po8-@~gWg8kO>E)+rHQZifc? z4Gpinv)W40b5_RUX~XWjw4i}tH-IJ0amRO7Dg!tXa@PVDG)~okj%#jRM3bTqs%3`r zJ2fWH5EP%(5p&rpyfFu(5)70Px1)^M-XPQ+rv|oh_-O~Wx!Ur&;`$?zLig*HeL_vA zdxJ9;P(AVNpzAA(82{jWl zqPi44uNZ=Jpi~m+CSco$du(=cX=Qb?Kn=sPLe*Mi6w_MDy@<9Or(ApURq3|T(bDWh z9e4lq#_{fcll@#1(J901!Gq|{NOc@t8M_tpa@XAnn|G?ym0$Z459#$~zf{c>%iIk9 z_089<>t*SB8#U{#?ICVF&#>9G6NFk4JHo{&c?R{P)kK1qN1kyrSE)A9h>YNZAd zZyzaRgOfRAcj$=d;wP8Wb52YPzm%sr1}G%u6lauKue>MSp;`M zXH1~o8je&DtznoiO3t(^e)Do;TGO2dgBj&_Ms!i5>XCiKjF5)wd=w1nT!mMA2 znvtp5XpAryR`W7{61g9c^^7qLsJ@gCqxvsyQ)?XEQ0w z>rQRWI8Z|L@L^wjF(_Dq~OUfpz*<*w-G4=(Wl!VFz-qzumJu6XK#7L6;&H6mPaFBxtvUo1NW*;MjbaFc;gT@24PKYF3qwQ z{hP*6YE3w5^$lr5gnuXxIALU@)LsFxlUidz_(ymtz=h+{4w3lggu~dIjPK7$%$#FC zpwF;=*45t8Wti-+WbJH>EgP}RGo&L?0Iy#Y4Vi6af`8H0~`9& zj0CXWSM#uw#Yp28fsB{J)gQ;R=IMjX1<{t_O~k?VT3_&6z;1sB&RZB{yL;}Kc(jQ2 z7SV0BcA{@&e%!E^N~*5hp!kHy<=8bzt8vbHa=hz$qy?6Bk5Z!&&?84F2(KjuPfQB3 z+t0~b3IbU&IV4LNhaBfeV@A>9h9xEC`9u5Ct}jP~`B~<0j&s`CPxKMRw|J*~i6qrj zD3Vf!0r^3YCXkRAA$_2E<9V}nDe^{>94Z}b22G$;;w4?SCbNwSHFCE1s}DNPRW{XA zYG3$y>kD`?Z;B&+dVgv&y|!m93fV;#`ZUpSHI(%#qL#~b6IL}^lfb6PGQ0{@J1NS6 zV$G=Y3c~K%7+ZB571`fOZ4UagmtXO;Y#{$nfLWE4?@#P@LjweV!9YK!=t$=GUu9t_ zY%%wUX1%N_J9~-v;F<)df4EM11+%6@y8C4n2oi0+&2XpmfZD!#e)CRuBK%*-=nLO` zfx4`W49x$*pzMEP(BA;Bh?S+i5Xes7*2LQ03QWeqx6-;6AbLUmm*b?Z)s!>A_TzG z^V{izEbR%|0nG4V2>kmEEdvk;PcNuz{Rw1ZWDI@?1S`thgDjK?*}zvX#e-ozh=K5h z+seJ5;6Fhw5b#$Q{)GELz`yY0zmr?dr~yk~z&qg^cmHpD#O;pDr~=|*kt&xN<+*Q?V+#286MedTFkjnv;`Gi1@q3 zKAG-n#EV*R%0PVWzSjS2aI0P<)iz>oGr0kcU-8gocG|5qx1MFHzqp)y?*n13!}U=j zHzUF>mE&d+DUxEUVyxV}y(u)h_3OM&jPMA%H^(AC1pa0F|G3Y8_68_`q5f}D0bM)L%Lx8oy~xDY z&R)=1*Y?FbBz6C|2C~D`E1MYD8{4TfvVeCLfCrkHnS~I%J%NxJ03c*wW&Q2`MfTeX zma#E1{-yJm9R9a_V0|FqkBs1r2`>%$%hL&8CW0J1y@HjZrOC@i5U}q5c-sGNBLV*3 z_L2O3(*Tg=@2Gl?IfQbApfzrt!oF0|(dFlQZ$7228NpjXtQDLTd4yGOp}GG#Zfp|CnAew#vYA&~c^Mk)d%XA( zrrPh*A0T6MsGhSQI<2mGAhuXxRcq-mq)2(iJJAJd-d9|!XoMduT+(g zpfQXoulrH+zhft9crE*6l`nza39e%+oDh~ z$Br1p#7}VWC;bOnG<0@t9s0gDsM*fRzA}ff9%Xe*xLy{CLUDDg(ZmRB`B9=&UWcC1 z5HRMq&dCTFT8Kl+FCkU~vH|TyEs{fajB5n-eklutv zMtYpz<&N_U6)o0Zy%r^(O-A#~H5&1&vKA51B;dy@Gm{CV4Lu2ce&nE|xqPk3&Hu%^ zk%Rx+I?m6xSaoLaEM8wW1URFgyrRW6$J)cUEpWa$!a3AysDD^;bl75KCTV&@?K&QY zI-x@WE1T_=9qHjqw>#ghWs9Qpq2T(TVH@2~Z3vJp_Rs;!ZL;~+*p)4tWx;;%9SJJ?|KPK35ZgHvDGl>kdll7y%M zY1K%2w9%?;;+W}ePKevMFr*fAi=x-|EBI3@isx7T20Eiu5VA0D0uH?<2sdE7lv@YC z{d8K;NnkfeB&nx`lKEhiBE6k%gyCWE9=?BZnZKGQ>hryP=Z;N>YiL<~j(y10E3*WN zT7$0=>i8l}}VXu*M29X}f zZy;&f5$L)$m8vv-C9cDX`V79({EWA1Ewnn(^exZ@gn8W~j%IZg;gdyRhbMf08jWPOPuc5yBx?pQCeJ^YR8^79uN z-JAQ+S}jeiM3FJa=f=j`dgZ2(kMP27Utt! zLP$yN_t?u*Tipt~0TWTok*tjBSyaf1yZ=OytK9M# zm{Qmnpf}EEFJ)x*X1v?KKu}K{?f{O=^S$}#FD@TcoinbWGOJhKptdvAb<{=Vot#^> zW)D)|!hF?#3H|9C=lsIbvF`Ys%M#M_E7h|04a=MFZJ18_P{l1_HOnGNO*Iu)lcsdl zaqI_s-CUZfW`aZ0+tV1vW)>wj7NZcx9L_~KHRLB2WdzS$SDzQ2o@$IXl%KCUhVaPb z_Ps0gmQt6ZDpwws!|_&Jw=y`b4&J)5j;BC5tsE?lI=J1~XPqu?mz&h;cWf^l@T`2Z zy}_GpnbT|?P%T{KU0BhU*KTep6)gDFT+uQ}#a_#_*znk!Vh%bX5xRM|swhRCO4Qzu zpxjTb4v(R{Tqh@2;0ZxS>+a!j+ePcjZ?;6INi&)lI963Mub0fa_i;$vvT_g+%Y(?mT*=8`G3kHRQ(_ za;gruwgHJ_$9lh2$@d}JH---NW3zeyboAQTG!`~Q-8SOyJAJP0h)u}TUT^D`%+J=m z(F4A$BI*zbDN2}0#LVb1!1F8(4OdV8h4x0zAm5_E`g8KF%1qiK=Jzr;Uo7? zr6~M(tR408VY>l)ISQZLj*7MTR*?f?a0q3kNf{15GGd-zR2z{|Yo;rx??IK8a%r26 zSG?2F&4hkEKd4ZUew&B%HF&}R3J&3ti3Z`WY5!V>jLp4!c*>((*mSJ`m2gX z21*1$Jt=6Suw12Z&d0~j%;Ka;wropKltV3<`Eqe>lC$-0jh+`OU?BKgz9$j08XM2* zijqaTHlD?d)4mhUUs0D12>D3A;c(e$fK=E+1ru)agvL z*F#h(7@1=O3>rJO0l`piTxwtXlkQ~u5wMQh7lIAn>QqGX%Zakw_6vQ6>YM#h3GZ@| zDgEtj|2Ep)YVX?0k-r@)h1Xib4 z0iNB92yFzKP|yGVwabh5y;n5aKjt zW?^VB<7di``o2SkZ^R8`k?i|>N|dY?=-pbb`9CJrYn>juCcfbx)LTO+1ZO`1uXJiH zIvOSmho45cgpGE$PbxlnO|-6hBMzG{9~QoA9fu3XVb&f~wY0pt8eTh4%{s|ZmTSc1 z??!s$KyNR6z0gBVSKZLX8iC2VOzL>Wb8*`&@f_Fem`&Ue@Cpl(6GlqgWOe&u@w~^5 zo*ldyNcb?i;1Pnol=~CBm!r?-{i>Usb2Jy?3a1~vZX--T!g^LVQp=&Eyf|_c{e-2f z@Q-(i{xTgGQfqm7NxMB*!Jm>EPTD!&KEPTow)a%M;q$9@^|Qd@Zb=;rI&#)u0FI6^LubDUN7}n-R+0#bvLD>^p z??Kcv?)h!{=xdMQi`dyt@nM8)l}lSKQoPKF3+!Dx`km@*jfdAe7wJ!8!w0=LU1Y-t zLCP04!#goYiNeD;Oee<6>+TR(1JBGm2x7g~-!FurN3c@2+=1-o@;eNGM)2;V7Oy!y z`K|XAcML+>@}W&gE@+iG=1}KkKh^uOBk8+%7NTky*g=oI3uR9vy~?X9=<1x;?BVX{ z*DkOwFy|2@Ul6XJY0e#bzr>xnPSzjNM=5VTGjAYF-F=8Mx{Im!*3hxBX7I}oH`eDV zTN_?Tzw+$VnUV_0&%i|4o;oo(tWQpv2|uL!vCrCG+|=C4s>pX{+I8>xlTiCI92FhK z=C4p(zkcUgf?GSPot1W4L2#33 zp|whaml{K%$h@V!{0I+2i|BF4qF#Lpj#9FD0CF{m%{K4Bw$q`b5!5#E#IGx2*W;#IiLXpzHoM3`3=;C$8 z3aOgY`~6IV!?)vSn4z$~%|xpSRjR+j*I{$V*oG5@niWFZ*{Hpk5kFRQ@#lV?d3~un zK7Nj-BRUNqWFAmUFdq@^LFs`#aF(>IUfch)7&V?)&U)hTj#<*+@Y07|stj^&*@3$+n4e>U?2X+>wAzmqxJO8U9zk~`b$y!I2Vn)&S*y2d?|R|^#1#a~6PU`> zEv&KNa7x~&Ycr4Mjvn_R8rpP{d!HroNsHih14KX?Q#Qth znj0i0s?G`_+!DSV7Zudo>5lzp;@DU1?E*(FEv z*!zyDWUvql>%M!mkWAxwBhVa@n=Ya6^?oqp($puJa~iaPLr>F7LpwFvh!&f4G&ZfN z#6Bb)v+04!Ip07f#0`BGePLHimM6@bdz2uyG+*Hn#E~l9LHdGjlRe;Ny4axIoI8%d zft~@*A_*7aH}0$1kE|rq`dW#8_(Y*uu+}j@rPkp4RKz1mF!NBBmAA)LPk7zq7d86K zC1!Bf%DbnjIAwSZ_914mT)i89K4Z4xn5w=x@xMt?S%G4{UmN1GhdCtRK0R!ohp1D> zihMJghst`!MkQa`9UN>HN|JUpxne;vP$I)YlBewUUfn3;+1_xNkGwHoD`lz6wlXJ? zyTU~wYz;7y0Ea)bK`A_JAdFEi=+1(%#>kZvZsb5m>D&9jZC^;Mz9kzwDgK&-)2}=Du7+x@)FV{VEnGB5{|W%Fc@(wJUr(%tu`>q`-*u^gVU`;t@j}|%B?|;v5tT_n5aV6Q|?xC zT4TM1EiPtl{G!4gb+b0)P&(Rey>#d@eCL;iyn<7`Vj@nB~E!VCDc!INpkZWmfM0SpwH91j+sZSB^q~!U5@w( zX``7B=D1s&hPXGAi_C#B)vQHTo3B%C<`PJIowBgFaPUa#^9paYAFH^S$w8jTD$Uxt zTT6A})M|5RX0JfYm_2*w7o}~khd1LaA?IO?Max&pW~3ML=BSQoRen&B&vSjvVN5Yf zY#G(<2`xx1NV1k*qV2|qzD{5xryDX}8v8FOf1Iq2#;EhJCdnbYw#Av5k4g%gNbtlS zVc!sH5##CtK>fPi#cGKubRog}z%Wa7=9;iT{;1Vx+AvfpvT`Wh58h4YLGgUl{=P{R zMQTbS?~In@cw(`_Gc+EpiMH*Ly7LNm;Bd}-(DPCS?nF;tL&V33)o_QXim}b<-7Qpk zF%Pm9y!0X1E0FA949++lf*QWj)V(~*fd|ep5h^- zxrFEhoMooe(n*wRA#P@wEOR9%Vn$-`dZNAqg`#z?U|wUUDRsWPO~MPiq^dVEH8PLz zpHJ;bq1dQT;U=bkPix=^Ya%Q*C>r#}p!s(z28|Zz}n0eyHlm@wClgf@FvjLCn_N z^VRAIJP|?joc8YRbSbZ8A%|gMa`{}I#X)pUu;0;b{!Ui=Tz>tJca^mJL8S%MsMT?b zBAK9T<4pyjK%tM}(sPHRdD2}oQn3~I9~Jf2~aIua!eg=yT*13rE~H z*j&aoxRCo?pB`a?aY^`=8`m7(^*YTjo6=g9tJSK}4k_u!RF9esSygQ_s|ZKLO{$w6 zgsLxgC9&X`v0$voSuCzn$0v7Rh3mP26hFIkH4qmT7xl`?sTnXOARvSUBh01MfS2(6 zGey)t{g5?g8kgQc*`V5(2~AuwsIB9asrvHi1YkMA+3DEqTeXMhmiR+&kHiCNAr2LO z<#8d7+=+l@n5XODSpNKGk=r?8oEO_iP1xBuDjGugVl?v=fy9ia(_6Z6_-U?)FBjK{ z8TOV>pE;kAk?IR$H$3iP;#8(0$J@U56nurf*AEmT-t&wgxSRB@hvHsiT(YcYbtpu% zJr-(6QVZDXL}K8Bm&~e(&2uA*we3P+DZr!KVMO!2uR%NKWoZQl|Jy3~pOJImWoGuj zxWqqW=l*-a`7g8rju3l6EBv-5y5_V3=DPZ3|H@T>?7wjp7D6Bk8~6vn#`u2&D?sov z_ut40BLKXR{ufz!$@%YS1^BYQ{oicmZ_#vruoVWj|2JD%GW7$1!zM4@*Dq?(1eF}W z4b;)ZXxe>S?eR)V1m_2^(|K)yHNjkc*Z*8f9 zw|m>``Onh*(c+j7$$7(EPG|u8Bb>d3ehW9NTeK#tH^#vZsLCjneqHvE=6Rxo&^u(b zmbKAd@z1VL@Wy*EXLG9bQcbZJH1yngy?J)4Q0G9nWZ{-K!&zTpc)Bk*PN^7%*-7$# z)D!Ngu2P%Qc@u2la+OBCMW=ILp((C)#;d!-3{U8Vo$W>C?ZHvH;0MB@^2~(4RsQls*49d29%Qdh503h!R{%NN z(~DW?8i53VPsDyt1T_DP7=l~#ceBfa_333_0#oe?e{ZuK$j-{aRv%d-NR0?EZ zqWco$`T~Vmz!Qa)ok8>eE4EeakJwgvL2x(0HP{jUHp{?G{}W*T(+ggj14gU=Yy&*~ ze;NU9!+%=w5@Rc2Vqm9E_?wYmZUwCzUM%{zDuDmQyn?!5Bx_{^?lris-#ZOYFJld| z}DuB8zr$dXo3p6c%=W%wI}6$FP*gV`~ch_HwV z0Km)&0I)Iu04(g_lnI=I*&Qpx?*nJxpbz>}k4f-%9Tu?eZ~9<8CUAZhmOoB#eilaX z36_IZ0F2s zga;!;AUwFFKMq0`W@biaLPNseWk6;|@C*01XM~o2$iR0mmV7z>CS!bgZ~jxp_`fpd z7ozxIdO&cE;L-mt8Q5ar8T$_zD?7`-$k@Q6^xt{efUMw&@edg@^Z&|N|EF(2CMGbh z|L?qD8S6jm05Y+#famIe)d7x+ewn}jkTEd)vtA%G0}FUQ{X>rhZ1sQ2z2Wq|E=;em4vMH1&u-aW_Au1g!Fdw{yGt^IHA1!QIiu)>p(3CoDU{~xpZSdah! diff --git a/web/footer.jsp b/web/footer.jsp deleted file mode 100644 index 02cfeece..00000000 --- a/web/footer.jsp +++ /dev/null @@ -1,12 +0,0 @@ - - -
- - -

Copyrights © Cyber Security & Privacy Foundation

- - - - - - \ No newline at end of file diff --git a/web/header.jsp b/web/header.jsp deleted file mode 100644 index 88afd3f6..00000000 --- a/web/header.jsp +++ /dev/null @@ -1,169 +0,0 @@ - <%@page import="java.io.FileInputStream"%> -<%@page import="java.util.Properties"%> -<%@page import="java.io.File"%> -<% - String path = request.getContextPath(); - String configPath=getServletContext().getRealPath("/WEB-INF/config.properties"); - - Properties properties=new Properties(); - properties.load(new FileInputStream(configPath)); - String siteTitle=properties.getProperty("siteTitle"); - %> - - - - - <%=siteTitle%> - - <% out.print(""); %> - - - -
- - - -
-
- -
- - -
- \ No newline at end of file diff --git a/web/images/Thumbs.db b/web/images/Thumbs.db deleted file mode 100644 index 83e456d496693ea4cf009cd65423dfbd33320137..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4608 zcmeH~doYx19LJw`-@Vw2WqH>kPAn-jX6WWpZsl6aDs)lDt-_JZsy5xFR3@DePFIv7 zBax)bG_z7lXHcPBYNF)QNfJWSvFG=?oO7o02X$u7OlSPw_p{Ht&t;$I`~05g_dffu zlGm7?uik{dFiV7^K^YU#|CW!zGs%!CB1C})^827nCL7K~2p%WwJDP#tVXUP8NT}dM z8bJD-0g!nU_Wzy%HxvrjMx=%8Pza=A6bYUmzp22A8J!_~jAq{Y&RvlgDlxL2RBpJk z@fdB!DyBjd8ttD<$ErVC?m#Ydu=&UbRQsS{n1%JjSzq<3_znH5Ko71Xy_kGeZ~v?e z`Y|#Fld*Wb`UOz;1la&=v@PkAFZVy`A|}8B*Z>ER2e^O&0IvYV1C#(|fB^Ua88?KG zssd_&Ixq>)05pLgfXRRspbd=1A9DN?_TSC`=~HqISipXe)yf)?qO-k|J;Gp7dBcTd z4X{OU3WdDEsBqKdXf!I7#$qt&avTF@{|capU+VcsHzaE zN(7%Ee+0v!4VA{E(U^ohTb}r8lSvUz4$Vd0I3`3C9)|NU*&T8nVKf*mIp7h)C@@Ak zLypN}Lxn=vp%{)+s5m)lsJ#Qq5tT<%(l)lCD~o&>!f?VQDn4CK$2Py1@Al}u?hIe? z9wtjgpsJ=mMQ`dfeS?{^X3sG-GoQb}&fdY%$$9BAcMs3yD^~jXuU)r3ATTImG{P>of&TL`M%;uEEV0EO;fr^X+z4!Cv49*Df?5{ zU%KiM2gks9I1gE&&s859LOL=-a}BnwQVV5M@x#|I%6(qYweqe~>EcJx$*%@H;!gG7 z+G`${p~3G-<7``PtnN}!aLM#GH=@5fzHa%fdnr1V^u<^hch_P==MVb+i;D9s#S6JE zHbyCi%k3XXBZHV8rJdW=(P=CBmG?KNCmkFV+FK=gS5h)64oD0Vu-=P-ow*@30?E-R zYeO}u-(4RF}Ymt?M6|;5}(!8;gfuYF_R0V zf+LR8%ik>7X)KClsyLUXopzFzqwx3bb38fJuzc$Ja8=b$$4~!eb1h1ur#tz%MqX}w zce!mHeYcrUrq}EJ35}OT(XPZ=Qv;hG;f)gwnFU4N+pi`?M8`<^so}YAt#uBYX+G6G zdFoilyKrmO!gFW6GL+1%CP|C?a_ZwPd(o!6j_K*omrjklr;{sMSI1(0mL|+=Cp{`ZKqa`IXp13TG(vq%VHtpEb>E5A3FX}jD zmlI&I-s%+cFAEjlj4v^7OD(X{NXp`{GDTDl!b^$F3yDyHEUqH6UnG<|mChC^JUPp=?o z1)Z4{hlrlJEytYC?>3Uw=I)u4UTB+o6pL-q+3vCLO219zR@AP2%&#H3ti$th)AERN zao3BG;AZbIgU2r#H>Gjoa;21lP@_W$#(vT!hqRoJ)jPeC+YB;N{G$@9Ufe>K?_7T} ziM-L3V6WfpwJv)g_Q#fHSE@@~#u10~-mI-PC0Zxri#1I8(;X|g`WE2} z?a(e+-DvFj>QoU<+T^R)dju^=ha#EKH+T-C67z*qi4h7yVI!v#vV7>(%?j}(&r+lD z`)A1f9^yA0(I?{f(0l3okKYes1UC{^Ep&3pP-*3qbl%)pRyt2%piN}wlRf#Geh?6xb<)Ghc{Y08ayF8-f}VXU;5AQA9^CV3aF96)78&qol`;+06V-N A#{d8T diff --git a/web/index.jsp b/web/index.jsp deleted file mode 100644 index 80ec023f..00000000 --- a/web/index.jsp +++ /dev/null @@ -1,10 +0,0 @@ - <%@ include file="header.jsp" %> - <% - if(session.getAttribute("user")!=null) -{ - out.print("Hello "+session.getAttribute("user")+","); -} - %> - Welcome to Java Vulnerable Lab !

- A Deliberately vulnerable Web Application built on JAVA designed to teach Web Application Security. - <%@ include file="footer.jsp" %> \ No newline at end of file diff --git a/web/install.jsp b/web/install.jsp deleted file mode 100644 index 457a708e..00000000 --- a/web/install.jsp +++ /dev/null @@ -1,28 +0,0 @@ - - - <%@ include file="/header.jsp" %> - - -
- - - - - - - - - - - - - - -
Website Title:
Database Name:
Database User:
Database Password:
JDBC Driver:
JDBC URL:
Admin Login Credential:
Username(Default):
Password(Default):
-
-
-Note:If a database already exits, it will be dropped - - - - <%@ include file="/footer.jsp" %> diff --git a/web/jquery.min.js b/web/jquery.min.js deleted file mode 100644 index 3684c36b..00000000 --- a/web/jquery.min.js +++ /dev/null @@ -1,4 +0,0 @@ -/*! jQuery v1.6.4 http://jquery.com/ | http://jquery.org/license */ -(function(a,b){function cu(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cr(a){if(!cg[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"":"")+""),ci.close();d=ci.createElement(a),ci.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ch)}cg[a]=e}return cg[a]}function cq(a,b){var c={};f.each(cm.concat.apply([],cm.slice(0,b)),function(){c[this]=a});return c}function cp(){cn=b}function co(){setTimeout(cp,0);return cn=f.now()}function cf(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ce(){try{return new a.XMLHttpRequest}catch(b){}}function b$(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){c!=="border"&&f.each(e,function(){c||(d-=parseFloat(f.css(a,"padding"+this))||0),c==="margin"?d+=parseFloat(f.css(a,c+this))||0:d-=parseFloat(f.css(a,"border"+this+"Width"))||0});return d+"px"}d=bv(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0,c&&f.each(e,function(){d+=parseFloat(f.css(a,"padding"+this))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+this+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+this))||0)});return d+"px"}function bl(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(bd,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)}function bk(a){f.nodeName(a,"input")?bj(a):"getElementsByTagName"in a&&f.grep(a.getElementsByTagName("input"),bj)}function bj(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bi(a){return"getElementsByTagName"in a?a.getElementsByTagName("*"):"querySelectorAll"in a?a.querySelectorAll("*"):[]}function bh(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c==="object")b.outerHTML=a.outerHTML;else if(c!=="input"||a.type!=="checkbox"&&a.type!=="radio"){if(c==="option")b.selected=a.defaultSelected;else if(c==="input"||c==="textarea")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bg(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c=f.expando,d=f.data(a),e=f.data(b,d);if(d=d[c]){var g=d.events;e=e[c]=f.extend({},d);if(g){delete e.handle,e.events={};for(var h in g)for(var i=0,j=g[h].length;i=0===c})}function U(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function M(a,b){return(a&&a!=="*"?a+".":"")+b.replace(y,"`").replace(z,"&")}function L(a){var b,c,d,e,g,h,i,j,k,l,m,n,o,p=[],q=[],r=f._data(this,"events");if(!(a.liveFired===this||!r||!r.live||a.target.disabled||a.button&&a.type==="click")){a.namespace&&(n=new RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)")),a.liveFired=this;var s=r.live.slice(0);for(i=0;ic)break;a.currentTarget=e.elem,a.data=e.handleObj.data,a.handleObj=e.handleObj,o=e.handleObj.origHandler.apply(e.elem,arguments);if(o===!1||a.isPropagationStopped()){c=e.level,o===!1&&(b=!1);if(a.isImmediatePropagationStopped())break}}return b}}function J(a,c,d){var e=f.extend({},d[0]);e.type=a,e.originalEvent={},e.liveFired=b,f.event.handle.call(c,e),e.isDefaultPrevented()&&d[0].preventDefault()}function D(){return!0}function C(){return!1}function m(a,c,d){var e=c+"defer",g=c+"queue",h=c+"mark",i=f.data(a,e,b,!0);i&&(d==="queue"||!f.data(a,g,b,!0))&&(d==="mark"||!f.data(a,h,b,!0))&&setTimeout(function(){!f.data(a,g,b,!0)&&!f.data(a,h,b,!0)&&(f.removeData(a,e,!0),i.resolve())},0)}function l(a){for(var b in a)if(b!=="toJSON")return!1;return!0}function k(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(j,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNaN(d)?i.test(d)?f.parseJSON(d):d:parseFloat(d)}catch(g){}f.data(a,c,d)}else d=b}return d}var c=a.document,d=a.navigator,e=a.location,f=function(){function K(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(K,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/\d/,n=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,o=/^[\],:{}\s]*$/,p=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,q=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,r=/(?:^|:|,)(?:\s*\[)+/g,s=/(webkit)[ \/]([\w.]+)/,t=/(opera)(?:.*version)?[ \/]([\w.]+)/,u=/(msie) ([\w.]+)/,v=/(mozilla)(?:.*? rv:([\w.]+))?/,w=/-([a-z]|[0-9])/ig,x=/^-ms-/,y=function(a,b){return(b+"").toUpperCase()},z=d.userAgent,A,B,C,D=Object.prototype.toString,E=Object.prototype.hasOwnProperty,F=Array.prototype.push,G=Array.prototype.slice,H=String.prototype.trim,I=Array.prototype.indexOf,J={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=n.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.6.4",length:0,size:function(){return this.length},toArray:function(){return G.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?F.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),B.done(a);return this},eq:function(a){return a===-1?this.slice(a):this.slice(a,+a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(G.apply(this,arguments),"slice",G.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:F,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;B.resolveWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").unbind("ready")}},bindReady:function(){if(!B){B=e._Deferred();if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",C,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",C),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&K()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNaN:function(a){return a==null||!m.test(a)||isNaN(a)},type:function(a){return a==null?String(a):J[D.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!E.call(a,"constructor")&&!E.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||E.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw a},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(o.test(b.replace(p,"@").replace(q,"]").replace(r,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(x,"ms-").replace(w,y)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?h.call(arguments,0):c,--e||g.resolveWith(g,h.call(b,0))}}var b=arguments,c=0,d=b.length,e=d,g=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred();if(d>1){for(;c
a",d=a.getElementsByTagName("*"),e=a.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=a.getElementsByTagName("input")[0],k={leadingWhitespace:a.firstChild.nodeType===3,tbody:!a.getElementsByTagName("tbody").length,htmlSerialize:!!a.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55$/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:a.className!=="t",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,k.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,k.optDisabled=!h.disabled;try{delete a.test}catch(v){k.deleteExpando=!1}!a.addEventListener&&a.attachEvent&&a.fireEvent&&(a.attachEvent("onclick",function(){k.noCloneEvent=!1}),a.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),k.radioValue=i.value==="t",i.setAttribute("checked","checked"),a.appendChild(i),l=c.createDocumentFragment(),l.appendChild(a.firstChild),k.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,a.innerHTML="",a.style.width=a.style.paddingLeft="1px",m=c.getElementsByTagName("body")[0],o=c.createElement(m?"div":"body"),p={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},m&&f.extend(p,{position:"absolute",left:"-1000px",top:"-1000px"});for(t in p)o.style[t]=p[t];o.appendChild(a),n=m||b,n.insertBefore(o,n.firstChild),k.appendChecked=i.checked,k.boxModel=a.offsetWidth===2,"zoom"in a.style&&(a.style.display="inline",a.style.zoom=1,k.inlineBlockNeedsLayout=a.offsetWidth===2,a.style.display="",a.innerHTML="
",k.shrinkWrapBlocks=a.offsetWidth!==2),a.innerHTML="
t
",q=a.getElementsByTagName("td"),u=q[0].offsetHeight===0,q[0].style.display="",q[1].style.display="none",k.reliableHiddenOffsets=u&&q[0].offsetHeight===0,a.innerHTML="",c.defaultView&&c.defaultView.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",a.appendChild(j),k.reliableMarginRight=(parseInt((c.defaultView.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0),o.innerHTML="",n.removeChild(o);if(a.attachEvent)for(t in{submit:1,change:1,focusin:1})s="on"+t,u=s in a,u||(a.setAttribute(s,"return;"),u=typeof a[s]=="function"),k[t+"Bubbles"]=u;o=l=g=h=m=j=a=i=null;return k}(),f.boxModel=f.support.boxModel;var i=/^(?:\{.*\}|\[.*\])$/,j=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!l(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i=f.expando,j=typeof c=="string",k=a.nodeType,l=k?f.cache:a,m=k?a[f.expando]:a[f.expando]&&f.expando;if((!m||e&&m&&l[m]&&!l[m][i])&&j&&d===b)return;m||(k?a[f.expando]=m=++f.uuid:m=f.expando),l[m]||(l[m]={},k||(l[m].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?l[m][i]=f.extend(l[m][i],c):l[m]=f.extend(l[m],c);g=l[m],e&&(g[i]||(g[i]={}),g=g[i]),d!==b&&(g[f.camelCase(c)]=d);if(c==="events"&&!g[c])return g[i]&&g[i].events;j?(h=g[c],h==null&&(h=g[f.camelCase(c)])):h=g;return h}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e=f.expando,g=a.nodeType,h=g?f.cache:a,i=g?a[f.expando]:f.expando;if(!h[i])return;if(b){d=c?h[i][e]:h[i];if(d){d[b]||(b=f.camelCase(b)),delete d[b];if(!l(d))return}}if(c){delete h[i][e];if(!l(h[i]))return}var j=h[i][e];f.support.deleteExpando||!h.setInterval?delete h[i]:h[i]=null,j?(h[i]={},g||(h[i].toJSON=f.noop),h[i][e]=j):g&&(f.support.deleteExpando?delete a[f.expando]:a.removeAttribute?a.removeAttribute(f.expando):a[f.expando]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},acceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if(b)return b!==!0&&a.getAttribute("classid")===b}return!0}}),f.fn.extend({data:function(a,c){var d=null;if(typeof a=="undefined"){if(this.length){d=f.data(this[0]);if(this[0].nodeType===1){var e=this[0].attributes,g;for(var h=0,i=e.length;h-1)return!0;return!1},val:function(a){var c,d,e=this[0];if(!arguments.length){if(e){c=f.valHooks[e.nodeName.toLowerCase()]||f.valHooks[e.type];if(c&&"get"in c&&(d=c.get(e,"value"))!==b)return d;d=e.value;return typeof d=="string"?d.replace(p,""):d==null?"":d}return b}var g=f.isFunction(a);return this.each(function(d){var e=f(this),h;if(this.nodeType===1){g?h=a.call(this,d,e.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c=a.selectedIndex,d=[],e=a.options,g=a.type==="select-one";if(c<0)return null;for(var h=g?c:0,i=g?c+1:e.length;h=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attrFix:{tabindex:"tabIndex"},attr:function(a,c,d,e){var g=a.nodeType;if(!a||g===3||g===8||g===2)return b;if(e&&c in f.attrFn)return f(a)[c](d);if(!("getAttribute"in a))return f.prop(a,c,d);var h,i,j=g!==1||!f.isXMLDoc(a);j&&(c=f.attrFix[c]||c,i=f.attrHooks[c],i||(t.test(c)?i=v:u&&(i=u)));if(d!==b){if(d===null){f.removeAttr(a,c);return b}if(i&&"set"in i&&j&&(h=i.set(a,d,c))!==b)return h;a.setAttribute(c,""+d);return d}if(i&&"get"in i&&j&&(h=i.get(a,c))!==null)return h;h=a.getAttribute(c);return h===null?b:h},removeAttr:function(a,b){var c;a.nodeType===1&&(b=f.attrFix[b]||b,f.attr(a,b,""),a.removeAttribute(b),t.test(b)&&(c=f.propFix[b]||b)in a&&(a[c]=!1))},attrHooks:{type:{set:function(a,b){if(q.test(a.nodeName)&&a.parentNode)f.error("type property can't be changed");else if(!f.support.radioValue&&b==="radio"&&f.nodeName(a,"input")){var c=a.value;a.setAttribute("type",b),c&&(a.value=c);return b}}},value:{get:function(a,b){if(u&&f.nodeName(a,"button"))return u.get(a,b);return b in a?a.value:null},set:function(a,b,c){if(u&&f.nodeName(a,"button"))return u.set(a,b,c);a.value=b}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(a,c,d){var e=a.nodeType;if(!a||e===3||e===8||e===2)return b;var g,h,i=e!==1||!f.isXMLDoc(a);i&&(c=f.propFix[c]||c,h=f.propHooks[c]);return d!==b?h&&"set"in h&&(g=h.set(a,d,c))!==b?g:a[c]=d:h&&"get"in h&&(g=h.get(a,c))!==null?g:a[c]},propHooks:{tabIndex:{get:function(a){var c=a.getAttributeNode("tabindex");return c&&c.specified?parseInt(c.value,10):r.test(a.nodeName)||s.test(a.nodeName)&&a.href?0:b}}}}),f.attrHooks.tabIndex=f.propHooks.tabIndex,v={get:function(a,c){var d;return f.prop(a,c)===!0||(d=a.getAttributeNode(c))&&d.nodeValue!==!1?c.toLowerCase():b},set:function(a,b,c){var d;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase()));return c}},f.support.getSetAttribute||(u=f.valHooks.button={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&d.nodeValue!==""?d.nodeValue:b},set:function(a,b,d){var e=a.getAttributeNode(d);e||(e=c.createAttribute(d),a.setAttributeNode(e));return e.nodeValue=b+""}},f.each(["width","height"],function(a,b){f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===""){a.setAttribute(b,"auto");return c}}})})),f.support.hrefNormalized||f.each(["href","src","width","height"],function(a,c){f.attrHooks[c]=f.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=""+b}}),f.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex);return null}})),f.support.checkOn||f.each(["radio","checkbox"],function(){f.valHooks[this]={get:function(a){return a.getAttribute("value")===null?"on":a.value}}}),f.each(["radio","checkbox"],function(){f.valHooks[this]=f.extend(f.valHooks[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(),b)>=0}})});var w=/\.(.*)$/,x=/^(?:textarea|input|select)$/i,y=/\./g,z=/ /g,A=/[^\w\s.|`]/g,B=function(a){return a.replace(A,"\\$&")};f.event={add:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){if(d===!1)d=C;else if(!d)return;var g,h;d.handler&&(g=d,d=g.handler),d.guid||(d.guid=f.guid++);var i=f._data(a);if(!i)return;var j=i.events,k=i.handle;j||(i.events=j={}),k||(i.handle=k=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.handle.apply(k.elem,arguments):b}),k.elem=a,c=c.split(" ");var l,m=0,n;while(l=c[m++]){h=g?f.extend({},g):{handler:d,data:e},l.indexOf(".")>-1?(n=l.split("."),l=n.shift(),h.namespace=n.slice(0).sort().join(".")):(n=[],h.namespace=""),h.type=l,h.guid||(h.guid=d.guid);var o=j[l],p=f.event.special[l]||{};if(!o){o=j[l]=[];if(!p.setup||p.setup.call(a,e,n,k)===!1)a.addEventListener?a.addEventListener(l,k,!1):a.attachEvent&&a.attachEvent("on"+l,k)}p.add&&(p.add.call(a,h),h.handler.guid||(h.handler.guid=d.guid)),o.push(h),f.event.global[l]=!0}a=null}},global:{},remove:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){d===!1&&(d=C);var g,h,i,j,k=0,l,m,n,o,p,q,r,s=f.hasData(a)&&f._data(a),t=s&&s.events;if(!s||!t)return;c&&c.type&&(d=c.handler,c=c.type);if(!c||typeof c=="string"&&c.charAt(0)==="."){c=c||"";for(h in t)f.event.remove(a,h+c);return}c=c.split(" ");while(h=c[k++]){r=h,q=null,l=h.indexOf(".")<0,m=[],l||(m=h.split("."),h=m.shift(),n=new RegExp("(^|\\.)"+f.map(m.slice(0).sort(),B).join("\\.(?:.*\\.)?")+"(\\.|$)")),p=t[h];if(!p)continue;if(!d){for(j=0;j=0&&(h=h.slice(0,-1),j=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if(!!e&&!f.event.customEvent[h]||!!f.event.global[h]){c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.exclusive=j,c.namespace=i.join("."),c.namespace_re=new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)");if(g||!e)c.preventDefault(),c.stopPropagation();if(!e){f.each(f.cache,function(){var a=f.expando,b=this[a];b&&b.events&&b.events[h]&&f.event.trigger(c,d,b.handle.elem)});return}if(e.nodeType===3||e.nodeType===8)return;c.result=b,c.target=e,d=d!=null?f.makeArray(d):[],d.unshift(c);var k=e,l=h.indexOf(":")<0?"on"+h:"";do{var m=f._data(k,"handle");c.currentTarget=k,m&&m.apply(k,d),l&&f.acceptData(k)&&k[l]&&k[l].apply(k,d)===!1&&(c.result=!1,c.preventDefault()),k=k.parentNode||k.ownerDocument||k===c.target.ownerDocument&&a}while(k&&!c.isPropagationStopped());if(!c.isDefaultPrevented()){var n,o=f.event.special[h]||{};if((!o._default||o._default.call(e.ownerDocument,c)===!1)&&(h!=="click"||!f.nodeName(e,"a"))&&f.acceptData(e)){try{l&&e[h]&&(n=e[l],n&&(e[l]=null),f.event.triggered=h,e[h]())}catch(p){}n&&(e[l]=n),f.event.triggered=b}}return c.result}},handle:function(c){c=f.event.fix(c||a.event);var d=((f._data(this,"events")||{})[c.type]||[]).slice(0),e=!c.exclusive&&!c.namespace,g=Array.prototype.slice.call(arguments,0);g[0]=c,c.currentTarget=this;for(var h=0,i=d.length;h-1?f.map(a.options,function(a){return a.selected}).join("-"):"":f.nodeName(a,"select")&&(c=a.selectedIndex);return c},I=function(c){var d=c.target,e,g;if(!!x.test(d.nodeName)&&!d.readOnly){e=f._data(d,"_change_data"),g=H(d),(c.type!=="focusout"||d.type!=="radio")&&f._data(d,"_change_data",g);if(e===b||g===e)return;if(e!=null||g)c.type="change",c.liveFired=b,f.event.trigger(c,arguments[1],d)}};f.event.special.change={filters:{focusout:I,beforedeactivate:I,click:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(c==="radio"||c==="checkbox"||f.nodeName(b,"select"))&&I.call(this,a)},keydown:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(a.keyCode===13&&!f.nodeName(b,"textarea")||a.keyCode===32&&(c==="checkbox"||c==="radio")||c==="select-multiple")&&I.call(this,a)},beforeactivate:function(a){var b=a.target;f._data(b,"_change_data",H(b))}},setup:function(a,b){if(this.type==="file")return!1;for(var c in G)f.event.add(this,c+".specialChange",G[c]);return x.test(this.nodeName)},teardown:function(a){f.event.remove(this,".specialChange");return x.test(this.nodeName)}},G=f.event.special.change.filters,G.focus=G.beforeactivate}f.support.focusinBubbles||f.each({focus:"focusin",blur:"focusout"},function(a,b){function e(a){var c=f.event.fix(a);c.type=b,c.originalEvent={},f.event.trigger(c,null,c.target),c.isDefaultPrevented()&&a.preventDefault()}var d=0;f.event.special[b]={setup:function(){d++===0&&c.addEventListener(a,e,!0)},teardown:function(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.each(["bind","one"],function(a,c){f.fn[c]=function(a,d,e){var g;if(typeof a=="object"){for(var h in a)this[c](h,d,a[h],e);return this}if(arguments.length===2||d===!1)e=d,d=b;c==="one"?(g=function(a){f(this).unbind(a,g);return e.apply(this,arguments)},g.guid=e.guid||f.guid++):g=e;if(a==="unload"&&c!=="one")this.one(a,d,e);else for(var i=0,j=this.length;i0?this.bind(b,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0)}),function(){function u(a,b,c,d,e,f){for(var g=0,h=d.length;g0){j=i;break}}i=i[a]}d[g]=j}}}function t(a,b,c,d,e,f){for(var g=0,h=d.length;g+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d=0,e=Object.prototype.toString,g=!1,h=!0,i=/\\/g,j=/\W/;[0,0].sort(function(){h=!1;return 0});var k=function(b,d,f,g){f=f||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return f;var i,j,n,o,q,r,s,t,u=!0,w=k.isXML(d),x=[],y=b;do{a.exec(""),i=a.exec(y);if(i){y=i[3],x.push(i[1]);if(i[2]){o=i[3];break}}}while(i);if(x.length>1&&m.exec(b))if(x.length===2&&l.relative[x[0]])j=v(x[0]+x[1],d);else{j=l.relative[x[0]]?[d]:k(x.shift(),d);while(x.length)b=x.shift(),l.relative[b]&&(b+=x.shift()),j=v(b,j)}else{!g&&x.length>1&&d.nodeType===9&&!w&&l.match.ID.test(x[0])&&!l.match.ID.test(x[x.length-1])&&(q=k.find(x.shift(),d,w),d=q.expr?k.filter(q.expr,q.set)[0]:q.set[0]);if(d){q=g?{expr:x.pop(),set:p(g)}:k.find(x.pop(),x.length===1&&(x[0]==="~"||x[0]==="+")&&d.parentNode?d.parentNode:d,w),j=q.expr?k.filter(q.expr,q.set):q.set,x.length>0?n=p(j):u=!1;while(x.length)r=x.pop(),s=r,l.relative[r]?s=x.pop():r="",s==null&&(s=d),l.relative[r](n,s,w)}else n=x=[]}n||(n=j),n||k.error(r||b);if(e.call(n)==="[object Array]")if(!u)f.push.apply(f,n);else if(d&&d.nodeType===1)for(t=0;n[t]!=null;t++)n[t]&&(n[t]===!0||n[t].nodeType===1&&k.contains(d,n[t]))&&f.push(j[t]);else for(t=0;n[t]!=null;t++)n[t]&&n[t].nodeType===1&&f.push(j[t]);else p(n,f);o&&(k(o,h,f,g),k.uniqueSort(f));return f};k.uniqueSort=function(a){if(r){g=h,a.sort(r);if(g)for(var b=1;b0},k.find=function(a,b,c){var d;if(!a)return[];for(var e=0,f=l.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!j.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(i,"")},TAG:function(a,b){return a[1].replace(i,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||k.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&k.error(a[0]);a[0]=d++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(i,"");!f&&l.attrMap[g]&&(a[1]=l.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(i,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=k(b[3],null,null,c);else{var g=k.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(l.match.POS.test(b[0])||l.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!k(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=l.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||k.getText([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=l.attrHandle[c]?l.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=l.setFilters[e];if(f)return f(a,c,b,d)}}},m=l.match.POS,n=function(a,b){return"\\"+(b-0+1)};for(var o in l.match)l.match[o]=new RegExp(l.match[o].source+/(?![^\[]*\])(?![^\(]*\))/.source),l.leftMatch[o]=new RegExp(/(^(?:.|\r|\n)*?)/.source+l.match[o].source.replace(/\\(\d+)/g,n));var p=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(q){p=function(a,b){var c=0,d=b||[];if(e.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var f=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(l.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},l.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(l.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(l.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=k,b=c.createElement("div"),d="__sizzle__";b.innerHTML="

";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){k=function(b,e,f,g){e=e||c;if(!g&&!k.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return p(e.getElementsByTagName(b),f);if(h[2]&&l.find.CLASS&&e.getElementsByClassName)return p(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return p([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return p([],f);if(i.id===h[3])return p([i],f)}try{return p(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var m=e,n=e.getAttribute("id"),o=n||d,q=e.parentNode,r=/^\s*[+~]/.test(b);n?o=o.replace(/'/g,"\\$&"):e.setAttribute("id",o),r&&q&&(e=e.parentNode);try{if(!r||q)return p(e.querySelectorAll("[id='"+o+"'] "+b),f)}catch(s){}finally{n||m.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)k[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}k.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!k.isXML(a))try{if(e||!l.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return k(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;l.order.splice(1,0,"CLASS"),l.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?k.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?k.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:k.contains=function(){return!1},k.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var v=function(a,b){var c,d=[],e="",f=b.nodeType?[b]:b;while(c=l.match.PSEUDO.exec(a))e+=c[0],a=a.replace(l.match.PSEUDO,"");a=l.relative[a]?a+"*":a;for(var g=0,h=f.length;g0)for(h=g;h0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h,i,j={},k=1;if(g&&a.length){for(d=0,e=a.length;d-1:f(g).is(h))&&c.push({selector:i,elem:g,level:k});g=g.parentNode,k++}}return c}var l=S.test(a)||typeof a!="string"?f(a,b||this.context):0;for(d=0,e=this.length;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(U(c[0])||U(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c),g=R.call(arguments);N.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!T[a]?f.unique(e):e,(this.length>1||P.test(d))&&O.test(a)&&(e=e.reverse());return this.pushStack(e,a,g.join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/",""],legend:[1,"
","
"],thead:[1,"","
"],tr:[2,"","
"],td:[3,"","
"],col:[2,"","
"],area:[1,"",""],_default:[0,"",""]};be.optgroup=be.option,be.tbody=be.tfoot=be.colgroup=be.caption=be.thead,be.th=be.td,f.support.htmlSerialize||(be._default=[1,"div
","
"]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){return this.each(function(){f(this).wrapAll(a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f(arguments[0]);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f(arguments[0]).toArray());return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!be[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(var c=0,d=this.length;c1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d=a.cloneNode(!0),e,g,h;if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bh(a,d),e=bi(a),g=bi(d);for(h=0;e[h];++h)g[h]&&bh(e[h],g[h])}if(b){bg(a,d);if(c){e=bi(a),g=bi(d);for(h=0;e[h];++h)bg(e[h],g[h])}}e=g=null;return d},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=be[l]||be._default,n=m[0],o=b.createElement("div");o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===""&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bn.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNaN(b)?"":"alpha(opacity="+b*100+")",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bm,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bm.test(g)?g.replace(bm,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bv(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bw=function(a,c){var d,e,g;c=c.replace(bo,"-$1").toLowerCase();if(!(e=a.ownerDocument.defaultView))return b;if(g=e.getComputedStyle(a,null))d=g.getPropertyValue(c),d===""&&!f.contains(a.ownerDocument.documentElement,a)&&(d=f.style(a,c));return d}),c.documentElement.currentStyle&&(bx=function(a,b){var c,d=a.currentStyle&&a.currentStyle[b],e=a.runtimeStyle&&a.runtimeStyle[b],f=a.style;!bp.test(d)&&bq.test(d)&&(c=f.left,e&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":d||0,d=f.pixelLeft+"px",f.left=c,e&&(a.runtimeStyle.left=e));return d===""?"auto":d}),bv=bw||bx,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bz=/%20/g,bA=/\[\]$/,bB=/\r?\n/g,bC=/#.*$/,bD=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bE=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bF=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bG=/^(?:GET|HEAD)$/,bH=/^\/\//,bI=/\?/,bJ=/)<[^<]*)*<\/script>/gi,bK=/^(?:select|textarea)/i,bL=/\s+/,bM=/([?&])_=[^&]*/,bN=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bO=f.fn.load,bP={},bQ={},bR,bS,bT=["*/"]+["*"];try{bR=e.href}catch(bU){bR=c.createElement("a"),bR.href="",bR=bR.href}bS=bN.exec(bR.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bO)return bO.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
").append(c.replace(bJ,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bK.test(this.nodeName)||bE.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bB,"\r\n")}}):{name:b.name,value:c.replace(bB,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.bind(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?bX(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),bX(a,b);return a},ajaxSettings:{url:bR,isLocal:bF.test(bS[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bT},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bV(bP),ajaxTransport:bV(bQ),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?bZ(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=b$(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.resolveWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f._Deferred(),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bD.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.done,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bC,"").replace(bH,bS[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bL),d.crossDomain==null&&(r=bN.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bS[1]&&r[2]==bS[2]&&(r[3]||(r[1]==="http:"?80:443))==(bS[3]||(bS[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bW(bP,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bG.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bI.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bM,"$1_="+x);d.url=y+(y===d.url?(bI.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bT+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bW(bQ,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){s<2?w(-1,z):f.error(z)}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)bY(g,a[g],c,e);return d.join("&").replace(bz,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var b_=f.now(),ca=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+b_++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ca.test(b.url)||e&&ca.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ca,l),b.url===j&&(e&&(k=k.replace(ca,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cb=a.ActiveXObject?function(){for(var a in cd)cd[a](0,1)}:!1,cc=0,cd;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ce()||cf()}:ce,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cb&&delete cd[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cc,cb&&(cd||(cd={},f(a).unload(cb)),cd[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cg={},ch,ci,cj=/^(?:toggle|show|hide)$/,ck=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cl,cm=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cn;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cq("show",3),a,b,c);for(var g=0,h=this.length;g=e.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),e.animatedProperties[this.prop]=!0;for(g in e.animatedProperties)e.animatedProperties[g]!==!0&&(c=!1);if(c){e.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){d.style["overflow"+b]=e.overflow[a]}),e.hide&&f(d).hide();if(e.hide||e.show)for(var i in e.animatedProperties)f.style(d,i,e.orig[i]);e.complete.call(d)}return!1}e.duration==Infinity?this.now=b:(h=b-this.startTime,this.state=h/e.duration,this.pos=f.easing[e.animatedProperties[this.prop]](this.state,h,0,1,e.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){for(var a=f.timers,b=0;b
";f.extend(b.style,{position:"absolute",top:0,left:0,margin:0,border:0,width:"1px",height:"1px",visibility:"hidden"}),b.innerHTML=j,a.insertBefore(b,a.firstChild),d=b.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,this.doesNotAddBorder=e.offsetTop!==5,this.doesAddBorderForTableAndCells=h.offsetTop===5,e.style.position="fixed",e.style.top="20px",this.supportsFixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",this.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,this.doesNotIncludeMarginInBodyOffset=a.offsetTop!==i,a.removeChild(b),f.offset.initialize=f.noop},bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;f.offset.initialize(),f.offset.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(f.css(a,"marginTop"))||0,c+=parseFloat(f.css(a,"marginLeft"))||0);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,"position");d==="static"&&(a.style.position="relative");var e=f(a),g=e.offset(),h=f.css(a,"top"),i=f.css(a,"left"),j=(d==="absolute"||d==="fixed")&&f.inArray("auto",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=ct.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!ct.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cu(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cu(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a&&a.style?parseFloat(f.css(a,d,"padding")):null},f.fn["outer"+c]=function(a){var b=this[0];return b&&b.style?parseFloat(f.css(b,d,a?"margin":"border")):null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNaN(j)?i:j}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f})(window); \ No newline at end of file diff --git a/web/login.jsp b/web/login.jsp deleted file mode 100644 index 3b208460..00000000 --- a/web/login.jsp +++ /dev/null @@ -1,31 +0,0 @@ - - <%@ include file="header.jsp" %> - - <% - String username=""; - String password=""; - Cookie[] cookies = request.getCookies(); - if (cookies != null) - for (Cookie c : cookies) { - if ("username".equals(c.getName())) { - username= c.getValue(); - } - else if("password".equals(c.getName())) - { - password= c.getValue(); - } - } - - %> -
- - - - - - -
UserName:
Password :
Remember me:
<% if(request.getParameter("err")!=null){out.print(request.getParameter("err"));} %>
-
-
- Forgot Password? - <%@ include file="footer.jsp" %> \ No newline at end of file diff --git a/web/myprofile.jsp b/web/myprofile.jsp deleted file mode 100644 index 8b165d2d..00000000 --- a/web/myprofile.jsp +++ /dev/null @@ -1,65 +0,0 @@ - <%@ include file="/header.jsp" %> - <%@page import="java.sql.Connection"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.SQLException"%> - -<%@page import="java.sql.ResultSetMetaData"%> -<%@page import="java.sql.ResultSet"%> -<%@ page import="java.util.*,java.io.*"%> -<%@ page import="model.DBConnect"%> - -<% -if(session.getAttribute("isLoggedIn")!=null) -{ - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - - String id=request.getParameter("id"); - if(id!=null && !id.equals("")) - { - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from users where id="+id); - if(rs != null && rs.next()) - { - out.print("UserName : "+rs.getString("username")+"
"); - out.print("Email : "+rs.getString("email")+"
"); - out.print("About : "+rs.getString("about")+"
"); - - //Getting Card Details: - ResultSet rs1=stmt.executeQuery("select * from cards where id="+id); - if(rs1 != null && rs1.next()) - { - out.print("
-------------------
Card Details:
-------------------
"); - out.print("Card Number: "+rs1.getString("cardno")+"
"); - out.print("CVV: "+rs1.getString("cvv")+"
"); - out.print("Expiry Date: "+rs1.getString("expirydate")+"
"); - } - else - { - out.print("
No Card Details Found: Add Card
"); - } - } - } - else - { - out.print("ID Parameter is Missing"); - } - - out.print("

"); - out.print("
Return to Forum >>"); - -} -else -{ - out.print("Please login to see Your Profile"); -} - - %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/robots.txt b/web/robots.txt deleted file mode 100644 index e10ab731..00000000 --- a/web/robots.txt +++ /dev/null @@ -1,9 +0,0 @@ -User-agent: * -Disallow: /admin/admin.jsp -Disallow: /admin/manageusers.jsp -Disallow: /admin/AddPage.jsp -Disallow: /admin/AddPage.do -Disallow: /admin/Configure.jsp -Disallow: /header.jsp -Disallow: /myprofile.jsp -Disallow: /footer.jsp \ No newline at end of file diff --git a/web/style.css b/web/style.css deleted file mode 100644 index 0df7b839..00000000 --- a/web/style.css +++ /dev/null @@ -1,224 +0,0 @@ -* { - margin: 0px; - padding: 0px; -} -body { - padding-top: 0px; - background:url("images/bg.png") #000; - color: #FFF; - font-family: verdana, arial, sans-serif; - - text-align: left; - letter-spacing: 1px; -} -a {color: #A92332;font-size: 14px;text-decoration:none;} -a:hover {color: #01a9c0;} -.more{float: right; font-size: 11px; color: #add8f9; font-weight: bold; text-decoration: none;} -.clear{clear:both;} -p{ margin: 20px 0px 20px 0px;line-height: 16px;font-size: 14px;} -#container { - margin-left: auto ; - margin-right: auto ; - width:873px; -} -.success -{ - color:green; -} -.fail -{ - color:red; -} -#Main-Container{ - width:750px; - border-radius: 15px; - -webkit-border-radius: 15px; - -moz-border-radius: 15px; - box-shadow: 3px 3px 4px #000; - -webkit-box-shadow: 2px 2px 3px #000; - -moz-box-shadow: 2px 2px 3px #000; - - border: solid 4px #FFF; - margin-left: auto ; - margin-right: auto ; -} -#logo { -width:500px; - - text-align:center; - margin-left: auto ; - margin-right: auto ; -} - -#Main{ - width:650px; - height: 500px; - margin-left: auto ; - margin-right: auto ; -} -#Main h2{ - color: #d4e5f2; - font-family: Arial; - font-size: 18px; - padding: 0 0 10px 5px; -} - -#left { - float:left; - width:435px; - margin: 0px 0px 0px 85px; - display:inline; -} -#right { - float:right; - width:258px; - height:auto; - margin: 0px 62px 20px 0px; - display:inline; -} -#right a img{ - margin: 8px 8px 8px 0px; - border: none 0px #FFFFFF; -} -#menu-bar { -width:680px; - margin: 0px 0px 0px 0px; - padding: 6px 6px 0px 6px; - height: 34px; - line-height: 100%; - border-radius: 15px 15px 0px 0px; - -webkit-border-radius: 24px; - -moz-border-radius: 24px; - box-shadow: 2px 2px 3px #666666; - -webkit-box-shadow: 2px 2px 3px #666666; - -moz-box-shadow: 2px 2px 3px #666666; - background: #000000; - border: solid 4px #FFF; - border-bottom:none; -} -#menu-bar li { - margin: 0 2px; - padding: 0 0 2px; - float: left; - position: relative; - list-style: none; -} -#menu-bar a { - font-weight: bold; - font-family: arial; - font-style: normal; - font-size: 12px; - color: #E7E5E5; - text-decoration: none; - display: block; - padding: 8px 15px; - margin: 0; - border-radius: 10px; - -webkit-border-radius: 10px; - -moz-border-radius: 10px; - text-shadow: 2px 2px 3px #000000; -} -#menu-bar .current a, #menu-bar li:hover > a { - background: #027BAB; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#10D5EB, endColorstr=#0883FF); - background: -webkit-gradient(linear, left top, left bottom, from(#10D5EB), to(#0883FF)); - background: -moz-linear-gradient(top, #10D5EB, #0883FF); - color: #000000; - -webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .2); - -moz-box-shadow: 0 1px 1px rgba(0, 0, 0, .2); - box-shadow: 0 1px 1px rgba(0, 0, 0, .2); - text-shadow: 2px 2px 3px #FFFFFF; -} -#menu-bar ul li:hover a, #menu-bar li:hover li a { - background: none; - border: none; - color: #666; - -box-shadow: none; - -webkit-box-shadow: none; - -moz-box-shadow: none; -} -#menu-bar ul a:hover { - background: #0399D4 !important; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#10D5EB, endColorstr=#0883FF); - background: -webkit-gradient(linear, left top, left bottom, from(#10D5EB), to(#0883FF)) !important; - background: -moz-linear-gradient(top, #10D5EB, #0883FF) !important; - color: #000000 !important; - border-radius: 0; - -webkit-border-radius: 0; - -moz-border-radius: 0; - text-shadow: 2px 2px 3px #FFFFFF; -} -#menu-bar ul { - background: #DDDDDD; - filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#FFFFFF, endColorstr=#CFCFCF); - background: -webkit-gradient(linear, left top, left bottom, from(#FFFFFF), to(#CFCFCF)); - background: -moz-linear-gradient(top, #FFFFFF, #CFCFCF); - display: none; - margin: 0; - padding: 0; - width: 250px; - position: absolute; - top: 30px; - left: 0; - border: solid 1px #B4B4B4; - border-radius: 10px; - -webkit-border-radius: 10px; - -moz-border-radius: 10px; - -webkit-box-shadow: 2px 2px 3px #222222; - -moz-box-shadow: 2px 2px 3px #222222; - box-shadow: 2px 2px 3px #222222; -} -#menu-bar li:hover > ul { - display: block; -} -#menu-bar ul li { - float: none; - margin: 0; - padding: 0; -} -#menu-bar ul a { - padding:5px 0 5px 8px; - color:#424242 !important; - font-size:12px; - font-style:normal; - font-family:arial; - font-weight: normal; - text-shadow: 2px 2px 3px #FFFFFF; -} -#menu-bar ul li:first-child > a { - border-top-left-radius: 10px; - -webkit-border-top-left-radius: 10px; - -moz-border-radius-topleft: 10px; - border-top-right-radius: 10px; - -webkit-border-top-right-radius: 10px; - -moz-border-radius-topright: 10px; -} -#menu-bar ul li:last-child > a { - border-bottom-left-radius: 10px; - -webkit-border-bottom-left-radius: 10px; - -moz-border-radius-bottomleft: 10px; - border-bottom-right-radius: 10px; - -webkit-border-bottom-right-radius: 10px; - -moz-border-radius-bottomright: 10px; -} -#menu-bar:after { - content: "."; - display: block; - clear: both; - visibility: hidden; - line-height: 0; - height: 0; -} -#menu-bar { - display: inline-block; -} - html[xmlns] #menu-bar { - display: block; -} -* html #menu-bar { - height: 1%; -} -#menu-bar ul li ul { - left: 100%; top:0; - background:#FFf; -} diff --git a/web/vulnerability/DisplayMessage.jsp b/web/vulnerability/DisplayMessage.jsp deleted file mode 100644 index bdd332eb..00000000 --- a/web/vulnerability/DisplayMessage.jsp +++ /dev/null @@ -1,46 +0,0 @@ - <%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.Connection"%> -<%@ include file="/header.jsp" %> - <%@ page import="model.DBConnect"%> - <% - if(session.getAttribute("isLoggedIn")!=null) - { - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - if(con!=null && !con.isClosed()) - { - if(request.getParameter("msgid")!=null) - { - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from UserMessages where msgid="+request.getParameter("msgid")); - if(rs.next()) - { - out.print("Sender: "+rs.getString("sender")); - out.print("
Subject:"+rs.getString("subject")); - out.print("
Message:
"+rs.getString("msg")); - } - else - { - out.print("No Message Found"); - } - } - else - { - out.print("Message Id Parameter is missing"); - - } - out.print("

Return to Messages >>"); - - out.print("

Return to Profile Page >>"); - - } - - } - else - { - out.print("* Please login to send message"); - } - %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/Injection/1.xsl b/web/vulnerability/Injection/1.xsl deleted file mode 100644 index 3980b5b0..00000000 --- a/web/vulnerability/Injection/1.xsl +++ /dev/null @@ -1,41 +0,0 @@ - - - - - - - - - -

List of Courses:

- - - - - - - - - - - - -
Course NameURL
- - - - Sign Up - -
- - - - diff --git a/web/vulnerability/Injection/2.xsl b/web/vulnerability/Injection/2.xsl deleted file mode 100644 index 142cbdad..00000000 --- a/web/vulnerability/Injection/2.xsl +++ /dev/null @@ -1,35 +0,0 @@ - - - - - - - - - -

List of Courses:

- -
    - -
  • - - - - - - -
    • - -     -
- - - diff --git a/web/vulnerability/Injection/courses.xml b/web/vulnerability/Injection/courses.xml deleted file mode 100644 index 1b76ecff..00000000 --- a/web/vulnerability/Injection/courses.xml +++ /dev/null @@ -1,19 +0,0 @@ - - - - Hacking and Securing Java based Web Applications - https://www.udemy.com/hacking-securing-java-web-programming/ - - - Hacking and Securing PHP Applications - https://www.udemy.com/hacking-securing-php/ - - - Certified White Hat Hacker - https://www.udemy.com/certified-whitehat-hacker-level-1/ - - - Certified APT Defender - https://www.udemy.com/certified-apt-defender/ - - \ No newline at end of file diff --git a/web/vulnerability/Injection/xpath_login.jsp b/web/vulnerability/Injection/xpath_login.jsp deleted file mode 100644 index 452be0f6..00000000 --- a/web/vulnerability/Injection/xpath_login.jsp +++ /dev/null @@ -1,14 +0,0 @@ - - <%@ include file="/header.jsp" %> - -
- - - - - - -
UserName:
Password :
<% if(request.getParameter("err")!=null){out.print(request.getParameter("err"));} %>
-
-
- <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/Injection/xslt.jsp b/web/vulnerability/Injection/xslt.jsp deleted file mode 100644 index f2582ebe..00000000 --- a/web/vulnerability/Injection/xslt.jsp +++ /dev/null @@ -1,17 +0,0 @@ - -<%@ include file="/header.jsp" %> -<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> -<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %> -
- Select Style: - -

- - - - - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/Injection/xxe.jsp b/web/vulnerability/Injection/xxe.jsp deleted file mode 100644 index 2419a47a..00000000 --- a/web/vulnerability/Injection/xxe.jsp +++ /dev/null @@ -1,26 +0,0 @@ - -<%@ include file="/header.jsp" %> - - -
-
- <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/Messages.jsp b/web/vulnerability/Messages.jsp deleted file mode 100644 index e58fc75e..00000000 --- a/web/vulnerability/Messages.jsp +++ /dev/null @@ -1,33 +0,0 @@ - <%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.Connection"%> -<%@ include file="/header.jsp" %> - <%@ page import="model.DBConnect"%> - <% - if(session.getAttribute("isLoggedIn")!=null) - { - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - if(con!=null && !con.isClosed()) - { - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from UserMessages where recipient='"+session.getAttribute("user")+"'"); - out.print("

Message:
"); - out.println("
    "); - while (rs.next()) - { - out.print("
  1. "+rs.getString("subject")+"
    2. "); - - } - out.println("
"); - } - out.print("

Return to Profile Page >>"); - - } - else - { - out.print("* Please login to send message"); - } - %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/SendMessage.jsp b/web/vulnerability/SendMessage.jsp deleted file mode 100644 index e28563e9..00000000 --- a/web/vulnerability/SendMessage.jsp +++ /dev/null @@ -1,34 +0,0 @@ - <%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.Connection"%> -<%@ include file="/header.jsp" %> - <%@ page import="model.DBConnect"%> -<% - if(session.getAttribute("isLoggedIn")!=null) - { - if(request.getParameter("status")!=null) - { - out.print(request.getParameter("status")); //Displaying any error message - } - -%> -

-
- - - - - - -
Recipient: "/>
Subject :
Message :
"/>
-
-<% - - } - else - { - out.print("* Please login to send message"); - } -%> - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/UserDetails.jsp b/web/vulnerability/UserDetails.jsp deleted file mode 100644 index fd435299..00000000 --- a/web/vulnerability/UserDetails.jsp +++ /dev/null @@ -1,34 +0,0 @@ - <%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.Connection"%> -<%@ include file="/header.jsp" %> - <%@ page import="model.DBConnect"%> - <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - String username=request.getParameter("username"); - if(username!=null && !username.equals("")) - { - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from users where username='"+username+"'"); - if(rs != null && rs.next()) - { - out.print("
About "+rs.getString("username")+":
"+rs.getString("about")); - - } - - if(session.getAttribute("isLoggedIn")!=null && !session.getAttribute("user").equals(username)) - { - out.print("

"); - out.print("Send Message to "+username+""); - } - } - else - { - out.print("Username Parameter is Missing"); - } - - out.print("

Return to Forum >>"); - %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/baasm/SiteTitle.jsp b/web/vulnerability/baasm/SiteTitle.jsp deleted file mode 100644 index 298ec8d1..00000000 --- a/web/vulnerability/baasm/SiteTitle.jsp +++ /dev/null @@ -1,45 +0,0 @@ - <%@page import="java.io.FileOutputStream"%> -<%@ include file="/header.jsp" %> - <% - - String privilege=""; - - Cookie[] cookies = request.getCookies(); - if (cookies != null) - for (Cookie c : cookies) { - if ("privilege".equals(c.getName())) { - privilege= c.getValue(); - } - } - - if(!privilege.equalsIgnoreCase("") && privilege.equalsIgnoreCase("admin")) -{ - - %> -
- - - -
Website Title:
-
- - <% - if(request.getParameter("save")!=null) - { - Properties props=new Properties(); - - props.load(new FileInputStream(configPath)); - props.setProperty("siteTitle",request.getParameter("siteTitle")); - FileOutputStream fileout = new FileOutputStream(configPath); - props.store(fileout, null); - fileout.close(); - out.print(" Configuration saved "); - } - } - else - { - out.print(" x You Are not Authorized to view this Page
"); - out.print(" ✔ only admin can view this page"); - } - %> - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/baasm/URLRewriting.jsp b/web/vulnerability/baasm/URLRewriting.jsp deleted file mode 100644 index bb98b237..00000000 --- a/web/vulnerability/baasm/URLRewriting.jsp +++ /dev/null @@ -1,9 +0,0 @@ - <%@ include file="/header.jsp" %> - - <% - out.print("Your Session ID:"+session.getId()); - %> -
-
- X Never Expose Session IDs in URL. X
- <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/csrf/change-info.jsp b/web/vulnerability/csrf/change-info.jsp deleted file mode 100644 index ba498527..00000000 --- a/web/vulnerability/csrf/change-info.jsp +++ /dev/null @@ -1,48 +0,0 @@ - <%@ include file="/header.jsp" %> - <%@page import="java.sql.Connection"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.SQLException"%> - -<%@page import="java.sql.ResultSetMetaData"%> -<%@page import="java.sql.ResultSet"%> -<%@ page import="java.util.*,java.io.*"%> -<%@ page import="model.DBConnect"%> - - -<% -if(session.getAttribute("isLoggedIn")!=null) -{ - %> - Change Details About You:

-
- Description: -

- -
-
- <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - - String info=request.getParameter("info"); - String id=session.getAttribute("userid").toString(); - if(info!=null && !info.equals("") && id!=null) - { - Statement stmt = con.createStatement(); - stmt.executeUpdate("Update users set about='"+info+"' where id="+id); - out.print("info Changed"); - } - - out.print("

Return to Profile Page >>"); - -} -else -{ - out.print("Please login to see Your Profile"); -} - - %> - - - - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/csrf/changepassword.jsp b/web/vulnerability/csrf/changepassword.jsp deleted file mode 100644 index ba849131..00000000 --- a/web/vulnerability/csrf/changepassword.jsp +++ /dev/null @@ -1,62 +0,0 @@ - <%@ include file="/header.jsp" %> - <%@page import="java.sql.Connection"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.SQLException"%> - -<%@page import="java.sql.ResultSetMetaData"%> -<%@page import="java.sql.ResultSet"%> -<%@ page import="java.util.*,java.io.*"%> -<%@ page import="model.DBConnect"%> - - -<% -if(session.getAttribute("isLoggedIn")!=null) -{ - String id=session.getAttribute("userid").toString(); - %> - Enter the New Password:

- - - - - - - -
New Password:
Confirm Password:
-
- <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - - String action=request.getParameter("change"); - if(action!=null) - { - String pass=request.getParameter("password"); - String confirmPass=request.getParameter("confirmpassword"); - if(pass!=null && confirmPass!=null && !pass.equals("") ) - { - if(pass.equals(confirmPass) ) - { - Statement stmt = con.createStatement(); - stmt.executeUpdate("Update users set password='"+pass+"' where id="+id); - out.print("Password Changed"); - out.print("

Return to the Previous page "); - } - else - { - out.print("Passwords didn't match"); - } - - } - else - { - out.print("Password can't be empty"); - } - } - } - - %> - - - - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/forum.jsp b/web/vulnerability/forum.jsp deleted file mode 100644 index 8632f5b3..00000000 --- a/web/vulnerability/forum.jsp +++ /dev/null @@ -1,82 +0,0 @@ -<%-- - Document : forum - Created on : 1 Dec, 2014, 3:22:09 PM - Author : breakthesec ---%> - -<%@page import="java.sql.Connection"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.SQLException"%> - -<%@page import="java.sql.ResultSetMetaData"%> -<%@page import="java.sql.ResultSet"%> -<%@ page import="java.util.*,java.io.*"%> -<%@ page import="model.DBConnect"%> - - -<%@page contentType="text/html" pageEncoding="UTF-8"%> - - <%@ include file="/header.jsp" %> -<% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - if(session.getAttribute("isLoggedIn")!=null && session.getAttribute("isLoggedIn").equals("1")) - { - out.print("Hello "+session.getAttribute("user")+", Welcome to Our Forum !"); - } - %> -

-

Create Post:

-
- Title :
- Message:
- " size="50"/>
- -
- -
-<% - - if(request.getParameter("post")!=null) - { - String user=request.getParameter("user"); - String content=request.getParameter("content"); - String title=request.getParameter("title"); - if(con!=null && !con.isClosed()) - { - Statement stmt = con.createStatement(); - //Posting Content - stmt.executeUpdate("INSERT into posts(content,title,user) values ('"+content+"','"+title+"','"+user+"')"); - out.print("Successfully posted"); - } - } - - %> -

List of Posts:

- <% - if(con!=null && !con.isClosed()) - { - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from posts"); - out.println(""); - while (rs.next()) - { - out.print(""); - out.print(""); - out.print(""); - - } - out.println("
"+rs.getString("title")+" - Posted By "); - if(!rs.getString("user").equalsIgnoreCase("anonymous")) - { - out.print(""+rs.getString("user")+""); - } - else - { - out.print(rs.getString("user")); - } - out.println("
"); - } - out.print("
Forum Users list >>"); - %> - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/forumUsersList.jsp b/web/vulnerability/forumUsersList.jsp deleted file mode 100644 index e05fc621..00000000 --- a/web/vulnerability/forumUsersList.jsp +++ /dev/null @@ -1,28 +0,0 @@ - <%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.Connection"%> -<%@ include file="/header.jsp" %> - <%@ page import="model.DBConnect"%> - <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - String username=request.getParameter("username"); - - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from users"); - out.print("Users: "); - out.print("
    "); - while( rs.next()) - { - out.print("
  1. "); - out.print(""+rs.getString("username")+""); - out.print("
    2. "); - } - out.print("
    Return to Forum >>"); - %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/forumposts.jsp b/web/vulnerability/forumposts.jsp deleted file mode 100644 index e442e02a..00000000 --- a/web/vulnerability/forumposts.jsp +++ /dev/null @@ -1,30 +0,0 @@ - <%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.Connection"%> -<%@ include file="/header.jsp" %> - <%@ page import="model.DBConnect"%> - <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - - String postid=request.getParameter("postid"); - if(postid!=null) - { - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from posts where postid="+postid); - if(rs != null && rs.next()) - { - out.print("Title:"+rs.getString("title")+""); - out.print("
    - Posted By "+rs.getString("user")); - out.print("

    Content:
    "+rs.getString("content")); - } - } - else - { - out.print("ID Parameter is Missing"); - } - - out.print("

    Return to Forum >>"); - %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/idor/change-email.jsp b/web/vulnerability/idor/change-email.jsp deleted file mode 100644 index 8ab67b12..00000000 --- a/web/vulnerability/idor/change-email.jsp +++ /dev/null @@ -1,49 +0,0 @@ - <%@ include file="/header.jsp" %> - <%@page import="java.sql.Connection"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.SQLException"%> - -<%@page import="java.sql.ResultSetMetaData"%> -<%@page import="java.sql.ResultSet"%> -<%@ page import="java.util.*,java.io.*"%> -<%@ page import="model.DBConnect"%> - - -<% -if(session.getAttribute("isLoggedIn")!=null) -{ - %> - Enter the New Email:

    -
    - New Email ID: - "/> -

    - -
    -
    - <% - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - - String email=request.getParameter("email"); - String id=request.getParameter("id"); - if(email!=null && !email.equals("") && id!=null) - { - Statement stmt = con.createStatement(); - stmt.executeUpdate("Update users set email='"+email+"' where id="+id); - out.print("email Changed"); - } - - out.print("

    Return to Profile Page >>"); - -} -else -{ - out.print("Please login to see Your Profile"); -} - - %> - - - - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/idor/download.jsp b/web/vulnerability/idor/download.jsp deleted file mode 100644 index 19c738bc..00000000 --- a/web/vulnerability/idor/download.jsp +++ /dev/null @@ -1,45 +0,0 @@ -<%@page import="java.io.DataInputStream"%> -<%@page import="java.io.FileInputStream"%> -<%@page import="java.io.File"%> -<% - if(request.getParameter("file")!=null) - { - String context = request.getContextPath(); - - int BUFSIZE = 4096; - String filePath; - filePath = request.getParameter("file"); - File file = new File(getServletContext().getRealPath(context)); - file = new File(file.getParent()+"/docs/"+filePath); - int length = 0; - ServletOutputStream outStream = response.getOutputStream(); - response.setContentType("text/html"); - response.setContentLength((int)file.length()); - String fileName = (new File(filePath)).getName(); - response.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\""); - - byte[] byteBuffer = new byte[BUFSIZE]; - DataInputStream in = new DataInputStream(new FileInputStream(file)); - - while ((in != null) && ((length = in.read(byteBuffer)) != -1)) - { - outStream.write(byteBuffer,0,length); - } - - in.close(); - outStream.close(); - } - else - { - %> - <%@ include file="/header.jsp" %> -

    Download Files:


    - - - <%@ include file="/footer.jsp" %> - <% - } - %> \ No newline at end of file diff --git a/web/vulnerability/mfac/SearchEngines.jsp b/web/vulnerability/mfac/SearchEngines.jsp deleted file mode 100644 index e031179d..00000000 --- a/web/vulnerability/mfac/SearchEngines.jsp +++ /dev/null @@ -1,4 +0,0 @@ - <%@ include file="/header.jsp" %> - - There is a file that instructs Search Engines which part of the application should be crawled. The file also prevents Search Engines from accessing & Indexing certain parts of the application. Try, If you are able to access it ;) - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/sde/hash.jsp b/web/vulnerability/sde/hash.jsp deleted file mode 100644 index 4306cc86..00000000 --- a/web/vulnerability/sde/hash.jsp +++ /dev/null @@ -1,6 +0,0 @@ - <%@ include file="/header.jsp" %> - The admin Login credentials for this application has been protected with Hashing. Try, If you are able to crack it. -

    Btw, You need another vulnerability to gain access to the hashed credentials -

    (The admin is a Blood pressure patient, so he doesn't add salt in his food') - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/securitymisconfig/pages.jsp b/web/vulnerability/securitymisconfig/pages.jsp deleted file mode 100644 index 4393fc73..00000000 --- a/web/vulnerability/securitymisconfig/pages.jsp +++ /dev/null @@ -1,39 +0,0 @@ - <%@page import="java.sql.SQLException"%> -<%@page import="java.sql.ResultSet"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.Connection"%> -<%@ include file="/header.jsp" %> - <%@ page import="model.DBConnect"%> - <% - try - { - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - - String id=request.getParameter("id"); - - if(id!=null && !id.equals("")) - { - int idNumber=Integer.parseInt(id); - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from posts where postid="+idNumber); - if(rs != null && rs.next()) - { - out.print("Title:"+rs.getString("title")+""); - out.print("
    - Posted By "+rs.getString("user")); - out.print("

    Content:
    "+rs.getString("content")); - } - } - else - { - out.print("ID Parameter is Missing"); - } - } - catch(SQLException e) - { - out.print(e.getMessage()); - } - out.print("

    Return to Forum >>"); - %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/sqli/download.jsp b/web/vulnerability/sqli/download.jsp deleted file mode 100644 index 7d86c4c3..00000000 --- a/web/vulnerability/sqli/download.jsp +++ /dev/null @@ -1,8 +0,0 @@ - <%@ include file="/header.jsp" %> -

    Download Files:


    - - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/sqli/download_id.jsp b/web/vulnerability/sqli/download_id.jsp deleted file mode 100644 index 5949e76a..00000000 --- a/web/vulnerability/sqli/download_id.jsp +++ /dev/null @@ -1,65 +0,0 @@ -<%@page import="java.io.DataInputStream"%> -<%@page import="java.io.FileInputStream"%> - <%@page import="java.sql.Connection"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.SQLException"%> - -<%@page import="java.sql.ResultSetMetaData"%> -<%@page import="java.sql.ResultSet"%> -<%@ page import="java.util.*,java.io.*"%> -<%@ page import="model.DBConnect"%> - - -<%@page import="java.io.File"%> -<% - String path = request.getContextPath(); - try - { - String fileid=request.getParameter("fileid"); - if(fileid!=null && !fileid.equals("")) - { - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from FilesList where fileid="+fileid); - if(rs != null && rs.next()) - { - - int BUFSIZE = 4096; - String filePath=rs.getString("path"); - - File file = new File(getServletContext().getRealPath(path)); - file = new File(file.getParent()+filePath); - int length = 0; - ServletOutputStream outStream = response.getOutputStream(); - response.setContentType("text/html"); - response.setContentLength((int)file.length()); - String fileName = (new File(filePath)).getName(); - response.setHeader("Content-Disposition", "attachment; filename=\"" +new Random().nextInt(10000)+ "\""); - - byte[] byteBuffer = new byte[BUFSIZE]; - DataInputStream in = new DataInputStream(new FileInputStream(file)); - - while ((in != null) && ((length = in.read(byteBuffer)) != -1)) - { - outStream.write(byteBuffer,0,length); - } - - in.close(); - outStream.close(); - } - else - { - out.print("File Not Found"); - } - } - else - { - out.print("File Parameter is missing"); - } - } - catch(Exception e) - { - out.print("Oops, Something Went wrong"); - } - %> \ No newline at end of file diff --git a/web/vulnerability/sqli/download_id_union.jsp b/web/vulnerability/sqli/download_id_union.jsp deleted file mode 100644 index 750ab15e..00000000 --- a/web/vulnerability/sqli/download_id_union.jsp +++ /dev/null @@ -1,65 +0,0 @@ -<%@page import="java.io.DataInputStream"%> -<%@page import="java.io.FileInputStream"%> - <%@page import="java.sql.Connection"%> -<%@page import="java.sql.Statement"%> -<%@page import="java.sql.SQLException"%> - -<%@page import="java.sql.ResultSetMetaData"%> -<%@page import="java.sql.ResultSet"%> -<%@ page import="java.util.*,java.io.*"%> -<%@ page import="model.DBConnect"%> - - -<%@page import="java.io.File"%> -<% - String path = request.getContextPath(); - try - { - String fileid=request.getParameter("fileid"); - if(fileid!=null && !fileid.equals("")) - { - Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); - Statement stmt = con.createStatement(); - ResultSet rs =null; - rs=stmt.executeQuery("select * from FilesList where fileid="+fileid); - if(rs != null && rs.next()) - { - - int BUFSIZE = 4096; - String filePath=rs.getString("path"); - - File file = new File(getServletContext().getRealPath(path)); - file = new File(file.getParent()+filePath); - int length = 0; - ServletOutputStream outStream = response.getOutputStream(); - response.setContentType("text/html"); - response.setContentLength((int)file.length()); - String fileName = (new File(filePath)).getName(); - response.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\""); - - byte[] byteBuffer = new byte[BUFSIZE]; - DataInputStream in = new DataInputStream(new FileInputStream(file)); - - while ((in != null) && ((length = in.read(byteBuffer)) != -1)) - { - outStream.write(byteBuffer,0,length); - } - - in.close(); - outStream.close(); - } - else - { - out.print("File Not Found"); - } - } - else - { - out.print("File Parameter is missing"); - } - } - catch(Exception e) - { - out.print("Oops, Something Went wrong"); - } - %> \ No newline at end of file diff --git a/web/vulnerability/sqli/union2.jsp b/web/vulnerability/sqli/union2.jsp deleted file mode 100644 index 21f53752..00000000 --- a/web/vulnerability/sqli/union2.jsp +++ /dev/null @@ -1,9 +0,0 @@ - <%@ include file="/header.jsp" %> - -

    Exploit this page with Union Exploitation technique:


    - - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/unvalidated/OpenForward.jsp b/web/vulnerability/unvalidated/OpenForward.jsp deleted file mode 100644 index 4844bcb1..00000000 --- a/web/vulnerability/unvalidated/OpenForward.jsp +++ /dev/null @@ -1,7 +0,0 @@ - <%@ include file="/header.jsp" %> - - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/unvalidated/OpenURL.jsp b/web/vulnerability/unvalidated/OpenURL.jsp deleted file mode 100644 index ccc824e8..00000000 --- a/web/vulnerability/unvalidated/OpenURL.jsp +++ /dev/null @@ -1,4 +0,0 @@ - <%@ include file="/header.jsp" %> - Cyber Security & Privacy Foundation has always been committed in providing the public with knowledge on how to defend themselves from malicious elements on the internet. Hence, we have started a new Certification Program that checks the security and quality of websites and security products. -

    Click Here to know more >> - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/xss/flash/exss.jsp b/web/vulnerability/xss/flash/exss.jsp deleted file mode 100644 index d14e476a..00000000 --- a/web/vulnerability/xss/flash/exss.jsp +++ /dev/null @@ -1,10 +0,0 @@ - <%@ include file="/header.jsp" %> - -
    - - - - - -
    - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/xss/flash/xss1.swf b/web/vulnerability/xss/flash/xss1.swf deleted file mode 100644 index 8013668bce65695bb451d16f2156ec63e96e0ea4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 59563 zcmV(jK=!{wS5pa`>;M3GoV-|7R~$@~M1#A#`{3>&Sa65IU4uIWcPE1k4#C~sT?cn} zm*7Ey?6;5m2eu#TboWD_zW1K4s@vXB@WxP37{8&QP@$ouu%P}Mk}#j2pW?96|4pNC zp`fhiK!IVP5TQu_7onBG&`>aP*w{HRP@YC@5$sSVd?LXmRiLt8S*COL@27EUDnd9;f1J&Gib+R${_TVq)Sz9Aof7tx-K=l?Dw4=d{+567&157`s zi3CoZ+76xC53kz}uiHi6J`fx~6E|;EHgEFU_VU_$UuHIU-U$9UeX=~Yeh$2E1s;6- z>2(Wys@>fABzb!J4E-1RIsQKQIrx6?dHiwvdGv9%(;oPm{7)s2`Q~5Vr~Ajt%wF%? zi`VDfiTGQq_~%*g=gZ9J>q+3pe~Y8Qx0l+_i6XsQ*+R8ns!-2$qjYAI26z?zd6)9j&fKBY#0 zLb3p|$V!W%B;B3yDIIsWCa9PiA_a#3VDERK!5*>^&ZP)b!yT4Of*S7{YfKqH^_%gq zUzpXp(@|4#X>zW}G~wr>ns;jP2%z~M<0u%#3H6K987^KbiF*Q54Mu^aX<-qs0=m~9 zsTiQO;0Xwe=0Q@!J$ve2==zQdxeY-~bs0*xl+F!R#*cDE$&2^fd2+sL0xUFOGBBPv zJ;}l}xVLC6EVnzA5w}qWmD^2RMCZ{h!Knpu7#b0FCn@z`Vhi*s~e2B=!?$t?T3C-BwBf%1?#!?;)D>=x47NZgRHSDt* zz}qWoSfqkQ&v?vk#Z-oFNXeiA+hS;xFV(zB&-o~PZ#N#d`8E3iBj%ap0MmkqRTo{d zk_3+QAG>8c$l(k2;CGXZV2|sHt@!~rs4k_sTg8g;#iaA1aT~qeFsTpz2F<|_ce>^X z8MY7gd-Mf&O?mw9_?FESx&^KU6tbPAfn=kmQ6JU?(ewdoN{_A5*D!Et$rl-iHg9I& zhE(txUk03_2>XSvMKpzJ{ZJUgmU>#s&_Tml1KvU#;)iZ>*iNGzHRQpa2HN+|csPk5 zN@p3KvOuP**hN*BKjp|#M=SP`Yii!!h|iXKe0dUH@wt&6rPp%lF!<=N47&~Azc{&Iv&Kf#!38@ogPdd;P0ZT1D@ zF?H3!5{DSnyG$%RzbaxAL8Nz_0jWT^?;0iPi?gEN$J1iUxg~Xqcc7CSx|SdzzgmIF zJCAm9i==u`(%dA@JiC^&1MKsBsF&y;a#|}|)7pyXh5LPORX@@xe`og6*`G8c_`aZn zr3RCtr~}(E_jyOn8z~%!;6Z9ZR{&i4o9!is#=>Y?fil*bD!HKM)}QH^HXmQop$-!) zKhVLiK&gmyd8(uv-6DB6A&*A%0$y0IuSjsh%-j&)*2+D0=Gl#u5v8^+E4ke`qN1Ll zXtjS%W78CkVZTrP0k(8LRdfmzDnie1?qbvpxn`0!T3Q;Zm#;nIq^}^$Pz9?6PqdND zGho;t2Iz+x7-e`7v*d&1Ezx(zm2vy8=md6g2PQS_yw|6@wLl)!nhTWR-xRBE3N>={ z(Su+vqq?eC{5#r6p|WLQ++8(<`Zq+RU2D1~N-Q!FwLGOD2#Me*#B+6WX=`)&~qAQSkie zCvZDS6Mx{>M6IJU-AS7H23qMoQ6QiXE>j7Og^rnSK78h3auP)Mrj(IF1K~7b#~#hB za1;uURtCN18TSx9M_JyXgV%ZGkD|-k-X%a{&jIS6FbSn3jPe#pc8JHDYB_Kh2$yaTQQlPFy%ixB=rpKtA#YPDl5SsX4UxTlSrQ9BW;*Nr4E~K@as;^Dpxd$q; zPC9DR_^_4~Add!F;b}q|iU&IUg})F0g}V}J&EVRjE81XS6( zItDtrwdzLQ8B8L6-hk(IDH0sazQsXY$SM%YE{ms`*b7p_db~LK*nBE0=NSpBi>_CU zIaqc!$$20HQjl$aL+Q*sE57>IG7L0>*5(cH>H7H2z5`L;6C1*|83>(LY4sO;($a3^ zPhv}mLJM)%gy2}5aVz}FXAPzUq!`+kwJGX#NDe2gj}-BGY@kqznB8{7bO!RUd`Ln!lyb86ftrNUj=nIb=czXSf*9)|)j#u@^BY>Cg~%i_HTsaPj?qC-07 zkgDQ>Ehho`EgRf|CO-N)f&2=<_>Z8Sz^-oI79jUYBy6YSe3vCa zg)ox>oy-!6Z<``fSDZcFa3jx-VSNO&;<-NJ-o46&Rb;New`W5mHVd)Q<522=d@C&2 znVLrcPmmM~U2j-CV2JAni)Y z4TC1wiw(l{N3QbmH)0?))^)Yw65AJtXmDL!gNvt_l2DxxwAGlJ{3%aoL)1R-o`9**%tJaH|Qbqny zA#BZ+TW)>pcoI*S3fd4pN1tf^FBjm_11?M8I(t0F5dt8GUl(~S$)L%F?|xL1>5m#G z19(dzZ+Hwlr9qqv-1H#4BxIG69)Epj=q1*ge`1$}l&^|kM!yvncU~x|OI(tcK-6vp zFBBWYb4$?JRoTAQm(*2%0B?`1`4*NmhUu%x7ddAg@j<)GqSIQE8oZ~4x@*JwAXr~-y)Z1eK zf!2ItaksPi4ndZ>l#nt(jAlB$)dPI6{^;T)tsJY}{_i*mWB{)s)zxYQja9|0Fi=IZ-4{)+i!NCMm5b(EG5TC?c`w-1Z%|f}#nS z>QIyZ9GS$@UlD9-^IH7w{ljASkaAUVoUe?y@B+O+*S zR}o9rH&JI=+)fTzr7rCHGgb>8|w_(=lqK2iBSxxmx+Z zX$1Q|jxh~|VHgk|f=~lbPnVLi?VX}vFfKT+E)_bkgE_zCjvtU?)wVq8bw&poX5jna zNhx-^eAYTsAV5F?-}L^8GAhxlgG-6zn+mr4((Zlw&(;fB(A*I*qIm8hre+a$R(49^ zPIYi|E}9H*%ksJsOY%0qY%8IipP5){S@-88{b2}BKUE@78uZn78J$}#j{RswHzYdH z`$x=D>_{!M(d#Nka>E(AY)5hIr96ao>GAhiLlByAQZ+DXZ$ogrJ94kh*=?efcEEDS6!ge;+Flxp z4?+rO+yKjp^!=eb%%2hld{=Fv3BJ0^mPXW&;QFEL(%P#cKqG5<+lh6bI*(Pe1+?mN zC$hT~wV8!EkD7X*jhLCH72~ZBQPwta=LS+K5cij>P(fxq< zW+sYT$>IC1jV2ISdI%H0)L$g51_?G=&~FF3VPwN8Za%#+R;ugIJ3y=ewk|t}80BAA z|72%fx42yHLJOIcSMK~ANM08b-z!SwexX)X5osX`GoAFdx)f0lGmL+&)Pml$?>arA zNT&Hbcn2sc*lHW(9n}usI>@Z07wEx7%D!@H%vSD*QXLUz zn4LOHe5w{5E(o!wPkC_Z&M^m8_?6BoBG3%n&$rnGnCR- zS3N`B`CITwK}Y0qG)}M37f$9!*aJnL0#+U5&F)Cm0JVPgED1F;6U@bGW~`3;vLDK7 z41b5zR|57onaGE>CtKJWQx(i#$0x~_+_;`lN!)dJ{PCk^fa>=z2dU??6#N|%Rc0~l zGo#g4&%0y&V{;RxwjyA)B#VCu4I**$+dP;qNff)pu*e{dL&6&;qr zpK=vL#JUyhDmi;OZyf?7a+5@cd|3gdm9QB>E&KR* zTFk!BSuDo@1EFi5gmc?Yw#L7&NXC^_&egbu2S+& z!4^x>QaWP6SLY7fh#V=)1Z!Wvn}eEWao(_WdOkXh6#2PQWK-F{F7G@L5ZxD=2@G(^ z*(5wM-CP`5z;CJ5JD>W$NY-T;XXyXjQ?JdLjDZtZ?T?BKiuIKZ){B(%A+4OXb7L6x z?H2H@A(p?=t-~Vw@trM6H~KF-ZaIy43@I+`V?e|B7evsFpKDj-0jNU!D7goJAL;%+ z!0d2NR@FTHvoj{y8By1(!>vqX>l4jv7;#jPdU0)P5Qx#3q}FvF2P>E$?O6^b>6nqG`;8a~G^5Wt1GXW&W{PEo?=w z&5i^VC(8Eg_>LE!nA>MMW?yH4d4auMKspQbjRrvu8f*HV9cYDY%dd&|0&BA|Aq6Vk zF={y#>C0<9N>}UK5t+34F^uBXY4`KdO14>Ro3bm)!kPA|&w}T)$wFa8?+L|kNZ@^S z_V!bEX8S>ObxlP;ZfLZu18&6PSccKOn5hVTxar;?&QB>M&`!+AaE1ywTlcn zNgGk#QE-nkYKMvjphTxR87IdLch1zMScA3y&HHvZMluN#hqDHQ;m4?-rTBRb8ij87 zqFpkBL(2Pkw6TJaa)E(cwEkRJ19W;mxI0BcyHOSc!miT&M#Sx$2u5^~k3REuX`8zJJ=4QRqhi^k;o+dAb~UR# z@<^fhmR2~l0|aZBW%AEA*6RSeFAwim%4vV^__e(T4yp&kFGRQx$2K;E{DyYOkP(we zO2zE+LOsI85L`ed>yU)1uR~L8l_oytQYZt=@F|MVN{^_|1>{Gw1Cg`KWa(J#E+>S$ z72g(iW8X@j4ZEQU{SDp2os5Nybwc^-JHz7nPKFSyq1xDL_ljCQL6Uz3(2M)qfOKsp1?LcEu}%I|OHUgv2*W?2qbr6o1alYAhSlo&oxP?TR; z&5={lTGD-Wmq0Ra1{X{C3;1&KOBh_ell(ImXOdPxceERIl7&b9emzLX4k5-CX@#e> zP!+&h66q&4mQ-n!0PQR>9OjjjzyR%7W7&4wG6ef9e6zO^#+sHwo5SDol}T96tp1)o z#_APRIlmG`L|b;mPHsl6J13As_0#S!RU>cu#P`yqEmSa%FF5jzP~p*?O;L$=lLI=P zC@U7v7wiaQ_#oRELcW9oYjqHXjgmIueT+R6Zypt0b{||zY_71mt$t`M(l6CCXaSk% zb%)wAr>QNxIy>5AhbW|ls!puVe-eRzr|10mZ6<@1)m%T^Jg1J!u~G%l4UV$fKX~Tr zNUV&vlZ&eAaQQu9&!W%>GlOf3&M@y1-FpYsZnF^IXi-rt&V483p?s3IV1SC{q%%cy zEUP>MIMgpdTK zpp>LZLZD{9j0oJqeoVTG{&C-KN1fG!!S-dV1z?*SnSox-x|!ScrbfkgNDzyayg0Vj zLKNC=q02nF0AcdO|2-f7;Z?V}+1ORCgi?rNw~jAwegE8pSK&)ddyCsQy3!vZ+{4+Dwh#Ba`SR#|8QNo#bpQBbUIMK&1FVr_e!3A(t~@67>a*8NSMIC}0eoVV8Q6u`-U|M!QHbiB z;tFON=T8d6D2uInI#SlEGE63{MLA&L&BdWHmy;?beb+m#m3Lv9z*_n=Vu7zNE13@} z%JD6);^e1acCoiWYkv6z^*v$OpA^EnFOD|R*jcVV+B563@?fDUj?rCpE>ewMxIq<9 z!_J-ch9EpCgWB1->qa;W@#^e^y^ili}5y+Q) zEJ)43SV4&y&G$_{hOdGS0P0|K=xXry5yU{_3tEK2ftk!}bq?O0CY+wmixWwY&z>s& zX?5sPOxgz;bvu|1-KIh^?E&R2WR9^y?!J2oT{S!?3X5NBwUC9g4Y|{>SFfiZC|T2- zhMCtNl%?%fP~FwfANx7_J;xDgUuo}4Uozqaq!-!M;iLTnft-xF?<)96oW(kIdc`9$ z@=Tc0nVm{q&gDup+`&&=vjTjK5W;VxzsIBl%jl->edgwTR`%-md*_H z;CM4u7AEm+jt4&ha_4YUEHtIt)(IR7YhzxmGTYvQb@s-_;v89iv2=Z1XDZkNBpAxs zk&+Ts`@_i73_vDz1L&Di8PyJn7$ZI9D5ZoU=32eqKFre+`A*2!;N7mO+xNYAS{^v} zf8wLq+Y|K}eZRXU|CXhtSbEPXSREe0(j?NLroxE)KoBWEs1hEDoawTvtz_CWd@^A_0Q1lhqRs2 za#+zI;8;&HkZ#l)F?B6vBuvW&6xYTNYB#Rv&LeTQ0&-fS-JeJNyag!iPw47k*vMV& zPJKUJ-N(*`OlxH@UDeN=OAvaZ7|nGWVC-~pHrYy_x)5UyD#as{2##A&bDAwxX`US8 z{e(+FiPV$wP=&&RwdY6r2+uxM;hPP#mKP0Qn5pblSXUOKoaJ?{-c32G@4?v!%HxV` z%u-Ctr=B>x=G%_Svc{P1d;^&$(MK2J&A>a2ie3)aEamq$-n)lj5Ib(N`|jAnO0%+B z%8F^BLE|Qz1GBp23H+wTKbf)76Vw8I<_f-oo`0_(UJ+lsi(28U zUyzeTNBBqO`&#ofh|?lFC-xhjixo^I&7pXUwY;4VsVf#n_4$ov39}<^oNQp!Q3Tmn zlK4#ynUjM_EUPj6N!eV#Grs{`NdF40Q#Mb-VJ-i5>3%jP$d*O2XMNlmLy%YdII4Qj z9>rj>QKfzcZ+B=z=2CyR#w}nnIsmiO9pCgS{n1%*2<=e57jxOx$)1tNO)5{bn@*Rz?iEeZ2O;dtz-4)JGGYw!g;tLf9RcT`GiX3y*nmlVf1eX zAX@yPC}+F6DSc1P-BqvrHPQ_z19S^XqmD;=c#(FMHVWQ5Iri%~kv2k~hAO-($HB)W zaOhGi5P37sMJ%z_SE$#zK9tJZmWmx=fNHyZ3S{p*Kz!uGq_vC$MiHE)uIv8`s%_2FI%smN2= zCucovT(NiKyKsJyM?+J3WxbHDNZnUJ}72boOE?kU>vo=AiWd||zsASE?Dk^Ao z8E{D2u@7Bu`S*wfdd?(b9rHv_vMxUIJwK& z>5z}x)$_X@&s}Bp*4^~jg}@hZWDV_rpY5c5AP`SyspHi#LGA|)_bpA7jBk^ z9(MEoTl~6r6l?n@|1z`UiNxX9OPU(-^MVtnFclv25y>FGl@{O_I#77*)^C!iVm+}p zCafgiO27hwP~d`{*%C<;qVM9D<4y}>HbgbzJa_e^_C4cw=C##KX#l}#@kl?r$vji| zX)646>P4Gioi%U<0$YL()f{xmZ~7RVVR)%jT1RFO4V21V7J1@}XQ#m5a3^b@lW_uD zi#Cos>9&CXE?M5-dc!iznBn)3VBW*b5IOV~hX8F=W!yrqnxxSbt#tmmP*N?@pthNU z&a>udu0lY!<>eVYlH9~{DMI}&sv6jTBgVF_^=hr%7M49!Efuy zFXf27TFVIN?GSh>kn9Xmaam(ZIo-pqJZA|#K(zYDv}Pvov?{#`9@Jpe&=0OWvRq_!#~(vW;X-3Sojo zFAX=^qf~VwuJ@Gv;^b@3vIM@3ay2lN*D0@P?K1r>_S&FYP}tTs zzT@(iMhkGW8wSv{2PI8MRMyR61~_?ssL{-j6Th5}4X>;~5_?>!5LP;)AY@e+J_GY( z;U!?2 z2EJo1a_z$*EF0ApGg6T=o7t(2hkvQXX+4AZG>wor?;W6-2;a*+LCh^y) z5>stNVa5rBi!;?TjM>J_2FItvT#+F+5p4UpHFA`A zeaYL+$xJoll`}q`K#ez@^5Cp?p-?j1?w{rR%j>@24+Gy{*pSif)3ar87zgeVM?`Oj zB$3d(N}Zn`iyrZdr##L5Kb{8VcO6K7p2hh16lc2o113t6vG34oxVdor+Q`ki+}sjX zO-jh063`@41r-wd^JCc^Z9htsh5lw(gA~Wkt02-1s@4hvp`v`Ct)~Dj3zz z@Qy4)BP#{b^Y@)p25MJm8IqbW;qUaFZPfdTni>1UTl>Q`92FzEw%QA~1;ULD(qj$4 zU=O{);-Z6i6CNK_!pepdr4p&KFARylby>hF7t7fdt;9GGdcVT3+Z25$O|TWJ{+t(%CDo6z+IfB z+2rAfSB^k}pk$Ek%ox>z;Y;*f7r@udlogFOv9W7H{#7^C7E>V8 z&UCVgv1Jw<>k|7>L30a{nI3p7wLP>s>|~*Ns#uxm*JKx;P``X#)Ux!giYAa6Hhan= z)IcNuz8_J2CL@>0u*xqrfH^NUvj8V@HMyi@qc0W=hm1f>_D^Ugxv%wB09quCRVmcO z+sGuQNEvNCubuBkqOC`fW{ZR-ki2F^&b7Jr-zdfXCFd)*SYeu9fK5YRpR%3bYg2*O z5T1S)^NJ_Tvc|WW$|7$#=hT`X{F9L+UOCL37qOG2-crGl@^lBzPmINlMa z@m_o;1ebnHUmm+3H0fU2@=o%WV>Ve-0-7(}F2+Xzce;YlZU8~C^(BuDUS1PKL&G^m zkv!~D_eAn-2v34xEOT0h*DqQh_`{tR3Px&2@hA@zu#-KG2)0FL2N7Iu;X;Nk_@EPf z5SN=x;nbVY(5dJv+GN>Bfp?3N`&L7FxlIt(IJ)<$JZLU9rvZM}_P63CfJ;s=>D2pP z+zvoisT|q0?y?fVH%KX^my*C#?`WW8^f*8n;&vc77$4J!3TLChKqBM=;OzDsUc3V> zY)v_$263@UZs=%Mj2;g+{?iqQ!_+M{NWX^3!)TMy#GxBtiIJ~fPfEBjde3Ipq85m- zT`g3|GT$@^cp47586G}+mDh8>xC_@SIA8Jzqgu=H;<5{l6dp!pGX?FHVY@qLXgh%%NEz>%wZPq-gxk@A*o*Sx> zh{l3u#%CsI2RH29y1AgzxqI43^!VNuyt!v-Bbo0jXhnYw+cpB)v?ui2zMMX31Pzob zmm5%Yj9?`JwChtBW^rP<$t0W<8p8sE_*aKOrLpcj{9<(eUpL506=sq{orNNUm8nq& zpsEZ$>&&*L(p5xX{?66RAU3k4{`WxhT3l)Z1e-aHyR(VY6ja#R4JpGPUkn^!W?KnJ zbaNHT1>KwJB!4rxl3;geSGgqpUhY2PWA`4gP6V)WoT2erfZ#%CX0$xuxCE`Ng%v0LiI2g`w0reI&rQ zH?Cp?-xefC*hcc{on;7Z6GkB+Mr1#d9>(r~R0=Dc0_3{N+$F5Z%R=ncaflKgyV3Q( zaDlrM#WQT_X(2a_AMvG~Vp`@0J&uo8zDVa@W0p`WKHs1#5EDv9@Kg%`IX8#^jUKym z11v=|n0P!MYMob8Sxy9aoM9kb$;VC#l0v6xUywUw)0Pi>6Vi>uLr=r_93+WcIHBV!@#( zbC^FuqNI@{sGe@zX~}a05i!&dkLj;^MB--wCgU$ z{K-Pt(ZH-h@turRtbe80q}I+O<`AcuK3gnB?^3}7ndFOHA=w>5DKG-PFg>qaA|ok0 zM(HH5*OGE&e*0mySRZNwc}DMD63ut^9llU?P8AfKVJS)Ox5tKS)aG}VrQMe5-l?>D zZh2k5MrjB>_eYnr*Ws=o)Vuc&H=zsWQgu=FqkR0{^%Fv`*C+~SE>l+LZ9k+3(M^D+ zT*L}4`}5MKZWmL%`!UdW_mFh+afO|w3hTS zVV~??8AZyt%zqI!L@{73?5g1&qYXzBWAYFefLA8KKj>sqG~>h>eZ0eAdhw8WZU-^c zdf%;A2V34}7vIT&;kaT12Ts*XFE>7H$Mu&YY0y-Hvcx_BNP><%zEiGctN z2ey}Ctftm+7h+RQs6VuS=TglH<*wIUNF_}SZ|&=g;vw`}q$cGT#$|Y*3t0ar_`Sou znweG2CPRU{tbf=&ec1Q_b}$dbovte;OeczQUT%%H+N(JkRRDI1`NG#)-Zq3zF2@t- z=^<6{9^C-f?Oq7;M0qfVYtyZ6nOsDsus<4E3b=)}B+}?!6z{)#G>7^yjJ&b@7#SYB zKTDqpHRD)%o@t=<4!}U|z`U$*AW3YjWNv9cbr#Dp`*auciU5TeRfLcX6khQDN%l~( z1vQ1IJ^~BlHzckjy7)?6O-*H7R z`qn7U%}64(e|;-xN4PGW`{@>Cw!5X0TZ*CpW_%r+f60z#{~>*TrAu+`55Ff5&Ht~6 z6u{~z@ggPvv47N8l+>5gONvZ&K8@LXK?df%B#&AT+2IlH5UovQga{-}z6sPnOmbBJ zeC7$0rnW;L5~I(dut2`&<7K<`OA<`!S4Y&7h`0)Esl2gvvfnEB{Rz|seV>P zBOtxhV}9$J+QKFQ{P=a}PVT3ybo(1F@n=F*!xo(yBgqkxE??igmSh)yN9Dqhj_*cB!fnY&&QNVW4KB4iUlCPJAR!A9X3-crUuRf`ofuwkDOUz25sce8JcjXghYPM zyHqtnQhc|*H3U;B2^Z#{&QI_=qag}mXrsbmcYkEvpJAzjo3^S z8b#38y=hWDjg4JZhB$j~iKK7&-uaStUQ_oqpQYgyWfjC$)9WOqM3 zN@Hw%ucmno>yb^^-GHQ}kQ!2ORizs?TOrQrhIuu*}AY@<%PB0b@n=|EJ~9UD!o zS3*}Np~Rm)vTNsY&X@@?(YIY7Qyd&hq2!+lWTvnludKNiD#1;K#sK_FZ{(nIiauPC zEHy2?>E9O^zF!S6`+luz%4i5Wk?IhK1}xBO`iLsteIe0ZSWOk^xGkhsFdppWAAwI6 z`yj;GQ_84#fCoD{UWuJzlAA84&gJEi-sc0v*RzK=0-D&VrQv6?awA4gQv7$Cg`@cw zT0*X^QhtU{pZD=)ph>Rr;{AT$fYG7W(?kIOinzxn_Q8w>%cFBkJ?FZ|q_-yF^TM5rRRm98X(4=O+2F+U%i~CVlCY%<%wik_~?0V}%qb z@+wb}bj>z7HOwaZdGP3QogaxQiF8GNzda}reV9U5m(M7ia`;mBAOl`#gV(yJ-sFb` zz0}rq@w=Y11RmtyOQb(0m4Ur}P3=e7J^fHqrMZNMz!pGiIP#*bfg z!9z<(tr3*kPy7XAD89cGW&Xsv|J30(oE$rGC+(iWH48jj9&D$4^Zgw8d#0Ng0S>)r zzw~VHeoqDn&c)n(q3Bw7HhD^D>@?nJ**;=2`lBRJ_`5ZU;&xyv$VfD<*CLwX*3l|D z!A_FY?vT(-<_j50Sw;c{aNiXZQA_EOCE?^hE60ksL-g|3lvr0*CE*3}(lch}@~_RV zKld}$Dy{*)mYTL@1o!!#16l}Tfumd38FpQWDv&E9Mk_ds+L& zFDtOw6~|AvkkT{4a%q8rl50f?S3koTBBo`?kVvB;pd-H3sD?HyRF1pc@bvr$nFI%i zV4B;@^3s3EH%U#kM)GdG%|AAA!<^#$lxbv#H$jmad11E$@iSc|Xx;gfK?HlU8@Ss- zZ{^-gqkMnKblqdD7UdDLDg}u`=t$jS(_)i#*+F#E-CCj?t_Ic``1rvf{j#(-`(IL4 zX&C-5h}WTwV*I&&Ya;1lH;0R$9V3{&k%oYTBbnCQ0GACu#O~N%%TBlI?lYVgrsme( zPsh$*s~-%$<2v|Gai7v19^9S&466^h{~(Kac7XBW4|(T z@e5ZZW(EYWpw_2kIfvMS$AV8+-@Vs2rZm%P=}DN5_T!UHm+)mcc}C{X4nM{=p%2-n zlK(#4w-P~fia=51-}YbZ2Jx|?<+A8K;MpUSy!*+oX{;HeO}ujv0^?=foei2NmmxHD zakC8N12P^5*rGl;48NKRK_uSgO#EB4Z!|dD!#IJj+QHV3V?BnAk2hA1Omp^(&6w8uqqv&Ua4w9yC@)&f z_3M1)12S8KTx~Qq;8H@4eu{PXF3xI_I*&jI!1W0Ls{XmbCK;MiQ>=cXusQ%Epk-ug z-YF04<#71-hfJ<9$qNvjoF>54!!Ye`4rti$Mu_Hj%B8@)Xxr8b$F6{N#4+`Y8`$e0 zkT5{<{CeskwmWf4xg9Yy%yCvcZT`kOPyk9f9k&Hq{5I385p@J5Uw79%SN~_nu7Z2c zK2p>;Sq`883oivVNOT}^u}2`!dzsKK?Z~_~nxO%ppBh6iLp{}jd$dlXk!L5*q~NoE zP;h^&0UG=z5@4z9YNluCMEMj=MTi}3Y95GhLs^7`R ziZDaVdGl_u%5rLC;5q0lw9H0px`LE*$)HaR^bDGBz%#m~2Y+AS<26hjX0!&}^Kc1f zSk=Q6iP;=F7!GkR3tDdRoY^RY=o5AXPhQm|Ry&kw3K4t-h4Z46{WEpt^T-Ff=e964 zh=CZATD)UgH;QipH8!c$QYp;rDvWBJ&?T1pmm`eAW|1B!2_xH-3gJ6t5)D5R$$0O^ zu)V+gyFVYd>4n_+u|qECs}W?#MS1S9ta9ef#h#ChJEcN(vN?Vv)am^#&p%(eNQYrm zsA_mjMW|K5valWyXmBUhNF8Dvp8nKmRiJvucbUT%9FLDZp5?qgFx!Z$fsp7CY4cwF z@89Yu)Fjiu!#3hd|JbN&-Q5x?s#*!JlC9_T6ekJ!{!?24Jfs`Ls?c5_eESU(&Krkk zV8~om=+tt34vive5;mH?fvZ|%=?WT;J6e)#KM-#vk;1}fOXPWVj6%`-=SBKVr!joJ z|94eq?kc3m3k^OJG<$PdHEl6~MB&7~G%luJL+e&EtAfrUrLFNX8ij~VIcBcTU{jHd zQ7~v@U#1{yO1$4SCI%m?g!Akul*iTfKQ39J|8wEk`%F!X^Nk?WwpAZiGQ$!JeR~>) zd$a})mY-n;Qt3!2$z?wH&uOpSGX8tOH-08`VT*BSxomFcpK@~#WPOuVLz>=o@8L$S zq))K9enQQ$+oL|G;|mD6T?GkUAL~D$2++@vo^SGJsxLADZ(5jEWCZ{NZwEJL)(+d) z7e)IY4Mpn-#gLF0J|=W`jkLmWrD&WSfok6_)BuFjxv|u6qX2P8F#~^mr(xa+!fPMM zx>niW_r#2d7VmFkkW;(Z4im8>W)bU>Ji+!!tO|Chy#R(N<9}+17M#YaU=)WY%`R&~ z#FQP@naP~7rngLIuV8X0K77|hY2V}do4uP2QAgnM?1eM$sT*qTt}oI&&z&q| zVm>_9JIXUQgGM#t$p>_Y6cE#W#_EmRWdN@&L9Oc|k^J4l_68hiy)$TP0cQfK{eATUHb~UR>ZZop+k*@X#z@(?ZffF;a}Q) zel>QL;=VXoN_5($uBWuv*jX%vj`-zIRB~0Ya9BDF`tmaoc=M`!>qI7i!ZZW~0ivV# z?0Xs9>^X>&c9I#f`GwD8a7+1=4R-!skn6b5IJdO0Uv*1&@$G|Z9RI2dpF3+Sm~A30 z=Ltnq>QltvWJ5U#{OCLFztHF`ymuk@L@ebm_56{|<1GGowzXu(bI>M*a-B7)hW}Cu z$C#l_o=KQA^dqHmDD0?Yr<0#gJN+w|K&WIW~1|;|V zFR|_4XpI^MX)h9#HZJ!l5Rk>e)qz1reoDjDAaP|Hr}!@C64#q5H7YnxYmp|+eHi#! z9k%rz1lp(I;sZ$wBu3M{&|!6hS5I+85?>zndh+H{L{Gmyh>@GUBw1-nJTyI=bRFCL z6*iEAKjhD-ZM-BxJ#gsbR;4~0WdMbywI)uai|_8}rqrK~mEEfpklf)wrD5v8VtY9z zSZ8<6Mb{c!d?l;9g|=FcuYV}d;$Ia-;gUBwN4{haFFaJ@dG2QqW! zWUd!@gb_I<&z%V&*S%ine{4Q}#`&?;bhg$0^mtQToN@t^4aFCOa_crRtt}0IUD%8j zdLWDq{2~o_3`oawVp8O^-r4HKcB$a9d;dt-L}Bs zA<(GEw0=tZ`Zye#hrO%^_xzwqoWK#44cLHu37!hJ zEB0DTUj4P!w;|GW6R{F`n|erp6Z&(~D#WEf3@W)kY-VlWI}O&aolHhG!wC1SRfCJWZ|W-t^EDYnt_U{~VUnJKCDRQZo{->5_>;sRS@l_}&z>=A7ZWIi-m;1ASy98=koX^oh#~Z1C*-6_iAVIFF=Z+USp#uV$En(#zPz1X8+^&0HK>ck&E* z``2?XyNt4Vcpk$h*(yz=d}z5=F=1mQ{lNrz9lh6N#4jl_J%W|Z z4d^Fs&$J{gMn--0QY~0RU<6;_&&C~S*lTnR6G5dXoxZCf_+>7Vh`ZEDIae+N4wmfR zi9hmKetNp%7>}M0vI6j54ARgOI2@F(dNK>CGoRn!Apb&c3bb*%j94n(kKKJ;5u$wp z1p7klDoe=PcZn*juGL@{x@l`SKB8{(i@z7%MW4f4;%829w{jopAdv?-QuZS|$P6dw z`|1kT#VM{Yg{y?OdO$<=XJH|zV-WGNJKrBV`nX};I?7kd(+tzf3@U9e0VGj>G*uP6 z7gxW)yM@d`Rn}xqjuZ+F#X%kILE)b(b7HWEXn)~+lvN_m4C|_IE{75Xa=4kCHM}%` zQSzI1=gXba#M5=;VW|5dKh4K)JyPJ5*hcX5=P#mReeYzdL% zx-4E6y>k|m|4aWE&AESO1KeHxcw*Z6CnAI&WnixG1I?4CmqP_I-v15TNrCjAKDcM^ zIiJM(Y#GOLh5wC~C7EZ+OG*D{N7|JaE}i&DD!z1d{m)?dzx*U)KBbp+%BU#EKq=4w z45a+`GA2X41E0iD59|4OY|qXS5nDQpp14|o6#KPRbI-z<0&z{{pj;0vXsN#X9uOJW z9RIZ&XIC4yoCVb9xljAhVAVGj4v6n!y!W7HRi#Iz>!3L!!hV&`Q*Cp!`VC%5^+|V?R6?rkIEPD}3>i=^_1SvY!uuU$|6GtC=Omh0l6C zgF}G;&>alZe2DFm&{#^W!GlBu?G?7`-FXZ+@)8j|hz7#bb}(KKY$>F2=bopW5G1nr zo-CvF;Ao25zlCS?UL9sJaJbw|iM*n6L0F_lmyeBrlaKh5PBE_)=j8zZ?3^$!5nk^Q zLVZt@wq%e{i>q+E{@?(wDHO-4`iV#Y}$!T!WnEJzk%{0_4#6H z%izAO-Kr2o7t6{=E!t$JF+8*;O^N*ul6nyY>nQ0Z#=o^_OX-f-@^>><3zK=NU1ovH zAt76&nH7LO520W688zno)*O3X_RdZF&ZnLru9Mw8uw{yeRkD|nZC{qp5*Y_UlwT}< z81H)jTC)~5{NMDneIl4t!ZxX5x+MsZjO7CPDH-LM&LA*JW;^Tx$}P{<9DNjN>I`_I zwmbW!?0J>W1q_$_19_;9Y{Aim06jp$zku&YqV?uC`x`&=ih3c0q6?my%dAbRYeyCJ zz1Ua$ff`2l(~$BZVT(0QeQzvtVStrDN6AYcrm?VI+IR?c_>H*T;X=9LVAnZjfOFu) zsh`PkHme9c&X$8Y{`&v$a!km%tWptIu~!Sfe=eokAhz3+?rNJDmT#& zdDyn}ntxiox6%9(D26otEKj1^&q9AJ`_?WF+@!;y%4j0szZ5o5T3GbUBvsMMjtj1U zN&rt9`$6i1+Fb-e*mf7srXXA97V2yBX;%l?(Kq4e7nA_Xldbe+5-HWp^FMz9bsPf7 zn8}fPjDkd+69R~Zu{j>ob=r8-Vis2u}|s>-gM)^6#|}^ zKz6hHD5BKLU*uutN*pQDxKRO`a*O_2wJx?zFs;K>$Q-ZVO#8NzS?##UL=DSVt;x%NVu0gffS-xuHVpaF?+;xx zRK1w&;l7r1p2kQt_xWNY#DEo^iHZThNmw;jyEd?NzSz)|%WXNmZx;}D5(v#mFBL8$ zP9z@0Iw)Lp{IOs37gqmJ9^rBv|KuKq*|h`V!t5>?&GbKnbI~lu~*>C%wCzCiR=}4y2(MVEU=e91ukfLMk~H1^?@tP#hC=7Bcu#jz9`e$10S%p%JFwp*!GqXeM1M~> zAs4yg+-K7^WMuBTr7UVow#Y%s693?Lq0r!r&!akndcl`mItBOE$T4GUq-a6FSBeoC zgwtb;JiIe`iqwwy(rqjOiZ}+qf{`I?v6H zwJr*Z5#Rj8vHjW1XiJ%IDKz{v2`ZyES&z#%1Ab`sUzR#-FUQsszm%=?8;ur(dFv?? zBy>@hE_X`%i3j;jdKt`GVu(#iN=VpgFai9Ac{b;zNE98Wl+*M~*TD{Y*AE=`Mpc|kP)0i1YtyahiYR;O? zPlkyR?=LJY$?%hWg;I1Fc?@gxjYHcHu$2-SBj>Z?ghWEZTl|~*f!1E`U528vVMz-; znXl3PqMt-grfGUF!BPD;;T?t|EBCbHM=8g;GCwbtse-(Imd*?+k8EjjsVw{`elf)x zt+m0TUuRb7yNC=#6j0g7D+jpkZOxLiw9z#9PS#T03?)$wQ~G6%1ZKhEXLnA}QpIvd zflVDQpsNDW_aLF1U5_bI6s?knjX)^hKiTg22B=7I1+1+&wEO0piX-tKWHTf zMC)Y8mVH%reYH^3{}jIm9^GMc5nFq_2-O?DO!uI&L=&uZc2TLFhPCWJSuS*T`0g zGWw!qq_pM2Xe3nN2b#eZ+=$vRVDczi0cbb_B55$MXkiTQ() zRkgeRvTMBzv~wo01I8|rz&I`-nswYPz*o&T?pNlA+4dG?Ex_5Ryj-)XlgzFrv2f7j z(rA(siKP#H8S6A7@57*h*vjO@!&6+nxQ!P}n7X(HLkK;`k%H|etXNhloyixCJD)%| zSpOARjUGSHRg=*ZY~-_12!z}%61-B! zA*l$}PQyaxU_k7;0ZUApk;DwX8MTt#4}C0My|VBiW$!O1aJUL?1(Ug9y|`d?V_Md>+P`GEBsoX zeur9S{|3x$NIUp^81<)jfe|!GRv~-^eeK7z{Gn!FddUzYOqWmS-ZI<>Lh18TttR4q zoDs!Zcco~G#wdm!oU%E>I;5t}J|Qs-LAMX^6*kx6t7HkB@XuC6~E*7LN*K~S{?yM`Q3J=J?nN~ z2W=wII^~(H&Zwbu`kAy<-aVD-y|bjVY4YL zWN-8wM3T~QGI?bCwWv^sZXe%9Gy1?)Y|i@Depb3CNr97OSi*X2t=^}A@uMh$!5Gsu z7uzs3>l@J_$!YRpJZ6Mx#K8?mevj(@?6UI@d(PIrE+O2G!r4$`raCi3cI>{ z(K^k^uq2W1VL3GIfw>!lP;8?hz|!j!hih-8czQSAApo!8?z6FM2WO}XyNPM@^RSe#oWFnHYf!O~# z+o)FMXeY6_hadj14}zaCo_oLS-=+^7;zo8jFx}T{gno>To^PngygMdTKQjkISVQr( z-8{HAcwc5tteUDdrZeqt_xx^oZI5(TrcXRFIrI6PuV7RUd!L_V^joXs(KpIkLNzpJ5MCN(e9*ZP9eD2lzG%j8>(k)KVsKZBBU^fadYe+H6f-B14!U_~A z!MaMFIFtu~v=^IeopdC$nbR`vP6@44)Z|3({cc^py4cjmqs73YMMm5K-YNw_krW4& zVv0Kf1n*DSF-Rfy4-sjk;Zi-f$8;t^?}+sMGD3Tc_9l12Jt^Q zI*zmxafeM9F$zFQ&cWcq*mxQAVRkuKg6I0Rji<d@P8Tj z7<$|J7<-%f*ndCz*m{53X!3slE7Fx*UUa-3y^mz>ct71-eB4cVzgBp^-*~^==)AvV zemrfwzb<@S9e97}c)zc7d_3`eJY;^nf4swVTU8H{r&|6$m|D>#P*|Zi`lcC}LpInw z(4>$>R>eKAq=Y_BXej8RFE6YcdOogSbuRZpze~v^e7Mt4Ok8n+Q4W>pEhGLq;fyp> z3o53GC53J2Ae17IH!sPd+}1hl^F0p9$uliDd-6giGmAZk8LAG?lfZw@FwiI{81&9g z9KBT(0+j%0ssWeYFp*pe0^yM-PPln+50wgiJeoTV#oztJrYT*;iJ8g6Xsiem2HSzR_WkeKI z{xRu_lIl-_8L4*y7)L_6q0#}!dxX4rPy(Af%VsMeD-v1x@s0DS&xS|mzYEH4I%gei z1;CVM<~GpC&PaQ%dXTN$J52CV^c3PDNhGG(BXhtIR`dU-Nq2nYnqyze^Vg*N4*%Dr zGj|gR_}8Qh``4s%ELHOJaSOmB-x8}=hY%q`^hhg5JDZW_^sKfxz}C?mxogas>hd_v7*kl;iDEt? z0Ch!tS`uZsF<~9Ett5iv`G&rR3P0q~q?BcEcT68{MG*9q zS~Aok{|b34d87A70NrgjwFNY(S2Rp1Y1hGw<~-(PkW5rr(!R*0fflOQL`eu>=txxX zcDEyxjGod<4a?^j?o~#=fYF*fC|F3PY+foh#!~HHk`6=q5ttabQEh(RY44qzSctCn zUUDiX-_y(^4=4JA((P&XACfNfasUk(G6~yK5rmA})hxj?c{-v1FRG;Kg(f8 zDhTq!WU*2*j9!o~+MFo)1ge>gLMDGE;g?L(R}^|6BGaKM=z`aZ^MaBdzWzZEC*l^C zf2mdRBP2B&Ql7cylNf~d7ur{1tDa86%?f2Ftv$=WJYH%T&xQ6N81RxOjc#Y{j@-lx z-Qq(as=^*Umf-8Yt7QhchNyrcx^4?}AWSQg(+a*RF$|)46paP0{@EFsG&Hj}gf!T- z-(QoiU-_>|r$V|_BR;q9c#KIPZ1Kg=2Nl{`854B3CEtTZJ*gqML$0Y^!|YfHKMm~a zEqY@!Ja|wOl)vQ#)y8tq#pXv*5O{cTennA}t0Jl``BP!eo*PI)d{vgVLzc_sUBEbL z5%yP-d&^<_{3On9W-tGbDeY?fum;blX3^p@;h0ZHE#56$8FD_S?0)z^C2PD=>qR>Hd2#p$!Au@Y@Wz1A6z&K3U%)}N38?`%8{jHG*nIp;t*?mJ$*C0)+Xv#NFbrZ?8rl9 zD_L=Q08xU@+NR{h#6Ufs+`-LfG*ecV()gnIqLRzxjAV}LfQooCj;b{9dt#@vrekCI zq(k)LkEgv<-v?m9pR?D=RsQ-bXyq&VQF-~rnmpp{&GjIAk{Yk$ zc<%Ci)u_a@%;18fKdmr1`WK{=r;rOL>ptb=4+kKrtn~2;g_z@fY5%J7)Qf8Wtt26+ zSRtuWAGRZXk4m7;Lnz%O{)7e*(RBd3(9IS9? zw`;lMO{h_Txf*LtNN&swcF_Rjtp_I~Ng)6Vw+u^ds@^vYV-)+hb^C!EubF;HV*SBS zL^yhcf~5TlYf**s%J7XoRGrK7x@ROZYWil5uGZIxFF!^~ELDw6f%HVUoZxFX`!U_8 z!Gw3Hr7gVV&e(xOrg>t0GAnHnkkTu6MBF(HG7w%w*iH9g5%_9^HuEEgJb+@~4lQ{! ziWIm}$PRElccu6qvue9q)9}#A3cl|Xk>}6`($J~cBem@3GFbCNoq=~#eYCYjzmv5& z1vVGM$uMrwr9Qw_Accq1eE-_9 z=cah5##pne_pus}9F0%OWZbe94@xnfG@_@O5gmvlw4w>Dw`>@=&lwsd(o{{R_^5k{ z?Yyopf42rz;=XhLb&7HzmZ zP29ZnHK3=RPEFZ4e<9s6Wnf8%omWp59lF%O`{X~179+O6A1uHye`I-c7f@3-0BFU( zj(DyUsAd#ikmHHL6#|m~vUB)oU4g&s@ma?0A^f^H)`*b?rl#R7^oEXw9m76U>60FS z&oJ9G9!x2WllPp;~-sHh`1Q;@%gjwmHJZJDG@ zD9d)4&0!6azbMHYa@Fd9vypvF=oXj26S}D4C6{-5?^j&IYA^H!Pw(Hx2ch)c{}a~G|AC^q^E4I%$30h$00v? zN;sAoWR3j&>nChcz~ z5(#()JRLMk$IYj8W#*ns@r2=O-}9CG2M1njiuxQ~l$!-sJATr)oPFcAf6zIWhJ_;8 zzv$c<^S+%lwIK(cdq|*@@lIvmPTHdO)cYr&eoHB8P8t7iDE;_=8 zd>}lFHbiXI0)5p$#mq*y`C0EF&!xZtDS%4P?pt^O_37SEbn(_oWB7VRSYYJXIxB5ySMS?52vAN_5gD9M z^?Kaq75~>azs_gF;CAqR^56X~&M-GM?$u?q>cQY?ktbC+6O75m$pe;nNL{pG_HgaH;Vf+490F8!n)vU2%JT`WK({BmbH8*C*h9V^sW3xj( zyK{6T{R>Qu#HHc_l^o?aOheoEhwNnJP&TMmecMT)N1 zeFlQmQjl@cW!xoFSC3IY6s5Q)q^k9#KabTL$Cqr+MMy^3s%JoEI{fagz9d&DssMmXjir*TI}9nQBzbA{Qs3)E^+&mblIn8Y2akv~ z?MLj8SNzAK!!gOz*!A&jK7Oc*rw8oauReqDP)eT`BUOm`tP=+wH(ba6=c zai$nJ!OO#yxRR9EKJABruyoU9SZaEWc}R5c`C8U`?a&_W@n+zZRV`f9IEMIYEXn!!9xnI$yGYL`E*J3sw_9tsy0gbj;cOd>_Q+ z_TPf8uBOT>qb|>p_{ne2&djT4% zva~w4O*3ai?k`-98L4H8@PWKbXfJUj{$>Ri;#Ph<^r@6-PQ}R#o_0&%Zd0tvlUou9HC!&!#x`|ZfB`(&Q+X06&oPx|<6`_}xDy0Ol z5mGK6{m3{hF}R7UBHncG+E?>aPuHnK5wgB-`A`6(IRwoTB#B*%MrX!_o8Qiqu3lEB zw{60~hlw=NgVoWlPxmZCz}BDgpE8K^UI2T6`D?rl?RxAedSbc9C5I`v(S4U8=j{K` zbi6XQDZXLFx#_H0sYZ6#`Bk4{+|3P+%YYejBbIiD)PtyZ+gvqQYz zNS6;>Cl8A040H_Im2U85=F$cg3jd?kc~=1n$(e2PObjZ3&r4LB6-pBP-Y!3_)z~gp z9x5S%W1#^0^g8%>5~W5u30do=JPFmIGLCVLlgQ?GS<}DSzYT&4vvB6F7rus| zyLL%la~DDxDbU;K?hhZ$nzuAT5qpn_eir}5(>GuYCguBk4CYtKd(bCc@aVj{>|*xY z?m-$o?sVLH+yk%oVy-)bj>DjQ_s=8?ED#uR2z}u3ozqoa!$(baq4rUFoOn4sUpkWd z?F+>1P<4mKE&0WxKZ643(MZ(p7E;+Mh$VhtQJ>?v@>$?vg_yd}b zpRmEPl%-uMj$BbU_m>J1Po=nhyurS<%PrYUNKCsK(8O1#7O--C+s zP<}GkU187?UqOFMF@0Rq&s74P5ygr3QcKA)WJROoHH;$Zmu&pG+EXH8R*TK9Q!5`& z=8Kctkv+0xy81I;4=Q@ijkNM8yHO46eIx5~3G9AK0vQeRl(Yx#hUkOcodhk0$b2j5 ztYLjZ{z|q@2y-ynQDd);n~$dBVZR#Z!t_@hH<{I$r>9zUq23i02j3?J(6t+B{U=6a z{)5OZBI8LZu{air&tm{nZuAMEfkkzW2;O{mD!fGwVTEq+BPbAO1CX-A5i|Vsvrp{# zbsl~At2(^{j@o!#gHeNjU@x^5LZ&Q#$Jq5U5p#50YKeKXUaTyHgik)5M2deHC96e1 zsdb3^(0%XSo@O1fh5*<46z~V>e~^$D$JAJT|Kc!KtsGT&pma;gpO5!; zq1*IxXxi&sNlaCFBp-r47rGFUqW~VJY;S;l1QSB)*y%7pbY7>jQh9AM<4_`YYZkd8=usM0>?_(Y7Gg7bo zOUo$DHZ;``C@@ezXN34!Nv2t|xt-OjQV_PB2HYyScTVw@MW(cM+ZEo38SiO0Zo`S! z3kHz7u#W%b#;I*rr!;XfXYPUk0>nL+6^EsT^qvh+^A*f~OfDyqcevt3Mji?}5ocEi z&V5rp>$-^Z9%>a3sMmBNM6h)pJF+Uqb12RNa=;^;7>;U?Ni`XS}AA1k}2|(;?E+Vq>ECTYR%g|KC&v~FqVcekF zo00pcCvMh7FhvMyXa?`~Zb(R%ep}~v%iS&gT}!$(5|RoUCor)LK!lKsdoXFhlc<-h z1#tslgkWtEn2!!>LXO0%xu$rz*i62Hl(e_ytAtp*D<)#T{^ZO6w zx}PCfRk_NKda)@(>da|BMcci{27fP`cRt~3zdd0ad->(-nzag{ZcBkQ9P2;0r`cHn zBcBBaDhK;?OUcHOT&GxEC6sLA2C`Inbs^U0tBT6D zO`z(<_6;I6h^{~W{}4MUB-ylqZ28meCBz8|AQg1E&w&9+(Hdpn1T6(AW+5qV#Zs0V z?!Sm#!e;B~(c9J-GZW;05WC{!&b&6E@w~)%BgcObI|359?*AfoS*r#(`iTN5m?R7e zvLuOV%H`Y<1FR?g2UDy;HG-Q~$|2o>#s4671;76yc4o2$l>Z=h>e*2LLF|r68L<9E z>{6EhMeKaX#k{Qe@HNJ?O(ZCKSF0UY$XPd`Zl-Jr@gF#9h3Ie`%nwCBJRB2dLVC0# z7`F4K_W)l#Vsd1)hNz2-$~K)j+73kI*Z5yJ;#(_gjj&5;{c)STEp}hXB3iNZet=`I z4SA~2Z*X=_7|`y5@)hd|EwWH^?q}^~BA^c(=iG2bM|dw1ZU&2!`}zVY$vD@nbBss1 z#*VO|{klYfH?8_m{c^OR*Rx}ep9->|K!b0jBTZP3 z+d~T|#>^*seS?ee}%fdIy`Vzk{*b4n>3mECml{29pQ6w9tz03H1 z-gB@Hgge+P6zPvk>Ny3x4qVYn&_o%~ZD*@MWDHODriWe~B2}$cL72wHr0(x}tdezy zFZ#Jn#8srr30LC3E`K348q%?8o#^8bP~0zre=?`&!MjeFs2ivuv9;@P?tx^#sz-Uj zY{b)yw$(=_4;Uvd)%r~sRov*WIb;j5QG>4S{FaGZJy8*{3dDI@j-yz}c(oQt0{IWH zal=(>F7uaj8PDaTw|gmP;O9z#UqbzFzK$C~Ew!A&vGg=UMgRbV>M&Xe#?uvm1p4W2q#v}C4a2OR3r>92d0(rgv_Q-BFp=vV1nd-yLEH_ z+pVkpT6_AhTj#cv@-6)An8(+~I?``B=|s*>bE640!|y!BjGwT}-~Nkrq?%Kz9K<&1 z7`27C&umEkW*j#~%w77_zV+Eq#7UY5>orZ==*7?L%}Y@ZVDu3YjGpy*7B$t(e)j-m zH0EI3bd^VUz@gD0e)Ks^>1qZ0IF^CTp&7nB3n4S-w|k>azH34*Af z`FJZ3R$aH2yU-kLYp)rN%Cw^_6SA^FJD_1!_FzW-(GQtl!CvUSye**cc0 z!}jx3z*Cgv)r}_)2aPZJcg;sj38cIdSBX z%_~#_N>XX~;8KjHrZYs9@cCcwcN@$MTM-v7aG#VB>(>pRsut$|^ddf18c9adhzZcw zK{}xRm!tZo%7f9qf7lL-xT6nMQOI$>#3zOPSmuO5Dlj?Nl#Iv=c2bFN9$X_>86F9u zqBJBrfhVe>+KIR{P#uclu?bP@cB86$r_sQfG^9_)`kM9R^3zJKQh?(RiJ2em)k-{q zP${PmAvV8aQ5u7l4=|=dOb3mvVCo?x?(Xs!6a60dgx>Zt^)BAJ&t2Ez`=OFk=&%Q- zt-%N60<kvww|F3U-6#8n5(bCQtdBg8jcHZnXJ=9Ag{dNi}&DJ1%HNQEi-}+ zL+%O!$wb#1tT5y-;MXswm9fw%iZm675l~!J?2n+4_|vqkgi!PX(@a^3+HZ7mUM;U<$C}ahXRw5>2gWg5O39ZP}$zB#F%m{Mtuwd zh${e~)o~pB;4CUO6yuSRFko0IJumFtHU@QO{{z=;?C*sAh3n@32V8eevti8~GiMq} zg6^5>_T`;+3Bf}wu9N{rI@v`rP;~@7?Q0IVEah+X%wg4z%snO%3oT^li>SpRaPuGdbuYSREkPZS;5{`MDiDMn7p zJ^7f<+U|M?p#=D}({ETtF*GGgER6KcYHO&fJ#Cs4LH|+Mg}XU2f0Mw4fQ$Le?D?mLg+kQnscBdlK%3;e1c^|lFp6WCY^Dxg61`H zKh|ag&=VC0qai|0!SK`ffXz=7)Em+`@w?%%8X!$Oq6U?hFJXT#3#F~y(_hZ%I2M1c zj;XPI)5GP!dDM3-uI| zL>EXod};P6OmAuq!RM0y=G*NnI?z6T!wiqlEekfWCw}t{I|D0;*v!HI-lQC%6|KBt zM*O0G@N4jiQ;PQ4$v8!Cp-0+Bxc2qaq+xbQ`t0Lv-e0xuXDjuBozOpO9kLFJ+YE99 zaZPkSdB1O&t(?_y3bn~ByVAC+rFhCWNlWL4o=)Whi&?jfGn$$jt;Ir_LNU0F&7m=| z7TyP z!G>x+sWW=HHQLB#=|5^+W?aACrg?0sMm^qhftlPtYMuSRYF+-d9p40BDTbSB#;f_l z!F-&Y+HS7>zTLc9%bGX)*Ddsz0e`+stqj-K%W(^O90~pxeTkVSRC7X7 zq*H%_UVCZjI6!1JjToxk%M+LMHxJ*}2SFGVq^<4nq%<60D{^58vg#Kx`^4Hplr`CH zDt6}-f-luaWZIF8cu(lITg9HiR$X5ruQs1s&uUBPBwgQHg5Qw7eGi~zf;wnfq^n_vGy>jshw zr0D-a>q2CSVRMm7S0DdD>yUV!-q*_~KG)FA{THp{t%K3w$;6E!DLgo!i_dxXpmQNQ zT&eK~OytkPYgvsTn})8+hH!IDaY#%auivMbaBtlN0IV2}2v`jL@Ay~lnFBr6|Dtux z1Fu%-z<<%Y#1`Ilr?`11TsJM`a+=%@IwrX=@rZ}Cv9~c6u{M`+`dofztZL{oQUQEHmMXr0qxyqwPwcJuoYi1Q_7L@+zL6LrCn6BZ6 z!uN$Mqm)y?)j3& z`cOxEqL$Rsl^w^EK|kl3eg2l-00E%Q%+Lup*kHbut6VKJ7oq=OXq{NH!5v?tN+~a! zu9xWQOfdyrt6Tzcm!O-wqCANhP_V1Hr^q4-iu={HF$1-riUf!B%U)O&4@pCA4o60m z9Q!@(k_mD(7l1nD>l71NMhlSr4mT*+J=r6L?8DY#;pann6nmooMOxA`xKuU|p%jv) z^a=IA_W(A@$M6nH?#xJoZOpvM&to#b$rD?d>qR)6+3EP>c^+@7IWn42=^wj3X_AI0 z1Ac5*NrY)%SsTzVR09>EN}HtV(S{Wt0aC1%Pjy+LKWmsyBYketWXsk znJ>zga)nhR(b!qujc=d5sRI>dWLBF@% zxcfxpNecKxm91$rmR2ln347->L%TeUVmZ=n8vwe{#l^FrAm?p3W@9z+5)xFY`xKJ5 z0;1SbA#E-BMVuaA7X2*Wa`fx_G6imf0-ln$mG4Fzx(7ddLYY~Wd3TRM*S~amsVnh zm+4SKZP)0^o+&F~%bCeFLzrr%sHLPV5qhv3}6qL~} zyskZkfHlI58dOAjrYY3qsS#|s*0RqDnis6AaXC%9n>#cLBjDDs5Q=dW&*0gYTj zuhx#hd0Y2y$It>Z_=oqcjM;!VVDW7E;U{oNoKb9Rj@=j@gb&zlQG6xE`kj!VyGLRS3FAZUn#-FxO+c~Lo<2iJ0TG4zD{>W9 z?OrbW0+^E+?T)?7Ddm}L0Fi&Cech>4KmhB;J7g3PZ)9rLj|J4mYkFHQpI9Em8U6E| zIC8%RtHA~xtd#I%NL4|B0)*PQ*<$N2GQ^Mugwu#+BN5Abyv#b~{eA=?$2qh{VdOgm zw>0&S%T5ciIga`EeyP_BQ)XQ2R4x3Obx4Zq;T2aMuBG)Mjre50FyNa1jr(Zt*z{c) zv7PPC%(&PqjjY1W_ds1yGl;wL6m7gepj9O=i;#Bas{5}F}b!>0kU$u^Cgnyugt>CX(hyGWsOZiu=TR%e1(49|M%KZ9YwT?^R zRk^q1OGaW^Kl$ctVY>wqs!dG2U#2lgjyiqL*NTZNsM>;>|H$BTd4FvYB7g|tfQNZ1?D@kHywXy^EqAs9Z!L4KJr4>_4qTApCbSy`Bg%US5R=)i$1Z9WR)PWkD!3GK2$iOg&-O^Uz? zgK2YdO+=|4bW?rO0?@^Q>OYWqJ)SLh-WaTqJu_Zt;T>r|A9SxNw{a-|@U5opUBC^Z z4V1f4+oLYB6597JWv3v1#bXbhV_N+Ni>@tulyCnF^}Rzh45K%@y4%QhE|CAALq=1?}bNz*$`79LxyUm{({v-MJIwX>`2F1#1x{ZgHOET zzNteh4B#zfkK0;c<_-H{jNkB`2B3r6^mC=dZsFtj&Vc0P`_*XM7U$?^r?OmN?3 z-B7901pcaZP`Xvrf7Lnxi4rtx1c6e*Q{fn_aE9~+5juLr_;oa-b_P&z8N1sb zhC4uHG|mJjNCfEGlQoC|X*b@tck~XWqSV0(=MouuzPF2nbXzt(nDY4W;ACX{J=0x= zn0-Z8$0v?MnM^w=cB%!9;d_XOM5RMeHBmX*BWy*|7d$6YTS-M(z{8eod|$e*U(5rb zH{6lg-qHe2E5t;OXG7H|G0*c(F(px>WnV_%v41d;*>VWL&0u} za37-oQapHiolXCBtIc8lpg*o66>5k;PL|;5j10^YaB=`Vhljera=};1c0rkbrqvET zZz%wrromsV<3r6#ZukpNWiN31YYXzy$+bfPMg4p-70KlyF~*=kFh{yPst%HBSpux-!soCiqq~)_U{4ZOF^VAndFG|>IN!ZGG&FR5- z7m|o>l=1!kY9SYV*f@{Xk|sxgsz5@hZzP*k+qU3k5Jysk!E+;+eg}mBUzN7z?iw0k za4V5gIn$aaET?@yMS5nsORjA`JjMp|F&NPBV&bWdzHV(Uf(%&^^|XmO$0UCF9e_bE z_}8r~FP8Z0*0r$yb?c-M(T(6JdF1|2w~koKD)_Hkr!O88ggJ6jHFmRTeUz&$8%5{w zeI(e#^E~i`O;nq`Ggj7fxoZ59zA8S=R!{K&ZboLy`X)Q$CW` z4!}>f==*i@MM_4i=aWgRhh8%FASx<82{8*U2SONnngH~O->|;LD&Xzj%xyvRyw!O3 zsV+utZa9kq`H`lyh{JZyilf8$K4fZi z$0-Wb*8_!wVLy;nA!PLd1Y^v-bEtsptb~9P%haXZ}4coTx_HZP6FP859b~> zC^LSIJtMLXN@CGTkOJx`;|qu&tCk=^^(~of+7YleX~;N^Gm_SeNihTX;WG;r(OMQp z+QnID3B)8Aqnhr$;yTdWpn+alFf;TJqsKZxn<3J%-;!J{F5Zoi<=3DjDJ_w?mwxEl0NyI>=B`n=_VUH_<4cz=Z2opD3rbi zBEciD{ee;k796YB+;z2iTN!>bNx}@Nb#zE0!9RJC@A0)9#%2a=9e4lOpbQu zi=sWZ2ZLsB&+S;vDBu-S?2 z+qxgFEniqFs6Ys|EhIz|E<=A#^o@j!e0J}Iv&Dq=yaj#blve~>iq6KzQ6WW z)*bF&wJtW{SVvHd(rH^-OCJ^>lm0(you|{vyIpSQ!mNMQIyUjI3ZMQ}>%_J+{-f3< z#p&agiyZIf^Lse|RqKe(j?ez8b?E=9bpiNtIo|(At!uHJ8gn$ukmlX)esB#@hf4hq7n0_IX(YDW{wFd^ zfy%A~eoGBI%!}`C0udnfqbjZOtk+_EzlqnT8#pbM;OO62AzbLa^Nz?*!`?Ejy_K5D z$&a1qh{Mg;k`&LMju*8TI8FNHngYft!gxEUsxvfEQ0~fGHnc802tkO1BN}K>c{*S^ z@qsR0UU!~sB#hv18xkuka5|Rd8!Dv5nqmSNeX%0quSd3^Qz#iWb49QH4c^Ru#}w?H zuCJXzTVfLAynp_@e?6_ws?T)E1uRLm;Rl73{5M*+`Ts%dh7|ws_9D<{)l*Oe51jjL z^sNMo`yh9kJfMMbz%d@5ONnJFa((vsevK`z*6-Kh@mho~*%Z~lef<}$8*&f~O`R2= z$@1mLu?2)!+-%%du8lml`ie!4OjNFsF=L7sJl!M#Rp6OC_71I#(q>>92L>&0l{U9NQ>@;GnNWeO2>Gnwk3*EXxQshyFDg{H zT;D4k>a_;DOUm3nWKW^Hz0m*5)d@VJf&Ko&)hYhv>LgY2RC0D1z<;^Ar+>LR$6#62 z8p7gK>#*(KtCicUGUgCnoM8W=uT`_J6V8&?$w8z~t)BZknWUO5E4(vYS@fH1WQw64 zHZ11)Lj+vZg+o|*e4+$VQdWRycyO#@EgK$}h!)g)sNA_=gDaX%D)X;W=kZsmTi5(o zsoVFs$o*miNHek z9l|l)8fO@yCo_qR?0X8)m;t)GtdO`}Z5%Vwwjl7%&u^(;qopMDW}ZBJ-y!vNntSPt zxzqggwm3v^*Y~COsbOsPD9eP^?@w;k+&j8|-yDu_sUzksiDfJv$=XeE48WubUbYk= z?9#j4Zld_#Al=U83+C%Ebgdi=V5ki7Rq=h&(X35^54#$ObcqhDY|q-J>Fj;ie2@}T zU41{g-bpCfYEj~OSDwRQrd?ntK+;jO$5BeVY}lr9~_y2mL38u4c8TZNin@CcL>{KhKiCY=494 z&OZnzZNS95IDL%O=e|ZD|05DcCc@RG)$mn%pl5h?1{1bchS|!U;y)EH^y_%Nqq|sKD1D7_SO{O{LW$3D6 z%IGvvVPG#6Y{UyC+7kIM7&HY!LlWMS0qv$^;dIc4yZ|?4SV-<7BYh_UQ??S- zaeK+8==Wgagz1N{fT!AC?>?0!Tk1-$+oVV{HKPyA+w3w|A40)OV#i>*eN ze)Q)$ko?!wj$t3Y+0 zbvd+f)dPdWcgMmns`LrE%-E|U_PpW{m>tRSWVB(qX}MjhEnXK(7A*L7owiCgEBx2) zloGI=^`IG=bDS)V!`jqs`Gc4MBJ!332I7Hw_*Zq{dCv=!Iym$8eB=|Bca^ z6GpxoXq-+?GLL95hwNL8DI{6uM{v`=O+c!xq))9)2zfUfh?7{NVF7cw)>LK)Uoh~G zk~f^|33d~|s1pwNgrgqn?$keiWBLz8*QZNpc;-Vz<}W4~jYl*Ndj6N9(^m|>zp5qt zOVKTfbvWhDx}S#~x6yu0Hw zEUy11=^VFJAc)kG2GrGya2&b-ICIzM^2yjzHW!q2)VNbaFDAywIqWv};rN$&Z$r>raYVmpJsT zcX*+%a9-W0&cbNTVaRhaR-Yi6f=E6+f)F_KADQm)UzrY##ny<*@k1KS(9p(!nbera z;ksYv@%0wjr0D152Ss*Cn%_fVcB6H*K>>pKy*MD`o z`~T>4OrJ^}a&}S|-Cw6$bbsM7YVrAmL->PGL+U@gN0t|*QLQ_Z+Y+qvGJHvkPzr!( z&F7SMUaP|Y9<6q<|LKS<$boX)6oF6Iz>k&B$~C};0JYk}Q&6qSiWStG*E?e-9tXDm zp-JpSU4Y%wDQ~2};-77XtMf95vmW9_G@Dz)n{gIpK|`3=w+LYwqeCA@$ZWDChN6~J z<1gkug!GfOSr{r}LLBdHQ&~Bw(T*mVdSbhzKgt-bxiE z3zr4HRAX(5-B+khBI}QfU?8j?v;?KHD9&%dppWo2T4Pt?FrL7jsd#LW;v^^Ca(ksX zUxgpRsY3FI3$7sAR_l^j6B{C|FkDd_PVNY8Vu7;#QLXfAU6`gpE)v=o^Qg&PAKWDP zfSts4_l=W(L4RHr@h;E#XtFlZFa8ZML~D2kF{6?zO6A20IG$;9^%N#d+IQ-8HX=~t z| z^xKu1beRR7-KdztS`*&R6S0y3lhJ~n)DDc_J%`|?h$8FW)60to zEYArb7?H+aI-#xMHqRiXy~rg2I2>4Wx_v*~ER&7SfX6 zRr%&N`BQ9eJ>tra(=ypZo1G88@kjO-Bt}164El-ZR4D5Ghpbx??F8|{>uOYI!sZ*jj+FAnisWUl{|LxPjY{onzOCc%i8i^ zG{g7@k;D`xC43(T3*k%D;+M~&LA8@lCbgTNUdjKkD^3!PYxnqbROJ?GFyac+B68-? zr@F%!H_CVNeU-dJth=T#{UturBw!Cd`oM$qO4tjiMy6U-wh&l_AFg;b`oyLwC%()) zyV7aX34@s^RW!*sa*PB@L;0#0d&yR%97dR~QC)B|W7rFu^sJy5Y^U!SSV5C8Ko?Ie zPtVpfo8d=nDIti6i^w%ZjK#7>AkZ{?&zW6{#Uch`k6&z#uunc$7DzBP{BYmw^0Bq{ zZlp_CT;0cXFE;rRk4l%wol-vX`LKqmAZgMKmhpM|{&K*|-lgQ3$BsPNJ)CrEN6GMa z!SZ+4odu<98J-~A-*B_6gI&rZlT;esxZ8wDk~MFiGf#!Ljt(|@M576C6v7wFBQm*d zrf=jD$$~0mibW!Oy5whF+%$ct+aYZ6Da1x*IJ3u7SMcA-Fe4|@06eG2rnd9xb$H~R zWO+mQQLssr{SUfnk<`}y`)1VFTGt!eez~B*5;*MPRJoi8GsSHX5!%FzO&D=P_Iogq z@kInCJ!^X{LPmk*GY?i_cP5-c_iDgW;k%ZP$6$4x@J%aMJs1W?T-Ol|l$|ooIdt`w zVpE_g^=P>5`p*pS>l-FHin__|`bI7_vDfxgDamOATv!5)ouKJxk`6Q&%BiD6F_}b~ zzA(ngpO;oBeN(xcFb{#IjXivQ$-Ur~usjKL7vw!MZ(v@LQ*H(Y4mg20I~FOt=Aei& z&q-D(wu^nR}V%Ub+j%kFUbEQ_S=&+uQ%4hq`CqvWWIM}c5^yz9USF2IFR zWn@bV<()sg37Va(rs5Fq4)A4S|0q=E)Lk7Q^qo)jS9!UCk2=LC?-huHJ$nNwgJGgV zO6p{c<%|!$!nC5UlAAuDCv13l@q3+Q-b+cT@{i%+^U05G9+L5?24#ap9wRUmVh>KX z?r_5NZYor)LlxrM3$k{Kq_-RN=Tz|CVe!->xnBV+Rlnxbotk^OM!iQ)cROHGB|otf!33 zggmPqp1B9_;4>-{d8|d+dm6)gQSm^{@&|2nvfR{;cqF|+a@dJryWQpYc}Hq zV2bFlbCG7$q<0%x5CRo5#n1!M-)gYcSu*ZyQb!{dmnNTc`JF1LXJvH0LUiQ^m;_ul zKSj~45X}dvDs5%d95(iADfFm%;H{u?mQ}V9%z~jKVUOE8;Vb6d@o8q1&+qEDn#bVP z?`VU+M8MC-(bq&VG=k`_p{~{Z*IFRu@?a_tp)izi4N_YU$%Men!*V`ZAjC& zRnk&MGf&g_U@-7-)+;S!_~aGr8op28dS^qGO*I&(jWOAlI(F$Db#!1WWvp`~Hk;sR7qzxb{VZFPJiW7Kex{F{0TZ&@ z((dnm@wFCA@1%D31knKPJJAX|Yg(%L7YhzcPeuxI>XWtiB5MWwn4vlXq}voW2vsiG zH=1{wbc<~Evny{0M4#e;WsNAoBfTT4QT5~B`y}w4+i~Q&l~;N7XvB@Ha}t#ruytcy zg?r+iOv?vu)xrfri6H!9Y$MyqGbQc32&51lV@U6n@RQGMOIg-ztAuvVFkfA3&*;fk zpkJ<8#@JkVCH#bl_%g4I;Z`^PHhkY4m#B)?=)-m*GH>apd(Z>}vEghJ6ZFU=FLMzQ z1Y$3x%@qD>un~{YLgE-6u;%~kgaDYOkbb7s8cs9Yi)YGYw$$h?ZV;ur?Cz}rgj#>G zlQVvnL3MbPMBPX

    o%j^AoyM5cR`a&e;+%g7z4rUxo`u&A@#Ld@I@|Wz3~bV&UNm z9G|gT>n1Mi=Z$ZHi+dXvSJ%m10Cw7;NYpzX9v`GcD`=$j)zCT=DbEpyJ;rt_6Y{l> z;h3a);g`mcnMqcWG>_&utT7vjHC4*I|Ipq~c(4Q}>g8z(2S3}hQFIbiLF_jmmtiBt zSpwM;RGCXw4^T6slMe!RWIqBqlzqZcg*Um5W<_Nq0y?)AdT%X$6Kwb##BboD7D(>p zaBZd01ktKGwxPNhr-x?(}l|t>{GC_doIUAcAJiClwWo7%ZiY1bG&-%doi0L+5 zos0-*MWwxGq(a?TPxgSi{802C8oqUa1tYnL5NG_kni}^k%Z0eBI4^NjBN2&hewrxa4=7k&QxJ()ijfB?sWx$* zgc+jZk;q%pSB!B=pKI$htCL6BD!v9A;<)pam})%U|5duyf^G`6!g&&~^dM(zgJrsI zDpzt8*>wOmbsSQm_1lD&DG*9$AncA3O8BYfNq^p-(0T7SKs!_|j39cAkq9?sIu0QA zX`%SpDUqcS{VXl<>cO+`wH@BsF9r=R%}Te0?uF0fznk=MJWImlpV&1xjbv@?CLf?# zK|qWZ*9m>ef~flN-H33c)nxDJ7=3D`t#mRGBR25zP84HMxYIsgj17lSs&0XV$$O($ zW7j?;R)3SK+>J9E2S5!8OfQ`&UdsdB`kW@xCa6url`!I)mReIw2LJFK?vC~oXDo1E z>cOhT8~4e>cRM;(=5N~`&zL-YFp7*O1ubBQoW{|7>#rq(b%#A%4RQ zo9`^Yc*F`Vw5c~Zu1%;uDZIqve-_X0iIfZ4hcge%gtGh#(hGjXp;6q>o~7bF(oXuUtt6E zYAO3&$T~HN)sYv}kl=`#hjVRVOlL~6R9-*Lj(L1{`o$P~U%>t0;~AH3&BMtG(>T;0 zK3x3KS8ny-7)R@4mDMFQdAIk$ms?T`w=e0j3ZY>wn6gYV94o*6sZH8Bp zkHI#n*LtL)?wy4FQ&jgX3jvk(wU(n?{}J-u zNGDMDX0!pTgIdF$){j(BKflNiMUV1hXN+U&znR5~Mw-J&#@(#%356J}RMI%18&j`| zy9@GjOxOg2XNue8_A|?xHm-oK9!yrE`RK&N{+1Z0fZ}G$2c}df|A@N(OX%AFdwA2@ zd4m_cjvDCdqxTm@K|K8JoXYPMyZa0s~?`f*vZhpW1W|+@;{O&*N>TqaoXO0M~jL&Z{tt}IP zw<_cIrl|a;ul&aLDTG53!yiahm|+L%c&H4$SYT` z`CIkHLJ01kGxLu>o?Uy_-+VXE-zqM!-+&L%ZyYb%KTzKuqA#fbOmD1*JoUX+NJYKf z44J<@CjWTj3VGQMdEGAjvzz?(@HOP+I^=oV{Lc{e+mma^%l+H!(2v(bsnEzweItjm z{~JSqc1%bwO) zbqM+~VLpF`IxJzO9E&C?R63B#YuPwl@Au8Xuy`lp(7nY{VSzLugeAt!`_D2NpH$i> z8pNj>`D5kQJ)Pbk%D>`E@a_XC>*sVcKUXpQVRc&_MzHiUkwPgIPDG&di5;npv43^eX>j#7w*m82W!D-LQr;zy2y}aHcHQ$oZqjY zFmvy_wkY9Q9l9JhJH~a-U~S{ly67Vj^6l;xyz%BHL!`K8IlcY5fp`X zB(SE!yqnH%xXJC22PAq4^N0#kEz@>u3#so4)qPU@P9qzT<9hz^Gq2*HC<{32KUM(7H87e-13%5mFT#vr$O^xukKH`PWSAo|{Z&3aq?9@w zGzbJl7xQtzMZIQOwP{geF|?wWI6)FN!MSdogt~Q!$q_N08^A*R^1zW1Ww)mgp31_7r z<{a3+S^@OLs;`_yabx_n1SVn_|DcTG!527wGS$+3uy;J~q?8Hls z*67OoV;KwXkN2vfF{qc2M;X0YUVv{$yV=1QVCu@yxj{PZcpNeN!c#6YIDVc0cI*_> zygGphp1i`v_p#W-L`Lsaz%) zAJSg1dIi2iug|#oe7ejV-D(?&7F=W8?Ll|Phk$>ID-CrYvSz;kyEnA^qJMG3CJ`xLYkl*3bN-ym+#MFekQF7I42i${l?HDG2c26egfi*#RBM z_!JZCFibEW(cnugzywb$hGeE9!C_;{`_sd@De;&Yj1<_6P>U)1!G@(%vWJgk4}#Xg z_*Dzym}@-Y{KOU|3xCKw;WHN)YO5(*5GTp3H21{1MaWG6Ao|LArIe$1j#yqd^k!{+jdGGX z^h6kj@*ZPi&mr>4O_&NBV;d2oZdiIN^EfE44Xx;E?4FT7i&T>3&NM#*!$A%uAT--s z9d(^D9(04BT;AIDXcRFNy%A=Ayh zRrpdFA{j;}o;T^)b&f)@c$$16ZHKkD8ESEMk1E*$hXku;s_;ca1iNvefXN8CQwcPI8)x@ZiyFOLnqOoZI#L z_*gBv$+*Q}w)eHf)ODkvZJya(N70lR!DQFAc)okpITmDy$kP|&SLr^u`qudi!iO z9_KAk`L4TTTM;un@l9zwW7B6>Ve`LU9tBXX`)Ho)eu4UOH=us*cTSP6tw=O+{<_O^ z;O_;0&%8D~g-&E<%Ec=(U{P^34Dek>5cu#jlk+Tir{5H4sIhh_=a$_1qt^O1Sz-4F z=@@MwIgn}VoDHRcIZ^$Cd<@&3-k<3DaaUu%cp}cFA1}YCuh+%yfYjp$n*8^W`QW(fGd8OzH@5`{~ zXbVUig}U1LCp9s|ZatYd*b?Y6yy8QGH-eb#LE;tGE)z8=!k!x4C+(d+3Az%;WxsrT z|M3w8_@)jJIycDj40A&8wAy=lTm?J)qK^Kk6j{E{4amDs<)Ez-r#6M*5upSlVrXb! zVlk>~L}&;@9Joaln){v@>sTJ&kRZ!Lbp)sj*)u1&nCj4Z-$2ybr!)>yh;zrv=~Tt) zCrf-_`#w^e_0=F|h4?Qt8Pb;5IqH1x6(KEk!{$q%gxW1Eht-(!3XXU~Wh1uG1nn)*K=ND}L zx_1=_D~S0`E&_VijC`)ZA$iR&EKEnngqB zPZUO^%+DOhY*T3@-A+NK4L?JPjpGl>55eA5RZLLVm358F*8Igt3%q}|J6(?~&r(+_ z)<&=MXuWGV;443Yd)}{@-8^(fBB!>5WW#^*t|RPNl{{ekPMp8l$vW9s*V**_H2;JX z(^hwaB@&2?L{>Bwp6WEKjzB?cc|&SzZ|x)fF4fqkQa#19Oy@OEGF`Vv$d1L8J;iZy z9}1(;mg#JGOctpHY5D7QPb%v%@#;LLd{GD6x7f-2(N-^j8hq}YCX3IG(G4&xnZ<>H z#=k@e9Wiv*boH7FAY&Tb1dLKj+b&csz$Ue5%dMk8myFrPeMplVsaq|MA+CuRsEX2| z$*wV-RvBaFH+dH9bsOdW(uxKPd_cv-j}J}BHSg7y|4ratfRfJdnH1Ie@*7Rd)svk0 zRRWau)iOu&K6KY-;c9eA_uQe7tpBR1yP;bWzMmH@qEm`7eD{izj=38*({>#hhTMXL zDCdiH_^^g7etlDy36q_DT%HIltD2N0JAAOOsf-4pYn|81CX{b|AWQxg1F{?mzFTG9 zgc}QE4$o~jvp{`E)m{Sw@QfKKr5S$GVE}o`aer1k$_fJ8cPB>`5~YUKm*%!+Z!L^} zWftl$t7(j^85E|j0CS)3YYX!9eB-_N3cyF1YPVD*cm>{miAf1;UfWPG|lJlp@j}D{1ycnWsAC9;19{{YHj7y5tfIvw5+KEs*o^1{H9g?e4dh_X=nXCcUt zVSPnq99lhvFofj#gq-BBd_%?k7G)#sb3X^X@BrK0N~v(Ny#tdfHYvqxBfwKFEp| zPlC>k>v?WcwV(ImwdvHvKf^uVKvo@kf{$9y&tYd=mV_@4Nuc-Iu*7?O<~_EL|1`mJ z60?uO93!@I7`1fFl`kP+X32Q?$?UZ z*9hdrFCv7$@+t99u55xDcDe{Dd1Eh*@(fOzRkpTZC@mb0*2OkQY)tbuY`*d>(OGCx ztYDO~Z2Ij5Qn3!!DqjDpfgvLQ5d|Ko!=Sx5yr=kQi#F76jz%4W$DYQ1oiE05VfJ70 zsr+()Z_djiKt?T_bI6S!c;Egz3Ob7BTO|J@1kWN|hbrDsyiZ~i)y*S}dcV_+BrlQZQa7 zHc4jDt6dhf`;&jQK_wscpCA<5rbE&Hd%U66V*>2M0pDj?TPUe9 zMXbl+@h`>IdG`ns14p2%P_z)8EdPS6ooL!ruUw6H@B1B%5)<9DlY19dMeBzY@!U2- z>?4gS^!6nR=mSIxhRT9w3StlYy^WQz2lQSUAUaJpRFjF00q#FTQ_gb+kfx=-+7P0N zEW7FR_i2<=b>|eooV40W`=A&jODWNqzLrMBaO&g31*lWP>-3(wJ9OsbsA3 za4C_LWG951BSh56EjpFI!(2N-Gnoa?Nnz{XmOPS$Me}nJ3#@OSwgR3kH;njQp%oQR zmGxbiKyX-@iPSyqynPi?2L~y2*2l%UP7+gP~9Xd1=GT$ zATI%;q5QK$SDqfTV41V6JGHvlvAu^E9>H*W9uy_~P7Lr%(}I=jQ9DMnVx~TiTW-*1 zxeG6pJ$2I8@JIiFY8*9k%fJSZ1-s zn9tzOMb+l1n;%t)@M|`K!6L^n{K*tlMGSb|T=gs8WmZ^g_!A8IgaAknL{1P%(5GPR z?Eds5{HFZ+Ve$E5+FpUs$~F@jR0Sn(O`uL2UeNM&pS`YTBPeMl@VPTAk-4cxOo;(k z#vGmURc3cSV?d4)%GM-&yBtKd29-+d7*k}3`iP&l7u_bVyI1&ooRK)Al6;o$ObdoA zGX|Objw%z2g^CNNW}Ms)@cQu{x5P>>g?jQlhA7lGNcjMcwM@hoY?N(6^bI#6fc=^Z zllC;zNlREG6>(U@GOcUJW{NE_M~XlCyb3SUS>dt61YIz(et z#;au_>o%W*_)*kztSd=>yz3_hsfIfZ5(3|!REc$|Ma<$1Z&h4$Ji$yq zw_n69O5BH48oM-2EXl^uZI5_zjdBx4zy5LJ%qk0$aC&d;O$9-wx+c@lX7=LG)xc>B zwy7?iO>lZVR-$9nDpAoQaC%4dc!e|`o~M!Dm18uWy1~q{I}=^6OXNXZs7d+@Q%t$R z!vqR1i&c<}EhDmc=aWaaZ|=1>z?I!b5xp9d3BEg^HirESXHW=-qyCJE-pwGLwi`9L zGo7EZFykir?S-@=_|I4;D)#Q8#VB(9ToTPrlnb5pB(UD+%#ojK7JS_rTN#1^ zEDn~83PtB-3QTj7K;76|f@C?dQ*^I~VXl{(nDR0#b=4zgROOZn7KZ%9AnPxfEWo8# zwiq+-?3b_Kb{CWTQ*JOMvi`DpK6tfE(}a_547F{uOiMynfdR^Cc_C-A4DQoT8Pl0x zL0fsI^zbv0V6#d1SE{TYBo##gEpB4|kEQYyF zl}KIHapW5H%2A|VPR9B7(r)uMM>Ds#_1$Q+tuhSrys^vLe+1NP=-kDz!2GC>y=hYX zlEH|e=C47*6ypo^1m`!5&Gx4)NvLd^d`o)@3lSkC5OEn9l9#*%oOh1Rk{dXc<;N_o zMxfaq9lGK4qL7QJ${#lCMe;0xFBszoQC#kgJS({U4-IByR|o`qmjcn|M8=BxjR_k>YtD^UlixREBen#6oE`VVX&$ zH@SphGwzrmaAUEnR)&;@WwVuRg`xwGD*L-E{IqlNuQg|QGM~;Ad1JeShElnDbR+hy z?M@$8kuC_yey!=_f=^g7gGp4@wm8Tp>1o%yn0CD7jJYK{4Bmo?)PpI2u}3B8j5%N5 zwVXJ=`C9}#f%H&YlPnE~d!|{!sbd-(7F<(IT5@4spnAY_buI|Kaf%?1$@2@16hJcLBJlR*w;PdDdy^n9dh9R)= zxTtC*#d7J%tc*&iToT`onOCt*MQ~RfV}>|5MkPi4QQxdE#0S;*4wF8n zS(2JQq@nxYN)M-B{7zYqd0YXh?%+abYlBs0Jz&&^9dOdpnRF{Q7k6JT#25EA)p#FB zz9pbovcYc^q4HiFi#4_ODtU`ZzoFngbN0uY24J<-`cmiY>xj&I*$`Me-3&excCI zRGNf6S;WT(`Y<|nLojAd zklx`JZw~1?$7?d6wl|e)QCi8_9IA5!j>cxywHL|fpx`ooRLvRxKxGZC~?zc)nHLnxg-IRb<%vqlnT z6;x23XydxO2`TqOkS>aet2OK=lTsMMf5Q~~-U?8B)^S8(TerltP*s!$Z!*{CeF)=% z1Rh!{;+vaAzDz#wYrqdyw9RLQ;1c~|JU5qb^#2W^Jy!F;_? z;+eu&j#Ky};8(r0&U6yao3Nzb&5){2jolRw9p5CFUN;XA+Kk zZsflXdsdFa5Ka-PGU$UV$mtwq&E`s@&%4%r&w{JB@K(wAyrn%n@iB#q!{5VsgqkVR zP}I*4I4Iyw714H>{cBJ6;Yx4dgv1ms^heBTC0=BE2B$e*!Zr<~fC|1!QfyK5N=fb@ z=Tl7c5GO)9{Lhp^=O86`AQjH0(#OE9F)>VO$IrJ^LrT-#?DbO ze)(1_RUUNCR&o8f*s>koiGjSU21xo@&OV6f9;Z=_1V`iCuYJ{6GEDcB|9j8YVPxVs zI}q=Ry$e8Pd}VR3C<@YEN{Qqb@a2Z+8hUPyq1J6Oajs!COg?&~DvOpQ@Y@U}hgiU_ z^}0wCn0qcjn7UbtrE^uXV&FDGs=<$QO`3-G!Peres`s*IZnXPy+NCMxnLgEGw619g zb>f|n9*RfpO$pwHnK*2QcN`Oi*%WM!!r32S-C1m;$_}0E+8VUlly%^`zZ=M)SzjpR&WmXHS_aLYb4Z zJzp70=diyf;v63>(>!iiFzwyCs%l;`6_5Y1b2fOkDfK5cwr^Nt>SATL-8j>hV=y$R z4Bw8!bKAwW`y9rB|I92~m=!4w{TSGhFybmPKIj5FcI3TstpyM=ER7$V)8W2>V_aDJ z{6fI$)Y@NrFK|)w5%bs^@3~nq!daCu_JiTs=qD#2opAfX<|;!S*r3-jN9wFLnQCuL zHkeqkIoLlPt1Izu5m_CG4X?i>bkoHIf|vcYXneErf6E z?1s52CFQM7ACaXEi(4I}LK)ZbFG0iph^JeY8nRt#odPNdAS#i_WPYZ;tJ1iF=0i+K zPLaq0C_ID}s!hdyATj9tOt8|*8EVi&Xh%NQu-RNM9Y2aM6o>q-!QqAsAM@wE;yyLu z)k|?oa+FE1sd@0tNEw_OS1>1@E3XgF*L~o1R?4zsBI{vj*hur~Xeg};fa|75Dy^Hj zh4JH=iOd)tTrhY{11Z$5aMQRg_k2jZOBF>^_Dsra!JJ!i^zfJ0MMWJ!_;>%x7ZlmR zNY@P!Pg4pQ{blVF?;m>dElUfr5o7u`V_>z7+^SFV^$dr40Aa7MRL!1-IokIVPgBCbD;m?BMG0*TI^1|Gz5JotBn4mZA9qy8@C zQ{l@#kkBbq;YM$zfh6t`5t#f8!e2T2C7W(22P=lb~*AgIsf)$ z-f;0y*rPM>V%%9V1_pEN(3VF$FVyQwy|`(2v?wwW40Kh5AH7#SL`z3X?2s;Q-Z#aN%2WYt-7%!sPPKN-jEgqtQiny0>`uq1J)y*m@b zVmxcS>iTZsj(c@nHN~()Z!TH4GsfLurL_}}W`E5J*tJ)xlFLUV!t9_z(BpA$j4;v% z%kWpYSZn!QmyelHI<{$~8S)~eSX!`!Rik~##T`NQPPI=Dz26X^&5#sjxmn4zG^>0X zmo50``e8BRh11BJbM~lJBZYM+4+jp+rP=r&uKrvjb)+(ff*sm_JIE} zf<;$_)Wyc;3|95Aicjk;j_j^q0^>dau`EbQ3=B*Jb6tlUe*lNS_6{S<{;{zX6%HW< zj@N{MjHy(S;pA141L@SzXBW$b2d+$vVUNel&oI+Js6alnZoW&)hk4+|kPd0a)N?q3 zxo&RFMlPzU24I-VwfwX*VlW1c4S@cm$EA4sz7BAE5L~Tgraa#|9$E}$Q4eUJ-RD$P zJJqOU*i7u*Yu2zLV=G(rKt8xb30dzjQ(3~ff8JxFR^)#yPoxl|!I9pSE#2;7jpN6l zpkNNY_sDR-O<+;YOTDR-dFHc&r*1tSvSUfq4 z4l7f)n^Q<#$b8JBxN~Sc{W&89@;EN5n)2DKUH8jY-&`$^_>oXnwBwYcQDChC%S@w% z10B0GQ2U|>CIc-3^976tYI%))0?l>O7HMT?8RrP>f9WZ#^sWC@MTAEpt5VYRUaNn4wpN==IbvK&&HtlTr zsl=%JX!%erH*ZuxUl4)8SvYrR_`Q$TzCm^y*_tnOkO!?G#atjBn0>L9ppv&jVbl2* z;Ur-lYe+jLJ|UbKfwQbaHEq5rOg`|)??7{~OVNq{QJBF(q=>0IuyWxR)IXzWhm*xh zmpzjex$5^T&Gnyl@hxRR<6c!1^pbG8$>X2*4$**p!x48(pnKQ~n?_cZ2jS{o?sW9f zeQ_USERhl+&c3zwfS)v#er$|QJR^glmhKqMgN6hEGlK}YRT&mRh~yx+%X#nlC3oA` zTn)uMQoIfS>S#Gl$nsXz_hP?Z7b=&<+F-~~)MfvBCu6u>hbZ*xdL9EzVV7u~R- zbX4~O!*IfPT5&q+agI8}XhO#t@X-8z`c@w(HvG~_OqR8VtfZ)k@VD~|Jg1FpuDl=5 zO)2XcJ}q3R{^?1F8?F%dAU~=C3RY4hbNoE27D^U=t9t)n;rs+IzhEl7N=d3GgnE9& z*;GUcbO!o+#2=oecP}r2pJ9OJ>laBn6opn3saSfp)B$9Wxr2kwhdFL9y%%W8Izwbc zmWP7D*@yHWqI=g4fRBCG(+b+Jf#a1VFm7L}{T{gy=uW5h8#8;dG;)?Hp5`-W#DCUj z&hqLQ7uDMM5PsPZ+Ca=@xKq#hvNzab!*w9M?Q`hwiQ}?gH?1shNf4fqOKm$&j(x2F z>}j%?9!`_N4-0Z!qi$<>Wsli*2Md*BgI0ee-sp*zht$pLHS3e`fi+%nL}^0z@y zZEn+9!j$%K-%F;~KSh?2JSC@2Z=)=Lh!bt{9;P57n-(JDC0>YZK3X-NMX;htA-fHN z*P1`-!<7#dsxvI2 zKFGBjcjR!4&rg!i?_#~r3!n0XJ^uLe#I0fdHVMXDG*>+i}^P!WswP*M-9VW73B zZR~TmcW9NHfS0jBs!4H9e`oFQFku0LE0!QLfN2O43uU}rda)3l-`gu@B|SGit775eu5RR0=#k$Q)2vy}`3_NHNkMCsdii|__~OGJ zt(>Ma}pRggnq zft6xZ?AU5*`)S*xtK@i++d^nl727GTVEv=CvvO}^7BjMy1~Rd59GZ-Px_!L>@!S8W zm#>V8!->Ad-Q9gDg~i>y#hv21xVuAfcUiPpk>ZPMad#G4yx2maxI2CQ<^ScqyySg+ znPieV$>e74y_uYIKOAD3hXG_`0|NV;+TljUNwuE!l_`EUWt&j%>}%^mNTx&rz^v`X z@W;DgZu$+fhQvq6B2!T<`mjm&_1d+6(d6b4-wES$kVsJ*iHnmrz^y(4?#6N*+?C-} z#bg)1z3bf|ThnQf@TDH$Fx6p~N5!CMAK^MVjq4J|TR!sSg2LR`8T+;OMNT2)3tou9 z_@W-re~&-Z`k4p3_O6i$uVmY$Z5}*WX`}Zpps|KG-0Y5M!sY&%+It{XZ)w8@CxoyD z+1mdQ1Hh8f|J^xk9c_C8&AEH8LmRHn&b;}*PT`&94^m&f~ zHo^vyNZgZ501P~e;~i>w{Hb>g9;iAV#@`)!^im36eB3blgc4MxY>L$2BB1~7czu%D z05$J+r8rU4V&Qb1K{Y4}@L76%6`oMN2%>Wak?YlwNZ8N8|Dx1=#wH_i5RW&#@NiKFmZ6zL-x2GB#ee999c^FbHzMK3aA^jHA2!lU zAi>78;_1d+oI6KaP^#2^)8pM>p#tP;g`3!Py7`iIYDDP4?B+*D_`j0Q@`2cV8!PZy zIEm=42do(?rvC~7TI;$b21=SwoR7hkX17al10_oWm@I349{H!jwaYpNgwALvO1u?K zF%*3vl1U}U)Y7nMPZXDlbMBiRt)InGo=;DvVDgW7$pZ*@zPGm2q9h|!UF)b${92V9 zM6TI?rJcONNbg%uFu34-Z64w{k?(wEDWd;I1x`Qnul5{uH-5>4_Hh&=N<`Ho zmwt$+tm_dO*buc5Qun8s$OGr#ADe5Vc^lGKs`$O0CtkqjkE?HkaJAp5d*l39%&&ua zmk8aV<(TSC6%hyEW{oD%N%xeaDRQqr!!PKQ{!gH8oi(it3pnL+S5Q8z`Ju);mk!*w zlYtu@$%^9W&ub(O*wA;$io3DfD0=r347zDb({DwjlG-CBqH|6`Ze%ARJ&6to zU?C&&rjQ)T3f@P0fyk7?1*$eRvE?5Dt^?-9i|J-^e9L7q8%XGk9) z$6*9~o9MWIl?gFRf+dpocHAm{F#Rh8R`e7(&F8riCv4v}?;|p!kFK-Z{;AOPL1z(q zn^dq1d@HH(jO`gX9>}i^232{ks z?&@iGKmAjSd22HbH4>gCzJB;qxPrEi>jb;Q@aN6lGXU=~| zW%nY?1w_M-%>Sk}y#14GbW_JP%kA)mPUyq^=UI1wP6#JmG<3fl!r=q(ip9LFiR5~j zuO0Py6!XZHAsp$u!v@{IWz-C`zu8!jRn4^0^t!?KD&2B6?u$kRt%{BF9ROks1Z(S` zS*WMqMpH1i-F-H(&TH}WfJM{c4W+hPkLkN!U*TWTP z0xH?$sL9Zb*Y-GS;WAzcQ++(ZbJ$sY{d3fPGc!UyKG1_hsi5+~ke z^dJU;DOgQ1Qy9~a*nNSG@#>y5Al{X@FE=A%6xI5gj2`}@k@`Kxg~FO%3Unjer!GJ8 zA}Mvw0ydr_dgXSU!AG<4FwN_{62*f_!w}m}9_004a=A1nfNreoGvxzQBF(QsCN2ON zdnSyHOiX9T0?xkw2*&eRY9{whkQ#S}DZ7&>lwR%0n$he8a~*qvCbDNDRuPqFu^vzH z;d;Thp875-sOJfy$?_}gGT^?EuZO*kRnXCi%ew9 z$}U#7nrJ?g)L)5ugwC;$1#*Y>I1v-alBEv;T4E5BX)vl$*+|EilzInfYWHmmN)Qi!P=Y zM#^6_b59$9UoIZ<+sK?_K@d59PJ$OK@Nfd25*j1sGL%?Rp8Vc~G9Qj;b;bv45~uh^ zES%6b7J!o(x+Yr`YavVrenKHcC`PnIOT(eASOyspHEu#b_EMRdJlO!v3U2*j^;>BE zM{r=LY1<*up}xrS-AKmFT#)AU=eTqSk$O3ri6cvVslFv5kNl2CTVaK+L z4yQgdvn4uwGPyN2hOlP>+8G^EYq9$lMMC*jFZ;RS_?P9#o(_^LZfdcBm#Jqh7C+i3 zC=LP9Mai7=5VUgt7ls&^xkeMrI7|1Myx)~)w{zX-DPcb8j^`?y?ve8VC0h6kmbNb= zHuN|kF&NKj`<)2zxcZKoutkB0=7RcE@%)|<^z$b?WconXgfLU?_2DNd7sWleUo|o7 zt5HRd#y}IAaV|Ib)MMErv^kM3r(fCY^kz66~5M4#F9O-+LVgpeaJ zvYF%_GK_PKgO$`Q4di$K8go=HdZ#iDG9sYA;ojl==!`yn{axQw&|Vzx>Y*ex#aw`# z@_In>t(B3Y^x%VkAd++E9B{MeCx}AIzyj=S_IwePSJp+C$Ox`i_LfiPJ$aG5?Zz5( zCC_RDvY2YM#S|LR;;!4MXm3KMAueQFDdj=@C{pim7e5b~p#C@iUeg0{Me;c6D>Qq$ zjylO*Y-QvDfJF#+l+KKHCs(p$y8t^R!m(nN?WtN@WZH{q*(l^D)+sUmO?Yx%RR+SB z&(ybLxR(B#Vh{S`v`&73j?=$4)ujvI5Qu=$t!e(^*3H~f0{>cC1df=m2}n~4_dDbB zNg-&xq9WS+k;ontdS6)5VEl|^*glMyT};JscM8=4rZt{R@5=Ji z`+O|Oiu0C6tkOmT3rdVpkD1WYT^Ch9&4Z3gYa5paG7Ae`oVfbOegJsWLKlzgLhVj? z00o1zU5G3YS&HC3u{y-C?U|+@*gvu)m->oqh7o>&2oB0ylRw^*Xo3CvuS|JmL$Yz& zcB>V>igI~#Vok>|QwyDC)U)Xym6p!@n;=vRZ8%j zT2%U)dggJe@~N9lHTQm4A*l0TQynpTUqXP{-~vNm-J)#Nr~cHfl*jRameYB-jaIJ? zcWnSHtO;w8;@P0T&3Mjt5=lurt{Gq%;aGu-q7MRo#>g#nnkQve(oB~2 zaRlp1;gmVr7kE;m>r^Hx(@sr*lYfOdrTBOZrGN2JG1WWhxqa{A?)du+LaS!$=MtOa z()NlW9Z}~1#m-zxY3dT)o?tv@t)}cumnLV(OfXx2Sbx2Kod5COhWS#Ettl5aZSdK$ z%8W|_OPT0u6JO8(@od{tsY8Fy7DD7w>0?H66^Kh1X*}ZPHcs)Nzk?Slb}l{hQ7v<$ z$vl?P>bozl^%wqFu=R-h($I%hkY-PpQwE}d}_ierGN@KPvQh`)}_LSa)YnGO#=C(knRk5Q1vP; zsSY4m6c}5FRCyzUaUW48gTB??S;M}oj$8~g_O~NMBWNfg`cfud6jL95&hJdRn2{-* zLoI+Z)qz2(w{QLf)zZJ8pg9NMO#iQJkpKJBz^F zaM~k=zARU4aEdyq5ucX~YgSG!|6pSo!pv+pMz5DaibjEKFvs!oH0PD|EMkW%m|38Q z5P58>H(_|ntHg9)Axydco(fcc(~@}zDQ<9qo@V0Qjdi1FqD?CCZyvgM^Qq?VJZ=Q& zS>5>ZZ91Cr29cCBjXH$@&*jGn#UX;fiCxlM&&39&QvnAp^6(C^Y3p;-Ec}Z6?o1 zeZot_+|I9v`m?sIE>SP;Wd3Zha?$b#&D+Q1i4^#$E^6kHy3s_;c{EaGj$9YGLVy%{ zJZ@%rPs^!vW~&n)XDe-MrGlDAKd1q@tt8oK@&hVi0mFPktuX?ICu6R3I)8^3UWWXO z;9nxJr;Hyx>@F+y-A!~5*f*4=XP~_G`jN#lkWmkzTjXi4 z)w`4i&h1?Vm#pbL+`4IjJ_=zbrkawH%D6nT&V3sS2`at%$L9ZPe=5bAGt2K4( zhrRH}dQopOAtdgR2s8A9R3_b_*RVwH46n~BtL$V`32nN8=Eg^64g{1un0|V40;Yb! zIWw9)M7@_ZUvu4ba<CC}vC4R7A{H(8cr{B*qj7s%+=0PXRWtUn3x z+k11h0I%IqdLZJxo(gT_FhL*TsC)my4Y%yC$l_@(49#bgKe(J!Lg=Hb$VAn}c-@o@AahhK$HZB^XKOjydg&-lPCP8gNhhMdd;A*&V_R%?2dXtai?+M~yofXGb-WzkPG zV>KA`Q1A--I`%z5V}Uk7ZMDWzUl>Rp3hvEQ5mW>(85v6vED(p&#wx0EyJu(5!}0PY z-73!~O$29FO+Gs(?TH<0ADNGT)s(Ye*po8ZC`QG0(S(KF;od(7Zwbb+Va(wbFgY(X zp)q`m8BHqEqclvml}<=?WO{oTv* zEZ_q;fJQ{sTaIvE(o7%ftF6ECbBQX(bxwn2AC>SG-92@3_|MGt+qKFZ!P?N-Jcb~{zEzY+ogl(TxuM;l3%dv*kal5To!lVW*C&lDa%!{ zQxT&K;J`FnW{!>hzo&ingbQ@>r)EZF>CdBm^uh)cZ)r!b0P*QKWOS#W@a*#&aw zxRJ@6(hAj_*!LYz`el$)4~U1R`=ywk1VwrrWD~qrjQ}HLP5yZL8EHz8aPac$8@5EA z8I;fk2i&sz_z2g>2p6KoKIR!JxawuxEBVPjv@;p2vQu{^@v7RvqdE^u$^C}S83pik z24G&UrTsl-`Wvv!Q@}*kIYKeT1@HDEm$}f(glv=Rzyjz>hc!bEu6OGj|voHJ`i!@WINi zXXa0vDv?DbfzWC~zwelds(JD+x!1?3&tzFhr)7DC9+h*;Xorv{Doo6++agXZ5Z#B}I}GtE7bG>1Bn8aBV;v{v`7A%Nv7 zO}GE38K26SYoXC~e+kA094f`Ke7ToK=aBw^B_vfi+&cpC(rR<8*(whOsN=g@3AF5T zjSg?hOJO{N<(`Fs4S6jzn2*l&u@<>j;$oRwG``!qB6$cdTmXwtq5R&`2Kt84cVS1C z^QFu}VY)PahgbZ;MkPg&+xMVn^?O0C=w{2*&s=@+K>VSr<1_TyHs>6a ztVI&68UWkHqn|)hKF8JvyIp)0w5{M$q>uvcK94OD4u9Xkbezw2Tdn>CA33yh44Y(u z>j9K8XDc`f_{sKUc4(KYnq4fu@q7$#-%{1JyGg$P!3%MdwC0m2<_6GQBZVcPV<~D? zU3(!_inpoyVH?DEODG#xt%#VX1)=dS@?9Fg9A9-EcT+2{NKHgsLm6GU0e7c+P%KT2 z@LGq)DE4GJpD`~9fnjQcM***-s@vG@ALuFK;yH!r$~_6qj|O|5>wWG9L^P5)w-z$9 za>&^-H5fJGj%O}@F7!;5C<|8jkPTbK)LZMr6~0p(Q56DF_$gO}oM6nq?ap0@$-kb~ z@-@`z{PXq)Kf+z=;h>F#xrS9FU;hj6ZWv0rT!l&Zj>X!ESZ*?2i{kfG!>w>{UyCEu zzj&^Xc4n^0eu&c0Lk|-A(Go`N#K2Q(BScH60cI|ACIx6%##*CaqTj9~g6ASwE>=!6 z%D#2I_Wt_xy5n~kuh*F_Nq=VMMc0y)UiJ z0wH`U#Q_VKYd)VBmYX!~UB7O}uHfbK`|ZsRPIo|erz|xo4RVV>cx-c}^Wu^&Iti|= zw!VB$1v}DXH$r3CWC2f@q;QDW0|tlQ*QOiBKUV{_DbAa9?m>#B0tfz-9*2f@+{?<6f5A~ zk}@l#l5@kuO^=UG)UYbI<0GSD#f+`U(-1dz3-SCC1X99;GoAegMgSsPBwA7|XK~8^yL^sQfRf4)=|zW+?}VpeLRnBydJ#haPuCZ1VIIFCp?){Dlsi z0t7c5>nvWftr?!^DeM;Q6CEI z*z@$-YJx)GZ(5w3GukFqh*8iA7~m5#%4 zLq}~%^E1Xtv#)qI!#jhS{;uuB&QM273<2uTVp#b91}5l zgVj3&T}g3nHa=6??uv?4_=?(nm&7i4p9wtD+5{n=yC~;MGt#Sn;`WaU)Z32-C^zOF zN&J)T5uFOPE;7AHpJA}C2k|1CI<%+*kv(U${ric{qP3caw{zYp-Xs}r&IB`pL9@JQ z$7*DqfB_!jRaO1K(FRX$MSk}^Ot2g)_*yw~!%uO%A;mXIp9I5}Q#)~E0`#yzn+Ow!m9*O4E<*bmpad#dg84wbh9TVHiUN`nE zE3^LE_bPthT+>GL_I6M(8C)R!GaVmu~DZ#vO(yZh&obz%+w z%7KOfJ;-~WPY9e}^eM-9+<@RZ;E@n%;gB*4%P{2&-Vh=a$pH01JRxZ6d+j_KCZ2OF zFP2Nr4}o8udaoy5zxGZ@gDXc#-~VVWmIO23<^|{bSMSOy{3yrn&RX|*?yZYg%puQo zr$Xudy#lUCzNB|l)LimMjvfV2B2N`q<7_M|MFVEo)^Gh&Oj*Y$hDV| zXFgO#X{)=>QtKE~-dl`#-qV-3FO!DVKmBlX2&X=9DxwCPe{eKgY7?>2TV71EP4X58-)IjT(ztm!rLzr)KBGMRVZqpsN9*oNK&=h z1kytC3orNpa|RyQ>_=_b2RT{r6*aB9(;kMCUE`|?Xclc~V&~T8H zO}Rdmg%z(Q4FnqF&aJInYWL3C`8_ViUuU;6C4WD-Y>W&cx5G2*;3|)mlj2k!Pn%IJg5EjVs;{KS-q9~6z-*|E5f_Osku>Wm3RG1v^Mu}Pa2DhvrCa3 z8_%>F5hDL-_DQ)BAVuM4)Qyb$gDq!^2A{&8nOV>; z&!jNAeYM1RmZX4Me|o18j2;c(5aX7FsJsqlU?~y*4Y)?mE4K2jWoEK9ELHr-*ZN+# z<^oYahYiG$C3aL3#SZ;iz2Rb@Wzi%Lr6N;o=)rRr(~HtrbH|oeUju<)G4+=b7=u^N z1pTPOeY@k)7xufdB0{LAiEmWOGuuC8#PG&S%KEd;&055yCwyZWGs#GM69N01{iGGc zd7BGv0qSTP8+kneY5(_ z*?hUpPskC0o@MjYM%13o$UV8;o^+v+rBfV&+6=A}&i6y}-awuG$qWA8vX`Db-g>iM zW;q`u!tKZ{yF`TPfZv@OhR_^GZ&`z^s< zqstuv%#B;P!G!dX%+#J^sE1PyKKj+~uoA^7?7Eh6J7mNT=AizsfTVTJ-NB z#uv=|oF(jiO%9e#gfy8Z%|Ye~uqgH}%!FT{_!hcN3hqeBCD#=zP;op6548Jd%?^Dp z);ir-mb`Ia18+X0*lskT@XD(H$0f>3T`HxZj9O=`8GI)k;U(2hOC7p$?^`Nn?$AxQ zBWvOpjy8o30eRfP((?BKJM8X=C7LbjRYzH(1t#SL>;BO)VV- zu%M@XuHSy{(qCSwH#>Hw(s*vbxD&z7cBjD{WmeF6Yr9I(vj=33QmO;I3Ne#-`uJ)+qfbknBB_@ zl%d@gfdd&y;?o^he`euq10Qs>4P@I~Sod|ffdb5X6{kGMwo$&|^sJVoOrc2{?ie^s z8JIa>{^aY}vQC8WSv;rPv%GmYYREs>o)#Bj+Gi~JEa`$-MG z_kopTW%oOtF0I8YWnJw>olrWNWx!}eQxtB{?RJvLmSml zt-16YF}K+1dO<87O{Hmg?gtR%5GUwxuAuo9vm=<9XqDgmQaU;RoigdiK@Lx@w|sPwwDaoM zoxxpBj-ng6)N1toe)qL<(!=j24%@afF0$;aH5>uU=XkpyqIxpgcL~}I~JDJ4*bmdU@kxTA89#p~%H$9K~ z%@N=WLuLoVqf*^{`hszI)i1XH@rlEl!JqCd*YCRhiZ@3*bzdAe#5j$hO30oc2-FLp zb%s+lMcFlvX7e%QmgT8n%7r2Yo;B!)Bv}QwNLifJ+XW%!0q+S{*+{m`qtQlQAe{`C z>}6}F-x|1r2;aALg+ri9Y;`UFzqh}phkp^?8M})7k5L@T|7H}2{QoeD`-?914@ZR~ wfQv>!frmqYgOmE-Rul>%JRH*h4WaxW5FA|me|J&gD8lG`LjODeFXj~<9OvKI{Qv*} diff --git a/web/vulnerability/xss/flash/xss2.swf b/web/vulnerability/xss/flash/xss2.swf deleted file mode 100644 index b878b41774e5017a570f01a53d244d230b943ba9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9416 zcmV;(BsbebS5pZCIsgE8ob6hBJe1qlUo&GEGvty%j0`D^ON5dxL?uFQLkhV~F1buh zg>FM}ijq?lMI^+~MJSaDr&8)PNxG_|i<5LYa=M*5r{4WMGYr)^zw>+ldH;Fq^O;$* z_jj+o)_1S9_TG<&3kt;mr}!|P0JD_<{c|9qkF%hQJ_*1jZp-Au$!-GH1B!HE=Aje) z8{S{YSRm8%r>{SxOG^_F48ADO7!5!KDT4H@_{iXBFoi()0sep|gr~&2BpoS7sTES` zQoE&YOZ_3GL9QhW$xp}x=>h3PnZIN*D5|nivL@7x)G}&6Rhwo;`-#SsE0dcl-y|~XcQNE$9C|@a^l1Fn6zfBuq|X;q%n_*~$fvg*)bX@;vmjZ%y=n zQTViILUw6yiJgB!nS0@u*{@7{pRIJeeAbcSk7m5|PI2wCZ5e{+okt(%ROa5%6*@#6 z^O8RkUt-g+%g0+|zPJ4x505otiOQr^TP->Re0MFraLUWjT-q|XbGeT%ke_&i5(rf5 zJzB#_>yyKcOMC6zd`@^NN!46Yr#o3Er*wDT59y!FdPnQ({`uMgf`6n=$8_(xmEL6c zSmMW>+5XwvmCIyxbY~x{97l@)D;A&7aWK+aP+$6JbN8ZW%dcj3k)M1T@5^4(Jgc7U z;kuU%gmzD0v`}1g6<$xCz&(+8N1c|Z_)?=(rGyD5(LW;3~*v zx3G?CQustUGrK^CRPRo!O%S$mv#+)?6U=!%eAYdtapN`42j z^F@$htnOs!^a1IVH;mex<=Eq6sXZqE$m{|bqqC76Hdzj&w1W7j5AV$Ai)w;PvdV{M z>e)e1AD<8?L;2Cr+DXY7sO)U8_8HjMaIXo9+W5pm>rcxoTW=23fSe+t;2FQMDC%P9 zgEPTz1b_S>5CZYk9w05&P!znWE(QaQVyGf-!&r}G_*c%| zuJ|+OwcV&`2lpG-`>w6n`P%z7bK=C9nBAq@Z#)eACBwPw1E{jH3A1Z_SO*kCs5~$% zZ6YaZMR99x0=0xs@HSCvqn2F?jGTH@W;X5Gm4u_enO`Kaozj19nseWc=+7s_c!K8j z3yE}9^KOG;@NDCgmNw_qUy(}Hm!=?>&%M?;*n4;x?NB`c%~b%DiXMXtRaFK%!UgeX zXDt6ceAks;cfr*o1rJ;FGip+F6+zae8mL=-xxUiqm(-P(+!b3e=Gw?HYhR{@hiRPT z{8Te=|43ACl-sS#D`ze)E1kydy!***GnP$R)-d+omz7LfJ+Ogjm5>tXRY1?#J+Yua z>~onGH$-cbq0a4v3XZ1pFw?R&4WR>eeMSvTnOk>cEAq8yvwmB>p*AbS2aDR)i4Ln# zk>HzRMdE|1bvLa1p=R1hmbsj7fFP|#gn+P>!L2K~1N&o?N(nB_F8r73x8yqz5y z-D2kY^4Tth$koR`^NzpITP?S6pnqT1eUralUEBF*F#`1Ms9nAGt}-*GgBch|y=ru2 z=A9e7i)wYJ&k<}EVHz%3hyJ|(T{*~4Du&a|#=^e2J&iMb+P1gn6oy?XYj@E#PpcfK zz7Q6pX#1nq!bWiAN_TxR2)g+s+f4iF&n60rOAgg+eUiJO@5{N{_uo1dt`c?ueP14s zK`+-Cw%dU)hcA<|EuZbbhQmJhqsk@eF^!qIYTJ9xPN%Q#?_VFn;5qeUjEx#WR$1)& zDZk!ZT+<(5RCXsZ&iBauP07y!OfTA^zKgDex9?Byp5SQTxmt($;&DkH*0@po=NB8^ zyQ;0!d46;BEzZM}5vOYUml%%6-0W4Iu{?5vyt5^}uO`v=Fc(p(^^MY%sFP zCd{DC;g=rv4col8($Vi(L_)@<`S%r1{Zchs|13rRSq2EK;VBDfb={^jtGtdSR|Bz% z3i1^U*0IFcX-OIBU^ zlpkkDgauu(QlInzY;N$$#hbU0XIoFFSOT5NhcUj|o^3Vz))ca3RfRx47=N<~Ib78O zG9`hhLj!r%ju~4!$CX)4aR<-0K;lkPITk9HwKL72IaEca$GuoP8^*m20=Cbg%rbU> zY0d&5d$@yI*|httFk0rJsG}?w-KDchz;-JRNog({eYESFHi*W0ubXYwKc^l6if2hP#tC)@Z$ z!4Z%e92+a^!h2OzIX2+8)pR$ce>l+1d-* zi`N&9&h7Bfl8fnx?*#HQ^1DAhXR&m1+Sn?-dV1a9c?L*%s)egBZK^yuHbEMwOM{>@ zExB-^FQ3%ZlU%q-^_g$h<+sVDQoY$sq%-byL-MgBsh*no9&b$9D*YeP9_C$O2W-X| z=ZfYHEi=89_SApAK8tpOVL5K27F?EKwU zxaaZ-WQUn!$#d5v%AN!IgeK6KJKj4|oezpi?%<&68BF)H+US!A^hJE&H21N0$>e|n zAr-lhu?4gj-YOiW^r)2MbjN8M038vbY4+UnPFC=mrMa{pcLPZ-u`ah=d+elp-aub* ze9sJ@JJDs&fNa4BZwDt=8;ivrq3pY9TR`^wqxxO5*I#z4 zaM4z+QA&M>iN%ndMKoj8-~MP2fo-kCYMwE+ouP;pxzLxozfEOV_Da2Fjk04e^{6dP zpJrP5R8Mg9DKHuiEU%tVbKqIF>|Ks-k8NFxKcnBE_wxQNq-Q;Uimr& zh@FX5@?smsCRJW==4|&6sB)3GbK=QJKx*h=>^apy2GS* z4-DQe4lCK^?VB4w@bk+CFKr;(T+8W@m)&aeG$TDgsh^fvdJxq|CMEo*8x_KB9{Q+0 z9s!bnQ{RQMCOZf`Sqv%0Elqt#ACnGt1FL}vm!zx@XP+}g7bv`T3cIv_etoE=pkYVF zkLl$b)g%3ZwYeLrs2Yd8?`i-!Rsgb1<7m{1&DDmoR(DG^Zk~Gq)V&u$sj|o>vSVNF z4F4Jw-KGYtqt1v!okNNmsA`@&0@NQrpsFb^uy|n%6dP1E8=l;JBe+Dne#{O8_xL2M zZ6#-xDkO@lW=7cH;$LEq=3G|X<>HxY*|HK;8oJ@RvVK5LMAWjS$p`twJz-$(5pjS{ zf5j~nymV*+Dc)IR#)YLlm$Bb!n%W}lY1%jfnxeNA2kMn_<84xh^NJUC}OQ8-TSp;PId`O9{B)=eEZ z6X^Pipmn6q^Equ+i)-#EC3CVTX~lNvKXA_F^46`adsi*b1c9IpNUPJM_H-@f6DJgd z@78l68_o=>amY@VTGOzg?yZ=b9@@oC?=lkCSO(;64rmx3Ad;uL+8DVm#D^18CwU@#wK zs!rm2l@=e8!%I%*Fm&HGK{*R#50)F|?+%?2=$w#t_r++z;q4E)p<&{f9X5<{=eg)= z7nIVFTuGllX7m_=hj})~j=0ksR3|Sj3+1%&@N#piy%}BdM*m#F7P>^fTcpf(3bnd3ss1?7ZhU~h!nTycXuR!J(%f4%cqc%T@ zEc^4+<~v$+f@77!n^8#`QLEj4uo*C~C2Gxc`gCe@#+L_QDbp@%*D*H85#u z!T!S*j;jiPE$ZvdK>L8aVUWzF9=df>YhSb5InJs{1F@A;Gu5|@rMjMvHeElyyIK?ya0YrpevAFLi?# zpA{&8%4Cwst5TEsDR21|)0yK-Zj{zVmj>T9oVa)SAs96~`1(12Rkm+8Xf2$WyCUcW z5Yc6YJa*kYA9iwxTKtc?UfY%R0Zk}cXtnP?_b8zPpz3E zuf=YTy+sf0S;u;u4HK=Sl)FaWM!fW_&HTMU!=&_$(sLzm?y z-5v8%rADh(jFnqREYK~ca{0wZtU1Jr8FTG-G=-@vs$gl;T|uSt?b!vwc%Lsl|1NL8YP?4qJ4xF3-@p%(=TUBbvDI&^epkw;jrZp!^2V zF5PF{Kg>Jk`bu!~_$eDy*#Jya)XN_$KI68b(yRmHKo7>l1TX|6Fa}eY2-9FX%miCl z4E_)R!4LwW5C$Ar3gHj|kq`yTAR1yI7UF;l%OM^TfCnpJC9Hx(NP=Wo4QpW?tXCEi zut#Wi#50qzhiwn+NyNptq>Q95(+1m|X9BcLlk{TJjG=^3p`AQ!q{env> zBibZV?vOss@AOh_1|^p5pca`SeY+OG<`{2_NwPyD^lgWa_*zTeP@Bq-7D?~Fm1Kw5cs^w$S24CE zTh$D}7FG06)H{jGSsEP5VYXBX=?}(JQc)1g29g8fZRss+kG;m}JVF6&=m=j0}(9B``fX37q(qoG|!8)I#=< zAf&23k(mkVl|djan?-~#U%sdlj0uD^H!(yCLUvEKV{T@um)nhm6dn~r$RaJ9?JzCm z;SfOqf}rywNJB_d9T(G5jkHj<;Sd$TL7TJ1AQ=cbU1va-HTw?eM;GyA6bLzJWzEb~ zR~LL`a+$FhA`2mhhwK>v$#oM?MTL+{7QM%oNDd4s!e@9EnAjgUj(pYDpB>O#|j^>H=D2aSR z^nI=8$7bdhRY1>!Cx)#oE7F zhDYjRkSc_<))_D}xEM%kB&f_xJee8_i+XFOXtEI$Rt{3AjxEG@A^Qd)W033hg9|aj z53W?SmXML~-*Sjt2%IS`f15*hLId${Y!K-YaHi>~LmC zBbn(75`(l6#|R|i_$&I-%)}rjgq*TOv19igQ0^edIuIhL&%-oTbdPksJ`h31B8V=U z%+f%-pfFO8msrg>2su!nh|Pt3CyZFCCNV@0&lySv9;L+LkeqHYWITlA9;YbD2C467 z0+Bila_xv1G66zLkAafxJoN*Jp5a=y@Wp=Xqq=0tRideXhrw#TSdRg=MAVUpx)O1mMAVar<0aw*iKs6T z4R8^}k-~zI^C+@WrT;cVdIr3*cvm;n!ybCYSTS9xHFqW$jQ3D0o5Ro>?SFINl--i zn;gg{{BsWcT^9VC|HCq6M3cTgss{*{R%hG_mbqyJ+~ z{07XFh$i3mn*LYzenrk zGBP1DB$|Wi9Ht@+S1$&x617RX-GCFzi%$|cC6Y0pfEN*oW=S080W3*^xY#+dJWl-F z_}~~0gszB>M+0y;Coxha@Zww|d17t2EMkZk=M}L+EF$;{pyKBdYNR*qId* z2{K~`MIv7LagiirjEho0k)jY8qP;*K^~hka6j8`{i?k;WkfD(9pM>uMXh5N$W$neU z^!QI%3RMK6*=g;RLzVvvh)2odqvSl*L@@c0u>5af=!?q0Y#2q67k^7Jc9KD6K6cx~ zgfQ$*_X8TX0D-0OPw@~1@el=y3_fJh-wvUn4NLqF8;dk3;wDO3<%e2_)GLuilgUed zp>Jix5>CSCp}{zZDyUsVvK-Do9rqO9gXwsOGGm@{Ara1lWCm5#<%ltk@fo7EOUgj8iURb`K5({biTug z)CdroR+plKs~?9uOT?U|iJUZ};j@dn)fwR~*z{_kCTS!{h{SDsk5i$CdU0aM5xW<20O-qUB@k5}fs||*G z*+tDR-0DA7gj8X(OaDPePHS3te};DXz)8h>>G|D$f5kL&y=GRNZ!pZF?=KnnoOIU(7xF9d0w)5ER) zixN#MP(Ch`p8ujIE<*$JvHf=XRgKW?dG8+h?h8NZvnnP0WlbE};wKm6t)-AWiMIFQ zvu#L^-v`w!jW9Kv-=A%hw?IxJqpc^}{W$k*dOq^BUcQjBtfjW!gi+U8GH^0-TXQor zFhw`-_(nmak)yq4eDy1G(fM(o=M*9Kyrx%86Kl-f+wJ$!e>9qO_j}xJFRdxLx8IMY z?@tMTSZ*U??+?svY#dHM@?S;B5r=1}Vz7gOQF6O*CcP*n;^87|)phK` zrrLM=YB2_<(;N{&#(z~T!&L1ews&Z+QE4@qg!4Jx{9!p-b9pn`1&=_FZodyc>&QiA z&4@jEQEL9nnuv+k<3l>q^IkL_ptd)=ylc>}3HP^bozuhX(6$%y_8lh*?a1h1@r-V#DMoA*vqn z`UXBASHdyxo0Bu0LlF6RaCXd4`lF@xO`tDTc*iA>zJGf@mYuEQ>_p*nwYz+p*MX+G zl@EMTprJ^_0;Z1F`jjZV?1EMZOXxS%zY&FPwSTCtrwXs7cNy8*YhvuSB0kG!Shiwo ztVNqP=vF%#hjK4`F!w@{UMvvth{Pu-5|@?eTPLt0)1HLl2va$O5_9+csLVE$>v)wJ zVhIV3#CDNjYk&2_y$wT5k$c`7l_P7g3exP7I^g&=DbZ&gH5^Nq=EPb7VnT@5u?}eT z>(uy6FWM*H5V<$Ajr_RFKo1py%xMqHR~u%~w%Zo(NDD{FWGNg!2}^}-^5)Gh1Jy$@ zm4zZR4;Oxrdg%92@g8bkG}ULl?$sW@E}A1th!PmD8s$^S78nPp?34^N;DLvYi`?tX z`N;(>g}gcDu@Fl*oS)QuynbQ|Q25Q+OGEKE@yBo!(seh@+W-O zW2^dMaAp2bT}2gQ8G!kR!LjA_7bPdEs+O%-E$sJVh{|j7xZlsaKS10>h)YFo_&c3i zlm#ZJSlVldO1Tg-I19@~lqOjAiEBDq*}BUpvKtSP_a8gosM6}%!yQ()#hHZ#7@nfe zVYF*{k(pSba}*_5dfT%C%rcAsXtW;ByGji&lW$O6x2KK#FdW-sW>j```+bUDMB5Zy zJ~1^9W7rYfW5f&k#7`7kbts`kUay-|h$7g8A*#qI)=^y)72L}%4cIbm&+8WjeQ)EL zVZTI0BpfZ&PpMvNcumGa7ki_kue&l+wEN`0cH2{ucPe@@il`1#42?TOwz!^-;xn_0 zAzA*S>*)_vO?VG{@g$?!9&AAPoq1Raqq2*(4{CV5&04kG$04^$%-3mzU++@O_*5X? zKo26G#T77Z@5|LcAcpEtjlI`~*nRS>LJyC0wD5*|a|^r6ZG2XtEbv1Nm4%})%9-3Ci?^E^E-%XpT%0HK`GW$aw3C*h2ngG!0paRlw`DT{K(g ztNp{9(z`^bBktfC=FPt2X_*0-8WbOywperv<<0LTxzYEdU35hGM+>c%^X7psHW{{g zw4%DR2pw>CNuj{Qk`vGKD%)oFSE3?1oj&Si`NY9|6pBv($Zjt!%k!vAcW8^6TCpZn zm_1`*LovQ^3X|RM4Hc4Jhgf#ewc183FY%)g zN(4N5L`Mm{;JM#JY3%nv6dXxDtFU7DC%&!VeGy0%I-2Em;hP$E=s*^_47YHgL(#vs zdK@Zem|t8IIAIedi|^K0C7YGNP6&MWz$-QHr9(LJ8tvMxkD+LC?AX)o*Yy7f)&D=J z{+}OInP3kt;050JTT1JdodCOc@ri?1P!PX81VH)^l6uKEZMLdQaCO7)aNrQfO^U}J zV`A^Jm`|N*VT^rR8Z#%EnVB=gWY@J;NmQ(hnoVR5k> zSP~x>$AgtCqGMrcbZ|lha1wc(_}JiRm?IXPuxF;&n>rA@GB`3i7<)#Wz=;j>j&nv0 zUZL@kTpol5M@QpN(O{P7*^)B;>|(U&*@fuw4bg2U0fGu2BWJ_fXG`}0 diff --git a/web/vulnerability/xss/search.jsp b/web/vulnerability/xss/search.jsp deleted file mode 100644 index d77f4262..00000000 --- a/web/vulnerability/xss/search.jsp +++ /dev/null @@ -1,29 +0,0 @@ -<%-- - Document : search - Created on : 1 Dec, 2014, 2:15:38 PM - Author : breakthesec ---%> - <%@ include file="/header.jsp" %> -

    - -
    - -
    -
    - <% - String searchedName = request.getParameter("keyword"); - if (searchedName != null) - { - //code for searching pages related to the given keyword goes here.. - %> - Search Results for <%=searchedName%> -
    ... -
    ... - <% - //Show result pages - - } - %> - <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/web/vulnerability/xss/xss4.jsp b/web/vulnerability/xss/xss4.jsp deleted file mode 100644 index 16d050dc..00000000 --- a/web/vulnerability/xss/xss4.jsp +++ /dev/null @@ -1,24 +0,0 @@ -<%@ include file="/header.jsp" %> - <% String keyword = request.getParameter("keyword"); %> -

    [incomplete]

    - Please enter only words and search:

    -
    - > -

    -
    -
    - <% - - if (keyword != null) - { - %> - Search Results for <%=keyword%> - <% - } - %> -
    -
    -
    -
    - - <%@ include file="/footer.jsp" %> \ No newline at end of file From 14643058b3ef8aab78d65bc896ad51f3f55a61c9 Mon Sep 17 00:00:00 2001 From: breakthesec Date: Sun, 25 Jan 2015 14:01:20 +0530 Subject: [PATCH 02/19] Maven Project --- pom.xml | 47 ++++ .../cspf/jvl/controller/AddPage.java | 116 +++++++++ .../cspf/jvl/controller/EmailCheck.java | 108 +++++++++ .../cspf/jvl/controller/ForwardMe.java | 92 +++++++ .../cspf/jvl/controller/Install.java | 226 ++++++++++++++++++ .../cspf/jvl/controller/LoginValidator.java | 122 ++++++++++ .../cspf/jvl/controller/Logout.java | 87 +++++++ .../cysecurity/cspf/jvl/controller/Open.java | 91 +++++++ .../cspf/jvl/controller/Register.java | 123 ++++++++++ .../cspf/jvl/controller/SendMessage.java | 112 +++++++++ .../cspf/jvl/controller/UsernameCheck.java | 108 +++++++++ .../cspf/jvl/controller/XPathQuery.java | 115 +++++++++ .../cysecurity/cspf/jvl/controller/xxe.java | 106 ++++++++ .../cysecurity/cspf/jvl/model/DBConnect.java | 43 ++++ .../org/cysecurity/cspf/jvl/model/HashMe.java | 31 +++ .../cspf/jvl/model/orm/Users.hbm.xml | 23 ++ .../cysecurity/cspf/jvl/model/orm/Users.java | 36 +++ src/main/webapp/ForgotPassword.jsp | 54 +++++ src/main/webapp/META-INF/context.xml | 2 + src/main/webapp/Register.jsp | 51 ++++ src/main/webapp/WEB-INF/AdminPanel.jsp | 7 + src/main/webapp/WEB-INF/config.properties | 10 + src/main/webapp/WEB-INF/users.xml | 36 +++ src/main/webapp/WEB-INF/web.xml | 105 ++++++++ src/main/webapp/admin/AddPage.jsp | 21 ++ src/main/webapp/admin/Configure.jsp | 33 +++ src/main/webapp/admin/admin.jsp | 9 + src/main/webapp/admin/adminlogin.jsp | 62 +++++ src/main/webapp/admin/index.jsp | 12 + src/main/webapp/admin/manageusers.jsp | 31 +++ src/main/webapp/changeCardDetails.jsp | 70 ++++++ src/main/webapp/docs/doc1.pdf | Bin 0 -> 11027 bytes src/main/webapp/docs/exampledoc.pdf | Bin 0 -> 16531 bytes src/main/webapp/footer.jsp | 12 + src/main/webapp/header.jsp | 171 +++++++++++++ src/main/webapp/images/Thumbs.db | Bin 0 -> 4608 bytes src/main/webapp/images/bg.png | Bin 0 -> 102 bytes src/main/webapp/index.jsp | 10 + src/main/webapp/install.jsp | 28 +++ src/main/webapp/jquery.min.js | 4 + src/main/webapp/login.jsp | 31 +++ src/main/webapp/myprofile.jsp | 65 +++++ src/main/webapp/robots.txt | 9 + src/main/webapp/style.css | 224 +++++++++++++++++ .../webapp/vulnerability/DisplayMessage.jsp | 46 ++++ src/main/webapp/vulnerability/Injection/1.xsl | 41 ++++ src/main/webapp/vulnerability/Injection/2.xsl | 35 +++ .../vulnerability/Injection/Users.hbm.xml | 23 ++ .../vulnerability/Injection/courses.xml | 19 ++ .../webapp/vulnerability/Injection/orm.jsp | 60 +++++ .../vulnerability/Injection/xpath_login.jsp | 14 ++ .../webapp/vulnerability/Injection/xslt.jsp | 17 ++ .../webapp/vulnerability/Injection/xxe.jsp | 26 ++ src/main/webapp/vulnerability/Messages.jsp | 33 +++ src/main/webapp/vulnerability/SendMessage.jsp | 34 +++ src/main/webapp/vulnerability/UserDetails.jsp | 34 +++ .../webapp/vulnerability/baasm/SiteTitle.jsp | 45 ++++ .../vulnerability/baasm/URLRewriting.jsp | 9 + .../webapp/vulnerability/csrf/change-info.jsp | 48 ++++ .../vulnerability/csrf/changepassword.jsp | 62 +++++ src/main/webapp/vulnerability/forum.jsp | 82 +++++++ .../webapp/vulnerability/forumUsersList.jsp | 28 +++ src/main/webapp/vulnerability/forumposts.jsp | 30 +++ .../vulnerability/idor/change-email.jsp | 49 ++++ .../webapp/vulnerability/idor/download.jsp | 45 ++++ .../vulnerability/mfac/SearchEngines.jsp | 4 + src/main/webapp/vulnerability/sde/hash.jsp | 6 + .../vulnerability/securitymisconfig/pages.jsp | 39 +++ .../webapp/vulnerability/sqli/download.jsp | 8 + .../webapp/vulnerability/sqli/download_id.jsp | 65 +++++ .../vulnerability/sqli/download_id_union.jsp | 65 +++++ src/main/webapp/vulnerability/sqli/union2.jsp | 9 + .../vulnerability/unvalidated/OpenForward.jsp | 7 + .../vulnerability/unvalidated/OpenURL.jsp | 4 + .../webapp/vulnerability/xss/flash/exss.jsp | 10 + .../webapp/vulnerability/xss/flash/xss1.swf | Bin 0 -> 59563 bytes .../webapp/vulnerability/xss/flash/xss2.swf | Bin 0 -> 9416 bytes src/main/webapp/vulnerability/xss/search.jsp | 29 +++ src/main/webapp/vulnerability/xss/xss4.jsp | 24 ++ 79 files changed, 3693 insertions(+) create mode 100644 pom.xml create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/Install.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/Logout.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/Open.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/Register.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/model/HashMe.java create mode 100644 src/main/java/org/cysecurity/cspf/jvl/model/orm/Users.hbm.xml create mode 100644 src/main/java/org/cysecurity/cspf/jvl/model/orm/Users.java create mode 100644 src/main/webapp/ForgotPassword.jsp create mode 100644 src/main/webapp/META-INF/context.xml create mode 100644 src/main/webapp/Register.jsp create mode 100644 src/main/webapp/WEB-INF/AdminPanel.jsp create mode 100644 src/main/webapp/WEB-INF/config.properties create mode 100644 src/main/webapp/WEB-INF/users.xml create mode 100644 src/main/webapp/WEB-INF/web.xml create mode 100644 src/main/webapp/admin/AddPage.jsp create mode 100644 src/main/webapp/admin/Configure.jsp create mode 100644 src/main/webapp/admin/admin.jsp create mode 100644 src/main/webapp/admin/adminlogin.jsp create mode 100644 src/main/webapp/admin/index.jsp create mode 100644 src/main/webapp/admin/manageusers.jsp create mode 100644 src/main/webapp/changeCardDetails.jsp create mode 100644 src/main/webapp/docs/doc1.pdf create mode 100644 src/main/webapp/docs/exampledoc.pdf create mode 100644 src/main/webapp/footer.jsp create mode 100644 src/main/webapp/header.jsp create mode 100644 src/main/webapp/images/Thumbs.db create mode 100644 src/main/webapp/images/bg.png create mode 100644 src/main/webapp/index.jsp create mode 100644 src/main/webapp/install.jsp create mode 100644 src/main/webapp/jquery.min.js create mode 100644 src/main/webapp/login.jsp create mode 100644 src/main/webapp/myprofile.jsp create mode 100644 src/main/webapp/robots.txt create mode 100644 src/main/webapp/style.css create mode 100644 src/main/webapp/vulnerability/DisplayMessage.jsp create mode 100644 src/main/webapp/vulnerability/Injection/1.xsl create mode 100644 src/main/webapp/vulnerability/Injection/2.xsl create mode 100644 src/main/webapp/vulnerability/Injection/Users.hbm.xml create mode 100644 src/main/webapp/vulnerability/Injection/courses.xml create mode 100644 src/main/webapp/vulnerability/Injection/orm.jsp create mode 100644 src/main/webapp/vulnerability/Injection/xpath_login.jsp create mode 100644 src/main/webapp/vulnerability/Injection/xslt.jsp create mode 100644 src/main/webapp/vulnerability/Injection/xxe.jsp create mode 100644 src/main/webapp/vulnerability/Messages.jsp create mode 100644 src/main/webapp/vulnerability/SendMessage.jsp create mode 100644 src/main/webapp/vulnerability/UserDetails.jsp create mode 100644 src/main/webapp/vulnerability/baasm/SiteTitle.jsp create mode 100644 src/main/webapp/vulnerability/baasm/URLRewriting.jsp create mode 100644 src/main/webapp/vulnerability/csrf/change-info.jsp create mode 100644 src/main/webapp/vulnerability/csrf/changepassword.jsp create mode 100644 src/main/webapp/vulnerability/forum.jsp create mode 100644 src/main/webapp/vulnerability/forumUsersList.jsp create mode 100644 src/main/webapp/vulnerability/forumposts.jsp create mode 100644 src/main/webapp/vulnerability/idor/change-email.jsp create mode 100644 src/main/webapp/vulnerability/idor/download.jsp create mode 100644 src/main/webapp/vulnerability/mfac/SearchEngines.jsp create mode 100644 src/main/webapp/vulnerability/sde/hash.jsp create mode 100644 src/main/webapp/vulnerability/securitymisconfig/pages.jsp create mode 100644 src/main/webapp/vulnerability/sqli/download.jsp create mode 100644 src/main/webapp/vulnerability/sqli/download_id.jsp create mode 100644 src/main/webapp/vulnerability/sqli/download_id_union.jsp create mode 100644 src/main/webapp/vulnerability/sqli/union2.jsp create mode 100644 src/main/webapp/vulnerability/unvalidated/OpenForward.jsp create mode 100644 src/main/webapp/vulnerability/unvalidated/OpenURL.jsp create mode 100644 src/main/webapp/vulnerability/xss/flash/exss.jsp create mode 100644 src/main/webapp/vulnerability/xss/flash/xss1.swf create mode 100644 src/main/webapp/vulnerability/xss/flash/xss2.swf create mode 100644 src/main/webapp/vulnerability/xss/search.jsp create mode 100644 src/main/webapp/vulnerability/xss/xss4.jsp diff --git a/pom.xml b/pom.xml new file mode 100644 index 00000000..e90d5213 --- /dev/null +++ b/pom.xml @@ -0,0 +1,47 @@ + + 4.0.0 + org.cysecurity + JavaVulnerableLab + war + 0.0.1-SNAPSHOT + JavaVulnerableLab Maven Webapp + http://maven.apache.org + + + junit + junit + 3.8.1 + test + + + mysql + mysql-connector-java + 5.1.26 + + + org.json + json + 20090211 + + + javax.servlet + jstl + 1.2 + + + org.hibernate + hibernate-core + 4.0.1.Final + + + javax.servlet + servlet-api + 2.3 + provided + + + + JavaVulnerableLab + + diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java b/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java new file mode 100644 index 00000000..343701b3 --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java @@ -0,0 +1,116 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; +import java.io.PrintWriter; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * + * @author breakthesec + */ +public class AddPage extends HttpServlet { + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = response.getWriter(); + try { + String fileName=request.getParameter("filename"); + String content=request.getParameter("content"); + if(fileName!=null && content!=null) + { + String pagesDir=getServletContext().getRealPath("/pages"); + String filePath=pagesDir+"/"+fileName; + File f=new File(filePath); + if(f.exists()) + { + f.delete(); + } + if(f.createNewFile()) + { + BufferedWriter bw=new BufferedWriter(new FileWriter(f.getAbsoluteFile())); + bw.write(content); + bw.close(); + out.print("Successfully created the file: "+fileName+""); + } + else + { + out.print("Failed to create the file"); + } + } + else + { + out.print("filename or content Parameter is missing"); + } + + } + catch(Exception e) + { + out.print(e); + } + finally { + out.close(); + } + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java b/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java new file mode 100644 index 00000000..c5edb24d --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java @@ -0,0 +1,108 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.IOException; +import java.io.PrintWriter; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.Statement; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.cysecurity.cspf.jvl.model.DBConnect; +import org.json.JSONObject; + +/** + * + * @author breakthesec + */ +public class EmailCheck extends HttpServlet { + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("application/json"); + PrintWriter out = response.getWriter(); + try { + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + String email=request.getParameter("email").trim(); + JSONObject json=new JSONObject(); + if(con!=null && !con.isClosed()) + { + ResultSet rs=null; + Statement stmt = con.createStatement(); + rs=stmt.executeQuery("select * from users where email='"+email+"'"); + if (rs.next()) + { + json.put("available", "1"); + } + else + { + json.put("available", new Integer(0)); + } + } + out.print(json); + } + catch(Exception e) + { + out.print(e); + } + finally { + out.close(); + } + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java b/src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java new file mode 100644 index 00000000..72ee696c --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java @@ -0,0 +1,92 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.IOException; +import java.io.PrintWriter; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * + * @author breakthesec + */ +public class ForwardMe extends HttpServlet { + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = response.getWriter(); + try { + if(request.getParameter("location")!=null) + { + String location=request.getParameter("location"); + //Forwarding + RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(location); + dispatcher.forward(request,response); + } + else + { + out.print("Location Parameter is missing"); + } + } finally { + out.close(); + } + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java b/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java new file mode 100644 index 00000000..4d84a8ae --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java @@ -0,0 +1,226 @@ + package org.cysecurity.cspf.jvl.controller; + +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.PrintWriter; +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.Properties; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.cysecurity.cspf.jvl.model.HashMe; + +/** + * + * @author breakthesec + */ +public class Install extends HttpServlet { + + static String dburl; + static String jdbcdriver; + static String dbuser; + static String dbpass; + static String dbname; + static String siteTitle; + static String adminuser; + static String adminpass; + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + String configPath=getServletContext().getRealPath("/WEB-INF/config.properties"); + + //Getting Database Configuration from User Input + dburl = request.getParameter("dburl"); + jdbcdriver = request.getParameter("jdbcdriver"); + dbuser = request.getParameter("dbuser"); + dbpass = request.getParameter("dbpass"); + dbname = request.getParameter("dbname"); + siteTitle= request.getParameter("siteTitle"); + adminuser= request.getParameter("adminuser"); + adminpass= HashMe.hashMe(request.getParameter("adminpass")); + + //Moifying Configuration Properties: + Properties config=new Properties(); + config.load(new FileInputStream(configPath)); + config.setProperty("dburl",dburl); + config.setProperty("jdbcdriver",jdbcdriver); + config.setProperty("dbuser",dbuser); + config.setProperty("dbpass",dbpass); + config.setProperty("dbname",dbname); + config.setProperty("siteTitle",siteTitle); + FileOutputStream fileout = new FileOutputStream(configPath); + config.store(fileout, null); + fileout.close(); + + String i=request.getParameter("setup"); + response.setContentType("text/html;charset=UTF-8"); + try { + PrintWriter out = response.getWriter(); + /* TODO output your page here. You may use following sample code. */ + out.println(""); + out.println(""); + out.println(""); + out.println("Servlet install"); + out.println(""); + out.println(""); + if(setup(i)) + { + out.print("successfully installed"); + } + else + { + out.print("Something went wrong. Unable to install"); + } + out.println(""); + out.println(""); + } + catch(Exception e) + { + + } + } + protected boolean setup(String i) throws IOException + { + + if(i.equals("1")) + { + + try + { + Class.forName(jdbcdriver); + Connection con= DriverManager.getConnection(dburl,dbuser,dbpass); + if(con!=null && !con.isClosed()) + { + //Database creation + Statement stmt = con.createStatement(); + stmt.executeUpdate("DROP DATABASE IF EXISTS "+dbname); + + stmt.executeUpdate("CREATE DATABASE "+dbname); + con.close(); + con= DriverManager.getConnection(dburl+dbname,dbuser,dbpass); + stmt = con.createStatement(); + if(!con.isClosed()) + { + //User Table creation + stmt.executeUpdate("Create table users(ID int NOT NULL AUTO_INCREMENT, username varchar(30),email varchar(60), password varchar(60), about varchar(50),privilege varchar(20),avatar TEXT,secretquestion int,secret varchar(30),primary key (id))"); + stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('"+adminuser+"','"+adminpass+"','admin@localhost','I am the admin of this application','default.jpg','admin',1,'rocky')"); + stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('victim','victim','victim@localhost','I am the victim of this application','default.jpg','user',1,'max')"); + stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('attacker','attacker','attacker@localhost','I am the attacker of this application','default.jpg','user',1,'bella')"); + stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('NEO','trinity','neo@matrix','I am the NEO','default.jpg','user',1,'sentinel')"); + stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('trinity','NEO','trinity@matrix','it is Trinity','default.jpg','user',1,'sentinel')"); + stmt.executeUpdate("INSERT into users(username, password, email,About,avatar, privilege,secretquestion,secret) values ('Anderson','java','anderson@1999','I am computer programmer','default.jpg','user',1,'C++')"); + + //Posts table creation + stmt.executeUpdate("create table posts(postid int NOT NULL AUTO_INCREMENT, content TEXT,title varchar(100), user varchar(30), primary key (postid))"); + stmt.executeUpdate("INSERT into posts(content,title, user) values ('Feel free to ask any questions about Java Vulnerable Lab','First Post', 'admin')"); + stmt.executeUpdate("INSERT into posts(content,title, user) values ('Hello Guys, this is victim','Second Post', 'victim')"); + stmt.executeUpdate("INSERT into posts(content,title, user) values ('Hello This is attacker','Third Post', 'attacker')"); + stmt.executeUpdate("INSERT into posts(content,title, user) values ('Trinity! Help!','Help','neo')"); + + + stmt.executeUpdate("create table tdata(id int, page varchar(30))"); + stmt.executeUpdate("Insert into tdata values(1,'ext1.html')"); + stmt.executeUpdate("Insert into tdata values(2,'ext2.html')"); + + //Messages Table Creation + stmt.executeUpdate("Create table Messages(msgid int NOT NULL AUTO_INCREMENT,name varchar(30),email varchar(60), msg varchar(500),primary key (msgid))"); + stmt.executeUpdate("INSERT into Messages(name,email, msg) values ('TestUser','Test@localhost', 'Hi admin, how are you')"); + + //User Messages Table Creation recipient, sender, email, msg + stmt.executeUpdate("Create table UserMessages(msgid int NOT NULL AUTO_INCREMENT,recipient varchar(30),sender varchar(30),subject varchar(60), msg varchar(500),primary key (msgid))"); + stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('attacker','admin','Hi','Hi
    This is admin of this page.
    Welcome to Our Forum')"); + stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('victim','admin','Hi','Hi
    This is admin of this page.
    Welcome to Our Forum')"); + + + //Credit Card Table Creation + stmt.executeUpdate("Create table cards(id int,cardno varchar(80), cvv varchar(6),expirydate varchar(15))"); + stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('1','4000123456789010','123','12/2014')"); + stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('2','4111111111111111 ','321','7/2015')"); + stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('3','5111111111111118','111','1/2017')"); + + //Files List Table Creation + stmt.executeUpdate("Create table FilesList(fileid int NOT NULL AUTO_INCREMENT,path text,primary key (fileid))"); + stmt.executeUpdate("INSERT into FilesList(path) values ('/docs/doc1.pdf')"); + stmt.executeUpdate("INSERT into FilesList(path) values ('/docs/exampledoc.pdf')"); + + return true; + } + return false; + } + } + catch(SQLException ex) + { + System.out.println("SQLException: " + ex.getMessage()); + System.out.println("SQLState: " + ex.getSQLState()); + System.out.println("VendorError: " + ex.getErrorCode()); + } + catch(ClassNotFoundException ex) + { + System.out.print("JDBC Driver Missing:
    "+ex); + } + + } + return false; + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} \ No newline at end of file diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java new file mode 100644 index 00000000..2331d13d --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java @@ -0,0 +1,122 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.IOException; +import java.io.PrintWriter; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.Statement; +import javax.servlet.ServletException; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import org.cysecurity.cspf.jvl.model.DBConnect; + + + +/** + * + * @author breakthesec + */ +public class LoginValidator extends HttpServlet { + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + + String user=request.getParameter("username").trim(); + String pass=request.getParameter("password").trim(); + try + { + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + if(con!=null && !con.isClosed()) + { + ResultSet rs=null; + Statement stmt = con.createStatement(); + rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'"); + if(rs != null && rs.next()){ + HttpSession session=request.getSession(); + session.setAttribute("isLoggedIn", "1"); + session.setAttribute("userid", rs.getString("id")); + session.setAttribute("user", rs.getString("username")); + session.setAttribute("avatar", rs.getString("avatar")); + Cookie privilege=new Cookie("privilege","user"); + response.addCookie(privilege); + if(request.getParameter("RememberMe")!=null) + { + Cookie username=new Cookie("username",user); + Cookie password=new Cookie("password",pass); + response.addCookie(username); + response.addCookie(password); + } + response.sendRedirect(response.encodeURL("ForwardMe?location=/index.jsp")); + } + else + { + response.sendRedirect("ForwardMe?location=/login.jsp&err=Invalid Username or Password"); + } + + } + } + catch(Exception ex) + { + response.sendRedirect("login.jsp?err=something went wrong"); + } + + } + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/Logout.java b/src/main/java/org/cysecurity/cspf/jvl/controller/Logout.java new file mode 100644 index 00000000..986de9b3 --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/Logout.java @@ -0,0 +1,87 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.IOException; +import java.io.PrintWriter; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +/** + * + * @author breakthesec + */ +public class Logout extends HttpServlet { + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html;charset=UTF-8"); + try { + PrintWriter out = response.getWriter(); + /* TODO output your page here. You may use following sample code. */ + HttpSession session=request.getSession(); + session.invalidate(); + response.sendRedirect("index.jsp"); + } + catch(Exception e) + { + + } + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/Open.java b/src/main/java/org/cysecurity/cspf/jvl/controller/Open.java new file mode 100644 index 00000000..9cf1a268 --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/Open.java @@ -0,0 +1,91 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.IOException; +import java.io.PrintWriter; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * + * @author breakthesec + */ +public class Open extends HttpServlet { + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html;charset=UTF-8"); + try { + PrintWriter out = response.getWriter(); + String url=request.getParameter("url"); + if(url!=null) + { + response.sendRedirect(url); + } + else + { + out.print("Missing url parameter"); + } + } + catch(Exception e) + { + + } + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java b/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java new file mode 100644 index 00000000..afa2f835 --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/Register.java @@ -0,0 +1,123 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.IOException; +import java.io.PrintWriter; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import org.cysecurity.cspf.jvl.model.DBConnect; + +/** + * + * @author breakthesec + */ +public class Register extends HttpServlet { + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html;charset=UTF-8"); + try { + PrintWriter out = response.getWriter(); + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + String user=request.getParameter("username"); + String pass=request.getParameter("password"); + String email=request.getParameter("email"); + String about=request.getParameter("About"); + String secret=request.getParameter("secret"); + if(secret==null || secret.equals("")) + { + secret="nosecret"; + } + try + { + if(con!=null && !con.isClosed()) + { + + Statement stmt = con.createStatement(); + stmt.executeUpdate("INSERT into users(username, password, email, About,avatar,privilege,secretquestion,secret) values ('"+user+"','"+pass+"','"+email+"','"+about+"','default.jpg','user',1,'"+secret+"')"); + stmt.executeUpdate("INSERT into UserMessages(recipient, sender, subject, msg) values ('"+user+"','admin','Hi','Hi
    This is admin of this page.
    Welcome to Our Forum')"); + + response.sendRedirect("index.jsp"); + + } + else + { + response.sendRedirect("Register.jsp"); + } + } + catch(SQLException ex) + { + System.out.println("SQLException: " + ex.getMessage()); + System.out.println("SQLState: " + ex.getSQLState()); + System.out.println("VendorError: " + ex.getErrorCode()); + + } + + } + catch(Exception e) + { + + } + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java b/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java new file mode 100644 index 00000000..73fa79aa --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/SendMessage.java @@ -0,0 +1,112 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.IOException; +import java.io.PrintWriter; +import java.sql.Connection; +import java.sql.PreparedStatement; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.cysecurity.cspf.jvl.model.DBConnect; + +/** + * + * @author breakthesec + */ +public class SendMessage extends HttpServlet { + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html;charset=UTF-8"); + + try + { + PrintWriter out = response.getWriter(); + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + String recipient=request.getParameter("recipient"); + String subject=request.getParameter("subject"); + String msg=request.getParameter("msg"); + String sender=request.getParameter("sender"); + if(con!=null && !con.isClosed() && request.getParameter("send")!=null) + { + //PreparedStatement to Prevent SQL Injection attack: + PreparedStatement pstmt=con.prepareStatement("INSERT into UserMessages(recipient, sender, subject, msg) values (?,?,?,?)"); + pstmt.setString(1, recipient); + pstmt.setString(2, sender); + pstmt.setString(3, subject); + pstmt.setString(4, msg); + pstmt.executeUpdate(); + response.sendRedirect(request.getContextPath()+"/vulnerability/SendMessage.jsp?status=* Message successfully sent *"); + + } + else + { + response.sendRedirect(request.getContextPath()+"/vulnerability/SendMessage.jsp?status=* Something Went Wrong"); + + } + } + catch(Exception ex) + { + response.sendRedirect(request.getContextPath()+"/vulnerability/SendMessage.jsp?status=* Something Went Wrong
    "+ex); + + } + + + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java b/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java new file mode 100644 index 00000000..f24eccdc --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/UsernameCheck.java @@ -0,0 +1,108 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.IOException; +import java.io.PrintWriter; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.Statement; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.cysecurity.cspf.jvl.model.DBConnect; +import org.json.JSONObject; + +/** + * + * @author breakthesec + */ +public class UsernameCheck extends HttpServlet { + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("application/json"); + PrintWriter out = response.getWriter(); + try { + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + String user=request.getParameter("username").trim(); + JSONObject json=new JSONObject(); + if(con!=null && !con.isClosed()) + { + ResultSet rs=null; + Statement stmt = con.createStatement(); + rs=stmt.executeQuery("select * from users where username='"+user+"'"); + if (rs.next()) + { + json.put("available", "1"); + } + else + { + json.put("available", new Integer(0)); + } + } + out.print(json); + } + catch(Exception e) + { + out.print(e); + } + finally { + out.close(); + } + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java b/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java new file mode 100644 index 00000000..a50856a3 --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/XPathQuery.java @@ -0,0 +1,115 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.IOException; +import java.io.PrintWriter; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.xpath.XPath; +import javax.xml.xpath.XPathFactory; + +import org.w3c.dom.Document; +/** + * + * @author breakthesec + */ +public class XPathQuery extends HttpServlet { + + + + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = response.getWriter(); + try { + String user=request.getParameter("username"); + String pass=request.getParameter("password"); + + //XML Source: + String XML_SOURCE=getServletContext().getRealPath("/WEB-INF/users.xml"); + + //Parsing XML: + DocumentBuilderFactory factory=DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + DocumentBuilder builder=factory.newDocumentBuilder(); + Document xDoc=builder.parse(XML_SOURCE); + + XPath xPath=XPathFactory.newInstance().newXPath(); + + //XPath Query: + String xPression="/users/user[username='"+user+"' and password='"+pass+"']/name"; + + //running Xpath query: + String name=xPath.compile(xPression).evaluate(xDoc); + out.println(name); + if(name.isEmpty()) + { + response.sendRedirect(response.encodeURL("ForwardMe?location=/vulnerability/Injection/xpath_login.jsp?err=Invalid Credentials")); + } + else + { + HttpSession session=request.getSession(); + session.setAttribute("isLoggedIn", "1"); + session.setAttribute("user", name); + response.sendRedirect(response.encodeURL("ForwardMe?location=/index.jsp")); + } + } + catch(Exception e) + { + out.print(e); + } + finally { + out.close(); + } + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java b/src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java new file mode 100644 index 00000000..f8718662 --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/xxe.java @@ -0,0 +1,106 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.controller; + +import java.io.IOException; +import java.io.InputStream; +import java.io.PrintWriter; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; + +/** + * + * @author breakthesec + */ +public class xxe extends HttpServlet { + + /** + * Processes requests for both HTTP GET and POST + * methods. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = response.getWriter(); + try + { + InputStream xml=request.getInputStream(); + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + DocumentBuilder builder = factory.newDocumentBuilder(); + InputSource is = new InputSource(xml); + Document doc = builder.parse(is); + Element element = doc.getDocumentElement(); + NodeList nodes = element.getChildNodes(); + out.print("
    Result:
    "); + out.print("---------------------
    "); + for (int i = 0; i < nodes.getLength(); i++) { + out.print(nodes.item(i).getNodeName()+" : " + nodes.item(i).getFirstChild().getNodeValue().toString()); + out.print("
    "); + } + } + catch(Exception ex) + { + out.print(ex); + } + finally { + out.close(); + } + } + + // + /** + * Handles the HTTP GET method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// + +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java b/src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java new file mode 100644 index 00000000..77d1485c --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/model/DBConnect.java @@ -0,0 +1,43 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.model; + + +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.SQLException; +import java.util.Properties; + +/** + * + * @author breakthesec + */ +public class DBConnect { + public Connection connect(String path) throws IOException,ClassNotFoundException,SQLException + { + Properties properties=new Properties(); + properties.load(new FileInputStream(path)); + String dbuser=properties.getProperty("dbuser"); + String dbpass = properties.getProperty("dbpass"); + String dbfullurl = properties.getProperty("dburl")+properties.getProperty("dbname"); + String jdbcdriver = properties.getProperty("jdbcdriver"); + Connection con=null; + try + { + Class.forName(jdbcdriver); + con= DriverManager.getConnection(dbfullurl,dbuser,dbpass); + return con; + } + finally + { + + } + } +} \ No newline at end of file diff --git a/src/main/java/org/cysecurity/cspf/jvl/model/HashMe.java b/src/main/java/org/cysecurity/cspf/jvl/model/HashMe.java new file mode 100644 index 00000000..635a180d --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/model/HashMe.java @@ -0,0 +1,31 @@ +package org.cysecurity.cspf.jvl.model; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +/** + * + * @author breakthesec + */ +public class HashMe { + public static String hashMe(String str) + { + StringBuffer sb=null; + try + { + MessageDigest md = MessageDigest.getInstance("MD5"); + md.update(str.getBytes()); + byte byteData[] = md.digest(); + sb= new StringBuffer(); + for (int i = 0; i < byteData.length; i++) + { + sb.append(Integer.toString((byteData[i] & 0xff) + 0x100, 16).substring(1)); + } + } + catch(NoSuchAlgorithmException e) + { + + } + return sb.toString(); + } +} diff --git a/src/main/java/org/cysecurity/cspf/jvl/model/orm/Users.hbm.xml b/src/main/java/org/cysecurity/cspf/jvl/model/orm/Users.hbm.xml new file mode 100644 index 00000000..e8f5b6a2 --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/model/orm/Users.hbm.xml @@ -0,0 +1,23 @@ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/main/java/org/cysecurity/cspf/jvl/model/orm/Users.java b/src/main/java/org/cysecurity/cspf/jvl/model/orm/Users.java new file mode 100644 index 00000000..7c94f644 --- /dev/null +++ b/src/main/java/org/cysecurity/cspf/jvl/model/orm/Users.java @@ -0,0 +1,36 @@ +/* + * To change this license header, choose License Headers in Project Properties. + * To change this template file, choose Tools | Templates + * and open the template in the editor. + */ + +package org.cysecurity.cspf.jvl.model.orm; + +/** + * + * @author breakthesec + */ +public class Users { + Long id; + String username; + String about; + + public Long getId() { + return id; + } + private void setId(Long id) { + this.id = id; + } + public String getUsername() { + return username; + } + public void setUsername(String username) { + this.username = username; + } + public String getAbout() { + return about; + } + public void setAbout(String about) { + this.about = about; + } +} diff --git a/src/main/webapp/ForgotPassword.jsp b/src/main/webapp/ForgotPassword.jsp new file mode 100644 index 00000000..b56f6cba --- /dev/null +++ b/src/main/webapp/ForgotPassword.jsp @@ -0,0 +1,54 @@ + + <%@page import="org.cysecurity.cspf.jvl.model.DBConnect"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.ResultSet"%> +<%@page import="java.sql.Connection"%> +<%@ include file="header.jsp" %> + + +Password Recovery: +
    + + + + +
    Username:
    What's Your Pet's name?:
    +

    + +<% +if(request.getParameter("secret")!=null) + { + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + ResultSet rs=null; + Statement stmt = con.createStatement(); + rs=stmt.executeQuery("select * from users where username='"+request.getParameter("username").trim()+"' and secret='"+request.getParameter("secret")+"'"); + if(rs != null && rs.next()){ + out.print("Hello "+rs.getString("username")+", Your Password is: "+rs.getString("password")); + } + else + { + out.print(" Secret/Email is wrong"); + } + } + +%> + + <%@ include file="footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/META-INF/context.xml b/src/main/webapp/META-INF/context.xml new file mode 100644 index 00000000..6f508867 --- /dev/null +++ b/src/main/webapp/META-INF/context.xml @@ -0,0 +1,2 @@ + + diff --git a/src/main/webapp/Register.jsp b/src/main/webapp/Register.jsp new file mode 100644 index 00000000..2a7c0862 --- /dev/null +++ b/src/main/webapp/Register.jsp @@ -0,0 +1,51 @@ +<%-- + Document : Register + Created on : 2 Dec, 2014, 10:47:44 AM + Author : breakthesec +--%> + <%@ include file="header.jsp" %> + +
    + + + + + + + +
    UserName:
    Email:
    Describer Yourself:
    What's Your Pet's name?:
    Password :
    +
    +<%@ include file="footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/WEB-INF/AdminPanel.jsp b/src/main/webapp/WEB-INF/AdminPanel.jsp new file mode 100644 index 00000000..6dcc5072 --- /dev/null +++ b/src/main/webapp/WEB-INF/AdminPanel.jsp @@ -0,0 +1,7 @@ + <%@ include file="/header.jsp" %> + +This is Admin Panel located in WEB-INF. You can't directly visit this page ;)

    + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/WEB-INF/config.properties b/src/main/webapp/WEB-INF/config.properties new file mode 100644 index 00000000..452aa0b8 --- /dev/null +++ b/src/main/webapp/WEB-INF/config.properties @@ -0,0 +1,10 @@ +# To change this license header, choose License Headers in Project Properties. +# To change this template file, choose Tools | Templates +# and open the template in the editor. + +dbuser=root +dbpass=root +dbname=abc +dburl=jdbc:mysql://localhost:3306/ +jdbcdriver=com.mysql.jdbc.Driver +siteTitle=Java Vulnerable Lab \ No newline at end of file diff --git a/src/main/webapp/WEB-INF/users.xml b/src/main/webapp/WEB-INF/users.xml new file mode 100644 index 00000000..70f21219 --- /dev/null +++ b/src/main/webapp/WEB-INF/users.xml @@ -0,0 +1,36 @@ + + + + + + + NEO + neo + trinity + neo@matrix + I am the NEO + + + Trinity + trinity + neo + trinity@matrix + it is Trinity + + + Oracle + oracle + java + + + Anderson + anderson + java + anderson@1999 + Computer Programmer + + diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 00000000..d26a626c --- /dev/null +++ b/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,105 @@ + + + + + + Install + org.cysecurity.cspf.jvl.controller.Install + + + loginValidator + org.cysecurity.cspf.jvl.controller.LoginValidator + + + Register + org.cysecurity.cspf.jvl.controller.Register + + + Logout + org.cysecurity.cspf.jvl.controller.Logout + + + Open + org.cysecurity.cspf.jvl.controller.Open + + + SendMessage + org.cysecurity.cspf.jvl.controller.SendMessage + + + ForwardMe + org.cysecurity.cspf.jvl.controller.ForwardMe + + + AddPage + org.cysecurity.cspf.jvl.controller.AddPage + + + UsernameCheck + org.cysecurity.cspf.jvl.controller.UsernameCheck + + + EmailCheck + org.cysecurity.cspf.jvl.controller.EmailCheck + + + XPathQuery + org.cysecurity.cspf.jvl.controller.XPathQuery + + + xxe + org.cysecurity.cspf.jvl.controller.xxe + + + + Install + /Install + + + loginValidator + /LoginValidator + + + Register + /AddUser + + + Logout + /Logout + + + Open + /Open + + + SendMessage + /SendMessage.do + + + ForwardMe + /ForwardMe + + + AddPage + /admin/AddPage.do + + + UsernameCheck + /UsernameCheck.do + + + EmailCheck + /EmailCheck.do + + + XPathQuery + /XPathQuery.do + + + xxe + /xxe.do + + + diff --git a/src/main/webapp/admin/AddPage.jsp b/src/main/webapp/admin/AddPage.jsp new file mode 100644 index 00000000..2bcf0443 --- /dev/null +++ b/src/main/webapp/admin/AddPage.jsp @@ -0,0 +1,21 @@ + <%@ include file="/header.jsp" %> + <% + if(session.getAttribute("privilege")!=null && session.getAttribute("privilege").equals("admin")) +{ + %> + +
    + + + + +
    File Name:
    Content :
    +
    + <% + } + else + { + out.print(" x You Are not Authorized to view this Page x "); + } + %> + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/admin/Configure.jsp b/src/main/webapp/admin/Configure.jsp new file mode 100644 index 00000000..d60ca8b0 --- /dev/null +++ b/src/main/webapp/admin/Configure.jsp @@ -0,0 +1,33 @@ + <%@page import="java.io.FileOutputStream"%> +<%@ include file="/header.jsp" %> + <% + if(session.getAttribute("isLoggedIn")!=null) +{ + + %> +
    + + + +
    Website Title:
    +
    + + <% + if(request.getParameter("save")!=null) + { + Properties props=new Properties(); + + props.load(new FileInputStream(configPath)); + props.setProperty("siteTitle",request.getParameter("siteTitle")); + FileOutputStream fileout = new FileOutputStream(configPath); + props.store(fileout, null); + fileout.close(); + out.print(" Configuration saved "); + } + } + else + { + out.print(" x You Are not Authorized to view this Page x "); + } + %> + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/admin/admin.jsp b/src/main/webapp/admin/admin.jsp new file mode 100644 index 00000000..dd364f88 --- /dev/null +++ b/src/main/webapp/admin/admin.jsp @@ -0,0 +1,9 @@ + <%@ include file="/header.jsp" %> + +Welcome to the Admin Panel

    + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/admin/adminlogin.jsp b/src/main/webapp/admin/adminlogin.jsp new file mode 100644 index 00000000..9d5b46f7 --- /dev/null +++ b/src/main/webapp/admin/adminlogin.jsp @@ -0,0 +1,62 @@ + <%@page import="org.cysecurity.cspf.jvl.model.HashMe"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.ResultSet"%> +<%@page import="java.sql.SQLException"%> +<%@page import="org.cysecurity.cspf.jvl.model.DBConnect"%> +<%@page import="java.sql.Connection"%> +<% +if(request.getParameter("Login")!=null) +{ + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + String user=request.getParameter("username"); + String pass=HashMe.hashMe(request.getParameter("password")); //Hashed Password + try + { + if(con!=null && !con.isClosed()) + { + ResultSet rs=null; + Statement stmt = con.createStatement(); + rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"' and privilege='admin'"); + if(rs != null && rs.next()){ + session.setAttribute("isLoggedIn", "1"); + session.setAttribute("userid", rs.getString("id")); + session.setAttribute("user", rs.getString("username")); + session.setAttribute("avatar", rs.getString("avatar")); + session.setAttribute("privilege", rs.getString("privilege")); + + Cookie privilege=new Cookie("privilege","admin"); + privilege.setPath(request.getContextPath()); + response.addCookie(privilege); + + response.sendRedirect("admin.jsp"); + } + else + { + response.sendRedirect("adminlogin.jsp?err=Username/Password is wrong"); + } + + } + } + catch(SQLException ex) + { + response.sendRedirect("adminlogin.jsp?err=Something went wrong"); + + } + catch(Exception e) + { + response.sendRedirect("adminlogin.jsp?err="+e); + } +} +%> +<%@ include file="/header.jsp" %> + Admin Login Page:
    +
    + + + + + +
    UserName:
    Password :
    <% if(request.getParameter("err")!=null){out.print(request.getParameter("err"));} %>
    +
    + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/admin/index.jsp b/src/main/webapp/admin/index.jsp new file mode 100644 index 00000000..2e6fc9bf --- /dev/null +++ b/src/main/webapp/admin/index.jsp @@ -0,0 +1,12 @@ + <%@ include file="/header.jsp" %> + <% + if(session.getAttribute("privilege")!=null && session.getAttribute("privilege").equals("admin")) +{ + response.sendRedirect("admin.jsp"); +} +else + { + response.sendRedirect("adminlogin.jsp"); + } + %> + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/admin/manageusers.jsp b/src/main/webapp/admin/manageusers.jsp new file mode 100644 index 00000000..daac64f2 --- /dev/null +++ b/src/main/webapp/admin/manageusers.jsp @@ -0,0 +1,31 @@ + <%@ include file="/header.jsp" %> + <%@page import="java.sql.Statement"%> +<%@page import="java.sql.ResultSet"%> +<%@page import="java.sql.SQLException"%> +<%@page import="org.cysecurity.cspf.jvl.model.DBConnect"%> +<%@page import="java.sql.Connection"%> + + <% + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + Statement stmt = con.createStatement(); + if(request.getParameter("delete")!=null) + { + String user=request.getParameter("user"); + stmt.executeUpdate("Delete from users where username='"+user+"'"); + } + %> +
    +<% + ResultSet rs=stmt.executeQuery("select * from users where privilege='user'"); + while(rs.next()) + { + out.print(" "+rs.getString("username")+"
    "); + } + %> +
    + + +
    +
    + Back to Admin Panel + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/changeCardDetails.jsp b/src/main/webapp/changeCardDetails.jsp new file mode 100644 index 00000000..ca164c7e --- /dev/null +++ b/src/main/webapp/changeCardDetails.jsp @@ -0,0 +1,70 @@ + <%@ include file="/header.jsp" %> + <%@page import="java.sql.Connection"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.SQLException"%> + +<%@page import="java.sql.ResultSetMetaData"%> +<%@page import="java.sql.ResultSet"%> +<%@ page import="java.util.*,java.io.*"%> +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + + +<% +if(session.getAttribute("isLoggedIn")!=null) +{ + %> + Change Credit Card Info:

    +
    + + + + + +
    Card Number:
    CVV:
    Expiry Date:
    +
    +
    + <% + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + + String id=session.getAttribute("userid").toString(); //Gets User ID + String action=request.getParameter("action"); + try + { + + if(action!=null && action.equalsIgnoreCase("add") ) + { + + String cardno=request.getParameter("cardno"); + String cvv=request.getParameter("cvv"); + String expirydate=request.getParameter("expirydate"); + if(!cardno.equals("") && !cvv.equals("") && !expirydate.equals("")) + { + Statement stmt = con.createStatement(); + stmt.executeUpdate("INSERT into cards(id,cardno, cvv,expirydate) values ('"+id+"','"+cardno+"','"+cvv+"','"+expirydate+"')"); + out.print(" * Card details added *"); + } + else + { + out.print("* Please Fill all the details * "); + } + } + + out.print("

    Return to Profile Page >>"); + + } + catch(Exception e) + { + out.print(e); + } +} +else +{ + out.print("Please login to view this page"); +} + + %> + + + + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/docs/doc1.pdf b/src/main/webapp/docs/doc1.pdf new file mode 100644 index 0000000000000000000000000000000000000000..0e18f85e3d2be568b887385578aa29e0c3b4e3bd GIT binary patch literal 11027 zcma)i1z42Z*8iY{pmYf+42YD(4B*f`ba%%9L&Fe5cZYzK64D(aQUW3%0s=~dba#iO zKK-^_8#uo)0?0^S3IwT8g9T71vEKRV`9_$0|+5zSrtEl zPWiyC*awp9qtgxI)Jk;u$*S*jk_yM?JLC)zr1fl0rN85#`{AYIz9cw-|;*8 zdi2-94C+d$rMr!Sgtd`Hprl$?$(XworIo9{iv+(>SjD7mmnrHS_U>=8wya`CK zgb|N}g;yc8y{m80@z;aZtnf1$tZP?lGQvyx<_L}?N$B@N1)##~TKz8K2#i$mFwwKD zv@`s+>->p^*O8NFgafa2?iA2ciuzFlm{NG?}#x)pgWm> z=YvS%(4atal7QOmhe<)@CXB_HuGxg#!4SuX$Uw7sZeA?*!0#sL(`afSyvzXReViUq zf{@TI0#dbbBv7L3QB|l;9M$q&3<*M&M@jddN{GwcAr;-qRx5r~8n&5Zv97<)grxik zz?G=WR<$BJC-uU50>UnA)q789hf!^!%zH03guJzTpOcq{J*e*UE62M&1iK;1ZOQY5 zIyfSMMT7wag#5WLK!jvpq{QPr=&=cD%i@Ug?^ugY#!=_fG(^e77j@~AU`k4YRTPr$ zf1@D{UCe!*qm={6D^-*LGA{Q!O@<%92c zPb4;rmWenT`(22PI17v|Ct*N}SH51}LyVs2I6|r2F*l$-Oh;A_DyaPEY4cN684G#{ zb09sfJ?#!-2Hgx@6ELw`${gQWP*-7A+<_sBc8;+{HJe3;1)XW1MC;iI6OzS1)uS*% zn_J^Z!{BX7g-(tK)Jf)`gvh8{CbGO;Rj)uJ52>*cHdMo@IU&WT!6)Ha?fl{=#)>ov zYe&SQ#DZ!R(*=_ylbJ?HsWM!>VZ?PrYEyTU7gvI-5Mw~ix}XMO6nJwWO z@f{f+sVi|WnHv_hPO%QLUAEaCRtH7w6AvKOJo4Z&FcoKb z@8cef)yCd%wgECFGVvFfFQ^oVh7(iU?BKC_Lu|op_t_d*vvetRI`r+UH|x%=>=79b zGgiKxVWz}Z>Q=*Mhh^odY-1n3o=h72G?;5BTXXC8b+B~kteY}(AI`L)F>PsW9=i?> z&I|6!>4gmqeg+R#jvipX_=;m@Z;|0HF5t;m?#91*G&<3$yX`ani=4brK283`_dL(9 zhi8YBYcUO*4bBEzh6N4}>Y#N^4r=a(?y=s%7kBY}@iV0pJ41>}EKAqK`Ynw{jp!=y zD#q+APvlOR5$#j`jqTn8;fus8>N_rT+WkBebwAv{_0J+g=a~I#{NrvQH&kePXww0! z0VSfHpI-&~isffxi2V@559$q)Y!#w)lriZ#iEBK>UAw>L9vU(z4JhnW`^<(uNm zcR>x2;yLl}J^$Dsn^#h^(dM_{w-Fd|*S9yex0fxA4PNe8mhbx0EgnXh(b zh@!e=>O0}|;ne@ShI#92zKS?R*BTsJp1mWR!n+NSQtU+Y@uQ5R{a zRDRr7m4=%@A>mCS{(Y0yU;(q~N=6a*&5_@yb=qIBj*vd+;gc!pP6l5_4iTd>k4xFn z#MGh=k!Lps7d^`p?kygdoFGzx=hp^Dm%|lrjEh^wZ-#c^d&u#lD{YDj3!~&us{StX zY+Lp>jVbQLTn&4bd(T8t{MLUxJUZAdidN3@yL%dPcyW8w{PVc@=b@APZ--6^F(4Rq zuGH{!gabJwJ&@AsNYv>QMKOcj4xo;je+u#bP3V6=se(ZNJffDzH{yK(J&<&7{_=!k zb5dzB{}~46sKs3ddI;J14G|kX25tKg-rzyZ$}^G84`%g8DlhE>#_8h%V(y4Zs>{SV zsO$-W^0(B9kCGoDcT!q{v+=3hb3Wd)zTbHq84=c*nqaNC5|{gK&a3#9PR;kD)pWe~ z@?{i?%zEb&N$e(>jARuW|4d`45egC7ZXyHg;SNX_;H{g~Q0`NN zn_I)g5gtH&5Q+i;a{_tzI1Nz)DllghBg(gb@TtLF5U$QQ*pwYX?gd{kEs0Y-$5HyXCs=Ng(VH&gzaZGx)8TggO{_TXCoXZ^!-}Ow^FH zItX|hb~V%p>ibu~RbZB=SpPf7w_5#Gjz}O}f9r|EA#ZK&0@S}XR}FY;!XL?UE9>$P z;s0|ngYw2dikOQV#4}>RJ&QZF|LtY)t^fYgNzBFU)_FYO+geCM7OD39Nvo;fRu(X4t zL~uCNk#Ku0Aei^|{ttiMPI{}7v$Z1<;rw^U-NyPa3vY|W-)ZpwTIdg}%wZ@EQ4^x# zg0c=3m|L|a9Z)snZK`m{nxougjr3%bxmCs06#095-|F#OAB3iZ_3!c${8t+OTgAUC z_Iv98vu3yP@N_}hE$d)`xXnj3xTQ7f$>RxR5nd`Bp=wzcfS<)mKnR5AUyX~43wYajQSFv~dk+SoGKia-`(K1xq9Mx1f7>d5-z)$71CbA<%-?Hv z!@+KcU=RW3ynr&e^N64lU7UrMUYsaWg8bD9+GlDeHSlXN)@*ZZCsdO!K$xqg?%?~T zTBKO;%{vCIyf6m>g9SmhDB7BF{5zjOcZ5MrgMQ=VGW$M>6=S+fI*|@RtcM~!{kmnO zZWvj5K6h>uoiu{iVcJe4UIS$mZ^@bc9l67R{efogS=$Bi6}=JjQ`>%JbN;W6vl99> z>7d*MLxtn*POot#ene2We!p|L95>UG7#tpSQ*qBs?!)5?2a>1aiT8qdyCdUQz|MjM zh*|CSBp3$c`6epPW;h|U4;q&Cx3hvZZ2M1>^cl&qUwW-*{MlREa#H=%Q7bmj) z5c+(s%A=hNx6>&^%Uq*!07$$mgn{5?e$Lt1{7;WhSW-sNE|Vy!AeeXRuPi`TXysR? z2cPVHYSGXA1FlQg9ajU*Oy7~xnlT^gFLtZ!^TcWqA2nuk;9}7{{H5R8E#@C`MBKU% zp>a4%xSl21HS?JAyNs_u)aaeEQ-Uugt?@YvjQ)*#kHj^b?nM^HYnbO>G#punT*5-? zje+waaRE^Dp-nTSNdMG*tkVwRA(*`Jn38l$VWw7q^Sw%CcLl@DflkelfTIP?Ik4a*=(9d zy?SR2ru^w$%l&-~vF$d|fmsv_d#kw9B0Y6KJF+xhXjfPG$6c*$S5%3h2M!)g@3ou8 zeF@acZbCa;UG(ipSLA#RajtGK#u_Dp8aTM{5$Fj&nKa-cOK#({;xbU8FZt1*wF*{_A}d$N;6Q=8GZ4WDOY8s$!2P9RcB?T<;TMx`7K{hKax$jGTTdK7%3Al(t7yzcJeeL?XUktYbtGC*P|_29NuIC~#$4VFkyjhxE z4B^AeTFG27k0qDPXtf%k!iZhVB9ATz0tj8nX6Td-M^eQQOZ8b1@U^n;YlR@as@1vI z6)uy2>qQL6@xnHKLqf~;Lgt9Ddof|J$-E`({cmc+CT&e_EJh}Wh9)N$nQV7Om`BfE zyqvlw%v|w9BWP+JHMP<;4nL>00&)B8lbldiCXY=u;V)V`J#NO^^`L7!FwX45i_l(U z^8j9qU*cVUNu0o!JrYD$ELV{52o~##m)Fz25Avq7ZkNi_75y~3O>o4Bl>CSut~fc) zXs0hK7UA<%?<&2sVqtD+th!g%+l}j9*3y3G<7wYR4&v^;&~YcR?W8Bz$5`JK81hsF zpTIU`qdQj6@(P@ODU>Lt_x554N~!1ZsxRAAnU&n3VpJ@QlC2@?;1$GfEQS@NPzBwj z(KN?}kHrSa^wtts8EI35j23=X%vIVif4c|~pZ;+lZ*7xuTfby%Lvk#puE&;##>)Cg zYr*BBnn&2{;${E5mcaovM8OhYFU%{*y&STTj5k_a!BnDuwY`y-;{Qw8qYZhoWZV~x z>rf#8a0@0_{$#>K-EbGeB&_5RwI&H_`K*2@FPK<@xy)-mk_&$|(>J=G`X70(O)wZDbfm5swEBuo8 z*7*p(P(>0?qi<21Z9>J|wGd39RSXe}Po&gKR7WTj1v`aI zA+OT->>y4l!EeRLm?p@E?RLvQOX*{e&=MmCx6r92*tpZ!@PhGvN|D%my8XsF-Q|Q1|qaWT<0BzaFJDZ7R86?o~h0%}z)sF4kCrFr`e>(KVrgKR`PNQc#_!Kc4n+DCR z^{85(5->}4#H6GaL!5IduZ(7Q>M*jg0GNkNKEgeI$LWpD_CZO{ zBhZExjaMg7N zHdWON-1j6qCHL$cs<(uTl|TqCY-a9UNt)BUVjgIr-4EK$9c;ZXg+R+$i?yn0T?S)=5-~G07);Wkh>K_4MWs~$Cd^vzC7?u^- zKQ(RPfN$Khx5#nWLIVBxhV+WCHrv;P7H>m^Z4#aALjGFb#FBHWTX_vW*~R^|oWcvI zuQigugcslah4({tD=VnE7-86!$>qJa<6@e84M!@Kk|VdzJjB@O)Mxqw0uRUsSdN4{ zB5NRa=Jf%)pGir^2)%rG+5)K&MfI6OG%(&A|CB{c{%gUu?laOTDzPYuGs7^mWz!4F zz~+=KbKaMF^}=EIDJcnGxo|xgqa}BbU+_Y{@_w~|snJhkSx;!cU~Ew@Ti<#^-qve1 z;25(&M)KT^>r>a|{UzmxM$spzlixIEouwwGz&s93;@2>S7~Ec{dr?&IZr>J3oz*%U z<+&;6ZmBtMbmMM*eav`!ZN|c#QsyVntxBQ@mE=Q27jvU^s+C%2oah#w!0mARlFKX@#DUqKS zq4ki|galAxf_V2Jl!5d`zU=^B5|o)cI*2KD7n4;AjBOtXi4b20&FiJn^GAGjB1}q@ zUO*jCaVtfN^TPvW)km(gNJI!11-^u zJF{``KBb@#&(nB4qUfe0?KxvG6>58`(rnETjK0!{xr`WjYgD9LzCw{#g@MMY@e<@n zStv+4hkH!{0U8h|fj&nu5lX1C2Pj7<5zBArU!G>F0xDR*6Z;RdxLD&Y0R*iA*a~ zjl`4DG6`)+iJs!@5l~SSynZ*>?wDX<95u<+mn$r8W|C5_`YU{W6a2w4dP8=VlT}=k z>cNm;boF46rdiJi*+S{)p_fBOv>e0SRf`%Q-$=IukFyidpo#a&V?y2#k>a$_o4-v{ zkJ^dEj1r!-doY|4zFu5)&D7JLa&u4d(dD~#X`)Hm6e_dVTD-+SnOvXr(MjZzJpk{R zjhH#fafu&FMYf|G>Q*zoGy9d2U~+=C`U=K!Kk^&+^$WR}$hCrpg-znqrF?qt$HjNV z?Op~awK3H?dx&XB&C3a<)jf;cR55B1(<17MOwIb4DQ>xZnww;2 z-n8`BZvD zIj5h04dP|(AZxHlTQxI9@ncGk6zP<{y?oY?JMJ2y+e}bW=bk`%nWts`V+w0yn^)+` z4W~z8sUZ`lcsjHh9#=|X1wbD$UYoy5fQ_Lp5>3;g~QLOwfJ0D``~zj#E5D>!m$3EAMIXu>QecFwy zkA_LfpJYmExrxxJ3P1-~&MA75rzaPg^nuXkRJCvdFO98p+#sz(GpU;|MWnhr&4IF# z$d{bTTyW^^M?#@fHKE~c^hh6CN}}~|`fedwJKW^}+v2x!%Xl31{cL>`!0!dTjbou3 zk%gJ7A;V0K!(V@%PSH1F*^aTj!wt>g{KfN0)vHBKOXJDPsGyu@Vx`$HQfoabPCJE4 z%_#T*xxL~Fn`jdsbi7GX&s^DA$roBqVE+2Spe9TUH(@*MKp@Pr@pX}y-T~NCU?!g3?!h)K*ZFb^DMjowXc;S9GgNK{#%lgrt zoE^?l3cvARa98SZ%ewL|7B4!PYl@junKOKkf3UuDxk;(JFR-?ALszO|!xt~mxwCx_ z`2`2oG{8Ll#0PtFRli&hTJVF*iE6S0DX`uYG0hQ4gJ`k=Yerq^J^Zwi7OJtRsS$W5 z&8;;{CG^`MZHRNr)28V?tNR|1OmCXO+6kRq_rDZx*>|(w*`oF zTI*zdS;J<$)bznbw9lbm>H}5)Egf@hLhIVRQL(LlhFh>5np>XH5x~k}J-qRZ-4A{e$HmxxJ~a?=po@;Cf{+?LU(Gp~H^YYSPF# zZEP|^%<+#Je|XPvSZ42k^sQ^*(RGxB5Y?XBe2t?DV{9&2694j)Sru%SD-a`FN1)Hg!b_{!J zPe2;l-N|_Q`latFbOzEFhRM9Rl85uqxxT zs73;Yi4ql0w9JmG^`vyqAob&b(K=GC8RVm|82cv1CKm_P@4VZ@Zt@;lly_{?+G^3% zcQc|5CFQK7Wy`&-AAMf3Q)6S=cz2ZRE&^ylwjwnc8q5`j+U4u*4+yAvp(lbQ^v)k> z5(<^2i{HLfrC_r5PU2;7{># z!O~9K`_i)aa%9?5K0`;Y^h;=SwfN+*=o1kRwLAQDR^b(9CSD)g7+n?c6|gK_h_QSV zdUzp5<_JMEv*5fVqV%OvX>noi|?3tvE?#nFY(Npl>A@Ty)U`q>k2v<`y_?IFGGFe*d{* zY)mFZ_$X58vF-_Ss&lpokO|<$+UNaj9iR?iL@NX^piyJ;qB%awz8?1&cX2A6J>;qC zIIJ?*Yd|-7b#TbIC1gqS?lc`OC8dM>B-twy)1!25HxvjIS(62f z!61-jrJhsSalmoNF}&95Yqp$+6LwGb&#Yi;Hnqhl)T*MZfdDW6exUg*%yc+y=8AV+Ampv5?xm z+R`|yMa?g}x>1|DWIIv+p7Vz){9g+k8GUCWEBH4ir|r8Z;~V9Ep_CV-A*Ry+_1KfQ#H2XJ^>&eme&++YPJ+e-iUzqrAF$7TOO*Zv95NWf4a z6TF v9OY6VhZ+KbLR@bXRSgBr-Qs-U-$?aucnju?{Ox@(2*SyS^Yp2tvef?ow#J($ literal 0 HcmV?d00001 diff --git a/src/main/webapp/docs/exampledoc.pdf b/src/main/webapp/docs/exampledoc.pdf new file mode 100644 index 0000000000000000000000000000000000000000..60108dd03152af8e513b9b8014b8e14cfd3a8264 GIT binary patch literal 16531 zcma)@1y~%(7N`S+;3PmGxO4*@4oN7 z{=S~-K7Gngo$7}A>yXI`iO>S+nBd7evOAhOYC6*383+M{R(huJTwL^$AWI{AV?su- zM2=p>#M~ZaOD|%sYY!3v>023qczEFL>}^517Vyr=apC-Ckid8TC%5Q!7>-Vc(S64P zuyqaa%kghq-&tAsC-` zDL^RL{xw-6$MSADT@3{w_-mGf)Id8@FlEZwhH_4gAZNJd44Tv2CN=Zev*EO{?6Ze# zN1E)moQ!OXfJcVrYYIB-*vcnQY+clh*zfE~J4F(XK&02-*bgQ^!feeAhiak{m)1ZN z`##nXcD->P_a|-O_8z?WWFB?*d_Ww8wCvTv2k*xZ3c5^XTM0N(Us=gr^s^wQ{fq+g+Ys!B*GO&RW+NWU22$FDOqh1adUd2g!*F z&`S{7+d90M{?E~2ga4PIf&cs1K)nJV5dYE(=D%7j$WI8MV}>UrB&65Z{p}K5!k;~3 z{Y&o;mtX@+{>>%+XcUkT2xJDZ{k;)eu4XC<%JI8e_sQ~#0qe3|@{yu=Y=ob5(UpRH ztc&E*X?!9C`1yT(WFdKeL{l?&N|OcwgRwtp)0_0zA4o3jegEb!<{p}Y9MfmdvD8-; z(~{z5H^I%2VBb>8nQ>*vQD3`2>2xFy%@aNBzLIk9anr*+$!=6!J!4kde7$U@jB>oN zM{#E0W!Tn1@p#1Gg5x;%IZ?tNtt>j2}`0W!P>`g1|7=q@) z9c!Aioe?LI$a^u5tc8{31i*8Ew7@27B%l=s4v&>!n&gRW{dQ@g;|3IR;|$jqhjL?q zU|%((z^xwc{O)Z1=;#J|z#cx}mwezr^U=a1C~Yj_-7^Z&8z;a!_=w1LF#$tH58JX4 zg5=h^OvE9U( z)FK_}PS4uJbUCCyw;+m0Pn9=*o}T(T>3NP<vay3%(G}GB^h}}87w_8M z+CIkKTMJwKv>xEa_2@`%?H={G#Pi3ScP`&?J9$#Q@EQCbEH>X4QQ$;kH?zFsga|4R7txF!t=SMkibSVF7~Azv+uQ(R~{xkBgp&EBFKSYC-U z*ByX{iKxK6glu=0@LRYUbH7xIfA7m>F>}uwpYyb`^D`5j<1cZvJ}v*0$;_ahA2itV zoMnGl&nuTXIVn;kY4%uP!g*CIDIi1%_;|j$^SUuh(%qFJhg)O}{W~uO;-!u=3=DVh zA(lCgc`JauOe|`sf7RIiL8lCZMAChT(n0s!>MclwD?puiyT(!l^PtE`(Sx*J*Tc>a z!+G=AF?+QqXEWYto4iKy?AMbVV;i3i8z8s7zGx$WuC9+K>I)h)7P> zkA962rYusr&*8Qi2terYk*h_}$pu95SAHdRNAZv{$n;hX60`O9G5wyZmQzD}JvWsS z4!_AxhEmGRaTzv*;)Dcwd_9Xf6&^qTIkOol;76VaPD`LBoQPa3*~CWQV!@H>Qc+N6 zCo$C&%J?)&Oz^Ck*>_OAV_7lzKIB9W6O%USaNpUOi|w|AG($wyBw)MBbg)ph+IJ`= zi6p*eP&(NpX={6MF|ZLDrcT)8y0%QH19k{s)UH0U3%1zOyhOWrlC{W;E`lA^LTCS% z&wS$~e-2-Ckx2@dXkEn})rl@{7A7 z1~nQ7r9o%F2jm<`i9FMjSQb3N&ob4ljJ0H}u0vEAvot-3S$^KoQ=C(s=&RyhOu?p1 zs39PZ0hfB!vyZgmwYWC-iK;6q&Q+8>J{etHEJ|TcILEQ+Q-o9ADD(uK` z1SWAtnK8=oUz9_|W3&EQvCCn=?yE+nV}p&0;`rmX8jSc2QX~=|ftFPa$rwJWL!#e1N%+lk(zZFLj0t#kp2U<(IOJoORI;YH% zoLjZfKS^iveppL}t^Ax0105bDkPFL!!q7RF7_Pr=GFkA9N1aO$Xszalf(FHs<(YB#QGCgxH+$ALz(jH2DwGb zaXA!8V*5vdCgO2eUo3}Do25b40$d~v90c!mvtTVzXbv|7zIr)B;*5M~gsR&P?lrZpso}9R0dX zAmI{(J&zC0gz zKfrdJ0X=}n*#8)SV>P=MQoU3iTzuAYhw~P}YQ-JkB<7N#l|%tku1|d(G!zr5zJ7@> zY0aqJZ}%qEMJqY+c+15X6Yu9oVxdl8RO&k-O60)F%&=SLVt#|eAQ$N6IJIF|a-O)N zZr>!c_AN-<;{2$+0}083GIiD}4hmd5iI{=peBA4;)dBien%)uK=N%i*wW~Ct4Nc%J zl~Z^r1wwD(ac-GKTG$)8n_T1^TlI-_9iI0_0{dL=jHz?FlLv7Vweu)DL(1u-ay$Ac zVo3TlY`eV5>4sCHHo`(ao|OzPf0x=a@3kz%EKG+&m(92;E1Nwicx4Ao`VF?ygP|{A z?ZNDpiC3G2;+G$b{^%!|P#q?Clg_QG+GBuBr~*7Ur% znm4zaIs}Y(U*%XkH2bPOO(uvf*q^1ueAzvZ#Nz96HmB>ooOny^%Z6Xjl1dK^5NMjax}dMoF+b{)9c4wKjvYIFtXq5eI9o7dME~KR5fkJL3>bUPQLZ zEl*o}Z?tYZGlUvuUe>O489?uSaj_C&MkH&Y`7-goPsQx((GL~uQSpi2qqpq`wIdT> zsd>e{E_nx4df3dEIzyOr$dR zfU1$ij{RKq&9TBX*QCP3TM5U~j|<<=A9|;KKiX1it2XQE=H{2pC+sdaw7Z&I<_^vL zwBz?Bvg7Y~a0!b$*DsM;tH8iV#XHzfTu>Rt*D-tDUF}tj;u5nlkNw%p?6o(V0V z8y|cRJpG6859j*+I@EsN0+h*WBn<1^`l#>vXyU{-#+k(cpRhR6x{}SKPh(GPg_K)M z)k$ovw6Rq@+3o5Sb|%}~6bHZ0Y>rRANq?UTtwC6q5TaypR^(P!9@$c7JFq^;F7=ja zk*&RWxUiIN3V{qgj_Mi&nj^d68FT6I{Ae^@ZlyZgSZuk#0SXbA*)s3TkV+^$^!G8GdFn)eko4!lMB7GyT1gGWn>C_~G)AC^2dNAp*pd*T$BVVJ`& zX4szQ(xMvz_)kU?vdUd=PLkOV4h|!s7+Ws}JmQ9WR+@P|PU}w$S1O%iYL*9omfv%? zMq=){S)P1`zo)_ly3g?4Bb}BVFK{$Sz=-xb!5vYQ5n4Lo4h8$(yL{UAmI%0CedP}G z3+t}uQf8k$g$VhQi$2(Jt$mZ(DTffASTuBdt{a|YD~!sx?N|930?Ex+6p>IFoDr;g z50OzUBP{Ojq3%Z!k$X7Xz&9k_M{)KcGoRRV`zUP*ZP9VVHb{$*m)1VEUK~fK%lj~+ zPJRMt`?$l6ldh8eQn?ezJQ4T8a!~T|82`K%+xbYg&Dt8dN&>eWvx)>aEM_eZnX(x* z{pmgjWzS@fV%%-KCz{RYRotws76LjwEZL6VTRs z2DuLPL~wGXgBq7km5+|c&23W#eVI(+xBW*Q29kczf7KtqM}3@cY06XGTGoO8&WazT zU8Z^wFa|yJe7lco<^S3R)p#Q8DXMFaL7L+j1otLecQ3ospUgNW{WE0k>kHCIvQeRn z=<#L>G8!@2VG3xn?&67_vnG6Nj9p2;bp?lpWHCl+)V98Uq=WFiLMwgkG{r*pTq^mg z0p(BAoZ_*i)~Yr{yC0n@ikZ~rV>xX^D;5R@#wt44Yh$HS!fGY9gVO_7CwVlEhgKFJ zRvnyox6!NwAUj(fF5qV0@;0anN*K2fU7h;kd}%tfv?u6hmdaagD$Op{ChdyZpvMZ; zx`iyUh=JWy)axRg<2qS*HptsK1S~A;@fz>gJ37yM4nL(n>T`Y>MQ%JC)q_dl9y%_! zbLA|t;|)SSdD#7qnSDUrl+#lBB)vtKZ!PIBNPYR^ky^7=Qshr2EVPoBQODj$-CzO@TQv0ZY^MDXnoFO2=Et9_-o z+8;j|(b9fghTbKLmwS}DidKI1Z%s5XU5v37hE}lqn$KP`-aMF4Os$zOkOO~<{ZTE+ zkYm^$DZfhI-xXa$lJ>hoh`JdEgM za_(m2tjy{gT{iHBoCZTp#&(fSRsd2{EZ^aiQKqeCDJKlsT60IYVUK+gsE;*^n(WOE zBP>5#}T!*T5__ZO&g-8sO%N6 zowPWnI-$?w?t1L9|MCPoooQY}cCgXp5RZXSJW;#5=V|Gu@77+o;BQ|s>4AC>Sm0f+ zO8yp@G?cS#X1J^quHan=@1xkEI4K7mqXZI7Jq*MxNs{D-$0#g)!=+w2S>FwsN=U7aIP^M{4y3$~Jj*-98QX4xXw#Mx-s#Ctz zY|}3mF3nZ8Y{)Ym5ML;2ut>cN@3&8^-8ugxZ$}X)@v+jX2DU-K3IxR0O+hdkF09PE zOLgAK7|yGS+o?|Rq_NkFanL=1t6@P}*N<}agsa=JNd-cFn=2JIloKyOS?25ZH-l^@ z<`cq1+l7PhY4_rj@)1s-dCk}GQ|VID(G*38VV;Xz1EU+-psm;&#F(n3X2scBwz=Q& zlkIGh;aA1!b=pq(yfIR$Vo4?e#yY9nqFK`UgNuENeu%FUAKvJ#O)4ApIhH%`m&hH5 zJEljvM^EmwLz@pV8QFzmO!?+~TBc*(bSf+wBD5fY>KlE~28fA-ISBKJ$2Z~quR4{v z!%>a-Hq)GZHC6S)ImMsUx{1capgpdUHy8c0{3s(B@c3+mEFAKROv>B8+8$3H@VHub zVtu>6?z!~aTy}pMQJYk1w0B!7QoS+1qA{^k*E-aKp^B8=DP4GPRQ)03^zoq2f0?=v zQ(0Dx1r1)gLk z$(c-#JP!|9Dt4D-6t=&l_c@cl9Jk?R8Jy%TRL*T=DIQCib5rzNED72-fb3u3ui}{3 z>Kp`=x7(pY_p%z=&!UvZegL-ix6Ch39pRO37#&swT&H{gYA+>jSO;H;jkcM00zVyR3rG zh`W?t$jAl}U3#a<1}pc2-PCMY(da9ZAx+Bo(WSjjG$Tv{U(7cdqeH^^7K32lAX44pt$hPt#w6nPpn+R;~$n zMmLk!R2mD(b(b)Vln)ytM9WLlbSyOZ?v|=aa0drzhc&+sfJmJe9XBGQS`7V&HsCh0 zqZl!ey>`T(rrgEPhi-G6W4DoRqjsqX<(!Knr7;8mj@wbQ2{2CKRhyH}dWjsXDsxVZ z^VlURukQ?{JA)HC^BWQ*3_uvnol^4l-SCAvmSketo=5Q{knJnK3Sx z^`THm?h=L@jTud|26%srP8Z$(hAh5FgztP+TrV%}Dr*oPW~sZT|mask8N2~ru(d+E+vqcR>Pw*7>)Bto1Iw&W z`TAYNMJM0kZo03>-ZV!B68wV1PW*N}yL_Id=GcLDD#87ET?2U(=xfNGy9$qg>?78MCr%x5`ms$L+IIe(<6;ej|@oyykyJ|t*AHz#1S1y zn}jl-po8-@~gWg8kO>E)+rHQZifc? z4Gpinv)W40b5_RUX~XWjw4i}tH-IJ0amRO7Dg!tXa@PVDG)~okj%#jRM3bTqs%3`r zJ2fWH5EP%(5p&rpyfFu(5)70Px1)^M-XPQ+rv|oh_-O~Wx!Ur&;`$?zLig*HeL_vA zdxJ9;P(AVNpzAA(82{jWl zqPi44uNZ=Jpi~m+CSco$du(=cX=Qb?Kn=sPLe*Mi6w_MDy@<9Or(ApURq3|T(bDWh z9e4lq#_{fcll@#1(J901!Gq|{NOc@t8M_tpa@XAnn|G?ym0$Z459#$~zf{c>%iIk9 z_089<>t*SB8#U{#?ICVF&#>9G6NFk4JHo{&c?R{P)kK1qN1kyrSE)A9h>YNZAd zZyzaRgOfRAcj$=d;wP8Wb52YPzm%sr1}G%u6lauKue>MSp;`M zXH1~o8je&DtznoiO3t(^e)Do;TGO2dgBj&_Ms!i5>XCiKjF5)wd=w1nT!mMA2 znvtp5XpAryR`W7{61g9c^^7qLsJ@gCqxvsyQ)?XEQ0w z>rQRWI8Z|L@L^wjF(_Dq~OUfpz*<*w-G4=(Wl!VFz-qzumJu6XK#7L6;&H6mPaFBxtvUo1NW*;MjbaFc;gT@24PKYF3qwQ z{hP*6YE3w5^$lr5gnuXxIALU@)LsFxlUidz_(ymtz=h+{4w3lggu~dIjPK7$%$#FC zpwF;=*45t8Wti-+WbJH>EgP}RGo&L?0Iy#Y4Vi6af`8H0~`9& zj0CXWSM#uw#Yp28fsB{J)gQ;R=IMjX1<{t_O~k?VT3_&6z;1sB&RZB{yL;}Kc(jQ2 z7SV0BcA{@&e%!E^N~*5hp!kHy<=8bzt8vbHa=hz$qy?6Bk5Z!&&?84F2(KjuPfQB3 z+t0~b3IbU&IV4LNhaBfeV@A>9h9xEC`9u5Ct}jP~`B~<0j&s`CPxKMRw|J*~i6qrj zD3Vf!0r^3YCXkRAA$_2E<9V}nDe^{>94Z}b22G$;;w4?SCbNwSHFCE1s}DNPRW{XA zYG3$y>kD`?Z;B&+dVgv&y|!m93fV;#`ZUpSHI(%#qL#~b6IL}^lfb6PGQ0{@J1NS6 zV$G=Y3c~K%7+ZB571`fOZ4UagmtXO;Y#{$nfLWE4?@#P@LjweV!9YK!=t$=GUu9t_ zY%%wUX1%N_J9~-v;F<)df4EM11+%6@y8C4n2oi0+&2XpmfZD!#e)CRuBK%*-=nLO` zfx4`W49x$*pzMEP(BA;Bh?S+i5Xes7*2LQ03QWeqx6-;6AbLUmm*b?Z)s!>A_TzG z^V{izEbR%|0nG4V2>kmEEdvk;PcNuz{Rw1ZWDI@?1S`thgDjK?*}zvX#e-ozh=K5h z+seJ5;6Fhw5b#$Q{)GELz`yY0zmr?dr~yk~z&qg^cmHpD#O;pDr~=|*kt&xN<+*Q?V+#286MedTFkjnv;`Gi1@q3 zKAG-n#EV*R%0PVWzSjS2aI0P<)iz>oGr0kcU-8gocG|5qx1MFHzqp)y?*n13!}U=j zHzUF>mE&d+DUxEUVyxV}y(u)h_3OM&jPMA%H^(AC1pa0F|G3Y8_68_`q5f}D0bM)L%Lx8oy~xDY z&R)=1*Y?FbBz6C|2C~D`E1MYD8{4TfvVeCLfCrkHnS~I%J%NxJ03c*wW&Q2`MfTeX zma#E1{-yJm9R9a_V0|FqkBs1r2`>%$%hL&8CW0J1y@HjZrOC@i5U}q5c-sGNBLV*3 z_L2O3(*Tg=@2Gl?IfQbApfzrt!oF0|(dFlQZ$7228NpjXtQDLTd4yGOp}GG#Zfp|CnAew#vYA&~c^Mk)d%XA( zrrPh*A0T6MsGhSQI<2mGAhuXxRcq-mq)2(iJJAJd-d9|!XoMduT+(g zpfQXoulrH+zhft9crE*6l`nza39e%+oDh~ z$Br1p#7}VWC;bOnG<0@t9s0gDsM*fRzA}ff9%Xe*xLy{CLUDDg(ZmRB`B9=&UWcC1 z5HRMq&dCTFT8Kl+FCkU~vH|TyEs{fajB5n-eklutv zMtYpz<&N_U6)o0Zy%r^(O-A#~H5&1&vKA51B;dy@Gm{CV4Lu2ce&nE|xqPk3&Hu%^ zk%Rx+I?m6xSaoLaEM8wW1URFgyrRW6$J)cUEpWa$!a3AysDD^;bl75KCTV&@?K&QY zI-x@WE1T_=9qHjqw>#ghWs9Qpq2T(TVH@2~Z3vJp_Rs;!ZL;~+*p)4tWx;;%9SJJ?|KPK35ZgHvDGl>kdll7y%M zY1K%2w9%?;;+W}ePKevMFr*fAi=x-|EBI3@isx7T20Eiu5VA0D0uH?<2sdE7lv@YC z{d8K;NnkfeB&nx`lKEhiBE6k%gyCWE9=?BZnZKGQ>hryP=Z;N>YiL<~j(y10E3*WN zT7$0=>i8l}}VXu*M29X}f zZy;&f5$L)$m8vv-C9cDX`V79({EWA1Ewnn(^exZ@gn8W~j%IZg;gdyRhbMf08jWPOPuc5yBx?pQCeJ^YR8^79uN z-JAQ+S}jeiM3FJa=f=j`dgZ2(kMP27Utt! zLP$yN_t?u*Tipt~0TWTok*tjBSyaf1yZ=OytK9M# zm{Qmnpf}EEFJ)x*X1v?KKu}K{?f{O=^S$}#FD@TcoinbWGOJhKptdvAb<{=Vot#^> zW)D)|!hF?#3H|9C=lsIbvF`Ys%M#M_E7h|04a=MFZJ18_P{l1_HOnGNO*Iu)lcsdl zaqI_s-CUZfW`aZ0+tV1vW)>wj7NZcx9L_~KHRLB2WdzS$SDzQ2o@$IXl%KCUhVaPb z_Ps0gmQt6ZDpwws!|_&Jw=y`b4&J)5j;BC5tsE?lI=J1~XPqu?mz&h;cWf^l@T`2Z zy}_GpnbT|?P%T{KU0BhU*KTep6)gDFT+uQ}#a_#_*znk!Vh%bX5xRM|swhRCO4Qzu zpxjTb4v(R{Tqh@2;0ZxS>+a!j+ePcjZ?;6INi&)lI963Mub0fa_i;$vvT_g+%Y(?mT*=8`G3kHRQ(_ za;gruwgHJ_$9lh2$@d}JH---NW3zeyboAQTG!`~Q-8SOyJAJP0h)u}TUT^D`%+J=m z(F4A$BI*zbDN2}0#LVb1!1F8(4OdV8h4x0zAm5_E`g8KF%1qiK=Jzr;Uo7? zr6~M(tR408VY>l)ISQZLj*7MTR*?f?a0q3kNf{15GGd-zR2z{|Yo;rx??IK8a%r26 zSG?2F&4hkEKd4ZUew&B%HF&}R3J&3ti3Z`WY5!V>jLp4!c*>((*mSJ`m2gX z21*1$Jt=6Suw12Z&d0~j%;Ka;wropKltV3<`Eqe>lC$-0jh+`OU?BKgz9$j08XM2* zijqaTHlD?d)4mhUUs0D12>D3A;c(e$fK=E+1ru)agvL z*F#h(7@1=O3>rJO0l`piTxwtXlkQ~u5wMQh7lIAn>QqGX%Zakw_6vQ6>YM#h3GZ@| zDgEtj|2Ep)YVX?0k-r@)h1Xib4 z0iNB92yFzKP|yGVwabh5y;n5aKjt zW?^VB<7di``o2SkZ^R8`k?i|>N|dY?=-pbb`9CJrYn>juCcfbx)LTO+1ZO`1uXJiH zIvOSmho45cgpGE$PbxlnO|-6hBMzG{9~QoA9fu3XVb&f~wY0pt8eTh4%{s|ZmTSc1 z??!s$KyNR6z0gBVSKZLX8iC2VOzL>Wb8*`&@f_Fem`&Ue@Cpl(6GlqgWOe&u@w~^5 zo*ldyNcb?i;1Pnol=~CBm!r?-{i>Usb2Jy?3a1~vZX--T!g^LVQp=&Eyf|_c{e-2f z@Q-(i{xTgGQfqm7NxMB*!Jm>EPTD!&KEPTow)a%M;q$9@^|Qd@Zb=;rI&#)u0FI6^LubDUN7}n-R+0#bvLD>^p z??Kcv?)h!{=xdMQi`dyt@nM8)l}lSKQoPKF3+!Dx`km@*jfdAe7wJ!8!w0=LU1Y-t zLCP04!#goYiNeD;Oee<6>+TR(1JBGm2x7g~-!FurN3c@2+=1-o@;eNGM)2;V7Oy!y z`K|XAcML+>@}W&gE@+iG=1}KkKh^uOBk8+%7NTky*g=oI3uR9vy~?X9=<1x;?BVX{ z*DkOwFy|2@Ul6XJY0e#bzr>xnPSzjNM=5VTGjAYF-F=8Mx{Im!*3hxBX7I}oH`eDV zTN_?Tzw+$VnUV_0&%i|4o;oo(tWQpv2|uL!vCrCG+|=C4s>pX{+I8>xlTiCI92FhK z=C4p(zkcUgf?GSPot1W4L2#33 zp|whaml{K%$h@V!{0I+2i|BF4qF#Lpj#9FD0CF{m%{K4Bw$q`b5!5#E#IGx2*W;#IiLXpzHoM3`3=;C$8 z3aOgY`~6IV!?)vSn4z$~%|xpSRjR+j*I{$V*oG5@niWFZ*{Hpk5kFRQ@#lV?d3~un zK7Nj-BRUNqWFAmUFdq@^LFs`#aF(>IUfch)7&V?)&U)hTj#<*+@Y07|stj^&*@3$+n4e>U?2X+>wAzmqxJO8U9zk~`b$y!I2Vn)&S*y2d?|R|^#1#a~6PU`> zEv&KNa7x~&Ycr4Mjvn_R8rpP{d!HroNsHih14KX?Q#Qth znj0i0s?G`_+!DSV7Zudo>5lzp;@DU1?E*(FEv z*!zyDWUvql>%M!mkWAxwBhVa@n=Ya6^?oqp($puJa~iaPLr>F7LpwFvh!&f4G&ZfN z#6Bb)v+04!Ip07f#0`BGePLHimM6@bdz2uyG+*Hn#E~l9LHdGjlRe;Ny4axIoI8%d zft~@*A_*7aH}0$1kE|rq`dW#8_(Y*uu+}j@rPkp4RKz1mF!NBBmAA)LPk7zq7d86K zC1!Bf%DbnjIAwSZ_914mT)i89K4Z4xn5w=x@xMt?S%G4{UmN1GhdCtRK0R!ohp1D> zihMJghst`!MkQa`9UN>HN|JUpxne;vP$I)YlBewUUfn3;+1_xNkGwHoD`lz6wlXJ? zyTU~wYz;7y0Ea)bK`A_JAdFEi=+1(%#>kZvZsb5m>D&9jZC^;Mz9kzwDgK&-)2}=Du7+x@)FV{VEnGB5{|W%Fc@(wJUr(%tu`>q`-*u^gVU`;t@j}|%B?|;v5tT_n5aV6Q|?xC zT4TM1EiPtl{G!4gb+b0)P&(Rey>#d@eCL;iyn<7`Vj@nB~E!VCDc!INpkZWmfM0SpwH91j+sZSB^q~!U5@w( zX``7B=D1s&hPXGAi_C#B)vQHTo3B%C<`PJIowBgFaPUa#^9paYAFH^S$w8jTD$Uxt zTT6A})M|5RX0JfYm_2*w7o}~khd1LaA?IO?Max&pW~3ML=BSQoRen&B&vSjvVN5Yf zY#G(<2`xx1NV1k*qV2|qzD{5xryDX}8v8FOf1Iq2#;EhJCdnbYw#Av5k4g%gNbtlS zVc!sH5##CtK>fPi#cGKubRog}z%Wa7=9;iT{;1Vx+AvfpvT`Wh58h4YLGgUl{=P{R zMQTbS?~In@cw(`_Gc+EpiMH*Ly7LNm;Bd}-(DPCS?nF;tL&V33)o_QXim}b<-7Qpk zF%Pm9y!0X1E0FA949++lf*QWj)V(~*fd|ep5h^- zxrFEhoMooe(n*wRA#P@wEOR9%Vn$-`dZNAqg`#z?U|wUUDRsWPO~MPiq^dVEH8PLz zpHJ;bq1dQT;U=bkPix=^Ya%Q*C>r#}p!s(z28|Zz}n0eyHlm@wClgf@FvjLCn_N z^VRAIJP|?joc8YRbSbZ8A%|gMa`{}I#X)pUu;0;b{!Ui=Tz>tJca^mJL8S%MsMT?b zBAK9T<4pyjK%tM}(sPHRdD2}oQn3~I9~Jf2~aIua!eg=yT*13rE~H z*j&aoxRCo?pB`a?aY^`=8`m7(^*YTjo6=g9tJSK}4k_u!RF9esSygQ_s|ZKLO{$w6 zgsLxgC9&X`v0$voSuCzn$0v7Rh3mP26hFIkH4qmT7xl`?sTnXOARvSUBh01MfS2(6 zGey)t{g5?g8kgQc*`V5(2~AuwsIB9asrvHi1YkMA+3DEqTeXMhmiR+&kHiCNAr2LO z<#8d7+=+l@n5XODSpNKGk=r?8oEO_iP1xBuDjGugVl?v=fy9ia(_6Z6_-U?)FBjK{ z8TOV>pE;kAk?IR$H$3iP;#8(0$J@U56nurf*AEmT-t&wgxSRB@hvHsiT(YcYbtpu% zJr-(6QVZDXL}K8Bm&~e(&2uA*we3P+DZr!KVMO!2uR%NKWoZQl|Jy3~pOJImWoGuj zxWqqW=l*-a`7g8rju3l6EBv-5y5_V3=DPZ3|H@T>?7wjp7D6Bk8~6vn#`u2&D?sov z_ut40BLKXR{ufz!$@%YS1^BYQ{oicmZ_#vruoVWj|2JD%GW7$1!zM4@*Dq?(1eF}W z4b;)ZXxe>S?eR)V1m_2^(|K)yHNjkc*Z*8f9 zw|m>``Onh*(c+j7$$7(EPG|u8Bb>d3ehW9NTeK#tH^#vZsLCjneqHvE=6Rxo&^u(b zmbKAd@z1VL@Wy*EXLG9bQcbZJH1yngy?J)4Q0G9nWZ{-K!&zTpc)Bk*PN^7%*-7$# z)D!Ngu2P%Qc@u2la+OBCMW=ILp((C)#;d!-3{U8Vo$W>C?ZHvH;0MB@^2~(4RsQls*49d29%Qdh503h!R{%NN z(~DW?8i53VPsDyt1T_DP7=l~#ceBfa_333_0#oe?e{ZuK$j-{aRv%d-NR0?EZ zqWco$`T~Vmz!Qa)ok8>eE4EeakJwgvL2x(0HP{jUHp{?G{}W*T(+ggj14gU=Yy&*~ ze;NU9!+%=w5@Rc2Vqm9E_?wYmZUwCzUM%{zDuDmQyn?!5Bx_{^?lris-#ZOYFJld| z}DuB8zr$dXo3p6c%=W%wI}6$FP*gV`~ch_HwV z0Km)&0I)Iu04(g_lnI=I*&Qpx?*nJxpbz>}k4f-%9Tu?eZ~9<8CUAZhmOoB#eilaX z36_IZ0F2s zga;!;AUwFFKMq0`W@biaLPNseWk6;|@C*01XM~o2$iR0mmV7z>CS!bgZ~jxp_`fpd z7ozxIdO&cE;L-mt8Q5ar8T$_zD?7`-$k@Q6^xt{efUMw&@edg@^Z&|N|EF(2CMGbh z|L?qD8S6jm05Y+#famIe)d7x+ewn}jkTEd)vtA%G0}FUQ{X>rhZ1sQ2z2Wq|E=;em4vMH1&u-aW_Au1g!Fdw{yGt^IHA1!QIiu)>p(3CoDU{~xpZSdah! literal 0 HcmV?d00001 diff --git a/src/main/webapp/footer.jsp b/src/main/webapp/footer.jsp new file mode 100644 index 00000000..02cfeece --- /dev/null +++ b/src/main/webapp/footer.jsp @@ -0,0 +1,12 @@ +
+ +
+
+ +

Copyrights © Cyber Security & Privacy Foundation

+ + + +
+ + \ No newline at end of file diff --git a/src/main/webapp/header.jsp b/src/main/webapp/header.jsp new file mode 100644 index 00000000..f2691bcf --- /dev/null +++ b/src/main/webapp/header.jsp @@ -0,0 +1,171 @@ + <%@page import="java.io.FileInputStream"%> +<%@page import="java.util.Properties"%> +<%@page import="java.io.File"%> +<% + String path = request.getContextPath(); + String configPath=getServletContext().getRealPath("/WEB-INF/config.properties"); + + Properties properties=new Properties(); + properties.load(new FileInputStream(configPath)); + String siteTitle=properties.getProperty("siteTitle"); + %> + + + + + <%=siteTitle%> + + <% out.print(""); %> + + + +
+ + + +
+
+ +
+ + +
+ \ No newline at end of file diff --git a/src/main/webapp/images/Thumbs.db b/src/main/webapp/images/Thumbs.db new file mode 100644 index 0000000000000000000000000000000000000000..83e456d496693ea4cf009cd65423dfbd33320137 GIT binary patch literal 4608 zcmeH~doYx19LJw`-@Vw2WqH>kPAn-jX6WWpZsl6aDs)lDt-_JZsy5xFR3@DePFIv7 zBax)bG_z7lXHcPBYNF)QNfJWSvFG=?oO7o02X$u7OlSPw_p{Ht&t;$I`~05g_dffu zlGm7?uik{dFiV7^K^YU#|CW!zGs%!CB1C})^827nCL7K~2p%WwJDP#tVXUP8NT}dM z8bJD-0g!nU_Wzy%HxvrjMx=%8Pza=A6bYUmzp22A8J!_~jAq{Y&RvlgDlxL2RBpJk z@fdB!DyBjd8ttD<$ErVC?m#Ydu=&UbRQsS{n1%JjSzq<3_znH5Ko71Xy_kGeZ~v?e z`Y|#Fld*Wb`UOz;1la&=v@PkAFZVy`A|}8B*Z>ER2e^O&0IvYV1C#(|fB^Ua88?KG zssd_&Ixq>)05pLgfXRRspbd=1A9DN?_TSC`=~HqISipXe)yf)?qO-k|J;Gp7dBcTd z4X{OU3WdDEsBqKdXf!I7#$qt&avTF@{|capU+VcsHzaE zN(7%Ee+0v!4VA{E(U^ohTb}r8lSvUz4$Vd0I3`3C9)|NU*&T8nVKf*mIp7h)C@@Ak zLypN}Lxn=vp%{)+s5m)lsJ#Qq5tT<%(l)lCD~o&>!f?VQDn4CK$2Py1@Al}u?hIe? z9wtjgpsJ=mMQ`dfeS?{^X3sG-GoQb}&fdY%$$9BAcMs3yD^~jXuU)r3ATTImG{P>of&TL`M%;uEEV0EO;fr^X+z4!Cv49*Df?5{ zU%KiM2gks9I1gE&&s859LOL=-a}BnwQVV5M@x#|I%6(qYweqe~>EcJx$*%@H;!gG7 z+G`${p~3G-<7``PtnN}!aLM#GH=@5fzHa%fdnr1V^u<^hch_P==MVb+i;D9s#S6JE zHbyCi%k3XXBZHV8rJdW=(P=CBmG?KNCmkFV+FK=gS5h)64oD0Vu-=P-ow*@30?E-R zYeO}u-(4RF}Ymt?M6|;5}(!8;gfuYF_R0V zf+LR8%ik>7X)KClsyLUXopzFzqwx3bb38fJuzc$Ja8=b$$4~!eb1h1ur#tz%MqX}w zce!mHeYcrUrq}EJ35}OT(XPZ=Qv;hG;f)gwnFU4N+pi`?M8`<^so}YAt#uBYX+G6G zdFoilyKrmO!gFW6GL+1%CP|C?a_ZwPd(o!6j_K*omrjklr;{sMSI1(0mL|+=Cp{`ZKqa`IXp13TG(vq%VHtpEb>E5A3FX}jD zmlI&I-s%+cFAEjlj4v^7OD(X{NXp`{GDTDl!b^$F3yDyHEUqH6UnG<|mChC^JUPp=?o z1)Z4{hlrlJEytYC?>3Uw=I)u4UTB+o6pL-q+3vCLO219zR@AP2%&#H3ti$th)AERN zao3BG;AZbIgU2r#H>Gjoa;21lP@_W$#(vT!hqRoJ)jPeC+YB;N{G$@9Ufe>K?_7T} ziM-L3V6WfpwJv)g_Q#fHSE@@~#u10~-mI-PC0Zxri#1I8(;X|g`WE2} z?a(e+-DvFj>QoU<+T^R)dju^=ha#EKH+T-C67z*qi4h7yVI!v#vV7>(%?j}(&r+lD z`)A1f9^yA0(I?{f(0l3okKYes1UC{^Ep&3pP-*3qbl%)pRyt2%piN}wlRf#Geh?6xb<)Ghc{Y08ayF8-f}VXU;5AQA9^CV3aF96)78&qol`;+06V-N A#{d8T literal 0 HcmV?d00001 diff --git a/src/main/webapp/index.jsp b/src/main/webapp/index.jsp new file mode 100644 index 00000000..80ec023f --- /dev/null +++ b/src/main/webapp/index.jsp @@ -0,0 +1,10 @@ + <%@ include file="header.jsp" %> + <% + if(session.getAttribute("user")!=null) +{ + out.print("Hello "+session.getAttribute("user")+","); +} + %> + Welcome to Java Vulnerable Lab !

+ A Deliberately vulnerable Web Application built on JAVA designed to teach Web Application Security. + <%@ include file="footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/install.jsp b/src/main/webapp/install.jsp new file mode 100644 index 00000000..13086741 --- /dev/null +++ b/src/main/webapp/install.jsp @@ -0,0 +1,28 @@ + + + <%@ include file="/header.jsp" %> + + +
+ + + + + + + + + + + + + + +
Website Title:
Database Name:
Database User:
Database Password:
JDBC Driver:
JDBC URL:
Admin Login Credential:
Username(Default):
Password(Default):
+
+
+Note:If a database already exits, it will be dropped + + + + <%@ include file="/footer.jsp" %> diff --git a/src/main/webapp/jquery.min.js b/src/main/webapp/jquery.min.js new file mode 100644 index 00000000..3684c36b --- /dev/null +++ b/src/main/webapp/jquery.min.js @@ -0,0 +1,4 @@ +/*! jQuery v1.6.4 http://jquery.com/ | http://jquery.org/license */ +(function(a,b){function cu(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cr(a){if(!cg[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"":"")+""),ci.close();d=ci.createElement(a),ci.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ch)}cg[a]=e}return cg[a]}function cq(a,b){var c={};f.each(cm.concat.apply([],cm.slice(0,b)),function(){c[this]=a});return c}function cp(){cn=b}function co(){setTimeout(cp,0);return cn=f.now()}function cf(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ce(){try{return new a.XMLHttpRequest}catch(b){}}function b$(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g0){c!=="border"&&f.each(e,function(){c||(d-=parseFloat(f.css(a,"padding"+this))||0),c==="margin"?d+=parseFloat(f.css(a,c+this))||0:d-=parseFloat(f.css(a,"border"+this+"Width"))||0});return d+"px"}d=bv(a,b,b);if(d<0||d==null)d=a.style[b]||0;d=parseFloat(d)||0,c&&f.each(e,function(){d+=parseFloat(f.css(a,"padding"+this))||0,c!=="padding"&&(d+=parseFloat(f.css(a,"border"+this+"Width"))||0),c==="margin"&&(d+=parseFloat(f.css(a,c+this))||0)});return d+"px"}function bl(a,b){b.src?f.ajax({url:b.src,async:!1,dataType:"script"}):f.globalEval((b.text||b.textContent||b.innerHTML||"").replace(bd,"/*$0*/")),b.parentNode&&b.parentNode.removeChild(b)}function bk(a){f.nodeName(a,"input")?bj(a):"getElementsByTagName"in a&&f.grep(a.getElementsByTagName("input"),bj)}function bj(a){if(a.type==="checkbox"||a.type==="radio")a.defaultChecked=a.checked}function bi(a){return"getElementsByTagName"in a?a.getElementsByTagName("*"):"querySelectorAll"in a?a.querySelectorAll("*"):[]}function bh(a,b){var c;if(b.nodeType===1){b.clearAttributes&&b.clearAttributes(),b.mergeAttributes&&b.mergeAttributes(a),c=b.nodeName.toLowerCase();if(c==="object")b.outerHTML=a.outerHTML;else if(c!=="input"||a.type!=="checkbox"&&a.type!=="radio"){if(c==="option")b.selected=a.defaultSelected;else if(c==="input"||c==="textarea")b.defaultValue=a.defaultValue}else a.checked&&(b.defaultChecked=b.checked=a.checked),b.value!==a.value&&(b.value=a.value);b.removeAttribute(f.expando)}}function bg(a,b){if(b.nodeType===1&&!!f.hasData(a)){var c=f.expando,d=f.data(a),e=f.data(b,d);if(d=d[c]){var g=d.events;e=e[c]=f.extend({},d);if(g){delete e.handle,e.events={};for(var h in g)for(var i=0,j=g[h].length;i=0===c})}function U(a){return!a||!a.parentNode||a.parentNode.nodeType===11}function M(a,b){return(a&&a!=="*"?a+".":"")+b.replace(y,"`").replace(z,"&")}function L(a){var b,c,d,e,g,h,i,j,k,l,m,n,o,p=[],q=[],r=f._data(this,"events");if(!(a.liveFired===this||!r||!r.live||a.target.disabled||a.button&&a.type==="click")){a.namespace&&(n=new RegExp("(^|\\.)"+a.namespace.split(".").join("\\.(?:.*\\.)?")+"(\\.|$)")),a.liveFired=this;var s=r.live.slice(0);for(i=0;ic)break;a.currentTarget=e.elem,a.data=e.handleObj.data,a.handleObj=e.handleObj,o=e.handleObj.origHandler.apply(e.elem,arguments);if(o===!1||a.isPropagationStopped()){c=e.level,o===!1&&(b=!1);if(a.isImmediatePropagationStopped())break}}return b}}function J(a,c,d){var e=f.extend({},d[0]);e.type=a,e.originalEvent={},e.liveFired=b,f.event.handle.call(c,e),e.isDefaultPrevented()&&d[0].preventDefault()}function D(){return!0}function C(){return!1}function m(a,c,d){var e=c+"defer",g=c+"queue",h=c+"mark",i=f.data(a,e,b,!0);i&&(d==="queue"||!f.data(a,g,b,!0))&&(d==="mark"||!f.data(a,h,b,!0))&&setTimeout(function(){!f.data(a,g,b,!0)&&!f.data(a,h,b,!0)&&(f.removeData(a,e,!0),i.resolve())},0)}function l(a){for(var b in a)if(b!=="toJSON")return!1;return!0}function k(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(j,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:f.isNaN(d)?i.test(d)?f.parseJSON(d):d:parseFloat(d)}catch(g){}f.data(a,c,d)}else d=b}return d}var c=a.document,d=a.navigator,e=a.location,f=function(){function K(){if(!e.isReady){try{c.documentElement.doScroll("left")}catch(a){setTimeout(K,1);return}e.ready()}}var e=function(a,b){return new e.fn.init(a,b,h)},f=a.jQuery,g=a.$,h,i=/^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/,j=/\S/,k=/^\s+/,l=/\s+$/,m=/\d/,n=/^<(\w+)\s*\/?>(?:<\/\1>)?$/,o=/^[\],:{}\s]*$/,p=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,q=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,r=/(?:^|:|,)(?:\s*\[)+/g,s=/(webkit)[ \/]([\w.]+)/,t=/(opera)(?:.*version)?[ \/]([\w.]+)/,u=/(msie) ([\w.]+)/,v=/(mozilla)(?:.*? rv:([\w.]+))?/,w=/-([a-z]|[0-9])/ig,x=/^-ms-/,y=function(a,b){return(b+"").toUpperCase()},z=d.userAgent,A,B,C,D=Object.prototype.toString,E=Object.prototype.hasOwnProperty,F=Array.prototype.push,G=Array.prototype.slice,H=String.prototype.trim,I=Array.prototype.indexOf,J={};e.fn=e.prototype={constructor:e,init:function(a,d,f){var g,h,j,k;if(!a)return this;if(a.nodeType){this.context=this[0]=a,this.length=1;return this}if(a==="body"&&!d&&c.body){this.context=c,this[0]=c.body,this.selector=a,this.length=1;return this}if(typeof a=="string"){a.charAt(0)!=="<"||a.charAt(a.length-1)!==">"||a.length<3?g=i.exec(a):g=[null,a,null];if(g&&(g[1]||!d)){if(g[1]){d=d instanceof e?d[0]:d,k=d?d.ownerDocument||d:c,j=n.exec(a),j?e.isPlainObject(d)?(a=[c.createElement(j[1])],e.fn.attr.call(a,d,!0)):a=[k.createElement(j[1])]:(j=e.buildFragment([g[1]],[k]),a=(j.cacheable?e.clone(j.fragment):j.fragment).childNodes);return e.merge(this,a)}h=c.getElementById(g[2]);if(h&&h.parentNode){if(h.id!==g[2])return f.find(a);this.length=1,this[0]=h}this.context=c,this.selector=a;return this}return!d||d.jquery?(d||f).find(a):this.constructor(d).find(a)}if(e.isFunction(a))return f.ready(a);a.selector!==b&&(this.selector=a.selector,this.context=a.context);return e.makeArray(a,this)},selector:"",jquery:"1.6.4",length:0,size:function(){return this.length},toArray:function(){return G.call(this,0)},get:function(a){return a==null?this.toArray():a<0?this[this.length+a]:this[a]},pushStack:function(a,b,c){var d=this.constructor();e.isArray(a)?F.apply(d,a):e.merge(d,a),d.prevObject=this,d.context=this.context,b==="find"?d.selector=this.selector+(this.selector?" ":"")+c:b&&(d.selector=this.selector+"."+b+"("+c+")");return d},each:function(a,b){return e.each(this,a,b)},ready:function(a){e.bindReady(),B.done(a);return this},eq:function(a){return a===-1?this.slice(a):this.slice(a,+a+1)},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},slice:function(){return this.pushStack(G.apply(this,arguments),"slice",G.call(arguments).join(","))},map:function(a){return this.pushStack(e.map(this,function(b,c){return a.call(b,c,b)}))},end:function(){return this.prevObject||this.constructor(null)},push:F,sort:[].sort,splice:[].splice},e.fn.init.prototype=e.fn,e.extend=e.fn.extend=function(){var a,c,d,f,g,h,i=arguments[0]||{},j=1,k=arguments.length,l=!1;typeof i=="boolean"&&(l=i,i=arguments[1]||{},j=2),typeof i!="object"&&!e.isFunction(i)&&(i={}),k===j&&(i=this,--j);for(;j0)return;B.resolveWith(c,[e]),e.fn.trigger&&e(c).trigger("ready").unbind("ready")}},bindReady:function(){if(!B){B=e._Deferred();if(c.readyState==="complete")return setTimeout(e.ready,1);if(c.addEventListener)c.addEventListener("DOMContentLoaded",C,!1),a.addEventListener("load",e.ready,!1);else if(c.attachEvent){c.attachEvent("onreadystatechange",C),a.attachEvent("onload",e.ready);var b=!1;try{b=a.frameElement==null}catch(d){}c.documentElement.doScroll&&b&&K()}}},isFunction:function(a){return e.type(a)==="function"},isArray:Array.isArray||function(a){return e.type(a)==="array"},isWindow:function(a){return a&&typeof a=="object"&&"setInterval"in a},isNaN:function(a){return a==null||!m.test(a)||isNaN(a)},type:function(a){return a==null?String(a):J[D.call(a)]||"object"},isPlainObject:function(a){if(!a||e.type(a)!=="object"||a.nodeType||e.isWindow(a))return!1;try{if(a.constructor&&!E.call(a,"constructor")&&!E.call(a.constructor.prototype,"isPrototypeOf"))return!1}catch(c){return!1}var d;for(d in a);return d===b||E.call(a,d)},isEmptyObject:function(a){for(var b in a)return!1;return!0},error:function(a){throw a},parseJSON:function(b){if(typeof b!="string"||!b)return null;b=e.trim(b);if(a.JSON&&a.JSON.parse)return a.JSON.parse(b);if(o.test(b.replace(p,"@").replace(q,"]").replace(r,"")))return(new Function("return "+b))();e.error("Invalid JSON: "+b)},parseXML:function(c){var d,f;try{a.DOMParser?(f=new DOMParser,d=f.parseFromString(c,"text/xml")):(d=new ActiveXObject("Microsoft.XMLDOM"),d.async="false",d.loadXML(c))}catch(g){d=b}(!d||!d.documentElement||d.getElementsByTagName("parsererror").length)&&e.error("Invalid XML: "+c);return d},noop:function(){},globalEval:function(b){b&&j.test(b)&&(a.execScript||function(b){a.eval.call(a,b)})(b)},camelCase:function(a){return a.replace(x,"ms-").replace(w,y)},nodeName:function(a,b){return a.nodeName&&a.nodeName.toUpperCase()===b.toUpperCase()},each:function(a,c,d){var f,g=0,h=a.length,i=h===b||e.isFunction(a);if(d){if(i){for(f in a)if(c.apply(a[f],d)===!1)break}else for(;g0&&a[0]&&a[j-1]||j===0||e.isArray(a));if(k)for(;i1?h.call(arguments,0):c,--e||g.resolveWith(g,h.call(b,0))}}var b=arguments,c=0,d=b.length,e=d,g=d<=1&&a&&f.isFunction(a.promise)?a:f.Deferred();if(d>1){for(;c
a",d=a.getElementsByTagName("*"),e=a.getElementsByTagName("a")[0];if(!d||!d.length||!e)return{};g=c.createElement("select"),h=g.appendChild(c.createElement("option")),i=a.getElementsByTagName("input")[0],k={leadingWhitespace:a.firstChild.nodeType===3,tbody:!a.getElementsByTagName("tbody").length,htmlSerialize:!!a.getElementsByTagName("link").length,style:/top/.test(e.getAttribute("style")),hrefNormalized:e.getAttribute("href")==="/a",opacity:/^0.55$/.test(e.style.opacity),cssFloat:!!e.style.cssFloat,checkOn:i.value==="on",optSelected:h.selected,getSetAttribute:a.className!=="t",submitBubbles:!0,changeBubbles:!0,focusinBubbles:!1,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0},i.checked=!0,k.noCloneChecked=i.cloneNode(!0).checked,g.disabled=!0,k.optDisabled=!h.disabled;try{delete a.test}catch(v){k.deleteExpando=!1}!a.addEventListener&&a.attachEvent&&a.fireEvent&&(a.attachEvent("onclick",function(){k.noCloneEvent=!1}),a.cloneNode(!0).fireEvent("onclick")),i=c.createElement("input"),i.value="t",i.setAttribute("type","radio"),k.radioValue=i.value==="t",i.setAttribute("checked","checked"),a.appendChild(i),l=c.createDocumentFragment(),l.appendChild(a.firstChild),k.checkClone=l.cloneNode(!0).cloneNode(!0).lastChild.checked,a.innerHTML="",a.style.width=a.style.paddingLeft="1px",m=c.getElementsByTagName("body")[0],o=c.createElement(m?"div":"body"),p={visibility:"hidden",width:0,height:0,border:0,margin:0,background:"none"},m&&f.extend(p,{position:"absolute",left:"-1000px",top:"-1000px"});for(t in p)o.style[t]=p[t];o.appendChild(a),n=m||b,n.insertBefore(o,n.firstChild),k.appendChecked=i.checked,k.boxModel=a.offsetWidth===2,"zoom"in a.style&&(a.style.display="inline",a.style.zoom=1,k.inlineBlockNeedsLayout=a.offsetWidth===2,a.style.display="",a.innerHTML="
",k.shrinkWrapBlocks=a.offsetWidth!==2),a.innerHTML="
t
",q=a.getElementsByTagName("td"),u=q[0].offsetHeight===0,q[0].style.display="",q[1].style.display="none",k.reliableHiddenOffsets=u&&q[0].offsetHeight===0,a.innerHTML="",c.defaultView&&c.defaultView.getComputedStyle&&(j=c.createElement("div"),j.style.width="0",j.style.marginRight="0",a.appendChild(j),k.reliableMarginRight=(parseInt((c.defaultView.getComputedStyle(j,null)||{marginRight:0}).marginRight,10)||0)===0),o.innerHTML="",n.removeChild(o);if(a.attachEvent)for(t in{submit:1,change:1,focusin:1})s="on"+t,u=s in a,u||(a.setAttribute(s,"return;"),u=typeof a[s]=="function"),k[t+"Bubbles"]=u;o=l=g=h=m=j=a=i=null;return k}(),f.boxModel=f.support.boxModel;var i=/^(?:\{.*\}|\[.*\])$/,j=/([A-Z])/g;f.extend({cache:{},uuid:0,expando:"jQuery"+(f.fn.jquery+Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(a){a=a.nodeType?f.cache[a[f.expando]]:a[f.expando];return!!a&&!l(a)},data:function(a,c,d,e){if(!!f.acceptData(a)){var g,h,i=f.expando,j=typeof c=="string",k=a.nodeType,l=k?f.cache:a,m=k?a[f.expando]:a[f.expando]&&f.expando;if((!m||e&&m&&l[m]&&!l[m][i])&&j&&d===b)return;m||(k?a[f.expando]=m=++f.uuid:m=f.expando),l[m]||(l[m]={},k||(l[m].toJSON=f.noop));if(typeof c=="object"||typeof c=="function")e?l[m][i]=f.extend(l[m][i],c):l[m]=f.extend(l[m],c);g=l[m],e&&(g[i]||(g[i]={}),g=g[i]),d!==b&&(g[f.camelCase(c)]=d);if(c==="events"&&!g[c])return g[i]&&g[i].events;j?(h=g[c],h==null&&(h=g[f.camelCase(c)])):h=g;return h}},removeData:function(a,b,c){if(!!f.acceptData(a)){var d,e=f.expando,g=a.nodeType,h=g?f.cache:a,i=g?a[f.expando]:f.expando;if(!h[i])return;if(b){d=c?h[i][e]:h[i];if(d){d[b]||(b=f.camelCase(b)),delete d[b];if(!l(d))return}}if(c){delete h[i][e];if(!l(h[i]))return}var j=h[i][e];f.support.deleteExpando||!h.setInterval?delete h[i]:h[i]=null,j?(h[i]={},g||(h[i].toJSON=f.noop),h[i][e]=j):g&&(f.support.deleteExpando?delete a[f.expando]:a.removeAttribute?a.removeAttribute(f.expando):a[f.expando]=null)}},_data:function(a,b,c){return f.data(a,b,c,!0)},acceptData:function(a){if(a.nodeName){var b=f.noData[a.nodeName.toLowerCase()];if(b)return b!==!0&&a.getAttribute("classid")===b}return!0}}),f.fn.extend({data:function(a,c){var d=null;if(typeof a=="undefined"){if(this.length){d=f.data(this[0]);if(this[0].nodeType===1){var e=this[0].attributes,g;for(var h=0,i=e.length;h-1)return!0;return!1},val:function(a){var c,d,e=this[0];if(!arguments.length){if(e){c=f.valHooks[e.nodeName.toLowerCase()]||f.valHooks[e.type];if(c&&"get"in c&&(d=c.get(e,"value"))!==b)return d;d=e.value;return typeof d=="string"?d.replace(p,""):d==null?"":d}return b}var g=f.isFunction(a);return this.each(function(d){var e=f(this),h;if(this.nodeType===1){g?h=a.call(this,d,e.val()):h=a,h==null?h="":typeof h=="number"?h+="":f.isArray(h)&&(h=f.map(h,function(a){return a==null?"":a+""})),c=f.valHooks[this.nodeName.toLowerCase()]||f.valHooks[this.type];if(!c||!("set"in c)||c.set(this,h,"value")===b)this.value=h}})}}),f.extend({valHooks:{option:{get:function(a){var b=a.attributes.value;return!b||b.specified?a.value:a.text}},select:{get:function(a){var b,c=a.selectedIndex,d=[],e=a.options,g=a.type==="select-one";if(c<0)return null;for(var h=g?c:0,i=g?c+1:e.length;h=0}),c.length||(a.selectedIndex=-1);return c}}},attrFn:{val:!0,css:!0,html:!0,text:!0,data:!0,width:!0,height:!0,offset:!0},attrFix:{tabindex:"tabIndex"},attr:function(a,c,d,e){var g=a.nodeType;if(!a||g===3||g===8||g===2)return b;if(e&&c in f.attrFn)return f(a)[c](d);if(!("getAttribute"in a))return f.prop(a,c,d);var h,i,j=g!==1||!f.isXMLDoc(a);j&&(c=f.attrFix[c]||c,i=f.attrHooks[c],i||(t.test(c)?i=v:u&&(i=u)));if(d!==b){if(d===null){f.removeAttr(a,c);return b}if(i&&"set"in i&&j&&(h=i.set(a,d,c))!==b)return h;a.setAttribute(c,""+d);return d}if(i&&"get"in i&&j&&(h=i.get(a,c))!==null)return h;h=a.getAttribute(c);return h===null?b:h},removeAttr:function(a,b){var c;a.nodeType===1&&(b=f.attrFix[b]||b,f.attr(a,b,""),a.removeAttribute(b),t.test(b)&&(c=f.propFix[b]||b)in a&&(a[c]=!1))},attrHooks:{type:{set:function(a,b){if(q.test(a.nodeName)&&a.parentNode)f.error("type property can't be changed");else if(!f.support.radioValue&&b==="radio"&&f.nodeName(a,"input")){var c=a.value;a.setAttribute("type",b),c&&(a.value=c);return b}}},value:{get:function(a,b){if(u&&f.nodeName(a,"button"))return u.get(a,b);return b in a?a.value:null},set:function(a,b,c){if(u&&f.nodeName(a,"button"))return u.set(a,b,c);a.value=b}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(a,c,d){var e=a.nodeType;if(!a||e===3||e===8||e===2)return b;var g,h,i=e!==1||!f.isXMLDoc(a);i&&(c=f.propFix[c]||c,h=f.propHooks[c]);return d!==b?h&&"set"in h&&(g=h.set(a,d,c))!==b?g:a[c]=d:h&&"get"in h&&(g=h.get(a,c))!==null?g:a[c]},propHooks:{tabIndex:{get:function(a){var c=a.getAttributeNode("tabindex");return c&&c.specified?parseInt(c.value,10):r.test(a.nodeName)||s.test(a.nodeName)&&a.href?0:b}}}}),f.attrHooks.tabIndex=f.propHooks.tabIndex,v={get:function(a,c){var d;return f.prop(a,c)===!0||(d=a.getAttributeNode(c))&&d.nodeValue!==!1?c.toLowerCase():b},set:function(a,b,c){var d;b===!1?f.removeAttr(a,c):(d=f.propFix[c]||c,d in a&&(a[d]=!0),a.setAttribute(c,c.toLowerCase()));return c}},f.support.getSetAttribute||(u=f.valHooks.button={get:function(a,c){var d;d=a.getAttributeNode(c);return d&&d.nodeValue!==""?d.nodeValue:b},set:function(a,b,d){var e=a.getAttributeNode(d);e||(e=c.createAttribute(d),a.setAttributeNode(e));return e.nodeValue=b+""}},f.each(["width","height"],function(a,b){f.attrHooks[b]=f.extend(f.attrHooks[b],{set:function(a,c){if(c===""){a.setAttribute(b,"auto");return c}}})})),f.support.hrefNormalized||f.each(["href","src","width","height"],function(a,c){f.attrHooks[c]=f.extend(f.attrHooks[c],{get:function(a){var d=a.getAttribute(c,2);return d===null?b:d}})}),f.support.style||(f.attrHooks.style={get:function(a){return a.style.cssText.toLowerCase()||b},set:function(a,b){return a.style.cssText=""+b}}),f.support.optSelected||(f.propHooks.selected=f.extend(f.propHooks.selected,{get:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex);return null}})),f.support.checkOn||f.each(["radio","checkbox"],function(){f.valHooks[this]={get:function(a){return a.getAttribute("value")===null?"on":a.value}}}),f.each(["radio","checkbox"],function(){f.valHooks[this]=f.extend(f.valHooks[this],{set:function(a,b){if(f.isArray(b))return a.checked=f.inArray(f(a).val(),b)>=0}})});var w=/\.(.*)$/,x=/^(?:textarea|input|select)$/i,y=/\./g,z=/ /g,A=/[^\w\s.|`]/g,B=function(a){return a.replace(A,"\\$&")};f.event={add:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){if(d===!1)d=C;else if(!d)return;var g,h;d.handler&&(g=d,d=g.handler),d.guid||(d.guid=f.guid++);var i=f._data(a);if(!i)return;var j=i.events,k=i.handle;j||(i.events=j={}),k||(i.handle=k=function(a){return typeof f!="undefined"&&(!a||f.event.triggered!==a.type)?f.event.handle.apply(k.elem,arguments):b}),k.elem=a,c=c.split(" ");var l,m=0,n;while(l=c[m++]){h=g?f.extend({},g):{handler:d,data:e},l.indexOf(".")>-1?(n=l.split("."),l=n.shift(),h.namespace=n.slice(0).sort().join(".")):(n=[],h.namespace=""),h.type=l,h.guid||(h.guid=d.guid);var o=j[l],p=f.event.special[l]||{};if(!o){o=j[l]=[];if(!p.setup||p.setup.call(a,e,n,k)===!1)a.addEventListener?a.addEventListener(l,k,!1):a.attachEvent&&a.attachEvent("on"+l,k)}p.add&&(p.add.call(a,h),h.handler.guid||(h.handler.guid=d.guid)),o.push(h),f.event.global[l]=!0}a=null}},global:{},remove:function(a,c,d,e){if(a.nodeType!==3&&a.nodeType!==8){d===!1&&(d=C);var g,h,i,j,k=0,l,m,n,o,p,q,r,s=f.hasData(a)&&f._data(a),t=s&&s.events;if(!s||!t)return;c&&c.type&&(d=c.handler,c=c.type);if(!c||typeof c=="string"&&c.charAt(0)==="."){c=c||"";for(h in t)f.event.remove(a,h+c);return}c=c.split(" ");while(h=c[k++]){r=h,q=null,l=h.indexOf(".")<0,m=[],l||(m=h.split("."),h=m.shift(),n=new RegExp("(^|\\.)"+f.map(m.slice(0).sort(),B).join("\\.(?:.*\\.)?")+"(\\.|$)")),p=t[h];if(!p)continue;if(!d){for(j=0;j=0&&(h=h.slice(0,-1),j=!0),h.indexOf(".")>=0&&(i=h.split("."),h=i.shift(),i.sort());if(!!e&&!f.event.customEvent[h]||!!f.event.global[h]){c=typeof c=="object"?c[f.expando]?c:new f.Event(h,c):new f.Event(h),c.type=h,c.exclusive=j,c.namespace=i.join("."),c.namespace_re=new RegExp("(^|\\.)"+i.join("\\.(?:.*\\.)?")+"(\\.|$)");if(g||!e)c.preventDefault(),c.stopPropagation();if(!e){f.each(f.cache,function(){var a=f.expando,b=this[a];b&&b.events&&b.events[h]&&f.event.trigger(c,d,b.handle.elem)});return}if(e.nodeType===3||e.nodeType===8)return;c.result=b,c.target=e,d=d!=null?f.makeArray(d):[],d.unshift(c);var k=e,l=h.indexOf(":")<0?"on"+h:"";do{var m=f._data(k,"handle");c.currentTarget=k,m&&m.apply(k,d),l&&f.acceptData(k)&&k[l]&&k[l].apply(k,d)===!1&&(c.result=!1,c.preventDefault()),k=k.parentNode||k.ownerDocument||k===c.target.ownerDocument&&a}while(k&&!c.isPropagationStopped());if(!c.isDefaultPrevented()){var n,o=f.event.special[h]||{};if((!o._default||o._default.call(e.ownerDocument,c)===!1)&&(h!=="click"||!f.nodeName(e,"a"))&&f.acceptData(e)){try{l&&e[h]&&(n=e[l],n&&(e[l]=null),f.event.triggered=h,e[h]())}catch(p){}n&&(e[l]=n),f.event.triggered=b}}return c.result}},handle:function(c){c=f.event.fix(c||a.event);var d=((f._data(this,"events")||{})[c.type]||[]).slice(0),e=!c.exclusive&&!c.namespace,g=Array.prototype.slice.call(arguments,0);g[0]=c,c.currentTarget=this;for(var h=0,i=d.length;h-1?f.map(a.options,function(a){return a.selected}).join("-"):"":f.nodeName(a,"select")&&(c=a.selectedIndex);return c},I=function(c){var d=c.target,e,g;if(!!x.test(d.nodeName)&&!d.readOnly){e=f._data(d,"_change_data"),g=H(d),(c.type!=="focusout"||d.type!=="radio")&&f._data(d,"_change_data",g);if(e===b||g===e)return;if(e!=null||g)c.type="change",c.liveFired=b,f.event.trigger(c,arguments[1],d)}};f.event.special.change={filters:{focusout:I,beforedeactivate:I,click:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(c==="radio"||c==="checkbox"||f.nodeName(b,"select"))&&I.call(this,a)},keydown:function(a){var b=a.target,c=f.nodeName(b,"input")?b.type:"";(a.keyCode===13&&!f.nodeName(b,"textarea")||a.keyCode===32&&(c==="checkbox"||c==="radio")||c==="select-multiple")&&I.call(this,a)},beforeactivate:function(a){var b=a.target;f._data(b,"_change_data",H(b))}},setup:function(a,b){if(this.type==="file")return!1;for(var c in G)f.event.add(this,c+".specialChange",G[c]);return x.test(this.nodeName)},teardown:function(a){f.event.remove(this,".specialChange");return x.test(this.nodeName)}},G=f.event.special.change.filters,G.focus=G.beforeactivate}f.support.focusinBubbles||f.each({focus:"focusin",blur:"focusout"},function(a,b){function e(a){var c=f.event.fix(a);c.type=b,c.originalEvent={},f.event.trigger(c,null,c.target),c.isDefaultPrevented()&&a.preventDefault()}var d=0;f.event.special[b]={setup:function(){d++===0&&c.addEventListener(a,e,!0)},teardown:function(){--d===0&&c.removeEventListener(a,e,!0)}}}),f.each(["bind","one"],function(a,c){f.fn[c]=function(a,d,e){var g;if(typeof a=="object"){for(var h in a)this[c](h,d,a[h],e);return this}if(arguments.length===2||d===!1)e=d,d=b;c==="one"?(g=function(a){f(this).unbind(a,g);return e.apply(this,arguments)},g.guid=e.guid||f.guid++):g=e;if(a==="unload"&&c!=="one")this.one(a,d,e);else for(var i=0,j=this.length;i0?this.bind(b,a,c):this.trigger(b)},f.attrFn&&(f.attrFn[b]=!0)}),function(){function u(a,b,c,d,e,f){for(var g=0,h=d.length;g0){j=i;break}}i=i[a]}d[g]=j}}}function t(a,b,c,d,e,f){for(var g=0,h=d.length;g+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g,d=0,e=Object.prototype.toString,g=!1,h=!0,i=/\\/g,j=/\W/;[0,0].sort(function(){h=!1;return 0});var k=function(b,d,f,g){f=f||[],d=d||c;var h=d;if(d.nodeType!==1&&d.nodeType!==9)return[];if(!b||typeof b!="string")return f;var i,j,n,o,q,r,s,t,u=!0,w=k.isXML(d),x=[],y=b;do{a.exec(""),i=a.exec(y);if(i){y=i[3],x.push(i[1]);if(i[2]){o=i[3];break}}}while(i);if(x.length>1&&m.exec(b))if(x.length===2&&l.relative[x[0]])j=v(x[0]+x[1],d);else{j=l.relative[x[0]]?[d]:k(x.shift(),d);while(x.length)b=x.shift(),l.relative[b]&&(b+=x.shift()),j=v(b,j)}else{!g&&x.length>1&&d.nodeType===9&&!w&&l.match.ID.test(x[0])&&!l.match.ID.test(x[x.length-1])&&(q=k.find(x.shift(),d,w),d=q.expr?k.filter(q.expr,q.set)[0]:q.set[0]);if(d){q=g?{expr:x.pop(),set:p(g)}:k.find(x.pop(),x.length===1&&(x[0]==="~"||x[0]==="+")&&d.parentNode?d.parentNode:d,w),j=q.expr?k.filter(q.expr,q.set):q.set,x.length>0?n=p(j):u=!1;while(x.length)r=x.pop(),s=r,l.relative[r]?s=x.pop():r="",s==null&&(s=d),l.relative[r](n,s,w)}else n=x=[]}n||(n=j),n||k.error(r||b);if(e.call(n)==="[object Array]")if(!u)f.push.apply(f,n);else if(d&&d.nodeType===1)for(t=0;n[t]!=null;t++)n[t]&&(n[t]===!0||n[t].nodeType===1&&k.contains(d,n[t]))&&f.push(j[t]);else for(t=0;n[t]!=null;t++)n[t]&&n[t].nodeType===1&&f.push(j[t]);else p(n,f);o&&(k(o,h,f,g),k.uniqueSort(f));return f};k.uniqueSort=function(a){if(r){g=h,a.sort(r);if(g)for(var b=1;b0},k.find=function(a,b,c){var d;if(!a)return[];for(var e=0,f=l.order.length;e":function(a,b){var c,d=typeof b=="string",e=0,f=a.length;if(d&&!j.test(b)){b=b.toLowerCase();for(;e=0)?c||d.push(h):c&&(b[g]=!1));return!1},ID:function(a){return a[1].replace(i,"")},TAG:function(a,b){return a[1].replace(i,"").toLowerCase()},CHILD:function(a){if(a[1]==="nth"){a[2]||k.error(a[0]),a[2]=a[2].replace(/^\+|\s*/g,"");var b=/(-?)(\d*)(?:n([+\-]?\d*))?/.exec(a[2]==="even"&&"2n"||a[2]==="odd"&&"2n+1"||!/\D/.test(a[2])&&"0n+"+a[2]||a[2]);a[2]=b[1]+(b[2]||1)-0,a[3]=b[3]-0}else a[2]&&k.error(a[0]);a[0]=d++;return a},ATTR:function(a,b,c,d,e,f){var g=a[1]=a[1].replace(i,"");!f&&l.attrMap[g]&&(a[1]=l.attrMap[g]),a[4]=(a[4]||a[5]||"").replace(i,""),a[2]==="~="&&(a[4]=" "+a[4]+" ");return a},PSEUDO:function(b,c,d,e,f){if(b[1]==="not")if((a.exec(b[3])||"").length>1||/^\w/.test(b[3]))b[3]=k(b[3],null,null,c);else{var g=k.filter(b[3],c,d,!0^f);d||e.push.apply(e,g);return!1}else if(l.match.POS.test(b[0])||l.match.CHILD.test(b[0]))return!0;return b},POS:function(a){a.unshift(!0);return a}},filters:{enabled:function(a){return a.disabled===!1&&a.type!=="hidden"},disabled:function(a){return a.disabled===!0},checked:function(a){return a.checked===!0},selected:function(a){a.parentNode&&a.parentNode.selectedIndex;return a.selected===!0},parent:function(a){return!!a.firstChild},empty:function(a){return!a.firstChild},has:function(a,b,c){return!!k(c[3],a).length},header:function(a){return/h\d/i.test(a.nodeName)},text:function(a){var b=a.getAttribute("type"),c=a.type;return a.nodeName.toLowerCase()==="input"&&"text"===c&&(b===c||b===null)},radio:function(a){return a.nodeName.toLowerCase()==="input"&&"radio"===a.type},checkbox:function(a){return a.nodeName.toLowerCase()==="input"&&"checkbox"===a.type},file:function(a){return a.nodeName.toLowerCase()==="input"&&"file"===a.type},password:function(a){return a.nodeName.toLowerCase()==="input"&&"password"===a.type},submit:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"submit"===a.type},image:function(a){return a.nodeName.toLowerCase()==="input"&&"image"===a.type},reset:function(a){var b=a.nodeName.toLowerCase();return(b==="input"||b==="button")&&"reset"===a.type},button:function(a){var b=a.nodeName.toLowerCase();return b==="input"&&"button"===a.type||b==="button"},input:function(a){return/input|select|textarea|button/i.test(a.nodeName)},focus:function(a){return a===a.ownerDocument.activeElement}},setFilters:{first:function(a,b){return b===0},last:function(a,b,c,d){return b===d.length-1},even:function(a,b){return b%2===0},odd:function(a,b){return b%2===1},lt:function(a,b,c){return bc[3]-0},nth:function(a,b,c){return c[3]-0===b},eq:function(a,b,c){return c[3]-0===b}},filter:{PSEUDO:function(a,b,c,d){var e=b[1],f=l.filters[e];if(f)return f(a,c,b,d);if(e==="contains")return(a.textContent||a.innerText||k.getText([a])||"").indexOf(b[3])>=0;if(e==="not"){var g=b[3];for(var h=0,i=g.length;h=0}},ID:function(a,b){return a.nodeType===1&&a.getAttribute("id")===b},TAG:function(a,b){return b==="*"&&a.nodeType===1||a.nodeName.toLowerCase()===b},CLASS:function(a,b){return(" "+(a.className||a.getAttribute("class"))+" ").indexOf(b)>-1},ATTR:function(a,b){var c=b[1],d=l.attrHandle[c]?l.attrHandle[c](a):a[c]!=null?a[c]:a.getAttribute(c),e=d+"",f=b[2],g=b[4];return d==null?f==="!=":f==="="?e===g:f==="*="?e.indexOf(g)>=0:f==="~="?(" "+e+" ").indexOf(g)>=0:g?f==="!="?e!==g:f==="^="?e.indexOf(g)===0:f==="$="?e.substr(e.length-g.length)===g:f==="|="?e===g||e.substr(0,g.length+1)===g+"-":!1:e&&d!==!1},POS:function(a,b,c,d){var e=b[2],f=l.setFilters[e];if(f)return f(a,c,b,d)}}},m=l.match.POS,n=function(a,b){return"\\"+(b-0+1)};for(var o in l.match)l.match[o]=new RegExp(l.match[o].source+/(?![^\[]*\])(?![^\(]*\))/.source),l.leftMatch[o]=new RegExp(/(^(?:.|\r|\n)*?)/.source+l.match[o].source.replace(/\\(\d+)/g,n));var p=function(a,b){a=Array.prototype.slice.call(a,0);if(b){b.push.apply(b,a);return b}return a};try{Array.prototype.slice.call(c.documentElement.childNodes,0)[0].nodeType}catch(q){p=function(a,b){var c=0,d=b||[];if(e.call(a)==="[object Array]")Array.prototype.push.apply(d,a);else if(typeof a.length=="number")for(var f=a.length;c",e.insertBefore(a,e.firstChild),c.getElementById(d)&&(l.find.ID=function(a,c,d){if(typeof c.getElementById!="undefined"&&!d){var e=c.getElementById(a[1]);return e?e.id===a[1]||typeof e.getAttributeNode!="undefined"&&e.getAttributeNode("id").nodeValue===a[1]?[e]:b:[]}},l.filter.ID=function(a,b){var c=typeof a.getAttributeNode!="undefined"&&a.getAttributeNode("id");return a.nodeType===1&&c&&c.nodeValue===b}),e.removeChild(a),e=a=null}(),function(){var a=c.createElement("div");a.appendChild(c.createComment("")),a.getElementsByTagName("*").length>0&&(l.find.TAG=function(a,b){var c=b.getElementsByTagName(a[1]);if(a[1]==="*"){var d=[];for(var e=0;c[e];e++)c[e].nodeType===1&&d.push(c[e]);c=d}return c}),a.innerHTML="",a.firstChild&&typeof a.firstChild.getAttribute!="undefined"&&a.firstChild.getAttribute("href")!=="#"&&(l.attrHandle.href=function(a){return a.getAttribute("href",2)}),a=null}(),c.querySelectorAll&&function(){var a=k,b=c.createElement("div"),d="__sizzle__";b.innerHTML="

";if(!b.querySelectorAll||b.querySelectorAll(".TEST").length!==0){k=function(b,e,f,g){e=e||c;if(!g&&!k.isXML(e)){var h=/^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec(b);if(h&&(e.nodeType===1||e.nodeType===9)){if(h[1])return p(e.getElementsByTagName(b),f);if(h[2]&&l.find.CLASS&&e.getElementsByClassName)return p(e.getElementsByClassName(h[2]),f)}if(e.nodeType===9){if(b==="body"&&e.body)return p([e.body],f);if(h&&h[3]){var i=e.getElementById(h[3]);if(!i||!i.parentNode)return p([],f);if(i.id===h[3])return p([i],f)}try{return p(e.querySelectorAll(b),f)}catch(j){}}else if(e.nodeType===1&&e.nodeName.toLowerCase()!=="object"){var m=e,n=e.getAttribute("id"),o=n||d,q=e.parentNode,r=/^\s*[+~]/.test(b);n?o=o.replace(/'/g,"\\$&"):e.setAttribute("id",o),r&&q&&(e=e.parentNode);try{if(!r||q)return p(e.querySelectorAll("[id='"+o+"'] "+b),f)}catch(s){}finally{n||m.removeAttribute("id")}}}return a(b,e,f,g)};for(var e in a)k[e]=a[e];b=null}}(),function(){var a=c.documentElement,b=a.matchesSelector||a.mozMatchesSelector||a.webkitMatchesSelector||a.msMatchesSelector;if(b){var d=!b.call(c.createElement("div"),"div"),e=!1;try{b.call(c.documentElement,"[test!='']:sizzle")}catch(f){e=!0}k.matchesSelector=function(a,c){c=c.replace(/\=\s*([^'"\]]*)\s*\]/g,"='$1']");if(!k.isXML(a))try{if(e||!l.match.PSEUDO.test(c)&&!/!=/.test(c)){var f=b.call(a,c);if(f||!d||a.document&&a.document.nodeType!==11)return f}}catch(g){}return k(c,null,null,[a]).length>0}}}(),function(){var a=c.createElement("div");a.innerHTML="
";if(!!a.getElementsByClassName&&a.getElementsByClassName("e").length!==0){a.lastChild.className="e";if(a.getElementsByClassName("e").length===1)return;l.order.splice(1,0,"CLASS"),l.find.CLASS=function(a,b,c){if(typeof b.getElementsByClassName!="undefined"&&!c)return b.getElementsByClassName(a[1])},a=null}}(),c.documentElement.contains?k.contains=function(a,b){return a!==b&&(a.contains?a.contains(b):!0)}:c.documentElement.compareDocumentPosition?k.contains=function(a,b){return!!(a.compareDocumentPosition(b)&16)}:k.contains=function(){return!1},k.isXML=function(a){var b=(a?a.ownerDocument||a:0).documentElement;return b?b.nodeName!=="HTML":!1};var v=function(a,b){var c,d=[],e="",f=b.nodeType?[b]:b;while(c=l.match.PSEUDO.exec(a))e+=c[0],a=a.replace(l.match.PSEUDO,"");a=l.relative[a]?a+"*":a;for(var g=0,h=f.length;g0)for(h=g;h0:this.filter(a).length>0)},closest:function(a,b){var c=[],d,e,g=this[0];if(f.isArray(a)){var h,i,j={},k=1;if(g&&a.length){for(d=0,e=a.length;d-1:f(g).is(h))&&c.push({selector:i,elem:g,level:k});g=g.parentNode,k++}}return c}var l=S.test(a)||typeof a!="string"?f(a,b||this.context):0;for(d=0,e=this.length;d-1:f.find.matchesSelector(g,a)){c.push(g);break}g=g.parentNode;if(!g||!g.ownerDocument||g===b||g.nodeType===11)break}}c=c.length>1?f.unique(c):c;return this.pushStack(c,"closest",a)},index:function(a){if(!a)return this[0]&&this[0].parentNode?this.prevAll().length:-1;if(typeof a=="string")return f.inArray(this[0],f(a));return f.inArray(a.jquery?a[0]:a,this)},add:function(a,b){var c=typeof a=="string"?f(a,b):f.makeArray(a&&a.nodeType?[a]:a),d=f.merge(this.get(),c);return this.pushStack(U(c[0])||U(d[0])?d:f.unique(d))},andSelf:function(){return this.add(this.prevObject)}}),f.each({parent:function(a){var b=a.parentNode;return b&&b.nodeType!==11?b:null},parents:function(a){return f.dir(a,"parentNode")},parentsUntil:function(a,b,c){return f.dir(a,"parentNode",c)},next:function(a){return f.nth(a,2,"nextSibling")},prev:function(a){return f.nth(a,2,"previousSibling")},nextAll:function(a){return f.dir(a,"nextSibling")},prevAll:function(a){return f.dir(a,"previousSibling")},nextUntil:function(a,b,c){return f.dir(a,"nextSibling",c)},prevUntil:function(a,b,c){return f.dir(a,"previousSibling",c)},siblings:function(a){return f.sibling(a.parentNode.firstChild,a)},children:function(a){return f.sibling(a.firstChild)},contents:function(a){return f.nodeName(a,"iframe")?a.contentDocument||a.contentWindow.document:f.makeArray(a.childNodes)}},function(a,b){f.fn[a]=function(c,d){var e=f.map(this,b,c),g=R.call(arguments);N.test(a)||(d=c),d&&typeof d=="string"&&(e=f.filter(d,e)),e=this.length>1&&!T[a]?f.unique(e):e,(this.length>1||P.test(d))&&O.test(a)&&(e=e.reverse());return this.pushStack(e,a,g.join(","))}}),f.extend({filter:function(a,b,c){c&&(a=":not("+a+")");return b.length===1?f.find.matchesSelector(b[0],a)?[b[0]]:[]:f.find.matches(a,b)},dir:function(a,c,d){var e=[],g=a[c];while(g&&g.nodeType!==9&&(d===b||g.nodeType!==1||!f(g).is(d)))g.nodeType===1&&e.push(g),g=g[c];return e},nth:function(a,b,c,d){b=b||1;var e=0;for(;a;a=a[c])if(a.nodeType===1&&++e===b)break;return a},sibling:function(a,b){var c=[];for(;a;a=a.nextSibling)a.nodeType===1&&a!==b&&c.push(a);return c}});var W=/ jQuery\d+="(?:\d+|null)"/g,X=/^\s+/,Y=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig,Z=/<([\w:]+)/,$=/",""],legend:[1,"
","
"],thead:[1,"","
"],tr:[2,"","
"],td:[3,"","
"],col:[2,"","
"],area:[1,"",""],_default:[0,"",""]};be.optgroup=be.option,be.tbody=be.tfoot=be.colgroup=be.caption=be.thead,be.th=be.td,f.support.htmlSerialize||(be._default=[1,"div
","
"]),f.fn.extend({text:function(a){if(f.isFunction(a))return this.each(function(b){var c=f(this);c.text(a.call(this,b,c.text()))});if(typeof a!="object"&&a!==b)return this.empty().append((this[0]&&this[0].ownerDocument||c).createTextNode(a));return f.text(this)},wrapAll:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapAll(a.call(this,b))});if(this[0]){var b=f(a,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&b.insertBefore(this[0]),b.map(function(){var a=this;while(a.firstChild&&a.firstChild.nodeType===1)a=a.firstChild;return a}).append(this)}return this},wrapInner:function(a){if(f.isFunction(a))return this.each(function(b){f(this).wrapInner(a.call(this,b))});return this.each(function(){var b=f(this),c=b.contents();c.length?c.wrapAll(a):b.append(a)})},wrap:function(a){return this.each(function(){f(this).wrapAll(a)})},unwrap:function(){return this.parent().each(function(){f.nodeName(this,"body")||f(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.appendChild(a)})},prepend:function(){return this.domManip(arguments,!0,function(a){this.nodeType===1&&this.insertBefore(a,this.firstChild)})},before:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this)});if(arguments.length){var a=f(arguments[0]);a.push.apply(a,this.toArray());return this.pushStack(a,"before",arguments)}},after:function(){if(this[0]&&this[0].parentNode)return this.domManip(arguments,!1,function(a){this.parentNode.insertBefore(a,this.nextSibling)});if(arguments.length){var a=this.pushStack(this,"after",arguments);a.push.apply(a,f(arguments[0]).toArray());return a}},remove:function(a,b){for(var c=0,d;(d=this[c])!=null;c++)if(!a||f.filter(a,[d]).length)!b&&d.nodeType===1&&(f.cleanData(d.getElementsByTagName("*")),f.cleanData([d])),d.parentNode&&d.parentNode.removeChild(d);return this},empty:function(){for(var a=0,b;(b=this[a])!=null;a++){b.nodeType===1&&f.cleanData(b.getElementsByTagName("*"));while(b.firstChild)b.removeChild(b.firstChild)}return this},clone:function(a,b){a=a==null?!1:a,b=b==null?a:b;return this.map(function(){return f.clone(this,a,b)})},html:function(a){if(a===b)return this[0]&&this[0].nodeType===1?this[0].innerHTML.replace(W,""):null;if(typeof a=="string"&&!ba.test(a)&&(f.support.leadingWhitespace||!X.test(a))&&!be[(Z.exec(a)||["",""])[1].toLowerCase()]){a=a.replace(Y,"<$1>");try{for(var c=0,d=this.length;c1&&l0?this.clone(!0):this).get();f(e[h])[b](j),d=d.concat(j)}return this.pushStack(d,a,e.selector)}}),f.extend({clone:function(a,b,c){var d=a.cloneNode(!0),e,g,h;if((!f.support.noCloneEvent||!f.support.noCloneChecked)&&(a.nodeType===1||a.nodeType===11)&&!f.isXMLDoc(a)){bh(a,d),e=bi(a),g=bi(d);for(h=0;e[h];++h)g[h]&&bh(e[h],g[h])}if(b){bg(a,d);if(c){e=bi(a),g=bi(d);for(h=0;e[h];++h)bg(e[h],g[h])}}e=g=null;return d},clean:function(a,b,d,e){var g;b=b||c,typeof b.createElement=="undefined"&&(b=b.ownerDocument||b[0]&&b[0].ownerDocument||c);var h=[],i;for(var j=0,k;(k=a[j])!=null;j++){typeof k=="number"&&(k+="");if(!k)continue;if(typeof k=="string")if(!_.test(k))k=b.createTextNode(k);else{k=k.replace(Y,"<$1>");var l=(Z.exec(k)||["",""])[1].toLowerCase(),m=be[l]||be._default,n=m[0],o=b.createElement("div");o.innerHTML=m[1]+k+m[2];while(n--)o=o.lastChild;if(!f.support.tbody){var p=$.test(k),q=l==="table"&&!p?o.firstChild&&o.firstChild.childNodes:m[1]===""&&!p?o.childNodes:[];for(i=q.length-1;i>=0;--i)f.nodeName(q[i],"tbody")&&!q[i].childNodes.length&&q[i].parentNode.removeChild(q[i])}!f.support.leadingWhitespace&&X.test(k)&&o.insertBefore(b.createTextNode(X.exec(k)[0]),o.firstChild),k=o.childNodes}var r;if(!f.support.appendChecked)if(k[0]&&typeof (r=k.length)=="number")for(i=0;i=0)return b+"px"}}}),f.support.opacity||(f.cssHooks.opacity={get:function(a,b){return bn.test((b&&a.currentStyle?a.currentStyle.filter:a.style.filter)||"")?parseFloat(RegExp.$1)/100+"":b?"1":""},set:function(a,b){var c=a.style,d=a.currentStyle,e=f.isNaN(b)?"":"alpha(opacity="+b*100+")",g=d&&d.filter||c.filter||"";c.zoom=1;if(b>=1&&f.trim(g.replace(bm,""))===""){c.removeAttribute("filter");if(d&&!d.filter)return}c.filter=bm.test(g)?g.replace(bm,e):g+" "+e}}),f(function(){f.support.reliableMarginRight||(f.cssHooks.marginRight={get:function(a,b){var c;f.swap(a,{display:"inline-block"},function(){b?c=bv(a,"margin-right","marginRight"):c=a.style.marginRight});return c}})}),c.defaultView&&c.defaultView.getComputedStyle&&(bw=function(a,c){var d,e,g;c=c.replace(bo,"-$1").toLowerCase();if(!(e=a.ownerDocument.defaultView))return b;if(g=e.getComputedStyle(a,null))d=g.getPropertyValue(c),d===""&&!f.contains(a.ownerDocument.documentElement,a)&&(d=f.style(a,c));return d}),c.documentElement.currentStyle&&(bx=function(a,b){var c,d=a.currentStyle&&a.currentStyle[b],e=a.runtimeStyle&&a.runtimeStyle[b],f=a.style;!bp.test(d)&&bq.test(d)&&(c=f.left,e&&(a.runtimeStyle.left=a.currentStyle.left),f.left=b==="fontSize"?"1em":d||0,d=f.pixelLeft+"px",f.left=c,e&&(a.runtimeStyle.left=e));return d===""?"auto":d}),bv=bw||bx,f.expr&&f.expr.filters&&(f.expr.filters.hidden=function(a){var b=a.offsetWidth,c=a.offsetHeight;return b===0&&c===0||!f.support.reliableHiddenOffsets&&(a.style.display||f.css(a,"display"))==="none"},f.expr.filters.visible=function(a){return!f.expr.filters.hidden(a)});var bz=/%20/g,bA=/\[\]$/,bB=/\r?\n/g,bC=/#.*$/,bD=/^(.*?):[ \t]*([^\r\n]*)\r?$/mg,bE=/^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i,bF=/^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/,bG=/^(?:GET|HEAD)$/,bH=/^\/\//,bI=/\?/,bJ=/)<[^<]*)*<\/script>/gi,bK=/^(?:select|textarea)/i,bL=/\s+/,bM=/([?&])_=[^&]*/,bN=/^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/,bO=f.fn.load,bP={},bQ={},bR,bS,bT=["*/"]+["*"];try{bR=e.href}catch(bU){bR=c.createElement("a"),bR.href="",bR=bR.href}bS=bN.exec(bR.toLowerCase())||[],f.fn.extend({load:function(a,c,d){if(typeof a!="string"&&bO)return bO.apply(this,arguments);if(!this.length)return this;var e=a.indexOf(" ");if(e>=0){var g=a.slice(e,a.length);a=a.slice(0,e)}var h="GET";c&&(f.isFunction(c)?(d=c,c=b):typeof c=="object"&&(c=f.param(c,f.ajaxSettings.traditional),h="POST"));var i=this;f.ajax({url:a,type:h,dataType:"html",data:c,complete:function(a,b,c){c=a.responseText,a.isResolved()&&(a.done(function(a){c=a}),i.html(g?f("
").append(c.replace(bJ,"")).find(g):c)),d&&i.each(d,[c,b,a])}});return this},serialize:function(){return f.param(this.serializeArray())},serializeArray:function(){return this.map(function(){return this.elements?f.makeArray(this.elements):this}).filter(function(){return this.name&&!this.disabled&&(this.checked||bK.test(this.nodeName)||bE.test(this.type))}).map(function(a,b){var c=f(this).val();return c==null?null:f.isArray(c)?f.map(c,function(a,c){return{name:b.name,value:a.replace(bB,"\r\n")}}):{name:b.name,value:c.replace(bB,"\r\n")}}).get()}}),f.each("ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split(" "),function(a,b){f.fn[b]=function(a){return this.bind(b,a)}}),f.each(["get","post"],function(a,c){f[c]=function(a,d,e,g){f.isFunction(d)&&(g=g||e,e=d,d=b);return f.ajax({type:c,url:a,data:d,success:e,dataType:g})}}),f.extend({getScript:function(a,c){return f.get(a,b,c,"script")},getJSON:function(a,b,c){return f.get(a,b,c,"json")},ajaxSetup:function(a,b){b?bX(a,f.ajaxSettings):(b=a,a=f.ajaxSettings),bX(a,b);return a},ajaxSettings:{url:bR,isLocal:bF.test(bS[1]),global:!0,type:"GET",contentType:"application/x-www-form-urlencoded",processData:!0,async:!0,accepts:{xml:"application/xml, text/xml",html:"text/html",text:"text/plain",json:"application/json, text/javascript","*":bT},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":a.String,"text html":!0,"text json":f.parseJSON,"text xml":f.parseXML},flatOptions:{context:!0,url:!0}},ajaxPrefilter:bV(bP),ajaxTransport:bV(bQ),ajax:function(a,c){function w(a,c,l,m){if(s!==2){s=2,q&&clearTimeout(q),p=b,n=m||"",v.readyState=a>0?4:0;var o,r,u,w=c,x=l?bZ(d,v,l):b,y,z;if(a>=200&&a<300||a===304){if(d.ifModified){if(y=v.getResponseHeader("Last-Modified"))f.lastModified[k]=y;if(z=v.getResponseHeader("Etag"))f.etag[k]=z}if(a===304)w="notmodified",o=!0;else try{r=b$(d,x),w="success",o=!0}catch(A){w="parsererror",u=A}}else{u=w;if(!w||a)w="error",a<0&&(a=0)}v.status=a,v.statusText=""+(c||w),o?h.resolveWith(e,[r,w,v]):h.rejectWith(e,[v,w,u]),v.statusCode(j),j=b,t&&g.trigger("ajax"+(o?"Success":"Error"),[v,d,o?r:u]),i.resolveWith(e,[v,w]),t&&(g.trigger("ajaxComplete",[v,d]),--f.active||f.event.trigger("ajaxStop"))}}typeof a=="object"&&(c=a,a=b),c=c||{};var d=f.ajaxSetup({},c),e=d.context||d,g=e!==d&&(e.nodeType||e instanceof f)?f(e):f.event,h=f.Deferred(),i=f._Deferred(),j=d.statusCode||{},k,l={},m={},n,o,p,q,r,s=0,t,u,v={readyState:0,setRequestHeader:function(a,b){if(!s){var c=a.toLowerCase();a=m[c]=m[c]||a,l[a]=b}return this},getAllResponseHeaders:function(){return s===2?n:null},getResponseHeader:function(a){var c;if(s===2){if(!o){o={};while(c=bD.exec(n))o[c[1].toLowerCase()]=c[2]}c=o[a.toLowerCase()]}return c===b?null:c},overrideMimeType:function(a){s||(d.mimeType=a);return this},abort:function(a){a=a||"abort",p&&p.abort(a),w(0,a);return this}};h.promise(v),v.success=v.done,v.error=v.fail,v.complete=i.done,v.statusCode=function(a){if(a){var b;if(s<2)for(b in a)j[b]=[j[b],a[b]];else b=a[v.status],v.then(b,b)}return this},d.url=((a||d.url)+"").replace(bC,"").replace(bH,bS[1]+"//"),d.dataTypes=f.trim(d.dataType||"*").toLowerCase().split(bL),d.crossDomain==null&&(r=bN.exec(d.url.toLowerCase()),d.crossDomain=!(!r||r[1]==bS[1]&&r[2]==bS[2]&&(r[3]||(r[1]==="http:"?80:443))==(bS[3]||(bS[1]==="http:"?80:443)))),d.data&&d.processData&&typeof d.data!="string"&&(d.data=f.param(d.data,d.traditional)),bW(bP,d,c,v);if(s===2)return!1;t=d.global,d.type=d.type.toUpperCase(),d.hasContent=!bG.test(d.type),t&&f.active++===0&&f.event.trigger("ajaxStart");if(!d.hasContent){d.data&&(d.url+=(bI.test(d.url)?"&":"?")+d.data,delete d.data),k=d.url;if(d.cache===!1){var x=f.now(),y=d.url.replace(bM,"$1_="+x);d.url=y+(y===d.url?(bI.test(d.url)?"&":"?")+"_="+x:"")}}(d.data&&d.hasContent&&d.contentType!==!1||c.contentType)&&v.setRequestHeader("Content-Type",d.contentType),d.ifModified&&(k=k||d.url,f.lastModified[k]&&v.setRequestHeader("If-Modified-Since",f.lastModified[k]),f.etag[k]&&v.setRequestHeader("If-None-Match",f.etag[k])),v.setRequestHeader("Accept",d.dataTypes[0]&&d.accepts[d.dataTypes[0]]?d.accepts[d.dataTypes[0]]+(d.dataTypes[0]!=="*"?", "+bT+"; q=0.01":""):d.accepts["*"]);for(u in d.headers)v.setRequestHeader(u,d.headers[u]);if(d.beforeSend&&(d.beforeSend.call(e,v,d)===!1||s===2)){v.abort();return!1}for(u in{success:1,error:1,complete:1})v[u](d[u]);p=bW(bQ,d,c,v);if(!p)w(-1,"No Transport");else{v.readyState=1,t&&g.trigger("ajaxSend",[v,d]),d.async&&d.timeout>0&&(q=setTimeout(function(){v.abort("timeout")},d.timeout));try{s=1,p.send(l,w)}catch(z){s<2?w(-1,z):f.error(z)}}return v},param:function(a,c){var d=[],e=function(a,b){b=f.isFunction(b)?b():b,d[d.length]=encodeURIComponent(a)+"="+encodeURIComponent(b)};c===b&&(c=f.ajaxSettings.traditional);if(f.isArray(a)||a.jquery&&!f.isPlainObject(a))f.each(a,function(){e(this.name,this.value)});else for(var g in a)bY(g,a[g],c,e);return d.join("&").replace(bz,"+")}}),f.extend({active:0,lastModified:{},etag:{}});var b_=f.now(),ca=/(\=)\?(&|$)|\?\?/i;f.ajaxSetup({jsonp:"callback",jsonpCallback:function(){return f.expando+"_"+b_++}}),f.ajaxPrefilter("json jsonp",function(b,c,d){var e=b.contentType==="application/x-www-form-urlencoded"&&typeof b.data=="string";if(b.dataTypes[0]==="jsonp"||b.jsonp!==!1&&(ca.test(b.url)||e&&ca.test(b.data))){var g,h=b.jsonpCallback=f.isFunction(b.jsonpCallback)?b.jsonpCallback():b.jsonpCallback,i=a[h],j=b.url,k=b.data,l="$1"+h+"$2";b.jsonp!==!1&&(j=j.replace(ca,l),b.url===j&&(e&&(k=k.replace(ca,l)),b.data===k&&(j+=(/\?/.test(j)?"&":"?")+b.jsonp+"="+h))),b.url=j,b.data=k,a[h]=function(a){g=[a]},d.always(function(){a[h]=i,g&&f.isFunction(i)&&a[h](g[0])}),b.converters["script json"]=function(){g||f.error(h+" was not called");return g[0]},b.dataTypes[0]="json";return"script"}}),f.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/javascript|ecmascript/},converters:{"text script":function(a){f.globalEval(a);return a}}}),f.ajaxPrefilter("script",function(a){a.cache===b&&(a.cache=!1),a.crossDomain&&(a.type="GET",a.global=!1)}),f.ajaxTransport("script",function(a){if(a.crossDomain){var d,e=c.head||c.getElementsByTagName("head")[0]||c.documentElement;return{send:function(f,g){d=c.createElement("script"),d.async="async",a.scriptCharset&&(d.charset=a.scriptCharset),d.src=a.url,d.onload=d.onreadystatechange=function(a,c){if(c||!d.readyState||/loaded|complete/.test(d.readyState))d.onload=d.onreadystatechange=null,e&&d.parentNode&&e.removeChild(d),d=b,c||g(200,"success")},e.insertBefore(d,e.firstChild)},abort:function(){d&&d.onload(0,1)}}}});var cb=a.ActiveXObject?function(){for(var a in cd)cd[a](0,1)}:!1,cc=0,cd;f.ajaxSettings.xhr=a.ActiveXObject?function(){return!this.isLocal&&ce()||cf()}:ce,function(a){f.extend(f.support,{ajax:!!a,cors:!!a&&"withCredentials"in a})}(f.ajaxSettings.xhr()),f.support.ajax&&f.ajaxTransport(function(c){if(!c.crossDomain||f.support.cors){var d;return{send:function(e,g){var h=c.xhr(),i,j;c.username?h.open(c.type,c.url,c.async,c.username,c.password):h.open(c.type,c.url,c.async);if(c.xhrFields)for(j in c.xhrFields)h[j]=c.xhrFields[j];c.mimeType&&h.overrideMimeType&&h.overrideMimeType(c.mimeType),!c.crossDomain&&!e["X-Requested-With"]&&(e["X-Requested-With"]="XMLHttpRequest");try{for(j in e)h.setRequestHeader(j,e[j])}catch(k){}h.send(c.hasContent&&c.data||null),d=function(a,e){var j,k,l,m,n;try{if(d&&(e||h.readyState===4)){d=b,i&&(h.onreadystatechange=f.noop,cb&&delete cd[i]);if(e)h.readyState!==4&&h.abort();else{j=h.status,l=h.getAllResponseHeaders(),m={},n=h.responseXML,n&&n.documentElement&&(m.xml=n),m.text=h.responseText;try{k=h.statusText}catch(o){k=""}!j&&c.isLocal&&!c.crossDomain?j=m.text?200:404:j===1223&&(j=204)}}}catch(p){e||g(-1,p)}m&&g(j,k,m,l)},!c.async||h.readyState===4?d():(i=++cc,cb&&(cd||(cd={},f(a).unload(cb)),cd[i]=d),h.onreadystatechange=d)},abort:function(){d&&d(0,1)}}}});var cg={},ch,ci,cj=/^(?:toggle|show|hide)$/,ck=/^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i,cl,cm=[["height","marginTop","marginBottom","paddingTop","paddingBottom"],["width","marginLeft","marginRight","paddingLeft","paddingRight"],["opacity"]],cn;f.fn.extend({show:function(a,b,c){var d,e;if(a||a===0)return this.animate(cq("show",3),a,b,c);for(var g=0,h=this.length;g=e.duration+this.startTime){this.now=this.end,this.pos=this.state=1,this.update(),e.animatedProperties[this.prop]=!0;for(g in e.animatedProperties)e.animatedProperties[g]!==!0&&(c=!1);if(c){e.overflow!=null&&!f.support.shrinkWrapBlocks&&f.each(["","X","Y"],function(a,b){d.style["overflow"+b]=e.overflow[a]}),e.hide&&f(d).hide();if(e.hide||e.show)for(var i in e.animatedProperties)f.style(d,i,e.orig[i]);e.complete.call(d)}return!1}e.duration==Infinity?this.now=b:(h=b-this.startTime,this.state=h/e.duration,this.pos=f.easing[e.animatedProperties[this.prop]](this.state,h,0,1,e.duration),this.now=this.start+(this.end-this.start)*this.pos),this.update();return!0}},f.extend(f.fx,{tick:function(){for(var a=f.timers,b=0;b
";f.extend(b.style,{position:"absolute",top:0,left:0,margin:0,border:0,width:"1px",height:"1px",visibility:"hidden"}),b.innerHTML=j,a.insertBefore(b,a.firstChild),d=b.firstChild,e=d.firstChild,h=d.nextSibling.firstChild.firstChild,this.doesNotAddBorder=e.offsetTop!==5,this.doesAddBorderForTableAndCells=h.offsetTop===5,e.style.position="fixed",e.style.top="20px",this.supportsFixedPosition=e.offsetTop===20||e.offsetTop===15,e.style.position=e.style.top="",d.style.overflow="hidden",d.style.position="relative",this.subtractsBorderForOverflowNotVisible=e.offsetTop===-5,this.doesNotIncludeMarginInBodyOffset=a.offsetTop!==i,a.removeChild(b),f.offset.initialize=f.noop},bodyOffset:function(a){var b=a.offsetTop,c=a.offsetLeft;f.offset.initialize(),f.offset.doesNotIncludeMarginInBodyOffset&&(b+=parseFloat(f.css(a,"marginTop"))||0,c+=parseFloat(f.css(a,"marginLeft"))||0);return{top:b,left:c}},setOffset:function(a,b,c){var d=f.css(a,"position");d==="static"&&(a.style.position="relative");var e=f(a),g=e.offset(),h=f.css(a,"top"),i=f.css(a,"left"),j=(d==="absolute"||d==="fixed")&&f.inArray("auto",[h,i])>-1,k={},l={},m,n;j?(l=e.position(),m=l.top,n=l.left):(m=parseFloat(h)||0,n=parseFloat(i)||0),f.isFunction(b)&&(b=b.call(a,c,g)),b.top!=null&&(k.top=b.top-g.top+m),b.left!=null&&(k.left=b.left-g.left+n),"using"in b?b.using.call(a,k):e.css(k)}},f.fn.extend({position:function(){if(!this[0])return null;var a=this[0],b=this.offsetParent(),c=this.offset(),d=ct.test(b[0].nodeName)?{top:0,left:0}:b.offset();c.top-=parseFloat(f.css(a,"marginTop"))||0,c.left-=parseFloat(f.css(a,"marginLeft"))||0,d.top+=parseFloat(f.css(b[0],"borderTopWidth"))||0,d.left+=parseFloat(f.css(b[0],"borderLeftWidth"))||0;return{top:c.top-d.top,left:c.left-d.left}},offsetParent:function(){return this.map(function(){var a=this.offsetParent||c.body;while(a&&!ct.test(a.nodeName)&&f.css(a,"position")==="static")a=a.offsetParent;return a})}}),f.each(["Left","Top"],function(a,c){var d="scroll"+c;f.fn[d]=function(c){var e,g;if(c===b){e=this[0];if(!e)return null;g=cu(e);return g?"pageXOffset"in g?g[a?"pageYOffset":"pageXOffset"]:f.support.boxModel&&g.document.documentElement[d]||g.document.body[d]:e[d]}return this.each(function(){g=cu(this),g?g.scrollTo(a?f(g).scrollLeft():c,a?c:f(g).scrollTop()):this[d]=c})}}),f.each(["Height","Width"],function(a,c){var d=c.toLowerCase();f.fn["inner"+c]=function(){var a=this[0];return a&&a.style?parseFloat(f.css(a,d,"padding")):null},f.fn["outer"+c]=function(a){var b=this[0];return b&&b.style?parseFloat(f.css(b,d,a?"margin":"border")):null},f.fn[d]=function(a){var e=this[0];if(!e)return a==null?null:this;if(f.isFunction(a))return this.each(function(b){var c=f(this);c[d](a.call(this,b,c[d]()))});if(f.isWindow(e)){var g=e.document.documentElement["client"+c],h=e.document.body;return e.document.compatMode==="CSS1Compat"&&g||h&&h["client"+c]||g}if(e.nodeType===9)return Math.max(e.documentElement["client"+c],e.body["scroll"+c],e.documentElement["scroll"+c],e.body["offset"+c],e.documentElement["offset"+c]);if(a===b){var i=f.css(e,d),j=parseFloat(i);return f.isNaN(j)?i:j}return this.css(d,typeof a=="string"?a:a+"px")}}),a.jQuery=a.$=f})(window); \ No newline at end of file diff --git a/src/main/webapp/login.jsp b/src/main/webapp/login.jsp new file mode 100644 index 00000000..3b208460 --- /dev/null +++ b/src/main/webapp/login.jsp @@ -0,0 +1,31 @@ + + <%@ include file="header.jsp" %> + + <% + String username=""; + String password=""; + Cookie[] cookies = request.getCookies(); + if (cookies != null) + for (Cookie c : cookies) { + if ("username".equals(c.getName())) { + username= c.getValue(); + } + else if("password".equals(c.getName())) + { + password= c.getValue(); + } + } + + %> +
+ + + + + + +
UserName:
Password :
Remember me:
<% if(request.getParameter("err")!=null){out.print(request.getParameter("err"));} %>
+
+
+ Forgot Password? + <%@ include file="footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/myprofile.jsp b/src/main/webapp/myprofile.jsp new file mode 100644 index 00000000..d9eb99de --- /dev/null +++ b/src/main/webapp/myprofile.jsp @@ -0,0 +1,65 @@ + <%@ include file="/header.jsp" %> + <%@page import="java.sql.Connection"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.SQLException"%> + +<%@page import="java.sql.ResultSetMetaData"%> +<%@page import="java.sql.ResultSet"%> +<%@ page import="java.util.*,java.io.*"%> +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + +<% +if(session.getAttribute("isLoggedIn")!=null) +{ + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + + String id=request.getParameter("id"); + if(id!=null && !id.equals("")) + { + Statement stmt = con.createStatement(); + ResultSet rs =null; + rs=stmt.executeQuery("select * from users where id="+id); + if(rs != null && rs.next()) + { + out.print("UserName : "+rs.getString("username")+"
"); + out.print("Email : "+rs.getString("email")+"
"); + out.print("About : "+rs.getString("about")+"
"); + + //Getting Card Details: + ResultSet rs1=stmt.executeQuery("select * from cards where id="+id); + if(rs1 != null && rs1.next()) + { + out.print("
-------------------
Card Details:
-------------------
"); + out.print("Card Number: "+rs1.getString("cardno")+"
"); + out.print("CVV: "+rs1.getString("cvv")+"
"); + out.print("Expiry Date: "+rs1.getString("expirydate")+"
"); + } + else + { + out.print("
No Card Details Found: Add Card
"); + } + } + } + else + { + out.print("ID Parameter is Missing"); + } + + out.print("

"); + out.print("
Return to Forum >>"); + +} +else +{ + out.print("Please login to see Your Profile"); +} + + %> + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/robots.txt b/src/main/webapp/robots.txt new file mode 100644 index 00000000..e10ab731 --- /dev/null +++ b/src/main/webapp/robots.txt @@ -0,0 +1,9 @@ +User-agent: * +Disallow: /admin/admin.jsp +Disallow: /admin/manageusers.jsp +Disallow: /admin/AddPage.jsp +Disallow: /admin/AddPage.do +Disallow: /admin/Configure.jsp +Disallow: /header.jsp +Disallow: /myprofile.jsp +Disallow: /footer.jsp \ No newline at end of file diff --git a/src/main/webapp/style.css b/src/main/webapp/style.css new file mode 100644 index 00000000..0df7b839 --- /dev/null +++ b/src/main/webapp/style.css @@ -0,0 +1,224 @@ +* { + margin: 0px; + padding: 0px; +} +body { + padding-top: 0px; + background:url("images/bg.png") #000; + color: #FFF; + font-family: verdana, arial, sans-serif; + + text-align: left; + letter-spacing: 1px; +} +a {color: #A92332;font-size: 14px;text-decoration:none;} +a:hover {color: #01a9c0;} +.more{float: right; font-size: 11px; color: #add8f9; font-weight: bold; text-decoration: none;} +.clear{clear:both;} +p{ margin: 20px 0px 20px 0px;line-height: 16px;font-size: 14px;} +#container { + margin-left: auto ; + margin-right: auto ; + width:873px; +} +.success +{ + color:green; +} +.fail +{ + color:red; +} +#Main-Container{ + width:750px; + border-radius: 15px; + -webkit-border-radius: 15px; + -moz-border-radius: 15px; + box-shadow: 3px 3px 4px #000; + -webkit-box-shadow: 2px 2px 3px #000; + -moz-box-shadow: 2px 2px 3px #000; + + border: solid 4px #FFF; + margin-left: auto ; + margin-right: auto ; +} +#logo { +width:500px; + + text-align:center; + margin-left: auto ; + margin-right: auto ; +} + +#Main{ + width:650px; + height: 500px; + margin-left: auto ; + margin-right: auto ; +} +#Main h2{ + color: #d4e5f2; + font-family: Arial; + font-size: 18px; + padding: 0 0 10px 5px; +} + +#left { + float:left; + width:435px; + margin: 0px 0px 0px 85px; + display:inline; +} +#right { + float:right; + width:258px; + height:auto; + margin: 0px 62px 20px 0px; + display:inline; +} +#right a img{ + margin: 8px 8px 8px 0px; + border: none 0px #FFFFFF; +} +#menu-bar { +width:680px; + margin: 0px 0px 0px 0px; + padding: 6px 6px 0px 6px; + height: 34px; + line-height: 100%; + border-radius: 15px 15px 0px 0px; + -webkit-border-radius: 24px; + -moz-border-radius: 24px; + box-shadow: 2px 2px 3px #666666; + -webkit-box-shadow: 2px 2px 3px #666666; + -moz-box-shadow: 2px 2px 3px #666666; + background: #000000; + border: solid 4px #FFF; + border-bottom:none; +} +#menu-bar li { + margin: 0 2px; + padding: 0 0 2px; + float: left; + position: relative; + list-style: none; +} +#menu-bar a { + font-weight: bold; + font-family: arial; + font-style: normal; + font-size: 12px; + color: #E7E5E5; + text-decoration: none; + display: block; + padding: 8px 15px; + margin: 0; + border-radius: 10px; + -webkit-border-radius: 10px; + -moz-border-radius: 10px; + text-shadow: 2px 2px 3px #000000; +} +#menu-bar .current a, #menu-bar li:hover > a { + background: #027BAB; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#10D5EB, endColorstr=#0883FF); + background: -webkit-gradient(linear, left top, left bottom, from(#10D5EB), to(#0883FF)); + background: -moz-linear-gradient(top, #10D5EB, #0883FF); + color: #000000; + -webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, .2); + -moz-box-shadow: 0 1px 1px rgba(0, 0, 0, .2); + box-shadow: 0 1px 1px rgba(0, 0, 0, .2); + text-shadow: 2px 2px 3px #FFFFFF; +} +#menu-bar ul li:hover a, #menu-bar li:hover li a { + background: none; + border: none; + color: #666; + -box-shadow: none; + -webkit-box-shadow: none; + -moz-box-shadow: none; +} +#menu-bar ul a:hover { + background: #0399D4 !important; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#10D5EB, endColorstr=#0883FF); + background: -webkit-gradient(linear, left top, left bottom, from(#10D5EB), to(#0883FF)) !important; + background: -moz-linear-gradient(top, #10D5EB, #0883FF) !important; + color: #000000 !important; + border-radius: 0; + -webkit-border-radius: 0; + -moz-border-radius: 0; + text-shadow: 2px 2px 3px #FFFFFF; +} +#menu-bar ul { + background: #DDDDDD; + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr=#FFFFFF, endColorstr=#CFCFCF); + background: -webkit-gradient(linear, left top, left bottom, from(#FFFFFF), to(#CFCFCF)); + background: -moz-linear-gradient(top, #FFFFFF, #CFCFCF); + display: none; + margin: 0; + padding: 0; + width: 250px; + position: absolute; + top: 30px; + left: 0; + border: solid 1px #B4B4B4; + border-radius: 10px; + -webkit-border-radius: 10px; + -moz-border-radius: 10px; + -webkit-box-shadow: 2px 2px 3px #222222; + -moz-box-shadow: 2px 2px 3px #222222; + box-shadow: 2px 2px 3px #222222; +} +#menu-bar li:hover > ul { + display: block; +} +#menu-bar ul li { + float: none; + margin: 0; + padding: 0; +} +#menu-bar ul a { + padding:5px 0 5px 8px; + color:#424242 !important; + font-size:12px; + font-style:normal; + font-family:arial; + font-weight: normal; + text-shadow: 2px 2px 3px #FFFFFF; +} +#menu-bar ul li:first-child > a { + border-top-left-radius: 10px; + -webkit-border-top-left-radius: 10px; + -moz-border-radius-topleft: 10px; + border-top-right-radius: 10px; + -webkit-border-top-right-radius: 10px; + -moz-border-radius-topright: 10px; +} +#menu-bar ul li:last-child > a { + border-bottom-left-radius: 10px; + -webkit-border-bottom-left-radius: 10px; + -moz-border-radius-bottomleft: 10px; + border-bottom-right-radius: 10px; + -webkit-border-bottom-right-radius: 10px; + -moz-border-radius-bottomright: 10px; +} +#menu-bar:after { + content: "."; + display: block; + clear: both; + visibility: hidden; + line-height: 0; + height: 0; +} +#menu-bar { + display: inline-block; +} + html[xmlns] #menu-bar { + display: block; +} +* html #menu-bar { + height: 1%; +} +#menu-bar ul li ul { + left: 100%; top:0; + background:#FFf; +} diff --git a/src/main/webapp/vulnerability/DisplayMessage.jsp b/src/main/webapp/vulnerability/DisplayMessage.jsp new file mode 100644 index 00000000..dfad1d01 --- /dev/null +++ b/src/main/webapp/vulnerability/DisplayMessage.jsp @@ -0,0 +1,46 @@ + <%@page import="java.sql.ResultSet"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.Connection"%> +<%@ include file="/header.jsp" %> + <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + <% + if(session.getAttribute("isLoggedIn")!=null) + { + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + if(con!=null && !con.isClosed()) + { + if(request.getParameter("msgid")!=null) + { + Statement stmt = con.createStatement(); + ResultSet rs =null; + rs=stmt.executeQuery("select * from UserMessages where msgid="+request.getParameter("msgid")); + if(rs.next()) + { + out.print("Sender: "+rs.getString("sender")); + out.print("
Subject:"+rs.getString("subject")); + out.print("
Message:
"+rs.getString("msg")); + } + else + { + out.print("No Message Found"); + } + } + else + { + out.print("Message Id Parameter is missing"); + + } + out.print("

Return to Messages >>"); + + out.print("

Return to Profile Page >>"); + + } + + } + else + { + out.print("* Please login to send message"); + } + %> + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/Injection/1.xsl b/src/main/webapp/vulnerability/Injection/1.xsl new file mode 100644 index 00000000..3980b5b0 --- /dev/null +++ b/src/main/webapp/vulnerability/Injection/1.xsl @@ -0,0 +1,41 @@ + + + + + + + + + +

List of Courses:

+ + + + + + + + + + + + +
Course NameURL
+ + + + Sign Up + +
+ + + + diff --git a/src/main/webapp/vulnerability/Injection/2.xsl b/src/main/webapp/vulnerability/Injection/2.xsl new file mode 100644 index 00000000..142cbdad --- /dev/null +++ b/src/main/webapp/vulnerability/Injection/2.xsl @@ -0,0 +1,35 @@ + + + + + + + + + +

List of Courses:

+ +
    + +
  • + + + + + + +
    • + +     +
+ + + diff --git a/src/main/webapp/vulnerability/Injection/Users.hbm.xml b/src/main/webapp/vulnerability/Injection/Users.hbm.xml new file mode 100644 index 00000000..34bc5929 --- /dev/null +++ b/src/main/webapp/vulnerability/Injection/Users.hbm.xml @@ -0,0 +1,23 @@ + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/main/webapp/vulnerability/Injection/courses.xml b/src/main/webapp/vulnerability/Injection/courses.xml new file mode 100644 index 00000000..1b76ecff --- /dev/null +++ b/src/main/webapp/vulnerability/Injection/courses.xml @@ -0,0 +1,19 @@ + + + + Hacking and Securing Java based Web Applications + https://www.udemy.com/hacking-securing-java-web-programming/ + + + Hacking and Securing PHP Applications + https://www.udemy.com/hacking-securing-php/ + + + Certified White Hat Hacker + https://www.udemy.com/certified-whitehat-hacker-level-1/ + + + Certified APT Defender + https://www.udemy.com/certified-apt-defender/ + + \ No newline at end of file diff --git a/src/main/webapp/vulnerability/Injection/orm.jsp b/src/main/webapp/vulnerability/Injection/orm.jsp new file mode 100644 index 00000000..fc3303e2 --- /dev/null +++ b/src/main/webapp/vulnerability/Injection/orm.jsp @@ -0,0 +1,60 @@ + +<%@page import="org.hibernate.cfg.Configuration"%> +<%@page import="org.hibernate.SessionFactory"%> +<%@page import="java.util.List"%> +<%@page import="org.cysecurity.cspf.jvl.model.orm.Users"%> +<%@page import="org.hibernate.Query"%> +<%@page import="org.hibernate.Session"%> +<%@ include file="/header.jsp" %> +<%! +private static String queryUsers(Session session,String id) { + Query query = session.createQuery("from Users where id="+id); + List list = query.list(); + java.util.Iterator iter = list.iterator(); + String results="Details:
---------------
"; + if (iter.hasNext()) { + Users users = iter.next(); + results+= "Name: " + users.getUsername() +"
About: " + users.getAbout(); + } + session.getTransaction().commit(); + return results; + + } + +%> +<% + + try{ + + //Reading config from properties file: + String dbuser=properties.getProperty("dbuser"); + String dbpass = properties.getProperty("dbpass"); + String dbfullurl = properties.getProperty("dburl")+properties.getProperty("dbname"); + String jdbcdriver = properties.getProperty("jdbcdriver"); + + Configuration configuration = new Configuration(); + configuration.setProperty( "hibernate.connection.driver_class",jdbcdriver); + configuration.setProperty( "hibernate.connection.url",dbfullurl); + configuration.setProperty( "hibernate.connection.username", dbuser); + configuration.setProperty( "hibernate.connection.password", dbpass); + configuration.setProperty( "hibernate.dialect","org.hibernate.dialect.MySQLDialect"); + + + configuration.addResource("org/cysecurity/cspf/jvl/model/orm/Users.hbm.xml"); + SessionFactory factory; + factory=configuration.buildSessionFactory(); + Session ormSession = factory.openSession(); + + ormSession.beginTransaction(); + + out.print(queryUsers(ormSession,request.getParameter("id"))); + + } + catch(Exception e) + { + out.print(e); + } + + %> + +<%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/Injection/xpath_login.jsp b/src/main/webapp/vulnerability/Injection/xpath_login.jsp new file mode 100644 index 00000000..452be0f6 --- /dev/null +++ b/src/main/webapp/vulnerability/Injection/xpath_login.jsp @@ -0,0 +1,14 @@ + + <%@ include file="/header.jsp" %> + +
+ + + + + + +
UserName:
Password :
<% if(request.getParameter("err")!=null){out.print(request.getParameter("err"));} %>
+
+
+ <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/Injection/xslt.jsp b/src/main/webapp/vulnerability/Injection/xslt.jsp new file mode 100644 index 00000000..f2582ebe --- /dev/null +++ b/src/main/webapp/vulnerability/Injection/xslt.jsp @@ -0,0 +1,17 @@ + +<%@ include file="/header.jsp" %> +<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> +<%@ taglib prefix="x" uri="http://java.sun.com/jsp/jstl/xml" %> +
+ Select Style: + +

+ + + + + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/Injection/xxe.jsp b/src/main/webapp/vulnerability/Injection/xxe.jsp new file mode 100644 index 00000000..8cd24022 --- /dev/null +++ b/src/main/webapp/vulnerability/Injection/xxe.jsp @@ -0,0 +1,26 @@ + +<%@ include file="/header.jsp" %> + + +
+
+ <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/Messages.jsp b/src/main/webapp/vulnerability/Messages.jsp new file mode 100644 index 00000000..fe2c4b92 --- /dev/null +++ b/src/main/webapp/vulnerability/Messages.jsp @@ -0,0 +1,33 @@ + <%@page import="java.sql.ResultSet"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.Connection"%> +<%@ include file="/header.jsp" %> + <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + <% + if(session.getAttribute("isLoggedIn")!=null) + { + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + if(con!=null && !con.isClosed()) + { + Statement stmt = con.createStatement(); + ResultSet rs =null; + rs=stmt.executeQuery("select * from UserMessages where recipient='"+session.getAttribute("user")+"'"); + out.print("

Message:
"); + out.println("
    "); + while (rs.next()) + { + out.print("
  1. "+rs.getString("subject")+"
    2. "); + + } + out.println("
"); + } + out.print("

Return to Profile Page >>"); + + } + else + { + out.print("* Please login to send message"); + } + %> + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/SendMessage.jsp b/src/main/webapp/vulnerability/SendMessage.jsp new file mode 100644 index 00000000..1ce0f03c --- /dev/null +++ b/src/main/webapp/vulnerability/SendMessage.jsp @@ -0,0 +1,34 @@ + <%@page import="java.sql.ResultSet"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.Connection"%> +<%@ include file="/header.jsp" %> + <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> +<% + if(session.getAttribute("isLoggedIn")!=null) + { + if(request.getParameter("status")!=null) + { + out.print(request.getParameter("status")); //Displaying any error message + } + +%> +

+
+ + + + + + +
Recipient: "/>
Subject :
Message :
"/>
+
+<% + + } + else + { + out.print("* Please login to send message"); + } +%> + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/UserDetails.jsp b/src/main/webapp/vulnerability/UserDetails.jsp new file mode 100644 index 00000000..d7a10439 --- /dev/null +++ b/src/main/webapp/vulnerability/UserDetails.jsp @@ -0,0 +1,34 @@ + <%@page import="java.sql.ResultSet"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.Connection"%> +<%@ include file="/header.jsp" %> + <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + <% + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + String username=request.getParameter("username"); + if(username!=null && !username.equals("")) + { + Statement stmt = con.createStatement(); + ResultSet rs =null; + rs=stmt.executeQuery("select * from users where username='"+username+"'"); + if(rs != null && rs.next()) + { + out.print("
About "+rs.getString("username")+":
"+rs.getString("about")); + + } + + if(session.getAttribute("isLoggedIn")!=null && !session.getAttribute("user").equals(username)) + { + out.print("

"); + out.print("Send Message to "+username+""); + } + } + else + { + out.print("Username Parameter is Missing"); + } + + out.print("

Return to Forum >>"); + %> + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/baasm/SiteTitle.jsp b/src/main/webapp/vulnerability/baasm/SiteTitle.jsp new file mode 100644 index 00000000..298ec8d1 --- /dev/null +++ b/src/main/webapp/vulnerability/baasm/SiteTitle.jsp @@ -0,0 +1,45 @@ + <%@page import="java.io.FileOutputStream"%> +<%@ include file="/header.jsp" %> + <% + + String privilege=""; + + Cookie[] cookies = request.getCookies(); + if (cookies != null) + for (Cookie c : cookies) { + if ("privilege".equals(c.getName())) { + privilege= c.getValue(); + } + } + + if(!privilege.equalsIgnoreCase("") && privilege.equalsIgnoreCase("admin")) +{ + + %> +
+ + + +
Website Title:
+
+ + <% + if(request.getParameter("save")!=null) + { + Properties props=new Properties(); + + props.load(new FileInputStream(configPath)); + props.setProperty("siteTitle",request.getParameter("siteTitle")); + FileOutputStream fileout = new FileOutputStream(configPath); + props.store(fileout, null); + fileout.close(); + out.print(" Configuration saved "); + } + } + else + { + out.print(" x You Are not Authorized to view this Page
"); + out.print(" ✔ only admin can view this page"); + } + %> + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/baasm/URLRewriting.jsp b/src/main/webapp/vulnerability/baasm/URLRewriting.jsp new file mode 100644 index 00000000..bb98b237 --- /dev/null +++ b/src/main/webapp/vulnerability/baasm/URLRewriting.jsp @@ -0,0 +1,9 @@ + <%@ include file="/header.jsp" %> + + <% + out.print("Your Session ID:"+session.getId()); + %> +
+
+ X Never Expose Session IDs in URL. X
+ <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/csrf/change-info.jsp b/src/main/webapp/vulnerability/csrf/change-info.jsp new file mode 100644 index 00000000..9c27092d --- /dev/null +++ b/src/main/webapp/vulnerability/csrf/change-info.jsp @@ -0,0 +1,48 @@ + <%@ include file="/header.jsp" %> + <%@page import="java.sql.Connection"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.SQLException"%> + +<%@page import="java.sql.ResultSetMetaData"%> +<%@page import="java.sql.ResultSet"%> +<%@ page import="java.util.*,java.io.*"%> +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + + +<% +if(session.getAttribute("isLoggedIn")!=null) +{ + %> + Change Details About You:

+
+ Description: +

+ +
+
+ <% + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + + String info=request.getParameter("info"); + String id=session.getAttribute("userid").toString(); + if(info!=null && !info.equals("") && id!=null) + { + Statement stmt = con.createStatement(); + stmt.executeUpdate("Update users set about='"+info+"' where id="+id); + out.print("info Changed"); + } + + out.print("

Return to Profile Page >>"); + +} +else +{ + out.print("Please login to see Your Profile"); +} + + %> + + + + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/csrf/changepassword.jsp b/src/main/webapp/vulnerability/csrf/changepassword.jsp new file mode 100644 index 00000000..ca1646fc --- /dev/null +++ b/src/main/webapp/vulnerability/csrf/changepassword.jsp @@ -0,0 +1,62 @@ + <%@ include file="/header.jsp" %> + <%@page import="java.sql.Connection"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.SQLException"%> + +<%@page import="java.sql.ResultSetMetaData"%> +<%@page import="java.sql.ResultSet"%> +<%@ page import="java.util.*,java.io.*"%> +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + + +<% +if(session.getAttribute("isLoggedIn")!=null) +{ + String id=session.getAttribute("userid").toString(); + %> + Enter the New Password:

+ + + + + + + +
New Password:
Confirm Password:
+
+ <% + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + + String action=request.getParameter("change"); + if(action!=null) + { + String pass=request.getParameter("password"); + String confirmPass=request.getParameter("confirmpassword"); + if(pass!=null && confirmPass!=null && !pass.equals("") ) + { + if(pass.equals(confirmPass) ) + { + Statement stmt = con.createStatement(); + stmt.executeUpdate("Update users set password='"+pass+"' where id="+id); + out.print("Password Changed"); + out.print("

Return to the Previous page "); + } + else + { + out.print("Passwords didn't match"); + } + + } + else + { + out.print("Password can't be empty"); + } + } + } + + %> + + + + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/forum.jsp b/src/main/webapp/vulnerability/forum.jsp new file mode 100644 index 00000000..6c71c007 --- /dev/null +++ b/src/main/webapp/vulnerability/forum.jsp @@ -0,0 +1,82 @@ +<%-- + Document : forum + Created on : 1 Dec, 2014, 3:22:09 PM + Author : breakthesec +--%> + +<%@page import="java.sql.Connection"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.SQLException"%> + +<%@page import="java.sql.ResultSetMetaData"%> +<%@page import="java.sql.ResultSet"%> +<%@ page import="java.util.*,java.io.*"%> +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + + +<%@page contentType="text/html" pageEncoding="UTF-8"%> + + <%@ include file="/header.jsp" %> +<% + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + if(session.getAttribute("isLoggedIn")!=null && session.getAttribute("isLoggedIn").equals("1")) + { + out.print("Hello "+session.getAttribute("user")+", Welcome to Our Forum !"); + } + %> +

+

Create Post:

+
+ Title :
+ Message:
+ " size="50"/>
+ +
+ +
+<% + + if(request.getParameter("post")!=null) + { + String user=request.getParameter("user"); + String content=request.getParameter("content"); + String title=request.getParameter("title"); + if(con!=null && !con.isClosed()) + { + Statement stmt = con.createStatement(); + //Posting Content + stmt.executeUpdate("INSERT into posts(content,title,user) values ('"+content+"','"+title+"','"+user+"')"); + out.print("Successfully posted"); + } + } + + %> +

List of Posts:

+ <% + if(con!=null && !con.isClosed()) + { + Statement stmt = con.createStatement(); + ResultSet rs =null; + rs=stmt.executeQuery("select * from posts"); + out.println(""); + while (rs.next()) + { + out.print(""); + out.print(""); + out.print(""); + + } + out.println("
"+rs.getString("title")+" - Posted By "); + if(!rs.getString("user").equalsIgnoreCase("anonymous")) + { + out.print(""+rs.getString("user")+""); + } + else + { + out.print(rs.getString("user")); + } + out.println("
"); + } + out.print("
Forum Users list >>"); + %> + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/forumUsersList.jsp b/src/main/webapp/vulnerability/forumUsersList.jsp new file mode 100644 index 00000000..595e98d6 --- /dev/null +++ b/src/main/webapp/vulnerability/forumUsersList.jsp @@ -0,0 +1,28 @@ + <%@page import="java.sql.ResultSet"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.Connection"%> +<%@ include file="/header.jsp" %> + <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + <% + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + String username=request.getParameter("username"); + + Statement stmt = con.createStatement(); + ResultSet rs =null; + rs=stmt.executeQuery("select * from users"); + out.print("Users: "); + out.print("
    "); + while( rs.next()) + { + out.print("
  1. "); + out.print(""+rs.getString("username")+""); + out.print("
    2. "); + } + out.print("
    Return to Forum >>"); + %> + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/forumposts.jsp b/src/main/webapp/vulnerability/forumposts.jsp new file mode 100644 index 00000000..e2c7096d --- /dev/null +++ b/src/main/webapp/vulnerability/forumposts.jsp @@ -0,0 +1,30 @@ + <%@page import="java.sql.ResultSet"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.Connection"%> +<%@ include file="/header.jsp" %> + <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + <% + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + + String postid=request.getParameter("postid"); + if(postid!=null) + { + Statement stmt = con.createStatement(); + ResultSet rs =null; + rs=stmt.executeQuery("select * from posts where postid="+postid); + if(rs != null && rs.next()) + { + out.print("Title:"+rs.getString("title")+""); + out.print("
    - Posted By "+rs.getString("user")); + out.print("

    Content:
    "+rs.getString("content")); + } + } + else + { + out.print("ID Parameter is Missing"); + } + + out.print("

    Return to Forum >>"); + %> + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/idor/change-email.jsp b/src/main/webapp/vulnerability/idor/change-email.jsp new file mode 100644 index 00000000..0dd3c345 --- /dev/null +++ b/src/main/webapp/vulnerability/idor/change-email.jsp @@ -0,0 +1,49 @@ + <%@ include file="/header.jsp" %> + <%@page import="java.sql.Connection"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.SQLException"%> + +<%@page import="java.sql.ResultSetMetaData"%> +<%@page import="java.sql.ResultSet"%> +<%@ page import="java.util.*,java.io.*"%> +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + + +<% +if(session.getAttribute("isLoggedIn")!=null) +{ + %> + Enter the New Email:

    +
    + New Email ID: + "/> +

    + +
    +
    + <% + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + + String email=request.getParameter("email"); + String id=request.getParameter("id"); + if(email!=null && !email.equals("") && id!=null) + { + Statement stmt = con.createStatement(); + stmt.executeUpdate("Update users set email='"+email+"' where id="+id); + out.print("email Changed"); + } + + out.print("

    Return to Profile Page >>"); + +} +else +{ + out.print("Please login to see Your Profile"); +} + + %> + + + + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/idor/download.jsp b/src/main/webapp/vulnerability/idor/download.jsp new file mode 100644 index 00000000..19c738bc --- /dev/null +++ b/src/main/webapp/vulnerability/idor/download.jsp @@ -0,0 +1,45 @@ +<%@page import="java.io.DataInputStream"%> +<%@page import="java.io.FileInputStream"%> +<%@page import="java.io.File"%> +<% + if(request.getParameter("file")!=null) + { + String context = request.getContextPath(); + + int BUFSIZE = 4096; + String filePath; + filePath = request.getParameter("file"); + File file = new File(getServletContext().getRealPath(context)); + file = new File(file.getParent()+"/docs/"+filePath); + int length = 0; + ServletOutputStream outStream = response.getOutputStream(); + response.setContentType("text/html"); + response.setContentLength((int)file.length()); + String fileName = (new File(filePath)).getName(); + response.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\""); + + byte[] byteBuffer = new byte[BUFSIZE]; + DataInputStream in = new DataInputStream(new FileInputStream(file)); + + while ((in != null) && ((length = in.read(byteBuffer)) != -1)) + { + outStream.write(byteBuffer,0,length); + } + + in.close(); + outStream.close(); + } + else + { + %> + <%@ include file="/header.jsp" %> +

    Download Files:


    + + + <%@ include file="/footer.jsp" %> + <% + } + %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/mfac/SearchEngines.jsp b/src/main/webapp/vulnerability/mfac/SearchEngines.jsp new file mode 100644 index 00000000..e031179d --- /dev/null +++ b/src/main/webapp/vulnerability/mfac/SearchEngines.jsp @@ -0,0 +1,4 @@ + <%@ include file="/header.jsp" %> + + There is a file that instructs Search Engines which part of the application should be crawled. The file also prevents Search Engines from accessing & Indexing certain parts of the application. Try, If you are able to access it ;) + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/sde/hash.jsp b/src/main/webapp/vulnerability/sde/hash.jsp new file mode 100644 index 00000000..4306cc86 --- /dev/null +++ b/src/main/webapp/vulnerability/sde/hash.jsp @@ -0,0 +1,6 @@ + <%@ include file="/header.jsp" %> + The admin Login credentials for this application has been protected with Hashing. Try, If you are able to crack it. +

    Btw, You need another vulnerability to gain access to the hashed credentials +

    (The admin is a Blood pressure patient, so he doesn't add salt in his food') + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/securitymisconfig/pages.jsp b/src/main/webapp/vulnerability/securitymisconfig/pages.jsp new file mode 100644 index 00000000..0f49b06c --- /dev/null +++ b/src/main/webapp/vulnerability/securitymisconfig/pages.jsp @@ -0,0 +1,39 @@ + <%@page import="java.sql.SQLException"%> +<%@page import="java.sql.ResultSet"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.Connection"%> +<%@ include file="/header.jsp" %> + <%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + <% + try + { + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + + String id=request.getParameter("id"); + + if(id!=null && !id.equals("")) + { + int idNumber=Integer.parseInt(id); + Statement stmt = con.createStatement(); + ResultSet rs =null; + rs=stmt.executeQuery("select * from posts where postid="+idNumber); + if(rs != null && rs.next()) + { + out.print("Title:"+rs.getString("title")+""); + out.print("
    - Posted By "+rs.getString("user")); + out.print("

    Content:
    "+rs.getString("content")); + } + } + else + { + out.print("ID Parameter is Missing"); + } + } + catch(SQLException e) + { + out.print(e.getMessage()); + } + out.print("

    Return to Forum >>"); + %> + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/sqli/download.jsp b/src/main/webapp/vulnerability/sqli/download.jsp new file mode 100644 index 00000000..7d86c4c3 --- /dev/null +++ b/src/main/webapp/vulnerability/sqli/download.jsp @@ -0,0 +1,8 @@ + <%@ include file="/header.jsp" %> +

    Download Files:


    + + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/sqli/download_id.jsp b/src/main/webapp/vulnerability/sqli/download_id.jsp new file mode 100644 index 00000000..f0d5d247 --- /dev/null +++ b/src/main/webapp/vulnerability/sqli/download_id.jsp @@ -0,0 +1,65 @@ +<%@page import="java.io.DataInputStream"%> +<%@page import="java.io.FileInputStream"%> + <%@page import="java.sql.Connection"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.SQLException"%> + +<%@page import="java.sql.ResultSetMetaData"%> +<%@page import="java.sql.ResultSet"%> +<%@ page import="java.util.*,java.io.*"%> +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + + +<%@page import="java.io.File"%> +<% + String path = request.getContextPath(); + try + { + String fileid=request.getParameter("fileid"); + if(fileid!=null && !fileid.equals("")) + { + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + Statement stmt = con.createStatement(); + ResultSet rs =null; + rs=stmt.executeQuery("select * from FilesList where fileid="+fileid); + if(rs != null && rs.next()) + { + + int BUFSIZE = 4096; + String filePath=rs.getString("path"); + + File file = new File(getServletContext().getRealPath(path)); + file = new File(file.getParent()+filePath); + int length = 0; + ServletOutputStream outStream = response.getOutputStream(); + response.setContentType("text/html"); + response.setContentLength((int)file.length()); + String fileName = (new File(filePath)).getName(); + response.setHeader("Content-Disposition", "attachment; filename=\"" +new Random().nextInt(10000)+ "\""); + + byte[] byteBuffer = new byte[BUFSIZE]; + DataInputStream in = new DataInputStream(new FileInputStream(file)); + + while ((in != null) && ((length = in.read(byteBuffer)) != -1)) + { + outStream.write(byteBuffer,0,length); + } + + in.close(); + outStream.close(); + } + else + { + out.print("File Not Found"); + } + } + else + { + out.print("File Parameter is missing"); + } + } + catch(Exception e) + { + out.print("Oops, Something Went wrong"); + } + %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/sqli/download_id_union.jsp b/src/main/webapp/vulnerability/sqli/download_id_union.jsp new file mode 100644 index 00000000..9cbbdc2f --- /dev/null +++ b/src/main/webapp/vulnerability/sqli/download_id_union.jsp @@ -0,0 +1,65 @@ +<%@page import="java.io.DataInputStream"%> +<%@page import="java.io.FileInputStream"%> + <%@page import="java.sql.Connection"%> +<%@page import="java.sql.Statement"%> +<%@page import="java.sql.SQLException"%> + +<%@page import="java.sql.ResultSetMetaData"%> +<%@page import="java.sql.ResultSet"%> +<%@ page import="java.util.*,java.io.*"%> +<%@ page import="org.cysecurity.cspf.jvl.model.DBConnect"%> + + +<%@page import="java.io.File"%> +<% + String path = request.getContextPath(); + try + { + String fileid=request.getParameter("fileid"); + if(fileid!=null && !fileid.equals("")) + { + Connection con=new DBConnect().connect(getServletContext().getRealPath("/WEB-INF/config.properties")); + Statement stmt = con.createStatement(); + ResultSet rs =null; + rs=stmt.executeQuery("select * from FilesList where fileid="+fileid); + if(rs != null && rs.next()) + { + + int BUFSIZE = 4096; + String filePath=rs.getString("path"); + + File file = new File(getServletContext().getRealPath(path)); + file = new File(file.getParent()+filePath); + int length = 0; + ServletOutputStream outStream = response.getOutputStream(); + response.setContentType("text/html"); + response.setContentLength((int)file.length()); + String fileName = (new File(filePath)).getName(); + response.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\""); + + byte[] byteBuffer = new byte[BUFSIZE]; + DataInputStream in = new DataInputStream(new FileInputStream(file)); + + while ((in != null) && ((length = in.read(byteBuffer)) != -1)) + { + outStream.write(byteBuffer,0,length); + } + + in.close(); + outStream.close(); + } + else + { + out.print("File Not Found"); + } + } + else + { + out.print("File Parameter is missing"); + } + } + catch(Exception e) + { + out.print("Oops, Something Went wrong"); + } + %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/sqli/union2.jsp b/src/main/webapp/vulnerability/sqli/union2.jsp new file mode 100644 index 00000000..21f53752 --- /dev/null +++ b/src/main/webapp/vulnerability/sqli/union2.jsp @@ -0,0 +1,9 @@ + <%@ include file="/header.jsp" %> + +

    Exploit this page with Union Exploitation technique:


    + + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/unvalidated/OpenForward.jsp b/src/main/webapp/vulnerability/unvalidated/OpenForward.jsp new file mode 100644 index 00000000..4844bcb1 --- /dev/null +++ b/src/main/webapp/vulnerability/unvalidated/OpenForward.jsp @@ -0,0 +1,7 @@ + <%@ include file="/header.jsp" %> + + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/unvalidated/OpenURL.jsp b/src/main/webapp/vulnerability/unvalidated/OpenURL.jsp new file mode 100644 index 00000000..3d6d0045 --- /dev/null +++ b/src/main/webapp/vulnerability/unvalidated/OpenURL.jsp @@ -0,0 +1,4 @@ + <%@ include file="/header.jsp" %> + Cyber Security & Privacy Foundation has always been committed in providing the public with knowledge on how to defend themselves from malicious elements on the internet. Hence, we have started a new Certification Program that checks the security and quality of websites and security products. +

    Click Here to know more >> + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/xss/flash/exss.jsp b/src/main/webapp/vulnerability/xss/flash/exss.jsp new file mode 100644 index 00000000..d14e476a --- /dev/null +++ b/src/main/webapp/vulnerability/xss/flash/exss.jsp @@ -0,0 +1,10 @@ + <%@ include file="/header.jsp" %> + +
    + + + + + +
    + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/xss/flash/xss1.swf b/src/main/webapp/vulnerability/xss/flash/xss1.swf new file mode 100644 index 0000000000000000000000000000000000000000..8013668bce65695bb451d16f2156ec63e96e0ea4 GIT binary patch literal 59563 zcmV(jK=!{wS5pa`>;M3GoV-|7R~$@~M1#A#`{3>&Sa65IU4uIWcPE1k4#C~sT?cn} zm*7Ey?6;5m2eu#TboWD_zW1K4s@vXB@WxP37{8&QP@$ouu%P}Mk}#j2pW?96|4pNC zp`fhiK!IVP5TQu_7onBG&`>aP*w{HRP@YC@5$sSVd?LXmRiLt8S*COL@27EUDnd9;f1J&Gib+R${_TVq)Sz9Aof7tx-K=l?Dw4=d{+567&157`s zi3CoZ+76xC53kz}uiHi6J`fx~6E|;EHgEFU_VU_$UuHIU-U$9UeX=~Yeh$2E1s;6- z>2(Wys@>fABzb!J4E-1RIsQKQIrx6?dHiwvdGv9%(;oPm{7)s2`Q~5Vr~Ajt%wF%? zi`VDfiTGQq_~%*g=gZ9J>q+3pe~Y8Qx0l+_i6XsQ*+R8ns!-2$qjYAI26z?zd6)9j&fKBY#0 zLb3p|$V!W%B;B3yDIIsWCa9PiA_a#3VDERK!5*>^&ZP)b!yT4Of*S7{YfKqH^_%gq zUzpXp(@|4#X>zW}G~wr>ns;jP2%z~M<0u%#3H6K987^KbiF*Q54Mu^aX<-qs0=m~9 zsTiQO;0Xwe=0Q@!J$ve2==zQdxeY-~bs0*xl+F!R#*cDE$&2^fd2+sL0xUFOGBBPv zJ;}l}xVLC6EVnzA5w}qWmD^2RMCZ{h!Knpu7#b0FCn@z`Vhi*s~e2B=!?$t?T3C-BwBf%1?#!?;)D>=x47NZgRHSDt* zz}qWoSfqkQ&v?vk#Z-oFNXeiA+hS;xFV(zB&-o~PZ#N#d`8E3iBj%ap0MmkqRTo{d zk_3+QAG>8c$l(k2;CGXZV2|sHt@!~rs4k_sTg8g;#iaA1aT~qeFsTpz2F<|_ce>^X z8MY7gd-Mf&O?mw9_?FESx&^KU6tbPAfn=kmQ6JU?(ewdoN{_A5*D!Et$rl-iHg9I& zhE(txUk03_2>XSvMKpzJ{ZJUgmU>#s&_Tml1KvU#;)iZ>*iNGzHRQpa2HN+|csPk5 zN@p3KvOuP**hN*BKjp|#M=SP`Yii!!h|iXKe0dUH@wt&6rPp%lF!<=N47&~Azc{&Iv&Kf#!38@ogPdd;P0ZT1D@ zF?H3!5{DSnyG$%RzbaxAL8Nz_0jWT^?;0iPi?gEN$J1iUxg~Xqcc7CSx|SdzzgmIF zJCAm9i==u`(%dA@JiC^&1MKsBsF&y;a#|}|)7pyXh5LPORX@@xe`og6*`G8c_`aZn zr3RCtr~}(E_jyOn8z~%!;6Z9ZR{&i4o9!is#=>Y?fil*bD!HKM)}QH^HXmQop$-!) zKhVLiK&gmyd8(uv-6DB6A&*A%0$y0IuSjsh%-j&)*2+D0=Gl#u5v8^+E4ke`qN1Ll zXtjS%W78CkVZTrP0k(8LRdfmzDnie1?qbvpxn`0!T3Q;Zm#;nIq^}^$Pz9?6PqdND zGho;t2Iz+x7-e`7v*d&1Ezx(zm2vy8=md6g2PQS_yw|6@wLl)!nhTWR-xRBE3N>={ z(Su+vqq?eC{5#r6p|WLQ++8(<`Zq+RU2D1~N-Q!FwLGOD2#Me*#B+6WX=`)&~qAQSkie zCvZDS6Mx{>M6IJU-AS7H23qMoQ6QiXE>j7Og^rnSK78h3auP)Mrj(IF1K~7b#~#hB za1;uURtCN18TSx9M_JyXgV%ZGkD|-k-X%a{&jIS6FbSn3jPe#pc8JHDYB_Kh2$yaTQQlPFy%ixB=rpKtA#YPDl5SsX4UxTlSrQ9BW;*Nr4E~K@as;^Dpxd$q; zPC9DR_^_4~Add!F;b}q|iU&IUg})F0g}V}J&EVRjE81XS6( zItDtrwdzLQ8B8L6-hk(IDH0sazQsXY$SM%YE{ms`*b7p_db~LK*nBE0=NSpBi>_CU zIaqc!$$20HQjl$aL+Q*sE57>IG7L0>*5(cH>H7H2z5`L;6C1*|83>(LY4sO;($a3^ zPhv}mLJM)%gy2}5aVz}FXAPzUq!`+kwJGX#NDe2gj}-BGY@kqznB8{7bO!RUd`Ln!lyb86ftrNUj=nIb=czXSf*9)|)j#u@^BY>Cg~%i_HTsaPj?qC-07 zkgDQ>Ehho`EgRf|CO-N)f&2=<_>Z8Sz^-oI79jUYBy6YSe3vCa zg)ox>oy-!6Z<``fSDZcFa3jx-VSNO&;<-NJ-o46&Rb;New`W5mHVd)Q<522=d@C&2 znVLrcPmmM~U2j-CV2JAni)Y z4TC1wiw(l{N3QbmH)0?))^)Yw65AJtXmDL!gNvt_l2DxxwAGlJ{3%aoL)1R-o`9**%tJaH|Qbqny zA#BZ+TW)>pcoI*S3fd4pN1tf^FBjm_11?M8I(t0F5dt8GUl(~S$)L%F?|xL1>5m#G z19(dzZ+Hwlr9qqv-1H#4BxIG69)Epj=q1*ge`1$}l&^|kM!yvncU~x|OI(tcK-6vp zFBBWYb4$?JRoTAQm(*2%0B?`1`4*NmhUu%x7ddAg@j<)GqSIQE8oZ~4x@*JwAXr~-y)Z1eK zf!2ItaksPi4ndZ>l#nt(jAlB$)dPI6{^;T)tsJY}{_i*mWB{)s)zxYQja9|0Fi=IZ-4{)+i!NCMm5b(EG5TC?c`w-1Z%|f}#nS z>QIyZ9GS$@UlD9-^IH7w{ljASkaAUVoUe?y@B+O+*S zR}o9rH&JI=+)fTzr7rCHGgb>8|w_(=lqK2iBSxxmx+Z zX$1Q|jxh~|VHgk|f=~lbPnVLi?VX}vFfKT+E)_bkgE_zCjvtU?)wVq8bw&poX5jna zNhx-^eAYTsAV5F?-}L^8GAhxlgG-6zn+mr4((Zlw&(;fB(A*I*qIm8hre+a$R(49^ zPIYi|E}9H*%ksJsOY%0qY%8IipP5){S@-88{b2}BKUE@78uZn78J$}#j{RswHzYdH z`$x=D>_{!M(d#Nka>E(AY)5hIr96ao>GAhiLlByAQZ+DXZ$ogrJ94kh*=?efcEEDS6!ge;+Flxp z4?+rO+yKjp^!=eb%%2hld{=Fv3BJ0^mPXW&;QFEL(%P#cKqG5<+lh6bI*(Pe1+?mN zC$hT~wV8!EkD7X*jhLCH72~ZBQPwta=LS+K5cij>P(fxq< zW+sYT$>IC1jV2ISdI%H0)L$g51_?G=&~FF3VPwN8Za%#+R;ugIJ3y=ewk|t}80BAA z|72%fx42yHLJOIcSMK~ANM08b-z!SwexX)X5osX`GoAFdx)f0lGmL+&)Pml$?>arA zNT&Hbcn2sc*lHW(9n}usI>@Z07wEx7%D!@H%vSD*QXLUz zn4LOHe5w{5E(o!wPkC_Z&M^m8_?6BoBG3%n&$rnGnCR- zS3N`B`CITwK}Y0qG)}M37f$9!*aJnL0#+U5&F)Cm0JVPgED1F;6U@bGW~`3;vLDK7 z41b5zR|57onaGE>CtKJWQx(i#$0x~_+_;`lN!)dJ{PCk^fa>=z2dU??6#N|%Rc0~l zGo#g4&%0y&V{;RxwjyA)B#VCu4I**$+dP;qNff)pu*e{dL&6&;qr zpK=vL#JUyhDmi;OZyf?7a+5@cd|3gdm9QB>E&KR* zTFk!BSuDo@1EFi5gmc?Yw#L7&NXC^_&egbu2S+& z!4^x>QaWP6SLY7fh#V=)1Z!Wvn}eEWao(_WdOkXh6#2PQWK-F{F7G@L5ZxD=2@G(^ z*(5wM-CP`5z;CJ5JD>W$NY-T;XXyXjQ?JdLjDZtZ?T?BKiuIKZ){B(%A+4OXb7L6x z?H2H@A(p?=t-~Vw@trM6H~KF-ZaIy43@I+`V?e|B7evsFpKDj-0jNU!D7goJAL;%+ z!0d2NR@FTHvoj{y8By1(!>vqX>l4jv7;#jPdU0)P5Qx#3q}FvF2P>E$?O6^b>6nqG`;8a~G^5Wt1GXW&W{PEo?=w z&5i^VC(8Eg_>LE!nA>MMW?yH4d4auMKspQbjRrvu8f*HV9cYDY%dd&|0&BA|Aq6Vk zF={y#>C0<9N>}UK5t+34F^uBXY4`KdO14>Ro3bm)!kPA|&w}T)$wFa8?+L|kNZ@^S z_V!bEX8S>ObxlP;ZfLZu18&6PSccKOn5hVTxar;?&QB>M&`!+AaE1ywTlcn zNgGk#QE-nkYKMvjphTxR87IdLch1zMScA3y&HHvZMluN#hqDHQ;m4?-rTBRb8ij87 zqFpkBL(2Pkw6TJaa)E(cwEkRJ19W;mxI0BcyHOSc!miT&M#Sx$2u5^~k3REuX`8zJJ=4QRqhi^k;o+dAb~UR# z@<^fhmR2~l0|aZBW%AEA*6RSeFAwim%4vV^__e(T4yp&kFGRQx$2K;E{DyYOkP(we zO2zE+LOsI85L`ed>yU)1uR~L8l_oytQYZt=@F|MVN{^_|1>{Gw1Cg`KWa(J#E+>S$ z72g(iW8X@j4ZEQU{SDp2os5Nybwc^-JHz7nPKFSyq1xDL_ljCQL6Uz3(2M)qfOKsp1?LcEu}%I|OHUgv2*W?2qbr6o1alYAhSlo&oxP?TR; z&5={lTGD-Wmq0Ra1{X{C3;1&KOBh_ell(ImXOdPxceERIl7&b9emzLX4k5-CX@#e> zP!+&h66q&4mQ-n!0PQR>9OjjjzyR%7W7&4wG6ef9e6zO^#+sHwo5SDol}T96tp1)o z#_APRIlmG`L|b;mPHsl6J13As_0#S!RU>cu#P`yqEmSa%FF5jzP~p*?O;L$=lLI=P zC@U7v7wiaQ_#oRELcW9oYjqHXjgmIueT+R6Zypt0b{||zY_71mt$t`M(l6CCXaSk% zb%)wAr>QNxIy>5AhbW|ls!puVe-eRzr|10mZ6<@1)m%T^Jg1J!u~G%l4UV$fKX~Tr zNUV&vlZ&eAaQQu9&!W%>GlOf3&M@y1-FpYsZnF^IXi-rt&V483p?s3IV1SC{q%%cy zEUP>MIMgpdTK zpp>LZLZD{9j0oJqeoVTG{&C-KN1fG!!S-dV1z?*SnSox-x|!ScrbfkgNDzyayg0Vj zLKNC=q02nF0AcdO|2-f7;Z?V}+1ORCgi?rNw~jAwegE8pSK&)ddyCsQy3!vZ+{4+Dwh#Ba`SR#|8QNo#bpQBbUIMK&1FVr_e!3A(t~@67>a*8NSMIC}0eoVV8Q6u`-U|M!QHbiB z;tFON=T8d6D2uInI#SlEGE63{MLA&L&BdWHmy;?beb+m#m3Lv9z*_n=Vu7zNE13@} z%JD6);^e1acCoiWYkv6z^*v$OpA^EnFOD|R*jcVV+B563@?fDUj?rCpE>ewMxIq<9 z!_J-ch9EpCgWB1->qa;W@#^e^y^ili}5y+Q) zEJ)43SV4&y&G$_{hOdGS0P0|K=xXry5yU{_3tEK2ftk!}bq?O0CY+wmixWwY&z>s& zX?5sPOxgz;bvu|1-KIh^?E&R2WR9^y?!J2oT{S!?3X5NBwUC9g4Y|{>SFfiZC|T2- zhMCtNl%?%fP~FwfANx7_J;xDgUuo}4Uozqaq!-!M;iLTnft-xF?<)96oW(kIdc`9$ z@=Tc0nVm{q&gDup+`&&=vjTjK5W;VxzsIBl%jl->edgwTR`%-md*_H z;CM4u7AEm+jt4&ha_4YUEHtIt)(IR7YhzxmGTYvQb@s-_;v89iv2=Z1XDZkNBpAxs zk&+Ts`@_i73_vDz1L&Di8PyJn7$ZI9D5ZoU=32eqKFre+`A*2!;N7mO+xNYAS{^v} zf8wLq+Y|K}eZRXU|CXhtSbEPXSREe0(j?NLroxE)KoBWEs1hEDoawTvtz_CWd@^A_0Q1lhqRs2 za#+zI;8;&HkZ#l)F?B6vBuvW&6xYTNYB#Rv&LeTQ0&-fS-JeJNyag!iPw47k*vMV& zPJKUJ-N(*`OlxH@UDeN=OAvaZ7|nGWVC-~pHrYy_x)5UyD#as{2##A&bDAwxX`US8 z{e(+FiPV$wP=&&RwdY6r2+uxM;hPP#mKP0Qn5pblSXUOKoaJ?{-c32G@4?v!%HxV` z%u-Ctr=B>x=G%_Svc{P1d;^&$(MK2J&A>a2ie3)aEamq$-n)lj5Ib(N`|jAnO0%+B z%8F^BLE|Qz1GBp23H+wTKbf)76Vw8I<_f-oo`0_(UJ+lsi(28U zUyzeTNBBqO`&#ofh|?lFC-xhjixo^I&7pXUwY;4VsVf#n_4$ov39}<^oNQp!Q3Tmn zlK4#ynUjM_EUPj6N!eV#Grs{`NdF40Q#Mb-VJ-i5>3%jP$d*O2XMNlmLy%YdII4Qj z9>rj>QKfzcZ+B=z=2CyR#w}nnIsmiO9pCgS{n1%*2<=e57jxOx$)1tNO)5{bn@*Rz?iEeZ2O;dtz-4)JGGYw!g;tLf9RcT`GiX3y*nmlVf1eX zAX@yPC}+F6DSc1P-BqvrHPQ_z19S^XqmD;=c#(FMHVWQ5Iri%~kv2k~hAO-($HB)W zaOhGi5P37sMJ%z_SE$#zK9tJZmWmx=fNHyZ3S{p*Kz!uGq_vC$MiHE)uIv8`s%_2FI%smN2= zCucovT(NiKyKsJyM?+J3WxbHDNZnUJ}72boOE?kU>vo=AiWd||zsASE?Dk^Ao z8E{D2u@7Bu`S*wfdd?(b9rHv_vMxUIJwK& z>5z}x)$_X@&s}Bp*4^~jg}@hZWDV_rpY5c5AP`SyspHi#LGA|)_bpA7jBk^ z9(MEoTl~6r6l?n@|1z`UiNxX9OPU(-^MVtnFclv25y>FGl@{O_I#77*)^C!iVm+}p zCafgiO27hwP~d`{*%C<;qVM9D<4y}>HbgbzJa_e^_C4cw=C##KX#l}#@kl?r$vji| zX)646>P4Gioi%U<0$YL()f{xmZ~7RVVR)%jT1RFO4V21V7J1@}XQ#m5a3^b@lW_uD zi#Cos>9&CXE?M5-dc!iznBn)3VBW*b5IOV~hX8F=W!yrqnxxSbt#tmmP*N?@pthNU z&a>udu0lY!<>eVYlH9~{DMI}&sv6jTBgVF_^=hr%7M49!Efuy zFXf27TFVIN?GSh>kn9Xmaam(ZIo-pqJZA|#K(zYDv}Pvov?{#`9@Jpe&=0OWvRq_!#~(vW;X-3Sojo zFAX=^qf~VwuJ@Gv;^b@3vIM@3ay2lN*D0@P?K1r>_S&FYP}tTs zzT@(iMhkGW8wSv{2PI8MRMyR61~_?ssL{-j6Th5}4X>;~5_?>!5LP;)AY@e+J_GY( z;U!?2 z2EJo1a_z$*EF0ApGg6T=o7t(2hkvQXX+4AZG>wor?;W6-2;a*+LCh^y) z5>stNVa5rBi!;?TjM>J_2FItvT#+F+5p4UpHFA`A zeaYL+$xJoll`}q`K#ez@^5Cp?p-?j1?w{rR%j>@24+Gy{*pSif)3ar87zgeVM?`Oj zB$3d(N}Zn`iyrZdr##L5Kb{8VcO6K7p2hh16lc2o113t6vG34oxVdor+Q`ki+}sjX zO-jh063`@41r-wd^JCc^Z9htsh5lw(gA~Wkt02-1s@4hvp`v`Ct)~Dj3zz z@Qy4)BP#{b^Y@)p25MJm8IqbW;qUaFZPfdTni>1UTl>Q`92FzEw%QA~1;ULD(qj$4 zU=O{);-Z6i6CNK_!pepdr4p&KFARylby>hF7t7fdt;9GGdcVT3+Z25$O|TWJ{+t(%CDo6z+IfB z+2rAfSB^k}pk$Ek%ox>z;Y;*f7r@udlogFOv9W7H{#7^C7E>V8 z&UCVgv1Jw<>k|7>L30a{nI3p7wLP>s>|~*Ns#uxm*JKx;P``X#)Ux!giYAa6Hhan= z)IcNuz8_J2CL@>0u*xqrfH^NUvj8V@HMyi@qc0W=hm1f>_D^Ugxv%wB09quCRVmcO z+sGuQNEvNCubuBkqOC`fW{ZR-ki2F^&b7Jr-zdfXCFd)*SYeu9fK5YRpR%3bYg2*O z5T1S)^NJ_Tvc|WW$|7$#=hT`X{F9L+UOCL37qOG2-crGl@^lBzPmINlMa z@m_o;1ebnHUmm+3H0fU2@=o%WV>Ve-0-7(}F2+Xzce;YlZU8~C^(BuDUS1PKL&G^m zkv!~D_eAn-2v34xEOT0h*DqQh_`{tR3Px&2@hA@zu#-KG2)0FL2N7Iu;X;Nk_@EPf z5SN=x;nbVY(5dJv+GN>Bfp?3N`&L7FxlIt(IJ)<$JZLU9rvZM}_P63CfJ;s=>D2pP z+zvoisT|q0?y?fVH%KX^my*C#?`WW8^f*8n;&vc77$4J!3TLChKqBM=;OzDsUc3V> zY)v_$263@UZs=%Mj2;g+{?iqQ!_+M{NWX^3!)TMy#GxBtiIJ~fPfEBjde3Ipq85m- zT`g3|GT$@^cp47586G}+mDh8>xC_@SIA8Jzqgu=H;<5{l6dp!pGX?FHVY@qLXgh%%NEz>%wZPq-gxk@A*o*Sx> zh{l3u#%CsI2RH29y1AgzxqI43^!VNuyt!v-Bbo0jXhnYw+cpB)v?ui2zMMX31Pzob zmm5%Yj9?`JwChtBW^rP<$t0W<8p8sE_*aKOrLpcj{9<(eUpL506=sq{orNNUm8nq& zpsEZ$>&&*L(p5xX{?66RAU3k4{`WxhT3l)Z1e-aHyR(VY6ja#R4JpGPUkn^!W?KnJ zbaNHT1>KwJB!4rxl3;geSGgqpUhY2PWA`4gP6V)WoT2erfZ#%CX0$xuxCE`Ng%v0LiI2g`w0reI&rQ zH?Cp?-xefC*hcc{on;7Z6GkB+Mr1#d9>(r~R0=Dc0_3{N+$F5Z%R=ncaflKgyV3Q( zaDlrM#WQT_X(2a_AMvG~Vp`@0J&uo8zDVa@W0p`WKHs1#5EDv9@Kg%`IX8#^jUKym z11v=|n0P!MYMob8Sxy9aoM9kb$;VC#l0v6xUywUw)0Pi>6Vi>uLr=r_93+WcIHBV!@#( zbC^FuqNI@{sGe@zX~}a05i!&dkLj;^MB--wCgU$ z{K-Pt(ZH-h@turRtbe80q}I+O<`AcuK3gnB?^3}7ndFOHA=w>5DKG-PFg>qaA|ok0 zM(HH5*OGE&e*0mySRZNwc}DMD63ut^9llU?P8AfKVJS)Ox5tKS)aG}VrQMe5-l?>D zZh2k5MrjB>_eYnr*Ws=o)Vuc&H=zsWQgu=FqkR0{^%Fv`*C+~SE>l+LZ9k+3(M^D+ zT*L}4`}5MKZWmL%`!UdW_mFh+afO|w3hTS zVV~??8AZyt%zqI!L@{73?5g1&qYXzBWAYFefLA8KKj>sqG~>h>eZ0eAdhw8WZU-^c zdf%;A2V34}7vIT&;kaT12Ts*XFE>7H$Mu&YY0y-Hvcx_BNP><%zEiGctN z2ey}Ctftm+7h+RQs6VuS=TglH<*wIUNF_}SZ|&=g;vw`}q$cGT#$|Y*3t0ar_`Sou znweG2CPRU{tbf=&ec1Q_b}$dbovte;OeczQUT%%H+N(JkRRDI1`NG#)-Zq3zF2@t- z=^<6{9^C-f?Oq7;M0qfVYtyZ6nOsDsus<4E3b=)}B+}?!6z{)#G>7^yjJ&b@7#SYB zKTDqpHRD)%o@t=<4!}U|z`U$*AW3YjWNv9cbr#Dp`*auciU5TeRfLcX6khQDN%l~( z1vQ1IJ^~BlHzckjy7)?6O-*H7R z`qn7U%}64(e|;-xN4PGW`{@>Cw!5X0TZ*CpW_%r+f60z#{~>*TrAu+`55Ff5&Ht~6 z6u{~z@ggPvv47N8l+>5gONvZ&K8@LXK?df%B#&AT+2IlH5UovQga{-}z6sPnOmbBJ zeC7$0rnW;L5~I(dut2`&<7K<`OA<`!S4Y&7h`0)Esl2gvvfnEB{Rz|seV>P zBOtxhV}9$J+QKFQ{P=a}PVT3ybo(1F@n=F*!xo(yBgqkxE??igmSh)yN9Dqhj_*cB!fnY&&QNVW4KB4iUlCPJAR!A9X3-crUuRf`ofuwkDOUz25sce8JcjXghYPM zyHqtnQhc|*H3U;B2^Z#{&QI_=qag}mXrsbmcYkEvpJAzjo3^S z8b#38y=hWDjg4JZhB$j~iKK7&-uaStUQ_oqpQYgyWfjC$)9WOqM3 zN@Hw%ucmno>yb^^-GHQ}kQ!2ORizs?TOrQrhIuu*}AY@<%PB0b@n=|EJ~9UD!o zS3*}Np~Rm)vTNsY&X@@?(YIY7Qyd&hq2!+lWTvnludKNiD#1;K#sK_FZ{(nIiauPC zEHy2?>E9O^zF!S6`+luz%4i5Wk?IhK1}xBO`iLsteIe0ZSWOk^xGkhsFdppWAAwI6 z`yj;GQ_84#fCoD{UWuJzlAA84&gJEi-sc0v*RzK=0-D&VrQv6?awA4gQv7$Cg`@cw zT0*X^QhtU{pZD=)ph>Rr;{AT$fYG7W(?kIOinzxn_Q8w>%cFBkJ?FZ|q_-yF^TM5rRRm98X(4=O+2F+U%i~CVlCY%<%wik_~?0V}%qb z@+wb}bj>z7HOwaZdGP3QogaxQiF8GNzda}reV9U5m(M7ia`;mBAOl`#gV(yJ-sFb` zz0}rq@w=Y11RmtyOQb(0m4Ur}P3=e7J^fHqrMZNMz!pGiIP#*bfg z!9z<(tr3*kPy7XAD89cGW&Xsv|J30(oE$rGC+(iWH48jj9&D$4^Zgw8d#0Ng0S>)r zzw~VHeoqDn&c)n(q3Bw7HhD^D>@?nJ**;=2`lBRJ_`5ZU;&xyv$VfD<*CLwX*3l|D z!A_FY?vT(-<_j50Sw;c{aNiXZQA_EOCE?^hE60ksL-g|3lvr0*CE*3}(lch}@~_RV zKld}$Dy{*)mYTL@1o!!#16l}Tfumd38FpQWDv&E9Mk_ds+L& zFDtOw6~|AvkkT{4a%q8rl50f?S3koTBBo`?kVvB;pd-H3sD?HyRF1pc@bvr$nFI%i zV4B;@^3s3EH%U#kM)GdG%|AAA!<^#$lxbv#H$jmad11E$@iSc|Xx;gfK?HlU8@Ss- zZ{^-gqkMnKblqdD7UdDLDg}u`=t$jS(_)i#*+F#E-CCj?t_Ic``1rvf{j#(-`(IL4 zX&C-5h}WTwV*I&&Ya;1lH;0R$9V3{&k%oYTBbnCQ0GACu#O~N%%TBlI?lYVgrsme( zPsh$*s~-%$<2v|Gai7v19^9S&466^h{~(Kac7XBW4|(T z@e5ZZW(EYWpw_2kIfvMS$AV8+-@Vs2rZm%P=}DN5_T!UHm+)mcc}C{X4nM{=p%2-n zlK(#4w-P~fia=51-}YbZ2Jx|?<+A8K;MpUSy!*+oX{;HeO}ujv0^?=foei2NmmxHD zakC8N12P^5*rGl;48NKRK_uSgO#EB4Z!|dD!#IJj+QHV3V?BnAk2hA1Omp^(&6w8uqqv&Ua4w9yC@)&f z_3M1)12S8KTx~Qq;8H@4eu{PXF3xI_I*&jI!1W0Ls{XmbCK;MiQ>=cXusQ%Epk-ug z-YF04<#71-hfJ<9$qNvjoF>54!!Ye`4rti$Mu_Hj%B8@)Xxr8b$F6{N#4+`Y8`$e0 zkT5{<{CeskwmWf4xg9Yy%yCvcZT`kOPyk9f9k&Hq{5I385p@J5Uw79%SN~_nu7Z2c zK2p>;Sq`883oivVNOT}^u}2`!dzsKK?Z~_~nxO%ppBh6iLp{}jd$dlXk!L5*q~NoE zP;h^&0UG=z5@4z9YNluCMEMj=MTi}3Y95GhLs^7`R ziZDaVdGl_u%5rLC;5q0lw9H0px`LE*$)HaR^bDGBz%#m~2Y+AS<26hjX0!&}^Kc1f zSk=Q6iP;=F7!GkR3tDdRoY^RY=o5AXPhQm|Ry&kw3K4t-h4Z46{WEpt^T-Ff=e964 zh=CZATD)UgH;QipH8!c$QYp;rDvWBJ&?T1pmm`eAW|1B!2_xH-3gJ6t5)D5R$$0O^ zu)V+gyFVYd>4n_+u|qECs}W?#MS1S9ta9ef#h#ChJEcN(vN?Vv)am^#&p%(eNQYrm zsA_mjMW|K5valWyXmBUhNF8Dvp8nKmRiJvucbUT%9FLDZp5?qgFx!Z$fsp7CY4cwF z@89Yu)Fjiu!#3hd|JbN&-Q5x?s#*!JlC9_T6ekJ!{!?24Jfs`Ls?c5_eESU(&Krkk zV8~om=+tt34vive5;mH?fvZ|%=?WT;J6e)#KM-#vk;1}fOXPWVj6%`-=SBKVr!joJ z|94eq?kc3m3k^OJG<$PdHEl6~MB&7~G%luJL+e&EtAfrUrLFNX8ij~VIcBcTU{jHd zQ7~v@U#1{yO1$4SCI%m?g!Akul*iTfKQ39J|8wEk`%F!X^Nk?WwpAZiGQ$!JeR~>) zd$a})mY-n;Qt3!2$z?wH&uOpSGX8tOH-08`VT*BSxomFcpK@~#WPOuVLz>=o@8L$S zq))K9enQQ$+oL|G;|mD6T?GkUAL~D$2++@vo^SGJsxLADZ(5jEWCZ{NZwEJL)(+d) z7e)IY4Mpn-#gLF0J|=W`jkLmWrD&WSfok6_)BuFjxv|u6qX2P8F#~^mr(xa+!fPMM zx>niW_r#2d7VmFkkW;(Z4im8>W)bU>Ji+!!tO|Chy#R(N<9}+17M#YaU=)WY%`R&~ z#FQP@naP~7rngLIuV8X0K77|hY2V}do4uP2QAgnM?1eM$sT*qTt}oI&&z&q| zVm>_9JIXUQgGM#t$p>_Y6cE#W#_EmRWdN@&L9Oc|k^J4l_68hiy)$TP0cQfK{eATUHb~UR>ZZop+k*@X#z@(?ZffF;a}Q) zel>QL;=VXoN_5($uBWuv*jX%vj`-zIRB~0Ya9BDF`tmaoc=M`!>qI7i!ZZW~0ivV# z?0Xs9>^X>&c9I#f`GwD8a7+1=4R-!skn6b5IJdO0Uv*1&@$G|Z9RI2dpF3+Sm~A30 z=Ltnq>QltvWJ5U#{OCLFztHF`ymuk@L@ebm_56{|<1GGowzXu(bI>M*a-B7)hW}Cu z$C#l_o=KQA^dqHmDD0?Yr<0#gJN+w|K&WIW~1|;|V zFR|_4XpI^MX)h9#HZJ!l5Rk>e)qz1reoDjDAaP|Hr}!@C64#q5H7YnxYmp|+eHi#! z9k%rz1lp(I;sZ$wBu3M{&|!6hS5I+85?>zndh+H{L{Gmyh>@GUBw1-nJTyI=bRFCL z6*iEAKjhD-ZM-BxJ#gsbR;4~0WdMbywI)uai|_8}rqrK~mEEfpklf)wrD5v8VtY9z zSZ8<6Mb{c!d?l;9g|=FcuYV}d;$Ia-;gUBwN4{haFFaJ@dG2QqW! zWUd!@gb_I<&z%V&*S%ine{4Q}#`&?;bhg$0^mtQToN@t^4aFCOa_crRtt}0IUD%8j zdLWDq{2~o_3`oawVp8O^-r4HKcB$a9d;dt-L}Bs zA<(GEw0=tZ`Zye#hrO%^_xzwqoWK#44cLHu37!hJ zEB0DTUj4P!w;|GW6R{F`n|erp6Z&(~D#WEf3@W)kY-VlWI}O&aolHhG!wC1SRfCJWZ|W-t^EDYnt_U{~VUnJKCDRQZo{->5_>;sRS@l_}&z>=A7ZWIi-m;1ASy98=koX^oh#~Z1C*-6_iAVIFF=Z+USp#uV$En(#zPz1X8+^&0HK>ck&E* z``2?XyNt4Vcpk$h*(yz=d}z5=F=1mQ{lNrz9lh6N#4jl_J%W|Z z4d^Fs&$J{gMn--0QY~0RU<6;_&&C~S*lTnR6G5dXoxZCf_+>7Vh`ZEDIae+N4wmfR zi9hmKetNp%7>}M0vI6j54ARgOI2@F(dNK>CGoRn!Apb&c3bb*%j94n(kKKJ;5u$wp z1p7klDoe=PcZn*juGL@{x@l`SKB8{(i@z7%MW4f4;%829w{jopAdv?-QuZS|$P6dw z`|1kT#VM{Yg{y?OdO$<=XJH|zV-WGNJKrBV`nX};I?7kd(+tzf3@U9e0VGj>G*uP6 z7gxW)yM@d`Rn}xqjuZ+F#X%kILE)b(b7HWEXn)~+lvN_m4C|_IE{75Xa=4kCHM}%` zQSzI1=gXba#M5=;VW|5dKh4K)JyPJ5*hcX5=P#mReeYzdL% zx-4E6y>k|m|4aWE&AESO1KeHxcw*Z6CnAI&WnixG1I?4CmqP_I-v15TNrCjAKDcM^ zIiJM(Y#GOLh5wC~C7EZ+OG*D{N7|JaE}i&DD!z1d{m)?dzx*U)KBbp+%BU#EKq=4w z45a+`GA2X41E0iD59|4OY|qXS5nDQpp14|o6#KPRbI-z<0&z{{pj;0vXsN#X9uOJW z9RIZ&XIC4yoCVb9xljAhVAVGj4v6n!y!W7HRi#Iz>!3L!!hV&`Q*Cp!`VC%5^+|V?R6?rkIEPD}3>i=^_1SvY!uuU$|6GtC=Omh0l6C zgF}G;&>alZe2DFm&{#^W!GlBu?G?7`-FXZ+@)8j|hz7#bb}(KKY$>F2=bopW5G1nr zo-CvF;Ao25zlCS?UL9sJaJbw|iM*n6L0F_lmyeBrlaKh5PBE_)=j8zZ?3^$!5nk^Q zLVZt@wq%e{i>q+E{@?(wDHO-4`iV#Y}$!T!WnEJzk%{0_4#6H z%izAO-Kr2o7t6{=E!t$JF+8*;O^N*ul6nyY>nQ0Z#=o^_OX-f-@^>><3zK=NU1ovH zAt76&nH7LO520W688zno)*O3X_RdZF&ZnLru9Mw8uw{yeRkD|nZC{qp5*Y_UlwT}< z81H)jTC)~5{NMDneIl4t!ZxX5x+MsZjO7CPDH-LM&LA*JW;^Tx$}P{<9DNjN>I`_I zwmbW!?0J>W1q_$_19_;9Y{Aim06jp$zku&YqV?uC`x`&=ih3c0q6?my%dAbRYeyCJ zz1Ua$ff`2l(~$BZVT(0QeQzvtVStrDN6AYcrm?VI+IR?c_>H*T;X=9LVAnZjfOFu) zsh`PkHme9c&X$8Y{`&v$a!km%tWptIu~!Sfe=eokAhz3+?rNJDmT#& zdDyn}ntxiox6%9(D26otEKj1^&q9AJ`_?WF+@!;y%4j0szZ5o5T3GbUBvsMMjtj1U zN&rt9`$6i1+Fb-e*mf7srXXA97V2yBX;%l?(Kq4e7nA_Xldbe+5-HWp^FMz9bsPf7 zn8}fPjDkd+69R~Zu{j>ob=r8-Vis2u}|s>-gM)^6#|}^ zKz6hHD5BKLU*uutN*pQDxKRO`a*O_2wJx?zFs;K>$Q-ZVO#8NzS?##UL=DSVt;x%NVu0gffS-xuHVpaF?+;xx zRK1w&;l7r1p2kQt_xWNY#DEo^iHZThNmw;jyEd?NzSz)|%WXNmZx;}D5(v#mFBL8$ zP9z@0Iw)Lp{IOs37gqmJ9^rBv|KuKq*|h`V!t5>?&GbKnbI~lu~*>C%wCzCiR=}4y2(MVEU=e91ukfLMk~H1^?@tP#hC=7Bcu#jz9`e$10S%p%JFwp*!GqXeM1M~> zAs4yg+-K7^WMuBTr7UVow#Y%s693?Lq0r!r&!akndcl`mItBOE$T4GUq-a6FSBeoC zgwtb;JiIe`iqwwy(rqjOiZ}+qf{`I?v6H zwJr*Z5#Rj8vHjW1XiJ%IDKz{v2`ZyES&z#%1Ab`sUzR#-FUQsszm%=?8;ur(dFv?? zBy>@hE_X`%i3j;jdKt`GVu(#iN=VpgFai9Ac{b;zNE98Wl+*M~*TD{Y*AE=`Mpc|kP)0i1YtyahiYR;O? zPlkyR?=LJY$?%hWg;I1Fc?@gxjYHcHu$2-SBj>Z?ghWEZTl|~*f!1E`U528vVMz-; znXl3PqMt-grfGUF!BPD;;T?t|EBCbHM=8g;GCwbtse-(Imd*?+k8EjjsVw{`elf)x zt+m0TUuRb7yNC=#6j0g7D+jpkZOxLiw9z#9PS#T03?)$wQ~G6%1ZKhEXLnA}QpIvd zflVDQpsNDW_aLF1U5_bI6s?knjX)^hKiTg22B=7I1+1+&wEO0piX-tKWHTf zMC)Y8mVH%reYH^3{}jIm9^GMc5nFq_2-O?DO!uI&L=&uZc2TLFhPCWJSuS*T`0g zGWw!qq_pM2Xe3nN2b#eZ+=$vRVDczi0cbb_B55$MXkiTQ() zRkgeRvTMBzv~wo01I8|rz&I`-nswYPz*o&T?pNlA+4dG?Ex_5Ryj-)XlgzFrv2f7j z(rA(siKP#H8S6A7@57*h*vjO@!&6+nxQ!P}n7X(HLkK;`k%H|etXNhloyixCJD)%| zSpOARjUGSHRg=*ZY~-_12!z}%61-B! zA*l$}PQyaxU_k7;0ZUApk;DwX8MTt#4}C0My|VBiW$!O1aJUL?1(Ug9y|`d?V_Md>+P`GEBsoX zeur9S{|3x$NIUp^81<)jfe|!GRv~-^eeK7z{Gn!FddUzYOqWmS-ZI<>Lh18TttR4q zoDs!Zcco~G#wdm!oU%E>I;5t}J|Qs-LAMX^6*kx6t7HkB@XuC6~E*7LN*K~S{?yM`Q3J=J?nN~ z2W=wII^~(H&Zwbu`kAy<-aVD-y|bjVY4YL zWN-8wM3T~QGI?bCwWv^sZXe%9Gy1?)Y|i@Depb3CNr97OSi*X2t=^}A@uMh$!5Gsu z7uzs3>l@J_$!YRpJZ6Mx#K8?mevj(@?6UI@d(PIrE+O2G!r4$`raCi3cI>{ z(K^k^uq2W1VL3GIfw>!lP;8?hz|!j!hih-8czQSAApo!8?z6FM2WO}XyNPM@^RSe#oWFnHYf!O~# z+o)FMXeY6_hadj14}zaCo_oLS-=+^7;zo8jFx}T{gno>To^PngygMdTKQjkISVQr( z-8{HAcwc5tteUDdrZeqt_xx^oZI5(TrcXRFIrI6PuV7RUd!L_V^joXs(KpIkLNzpJ5MCN(e9*ZP9eD2lzG%j8>(k)KVsKZBBU^fadYe+H6f-B14!U_~A z!MaMFIFtu~v=^IeopdC$nbR`vP6@44)Z|3({cc^py4cjmqs73YMMm5K-YNw_krW4& zVv0Kf1n*DSF-Rfy4-sjk;Zi-f$8;t^?}+sMGD3Tc_9l12Jt^Q zI*zmxafeM9F$zFQ&cWcq*mxQAVRkuKg6I0Rji<d@P8Tj z7<$|J7<-%f*ndCz*m{53X!3slE7Fx*UUa-3y^mz>ct71-eB4cVzgBp^-*~^==)AvV zemrfwzb<@S9e97}c)zc7d_3`eJY;^nf4swVTU8H{r&|6$m|D>#P*|Zi`lcC}LpInw z(4>$>R>eKAq=Y_BXej8RFE6YcdOogSbuRZpze~v^e7Mt4Ok8n+Q4W>pEhGLq;fyp> z3o53GC53J2Ae17IH!sPd+}1hl^F0p9$uliDd-6giGmAZk8LAG?lfZw@FwiI{81&9g z9KBT(0+j%0ssWeYFp*pe0^yM-PPln+50wgiJeoTV#oztJrYT*;iJ8g6Xsiem2HSzR_WkeKI z{xRu_lIl-_8L4*y7)L_6q0#}!dxX4rPy(Af%VsMeD-v1x@s0DS&xS|mzYEH4I%gei z1;CVM<~GpC&PaQ%dXTN$J52CV^c3PDNhGG(BXhtIR`dU-Nq2nYnqyze^Vg*N4*%Dr zGj|gR_}8Qh``4s%ELHOJaSOmB-x8}=hY%q`^hhg5JDZW_^sKfxz}C?mxogas>hd_v7*kl;iDEt? z0Ch!tS`uZsF<~9Ett5iv`G&rR3P0q~q?BcEcT68{MG*9q zS~Aok{|b34d87A70NrgjwFNY(S2Rp1Y1hGw<~-(PkW5rr(!R*0fflOQL`eu>=txxX zcDEyxjGod<4a?^j?o~#=fYF*fC|F3PY+foh#!~HHk`6=q5ttabQEh(RY44qzSctCn zUUDiX-_y(^4=4JA((P&XACfNfasUk(G6~yK5rmA})hxj?c{-v1FRG;Kg(f8 zDhTq!WU*2*j9!o~+MFo)1ge>gLMDGE;g?L(R}^|6BGaKM=z`aZ^MaBdzWzZEC*l^C zf2mdRBP2B&Ql7cylNf~d7ur{1tDa86%?f2Ftv$=WJYH%T&xQ6N81RxOjc#Y{j@-lx z-Qq(as=^*Umf-8Yt7QhchNyrcx^4?}AWSQg(+a*RF$|)46paP0{@EFsG&Hj}gf!T- z-(QoiU-_>|r$V|_BR;q9c#KIPZ1Kg=2Nl{`854B3CEtTZJ*gqML$0Y^!|YfHKMm~a zEqY@!Ja|wOl)vQ#)y8tq#pXv*5O{cTennA}t0Jl``BP!eo*PI)d{vgVLzc_sUBEbL z5%yP-d&^<_{3On9W-tGbDeY?fum;blX3^p@;h0ZHE#56$8FD_S?0)z^C2PD=>qR>Hd2#p$!Au@Y@Wz1A6z&K3U%)}N38?`%8{jHG*nIp;t*?mJ$*C0)+Xv#NFbrZ?8rl9 zD_L=Q08xU@+NR{h#6Ufs+`-LfG*ecV()gnIqLRzxjAV}LfQooCj;b{9dt#@vrekCI zq(k)LkEgv<-v?m9pR?D=RsQ-bXyq&VQF-~rnmpp{&GjIAk{Yk$ zc<%Ci)u_a@%;18fKdmr1`WK{=r;rOL>ptb=4+kKrtn~2;g_z@fY5%J7)Qf8Wtt26+ zSRtuWAGRZXk4m7;Lnz%O{)7e*(RBd3(9IS9? zw`;lMO{h_Txf*LtNN&swcF_Rjtp_I~Ng)6Vw+u^ds@^vYV-)+hb^C!EubF;HV*SBS zL^yhcf~5TlYf**s%J7XoRGrK7x@ROZYWil5uGZIxFF!^~ELDw6f%HVUoZxFX`!U_8 z!Gw3Hr7gVV&e(xOrg>t0GAnHnkkTu6MBF(HG7w%w*iH9g5%_9^HuEEgJb+@~4lQ{! ziWIm}$PRElccu6qvue9q)9}#A3cl|Xk>}6`($J~cBem@3GFbCNoq=~#eYCYjzmv5& z1vVGM$uMrwr9Qw_Accq1eE-_9 z=cah5##pne_pus}9F0%OWZbe94@xnfG@_@O5gmvlw4w>Dw`>@=&lwsd(o{{R_^5k{ z?Yyopf42rz;=XhLb&7HzmZ zP29ZnHK3=RPEFZ4e<9s6Wnf8%omWp59lF%O`{X~179+O6A1uHye`I-c7f@3-0BFU( zj(DyUsAd#ikmHHL6#|m~vUB)oU4g&s@ma?0A^f^H)`*b?rl#R7^oEXw9m76U>60FS z&oJ9G9!x2WllPp;~-sHh`1Q;@%gjwmHJZJDG@ zD9d)4&0!6azbMHYa@Fd9vypvF=oXj26S}D4C6{-5?^j&IYA^H!Pw(Hx2ch)c{}a~G|AC^q^E4I%$30h$00v? zN;sAoWR3j&>nChcz~ z5(#()JRLMk$IYj8W#*ns@r2=O-}9CG2M1njiuxQ~l$!-sJATr)oPFcAf6zIWhJ_;8 zzv$c<^S+%lwIK(cdq|*@@lIvmPTHdO)cYr&eoHB8P8t7iDE;_=8 zd>}lFHbiXI0)5p$#mq*y`C0EF&!xZtDS%4P?pt^O_37SEbn(_oWB7VRSYYJXIxB5ySMS?52vAN_5gD9M z^?Kaq75~>azs_gF;CAqR^56X~&M-GM?$u?q>cQY?ktbC+6O75m$pe;nNL{pG_HgaH;Vf+490F8!n)vU2%JT`WK({BmbH8*C*h9V^sW3xj( zyK{6T{R>Qu#HHc_l^o?aOheoEhwNnJP&TMmecMT)N1 zeFlQmQjl@cW!xoFSC3IY6s5Q)q^k9#KabTL$Cqr+MMy^3s%JoEI{fagz9d&DssMmXjir*TI}9nQBzbA{Qs3)E^+&mblIn8Y2akv~ z?MLj8SNzAK!!gOz*!A&jK7Oc*rw8oauReqDP)eT`BUOm`tP=+wH(ba6=c zai$nJ!OO#yxRR9EKJABruyoU9SZaEWc}R5c`C8U`?a&_W@n+zZRV`f9IEMIYEXn!!9xnI$yGYL`E*J3sw_9tsy0gbj;cOd>_Q+ z_TPf8uBOT>qb|>p_{ne2&djT4% zva~w4O*3ai?k`-98L4H8@PWKbXfJUj{$>Ri;#Ph<^r@6-PQ}R#o_0&%Zd0tvlUou9HC!&!#x`|ZfB`(&Q+X06&oPx|<6`_}xDy0Ol z5mGK6{m3{hF}R7UBHncG+E?>aPuHnK5wgB-`A`6(IRwoTB#B*%MrX!_o8Qiqu3lEB zw{60~hlw=NgVoWlPxmZCz}BDgpE8K^UI2T6`D?rl?RxAedSbc9C5I`v(S4U8=j{K` zbi6XQDZXLFx#_H0sYZ6#`Bk4{+|3P+%YYejBbIiD)PtyZ+gvqQYz zNS6;>Cl8A040H_Im2U85=F$cg3jd?kc~=1n$(e2PObjZ3&r4LB6-pBP-Y!3_)z~gp z9x5S%W1#^0^g8%>5~W5u30do=JPFmIGLCVLlgQ?GS<}DSzYT&4vvB6F7rus| zyLL%la~DDxDbU;K?hhZ$nzuAT5qpn_eir}5(>GuYCguBk4CYtKd(bCc@aVj{>|*xY z?m-$o?sVLH+yk%oVy-)bj>DjQ_s=8?ED#uR2z}u3ozqoa!$(baq4rUFoOn4sUpkWd z?F+>1P<4mKE&0WxKZ643(MZ(p7E;+Mh$VhtQJ>?v@>$?vg_yd}b zpRmEPl%-uMj$BbU_m>J1Po=nhyurS<%PrYUNKCsK(8O1#7O--C+s zP<}GkU187?UqOFMF@0Rq&s74P5ygr3QcKA)WJROoHH;$Zmu&pG+EXH8R*TK9Q!5`& z=8Kctkv+0xy81I;4=Q@ijkNM8yHO46eIx5~3G9AK0vQeRl(Yx#hUkOcodhk0$b2j5 ztYLjZ{z|q@2y-ynQDd);n~$dBVZR#Z!t_@hH<{I$r>9zUq23i02j3?J(6t+B{U=6a z{)5OZBI8LZu{air&tm{nZuAMEfkkzW2;O{mD!fGwVTEq+BPbAO1CX-A5i|Vsvrp{# zbsl~At2(^{j@o!#gHeNjU@x^5LZ&Q#$Jq5U5p#50YKeKXUaTyHgik)5M2deHC96e1 zsdb3^(0%XSo@O1fh5*<46z~V>e~^$D$JAJT|Kc!KtsGT&pma;gpO5!; zq1*IxXxi&sNlaCFBp-r47rGFUqW~VJY;S;l1QSB)*y%7pbY7>jQh9AM<4_`YYZkd8=usM0>?_(Y7Gg7bo zOUo$DHZ;``C@@ezXN34!Nv2t|xt-OjQV_PB2HYyScTVw@MW(cM+ZEo38SiO0Zo`S! z3kHz7u#W%b#;I*rr!;XfXYPUk0>nL+6^EsT^qvh+^A*f~OfDyqcevt3Mji?}5ocEi z&V5rp>$-^Z9%>a3sMmBNM6h)pJF+Uqb12RNa=;^;7>;U?Ni`XS}AA1k}2|(;?E+Vq>ECTYR%g|KC&v~FqVcekF zo00pcCvMh7FhvMyXa?`~Zb(R%ep}~v%iS&gT}!$(5|RoUCor)LK!lKsdoXFhlc<-h z1#tslgkWtEn2!!>LXO0%xu$rz*i62Hl(e_ytAtp*D<)#T{^ZO6w zx}PCfRk_NKda)@(>da|BMcci{27fP`cRt~3zdd0ad->(-nzag{ZcBkQ9P2;0r`cHn zBcBBaDhK;?OUcHOT&GxEC6sLA2C`Inbs^U0tBT6D zO`z(<_6;I6h^{~W{}4MUB-ylqZ28meCBz8|AQg1E&w&9+(Hdpn1T6(AW+5qV#Zs0V z?!Sm#!e;B~(c9J-GZW;05WC{!&b&6E@w~)%BgcObI|359?*AfoS*r#(`iTN5m?R7e zvLuOV%H`Y<1FR?g2UDy;HG-Q~$|2o>#s4671;76yc4o2$l>Z=h>e*2LLF|r68L<9E z>{6EhMeKaX#k{Qe@HNJ?O(ZCKSF0UY$XPd`Zl-Jr@gF#9h3Ie`%nwCBJRB2dLVC0# z7`F4K_W)l#Vsd1)hNz2-$~K)j+73kI*Z5yJ;#(_gjj&5;{c)STEp}hXB3iNZet=`I z4SA~2Z*X=_7|`y5@)hd|EwWH^?q}^~BA^c(=iG2bM|dw1ZU&2!`}zVY$vD@nbBss1 z#*VO|{klYfH?8_m{c^OR*Rx}ep9->|K!b0jBTZP3 z+d~T|#>^*seS?ee}%fdIy`Vzk{*b4n>3mECml{29pQ6w9tz03H1 z-gB@Hgge+P6zPvk>Ny3x4qVYn&_o%~ZD*@MWDHODriWe~B2}$cL72wHr0(x}tdezy zFZ#Jn#8srr30LC3E`K348q%?8o#^8bP~0zre=?`&!MjeFs2ivuv9;@P?tx^#sz-Uj zY{b)yw$(=_4;Uvd)%r~sRov*WIb;j5QG>4S{FaGZJy8*{3dDI@j-yz}c(oQt0{IWH zal=(>F7uaj8PDaTw|gmP;O9z#UqbzFzK$C~Ew!A&vGg=UMgRbV>M&Xe#?uvm1p4W2q#v}C4a2OR3r>92d0(rgv_Q-BFp=vV1nd-yLEH_ z+pVkpT6_AhTj#cv@-6)An8(+~I?``B=|s*>bE640!|y!BjGwT}-~Nkrq?%Kz9K<&1 z7`27C&umEkW*j#~%w77_zV+Eq#7UY5>orZ==*7?L%}Y@ZVDu3YjGpy*7B$t(e)j-m zH0EI3bd^VUz@gD0e)Ks^>1qZ0IF^CTp&7nB3n4S-w|k>azH34*Af z`FJZ3R$aH2yU-kLYp)rN%Cw^_6SA^FJD_1!_FzW-(GQtl!CvUSye**cc0 z!}jx3z*Cgv)r}_)2aPZJcg;sj38cIdSBX z%_~#_N>XX~;8KjHrZYs9@cCcwcN@$MTM-v7aG#VB>(>pRsut$|^ddf18c9adhzZcw zK{}xRm!tZo%7f9qf7lL-xT6nMQOI$>#3zOPSmuO5Dlj?Nl#Iv=c2bFN9$X_>86F9u zqBJBrfhVe>+KIR{P#uclu?bP@cB86$r_sQfG^9_)`kM9R^3zJKQh?(RiJ2em)k-{q zP${PmAvV8aQ5u7l4=|=dOb3mvVCo?x?(Xs!6a60dgx>Zt^)BAJ&t2Ez`=OFk=&%Q- zt-%N60<kvww|F3U-6#8n5(bCQtdBg8jcHZnXJ=9Ag{dNi}&DJ1%HNQEi-}+ zL+%O!$wb#1tT5y-;MXswm9fw%iZm675l~!J?2n+4_|vqkgi!PX(@a^3+HZ7mUM;U<$C}ahXRw5>2gWg5O39ZP}$zB#F%m{Mtuwd zh${e~)o~pB;4CUO6yuSRFko0IJumFtHU@QO{{z=;?C*sAh3n@32V8eevti8~GiMq} zg6^5>_T`;+3Bf}wu9N{rI@v`rP;~@7?Q0IVEah+X%wg4z%snO%3oT^li>SpRaPuGdbuYSREkPZS;5{`MDiDMn7p zJ^7f<+U|M?p#=D}({ETtF*GGgER6KcYHO&fJ#Cs4LH|+Mg}XU2f0Mw4fQ$Le?D?mLg+kQnscBdlK%3;e1c^|lFp6WCY^Dxg61`H zKh|ag&=VC0qai|0!SK`ffXz=7)Em+`@w?%%8X!$Oq6U?hFJXT#3#F~y(_hZ%I2M1c zj;XPI)5GP!dDM3-uI| zL>EXod};P6OmAuq!RM0y=G*NnI?z6T!wiqlEekfWCw}t{I|D0;*v!HI-lQC%6|KBt zM*O0G@N4jiQ;PQ4$v8!Cp-0+Bxc2qaq+xbQ`t0Lv-e0xuXDjuBozOpO9kLFJ+YE99 zaZPkSdB1O&t(?_y3bn~ByVAC+rFhCWNlWL4o=)Whi&?jfGn$$jt;Ir_LNU0F&7m=| z7TyP z!G>x+sWW=HHQLB#=|5^+W?aACrg?0sMm^qhftlPtYMuSRYF+-d9p40BDTbSB#;f_l z!F-&Y+HS7>zTLc9%bGX)*Ddsz0e`+stqj-K%W(^O90~pxeTkVSRC7X7 zq*H%_UVCZjI6!1JjToxk%M+LMHxJ*}2SFGVq^<4nq%<60D{^58vg#Kx`^4Hplr`CH zDt6}-f-luaWZIF8cu(lITg9HiR$X5ruQs1s&uUBPBwgQHg5Qw7eGi~zf;wnfq^n_vGy>jshw zr0D-a>q2CSVRMm7S0DdD>yUV!-q*_~KG)FA{THp{t%K3w$;6E!DLgo!i_dxXpmQNQ zT&eK~OytkPYgvsTn})8+hH!IDaY#%auivMbaBtlN0IV2}2v`jL@Ay~lnFBr6|Dtux z1Fu%-z<<%Y#1`Ilr?`11TsJM`a+=%@IwrX=@rZ}Cv9~c6u{M`+`dofztZL{oQUQEHmMXr0qxyqwPwcJuoYi1Q_7L@+zL6LrCn6BZ6 z!uN$Mqm)y?)j3& z`cOxEqL$Rsl^w^EK|kl3eg2l-00E%Q%+Lup*kHbut6VKJ7oq=OXq{NH!5v?tN+~a! zu9xWQOfdyrt6Tzcm!O-wqCANhP_V1Hr^q4-iu={HF$1-riUf!B%U)O&4@pCA4o60m z9Q!@(k_mD(7l1nD>l71NMhlSr4mT*+J=r6L?8DY#;pann6nmooMOxA`xKuU|p%jv) z^a=IA_W(A@$M6nH?#xJoZOpvM&to#b$rD?d>qR)6+3EP>c^+@7IWn42=^wj3X_AI0 z1Ac5*NrY)%SsTzVR09>EN}HtV(S{Wt0aC1%Pjy+LKWmsyBYketWXsk znJ>zga)nhR(b!qujc=d5sRI>dWLBF@% zxcfxpNecKxm91$rmR2ln347->L%TeUVmZ=n8vwe{#l^FrAm?p3W@9z+5)xFY`xKJ5 z0;1SbA#E-BMVuaA7X2*Wa`fx_G6imf0-ln$mG4Fzx(7ddLYY~Wd3TRM*S~amsVnh zm+4SKZP)0^o+&F~%bCeFLzrr%sHLPV5qhv3}6qL~} zyskZkfHlI58dOAjrYY3qsS#|s*0RqDnis6AaXC%9n>#cLBjDDs5Q=dW&*0gYTj zuhx#hd0Y2y$It>Z_=oqcjM;!VVDW7E;U{oNoKb9Rj@=j@gb&zlQG6xE`kj!VyGLRS3FAZUn#-FxO+c~Lo<2iJ0TG4zD{>W9 z?OrbW0+^E+?T)?7Ddm}L0Fi&Cech>4KmhB;J7g3PZ)9rLj|J4mYkFHQpI9Em8U6E| zIC8%RtHA~xtd#I%NL4|B0)*PQ*<$N2GQ^Mugwu#+BN5Abyv#b~{eA=?$2qh{VdOgm zw>0&S%T5ciIga`EeyP_BQ)XQ2R4x3Obx4Zq;T2aMuBG)Mjre50FyNa1jr(Zt*z{c) zv7PPC%(&PqjjY1W_ds1yGl;wL6m7gepj9O=i;#Bas{5}F}b!>0kU$u^Cgnyugt>CX(hyGWsOZiu=TR%e1(49|M%KZ9YwT?^R zRk^q1OGaW^Kl$ctVY>wqs!dG2U#2lgjyiqL*NTZNsM>;>|H$BTd4FvYB7g|tfQNZ1?D@kHywXy^EqAs9Z!L4KJr4>_4qTApCbSy`Bg%US5R=)i$1Z9WR)PWkD!3GK2$iOg&-O^Uz? zgK2YdO+=|4bW?rO0?@^Q>OYWqJ)SLh-WaTqJu_Zt;T>r|A9SxNw{a-|@U5opUBC^Z z4V1f4+oLYB6597JWv3v1#bXbhV_N+Ni>@tulyCnF^}Rzh45K%@y4%QhE|CAALq=1?}bNz*$`79LxyUm{({v-MJIwX>`2F1#1x{ZgHOET zzNteh4B#zfkK0;c<_-H{jNkB`2B3r6^mC=dZsFtj&Vc0P`_*XM7U$?^r?OmN?3 z-B7901pcaZP`Xvrf7Lnxi4rtx1c6e*Q{fn_aE9~+5juLr_;oa-b_P&z8N1sb zhC4uHG|mJjNCfEGlQoC|X*b@tck~XWqSV0(=MouuzPF2nbXzt(nDY4W;ACX{J=0x= zn0-Z8$0v?MnM^w=cB%!9;d_XOM5RMeHBmX*BWy*|7d$6YTS-M(z{8eod|$e*U(5rb zH{6lg-qHe2E5t;OXG7H|G0*c(F(px>WnV_%v41d;*>VWL&0u} za37-oQapHiolXCBtIc8lpg*o66>5k;PL|;5j10^YaB=`Vhljera=};1c0rkbrqvET zZz%wrromsV<3r6#ZukpNWiN31YYXzy$+bfPMg4p-70KlyF~*=kFh{yPst%HBSpux-!soCiqq~)_U{4ZOF^VAndFG|>IN!ZGG&FR5- z7m|o>l=1!kY9SYV*f@{Xk|sxgsz5@hZzP*k+qU3k5Jysk!E+;+eg}mBUzN7z?iw0k za4V5gIn$aaET?@yMS5nsORjA`JjMp|F&NPBV&bWdzHV(Uf(%&^^|XmO$0UCF9e_bE z_}8r~FP8Z0*0r$yb?c-M(T(6JdF1|2w~koKD)_Hkr!O88ggJ6jHFmRTeUz&$8%5{w zeI(e#^E~i`O;nq`Ggj7fxoZ59zA8S=R!{K&ZboLy`X)Q$CW` z4!}>f==*i@MM_4i=aWgRhh8%FASx<82{8*U2SONnngH~O->|;LD&Xzj%xyvRyw!O3 zsV+utZa9kq`H`lyh{JZyilf8$K4fZi z$0-Wb*8_!wVLy;nA!PLd1Y^v-bEtsptb~9P%haXZ}4coTx_HZP6FP859b~> zC^LSIJtMLXN@CGTkOJx`;|qu&tCk=^^(~of+7YleX~;N^Gm_SeNihTX;WG;r(OMQp z+QnID3B)8Aqnhr$;yTdWpn+alFf;TJqsKZxn<3J%-;!J{F5Zoi<=3DjDJ_w?mwxEl0NyI>=B`n=_VUH_<4cz=Z2opD3rbi zBEciD{ee;k796YB+;z2iTN!>bNx}@Nb#zE0!9RJC@A0)9#%2a=9e4lOpbQu zi=sWZ2ZLsB&+S;vDBu-S?2 z+qxgFEniqFs6Ys|EhIz|E<=A#^o@j!e0J}Iv&Dq=yaj#blve~>iq6KzQ6WW z)*bF&wJtW{SVvHd(rH^-OCJ^>lm0(you|{vyIpSQ!mNMQIyUjI3ZMQ}>%_J+{-f3< z#p&agiyZIf^Lse|RqKe(j?ez8b?E=9bpiNtIo|(At!uHJ8gn$ukmlX)esB#@hf4hq7n0_IX(YDW{wFd^ zfy%A~eoGBI%!}`C0udnfqbjZOtk+_EzlqnT8#pbM;OO62AzbLa^Nz?*!`?Ejy_K5D z$&a1qh{Mg;k`&LMju*8TI8FNHngYft!gxEUsxvfEQ0~fGHnc802tkO1BN}K>c{*S^ z@qsR0UU!~sB#hv18xkuka5|Rd8!Dv5nqmSNeX%0quSd3^Qz#iWb49QH4c^Ru#}w?H zuCJXzTVfLAynp_@e?6_ws?T)E1uRLm;Rl73{5M*+`Ts%dh7|ws_9D<{)l*Oe51jjL z^sNMo`yh9kJfMMbz%d@5ONnJFa((vsevK`z*6-Kh@mho~*%Z~lef<}$8*&f~O`R2= z$@1mLu?2)!+-%%du8lml`ie!4OjNFsF=L7sJl!M#Rp6OC_71I#(q>>92L>&0l{U9NQ>@;GnNWeO2>Gnwk3*EXxQshyFDg{H zT;D4k>a_;DOUm3nWKW^Hz0m*5)d@VJf&Ko&)hYhv>LgY2RC0D1z<;^Ar+>LR$6#62 z8p7gK>#*(KtCicUGUgCnoM8W=uT`_J6V8&?$w8z~t)BZknWUO5E4(vYS@fH1WQw64 zHZ11)Lj+vZg+o|*e4+$VQdWRycyO#@EgK$}h!)g)sNA_=gDaX%D)X;W=kZsmTi5(o zsoVFs$o*miNHek z9l|l)8fO@yCo_qR?0X8)m;t)GtdO`}Z5%Vwwjl7%&u^(;qopMDW}ZBJ-y!vNntSPt zxzqggwm3v^*Y~COsbOsPD9eP^?@w;k+&j8|-yDu_sUzksiDfJv$=XeE48WubUbYk= z?9#j4Zld_#Al=U83+C%Ebgdi=V5ki7Rq=h&(X35^54#$ObcqhDY|q-J>Fj;ie2@}T zU41{g-bpCfYEj~OSDwRQrd?ntK+;jO$5BeVY}lr9~_y2mL38u4c8TZNin@CcL>{KhKiCY=494 z&OZnzZNS95IDL%O=e|ZD|05DcCc@RG)$mn%pl5h?1{1bchS|!U;y)EH^y_%Nqq|sKD1D7_SO{O{LW$3D6 z%IGvvVPG#6Y{UyC+7kIM7&HY!LlWMS0qv$^;dIc4yZ|?4SV-<7BYh_UQ??S- zaeK+8==Wgagz1N{fT!AC?>?0!Tk1-$+oVV{HKPyA+w3w|A40)OV#i>*eN ze)Q)$ko?!wj$t3Y+0 zbvd+f)dPdWcgMmns`LrE%-E|U_PpW{m>tRSWVB(qX}MjhEnXK(7A*L7owiCgEBx2) zloGI=^`IG=bDS)V!`jqs`Gc4MBJ!332I7Hw_*Zq{dCv=!Iym$8eB=|Bca^ z6GpxoXq-+?GLL95hwNL8DI{6uM{v`=O+c!xq))9)2zfUfh?7{NVF7cw)>LK)Uoh~G zk~f^|33d~|s1pwNgrgqn?$keiWBLz8*QZNpc;-Vz<}W4~jYl*Ndj6N9(^m|>zp5qt zOVKTfbvWhDx}S#~x6yu0Hw zEUy11=^VFJAc)kG2GrGya2&b-ICIzM^2yjzHW!q2)VNbaFDAywIqWv};rN$&Z$r>raYVmpJsT zcX*+%a9-W0&cbNTVaRhaR-Yi6f=E6+f)F_KADQm)UzrY##ny<*@k1KS(9p(!nbera z;ksYv@%0wjr0D152Ss*Cn%_fVcB6H*K>>pKy*MD`o z`~T>4OrJ^}a&}S|-Cw6$bbsM7YVrAmL->PGL+U@gN0t|*QLQ_Z+Y+qvGJHvkPzr!( z&F7SMUaP|Y9<6q<|LKS<$boX)6oF6Iz>k&B$~C};0JYk}Q&6qSiWStG*E?e-9tXDm zp-JpSU4Y%wDQ~2};-77XtMf95vmW9_G@Dz)n{gIpK|`3=w+LYwqeCA@$ZWDChN6~J z<1gkug!GfOSr{r}LLBdHQ&~Bw(T*mVdSbhzKgt-bxiE z3zr4HRAX(5-B+khBI}QfU?8j?v;?KHD9&%dppWo2T4Pt?FrL7jsd#LW;v^^Ca(ksX zUxgpRsY3FI3$7sAR_l^j6B{C|FkDd_PVNY8Vu7;#QLXfAU6`gpE)v=o^Qg&PAKWDP zfSts4_l=W(L4RHr@h;E#XtFlZFa8ZML~D2kF{6?zO6A20IG$;9^%N#d+IQ-8HX=~t z| z^xKu1beRR7-KdztS`*&R6S0y3lhJ~n)DDc_J%`|?h$8FW)60to zEYArb7?H+aI-#xMHqRiXy~rg2I2>4Wx_v*~ER&7SfX6 zRr%&N`BQ9eJ>tra(=ypZo1G88@kjO-Bt}164El-ZR4D5Ghpbx??F8|{>uOYI!sZ*jj+FAnisWUl{|LxPjY{onzOCc%i8i^ zG{g7@k;D`xC43(T3*k%D;+M~&LA8@lCbgTNUdjKkD^3!PYxnqbROJ?GFyac+B68-? zr@F%!H_CVNeU-dJth=T#{UturBw!Cd`oM$qO4tjiMy6U-wh&l_AFg;b`oyLwC%()) zyV7aX34@s^RW!*sa*PB@L;0#0d&yR%97dR~QC)B|W7rFu^sJy5Y^U!SSV5C8Ko?Ie zPtVpfo8d=nDIti6i^w%ZjK#7>AkZ{?&zW6{#Uch`k6&z#uunc$7DzBP{BYmw^0Bq{ zZlp_CT;0cXFE;rRk4l%wol-vX`LKqmAZgMKmhpM|{&K*|-lgQ3$BsPNJ)CrEN6GMa z!SZ+4odu<98J-~A-*B_6gI&rZlT;esxZ8wDk~MFiGf#!Ljt(|@M576C6v7wFBQm*d zrf=jD$$~0mibW!Oy5whF+%$ct+aYZ6Da1x*IJ3u7SMcA-Fe4|@06eG2rnd9xb$H~R zWO+mQQLssr{SUfnk<`}y`)1VFTGt!eez~B*5;*MPRJoi8GsSHX5!%FzO&D=P_Iogq z@kInCJ!^X{LPmk*GY?i_cP5-c_iDgW;k%ZP$6$4x@J%aMJs1W?T-Ol|l$|ooIdt`w zVpE_g^=P>5`p*pS>l-FHin__|`bI7_vDfxgDamOATv!5)ouKJxk`6Q&%BiD6F_}b~ zzA(ngpO;oBeN(xcFb{#IjXivQ$-Ur~usjKL7vw!MZ(v@LQ*H(Y4mg20I~FOt=Aei& z&q-D(wu^nR}V%Ub+j%kFUbEQ_S=&+uQ%4hq`CqvWWIM}c5^yz9USF2IFR zWn@bV<()sg37Va(rs5Fq4)A4S|0q=E)Lk7Q^qo)jS9!UCk2=LC?-huHJ$nNwgJGgV zO6p{c<%|!$!nC5UlAAuDCv13l@q3+Q-b+cT@{i%+^U05G9+L5?24#ap9wRUmVh>KX z?r_5NZYor)LlxrM3$k{Kq_-RN=Tz|CVe!->xnBV+Rlnxbotk^OM!iQ)cROHGB|otf!33 zggmPqp1B9_;4>-{d8|d+dm6)gQSm^{@&|2nvfR{;cqF|+a@dJryWQpYc}Hq zV2bFlbCG7$q<0%x5CRo5#n1!M-)gYcSu*ZyQb!{dmnNTc`JF1LXJvH0LUiQ^m;_ul zKSj~45X}dvDs5%d95(iADfFm%;H{u?mQ}V9%z~jKVUOE8;Vb6d@o8q1&+qEDn#bVP z?`VU+M8MC-(bq&VG=k`_p{~{Z*IFRu@?a_tp)izi4N_YU$%Men!*V`ZAjC& zRnk&MGf&g_U@-7-)+;S!_~aGr8op28dS^qGO*I&(jWOAlI(F$Db#!1WWvp`~Hk;sR7qzxb{VZFPJiW7Kex{F{0TZ&@ z((dnm@wFCA@1%D31knKPJJAX|Yg(%L7YhzcPeuxI>XWtiB5MWwn4vlXq}voW2vsiG zH=1{wbc<~Evny{0M4#e;WsNAoBfTT4QT5~B`y}w4+i~Q&l~;N7XvB@Ha}t#ruytcy zg?r+iOv?vu)xrfri6H!9Y$MyqGbQc32&51lV@U6n@RQGMOIg-ztAuvVFkfA3&*;fk zpkJ<8#@JkVCH#bl_%g4I;Z`^PHhkY4m#B)?=)-m*GH>apd(Z>}vEghJ6ZFU=FLMzQ z1Y$3x%@qD>un~{YLgE-6u;%~kgaDYOkbb7s8cs9Yi)YGYw$$h?ZV;ur?Cz}rgj#>G zlQVvnL3MbPMBPX

    o%j^AoyM5cR`a&e;+%g7z4rUxo`u&A@#Ld@I@|Wz3~bV&UNm z9G|gT>n1Mi=Z$ZHi+dXvSJ%m10Cw7;NYpzX9v`GcD`=$j)zCT=DbEpyJ;rt_6Y{l> z;h3a);g`mcnMqcWG>_&utT7vjHC4*I|Ipq~c(4Q}>g8z(2S3}hQFIbiLF_jmmtiBt zSpwM;RGCXw4^T6slMe!RWIqBqlzqZcg*Um5W<_Nq0y?)AdT%X$6Kwb##BboD7D(>p zaBZd01ktKGwxPNhr-x?(}l|t>{GC_doIUAcAJiClwWo7%ZiY1bG&-%doi0L+5 zos0-*MWwxGq(a?TPxgSi{802C8oqUa1tYnL5NG_kni}^k%Z0eBI4^NjBN2&hewrxa4=7k&QxJ()ijfB?sWx$* zgc+jZk;q%pSB!B=pKI$htCL6BD!v9A;<)pam})%U|5duyf^G`6!g&&~^dM(zgJrsI zDpzt8*>wOmbsSQm_1lD&DG*9$AncA3O8BYfNq^p-(0T7SKs!_|j39cAkq9?sIu0QA zX`%SpDUqcS{VXl<>cO+`wH@BsF9r=R%}Te0?uF0fznk=MJWImlpV&1xjbv@?CLf?# zK|qWZ*9m>ef~flN-H33c)nxDJ7=3D`t#mRGBR25zP84HMxYIsgj17lSs&0XV$$O($ zW7j?;R)3SK+>J9E2S5!8OfQ`&UdsdB`kW@xCa6url`!I)mReIw2LJFK?vC~oXDo1E z>cOhT8~4e>cRM;(=5N~`&zL-YFp7*O1ubBQoW{|7>#rq(b%#A%4RQ zo9`^Yc*F`Vw5c~Zu1%;uDZIqve-_X0iIfZ4hcge%gtGh#(hGjXp;6q>o~7bF(oXuUtt6E zYAO3&$T~HN)sYv}kl=`#hjVRVOlL~6R9-*Lj(L1{`o$P~U%>t0;~AH3&BMtG(>T;0 zK3x3KS8ny-7)R@4mDMFQdAIk$ms?T`w=e0j3ZY>wn6gYV94o*6sZH8Bp zkHI#n*LtL)?wy4FQ&jgX3jvk(wU(n?{}J-u zNGDMDX0!pTgIdF$){j(BKflNiMUV1hXN+U&znR5~Mw-J&#@(#%356J}RMI%18&j`| zy9@GjOxOg2XNue8_A|?xHm-oK9!yrE`RK&N{+1Z0fZ}G$2c}df|A@N(OX%AFdwA2@ zd4m_cjvDCdqxTm@K|K8JoXYPMyZa0s~?`f*vZhpW1W|+@;{O&*N>TqaoXO0M~jL&Z{tt}IP zw<_cIrl|a;ul&aLDTG53!yiahm|+L%c&H4$SYT` z`CIkHLJ01kGxLu>o?Uy_-+VXE-zqM!-+&L%ZyYb%KTzKuqA#fbOmD1*JoUX+NJYKf z44J<@CjWTj3VGQMdEGAjvzz?(@HOP+I^=oV{Lc{e+mma^%l+H!(2v(bsnEzweItjm z{~JSqc1%bwO) zbqM+~VLpF`IxJzO9E&C?R63B#YuPwl@Au8Xuy`lp(7nY{VSzLugeAt!`_D2NpH$i> z8pNj>`D5kQJ)Pbk%D>`E@a_XC>*sVcKUXpQVRc&_MzHiUkwPgIPDG&di5;npv43^eX>j#7w*m82W!D-LQr;zy2y}aHcHQ$oZqjY zFmvy_wkY9Q9l9JhJH~a-U~S{ly67Vj^6l;xyz%BHL!`K8IlcY5fp`X zB(SE!yqnH%xXJC22PAq4^N0#kEz@>u3#so4)qPU@P9qzT<9hz^Gq2*HC<{32KUM(7H87e-13%5mFT#vr$O^xukKH`PWSAo|{Z&3aq?9@w zGzbJl7xQtzMZIQOwP{geF|?wWI6)FN!MSdogt~Q!$q_N08^A*R^1zW1Ww)mgp31_7r z<{a3+S^@OLs;`_yabx_n1SVn_|DcTG!527wGS$+3uy;J~q?8Hls z*67OoV;KwXkN2vfF{qc2M;X0YUVv{$yV=1QVCu@yxj{PZcpNeN!c#6YIDVc0cI*_> zygGphp1i`v_p#W-L`Lsaz%) zAJSg1dIi2iug|#oe7ejV-D(?&7F=W8?Ll|Phk$>ID-CrYvSz;kyEnA^qJMG3CJ`xLYkl*3bN-ym+#MFekQF7I42i${l?HDG2c26egfi*#RBM z_!JZCFibEW(cnugzywb$hGeE9!C_;{`_sd@De;&Yj1<_6P>U)1!G@(%vWJgk4}#Xg z_*Dzym}@-Y{KOU|3xCKw;WHN)YO5(*5GTp3H21{1MaWG6Ao|LArIe$1j#yqd^k!{+jdGGX z^h6kj@*ZPi&mr>4O_&NBV;d2oZdiIN^EfE44Xx;E?4FT7i&T>3&NM#*!$A%uAT--s z9d(^D9(04BT;AIDXcRFNy%A=Ayh zRrpdFA{j;}o;T^)b&f)@c$$16ZHKkD8ESEMk1E*$hXku;s_;ca1iNvefXN8CQwcPI8)x@ZiyFOLnqOoZI#L z_*gBv$+*Q}w)eHf)ODkvZJya(N70lR!DQFAc)okpITmDy$kP|&SLr^u`qudi!iO z9_KAk`L4TTTM;un@l9zwW7B6>Ve`LU9tBXX`)Ho)eu4UOH=us*cTSP6tw=O+{<_O^ z;O_;0&%8D~g-&E<%Ec=(U{P^34Dek>5cu#jlk+Tir{5H4sIhh_=a$_1qt^O1Sz-4F z=@@MwIgn}VoDHRcIZ^$Cd<@&3-k<3DaaUu%cp}cFA1}YCuh+%yfYjp$n*8^W`QW(fGd8OzH@5`{~ zXbVUig}U1LCp9s|ZatYd*b?Y6yy8QGH-eb#LE;tGE)z8=!k!x4C+(d+3Az%;WxsrT z|M3w8_@)jJIycDj40A&8wAy=lTm?J)qK^Kk6j{E{4amDs<)Ez-r#6M*5upSlVrXb! zVlk>~L}&;@9Joaln){v@>sTJ&kRZ!Lbp)sj*)u1&nCj4Z-$2ybr!)>yh;zrv=~Tt) zCrf-_`#w^e_0=F|h4?Qt8Pb;5IqH1x6(KEk!{$q%gxW1Eht-(!3XXU~Wh1uG1nn)*K=ND}L zx_1=_D~S0`E&_VijC`)ZA$iR&EKEnngqB zPZUO^%+DOhY*T3@-A+NK4L?JPjpGl>55eA5RZLLVm358F*8Igt3%q}|J6(?~&r(+_ z)<&=MXuWGV;443Yd)}{@-8^(fBB!>5WW#^*t|RPNl{{ekPMp8l$vW9s*V**_H2;JX z(^hwaB@&2?L{>Bwp6WEKjzB?cc|&SzZ|x)fF4fqkQa#19Oy@OEGF`Vv$d1L8J;iZy z9}1(;mg#JGOctpHY5D7QPb%v%@#;LLd{GD6x7f-2(N-^j8hq}YCX3IG(G4&xnZ<>H z#=k@e9Wiv*boH7FAY&Tb1dLKj+b&csz$Ue5%dMk8myFrPeMplVsaq|MA+CuRsEX2| z$*wV-RvBaFH+dH9bsOdW(uxKPd_cv-j}J}BHSg7y|4ratfRfJdnH1Ie@*7Rd)svk0 zRRWau)iOu&K6KY-;c9eA_uQe7tpBR1yP;bWzMmH@qEm`7eD{izj=38*({>#hhTMXL zDCdiH_^^g7etlDy36q_DT%HIltD2N0JAAOOsf-4pYn|81CX{b|AWQxg1F{?mzFTG9 zgc}QE4$o~jvp{`E)m{Sw@QfKKr5S$GVE}o`aer1k$_fJ8cPB>`5~YUKm*%!+Z!L^} zWftl$t7(j^85E|j0CS)3YYX!9eB-_N3cyF1YPVD*cm>{miAf1;UfWPG|lJlp@j}D{1ycnWsAC9;19{{YHj7y5tfIvw5+KEs*o^1{H9g?e4dh_X=nXCcUt zVSPnq99lhvFofj#gq-BBd_%?k7G)#sb3X^X@BrK0N~v(Ny#tdfHYvqxBfwKFEp| zPlC>k>v?WcwV(ImwdvHvKf^uVKvo@kf{$9y&tYd=mV_@4Nuc-Iu*7?O<~_EL|1`mJ z60?uO93!@I7`1fFl`kP+X32Q?$?UZ z*9hdrFCv7$@+t99u55xDcDe{Dd1Eh*@(fOzRkpTZC@mb0*2OkQY)tbuY`*d>(OGCx ztYDO~Z2Ij5Qn3!!DqjDpfgvLQ5d|Ko!=Sx5yr=kQi#F76jz%4W$DYQ1oiE05VfJ70 zsr+()Z_djiKt?T_bI6S!c;Egz3Ob7BTO|J@1kWN|hbrDsyiZ~i)y*S}dcV_+BrlQZQa7 zHc4jDt6dhf`;&jQK_wscpCA<5rbE&Hd%U66V*>2M0pDj?TPUe9 zMXbl+@h`>IdG`ns14p2%P_z)8EdPS6ooL!ruUw6H@B1B%5)<9DlY19dMeBzY@!U2- z>?4gS^!6nR=mSIxhRT9w3StlYy^WQz2lQSUAUaJpRFjF00q#FTQ_gb+kfx=-+7P0N zEW7FR_i2<=b>|eooV40W`=A&jODWNqzLrMBaO&g31*lWP>-3(wJ9OsbsA3 za4C_LWG951BSh56EjpFI!(2N-Gnoa?Nnz{XmOPS$Me}nJ3#@OSwgR3kH;njQp%oQR zmGxbiKyX-@iPSyqynPi?2L~y2*2l%UP7+gP~9Xd1=GT$ zATI%;q5QK$SDqfTV41V6JGHvlvAu^E9>H*W9uy_~P7Lr%(}I=jQ9DMnVx~TiTW-*1 zxeG6pJ$2I8@JIiFY8*9k%fJSZ1-s zn9tzOMb+l1n;%t)@M|`K!6L^n{K*tlMGSb|T=gs8WmZ^g_!A8IgaAknL{1P%(5GPR z?Eds5{HFZ+Ve$E5+FpUs$~F@jR0Sn(O`uL2UeNM&pS`YTBPeMl@VPTAk-4cxOo;(k z#vGmURc3cSV?d4)%GM-&yBtKd29-+d7*k}3`iP&l7u_bVyI1&ooRK)Al6;o$ObdoA zGX|Objw%z2g^CNNW}Ms)@cQu{x5P>>g?jQlhA7lGNcjMcwM@hoY?N(6^bI#6fc=^Z zllC;zNlREG6>(U@GOcUJW{NE_M~XlCyb3SUS>dt61YIz(et z#;au_>o%W*_)*kztSd=>yz3_hsfIfZ5(3|!REc$|Ma<$1Z&h4$Ji$yq zw_n69O5BH48oM-2EXl^uZI5_zjdBx4zy5LJ%qk0$aC&d;O$9-wx+c@lX7=LG)xc>B zwy7?iO>lZVR-$9nDpAoQaC%4dc!e|`o~M!Dm18uWy1~q{I}=^6OXNXZs7d+@Q%t$R z!vqR1i&c<}EhDmc=aWaaZ|=1>z?I!b5xp9d3BEg^HirESXHW=-qyCJE-pwGLwi`9L zGo7EZFykir?S-@=_|I4;D)#Q8#VB(9ToTPrlnb5pB(UD+%#ojK7JS_rTN#1^ zEDn~83PtB-3QTj7K;76|f@C?dQ*^I~VXl{(nDR0#b=4zgROOZn7KZ%9AnPxfEWo8# zwiq+-?3b_Kb{CWTQ*JOMvi`DpK6tfE(}a_547F{uOiMynfdR^Cc_C-A4DQoT8Pl0x zL0fsI^zbv0V6#d1SE{TYBo##gEpB4|kEQYyF zl}KIHapW5H%2A|VPR9B7(r)uMM>Ds#_1$Q+tuhSrys^vLe+1NP=-kDz!2GC>y=hYX zlEH|e=C47*6ypo^1m`!5&Gx4)NvLd^d`o)@3lSkC5OEn9l9#*%oOh1Rk{dXc<;N_o zMxfaq9lGK4qL7QJ${#lCMe;0xFBszoQC#kgJS({U4-IByR|o`qmjcn|M8=BxjR_k>YtD^UlixREBen#6oE`VVX&$ zH@SphGwzrmaAUEnR)&;@WwVuRg`xwGD*L-E{IqlNuQg|QGM~;Ad1JeShElnDbR+hy z?M@$8kuC_yey!=_f=^g7gGp4@wm8Tp>1o%yn0CD7jJYK{4Bmo?)PpI2u}3B8j5%N5 zwVXJ=`C9}#f%H&YlPnE~d!|{!sbd-(7F<(IT5@4spnAY_buI|Kaf%?1$@2@16hJcLBJlR*w;PdDdy^n9dh9R)= zxTtC*#d7J%tc*&iToT`onOCt*MQ~RfV}>|5MkPi4QQxdE#0S;*4wF8n zS(2JQq@nxYN)M-B{7zYqd0YXh?%+abYlBs0Jz&&^9dOdpnRF{Q7k6JT#25EA)p#FB zz9pbovcYc^q4HiFi#4_ODtU`ZzoFngbN0uY24J<-`cmiY>xj&I*$`Me-3&excCI zRGNf6S;WT(`Y<|nLojAd zklx`JZw~1?$7?d6wl|e)QCi8_9IA5!j>cxywHL|fpx`ooRLvRxKxGZC~?zc)nHLnxg-IRb<%vqlnT z6;x23XydxO2`TqOkS>aet2OK=lTsMMf5Q~~-U?8B)^S8(TerltP*s!$Z!*{CeF)=% z1Rh!{;+vaAzDz#wYrqdyw9RLQ;1c~|JU5qb^#2W^Jy!F;_? z;+eu&j#Ky};8(r0&U6yao3Nzb&5){2jolRw9p5CFUN;XA+Kk zZsflXdsdFa5Ka-PGU$UV$mtwq&E`s@&%4%r&w{JB@K(wAyrn%n@iB#q!{5VsgqkVR zP}I*4I4Iyw714H>{cBJ6;Yx4dgv1ms^heBTC0=BE2B$e*!Zr<~fC|1!QfyK5N=fb@ z=Tl7c5GO)9{Lhp^=O86`AQjH0(#OE9F)>VO$IrJ^LrT-#?DbO ze)(1_RUUNCR&o8f*s>koiGjSU21xo@&OV6f9;Z=_1V`iCuYJ{6GEDcB|9j8YVPxVs zI}q=Ry$e8Pd}VR3C<@YEN{Qqb@a2Z+8hUPyq1J6Oajs!COg?&~DvOpQ@Y@U}hgiU_ z^}0wCn0qcjn7UbtrE^uXV&FDGs=<$QO`3-G!Peres`s*IZnXPy+NCMxnLgEGw619g zb>f|n9*RfpO$pwHnK*2QcN`Oi*%WM!!r32S-C1m;$_}0E+8VUlly%^`zZ=M)SzjpR&WmXHS_aLYb4Z zJzp70=diyf;v63>(>!iiFzwyCs%l;`6_5Y1b2fOkDfK5cwr^Nt>SATL-8j>hV=y$R z4Bw8!bKAwW`y9rB|I92~m=!4w{TSGhFybmPKIj5FcI3TstpyM=ER7$V)8W2>V_aDJ z{6fI$)Y@NrFK|)w5%bs^@3~nq!daCu_JiTs=qD#2opAfX<|;!S*r3-jN9wFLnQCuL zHkeqkIoLlPt1Izu5m_CG4X?i>bkoHIf|vcYXneErf6E z?1s52CFQM7ACaXEi(4I}LK)ZbFG0iph^JeY8nRt#odPNdAS#i_WPYZ;tJ1iF=0i+K zPLaq0C_ID}s!hdyATj9tOt8|*8EVi&Xh%NQu-RNM9Y2aM6o>q-!QqAsAM@wE;yyLu z)k|?oa+FE1sd@0tNEw_OS1>1@E3XgF*L~o1R?4zsBI{vj*hur~Xeg};fa|75Dy^Hj zh4JH=iOd)tTrhY{11Z$5aMQRg_k2jZOBF>^_Dsra!JJ!i^zfJ0MMWJ!_;>%x7ZlmR zNY@P!Pg4pQ{blVF?;m>dElUfr5o7u`V_>z7+^SFV^$dr40Aa7MRL!1-IokIVPgBCbD;m?BMG0*TI^1|Gz5JotBn4mZA9qy8@C zQ{l@#kkBbq;YM$zfh6t`5t#f8!e2T2C7W(22P=lb~*AgIsf)$ z-f;0y*rPM>V%%9V1_pEN(3VF$FVyQwy|`(2v?wwW40Kh5AH7#SL`z3X?2s;Q-Z#aN%2WYt-7%!sPPKN-jEgqtQiny0>`uq1J)y*m@b zVmxcS>iTZsj(c@nHN~()Z!TH4GsfLurL_}}W`E5J*tJ)xlFLUV!t9_z(BpA$j4;v% z%kWpYSZn!QmyelHI<{$~8S)~eSX!`!Rik~##T`NQPPI=Dz26X^&5#sjxmn4zG^>0X zmo50``e8BRh11BJbM~lJBZYM+4+jp+rP=r&uKrvjb)+(ff*sm_JIE} zf<;$_)Wyc;3|95Aicjk;j_j^q0^>dau`EbQ3=B*Jb6tlUe*lNS_6{S<{;{zX6%HW< zj@N{MjHy(S;pA141L@SzXBW$b2d+$vVUNel&oI+Js6alnZoW&)hk4+|kPd0a)N?q3 zxo&RFMlPzU24I-VwfwX*VlW1c4S@cm$EA4sz7BAE5L~Tgraa#|9$E}$Q4eUJ-RD$P zJJqOU*i7u*Yu2zLV=G(rKt8xb30dzjQ(3~ff8JxFR^)#yPoxl|!I9pSE#2;7jpN6l zpkNNY_sDR-O<+;YOTDR-dFHc&r*1tSvSUfq4 z4l7f)n^Q<#$b8JBxN~Sc{W&89@;EN5n)2DKUH8jY-&`$^_>oXnwBwYcQDChC%S@w% z10B0GQ2U|>CIc-3^976tYI%))0?l>O7HMT?8RrP>f9WZ#^sWC@MTAEpt5VYRUaNn4wpN==IbvK&&HtlTr zsl=%JX!%erH*ZuxUl4)8SvYrR_`Q$TzCm^y*_tnOkO!?G#atjBn0>L9ppv&jVbl2* z;Ur-lYe+jLJ|UbKfwQbaHEq5rOg`|)??7{~OVNq{QJBF(q=>0IuyWxR)IXzWhm*xh zmpzjex$5^T&Gnyl@hxRR<6c!1^pbG8$>X2*4$**p!x48(pnKQ~n?_cZ2jS{o?sW9f zeQ_USERhl+&c3zwfS)v#er$|QJR^glmhKqMgN6hEGlK}YRT&mRh~yx+%X#nlC3oA` zTn)uMQoIfS>S#Gl$nsXz_hP?Z7b=&<+F-~~)MfvBCu6u>hbZ*xdL9EzVV7u~R- zbX4~O!*IfPT5&q+agI8}XhO#t@X-8z`c@w(HvG~_OqR8VtfZ)k@VD~|Jg1FpuDl=5 zO)2XcJ}q3R{^?1F8?F%dAU~=C3RY4hbNoE27D^U=t9t)n;rs+IzhEl7N=d3GgnE9& z*;GUcbO!o+#2=oecP}r2pJ9OJ>laBn6opn3saSfp)B$9Wxr2kwhdFL9y%%W8Izwbc zmWP7D*@yHWqI=g4fRBCG(+b+Jf#a1VFm7L}{T{gy=uW5h8#8;dG;)?Hp5`-W#DCUj z&hqLQ7uDMM5PsPZ+Ca=@xKq#hvNzab!*w9M?Q`hwiQ}?gH?1shNf4fqOKm$&j(x2F z>}j%?9!`_N4-0Z!qi$<>Wsli*2Md*BgI0ee-sp*zht$pLHS3e`fi+%nL}^0z@y zZEn+9!j$%K-%F;~KSh?2JSC@2Z=)=Lh!bt{9;P57n-(JDC0>YZK3X-NMX;htA-fHN z*P1`-!<7#dsxvI2 zKFGBjcjR!4&rg!i?_#~r3!n0XJ^uLe#I0fdHVMXDG*>+i}^P!WswP*M-9VW73B zZR~TmcW9NHfS0jBs!4H9e`oFQFku0LE0!QLfN2O43uU}rda)3l-`gu@B|SGit775eu5RR0=#k$Q)2vy}`3_NHNkMCsdii|__~OGJ zt(>Ma}pRggnq zft6xZ?AU5*`)S*xtK@i++d^nl727GTVEv=CvvO}^7BjMy1~Rd59GZ-Px_!L>@!S8W zm#>V8!->Ad-Q9gDg~i>y#hv21xVuAfcUiPpk>ZPMad#G4yx2maxI2CQ<^ScqyySg+ znPieV$>e74y_uYIKOAD3hXG_`0|NV;+TljUNwuE!l_`EUWt&j%>}%^mNTx&rz^v`X z@W;DgZu$+fhQvq6B2!T<`mjm&_1d+6(d6b4-wES$kVsJ*iHnmrz^y(4?#6N*+?C-} z#bg)1z3bf|ThnQf@TDH$Fx6p~N5!CMAK^MVjq4J|TR!sSg2LR`8T+;OMNT2)3tou9 z_@W-re~&-Z`k4p3_O6i$uVmY$Z5}*WX`}Zpps|KG-0Y5M!sY&%+It{XZ)w8@CxoyD z+1mdQ1Hh8f|J^xk9c_C8&AEH8LmRHn&b;}*PT`&94^m&f~ zHo^vyNZgZ501P~e;~i>w{Hb>g9;iAV#@`)!^im36eB3blgc4MxY>L$2BB1~7czu%D z05$J+r8rU4V&Qb1K{Y4}@L76%6`oMN2%>Wak?YlwNZ8N8|Dx1=#wH_i5RW&#@NiKFmZ6zL-x2GB#ee999c^FbHzMK3aA^jHA2!lU zAi>78;_1d+oI6KaP^#2^)8pM>p#tP;g`3!Py7`iIYDDP4?B+*D_`j0Q@`2cV8!PZy zIEm=42do(?rvC~7TI;$b21=SwoR7hkX17al10_oWm@I349{H!jwaYpNgwALvO1u?K zF%*3vl1U}U)Y7nMPZXDlbMBiRt)InGo=;DvVDgW7$pZ*@zPGm2q9h|!UF)b${92V9 zM6TI?rJcONNbg%uFu34-Z64w{k?(wEDWd;I1x`Qnul5{uH-5>4_Hh&=N<`Ho zmwt$+tm_dO*buc5Qun8s$OGr#ADe5Vc^lGKs`$O0CtkqjkE?HkaJAp5d*l39%&&ua zmk8aV<(TSC6%hyEW{oD%N%xeaDRQqr!!PKQ{!gH8oi(it3pnL+S5Q8z`Ju);mk!*w zlYtu@$%^9W&ub(O*wA;$io3DfD0=r347zDb({DwjlG-CBqH|6`Ze%ARJ&6to zU?C&&rjQ)T3f@P0fyk7?1*$eRvE?5Dt^?-9i|J-^e9L7q8%XGk9) z$6*9~o9MWIl?gFRf+dpocHAm{F#Rh8R`e7(&F8riCv4v}?;|p!kFK-Z{;AOPL1z(q zn^dq1d@HH(jO`gX9>}i^232{ks z?&@iGKmAjSd22HbH4>gCzJB;qxPrEi>jb;Q@aN6lGXU=~| zW%nY?1w_M-%>Sk}y#14GbW_JP%kA)mPUyq^=UI1wP6#JmG<3fl!r=q(ip9LFiR5~j zuO0Py6!XZHAsp$u!v@{IWz-C`zu8!jRn4^0^t!?KD&2B6?u$kRt%{BF9ROks1Z(S` zS*WMqMpH1i-F-H(&TH}WfJM{c4W+hPkLkN!U*TWTP z0xH?$sL9Zb*Y-GS;WAzcQ++(ZbJ$sY{d3fPGc!UyKG1_hsi5+~ke z^dJU;DOgQ1Qy9~a*nNSG@#>y5Al{X@FE=A%6xI5gj2`}@k@`Kxg~FO%3Unjer!GJ8 zA}Mvw0ydr_dgXSU!AG<4FwN_{62*f_!w}m}9_004a=A1nfNreoGvxzQBF(QsCN2ON zdnSyHOiX9T0?xkw2*&eRY9{whkQ#S}DZ7&>lwR%0n$he8a~*qvCbDNDRuPqFu^vzH z;d;Thp875-sOJfy$?_}gGT^?EuZO*kRnXCi%ew9 z$}U#7nrJ?g)L)5ugwC;$1#*Y>I1v-alBEv;T4E5BX)vl$*+|EilzInfYWHmmN)Qi!P=Y zM#^6_b59$9UoIZ<+sK?_K@d59PJ$OK@Nfd25*j1sGL%?Rp8Vc~G9Qj;b;bv45~uh^ zES%6b7J!o(x+Yr`YavVrenKHcC`PnIOT(eASOyspHEu#b_EMRdJlO!v3U2*j^;>BE zM{r=LY1<*up}xrS-AKmFT#)AU=eTqSk$O3ri6cvVslFv5kNl2CTVaK+L z4yQgdvn4uwGPyN2hOlP>+8G^EYq9$lMMC*jFZ;RS_?P9#o(_^LZfdcBm#Jqh7C+i3 zC=LP9Mai7=5VUgt7ls&^xkeMrI7|1Myx)~)w{zX-DPcb8j^`?y?ve8VC0h6kmbNb= zHuN|kF&NKj`<)2zxcZKoutkB0=7RcE@%)|<^z$b?WconXgfLU?_2DNd7sWleUo|o7 zt5HRd#y}IAaV|Ib)MMErv^kM3r(fCY^kz66~5M4#F9O-+LVgpeaJ zvYF%_GK_PKgO$`Q4di$K8go=HdZ#iDG9sYA;ojl==!`yn{axQw&|Vzx>Y*ex#aw`# z@_In>t(B3Y^x%VkAd++E9B{MeCx}AIzyj=S_IwePSJp+C$Ox`i_LfiPJ$aG5?Zz5( zCC_RDvY2YM#S|LR;;!4MXm3KMAueQFDdj=@C{pim7e5b~p#C@iUeg0{Me;c6D>Qq$ zjylO*Y-QvDfJF#+l+KKHCs(p$y8t^R!m(nN?WtN@WZH{q*(l^D)+sUmO?Yx%RR+SB z&(ybLxR(B#Vh{S`v`&73j?=$4)ujvI5Qu=$t!e(^*3H~f0{>cC1df=m2}n~4_dDbB zNg-&xq9WS+k;ontdS6)5VEl|^*glMyT};JscM8=4rZt{R@5=Ji z`+O|Oiu0C6tkOmT3rdVpkD1WYT^Ch9&4Z3gYa5paG7Ae`oVfbOegJsWLKlzgLhVj? z00o1zU5G3YS&HC3u{y-C?U|+@*gvu)m->oqh7o>&2oB0ylRw^*Xo3CvuS|JmL$Yz& zcB>V>igI~#Vok>|QwyDC)U)Xym6p!@n;=vRZ8%j zT2%U)dggJe@~N9lHTQm4A*l0TQynpTUqXP{-~vNm-J)#Nr~cHfl*jRameYB-jaIJ? zcWnSHtO;w8;@P0T&3Mjt5=lurt{Gq%;aGu-q7MRo#>g#nnkQve(oB~2 zaRlp1;gmVr7kE;m>r^Hx(@sr*lYfOdrTBOZrGN2JG1WWhxqa{A?)du+LaS!$=MtOa z()NlW9Z}~1#m-zxY3dT)o?tv@t)}cumnLV(OfXx2Sbx2Kod5COhWS#Ettl5aZSdK$ z%8W|_OPT0u6JO8(@od{tsY8Fy7DD7w>0?H66^Kh1X*}ZPHcs)Nzk?Slb}l{hQ7v<$ z$vl?P>bozl^%wqFu=R-h($I%hkY-PpQwE}d}_ierGN@KPvQh`)}_LSa)YnGO#=C(knRk5Q1vP; zsSY4m6c}5FRCyzUaUW48gTB??S;M}oj$8~g_O~NMBWNfg`cfud6jL95&hJdRn2{-* zLoI+Z)qz2(w{QLf)zZJ8pg9NMO#iQJkpKJBz^F zaM~k=zARU4aEdyq5ucX~YgSG!|6pSo!pv+pMz5DaibjEKFvs!oH0PD|EMkW%m|38Q z5P58>H(_|ntHg9)Axydco(fcc(~@}zDQ<9qo@V0Qjdi1FqD?CCZyvgM^Qq?VJZ=Q& zS>5>ZZ91Cr29cCBjXH$@&*jGn#UX;fiCxlM&&39&QvnAp^6(C^Y3p;-Ec}Z6?o1 zeZot_+|I9v`m?sIE>SP;Wd3Zha?$b#&D+Q1i4^#$E^6kHy3s_;c{EaGj$9YGLVy%{ zJZ@%rPs^!vW~&n)XDe-MrGlDAKd1q@tt8oK@&hVi0mFPktuX?ICu6R3I)8^3UWWXO z;9nxJr;Hyx>@F+y-A!~5*f*4=XP~_G`jN#lkWmkzTjXi4 z)w`4i&h1?Vm#pbL+`4IjJ_=zbrkawH%D6nT&V3sS2`at%$L9ZPe=5bAGt2K4( zhrRH}dQopOAtdgR2s8A9R3_b_*RVwH46n~BtL$V`32nN8=Eg^64g{1un0|V40;Yb! zIWw9)M7@_ZUvu4ba<CC}vC4R7A{H(8cr{B*qj7s%+=0PXRWtUn3x z+k11h0I%IqdLZJxo(gT_FhL*TsC)my4Y%yC$l_@(49#bgKe(J!Lg=Hb$VAn}c-@o@AahhK$HZB^XKOjydg&-lPCP8gNhhMdd;A*&V_R%?2dXtai?+M~yofXGb-WzkPG zV>KA`Q1A--I`%z5V}Uk7ZMDWzUl>Rp3hvEQ5mW>(85v6vED(p&#wx0EyJu(5!}0PY z-73!~O$29FO+Gs(?TH<0ADNGT)s(Ye*po8ZC`QG0(S(KF;od(7Zwbb+Va(wbFgY(X zp)q`m8BHqEqclvml}<=?WO{oTv* zEZ_q;fJQ{sTaIvE(o7%ftF6ECbBQX(bxwn2AC>SG-92@3_|MGt+qKFZ!P?N-Jcb~{zEzY+ogl(TxuM;l3%dv*kal5To!lVW*C&lDa%!{ zQxT&K;J`FnW{!>hzo&ingbQ@>r)EZF>CdBm^uh)cZ)r!b0P*QKWOS#W@a*#&aw zxRJ@6(hAj_*!LYz`el$)4~U1R`=ywk1VwrrWD~qrjQ}HLP5yZL8EHz8aPac$8@5EA z8I;fk2i&sz_z2g>2p6KoKIR!JxawuxEBVPjv@;p2vQu{^@v7RvqdE^u$^C}S83pik z24G&UrTsl-`Wvv!Q@}*kIYKeT1@HDEm$}f(glv=Rzyjz>hc!bEu6OGj|voHJ`i!@WINi zXXa0vDv?DbfzWC~zwelds(JD+x!1?3&tzFhr)7DC9+h*;Xorv{Doo6++agXZ5Z#B}I}GtE7bG>1Bn8aBV;v{v`7A%Nv7 zO}GE38K26SYoXC~e+kA094f`Ke7ToK=aBw^B_vfi+&cpC(rR<8*(whOsN=g@3AF5T zjSg?hOJO{N<(`Fs4S6jzn2*l&u@<>j;$oRwG``!qB6$cdTmXwtq5R&`2Kt84cVS1C z^QFu}VY)PahgbZ;MkPg&+xMVn^?O0C=w{2*&s=@+K>VSr<1_TyHs>6a ztVI&68UWkHqn|)hKF8JvyIp)0w5{M$q>uvcK94OD4u9Xkbezw2Tdn>CA33yh44Y(u z>j9K8XDc`f_{sKUc4(KYnq4fu@q7$#-%{1JyGg$P!3%MdwC0m2<_6GQBZVcPV<~D? zU3(!_inpoyVH?DEODG#xt%#VX1)=dS@?9Fg9A9-EcT+2{NKHgsLm6GU0e7c+P%KT2 z@LGq)DE4GJpD`~9fnjQcM***-s@vG@ALuFK;yH!r$~_6qj|O|5>wWG9L^P5)w-z$9 za>&^-H5fJGj%O}@F7!;5C<|8jkPTbK)LZMr6~0p(Q56DF_$gO}oM6nq?ap0@$-kb~ z@-@`z{PXq)Kf+z=;h>F#xrS9FU;hj6ZWv0rT!l&Zj>X!ESZ*?2i{kfG!>w>{UyCEu zzj&^Xc4n^0eu&c0Lk|-A(Go`N#K2Q(BScH60cI|ACIx6%##*CaqTj9~g6ASwE>=!6 z%D#2I_Wt_xy5n~kuh*F_Nq=VMMc0y)UiJ z0wH`U#Q_VKYd)VBmYX!~UB7O}uHfbK`|ZsRPIo|erz|xo4RVV>cx-c}^Wu^&Iti|= zw!VB$1v}DXH$r3CWC2f@q;QDW0|tlQ*QOiBKUV{_DbAa9?m>#B0tfz-9*2f@+{?<6f5A~ zk}@l#l5@kuO^=UG)UYbI<0GSD#f+`U(-1dz3-SCC1X99;GoAegMgSsPBwA7|XK~8^yL^sQfRf4)=|zW+?}VpeLRnBydJ#haPuCZ1VIIFCp?){Dlsi z0t7c5>nvWftr?!^DeM;Q6CEI z*z@$-YJx)GZ(5w3GukFqh*8iA7~m5#%4 zLq}~%^E1Xtv#)qI!#jhS{;uuB&QM273<2uTVp#b91}5l zgVj3&T}g3nHa=6??uv?4_=?(nm&7i4p9wtD+5{n=yC~;MGt#Sn;`WaU)Z32-C^zOF zN&J)T5uFOPE;7AHpJA}C2k|1CI<%+*kv(U${ric{qP3caw{zYp-Xs}r&IB`pL9@JQ z$7*DqfB_!jRaO1K(FRX$MSk}^Ot2g)_*yw~!%uO%A;mXIp9I5}Q#)~E0`#yzn+Ow!m9*O4E<*bmpad#dg84wbh9TVHiUN`nE zE3^LE_bPthT+>GL_I6M(8C)R!GaVmu~DZ#vO(yZh&obz%+w z%7KOfJ;-~WPY9e}^eM-9+<@RZ;E@n%;gB*4%P{2&-Vh=a$pH01JRxZ6d+j_KCZ2OF zFP2Nr4}o8udaoy5zxGZ@gDXc#-~VVWmIO23<^|{bSMSOy{3yrn&RX|*?yZYg%puQo zr$Xudy#lUCzNB|l)LimMjvfV2B2N`q<7_M|MFVEo)^Gh&Oj*Y$hDV| zXFgO#X{)=>QtKE~-dl`#-qV-3FO!DVKmBlX2&X=9DxwCPe{eKgY7?>2TV71EP4X58-)IjT(ztm!rLzr)KBGMRVZqpsN9*oNK&=h z1kytC3orNpa|RyQ>_=_b2RT{r6*aB9(;kMCUE`|?Xclc~V&~T8H zO}Rdmg%z(Q4FnqF&aJInYWL3C`8_ViUuU;6C4WD-Y>W&cx5G2*;3|)mlj2k!Pn%IJg5EjVs;{KS-q9~6z-*|E5f_Osku>Wm3RG1v^Mu}Pa2DhvrCa3 z8_%>F5hDL-_DQ)BAVuM4)Qyb$gDq!^2A{&8nOV>; z&!jNAeYM1RmZX4Me|o18j2;c(5aX7FsJsqlU?~y*4Y)?mE4K2jWoEK9ELHr-*ZN+# z<^oYahYiG$C3aL3#SZ;iz2Rb@Wzi%Lr6N;o=)rRr(~HtrbH|oeUju<)G4+=b7=u^N z1pTPOeY@k)7xufdB0{LAiEmWOGuuC8#PG&S%KEd;&055yCwyZWGs#GM69N01{iGGc zd7BGv0qSTP8+kneY5(_ z*?hUpPskC0o@MjYM%13o$UV8;o^+v+rBfV&+6=A}&i6y}-awuG$qWA8vX`Db-g>iM zW;q`u!tKZ{yF`TPfZv@OhR_^GZ&`z^s< zqstuv%#B;P!G!dX%+#J^sE1PyKKj+~uoA^7?7Eh6J7mNT=AizsfTVTJ-NB z#uv=|oF(jiO%9e#gfy8Z%|Ye~uqgH}%!FT{_!hcN3hqeBCD#=zP;op6548Jd%?^Dp z);ir-mb`Ia18+X0*lskT@XD(H$0f>3T`HxZj9O=`8GI)k;U(2hOC7p$?^`Nn?$AxQ zBWvOpjy8o30eRfP((?BKJM8X=C7LbjRYzH(1t#SL>;BO)VV- zu%M@XuHSy{(qCSwH#>Hw(s*vbxD&z7cBjD{WmeF6Yr9I(vj=33QmO;I3Ne#-`uJ)+qfbknBB_@ zl%d@gfdd&y;?o^he`euq10Qs>4P@I~Sod|ffdb5X6{kGMwo$&|^sJVoOrc2{?ie^s z8JIa>{^aY}vQC8WSv;rPv%GmYYREs>o)#Bj+Gi~JEa`$-MG z_kopTW%oOtF0I8YWnJw>olrWNWx!}eQxtB{?RJvLmSml zt-16YF}K+1dO<87O{Hmg?gtR%5GUwxuAuo9vm=<9XqDgmQaU;RoigdiK@Lx@w|sPwwDaoM zoxxpBj-ng6)N1toe)qL<(!=j24%@afF0$;aH5>uU=XkpyqIxpgcL~}I~JDJ4*bmdU@kxTA89#p~%H$9K~ z%@N=WLuLoVqf*^{`hszI)i1XH@rlEl!JqCd*YCRhiZ@3*bzdAe#5j$hO30oc2-FLp zb%s+lMcFlvX7e%QmgT8n%7r2Yo;B!)Bv}QwNLifJ+XW%!0q+S{*+{m`qtQlQAe{`C z>}6}F-x|1r2;aALg+ri9Y;`UFzqh}phkp^?8M})7k5L@T|7H}2{QoeD`-?914@ZR~ wfQv>!frmqYgOmE-Rul>%JRH*h4WaxW5FA|me|J&gD8lG`LjODeFXj~<9OvKI{Qv*} literal 0 HcmV?d00001 diff --git a/src/main/webapp/vulnerability/xss/flash/xss2.swf b/src/main/webapp/vulnerability/xss/flash/xss2.swf new file mode 100644 index 0000000000000000000000000000000000000000..b878b41774e5017a570f01a53d244d230b943ba9 GIT binary patch literal 9416 zcmV;(BsbebS5pZCIsgE8ob6hBJe1qlUo&GEGvty%j0`D^ON5dxL?uFQLkhV~F1buh zg>FM}ijq?lMI^+~MJSaDr&8)PNxG_|i<5LYa=M*5r{4WMGYr)^zw>+ldH;Fq^O;$* z_jj+o)_1S9_TG<&3kt;mr}!|P0JD_<{c|9qkF%hQJ_*1jZp-Au$!-GH1B!HE=Aje) z8{S{YSRm8%r>{SxOG^_F48ADO7!5!KDT4H@_{iXBFoi()0sep|gr~&2BpoS7sTES` zQoE&YOZ_3GL9QhW$xp}x=>h3PnZIN*D5|nivL@7x)G}&6Rhwo;`-#SsE0dcl-y|~XcQNE$9C|@a^l1Fn6zfBuq|X;q%n_*~$fvg*)bX@;vmjZ%y=n zQTViILUw6yiJgB!nS0@u*{@7{pRIJeeAbcSk7m5|PI2wCZ5e{+okt(%ROa5%6*@#6 z^O8RkUt-g+%g0+|zPJ4x505otiOQr^TP->Re0MFraLUWjT-q|XbGeT%ke_&i5(rf5 zJzB#_>yyKcOMC6zd`@^NN!46Yr#o3Er*wDT59y!FdPnQ({`uMgf`6n=$8_(xmEL6c zSmMW>+5XwvmCIyxbY~x{97l@)D;A&7aWK+aP+$6JbN8ZW%dcj3k)M1T@5^4(Jgc7U z;kuU%gmzD0v`}1g6<$xCz&(+8N1c|Z_)?=(rGyD5(LW;3~*v zx3G?CQustUGrK^CRPRo!O%S$mv#+)?6U=!%eAYdtapN`42j z^F@$htnOs!^a1IVH;mex<=Eq6sXZqE$m{|bqqC76Hdzj&w1W7j5AV$Ai)w;PvdV{M z>e)e1AD<8?L;2Cr+DXY7sO)U8_8HjMaIXo9+W5pm>rcxoTW=23fSe+t;2FQMDC%P9 zgEPTz1b_S>5CZYk9w05&P!znWE(QaQVyGf-!&r}G_*c%| zuJ|+OwcV&`2lpG-`>w6n`P%z7bK=C9nBAq@Z#)eACBwPw1E{jH3A1Z_SO*kCs5~$% zZ6YaZMR99x0=0xs@HSCvqn2F?jGTH@W;X5Gm4u_enO`Kaozj19nseWc=+7s_c!K8j z3yE}9^KOG;@NDCgmNw_qUy(}Hm!=?>&%M?;*n4;x?NB`c%~b%DiXMXtRaFK%!UgeX zXDt6ceAks;cfr*o1rJ;FGip+F6+zae8mL=-xxUiqm(-P(+!b3e=Gw?HYhR{@hiRPT z{8Te=|43ACl-sS#D`ze)E1kydy!***GnP$R)-d+omz7LfJ+Ogjm5>tXRY1?#J+Yua z>~onGH$-cbq0a4v3XZ1pFw?R&4WR>eeMSvTnOk>cEAq8yvwmB>p*AbS2aDR)i4Ln# zk>HzRMdE|1bvLa1p=R1hmbsj7fFP|#gn+P>!L2K~1N&o?N(nB_F8r73x8yqz5y z-D2kY^4Tth$koR`^NzpITP?S6pnqT1eUralUEBF*F#`1Ms9nAGt}-*GgBch|y=ru2 z=A9e7i)wYJ&k<}EVHz%3hyJ|(T{*~4Du&a|#=^e2J&iMb+P1gn6oy?XYj@E#PpcfK zz7Q6pX#1nq!bWiAN_TxR2)g+s+f4iF&n60rOAgg+eUiJO@5{N{_uo1dt`c?ueP14s zK`+-Cw%dU)hcA<|EuZbbhQmJhqsk@eF^!qIYTJ9xPN%Q#?_VFn;5qeUjEx#WR$1)& zDZk!ZT+<(5RCXsZ&iBauP07y!OfTA^zKgDex9?Byp5SQTxmt($;&DkH*0@po=NB8^ zyQ;0!d46;BEzZM}5vOYUml%%6-0W4Iu{?5vyt5^}uO`v=Fc(p(^^MY%sFP zCd{DC;g=rv4col8($Vi(L_)@<`S%r1{Zchs|13rRSq2EK;VBDfb={^jtGtdSR|Bz% z3i1^U*0IFcX-OIBU^ zlpkkDgauu(QlInzY;N$$#hbU0XIoFFSOT5NhcUj|o^3Vz))ca3RfRx47=N<~Ib78O zG9`hhLj!r%ju~4!$CX)4aR<-0K;lkPITk9HwKL72IaEca$GuoP8^*m20=Cbg%rbU> zY0d&5d$@yI*|httFk0rJsG}?w-KDchz;-JRNog({eYESFHi*W0ubXYwKc^l6if2hP#tC)@Z$ z!4Z%e92+a^!h2OzIX2+8)pR$ce>l+1d-* zi`N&9&h7Bfl8fnx?*#HQ^1DAhXR&m1+Sn?-dV1a9c?L*%s)egBZK^yuHbEMwOM{>@ zExB-^FQ3%ZlU%q-^_g$h<+sVDQoY$sq%-byL-MgBsh*no9&b$9D*YeP9_C$O2W-X| z=ZfYHEi=89_SApAK8tpOVL5K27F?EKwU zxaaZ-WQUn!$#d5v%AN!IgeK6KJKj4|oezpi?%<&68BF)H+US!A^hJE&H21N0$>e|n zAr-lhu?4gj-YOiW^r)2MbjN8M038vbY4+UnPFC=mrMa{pcLPZ-u`ah=d+elp-aub* ze9sJ@JJDs&fNa4BZwDt=8;ivrq3pY9TR`^wqxxO5*I#z4 zaM4z+QA&M>iN%ndMKoj8-~MP2fo-kCYMwE+ouP;pxzLxozfEOV_Da2Fjk04e^{6dP zpJrP5R8Mg9DKHuiEU%tVbKqIF>|Ks-k8NFxKcnBE_wxQNq-Q;Uimr& zh@FX5@?smsCRJW==4|&6sB)3GbK=QJKx*h=>^apy2GS* z4-DQe4lCK^?VB4w@bk+CFKr;(T+8W@m)&aeG$TDgsh^fvdJxq|CMEo*8x_KB9{Q+0 z9s!bnQ{RQMCOZf`Sqv%0Elqt#ACnGt1FL}vm!zx@XP+}g7bv`T3cIv_etoE=pkYVF zkLl$b)g%3ZwYeLrs2Yd8?`i-!Rsgb1<7m{1&DDmoR(DG^Zk~Gq)V&u$sj|o>vSVNF z4F4Jw-KGYtqt1v!okNNmsA`@&0@NQrpsFb^uy|n%6dP1E8=l;JBe+Dne#{O8_xL2M zZ6#-xDkO@lW=7cH;$LEq=3G|X<>HxY*|HK;8oJ@RvVK5LMAWjS$p`twJz-$(5pjS{ zf5j~nymV*+Dc)IR#)YLlm$Bb!n%W}lY1%jfnxeNA2kMn_<84xh^NJUC}OQ8-TSp;PId`O9{B)=eEZ z6X^Pipmn6q^Equ+i)-#EC3CVTX~lNvKXA_F^46`adsi*b1c9IpNUPJM_H-@f6DJgd z@78l68_o=>amY@VTGOzg?yZ=b9@@oC?=lkCSO(;64rmx3Ad;uL+8DVm#D^18CwU@#wK zs!rm2l@=e8!%I%*Fm&HGK{*R#50)F|?+%?2=$w#t_r++z;q4E)p<&{f9X5<{=eg)= z7nIVFTuGllX7m_=hj})~j=0ksR3|Sj3+1%&@N#piy%}BdM*m#F7P>^fTcpf(3bnd3ss1?7ZhU~h!nTycXuR!J(%f4%cqc%T@ zEc^4+<~v$+f@77!n^8#`QLEj4uo*C~C2Gxc`gCe@#+L_QDbp@%*D*H85#u z!T!S*j;jiPE$ZvdK>L8aVUWzF9=df>YhSb5InJs{1F@A;Gu5|@rMjMvHeElyyIK?ya0YrpevAFLi?# zpA{&8%4Cwst5TEsDR21|)0yK-Zj{zVmj>T9oVa)SAs96~`1(12Rkm+8Xf2$WyCUcW z5Yc6YJa*kYA9iwxTKtc?UfY%R0Zk}cXtnP?_b8zPpz3E zuf=YTy+sf0S;u;u4HK=Sl)FaWM!fW_&HTMU!=&_$(sLzm?y z-5v8%rADh(jFnqREYK~ca{0wZtU1Jr8FTG-G=-@vs$gl;T|uSt?b!vwc%Lsl|1NL8YP?4qJ4xF3-@p%(=TUBbvDI&^epkw;jrZp!^2V zF5PF{Kg>Jk`bu!~_$eDy*#Jya)XN_$KI68b(yRmHKo7>l1TX|6Fa}eY2-9FX%miCl z4E_)R!4LwW5C$Ar3gHj|kq`yTAR1yI7UF;l%OM^TfCnpJC9Hx(NP=Wo4QpW?tXCEi zut#Wi#50qzhiwn+NyNptq>Q95(+1m|X9BcLlk{TJjG=^3p`AQ!q{env> zBibZV?vOss@AOh_1|^p5pca`SeY+OG<`{2_NwPyD^lgWa_*zTeP@Bq-7D?~Fm1Kw5cs^w$S24CE zTh$D}7FG06)H{jGSsEP5VYXBX=?}(JQc)1g29g8fZRss+kG;m}JVF6&=m=j0}(9B``fX37q(qoG|!8)I#=< zAf&23k(mkVl|djan?-~#U%sdlj0uD^H!(yCLUvEKV{T@um)nhm6dn~r$RaJ9?JzCm z;SfOqf}rywNJB_d9T(G5jkHj<;Sd$TL7TJ1AQ=cbU1va-HTw?eM;GyA6bLzJWzEb~ zR~LL`a+$FhA`2mhhwK>v$#oM?MTL+{7QM%oNDd4s!e@9EnAjgUj(pYDpB>O#|j^>H=D2aSR z^nI=8$7bdhRY1>!Cx)#oE7F zhDYjRkSc_<))_D}xEM%kB&f_xJee8_i+XFOXtEI$Rt{3AjxEG@A^Qd)W033hg9|aj z53W?SmXML~-*Sjt2%IS`f15*hLId${Y!K-YaHi>~LmC zBbn(75`(l6#|R|i_$&I-%)}rjgq*TOv19igQ0^edIuIhL&%-oTbdPksJ`h31B8V=U z%+f%-pfFO8msrg>2su!nh|Pt3CyZFCCNV@0&lySv9;L+LkeqHYWITlA9;YbD2C467 z0+Bila_xv1G66zLkAafxJoN*Jp5a=y@Wp=Xqq=0tRideXhrw#TSdRg=MAVUpx)O1mMAVar<0aw*iKs6T z4R8^}k-~zI^C+@WrT;cVdIr3*cvm;n!ybCYSTS9xHFqW$jQ3D0o5Ro>?SFINl--i zn;gg{{BsWcT^9VC|HCq6M3cTgss{*{R%hG_mbqyJ+~ z{07XFh$i3mn*LYzenrk zGBP1DB$|Wi9Ht@+S1$&x617RX-GCFzi%$|cC6Y0pfEN*oW=S080W3*^xY#+dJWl-F z_}~~0gszB>M+0y;Coxha@Zww|d17t2EMkZk=M}L+EF$;{pyKBdYNR*qId* z2{K~`MIv7LagiirjEho0k)jY8qP;*K^~hka6j8`{i?k;WkfD(9pM>uMXh5N$W$neU z^!QI%3RMK6*=g;RLzVvvh)2odqvSl*L@@c0u>5af=!?q0Y#2q67k^7Jc9KD6K6cx~ zgfQ$*_X8TX0D-0OPw@~1@el=y3_fJh-wvUn4NLqF8;dk3;wDO3<%e2_)GLuilgUed zp>Jix5>CSCp}{zZDyUsVvK-Do9rqO9gXwsOGGm@{Ara1lWCm5#<%ltk@fo7EOUgj8iURb`K5({biTug z)CdroR+plKs~?9uOT?U|iJUZ};j@dn)fwR~*z{_kCTS!{h{SDsk5i$CdU0aM5xW<20O-qUB@k5}fs||*G z*+tDR-0DA7gj8X(OaDPePHS3te};DXz)8h>>G|D$f5kL&y=GRNZ!pZF?=KnnoOIU(7xF9d0w)5ER) zixN#MP(Ch`p8ujIE<*$JvHf=XRgKW?dG8+h?h8NZvnnP0WlbE};wKm6t)-AWiMIFQ zvu#L^-v`w!jW9Kv-=A%hw?IxJqpc^}{W$k*dOq^BUcQjBtfjW!gi+U8GH^0-TXQor zFhw`-_(nmak)yq4eDy1G(fM(o=M*9Kyrx%86Kl-f+wJ$!e>9qO_j}xJFRdxLx8IMY z?@tMTSZ*U??+?svY#dHM@?S;B5r=1}Vz7gOQF6O*CcP*n;^87|)phK` zrrLM=YB2_<(;N{&#(z~T!&L1ews&Z+QE4@qg!4Jx{9!p-b9pn`1&=_FZodyc>&QiA z&4@jEQEL9nnuv+k<3l>q^IkL_ptd)=ylc>}3HP^bozuhX(6$%y_8lh*?a1h1@r-V#DMoA*vqn z`UXBASHdyxo0Bu0LlF6RaCXd4`lF@xO`tDTc*iA>zJGf@mYuEQ>_p*nwYz+p*MX+G zl@EMTprJ^_0;Z1F`jjZV?1EMZOXxS%zY&FPwSTCtrwXs7cNy8*YhvuSB0kG!Shiwo ztVNqP=vF%#hjK4`F!w@{UMvvth{Pu-5|@?eTPLt0)1HLl2va$O5_9+csLVE$>v)wJ zVhIV3#CDNjYk&2_y$wT5k$c`7l_P7g3exP7I^g&=DbZ&gH5^Nq=EPb7VnT@5u?}eT z>(uy6FWM*H5V<$Ajr_RFKo1py%xMqHR~u%~w%Zo(NDD{FWGNg!2}^}-^5)Gh1Jy$@ zm4zZR4;Oxrdg%92@g8bkG}ULl?$sW@E}A1th!PmD8s$^S78nPp?34^N;DLvYi`?tX z`N;(>g}gcDu@Fl*oS)QuynbQ|Q25Q+OGEKE@yBo!(seh@+W-O zW2^dMaAp2bT}2gQ8G!kR!LjA_7bPdEs+O%-E$sJVh{|j7xZlsaKS10>h)YFo_&c3i zlm#ZJSlVldO1Tg-I19@~lqOjAiEBDq*}BUpvKtSP_a8gosM6}%!yQ()#hHZ#7@nfe zVYF*{k(pSba}*_5dfT%C%rcAsXtW;ByGji&lW$O6x2KK#FdW-sW>j```+bUDMB5Zy zJ~1^9W7rYfW5f&k#7`7kbts`kUay-|h$7g8A*#qI)=^y)72L}%4cIbm&+8WjeQ)EL zVZTI0BpfZ&PpMvNcumGa7ki_kue&l+wEN`0cH2{ucPe@@il`1#42?TOwz!^-;xn_0 zAzA*S>*)_vO?VG{@g$?!9&AAPoq1Raqq2*(4{CV5&04kG$04^$%-3mzU++@O_*5X? zKo26G#T77Z@5|LcAcpEtjlI`~*nRS>LJyC0wD5*|a|^r6ZG2XtEbv1Nm4%})%9-3Ci?^E^E-%XpT%0HK`GW$aw3C*h2ngG!0paRlw`DT{K(g ztNp{9(z`^bBktfC=FPt2X_*0-8WbOywperv<<0LTxzYEdU35hGM+>c%^X7psHW{{g zw4%DR2pw>CNuj{Qk`vGKD%)oFSE3?1oj&Si`NY9|6pBv($Zjt!%k!vAcW8^6TCpZn zm_1`*LovQ^3X|RM4Hc4Jhgf#ewc183FY%)g zN(4N5L`Mm{;JM#JY3%nv6dXxDtFU7DC%&!VeGy0%I-2Em;hP$E=s*^_47YHgL(#vs zdK@Zem|t8IIAIedi|^K0C7YGNP6&MWz$-QHr9(LJ8tvMxkD+LC?AX)o*Yy7f)&D=J z{+}OInP3kt;050JTT1JdodCOc@ri?1P!PX81VH)^l6uKEZMLdQaCO7)aNrQfO^U}J zV`A^Jm`|N*VT^rR8Z#%EnVB=gWY@J;NmQ(hnoVR5k> zSP~x>$AgtCqGMrcbZ|lha1wc(_}JiRm?IXPuxF;&n>rA@GB`3i7<)#Wz=;j>j&nv0 zUZL@kTpol5M@QpN(O{P7*^)B;>|(U&*@fuw4bg2U0fGu2BWJ_fXG`}0 literal 0 HcmV?d00001 diff --git a/src/main/webapp/vulnerability/xss/search.jsp b/src/main/webapp/vulnerability/xss/search.jsp new file mode 100644 index 00000000..d77f4262 --- /dev/null +++ b/src/main/webapp/vulnerability/xss/search.jsp @@ -0,0 +1,29 @@ +<%-- + Document : search + Created on : 1 Dec, 2014, 2:15:38 PM + Author : breakthesec +--%> + <%@ include file="/header.jsp" %> +

    + +
    + +
    +
    + <% + String searchedName = request.getParameter("keyword"); + if (searchedName != null) + { + //code for searching pages related to the given keyword goes here.. + %> + Search Results for <%=searchedName%> +
    ... +
    ... + <% + //Show result pages + + } + %> + <%@ include file="/footer.jsp" %> \ No newline at end of file diff --git a/src/main/webapp/vulnerability/xss/xss4.jsp b/src/main/webapp/vulnerability/xss/xss4.jsp new file mode 100644 index 00000000..16d050dc --- /dev/null +++ b/src/main/webapp/vulnerability/xss/xss4.jsp @@ -0,0 +1,24 @@ +<%@ include file="/header.jsp" %> + <% String keyword = request.getParameter("keyword"); %> +

    [incomplete]

    + Please enter only words and search:

    +
    + > +

    +
    +
    + <% + + if (keyword != null) + { + %> + Search Results for <%=keyword%> + <% + } + %> +
    +
    +
    +
    + + <%@ include file="/footer.jsp" %> \ No newline at end of file From 0e44990aba014f4d1b2cc0d89aca9cd23698d45f Mon Sep 17 00:00:00 2001 From: breakthesec Date: Sun, 25 Jan 2015 16:28:23 +0530 Subject: [PATCH 03/19] Fixing ORM XML Location --- LICENSE | 340 ++++++++++++++++++ README.md | 57 +++ .../jvl/model/orm => resources}/Users.hbm.xml | 0 .../webapp/vulnerability/Injection/orm.jsp | 2 +- 4 files changed, 398 insertions(+), 1 deletion(-) create mode 100644 LICENSE create mode 100644 README.md rename src/main/{java/org/cysecurity/cspf/jvl/model/orm => resources}/Users.hbm.xml (100%) diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..d6a93266 --- /dev/null +++ b/LICENSE @@ -0,0 +1,340 @@ +GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + {description} + Copyright (C) {year} {fullname} + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + {signature of Ty Coon}, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. + diff --git a/README.md b/README.md new file mode 100644 index 00000000..8bef5322 --- /dev/null +++ b/README.md @@ -0,0 +1,57 @@ +This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code. + +---------------------------------- +The full course on Hacking and Securing Web Java Programs is available in +----------------------------------- +https://www.udemy.com/hacking-securing-java-web-programming/ + +**Warning**: Don't run this app in Your Machine Machine or in an online server. Install it in Vitual Machine. + + +How to Use/Setup ? +------------- + +**1.Very Easiest Method : VirtualBox VM** + The Most easiest way to use Java Vulnerable is using the VirtualBox VM which has everything set up and ready to use. + + Steps: + + 1. Install the VirtualBox : https://www.virtualbox.org/wiki/Downloads + 2. Download the VM Image from here : http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.ova/download + 3. Import the JavaVulnerable.ova into VirtualBox. + 4. Change the Network Settings to Host-Only Network + 5. Start the Machine and Log into the Machine( Credentials; username: root password: cspf) + 6. Start Tomcat by entering "service tomcat start" in the Terminal + 7. Start mysql by entering "service mysql start" in the Terminal + 8. Find the IP Address of Machine + 9. In your Browser, go to "http://[IP_ADDRESS_OF_VM]:8080/JavaVulnerableLab/install.jsp + 10. Click the Install Button + 11. Enjoy :) + +**2.Easiest Method : Standalone Web Application** + In this mehtod, you will be running an executable "JAR" file which runs the application with an embedded Apache Tomcat. + + Steps: + + 1. Install JDK + 2. Download Executable Jar from here: http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.jar/download + 3. Double Click the JavaVulnerable.jar to run( if double click is not working, run this command "java -jar JavaVulnerable.jar" in your Terminal or CMD) + 4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp + 5. Click the Install Button + +**3. Using War file:** + This is a NORMAL method to deploy the WAR file. + + Steps: + + 1. Install Apache Tomcat server + 2. Go to http://[Tomcat_INSTALLED_IP]:8080/manager/ (make sure you have modified tomcat-users.xml file of the tomcat to allow the manager). + 3. Download our WAR file from here: https://sourceforge.net/projects/javavulnerablelab/files/latest/JavaVulnerableLab.war/download + 4. Deploy the WAR in Apache Tomcat manager. + 5. Go to http://[Tomcat_INSTALLED_IP]:8080/JavaVulnerableLab/install.jsp + 6. Click the Install Button + + +Get the VulnerableSpring Project from here: +https://github.com/breakthesec/VulnerableSpring + diff --git a/src/main/java/org/cysecurity/cspf/jvl/model/orm/Users.hbm.xml b/src/main/resources/Users.hbm.xml similarity index 100% rename from src/main/java/org/cysecurity/cspf/jvl/model/orm/Users.hbm.xml rename to src/main/resources/Users.hbm.xml diff --git a/src/main/webapp/vulnerability/Injection/orm.jsp b/src/main/webapp/vulnerability/Injection/orm.jsp index fc3303e2..4d99eca9 100644 --- a/src/main/webapp/vulnerability/Injection/orm.jsp +++ b/src/main/webapp/vulnerability/Injection/orm.jsp @@ -40,7 +40,7 @@ private static String queryUsers(Session session,String id) { configuration.setProperty( "hibernate.dialect","org.hibernate.dialect.MySQLDialect"); - configuration.addResource("org/cysecurity/cspf/jvl/model/orm/Users.hbm.xml"); + configuration.addResource("Users.hbm.xml"); SessionFactory factory; factory=configuration.buildSessionFactory(); Session ormSession = factory.openSession(); From c59923698dc8c12e8d7dbed308ddf6445de6a719 Mon Sep 17 00:00:00 2001 From: breakthesec Date: Mon, 26 Jan 2015 13:15:26 +0530 Subject: [PATCH 04/19] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8bef5322..60d4c64a 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ The full course on Hacking and Securing Web Java Programs is available in ----------------------------------- https://www.udemy.com/hacking-securing-java-web-programming/ -**Warning**: Don't run this app in Your Machine Machine or in an online server. Install it in Vitual Machine. +**Warning**: Don't run this app in Your Main Machine or in an online server. Install it in Vitual Machine. How to Use/Setup ? From 8bd88febf4d67b9d70d57fd1f11d69b77013c5ab Mon Sep 17 00:00:00 2001 From: breakthesec Date: Tue, 27 Jan 2015 23:49:35 +0530 Subject: [PATCH 05/19] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 60d4c64a..4fa648b5 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ https://www.udemy.com/hacking-securing-java-web-programming/ How to Use/Setup ? ------------- -**1.Very Easiest Method : VirtualBox VM** +**Method 1.Very Easiest Method : VirtualBox VM** The Most easiest way to use Java Vulnerable is using the VirtualBox VM which has everything set up and ready to use. Steps: @@ -28,7 +28,7 @@ How to Use/Setup ? 10. Click the Install Button 11. Enjoy :) -**2.Easiest Method : Standalone Web Application** +**Method 2.Easiest Method : Standalone Web Application** In this mehtod, you will be running an executable "JAR" file which runs the application with an embedded Apache Tomcat. Steps: @@ -39,7 +39,7 @@ How to Use/Setup ? 4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp 5. Click the Install Button -**3. Using War file:** +**Method 3. Using War file:** This is a NORMAL method to deploy the WAR file. Steps: From 89a9159e916077cef1387846e79992b8cc6fd4fb Mon Sep 17 00:00:00 2001 From: breakthesec Date: Wed, 28 Jan 2015 10:04:02 +0530 Subject: [PATCH 06/19] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4fa648b5..00383e91 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ How to Use/Setup ? Steps: 1. Install JDK - 2. Download Executable Jar from here: http://sourceforge.net/projects/javavulnerablelab/files/v0.1/JavaVulnerableLab.jar/download + 2. Download Executable Jar from here: http://sourceforge.net/projects/javavulnerablelab/files/v0.2/JavaVulnerableLab.jar/download 3. Double Click the JavaVulnerable.jar to run( if double click is not working, run this command "java -jar JavaVulnerable.jar" in your Terminal or CMD) 4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp 5. Click the Install Button From 1c3374680d8a5621621d832ede9a0953f21555af Mon Sep 17 00:00:00 2001 From: m4n3dw0lf Date: Wed, 24 Jan 2018 15:39:12 -0200 Subject: [PATCH 07/19] JavaVulnerableLab dockerized option. --- Dockerfile | 9 +++++++++ README.md | 19 +++++++++++++++---- docker-compose.yml | 13 +++++++++++++ 3 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 Dockerfile create mode 100644 docker-compose.yml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..cb80dcf7 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,9 @@ +FROM tomcat + +COPY . . + +RUN apt-get update ; apt-get install maven default-jdk -y ; update-alternatives --config javac + +RUN mvn clean package ; cp target/*.war /usr/local/tomcat/webapps/ + +CMD ["catalina.sh","run"] diff --git a/README.md b/README.md index 00383e91..9a557c9d 100644 --- a/README.md +++ b/README.md @@ -11,8 +11,19 @@ https://www.udemy.com/hacking-securing-java-web-programming/ How to Use/Setup ? ------------- -**Method 1.Very Easiest Method : VirtualBox VM** - The Most easiest way to use Java Vulnerable is using the VirtualBox VM which has everything set up and ready to use. +**Method 1.Super Very Easiest Method: Docker** + The easiest way to use Java Vulnerable is using Docker wich set up everything for you with 1 command line + + Steps: + 1. Install [Docker](https://docs.docker.com/engine/installation/) and [docker-compose](https://docs.docker.com/compose/install/). + 2. Inside this directory, run `sudo docker-compose up` and wait untill everything is configured for you. + 3. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp + 4. Click the Install Button + 5. Enjoy :) + + +**Method 2.Very Easiest Method : VirtualBox VM** + The second most easiest way to use Java Vulnerable is using the VirtualBox VM which has everything set up and ready to use. Steps: @@ -28,7 +39,7 @@ How to Use/Setup ? 10. Click the Install Button 11. Enjoy :) -**Method 2.Easiest Method : Standalone Web Application** +**Method 3.Easiest Method : Standalone Web Application** In this mehtod, you will be running an executable "JAR" file which runs the application with an embedded Apache Tomcat. Steps: @@ -39,7 +50,7 @@ How to Use/Setup ? 4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp 5. Click the Install Button -**Method 3. Using War file:** +**Method 4. Using War file:** This is a NORMAL method to deploy the WAR file. Steps: diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..69bcf0d6 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,13 @@ +javavulnlab: + build: . + ports: + - 8080:8080 + net: host + +mysql: + image: mysql + environment: + - MYSQL_ROOT_PASSWORD=root + net: host + ports: + - 3306:3306 From 2726def6b66e64ddb9fec5b288b209ec2cfd4119 Mon Sep 17 00:00:00 2001 From: m4n3dw0lf Date: Wed, 24 Jan 2018 15:40:47 -0200 Subject: [PATCH 08/19] Fixing README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9a557c9d..1fbb8814 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,7 @@ How to Use/Setup ? The easiest way to use Java Vulnerable is using Docker wich set up everything for you with 1 command line Steps: + 1. Install [Docker](https://docs.docker.com/engine/installation/) and [docker-compose](https://docs.docker.com/compose/install/). 2. Inside this directory, run `sudo docker-compose up` and wait untill everything is configured for you. 3. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp From 455954af0db853c54b8fdf745fdd3284ebf063a7 Mon Sep 17 00:00:00 2001 From: m4n3dw0lf Date: Wed, 24 Jan 2018 15:41:47 -0200 Subject: [PATCH 09/19] Fixing README.md --- README.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 1fbb8814..76e6d70f 100644 --- a/README.md +++ b/README.md @@ -16,11 +16,12 @@ How to Use/Setup ? Steps: - 1. Install [Docker](https://docs.docker.com/engine/installation/) and [docker-compose](https://docs.docker.com/compose/install/). - 2. Inside this directory, run `sudo docker-compose up` and wait untill everything is configured for you. - 3. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp - 4. Click the Install Button - 5. Enjoy :) + 1. Install Docker: https://docs.docker.com/engine/installation/ + 2. Install docker-compose: https://docs.docker.com/compose/install/ + 3. Inside this directory, run `sudo docker-compose up` and wait untill everything is configured for you. + 4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp + 5. Click the Install Button + 6. Enjoy :) **Method 2.Very Easiest Method : VirtualBox VM** From f01b1b4b803d5f22d60b9c8ed8d24a4ae9a5fbe6 Mon Sep 17 00:00:00 2001 From: m4n3dw0lf Date: Wed, 24 Jan 2018 17:46:40 +0000 Subject: [PATCH 10/19] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 76e6d70f..bfb35228 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ How to Use/Setup ? ------------- **Method 1.Super Very Easiest Method: Docker** - The easiest way to use Java Vulnerable is using Docker wich set up everything for you with 1 command line + The easiest way to use Java Vulnerable is using Docker which set up everything for you with 1 command line Steps: From 6ec4efdda502b694e7c55f03cf7cf8fcc0d4b438 Mon Sep 17 00:00:00 2001 From: m4n3dw0lf Date: Thu, 25 Jan 2018 11:24:58 -0200 Subject: [PATCH 11/19] Exposing only one port --- README.md | 5 +++-- docker-compose.yml | 6 ++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bfb35228..b5188c32 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,9 @@ How to Use/Setup ? 2. Install docker-compose: https://docs.docker.com/compose/install/ 3. Inside this directory, run `sudo docker-compose up` and wait untill everything is configured for you. 4. In your Browser, go to "http://localhost:8080/JavaVulnerableLab/install.jsp - 5. Click the Install Button - 6. Enjoy :) + 5. Change the JDBC URL from jdbc:mysql://localhost:3306 to jdbc:mysql://mysql:3306 + 6. Click the Install Button + 7. Enjoy :) **Method 2.Very Easiest Method : VirtualBox VM** diff --git a/docker-compose.yml b/docker-compose.yml index 69bcf0d6..672bcaca 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,12 +2,10 @@ javavulnlab: build: . ports: - 8080:8080 - net: host + links: + - mysql mysql: image: mysql environment: - MYSQL_ROOT_PASSWORD=root - net: host - ports: - - 3306:3306 From d87637ce3e537c733e46203dcbcdcd343fead7d5 Mon Sep 17 00:00:00 2001 From: m4n3dw0lf Date: Sun, 28 Jan 2018 22:53:00 -0200 Subject: [PATCH 12/19] Automating setup for docker. --- src/main/webapp/WEB-INF/config.properties | 4 ++-- src/main/webapp/install.jsp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/webapp/WEB-INF/config.properties b/src/main/webapp/WEB-INF/config.properties index 452aa0b8..70b612e1 100644 --- a/src/main/webapp/WEB-INF/config.properties +++ b/src/main/webapp/WEB-INF/config.properties @@ -5,6 +5,6 @@ dbuser=root dbpass=root dbname=abc -dburl=jdbc:mysql://localhost:3306/ +dburl=jdbc:mysql://mysql:3306/ jdbcdriver=com.mysql.jdbc.Driver -siteTitle=Java Vulnerable Lab \ No newline at end of file +siteTitle=Java Vulnerable Lab diff --git a/src/main/webapp/install.jsp b/src/main/webapp/install.jsp index 13086741..dfbe8f73 100644 --- a/src/main/webapp/install.jsp +++ b/src/main/webapp/install.jsp @@ -10,7 +10,7 @@ Database User: Database Password: JDBC Driver: - JDBC URL: + JDBC URL: Admin Login Credential: Username(Default): Password(Default): From 77bc549d883b0f472ed1cb4f2aa05d774762c7dc Mon Sep 17 00:00:00 2001 From: Cyber Security and Privacy Foundation Date: Wed, 31 Jan 2018 21:40:43 +0530 Subject: [PATCH 13/19] Updating the link to VulnerableSpring project --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b5188c32..e432e813 100644 --- a/README.md +++ b/README.md @@ -67,5 +67,5 @@ How to Use/Setup ? Get the VulnerableSpring Project from here: -https://github.com/breakthesec/VulnerableSpring +https://github.com/CSPF-Founder/VulnerableSpring From 1556e321d203365df8a8e6c1b4eca6fb327ed5a1 Mon Sep 17 00:00:00 2001 From: Cyber Security and Privacy Foundation Date: Thu, 24 Jan 2019 10:19:11 +0530 Subject: [PATCH 14/19] Update README.md --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index e432e813..2b9cfe9e 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code. +**The course content is now available on Github for free:** + +https://github.com/CSPF-Founder/JavaSecurityCourse + ---------------------------------- The full course on Hacking and Securing Web Java Programs is available in ----------------------------------- From 78c9ab69c5e65470586cafc307aedfd1cf345a8d Mon Sep 17 00:00:00 2001 From: Cyber Security and Privacy Foundation Date: Thu, 24 Jan 2019 10:20:49 +0530 Subject: [PATCH 15/19] Update README.md --- README.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2b9cfe9e..73b83bc8 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,8 @@ This is a "Vulnerable" Web Application developed by Cyber Security and Privacy F https://github.com/CSPF-Founder/JavaSecurityCourse ----------------------------------- -The full course on Hacking and Securing Web Java Programs is available in ------------------------------------ + +**The full course on Hacking and Securing Web Java Programs is available in ** https://www.udemy.com/hacking-securing-java-web-programming/ **Warning**: Don't run this app in Your Main Machine or in an online server. Install it in Vitual Machine. From 682f63c947411e29c9992662bf27d1d78bd7b452 Mon Sep 17 00:00:00 2001 From: Cyber Security and Privacy Foundation Date: Thu, 24 Jan 2019 10:21:06 +0530 Subject: [PATCH 16/19] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 73b83bc8..dfe765a6 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ This is a "Vulnerable" Web Application developed by Cyber Security and Privacy F https://github.com/CSPF-Founder/JavaSecurityCourse -**The full course on Hacking and Securing Web Java Programs is available in ** +**The full course on Hacking and Securing Web Java Programs is available in** + https://www.udemy.com/hacking-securing-java-web-programming/ **Warning**: Don't run this app in Your Main Machine or in an online server. Install it in Vitual Machine. From 8f6b34d64ce39b3fa137ef08d40fb86df7ff8b7c Mon Sep 17 00:00:00 2001 From: Cyber Security and Privacy Foundation Date: Thu, 24 Jan 2019 10:21:31 +0530 Subject: [PATCH 17/19] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dfe765a6..7ed511d0 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ This is a "Vulnerable" Web Application developed by Cyber Security and Privacy Foundation(www.cysecurity.org). This app is intended for the Java Programmers and other people who wish to learn about Web application vulnerabilities and write secure code. -**The course content is now available on Github for free:** +**The full course content is now available on Github for free:** https://github.com/CSPF-Founder/JavaSecurityCourse From 004fbacd989bcb745d4cf7387a580702190b76fc Mon Sep 17 00:00:00 2001 From: Cyber Security and Privacy Foundation Date: Thu, 20 Jun 2024 12:12:51 +0530 Subject: [PATCH 18/19] docker-fix --- default-tomcat.xml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 default-tomcat.xml diff --git a/default-tomcat.xml b/default-tomcat.xml new file mode 100644 index 00000000..a225d5e4 --- /dev/null +++ b/default-tomcat.xml @@ -0,0 +1,6 @@ + + + + + + From f96f204bc2546f3a7568da24f6215cf6d4387112 Mon Sep 17 00:00:00 2001 From: Cyber Security and Privacy Foundation Date: Thu, 20 Jun 2024 12:13:30 +0530 Subject: [PATCH 19/19] docker-compose-update --- Dockerfile | 23 +++++++++++++++++++---- docker-compose.yml | 29 +++++++++++++++++++---------- pom.xml | 4 ++++ 3 files changed, 42 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index cb80dcf7..6597db0a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,24 @@ -FROM tomcat +# Stage 1: Build Stage +FROM openjdk:8 as build +WORKDIR /app + +# Copy the source code into the Docker image COPY . . -RUN apt-get update ; apt-get install maven default-jdk -y ; update-alternatives --config javac +# Install Maven and JDK, then build the project +RUN apt-get update && \ + apt-get install -y maven && \ + mvn clean package + +# Stage 2: Runtime Stage +FROM tomcat:7.0.82 + +# Copy the WAR file built in the previous stage +COPY --from=build /app/target/*.war /usr/local/tomcat/webapps/ -RUN mvn clean package ; cp target/*.war /usr/local/tomcat/webapps/ +# Copy the pre-prepared tomcat-users.xml to set up user roles +COPY default-tomcat.xml /usr/local/tomcat/conf/tomcat-users.xml -CMD ["catalina.sh","run"] +# CMD to start Tomcat +CMD ["catalina.sh", "run"] diff --git a/docker-compose.yml b/docker-compose.yml index 672bcaca..23d7f3a3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,11 +1,20 @@ -javavulnlab: - build: . - ports: - - 8080:8080 - links: - - mysql -mysql: - image: mysql - environment: - - MYSQL_ROOT_PASSWORD=root +services: + jvl: + image: cspf/jvl + build: + dockerfile: ./Dockerfile + context: ./ + ports: + - 8080:8080 + links: + - mysql + + mysql: + image: mysql:5.7 + environment: + MYSQL_ROOT_PASSWORD: root + MYSQL_ROOT_HOST: "%" + MYSQL_DATABASE: abc + command: + - "--default-authentication-plugin=mysql_native_password" diff --git a/pom.xml b/pom.xml index e90d5213..0cdcea36 100644 --- a/pom.xml +++ b/pom.xml @@ -44,4 +44,8 @@ JavaVulnerableLab + + 1.7 + 1.7 +