dradis-ntospider 3.18.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,27 @@
1
+ # NTO Spider add-on for Dradis
2
+
3
+ [![Build Status](https://secure.travis-ci.org/dradis/dradis-ntospider.png?branch=master)](http://travis-ci.org/dradis/dradis-ntospider) [![Code Climate](https://codeclimate.com/github/dradis/dradis-ntospider.png)](https://codeclimate.com/github/dradis/dradis-ntospider.png)
4
+
5
+ The NTO Spider add-on enables users to upload NTO Spider XML files to create a structure of nodes/notes that contain the same information about the hosts/ports/services as the original file.
6
+
7
+ The add-on requires [Dradis CE](https://dradisframework.org/) > 3.0, or [Dradis Pro](https://dradisframework.com/pro/).
8
+
9
+
10
+ ## More information
11
+
12
+ See the Dradis Framework's [README.md](https://github.com/dradis/dradisframework/blob/master/README.md)
13
+
14
+
15
+ ## Contributing
16
+
17
+ See the Dradis Framework's [CONTRIBUTING.md](https://github.com/dradis/dradisframework/blob/master/CONTRIBUTING.md)
18
+
19
+
20
+ ## License
21
+
22
+ Dradis Framework and all its components are released under [GNU General Public License version 2.0](http://www.gnu.org/licenses/old-licenses/gpl-2.0.html) as published by the Free Software Foundation and appearing in the file LICENSE included in the packaging of this file.
23
+
24
+
25
+ ## Feature requests and bugs
26
+
27
+ Please use the [Dradis Framework issue tracker](https://github.com/dradis/dradis-ce/issues) for add-on improvements and bug reports.
@@ -0,0 +1 @@
1
+ require "bundler/gem_tasks"
@@ -0,0 +1,32 @@
1
+ $:.push File.expand_path('../lib', __FILE__)
2
+ require 'dradis/plugins/ntospider/version'
3
+ version = Dradis::Plugins::NTOSpider::VERSION::STRING
4
+
5
+
6
+ # Describe your gem and declare its dependencies:
7
+ Gem::Specification.new do |spec|
8
+ spec.platform = Gem::Platform::RUBY
9
+ spec.name = 'dradis-ntospider'
10
+ spec.version = version
11
+ spec.summary = 'NTOSpider add-on for the Dradis Framework.'
12
+ spec.description = 'This add-on allows you to upload and parse output produced from NTOSpider Web Vulnerability Scanner into Dradis.'
13
+
14
+ spec.license = 'GPL-2'
15
+
16
+ spec.authors = ['Daniel Martin']
17
+ spec.email = ['etd@nomejortu.com']
18
+ spec.homepage = 'http://dradisframework.org'
19
+
20
+ spec.files = `git ls-files`.split($\)
21
+ spec.executables = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
22
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
23
+
24
+ # By not including Rails as a dependency, we can use the gem with different
25
+ # versions of Rails (a sure recipe for disaster, I'm sure), which is needed
26
+ # until we bump Dradis Pro to 4.1.
27
+ # s.add_dependency 'rails', '~> 4.1.1'
28
+ spec.add_dependency 'dradis-plugins', '~> 3.6'
29
+
30
+ spec.add_development_dependency 'bundler', '~> 1.6'
31
+ spec.add_development_dependency 'rake', '~> 10.0'
32
+ end
@@ -0,0 +1,8 @@
1
+ # hook to the framework base clases
2
+ require 'dradis-plugins'
3
+
4
+ # load this add-on's engine
5
+ require 'dradis/plugins/ntospider'
6
+
7
+ # load supporting NTOSpider classes
8
+ require 'ntospider/vuln'
@@ -0,0 +1,11 @@
1
+ module Dradis
2
+ module Plugins
3
+ module NTOSpider
4
+ end
5
+ end
6
+ end
7
+
8
+ require 'dradis/plugins/ntospider/engine'
9
+ require 'dradis/plugins/ntospider/field_processor'
10
+ require 'dradis/plugins/ntospider/importer'
11
+ require 'dradis/plugins/ntospider/version'
@@ -0,0 +1,9 @@
1
+ module Dradis::Plugins::NTOSpider
2
+ class Engine < ::Rails::Engine
3
+ isolate_namespace Dradis::Plugins::NTOSpider
4
+
5
+ include ::Dradis::Plugins::Base
6
+ description 'Processes NTOSpider reports'
7
+ provides :upload
8
+ end
9
+ end
@@ -0,0 +1,22 @@
1
+ module Dradis::Plugins::NTOSpider
2
+ class FieldProcessor < Dradis::Plugins::Upload::FieldProcessor
3
+
4
+ def post_initialize(args={})
5
+ @nto_object = ::NTOSpider::Vuln.new(data)
6
+ end
7
+
8
+ def value(args={})
9
+ field = args[:field]
10
+
11
+ # fields in the template are of the form <foo>.<field>, where <foo>
12
+ # is common across all fields for a given template (and meaningless).
13
+ _, name = field.split('.')
14
+
15
+ # The XML uses a <Method> entity, but 'method' is a reserved word here so:
16
+ name = 'vuln_method' if name == 'method'
17
+
18
+ @nto_object.try(name) || 'n/a'
19
+ end
20
+ end
21
+
22
+ end
@@ -0,0 +1,19 @@
1
+ module Dradis
2
+ module Plugins
3
+ module NTOSpider
4
+ # Returns the version of the currently loaded NTOSpider as a <tt>Gem::Version</tt>
5
+ def self.gem_version
6
+ Gem::Version.new VERSION::STRING
7
+ end
8
+
9
+ module VERSION
10
+ MAJOR = 3
11
+ MINOR = 18
12
+ TINY = 0
13
+ PRE = nil
14
+
15
+ STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,74 @@
1
+ module Dradis::Plugins::NTOSpider
2
+ class Importer < Dradis::Plugins::Upload::Importer
3
+
4
+ BAD_FILENAME_ERROR_MESSAGE = \
5
+ "The uploaded file should be named VulnerabilitiesSummary.xml. "\
6
+ "You'll find VulnerabilitiesSummary.xml inside the /report subdirectory in NTO Spider's output."
7
+ NO_VULNSUMMARY_ERROR_MESSAGE = \
8
+ "A proper root element (/VulnSummary) wasn't detected in the uploaded file. "\
9
+ "Ensure the file you uploaded comes from a NTOSpider report."
10
+ NO_VULNS_ERROR_MESSAGE = \
11
+ "No vulnerabilities were detected in the uploaded file (/VulnSummary/VulnList/Vuln). "\
12
+ "Ensure the file you uploaded comes from a NTOSpider report."
13
+
14
+ # The framework will call this function if the user selects this plugin from
15
+ # the dropdown list and uploads a file.
16
+ # @returns true if the operation was successful, false otherwise
17
+ def import(params={})
18
+ file = params.fetch(:file)
19
+
20
+ filename = File.basename(file)
21
+ unless filename == "VulnerabilitiesSummary.xml"
22
+ log_error_and_return(BAD_FILENAME_ERROR_MESSAGE)
23
+ return false
24
+ end
25
+
26
+ file_content = File.read(file)
27
+ logger.info{'Parsing VulnerabilitiesSummary.xml...'}
28
+ @doc = Nokogiri::XML( file_content )
29
+ if @doc.root && @doc.root.name == 'VulnSummary'
30
+ logger.info{'Done.'}
31
+ else
32
+ log_error_and_return(NO_VULNSUMMARY_ERROR_MESSAGE)
33
+ return false
34
+ end
35
+
36
+
37
+ if @doc.xpath('/VulnSummary/VulnList/Vuln').empty?
38
+ log_error_and_return(NO_VULNS_ERROR_MESSAGE)
39
+ return false
40
+ end
41
+
42
+ @doc.xpath('/VulnSummary/VulnList/Vuln').each do |xml_vuln|
43
+ vuln = ::NTOSpider::Vuln.new(xml_vuln)
44
+
45
+ host_node_label = xml_vuln.at_xpath('./WebSite').text
46
+ host_node_label = URI.parse(host_node_label).host rescue host_node_label
47
+ host_node = content_service.create_node(label: host_node_label, type: :host)
48
+
49
+ plugin_id = vuln.vuln_type
50
+ logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
51
+ issue_text = template_service.process_template(
52
+ template: 'vuln', data: vuln.xml
53
+ )
54
+ issue = content_service.create_issue text: issue_text, id: plugin_id
55
+
56
+ logger.info{ "\t\t => Creating new evidence" }
57
+ evidence_content = template_service.process_template(
58
+ template: 'evidence', data: vuln.xml
59
+ )
60
+ content_service.create_evidence(
61
+ issue: issue, node: host_node, content: evidence_content
62
+ )
63
+ end
64
+
65
+ true
66
+ end # /import
67
+
68
+ private
69
+ def log_error_and_return(message)
70
+ logger.fatal { message }
71
+ content_service.create_note text: "#[Title]#\nNTO upload error\n\n#[Description]#\n#{ message }"
72
+ end
73
+ end
74
+ end
@@ -0,0 +1,9 @@
1
+ require_relative 'gem_version'
2
+
3
+ module Dradis::Plugins::NTOSpider
4
+ # Returns the version of the currently loaded NTOSpider as a
5
+ # <tt>Gem::Version</tt>.
6
+ def self.version
7
+ gem_version
8
+ end
9
+ end
@@ -0,0 +1,118 @@
1
+ module NTOSpider
2
+ # This class represents each of the vulnerabilities reported in the
3
+ # NTOSpider VulnerabilitiesSummary.xml file as <Vuln> entities.
4
+ #
5
+ # It provides a convenient way to access the information scattered all over
6
+ # the XML entities.
7
+ #
8
+ # Instead of providing separate methods for each supported property we rely
9
+ # on Ruby's #method_missing to do most of the work.
10
+ class Vuln
11
+ attr_accessor :xml
12
+ # Accepts an XML node from Nokogiri::XML.
13
+ def initialize(xml_node)
14
+ @xml = xml_node
15
+ end
16
+
17
+ # List of supported tags. They can be attributes, simple descendants or
18
+ # collections (e.g. <references/>, <tags/>)
19
+ def supported_tags
20
+ [
21
+ # attributes
22
+
23
+ # simple tags
24
+ :attack_class, :attack_score, :attack_type, :attack_value, :capec,
25
+ :cwe_id, :description, :dissa_asc, :normalized_url, :oval, :owasp2007,
26
+ :owasp2010, :owasp2013, :recommendation, :vuln_method, :vuln_param,
27
+ :vuln_type, :vuln_url, :web_site
28
+ # nested tags
29
+ ]
30
+ end
31
+
32
+ # This allows external callers (and specs) to check for implemented
33
+ # properties
34
+ def respond_to?(method, include_private=false)
35
+ return true if supported_tags.include?(method.to_sym)
36
+ super
37
+ end
38
+
39
+ # This method is invoked by Ruby when a method that is not defined in this
40
+ # instance is called.
41
+ #
42
+ # In our case we inspect the @method@ parameter and try to find the
43
+ # attribute, simple descendent or collection that it maps to in the XML
44
+ # tree.
45
+ def method_missing(method, *args)
46
+ # We could remove this check and return nil for any non-recognized tag.
47
+ # The problem would be that it would make tricky to debug problems with
48
+ # typos. For instance: <>.potr would return nil instead of raising an
49
+ # exception
50
+ unless supported_tags.include?(method)
51
+ super
52
+ return
53
+ end
54
+
55
+ # First we try the attributes. In Ruby we use snake_case, but in XML
56
+ # CamelCase is used for some attributes
57
+ translations_table = {
58
+ capec: 'CAPEC',
59
+ dissa_asc: 'DISSA_ASC',
60
+ owasp2007: 'OWASP2007',
61
+ owasp2010: 'OWASP2010',
62
+ owasp2013: 'OWASP2013',
63
+ oval: 'OVAL',
64
+ wasc: 'WASC'
65
+ }
66
+
67
+ method_name = translations_table.fetch(method, method.to_s.camelcase)
68
+
69
+ # no attributes in the <issue> node
70
+ # return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)
71
+
72
+ # Then we try simple children tags: name, type, ...
73
+ tag = @xml.at_xpath("./#{method_name}")
74
+ if tag && !tag.text.blank?
75
+ if tags_with_html_content.include?(method)
76
+ return cleanup_html(tag.text)
77
+ else
78
+ return tag.text
79
+ end
80
+ else
81
+ # nothing found, the tag is valid but not present in this Vuln
82
+ return nil
83
+ end
84
+ end
85
+
86
+ private
87
+
88
+ def cleanup_html(source)
89
+ result = source.dup
90
+ result.gsub!(/&quot;/, '"')
91
+ result.gsub!(/&amp;/, '&')
92
+ result.gsub!(/&lt;/, '<')
93
+ result.gsub!(/&gt;/, '>')
94
+
95
+ result.gsub!(/<b>(.*?)<\/b>/, '*\1*')
96
+ result.gsub!(/<br\/>/, "\n")
97
+ result.gsub!(/<br>/, "\n")
98
+ result.gsub!(/<font.*?>(.*?)<\/font>/m, '\1')
99
+ result.gsub!(/<h2>(.*?)<\/h2>/, '*\1*')
100
+ result.gsub!(/<i>(.*?)<\/i>/, '\1')
101
+ result.gsub!(/<p>(.*?)<\/p>/m, '\1')
102
+ result.gsub!(/<pre.*?>(.*?)<\/pre>/m){|m| "\n\nbc.. #{ $1 }\n\np. \n" }
103
+
104
+ result.gsub!(/<ul>/, "\n")
105
+ result.gsub!(/<\/ul>/, "\n")
106
+ result.gsub!(/<li>/, "\n* ")
107
+ result.gsub!(/<\/li>/, "\n")
108
+
109
+ result
110
+ end
111
+
112
+ # Some of the values have embedded HTML content that we need to strip
113
+ def tags_with_html_content
114
+ [:description, :recommendation]
115
+ end
116
+
117
+ end
118
+ end
@@ -0,0 +1,20 @@
1
+ class NTOSpiderTasks < Thor
2
+ include Rails.application.config.dradis.thor_helper_module
3
+
4
+ namespace "dradis:plugins:ntospider"
5
+
6
+ desc "upload FILE", "upload NTOSpider XML results"
7
+ def upload(file_path)
8
+ require 'config/environment'
9
+
10
+ unless File.exists?(file_path)
11
+ $stderr.puts "** the file [#{file_path}] does not exist"
12
+ exit -1
13
+ end
14
+
15
+ detect_and_set_project_scope
16
+
17
+ importer = Dradis::Plugins::NTOSpider::Importer.new(task_options)
18
+ importer.import(file: file_path)
19
+ end
20
+ end
@@ -0,0 +1,382 @@
1
+ <?xml version="1.0" encoding="UTF-8"?>
2
+ <VulnSummary>
3
+ <AppVersion>6.2.115.1</AppVersion>
4
+ <ScanName>hackthissite</ScanName>
5
+ <ScanStarted>2014-10-14 07:26:14</ScanStarted>
6
+ <ScanDuration>18:33:23</ScanDuration>
7
+ <ScanEnded>2014-10-15 01:59:37</ScanEnded>
8
+ <UTCOffset>3</UTCOffset>
9
+ <ResourcesCrawled>2989</ResourcesCrawled>
10
+ <NumberOfRequests>492821</NumberOfRequests>
11
+ <NumberOfFailedRequests>989</NumberOfFailedRequests>
12
+ <VulnList>
13
+ <Vuln>
14
+ <DbId>7B9CAABF300A49688F4D30FA423EDFB8</DbId>
15
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
16
+ <ScanName>hackthissite</ScanName>
17
+ <WebSite>http://www.hackthissite.org:80</WebSite>
18
+ <VulnType>Reflected Cross-site scripting (XSS)</VulnType>
19
+ <VulnUrl>http://www.hackthissite.org/</VulnUrl>
20
+ <NormalizedUrl>http://www.hackthissite.org/?</NormalizedUrl>
21
+ <MatchedString />
22
+ <NormalizedPostParams />
23
+ <VulnParam>Unnamed</VulnParam>
24
+ <ParameterName>Unnamed</ParameterName>
25
+ <HtmlEntityAttacked>Query-Parameters</HtmlEntityAttacked>
26
+ <AttackType>javascript after single quote</AttackType>
27
+ <AttackScore>3-Medium</AttackScore>
28
+ <AttackValue>';alert('x9lj3cup');//</AttackValue>
29
+ <Method>GET</Method>
30
+ <RootCauseId>9AEE038BB3477FE5A178FBA57C93FC76</RootCauseId>
31
+ <Description><![CDATA[<p>Reflected Cross-site Scripting (XSS) is another name for non-persistent XSS, where the attack doesn't load with the vulnerable web application but is originated by the victim loading the offending URI. In this article we will see some ways to test a web application for this kind of vulnerability.</p>]]></Description>
32
+ <Recommendation><![CDATA[<p>Reflected XSS attacks are also known as type 1 or non-persistent XSS attacks, and are the most frequent type of XSS attacks found nowadays.</p>
33
+
34
+ <p>When a web application is vulnerable to this type of attack, it will pass unvalidated input sent through requests to the client. The common modus operandi of the attack includes a design step, in which the attacker creates and tests an offending URI, a social engineering step, in which she convinces her victims to load this URI on their browsers, and the eventual execution of the offending code - using the victim's credentials.</p>
35
+
36
+ <p>Commonly the attacker's code is written in the Javascript language, but other scripting languages are also used, e.g., ActionScript and VBScript.</p>
37
+
38
+ <p>Attackers typically leverage these vulnerabilities to install key loggers, steal victim cookies, perform clipboard theft, and change the content of the page (e.g., download links).</p>
39
+
40
+ <p>One of the important matters about exploiting XSS vulnerabilities is character encoding. In some cases, the web server or the web application may not be filtering some encodings of characters, so, for example, the web application might filter out "&lt;script&gt;", but might not filter "%3Cscript%3E" which simply includes another encoding of tags. A nice tool for testing character encodings is OWASP's CAL9000. </p>]]></Recommendation>
41
+ <Page>http://www.hackthissite.org/</Page>
42
+ <Url>http://www.hackthissite.org/</Url>
43
+ <VulnParamType>unknown</VulnParamType>
44
+ <CrawlTrafficTemplate>R0VUIC8/eGh5azJhanEtcHQgSFRUUC8xLjENCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtQ2hhcnNldDogKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoY29tcGF0aWJsZTsgTVNJRSA5LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC81LjApDQpIb3N0OiB3d3cuaGFja3RoaXNzaXRlLm9yZw0KQ29va2llOiBfX3V0bWE9MTk4NDAyODcwLjYwNzMyMTI4MC4xNDEzMjYwOTIzLjE0MTMyNjA5MjMuMTQxMzI2MDkyMy4xOyBfX3V0bXo9MTk4NDAyODcwLjE0MTMyNjA5MjMuMS4xLnV0bWNzcj0oZGlyZWN0KXx1dG1jY249KGRpcmVjdCl8dXRtY21kPShub25lKTsgYWRzX2JtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBwaHBiYjNfMjhwbGFfdT0xOyBwaHBiYjNfMjhwbGFfaz07IHBocGJiM18yOHBsYV9zaWQ9OTFkOTgzOThhY2U2NzUxZjI3YTI5ZmNmYmJhMmMwOTQ7IGJtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBQSFBTRVNTSUQ9OWh2bmxmczUxanNqMmlpZWZtaDc0dXN0YTA7IF9fdXRtYj0xOTg0MDI4NzAuNTAwLjEwLjE0MTMyNjA5MjM7IF9fdXRtYz0xOTg0MDI4NzA7IGJtX21vbnRobHlfdW5pcXVlPXRydWU7IGJtX2RhaWx5X3VuaXF1ZT10cnVlOyBsZXZlbDEwX2F1dGhvcml6ZWQ9bm87DQoNCg==</CrawlTrafficTemplate>
45
+ <AttackClass>Application Developer</AttackClass>
46
+ <CweId>79</CweId>
47
+ <CAPEC>80</CAPEC>
48
+ <DISSA_ASC>3580</DISSA_ASC>
49
+ <OWASP2007>1</OWASP2007>
50
+ <OWASP2010>2</OWASP2010>
51
+ <OWASP2013>3</OWASP2013>
52
+ <OVAL>6312</OVAL>
53
+ <WASC>0</WASC>
54
+ <ScanDate>2014-10-14 07:26:14</ScanDate>
55
+ <ScanEnd>2014-10-15 01:59:37</ScanEnd>
56
+ <DefenseBL>
57
+ <DbId>E00DA69EEFFE4556A2EA833A05174698</DbId>
58
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
59
+ <PcreRegex />
60
+ <ModSecurity />
61
+ <Snort />
62
+ <Imperva>cross-site-scripting</Imperva>
63
+ </DefenseBL>
64
+ <DefenseWL>
65
+ <DbId>ED59621943E9405B98ED9C3642011DBB</DbId>
66
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
67
+ <PcreRegex />
68
+ <ModSecurity />
69
+ <Snort />
70
+ <Imperva />
71
+ </DefenseWL>
72
+ <AttackList>
73
+ <Attack>
74
+ <DbId>0FBEDA330DDC427CB8EFB550E5170614</DbId>
75
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
76
+ <AttackValue>'-alert(6759001)-'</AttackValue>
77
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
78
+ <AttackPostParams />
79
+ <AttackMatchedString>6759001</AttackMatchedString>
80
+ <AttackRequestList>
81
+ <AttackRequest>
82
+ <DbId>E70A833E09944518999100DD31DCDEDF</DbId>
83
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
84
+ <Request>R0VUIC8/Jy1hbGVydCg2NzU5MDAxKS0nIEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOw0KDQo=</Request>
85
+ <Response></Response>
86
+ <Benign>0</Benign>
87
+ </AttackRequest>
88
+ </AttackRequestList>
89
+ </Attack>
90
+ <Attack>
91
+ <DbId>6B29EBB4F4094201B6541769C9D3BCFB</DbId>
92
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
93
+ <AttackValue>';alert('xhsysg0a');//</AttackValue>
94
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
95
+ <AttackPostParams />
96
+ <AttackMatchedString>xhsysg0a</AttackMatchedString>
97
+ <AttackRequestList>
98
+ <AttackRequest>
99
+ <DbId>245EEA880FA748298BFDD11D286A2AA8</DbId>
100
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
101
+ <Request>R0VUIC8/JzthbGVydCgneGhzeXNnMGEnKTsvLyBIVFRQLzEuMQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgNCkFjY2VwdC1DaGFyc2V0OiAqDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzUuMCkNCkhvc3Q6IHd3dy5oYWNrdGhpc3NpdGUub3JnDQpDb29raWU6IFBIUFNFU1NJRD05aHZubGZzNTFqc2oyaWllZm1oNzR1c3RhMDsgX191dG1hPTE5ODQwMjg3MC42MDczMjEyODAuMTQxMzI2MDkyMy4xNDEzMjYwOTIzLjE0MTMyNjA5MjMuMTsgX191dG1iPTE5ODQwMjg3MC41MDAuMTAuMTQxMzI2MDkyMzsgX191dG1jPTE5ODQwMjg3MDsgX191dG16PTE5ODQwMjg3MC4xNDEzMjYwOTIzLjEuMS51dG1jc3I9KGRpcmVjdCl8dXRtY2NuPShkaXJlY3QpfHV0bWNtZD0obm9uZSk7IGFkc19ibV9sYXN0X2xvYWRfc3RhdHVzPU5PVF9CTE9DS0lORzsgYm1fbW9udGhseV91bmlxdWU9dHJ1ZTsgYm1fZGFpbHlfdW5pcXVlPXRydWU7IHBocGJiM18yOHBsYV91PTE7IHBocGJiM18yOHBsYV9rPTsgcGhwYmIzXzI4cGxhX3NpZD05MWQ5ODM5OGFjZTY3NTFmMjdhMjlmY2ZiYmEyYzA5NDsgbGV2ZWwxMF9hdXRob3JpemVkPW5vOyBibV9sYXN0X2xvYWRfc3RhdHVzPU5PVF9CTE9DS0lORzsNCg0K</Request>
102
+ <Response></Response>
103
+ <Benign>0</Benign>
104
+ </AttackRequest>
105
+ </AttackRequestList>
106
+ </Attack>
107
+ <Attack>
108
+ <DbId>208D71F46FC84F7A97A51A9D204936E8</DbId>
109
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
110
+ <AttackValue>'+alert(14357991)+'</AttackValue>
111
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
112
+ <AttackPostParams />
113
+ <AttackMatchedString>14357991</AttackMatchedString>
114
+ <AttackRequestList>
115
+ <AttackRequest>
116
+ <DbId>656C78FC2C5A4E8E88805D70E85C03BB</DbId>
117
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
118
+ <Request>R0VUIC8/JythbGVydCgxNDM1Nzk5MSkrJyBIVFRQLzEuMQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgNCkFjY2VwdC1DaGFyc2V0OiAqDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzUuMCkNCkhvc3Q6IHd3dy5oYWNrdGhpc3NpdGUub3JnDQpDb29raWU6IFBIUFNFU1NJRD05aHZubGZzNTFqc2oyaWllZm1oNzR1c3RhMDsgX191dG1hPTE5ODQwMjg3MC42MDczMjEyODAuMTQxMzI2MDkyMy4xNDEzMjYwOTIzLjE0MTMyNjA5MjMuMTsgX191dG1iPTE5ODQwMjg3MC41MDAuMTAuMTQxMzI2MDkyMzsgX191dG1jPTE5ODQwMjg3MDsgX191dG16PTE5ODQwMjg3MC4xNDEzMjYwOTIzLjEuMS51dG1jc3I9KGRpcmVjdCl8dXRtY2NuPShkaXJlY3QpfHV0bWNtZD0obm9uZSk7IGFkc19ibV9sYXN0X2xvYWRfc3RhdHVzPU5PVF9CTE9DS0lORzsgYm1fbW9udGhseV91bmlxdWU9dHJ1ZTsgYm1fZGFpbHlfdW5pcXVlPXRydWU7IHBocGJiM18yOHBsYV91PTE7IHBocGJiM18yOHBsYV9rPTsgcGhwYmIzXzI4cGxhX3NpZD05MWQ5ODM5OGFjZTY3NTFmMjdhMjlmY2ZiYmEyYzA5NDsgbGV2ZWwxMF9hdXRob3JpemVkPW5vOyBibV9sYXN0X2xvYWRfc3RhdHVzPU5PVF9CTE9DS0lORzsNCg0K</Request>
119
+ <Response></Response>
120
+ <Benign>0</Benign>
121
+ </AttackRequest>
122
+ </AttackRequestList>
123
+ </Attack>
124
+ <Attack>
125
+ <DbId>FF2039A5A33D4167B1BD5F10DBD78989</DbId>
126
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
127
+ <AttackValue><![CDATA[xhyk2ajq-pt"><script>alert(15009454)</script>]]></AttackValue>
128
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
129
+ <AttackPostParams />
130
+ <AttackMatchedString>15009454</AttackMatchedString>
131
+ <AttackRequestList>
132
+ <AttackRequest>
133
+ <DbId>81362DB814024D8899B83D4A4FF7DE3A</DbId>
134
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
135
+ <Request>R0VUIC8/eGh5azJhanEtcHQiPjxzY3JpcHQ+YWxlcnQoMTUwMDk0NTQpPC9zY3JpcHQ+IEhUVFAvMS4xDQpBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOA0KQWNjZXB0LUNoYXJzZXQ6ICoNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKGNvbXBhdGlibGU7IE1TSUUgOS4wOyBXaW5kb3dzIE5UIDYuMTsgV09XNjQ7IFRyaWRlbnQvNS4wKQ0KSG9zdDogd3d3LmhhY2t0aGlzc2l0ZS5vcmcNCkNvb2tpZTogUEhQU0VTU0lEPTlodm5sZnM1MWpzajJpaWVmbWg3NHVzdGEwOyBfX3V0bWE9MTk4NDAyODcwLjYwNzMyMTI4MC4xNDEzMjYwOTIzLjE0MTMyNjA5MjMuMTQxMzI2MDkyMy4xOyBfX3V0bWM9MTk4NDAyODcwOyBfX3V0bXo9MTk4NDAyODcwLjE0MTMyNjA5MjMuMS4xLnV0bWNzcj0oZGlyZWN0KXx1dG1jY249KGRpcmVjdCl8dXRtY21kPShub25lKTsgYWRzX2JtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOyBibV9tb250aGx5X3VuaXF1ZT10cnVlOyBibV9kYWlseV91bmlxdWU9dHJ1ZTsgcGhwYmIzXzI4cGxhX3U9MTsgcGhwYmIzXzI4cGxhX2s9OyBwaHBiYjNfMjhwbGFfc2lkPWJhNzNiNWJkZGYwNjUwOWMyNzhkOTdkNmVkMzgxOTM4OyBsZXZlbDEwX2F1dGhvcml6ZWQ9bm87IGJzX3VzZXI9eGl5OTJxMXI7IGJzX3Bhc3M9eGl5OTJxMXMlMjQ7IGJtX2xhc3RfbG9hZF9zdGF0dXM9Tk9UX0JMT0NLSU5HOw0KDQo=</Request>
136
+ <Response>SFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBUdWUsIDE0IE9jdCAyMDE0IDIwOjU4OjAxIEdNVA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNClRyYW5zZmVyLUVuY29kaW5nOiBjaHVua2VkDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpFeHBpcmVzOiBUaHUsIDE5IE5vdiAxOTgxIDA4OjUyOjAwIEdNVA0KQ2FjaGUtQ29udHJvbDogbm8tc3RvcmUsIG5vLWNhY2hlLCBtdXN0LXJldmFsaWRhdGUsIHBvc3QtY2hlY2s9MCwgcHJlLWNoZWNrPTANClByYWdtYTogbm8tY2FjaGUNClNlcnZlcjogSGFja1RoaXNTaXRlIExvYWQgQmFsYW5jZXINClN0cmljdC1UcmFuc3BvcnQtU2VjdXJpdHk6IG1heC1hZ2U9MzE1MzYwMDANCkNvbnRlbnQtRW5jb2Rpbmc6IGd6aXANCg0KPCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFsLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25hbC5kdGQiPgo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCIgeG1sOmxhbmc9ImVuIiBsYW5nPSJlbiI+Cgo8aGVhZD4KICA8dGl0bGU+SGFjayBUaGlzIFNpdGUhPC90aXRsZT4KICA8bWV0YSBuYW1lPSJ2ZXJpZnktdjEiIGNvbnRlbnQ9InMvWVhuN2VRck1Cb0Y5UEw1akxKRGlXcEF4RVhwSnpFOUpMZy96TTRDMlk9IiAvPgogIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWlzby04ODU5LTEiIC8+CiAgPG1ldGEgbmFtZT0iQXV0aG9yIiBjb250ZW50PSJIYWNrVGhpc1NpdGUub3JnIENyZXcuIiAvPgogIDxtZXRhIG5hbWU9IkRlc2NyaXB0aW9uIiBjb250ZW50PSJIYWNrVGhpc1NpdGUhIGlzIGEgbGVnYWwgYW5kIHNhZmUgbmV0d29yayBzZWN1cml0eSByZXNvdXJjZSB3aGVyZSB1c2VycyB0ZXN0IHRoZWlyIGhhY2tpbmcgc2tpbGxzIG9uIHZhcmlvdXMgY2hhbGxlbmdlcyBhbmQgbGVhcm4gYWJvdXQgaGFja2luZyBhbmQgbmV0d29yayBzZWN1cml0eS4gQWxzbyBwcm92aWRlZCBhcmUgYXJ0aWNsZXMsIGNvbXByZWhlbnNpdmUgYW5kIGFjdGl2ZSBmb3J1bXMsIGFuZCBndWlkZXMgYW5kIHR1dG9yaWFscy4gTGVhcm4gaG93IHRvIGhhY2shIiAvPgogIDxtZXRhIG5hbWU9IktleVdvcmRzIiBjb250ZW50PSJjaGFsbGVuZ2UsIGNvbXB1dGVyLCBjdWx0dXJlLCBkZWZhY2UsIGRpZ2l0YWwsIGV0aGljcywgZ2FtZXMsIGd1aWRlLCBoYWNrLCBoYWNrIGZvcnVtcywgaGFja2VyLCBoYWNrZXJzLCBoYWNraW5nLCBoYWNraW5nIGNoYWxsZW5nZXMsIGhhY2tpbmcgZm9ydW1zLCBtaXNzaW9uLCBuZXQsIHByb2dyYW1taW5nLCByYWRpY2FsLCByZXZvbHV0aW9uLCByb290LCByb290aW5nLCBzZWN1cml0eSwgc2l0ZSwgc29jaWV0eSwgdHV0b3JpYWwsIHR1dG9yaWFscywgd2FyLCB3YXJnYW1lLCB3YXJnYW1lcywgd2ViLCB3ZWJzaXRlIiAvPgogICAgPGxpbmsgcmVsPSJpY29uIiBocmVmPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvZmF2aWNvbi5pY28iIHR5cGU9ImltYWdlL3gtaWNvbiIgLz4KICA8bGluayByZWw9InNob3J0Y3V0IGljb24iIGhyZWY9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy9mYXZpY29uLmljbyIgdHlwZT0iaW1hZ2UveC1pY29uIiAvPgogIDxsaW5rIGhyZWY9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy90aGVtZXMvRGFyay9EYXJrLmNzcyIgcmVsPSJzdHlsZXNoZWV0IiB0eXBlPSJ0ZXh0L2NzcyIgLz4KICA8bGluayBocmVmPSJodHRwOi8vd3d3LmhhY2t0aGlzc2l0ZS5vcmcvcGFnZXMvaHRzLnJzcy5waHAiIHJlbD0iYWx0ZXJuYXRlIiB0eXBlPSJhcHBsaWNhdGlvbi9yc3MreG1sIiB0aXRsZT0iSFRTIFJTUyBmZWVkIiAvPgogIDxiYXNlIGhyZWY9Imh0dHA6Ly93d3cuaGFja3RoaXNzaXRlLm9yZyIgLz4KICA8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCIgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvanMvanF1ZXJ5LTEuOC4xLm1pbi5qcyI+PC9zY3JpcHQ+CjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4KKGZ1bmN0aW9uKCkgewogIGZ1bmN0aW9uIGFzeW5jX2xvYWQoc2NyaXB0X3VybCl7CiAgICB2YXIgcHJvdG9jb2wgPSAoJ2h0dHBzOicgPT0gZG9jdW1lbnQubG9jYXRpb24ucHJvdG9jb2wgPyAnaHR0cHM6Ly8nIDogJ2h0dHA6Ly8nKTsKICAgIHZhciBzID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnc2NyaXB0Jyk7IHMuc3JjID0gcHJvdG9jb2wgKyBzY3JpcHRfdXJsOwogICAgdmFyIHggPSBkb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgnc2NyaXB0JylbMF07IHgucGFyZW50Tm9kZS5pbnNlcnRCZWZvcmUocywgeCk7CiAgfQogIGJtX3dlYnNpdGVfY29kZSA9ICczQ0JBNzFBRjdCN0U0MTQ1JzsKICBqUXVlcnkoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCl7YXN5bmNfbG9hZCgnYXNzZXQucGFnZWZhaXIuY29tL21lYXN1cmUubWluLmpzJyl9KTsKICBqUXVlcnkoZG9jdW1lbnQpLnJlYWR5KGZ1bmN0aW9uKCl7YXN5bmNfbG9hZCgnYXNzZXQucGFnZWZhaXIubmV0L2Fkcy5taW4uanMnKX0pOwp9KSgpOwo8L3NjcmlwdD4KICA8L2hlYWQ+Cjxib2R5Pgo8c3BhbiBpZD0iYmxhbmstZWxlbWVudCIgc3R5bGU9ImRpc3BsYXk6IG5vbmUiPjwvc3Bhbj4KCjxkaXYgaWQ9InRvcGJhciIgYWxpZ249ImNlbnRlciI+CjxhIGhyZWY9Imh0dHA6Ly93d3cuaGFja3RoaXNzaXRlLm9yZyIgaWQ9ImFjdGl2ZSI+SGFja1RoaXNTaXRlPC9hPiAtIDxhIGhyZWY9ImlyYzovL2lyYy5oYWNrdGhpc3NpdGUub3JnOis3MDAwLyI+SVJDPC9hPiAtIDxhIGhyZWY9Imh0dHA6Ly93d3cuaGFja3RoaXNzaXRlLm9yZy9mb3J1bXMiPkZvcnVtczwvYT4gLSA8YSBocmVmPSJodHRwOi8vcmFkaW8uaGFja3RoaXNzaXRlLm9yZyI+UmFkaW88L2E+IC0gPGEgaHJlZj0iaHR0cDovL2h0cy5pby94L2h0dHA6Ly93d3cuY2FmZXByZXNzLmNvbS9odHNzdG9yZSIgdGFyZ2V0PSJfbmV3Ij5TdG9yZTwvYT4gLSA8YSBocmVmPSJodHRwOi8vaHRzLmlvIiB0YXJnZXQ9Il9uZXciPlVSTCBTaG9ydGVuZXI8L2E+Jm5ic3A7Jm5ic3A7Jm5ic3A7LS0tJm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iaHR0cDovL2h0cy5pby94L2h0dHBzOi8vd3d3LmZhY2Vib29rLmNvbS9oYWNrdGhpc3NpdGUiIHRhcmdldD0iX25ldyI+TGlrZSBVczwvYT4gLSA8YSBocmVmPSJodHRwOi8vaHRzLmlvL3gvaHR0cHM6Ly90d2l0dGVyLmNvbS8jIS9oYWNrdGhpc3NpdGUiIHRhcmdldD0iX25ldyI+Rm9sbG93IFVzPC9hPjwvZGl2Pgo8ZGl2IGNsYXNzPSJodHMtaGVhZGVyIj4KPGEgaHJlZj0iLyI+PGltZyBzcmM9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy90aGVtZXMvRGFyay9pbWFnZXMvaGVhZGVyLmpwZyIgYWx0PSJIYWNrIFRoaXMgU2l0ZSIgYm9yZGVyPSIwIiAvPjwvYT4KPGJyIC8+CjxhIGhyZWY9Imh0dHBzOi8vd3d3LmhhY2t0aGlzc2l0ZS5vcmcvMko2VVlINncyNjdTejZqb21YVkUyNFVRbWEwZ2gxa2kzZnNoajUwOTM4V1BZUjVmNWhrN0RwVENLT1prb2QzMFlaNFlySWpoTFQyMzk2VVQzMU9uSzc1bkRreWd5b2k5IiB0YXJnZXQ9Il9ibGFuayI+PGltZyBzcmM9Imh0dHBzOi8vd3d3LmhhY2t0aGlzc2l0ZS5vcmcvazJ3c2x2MGNBODNUMEh4OXk5ODlJa2wxUVZhODN0YmhReldQWTUxY21yeDduTDVUNDE2RFIxVDVuN1ZEVDY1OVNZcDFTNjdVOFNBendhVnhvNTM3Nm9USTFRdXB6d1k1bU1td0pBMXBmcHp5d3gwcko5Rjlob2I4VHloNVlNRjVuQ2FuSlQyTG5BODlMTTJ5M0p6c2ttb3Q0RDNkOVhrTjlIS2p0IiBhbHQ9IkxlYXJuIFNlY3VyaXR5IE9ubGluZSIgaWQ9ImF0aW1nIiBjbGFzcz0iYWJzdGFpbWciIHRpdGxlPSJMZWFybiBTZWN1cml0eSBPbmxpbmUiIGJvcmRlcj0iMCIgLz48L2E+CjxkaXYgaWQ9Ijg5NTFjOTUxMDkiIGNsYXNzPSJwYWdlZmFpci1hY2NlcHRhYmxlIj48L2Rpdj48YnIgLz5bPGEgaHJlZj0iaHR0cHM6Ly93d3cuaGFja3RoaXNzaXRlLm9yZy9hZHZlcnRpc2UvIj5BZHZlcnRpc2UgV2l0aCBIYWNrVGhpc1NpdGUub3JnPC9hPl08IS0tIEtvbnRlcmEgQ29udGVudExpbmsoVE0pOy0tPg0KPHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPg0KdmFyIGRjX0FkTGlua0NvbG9yID0gJyMwNjQ2NCcgOyANCnZhciBkY19QdWJsaXNoZXJJRCA9IDc5MzA4IDsgDQo8L3NjcmlwdD4NCjxzY3JpcHQgdHlwZT0ndGV4dC9qYXZhc2NyaXB0JyBzcmM9J2h0dHA6Ly9rb25hLmtvbnRlcmEuY29tL2phdmFzY3JpcHQvbGliL0tvbmFMaWJJbmxpbmUuanMnPg0KPC9zY3JpcHQ+PC9kaXY+CiAgPHRhYmxlIHdpZHRoPSI3ODAiIGJvcmRlcj0iMCIgY2VsbHBhZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIiBjbGFzcz0ic2l0ZWhlYWRlciBjbVRhYmxlIj4KICAgIDx0cj4KICAgICAgPHRkIGNsYXNzPSJzaXRldG9waGVhZGVyIj48YmxvY2txdW90ZT4iSSBuZXZlciB0aGluayBvZiB0aGUgZnV0dXJlIC0gaXQgY29tZXMgc29vbiBlbm91Z2guIiAtIEFsYmVydCBFaW5zdGVpbjwvYmxvY2txdW90ZT48L3RkPgogICAgPC90cj4KICAgIDx0cj4KICAgICAgPHRkPjx0YWJsZSB3aWR0aD0iMTAwJSIgIGJvcmRlcj0iMCIgY2VsbHNwYWNpbmc9IjAiIGNlbGxwYWRkaW5nPSIwIj4KICAgICAgICA8dHI+CiAgICAgICAgICA8dGQgd2lkdGg9IjE2MCIgdmFsaWduPSJ0b3AiIGNsYXNzPSJuYXZiYXIiPjxkaXYgYWxpZ249ImNlbnRlciI+CiAgICAgICAgICAgIDxiciAvPgogICAgICAgICAgICA8ZGl2IHN0eWxlPSJtYXJnaW4tcmlnaHQ6IDdweDsgYm9yZGVyOiAzcHggZG91YmxlICM1NTU1NTU7IGJhY2tncm91bmQtY29sb3I6ICNDQzAwMDA7IGZvbnQtd2VpZ2h0OiBib2xkOyBjdXJzb3I6IHBvaW50ZXIiIG9uQ2xpY2s9IndpbmRvdy5sb2NhdGlvbi5ocmVmPSdodHRwczovL3d3dy5oYWNrdGhpc3NpdGUub3JnLz94aHlrMmFqcS1wdCI+PHNjcmlwdD5hbGVydCgxNTAwOTQ1NCk8L3NjcmlwdD4nIj4KPGltZyBzcmM9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy9pbWFnZXMvdW5sb2NrLnBuZyIgc3R5bGU9ImZsb2F0OiBsZWZ0OyBtYXJnaW46IDRweCAwIDAgNXB4Ij4KQ2xpY2sgaGVyZSB0byBicm93c2UgSGFja1RoaXNTaXRlIG92ZXIgU1NMCjwvZGl2Pgo8YnIgLz4JPCEtLSBsb2dpbiBmb3JtIHN0YXJ0IC0tPgoJPGRpdiBpZD0ib3VybG9naW4iPgoJCTxzcGFuIGlkPSJsb2dpbmNsaWNrIj48YSBjbGFzcz0ibmF2IiBocmVmPSIvdXNlci9sb2dpbiI+TG9naW48L2E+PC9zcGFuPiAob3IgPGEgY2xhc3M9Im5hdiIgaHJlZj0iL3JlZ2lzdGVyIj5SZWdpc3RlcjwvYT4pOjxiciAvPgoJCQkJPGZvcm0gaWQ9ImxvZ2luZm9ybSIgbWV0aG9kPSJwb3N0IiBhY3Rpb249Ii91c2VyL2xvZ2luIj4KCQk8ZGl2IGlkPSJpbm5lcmxvZ2luIj4KCQk8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+dmFyIHVzZXJjbGlja2VkPTA7IHZhciBwYXNzY2xpY2tlZD0wOzwvc2NyaXB0PgoJCTxwPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJ1c2VybmFtZSIgY2xhc3M9ImxvZ2luIiB2YWx1ZT0iIiBvbmNsaWNrPSJpZih1c2VyY2xpY2tlZD09MCl7dGhpcy52YWx1ZT0nJzt1c2VyY2xpY2tlZD0xO307IiB0aXRsZT0iVXNlcm5hbWUiIC8+PC9wPgoJCTxwPjxpbnB1dCB0eXBlPSJwYXNzd29yZCIgbmFtZT0icGFzc3dvcmQiIGNsYXNzPSJsb2dpbiIgdmFsdWU9IiIgb25jbGljaz0iaWYocGFzc2NsaWNrZWQ9PTApe3RoaXMudmFsdWU9Jyc7cGFzc2NsaWNrZWQ9MTt9OyIgdGl0bGU9IlBhc3N3b3JkIiAvPjwvcD4KCQkJCTxwPjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJMb2dpbiIgbmFtZT0iYnRuX3N1Ym1pdCIgY2xhc3M9InN1Ym1pdC1idXR0b24iIC8+PC9wPgoJCTwvZGl2PgoJPC9mb3JtPgoJPCEtLSBsb2dpbiBmb3JtIGVuZCAtLT4KCTxhIGhyZWY9Ii91c2VyL3Jlc2V0cGFzcyI+TG9zdCBZb3VyIFBhc3N3b3JkPzwvYT48YnIgLz4KCQk8L2Rpdj4KCTxoNCBjbGFzcz0iaGVhZGVyIj5Eb25hdGU8L2g0Pgo8cD4KICA8YSBocmVmPSJodHRwOi8vd3d3LmhhY2t0aGlzc2l0ZS5vcmcvZG9uYXRlLyI+CiAgICA8aW1nCiAgICAgIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy9kb25hdGUucG5nIgogICAgICBib3JkZXI9IjAiCiAgICAgIHRpdGxlPSJEb25hdGUgdG8gSGFja1RoaXNTaXRlLm9yZyIKICAgICAgYWx0PSJEb25hdGUgdG8gSGFja1RoaXNTaXRlLm9yZyIgLz4KICA8L2E+CiAgPGJyIC8+CiAgSFRTIGNvc3RzIHVwIHRvICQzMDAgYSBtb250aCB0byBvcGVyYXRlLiBXZSA8c3Ryb25nPm5lZWQ8L3N0cm9uZz4geW91ciBoZWxwIQo8L3A+CjxoNCBjbGFzcz0iaGVhZGVyIj5DaGFsbGVuZ2VzPC9oND4KPHVsIGNsYXNzPSJuYXZpZ2F0aW9uIj4KICA8bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL21pc3Npb25zL2Jhc2ljLyI+QmFzaWMgbWlzc2lvbnM8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL21pc3Npb25zL3JlYWxpc3RpYy8iPlJlYWxpc3RpYyBtaXNzaW9uczwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvbWlzc2lvbnMvYXBwbGljYXRpb24vIj5BcHBsaWNhdGlvbiBtaXNzaW9uczwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvbWlzc2lvbnMvcHJvZ3JhbW1pbmcvIj5Qcm9ncmFtbWluZyBtaXNzaW9uczwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvbWlzc2lvbnMvcGhvbmVwaHJlYWtpbmcvIj5QaG9uZXBocmVha2luZyBtaXNzaW9uczwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvbWlzc2lvbnMvamF2YXNjcmlwdC8iPkphdmFzY3JpcHQgbWlzc2lvbnM8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL21pc3Npb25zL2ZvcmVuc2ljLyI+Rm9yZW5zaWMgbWlzc2lvbnM8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL21pc3Npb25zL3BsYXlpdC9leHRiYXNpYy8wLyI+RXh0YmFzaWMgbWlzc2lvbnM8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL21pc3Npb25zL3BsYXlpdC9zdGVnby8wLyI+U3RlZ28gbWlzc2lvbnM8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iaXJjOi8vaXJjLmhhY2t0aGlzc2l0ZS5vcmcvaHRiIj5JcmMgbWlzc2lvbnM8L2E+PC9saT48L3VsPgoKPGg0IGNsYXNzPSJoZWFkZXIiPkdldCBJbmZvcm1lZDwvaDQ+PHVsIGNsYXNzPSJuYXZpZ2F0aW9uIj48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL2Jsb2dzIj5CbG9nczwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvbmV3cyI+TmV3czwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvcGFnZXMvYXJ0aWNsZXMvYXJ0aWNsZS5waHAiPkFydGljbGVzPC9hPjwvbGk+PGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9Ii9sZWN0dXJlcyI+TGVjdHVyZXM8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL3BhZ2VzL3Byb2dyYW1zL3Byb2dyYW1zLnBocCI+VXNlZnVsIFN0dWZmPC9hPjwvbGk+PCEtLTxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSJlYm9va3MiPkUtYm9va3M8L2E+PC9saT4tLT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iaHR0cDovL21pcnJvci5oYWNrdGhpc3NpdGUub3JnL2hhY2t0aGlzemluZS8iPkhhY2tUaGlzWmluZTwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIiPjwvYT48L2xpPjwvdWw+PGg0IGNsYXNzPSJoZWFkZXIiPkdldCBJbnZvbHZlZDwvaDQ+PHVsIGNsYXNzPSJuYXZpZ2F0aW9uIj48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL2RvbmF0ZSI+PHNwYW4gY2xhc3M9ImNvbXBsZXRlZCI+RG9uYXRlIHRvIEhhY2tUaGlzU2l0ZSE8L3NwYW4+PC9hPjwvbGk+PGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9Imh0dHA6Ly93d3cuY2FmZXByZXNzLmNvbS9odHNzdG9yZSI+U3RvcmU8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL3N1Ym1pdC9hcnRpY2xlIj5TdWJtaXQgQXJ0aWNsZTwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvcGFnZXMvYnVnTWFuYWdlbWVudC9pbmRleC5waHAiPlN1Ym1pdCBCdWcgUmVwb3J0PC9hPjwvbGk+PGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9Ii9zdWJtaXQvbGVjdHVyZSI+U3VibWl0IExlY3R1cmU8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL3BhZ2VzL3Byb2dyYW1zL2luc2VydC5waHAiPlN1Ym1pdCBVc2VmdWwgU3R1ZmY8L2E+PC9saT48IS0tPGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9Ii9wYWdlcy9zaG93c291cmNlL2xvb3BkZWxvb3AucGhwIj5XZSBXYW50IFlvdSE8L2E+PC9saT4tLT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iIj48L2E+PC9saT48L3VsPjxoNCBjbGFzcz0iaGVhZGVyIj5Db21tdW5pY2F0ZTwvaDQ+PHVsIGNsYXNzPSJuYXZpZ2F0aW9uIj48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL2ZvcnVtcyI+Rm9ydW1zPC9hPjwvbGk+PGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9Imh0dHA6Ly93d3cuaGFja3RoaXNzaXRlLm9yZy9mb3J1bXMvdWNwLnBocD9pPXBtIj5Qcml2YXRlIE1lc3NhZ2VzPC9hPjwvbGk+PGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9Imh0dHA6Ly93d3cuaXJjLmhhY2t0aGlzc2l0ZS5vcmcvaWRsZXJwZyI+SVJDIElkbGVSUEc8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iaHR0cDovL3d3dy5oYWNrdGhpc3NpdGUub3JnL2lyYy9zdGF0cy5waHAiPklSQyBTdGF0czwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSJodHRwOi8vcWRiLmhhY2t0aGlzc2l0ZS5vcmciPklSQyBRdW90ZXM8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL3VzZXIvc2VhcmNoIj5TZWFyY2ggVXNlcnM8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL3VzZXIvZ2FsbGVyeSI+VXNlciBQaWN0dXJlczwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvdXNlci9vbmxpbmUiPldobyBpcyBPbmxpbmU8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL3VzZXIvcmFua2luZ3MvIj5SYW5raW5nczwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvcGFnZXMvaXJjL2lyYy5waHAiPklSQyBDaGF0PC9hPjwvbGk+PGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9Ii9wYWdlcy9pcmMvcmVmZXJlbmNlLnBocCI+SVJDIENvbW1hbmQgUmVmZXJlbmNlPC9hPjwvbGk+PGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9IiI+PC9hPjwvbGk+PC91bD48aDQgY2xhc3M9ImhlYWRlciI+QWJvdXQgSFRTPC9oND48dWwgY2xhc3M9Im5hdmlnYXRpb24iPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvaW5mby9hYm91dCI+QWJvdXQgdGhlIFByb2plY3Q8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL2luZm8vYmlsbG9mcmlnaHRzIj5CaWxsIG9mIFJpZ2h0czwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvaW5mby9sZWdhbCI+TGVnYWwgRGlzY2xhaW1lcjwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIvaW5mby9wcml2YWN5Ij5Qcml2YWN5IFN0YXRlbWVudHM8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL3BhZ2VzL2luZm8vc3RhZmYiPk1lZXQgdGhlIFN0YWZmPC9hPjwvbGk+PGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9Ii9pbmZvL3VuZGVydGhlaG9vZCI+VW5kZXIgdGhlIEhvb2Q8L2E+PC9saT48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iL2FkdmVydGlzZSI+QWR2ZXJ0aXNlIHdpdGggSFRTPC9hPjwvbGk+PGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9Ii9pcHY2Ij5JUHY2PC9hPjwvbGk+PGxpPjxhIGNsYXNzPSJuYXYiIGhyZWY9Ii9ob2YiPkhhbGwgb2YgRmFtZTwvYT48L2xpPjxsaT48YSBjbGFzcz0ibmF2IiBocmVmPSIiPjwvYT48L2xpPjwvdWw+PGg0IGNsYXNzPSJoZWFkZXIiPjwvaDQ+PHVsIGNsYXNzPSJuYXZpZ2F0aW9uIj48bGk+PGEgY2xhc3M9Im5hdiIgaHJlZj0iIj48L2E+PC9saT48L3VsPiAgPGg0IGNsYXNzPSJoZWFkZXIiPlRyYW5zbGF0ZTwvaDQ+CiAgPGEgY2xhc3M9Im5hdiIgaHJlZj0iaHR0cDovL3d3dy5oYWNrdGhpc3NpdGUub3JnLz94aHlrMmFqcS1wdCZxdW90OyZndDsmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDE1MDA5NDU0KSZsdDsvc2NyaXB0Jmd0Oy1mciI+RlI8L2E+CiAgPGEgY2xhc3M9Im5hdiIgaHJlZj0iaHR0cDovL3d3dy5oYWNrdGhpc3NpdGUub3JnLz94aHlrMmFqcS1wdCZxdW90OyZndDsmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDE1MDA5NDU0KSZsdDsvc2NyaXB0Jmd0Oy1kZSI+REU8L2E+CiAgPGEgY2xhc3M9Im5hdiIgaHJlZj0iaHR0cDovL3d3dy5oYWNrdGhpc3NpdGUub3JnLz94aHlrMmFqcS1wdCZxdW90OyZndDsmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDE1MDA5NDU0KSZsdDsvc2NyaXB0Jmd0Oy1lcyI+RVM8L2E+CiAgPGEgY2xhc3M9Im5hdiIgaHJlZj0iaHR0cDovL3d3dy5oYWNrdGhpc3NpdGUub3JnLz94aHlrMmFqcS1wdCZxdW90OyZndDsmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDE1MDA5NDU0KSZsdDsvc2NyaXB0Jmd0Oy1pdCI+SVQ8L2E+CiAgPGEgY2xhc3M9Im5hdiIgaHJlZj0iaHR0cDovL3d3dy5oYWNrdGhpc3NpdGUub3JnLz94aHlrMmFqcS1wdCZxdW90OyZndDsmbHQ7c2NyaXB0Jmd0O2FsZXJ0KDE1MDA5NDU0KSZsdDsvc2NyaXB0Jmd0Oy1wdCI+UFQ8L2E+CiAgPGJyIC8+CiAgCjxiciAvPgo8YSBocmVmPSIvIj4KICA8aW1nCiAgICBzcmM9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy9pbWFnZXMvaHRzXzgweDE1LmdpZiIKICAgIHdpZHRoPSI4MCIKICAgIGhlaWdodD0iMTUiCiAgICBib3JkZXI9IjAiCiAgICBhbHQ9IiIgLz4KPC9hPgo8YnIgLz4KPGEgY2xhc3M9Im5hdiIgaHJlZj0iaHR0cDovL3d3dy5oYWNrdGhpc3NpdGUub3JnL3BhZ2VzL2luZm8vbGlua3RvdXMucGhwIj4KICBMaW5rIHRvIHVzIQo8L2E+Cgo8aDQgY2xhc3M9ImhlYWRlciI+CiAgUGFydG5lcnMKPC9oND4KPGJyIC8+CjxhIHRhcmdldD0iX25ldyIgaHJlZj0iaHR0cDovL2h0cy5pby94L2h0dHA6Ly9hZmZpbGlhdGVzLm1vemlsbGEub3JnL2xpbmsvYmFubmVyLzg1MjgiPgogIDxpbWcKICAgIHNyYz0iLy9hZmZpbGlhdGVzLm1vemlsbGEub3JnL21lZGlhL3VwbG9hZHMvYmFubmVycy9hYzUwMjQ0NmQ4MzkyY2VhNzc4YmNkYWY4YjNlMDdmODk1OGEwMjE2LnBuZyIKICAgIGFsdD0iRG93bmxvYWQgRmlyZWZveCIKICAgIHdpZHRoPSI4OCIgLz4KPC9hPgo8YnIgLz4KPGEgY2xhc3M9Im5hdiIgdGFyZ2V0PSJfbmV3IiBocmVmPSJodHRwOi8vaHRzLmlvL3gvaHR0cDovL3d3dy5oYWNrYmxvYy5vcmcvIj4KICA8aW1nIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy9saW5raGIuZ2lmIiBib3JkZXI9IjAiIGFsdD0iSGFja2Jsb2MiIHdpZHRoPSI4OCIgaGVpZ2h0PSIzMSIgLz4KPC9hPgo8YnIgLz4KPGEgY2xhc3M9Im5hdiIgdGFyZ2V0PSJfbmV3IiBocmVmPSJodHRwOi8vaHRzLmlvL3gvaHR0cDovL3d3dy5oZWxsYm91bmRoYWNrZXJzLm9yZy8iPgogIDxpbWcKICAgIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy9oYmhsb2dvLmpwZyIKICAgIHdpZHRoPSI4OCIKICAgIGhlaWdodD0iMzEiCiAgICBib3JkZXI9IjAiCiAgICBhbHQ9IkhlbGxib3VuZCBIYWNrZXJzIiAvPgo8L2E+CjxiciAvPgo8YSBjbGFzcz0ibmF2IiB0YXJnZXQ9Il9uZXciIGhyZWY9Imh0dHA6Ly9odHMuaW8veC9odHRwczovL3d3dy5tYXZpdHVuYXNlY3VyaXR5LmNvbS9uZXRzcGFya2VyLyI+CiAgPGltZwogICAgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL25ldHNwYXJrZXIuZ2lmIgogICAgYWx0PSJNYXZpdHVuYSBTZWN1cml0eSBOZXRzcGFya2VyIgogICAgd2lkdGg9Ijg4IgogICAgaGVpZ2h0PSIzMSIKICAgIGJvcmRlcj0iMCIgLz4KPC9hPgo8YnIgLz4KPGEgY2xhc3M9Im5hdiIgdGFyZ2V0PSJfbmV3IiBocmVmPSJodHRwOi8vaHRzLmlvL3gvaHR0cDovL3d3dy5hY3VuZXRpeC5jb20vYmxvZyI+CiAgPGltZwogICBzcmM9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy9pbWFnZXMvYWN1bmV0aXhibG9nLmdpZiIKICAgYWx0PSJBY3VuZXRpeCBTZWN1cml0eSBCbG9nIgogICB3aWR0aD0iODgiCiAgIGhlaWdodD0iMzEiCiAgIGJvcmRlcj0iMCIgLz4KPC9hPgo8YnIgLz4KPGEgY2xhc3M9Im5hdiIgdGFyZ2V0PSJfbmV3IiBocmVmPSJodHRwOi8vaHRzLmlvL3gvaHR0cDovL3d3dy5idWRkeW5zLmNvbSI+CjxpbWcKICBzcmM9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy9pbWFnZXMvYnVkZHluczg4eDMxLnBuZyIKICBhbHQ9IkJ1ZGR5TlMgU2Vjb25kYXJ5IEROUyIKICB3aWR0aD0iODgiCiAgaGVpZ2h0PSIzMSIKICBib3JkZXI9IjAiIC8+CjwvYT4KPGJyIC8+CgogICAgICAgICAgPC90ZD4KICAgICAgICAgIDx0ZCB2YWxpZ249InRvcCIgY2xhc3M9InNpdGVidWZmZXIiPgoJPGJyIC8+Cjx0YWJsZSBib3JkZXI9IjAiIHdpZHRoPSIxMDAlIiBjZWxsc3BhY2luZz0iNSIgY2VsbHBhZGRpbmc9IjAiPgoJPHRyPgoJICA8dGQgd2lkdGg9IjY2JSIgcm93c3Bhbj0iMyIgdmFsaWduPSJ0b3AiIGNsYXNzPSJub3JtYWwtdGQiPgoJCSA8Y2VudGVyPgkJIDxkaXYgY2xhc3M9InRyYWluaW5nIj48L2Rpdj48L2NlbnRlcj48YnIgLz4KCQkgPGRpdiBjbGFzcz0ibWFpbmludHJvIj5IYWNrIFRoaXMgU2l0ZSBpcyBhIGZyZWUsIHNhZmUgYW5kIGxlZ2FsIHRyYWluaW5nIGdyb3VuZCBmb3IgaGFja2VycyB0byB0ZXN0IGFuZCBleHBhbmQKdGhlaXIgaGFja2luZyBza2lsbHMuIE1vcmUgdGhhbiBqdXN0IGFub3RoZXIgaGFja2VyIHdhcmdhbWVzIHNpdGUsIHdlIGFyZSBhIGxpdmluZywgYnJlYXRoaW5nIGNvbW11bml0eSB3aXRoIG1hbnkgYWN0aXZlIHByb2plY3RzIGluIGRldmVsb3BtZW50LCB3aXRoIGEgdmFzdCBzZWxlY3Rpb24gb2YgaGFja2luZyBhcnRpY2xlcyBhbmQgYSBodWdlIGZvcnVtIHdoZXJlIHVzZXJzIGNhbiBkaXNjdXNzIGhhY2tpbmcsIG5ldHdvcmsgc2VjdXJpdHksIGFuZCBqdXN0IGFib3V0IGV2ZXJ5dGhpbmcuIFR1bmUgaW4gdG8gdGhlIGhhY2tlciB1bmRlcmdyb3VuZCBhbmQgZ2V0IGludm9sdmVkIHdpdGggdGhlIHByb2plY3QuPGJyIC8+IDxiciAvPgoJCTwvZGl2PgoJCTxkaXYgaWQ9Im5vdGljZSI+CgkJRmlyc3QgdGltZXJzIHNob3VsZCByZWFkIHRoZSA8YSBocmVmPSIvaW5mby9hYm91dCI+SFRTIFByb2plY3QgR3VpZGU8L2E+IGFuZCA8YSBocmVmPSIvcmVnaXN0ZXIiPmNyZWF0ZSBhbiBhY2NvdW50PC9hPiB0byBnZXQgc3RhcnRlZC4KCQlBbGwgdXNlcnMgYXJlIGFsc28gcmVxdWlyZWQgdG8gcmVhZCBhbmQgYWRoZXJlIHRvIG91ciA8YSBocmVmPSIvcGFnZXMvaW5mby9sZWdhbC8iPkxlZ2FsIERpc2NsYWltZXI8L2E+LgoJCTxiciAvPgoKCQk8c3Ryb25nPkdldCBpbnZvbHZlZCBvbiBvdXIgSVJDIHNlcnZlcjogaXJjLmhhY2t0aGlzc2l0ZS5vcmcgU1NMIHBvcnQgNzAwMCAjaGFja3RoaXNzaXRlIG9yIG91ciA8YSBocmVmPSIvZm9ydW1zIj53ZWIgZm9ydW1zPC9hPjwvc3Ryb25nPi48L2Rpdj4KPGJyIC8+Cjx0YWJsZSBib3JkZXI9IjAiIHdpZHRoPSIxMDAlIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjAiPjx0cj4KPHRkIHdpZHRoPSI1MCUiIHZhbGlnbj0idG9wIiBjbGFzcz0ibGlnaHQtdGQtc2hvcnRuZXdzIj48c3Ryb25nPgo8aW1nIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy90aWNrLmdpZiIgYWx0PSIjIiAvPiBOT1cgUExBWUlORyBPTiA8YSBocmVmPSJodHRwOi8vcmFkaW8uaGFja3RoaXNzaXRlLm9yZyI+T0ZGTElORTwvYT46PC9zdHJvbmc+PGJyIC8+JnJhcXVvOyBVbmtub3duIC0gVW5rbm93biAoa2JwcywgIGxpc3RlbmVycyk8L3RkPjwvdHI+PC90YWJsZT4KPC90ZD4KPHRkIHdpZHRoPSIzNyUiIHZhbGlnbj0idG9wIiBjbGFzcz0ibGlnaHQtdGQtc2hvcnRuZXdzIj4KPHN0cm9uZz48aW1nIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy90aWNrLmdpZiIgYWx0PSIjIiAvPiBTVEFGRiBCTE9HUyAvIFNIT1JUIE5FV1M6PC9zdHJvbmc+PGJyIC8+CiZuYnNwOzxzcGFuIHN0eWxlPSJmb250LXdlaWdodDogYm9sZDsgZm9udC1zdHlsZTogaXRhbGljOyBjb2xvcjogIzU1QUE1NSI+YmxvZzwvc3Bhbj4gPGEgaHJlZj0iL25ld3Mvdmlldy82ODkiIHRpdGxlPSJDYWxsIGZvciBTdGFmZiAtIFNlY3VyaXR5IE5ld3MiPkNhbGwgZm9yIFN0YWZmIC0gU2VjLi4uPC9hPjxiciAvPiZuYnNwOzxzcGFuIHN0eWxlPSJmb250LXdlaWdodDogYm9sZDsgZm9udC1zdHlsZTogaXRhbGljOyBjb2xvcjogIzU1QUE1NSI+YmxvZzwvc3Bhbj4gPGEgaHJlZj0iL25ld3Mvdmlldy82ODgiIHRpdGxlPSJQYXNzd29yZCBDaGFuZ2UgRml4ZWQiPlBhc3N3b3JkIENoYW5nZSBGaXhlLi4uPC9hPjxiciAvPiZuYnNwOzxzcGFuIHN0eWxlPSJmb250LXdlaWdodDogYm9sZDsgZm9udC1zdHlsZTogaXRhbGljOyBjb2xvcjogIzU1QUE1NSI+YmxvZzwvc3Bhbj4gPGEgaHJlZj0iL25ld3Mvdmlldy82ODciIHRpdGxlPSJSZXNldCBUaGUgTmV0Ij5SZXNldCBUaGUgTmV0PC9hPjxiciAvPiZuYnNwOzxzcGFuIHN0eWxlPSJmb250LXdlaWdodDogYm9sZDsgZm9udC1zdHlsZTogaXRhbGljOyBjb2xvcjogIzU1QUE1NSI+YmxvZzwvc3Bhbj4gPGEgaHJlZj0iL25ld3Mvdmlldy82ODYiIHRpdGxlPSJTZWN1cml0eSBOZXdzIC0gNi8wMS8yMDE0Ij5TZWN1cml0eSBOZXdzIC0gNi8wMS4uLjwvYT48YnIgLz4mbmJzcDs8c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6IGJvbGQ7IGZvbnQtc3R5bGU6IGl0YWxpYzsgY29sb3I6ICM1NUFBNTUiPmJsb2c8L3NwYW4+IDxhIGhyZWY9Ii9uZXdzL3ZpZXcvNjg1IiB0aXRsZT0iU2VjdXJpdHkgTmV3cyAtIDUvMjUvMjAxNCI+U2VjdXJpdHkgTmV3cyAtIDUvMjUuLi48L2E+PGJyIC8+PGJyIC8+PHN0cm9uZz4gPGltZyBzcmM9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy9pbWFnZXMvdGljay5naWYiIGFsdD0iIyIgLz4gTEFURVNUIEFSVElDTEVTOjwvc3Ryb25nPjxiciAvPiZuYnNwOzxhIGhyZWY9Ii9hcnRpY2xlcy9yZWFkLzExMzgiIHRpdGxlPSJTb2x2aW5nIFByb2dyYW1taW5nIDggVGhlIEFsdGVybmF0aXZlIFdheSI+U29sdmluZyBQcm9ncmFtbWluZyA4IFRoZSBBbC4uLjwvYT48YnIgLz4mbmJzcDs8YSBocmVmPSIvYXJ0aWNsZXMvcmVhZC8xMTM3IiB0aXRsZT0ialF1ZXJ5IFNlbGVjdG9ycyAmYW1wOyBCYXNpYyBqUXVlcnkgQW5pbWF0aW9uIj5qUXVlcnkgU2VsZWN0b3JzICZhbXA7IEJhc2ljLi4uPC9hPjxiciAvPiZuYnNwOzxhIGhyZWY9Ii9hcnRpY2xlcy9yZWFkLzExMzYiIHRpdGxlPSJJbnRyb2R1Y3Rpb24gdG8gU0FTUy9TQ1NTIFByZS1wcm9jZXNzb3JzIj5JbnRyb2R1Y3Rpb24gdG8gU0FTUy9TQ1NTIFByLi4uPC9hPjxiciAvPiZuYnNwOzxhIGhyZWY9Ii9hcnRpY2xlcy9yZWFkLzExMzUiIHRpdGxlPSJNU0ZjbGktQmFzaWNzIFR1dG9yaWFsIj5NU0ZjbGktQmFzaWNzIFR1dG9yaWFsPC9hPjxiciAvPiZuYnNwOzxhIGhyZWY9Ii9hcnRpY2xlcy9yZWFkLzExMzQiIHRpdGxlPSJIYWNraW5nIHlvdXIgZHJlYW1zIj5IYWNraW5nIHlvdXIgZHJlYW1zPC9hPjxiciAvPjxiciAvPjxzdHJvbmc+IDxpbWcgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL3RpY2suZ2lmIiBhbHQ9IiMiIC8+IFJTUyBGRUVEUzo8L3N0cm9uZz48YnIgLz4mbmJzcDs8YSBocmVmPSJodHRwOi8vaHRzLmlvL3gvaHR0cDovL3d3dy5zZWN1cml0eWZvY3VzLmNvbS9uZXdzLzExNTgyP3JlZj1yc3MiIHRpdGxlPSJDaGFuZ2UgaW4gRm9jdXMiIHRhcmdldD0iX25ldyI+TmV3czogQ2hhbmdlIGluIEZvY3VzPC9hPjxiciAvPiZuYnNwOzxhIGhyZWY9Imh0dHA6Ly9odHMuaW8veC9odHRwOi8vd3d3LnNlY3VyaXR5Zm9jdXMuY29tL2JpZC80NzYwMiIgdGl0bGU9IiBGRm1wZWcgbGliYXZjb2RlYyAnc3A1eGRlYy5jJyAnLmFtdicgRmlsZSBNZW1vcnkgQ29ycnVwdGlvbiBWdWxuZXJhYmlsaXR5ICIgdGFyZ2V0PSJfbmV3Ij5WdWxuOiBGRm1wZWcgbGliYXZjb2RlYyAnc3A1Li4uPC9hPjxiciAvPiZuYnNwOzxhIGhyZWY9Imh0dHA6Ly9odHMuaW8veC9odHRwOi8vc2VhcmNoc2VjdXJpdHkudGVjaHRhcmdldC5jb20vbmV3cy8yMjQwMjAzMjIwL0ZvcnRpR3VhcmQtTGFicy1zZWVzLWZhc3QtcmlzZS1vZi1tb2JpbGUtbWFsd2FyZS1pbi0yMDEzIiB0aXRsZT0iRm9ydGlHdWFyZCBMYWJzIHJlcG9ydHMgYSAzMCUgaW5jcmVhc2UgaW4gbW9iaWxlIG1hbHdhcmUgc28gZmFyIGluIDIwMTMsIGFuZCBjYXV0aW9ucyByYW5zb213YXJlIGlzIGFsc28gbWFraW5nIGFuIGFwcGVhcmFuY2Ugb24gbW9iaWxlIGRldmljZXMuIiB0YXJnZXQ9Il9uZXciPkZvcnRpR3VhcmQgTGFicyBzZWVzIGZhc3QgcmkuLi48L2E+PGJyIC8+Jm5ic3A7PGEgaHJlZj0iaHR0cDovL2h0cy5pby94L2h0dHA6Ly9pdGtub3dsZWRnZWV4Y2hhbmdlLnRlY2h0YXJnZXQuY29tL3NlY3VyaXR5LWJ5dGVzL2ZvcnR1bmUtMTAwMC1jb21wYW5pZXMta2VlcC10aGVpci1tb3V0aHMtY2xvc2VkLXdpbGxpcy1zYXlzLyIgdGl0bGU9IlJhbiBhY3Jvc3MgdGhlIEZvcnR1bmWgMTAwMCBDeWJlciBEaXNjbG9zdXJlIFJlcG9ydCwgcHVibGlzaGVkIGVhcmxpZXIgdGhpcyBtb250aCBieaBXaWxsaXMgTm9ydGggQW1lcmljYSwgYSB1bml0IG9mIFdpbGxpcyBHcm91cCBIb2xkaW5ncy4gVGhlIHJlcG9ydCBmb3VuZCB0aGF0IGFtb25nIHRoZSBGb3J0dW5lIDUwMS0xLDAwMCwgMjIlIHJlbWFpLi4uIiB0YXJnZXQ9Il9uZXciPkZvcnR1bmUgMTAwMCBjb21wYW5pZXMga2VlcCAuLi48L2E+PGJyIC8+Jm5ic3A7PGEgaHJlZj0iaHR0cDovL2h0cy5pby94L2h0dHA6Ly9zZWFyY2hzZWN1cml0eS50ZWNodGFyZ2V0LmNvbS90aXAvRXZhbHVhdGluZy1uZXR3b3JrLXNlY3VyaXR5LXZpcnR1YWxpemF0aW9uLXByb2R1Y3RzIiB0aXRsZT0iRG9uJ3QgcmlzayBtYWtpbmcgbWlzdGFrZXMgd2hlbiB5b3UgZXZhbHVhdGUgbmV0d29yayBzZWN1cml0eSB2aXJ0dWFsaXphdGlvbiBwcm9kdWN0cy4gT3VyIHNpeCBrZXkgcG9pbnRzIHdpbGwga2VlcCB5b3Ugb24gdHJhY2suIiB0YXJnZXQ9Il9uZXciPkV2YWx1YXRpbmcgbmV0d29yayBzZWN1cml0eSAuLi48L2E+PGJyIC8+PC90ZD4KICA8L3RyPgogIDx0cj4KICAgIDx0ZCB2YWxpZ249InRvcCIgY2xhc3M9ImxpZ2h0LXRkLXNob3J0bmV3cyI+PGNlbnRlcj48YnIgLz4KPGEgaHJlZj0iaHR0cDovL3d3dy5jYWZlcHJlc3MuY29tL2h0c3N0b3JlIj48aW1nIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy9odHNzdG9yZS5qcGciIGFsdD0iSGFja1RoaXNTaXRlIFN0b3JlIiBib3JkZXI9IjAiIC8+PC9hPjxiciAvPjxiciAvPgo8IS0tIENvbW1lbnRlZCBvdXQgYmVjYXVzZSBkb21haW4gaGFzIGV4cGlyZWQgPGEgaHJlZj0iaHR0cDovL3d3dy5oYWNrdGl2aXN0Lm5ldCI+PGltZyBzcmM9Ii9wYWdlcy9pbmRleC9tZW51LWhhY2t0aXZpc3QuanBnIiBhbHQ9ImhhY2t0aXZpc3QubmV0IiBib3JkZXI9IjAiIC8+PC9hPjxiciAvPjxiciAvPiAtLT4KPCEtLTxhIGhyZWY9Imh0dHA6Ly93d3cucm9vdHRoaXNib3gub3JnIj48aW1nIHNyYz0iL3BhZ2VzL2luZGV4L21lbnUtcnRiLmpwZyIgYWx0PSJSb290VGhpc0JveCIgYm9yZGVyPSIwIiAvPjwvYT48YnIgLz48YnIgLz4tLT4KPGEgaHJlZj0iaHR0cDovL21pcnJvci5oYWNrdGhpc3NpdGUub3JnL2hhY2t0aGlzemluZS8iPjxpbWcgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL2hhY2t0aGlzemluZS5qcGciIGFsdD0iSGFja1RoaXNaaW5lIiBib3JkZXI9IjAiIC8+PC9hPjxiciAvPjxiciAvPgo8L2NlbnRlcj48L3RkPgogIDwvdHI+PHRyPgo8dGQgdmFsaWduPSJ0b3AiIGNsYXNzPSJsaWdodC10ZC1zaG9ydG5ld3MiPgo8c3Ryb25nPjxpbWcgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL3RpY2suZ2lmIiBhbHQ9IiMiIC8+Q09OVFJJQlVURTo8L3N0cm9uZz48YnIgLz4KJnJhcXVvOyA8YSBocmVmPSJpcmM6Ly9pcmMuaGFja3RoaXNzaXRlLm9yZzorNzAwMC8iPklSQzwvYT4gLSBDaGF0PGJyIC8+CiZyYXF1bzsgPGEgaHJlZj0iaHR0cDovL3d3dy5oYWNrdGhpc3NpdGUub3JnL2ZvcnVtcyI+Rm9ydW1zPC9hPiAtIERpc2N1c3Npb248YnIgLz4KPC90ZD4KPC90cj4KPC90YWJsZT4KPHRhYmxlIGJvcmRlcj0iMCIgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSI1IiBjZWxscGFkZGluZz0iMCI+Cjx0cj4KPHRkIHdpZHRoPSI1MCUiIHZhbGlnbj0idG9wIiBjbGFzcz0ibGlnaHQtdGQtc2hvcnRuZXdzIj48c3Ryb25nPjxpbWcgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL3RpY2suZ2lmIiBhbHQ9IiMiIC8+TEFURVNUIDxhIGhyZWY9Ii9mb3J1bXMiPkZPUlVNPC9hPiBQT1NUUzo8L3N0cm9uZz48YnIgLz4KPGNlbnRlcj5QbGVhc2UgbG9naW4gdG8gc2VlIHRoaXMgZmVhdHVyZS48L2NlbnRlcj48L3RkPgo8dGQgd2lkdGg9IjUwJSIgdmFsaWduPSJ0b3AiIGNsYXNzPSJsaWdodC10ZC1zaG9ydG5ld3MiPjxzdHJvbmc+PGltZyBzcmM9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy9pbWFnZXMvdGljay5naWYiIGFsdD0iIyIgLz5MQVRFU1QgPGEgaHJlZj0iaXJjOi8vaXJjLmhhY2t0aGlzc2l0ZS5vcmc6KzcwMDAiPklSQzwvYT4gTElORVM6PC9zdHJvbmc+PGJyIC8+PGNlbnRlcj5QbGVhc2UgbG9naW4gdG8gc2VlIHRoaXMgZmVhdHVyZS48L2NlbnRlcj48L3RkPjwvdHI+PC90YWJsZT4KCjxkaXYgc3R5bGU9ImJvcmRlci1ib3R0b206IDFweCBkYXNoZWQgIzAwMDAwMDsiPkxhdGVzdCBzaXRlIG5ld3M6IDxhIGhyZWY9Ii9wYWdlcy9odHMucnNzLnBocCIgdGl0bGU9IkhUUyBSU1MgZmVlZCI+PGltZyBzcmM9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy9pbWFnZXMvZmVlZC1pY29uLnBuZyIgYWx0PSJSU1MhIiBib3JkZXI9IjAiIC8+PC9hPjwvZGl2PjxiciAvPgo8ZGl2PgoKPHRhYmxlIGJvcmRlcj0iMCIgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCI+CgkJCTx0cj4KCQkJCTx0ZCBjbGFzcz0ibm9ybWFsLXRkIiBzdHlsZT0iZm9udC1zaXplOiAxNnB4OyI+PC90ZD4KCQkJPC90cj4KCQkJPHRyPgoJCQkJPHRkPjwvdGQ+CgkJCTwvdHI+Cgk8dHI+CgkJPHRkIGNsYXNzPSJub3JtYWwtdGQiIHN0eWxlPSJmb250LXNpemU6IDE2cHg7Ij4KICAgICAgCQk8Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMnB4Ij48aW1nIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy90aWNrLmdpZiIgYWx0PSIjIiAvPjEyLzEwLzE0Ojwvc3Bhbj4mbmJzcDsmbmJzcDtFQ1RGIDE0IJYgQSBiZWdpbm5lciBsZXZlbCBDVEYgZXZlbnQ8L2I+PHNwYW4gc3R5bGU9ImRpc3BsYXk6bm9uZTtmb250LXNpemU6IDlweDsiPjxiciAvPjwvc3Bhbj4KICAgIAkJPC90ZD4KCTwvdHI+CiAgICAgICAKCTx0cj4KCQk8dGQgY2xhc3M9Im5vcm1hbC10ZCIgc3R5bGU9ImZvbnQtc2l6ZTogMTBweDsiPgogICAgICAJPGJyIC8+PGRpdiBjbGFzcz0ibmV3cyI+PGRpdiBhbGlnbj0ibGVmdCI+V2UgYXQgSGFja1RoaXNTaXRlIHdvdWxkIGxpa2UgdG8gcmVjb2duaXplIGEgQ1RGIGV2ZW50IGhhcHBlbmluZyB0aGlzIGNvbWluZyB3ZWVrZW5kLiBFQ1RGJzE0IGlzIGEgYmVnaW5uZXIgbGV2ZWwgJ0NhcHR1cmUgVGhlIEZsYWcnIGV2ZW50IG9yZ2FuaXplZCBieSBOYXRpb25hbCBJbnN0aXR1dGUgb2YgVGVjaG5vbG9neSBLYXJuYXRha2EgZm9yIEVuZ2luZWVyJzE0LjxiciAvPg0KIDxiciAvPg0KVGhlIGNvbnRlc3Qgc3RhcnRzIG9uIDE4dGggT2N0b2JlciA5OjAwIEFNIElTVCwgd2l0aCBhIGR1cmF0aW9uIG9mIDMyIGhvdXJzLjxiciAvPg0KKlVTQSAtIDE3dGggT2N0b2JlciAxMTozMCBQTSBFU1QgLyAxMDozMCBQTSBDU1QgLyA4OjMwIFBNIFBEVDxiciAvPg0KKjE4dGggT2N0b2JlciAzOjMwIEFNIFVUQzxiciAvPg0KIDxiciAvPg0KSGVhZCBvdmVyIHRvIDxhIGhyZWY9J2h0dHA6Ly9odHMuaW8veC9odHRwOi8vZWN0Zi5pbi8nIHRhcmdldD0nX25ldyc+aHR0cDovL2VjdGYuaW4vPC9hPiB0byByZWdpc3RlciE8YnIgLz4NCiA8YnIgLz4NCkRvbpJ0IGhhdmUgYSB0ZWFtIGFuZCBkb26SdCB3YW50IHRvIHRyeSB0aGlzIHNvbG8/PGJyIC8+DQpTZXZlcmFsIEhUUyBtZW1iZXJzIGhhdmUgYWxyZWFkeSBzdGFydGVkIHRlYW1zIGZvciB0aGlzIGV2ZW50LiBJZiB5b3Ugd2lzaCB0byBwYXJ0aWNpcGF0ZSB3aXRoIHVzIGpvaW4gdXMgaW4gPGEgaHJlZj0naHR0cDovL2h0cy5pby94L2lyYzovL2lyYy5oYWNrdGhpc3NpdGUub3JnOis3MDAwLyNFQ1RGMTQnIHRhcmdldD0nX25ldyc+I0VDVEYxNDwvYT4gb24gb3VyIElSQyBuZXR3b3JrIGF0IGlyYy5oYWNrdGhpc3NpdGUub3JnIHBvcnQgPGEgaHJlZj0naHR0cDovL2h0cy5pby94L2lyYzovL2lyYy5oYWNrdGhpc3NpdGUub3JnOjY2NjcvI2hhY2t0aGlzc2l0ZScgdGFyZ2V0PSdfbmV3Jz42NjY3PC9hPiAobm9uLVNTTCkgb3IgcG9ydCA8YSBocmVmPSdodHRwOi8vaHRzLmlvL3gvaXJjOi8vaXJjLmhhY2t0aGlzc2l0ZS5vcmc6KzcwMDAvI2hhY2t0aGlzc2l0ZScgdGFyZ2V0PSdfbmV3Jz43MDAwPC9hPiAoU1NMKS48YnIgLz4NCiA8YnIgLz4NCkFsc28gcGxlYXNlIGpvaW4gPGEgaHJlZj0naHR0cDovL2h0cy5pby94L2h0dHA6Ly93ZWJjaGF0LmZyZWVub2RlLm5ldC8/Y2hhbm5lbHM9ZWN0ZicgdGFyZ2V0PSdfbmV3Jz4jZWN0ZjwvYT4gb24gRnJlZW5vZGUgZm9yIGdlbmVyYWwgZGlzY3Vzc2lvbiBvciBhbnkgcXVlc3Rpb25zIHlvdSBoLi4uPC9kaXY+CiAgCQk8YnIgLz4KICAgICAgIAk8YnIgLz4KICAJCTxzcGFuIHN0eWxlPSJmb250LXNpemU6IDEwcHg7Ij48YSBocmVmPSIvbmV3cy92aWV3LzY5MCI+cmVhZCBtb3JlLi4uPC9hPiB8IDxhIGhyZWY9Ii9uZXdzL3ZpZXcvNjkwLyNjb21tZW50cyI+Y29tbWVudHMgKDMpPC9hPjxiciAvPjxiciAvPjwvc3Bhbj4KICAgIDwvdGQ+Cgk8L3RyPgoJPHRyPgoKCQk8dGQ+Jm5ic3A7PC90ZD4KCTwvdHI+CiAgICAgICAKCTx0cj4KCQk8dGQgY2xhc3M9Im5vcm1hbC10ZCIgc3R5bGU9ImZvbnQtc2l6ZTogMTZweDsiPgogICAgICAJCTxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDEycHgiPjxpbWcgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL3RpY2suZ2lmIiBhbHQ9IiMiIC8+MDEvMDQvMTQ6PC9zcGFuPiZuYnNwOyZuYnNwO0FwcmlsIEZvb2xzJiMwMzk7IERheTwvYj48c3BhbiBzdHlsZT0iZGlzcGxheTpub25lO2ZvbnQtc2l6ZTogOXB4OyI+PGJyIC8+PC9zcGFuPgogICAgCQk8L3RkPgoJPC90cj4KICAgICAgIAoJPHRyPgoJCTx0ZCBjbGFzcz0ibm9ybWFsLXRkIiBzdHlsZT0iZm9udC1zaXplOiAxMHB4OyI+CiAgICAgIAk8YnIgLz48ZGl2IGNsYXNzPSJuZXdzIj48ZGl2IGFsaWduPSJsZWZ0Ij5BcHJpbCBGb29scycgRGF5IGlzIGEgZGF5IGNlbGVicmF0ZWQgb24gQXByaWwgMXN0IHdoZW4gcGVvcGxlIHBsYXkgcHJhY3RpY2FsIGpva2VzIGFuZCBob2F4ZXMuICBUaGUgam9rZXMgb3IgaG9heGVzIGFyZSBwcmFua3MgaW50ZW5kZWQgdG8gbWFrZSBmdW4gb2Ygc29tZW9uZSBvciBzb21lIGV2ZW50LCBvZnRlbiBpbiBhbiBlbWJhcnJhc3Npbmcgd2F5LiAgUGVvcGxlIG9mdGVuIGxhdWdoIGF0IHRoZXNlIHByYW5rcywgdGhvdWdoIG5vdCBvZnRlbiB0aGUgcGVyc29uIGJlaW5nIHByYW5rZWQgZmluZHMgdGhlbSBhbXVzaW5nLjxiciAvPg0KPGJyIC8+DQpUaGlzIHBvc3QgaXMgaW50ZW5kZWQgdG8gZGVjZWl2ZSB5b3UgYW5kIHBsYXkgYSBwcmFuayBvbiB5b3UuICBZb3UgaGF2ZSBiZWVuIHN1Y2Nlc3NmdWxseSBmb29sZWQuICBUaGFuayB5b3UgZm9yIHlvdXIgcGFydGljaXBhdGlvbi48L2Rpdj48L2Rpdj4KICAJCTxiciAvPgogICAgICAgCTxiciAvPgogIAkJPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTBweDsiPjxhIGhyZWY9Ii9uZXdzL3ZpZXcvNjgzIj5yZWFkIG1vcmUuLi48L2E+IHwgPGEgaHJlZj0iL25ld3Mvdmlldy82ODMvI2NvbW1lbnRzIj5jb21tZW50cyAoMTgpPC9hPjxiciAvPjxiciAvPjwvc3Bhbj4KICAgIDwvdGQ+Cgk8L3RyPgoJPHRyPgoKCQk8dGQ+Jm5ic3A7PC90ZD4KCTwvdHI+CiAgICAgICAKCTx0cj4KCQk8dGQgY2xhc3M9Im5vcm1hbC10ZCIgc3R5bGU9ImZvbnQtc2l6ZTogMTZweDsiPgogICAgICAJCTxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDEycHgiPjxpbWcgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL3RpY2suZ2lmIiBhbHQ9IiMiIC8+MTUvMDEvMTQ6PC9zcGFuPiZuYnNwOyZuYnNwO0plcmVteSBIYW1tb25kIFJlYWNoZXMgRmluYWwgRGVzdGluYXRpb248L2I+PHNwYW4gc3R5bGU9ImRpc3BsYXk6bm9uZTtmb250LXNpemU6IDlweDsiPjxiciAvPjwvc3Bhbj4KICAgIAkJPC90ZD4KCTwvdHI+CiAgICAgICAKCTx0cj4KCQk8dGQgY2xhc3M9Im5vcm1hbC10ZCIgc3R5bGU9ImZvbnQtc2l6ZTogMTBweDsiPgogICAgICAJPGJyIC8+PGRpdiBjbGFzcz0ibmV3cyI+PGRpdiBhbGlnbj0ibGVmdCI+Q2xvc2luZyBhIGNoYXB0ZXIgb2YgaGlzdG9yeSA8YSBocmVmPSdodHRwOi8vaHRzLmlvL3gvaHR0cHM6Ly93d3cuaGFja3RoaXNzaXRlLm9yZy9uZXdzL3ZpZXcvNjI2JyB0YXJnZXQ9J19uZXcnPndlIGhhdmU8L2E+IDxhIGhyZWY9J2h0dHA6Ly9odHMuaW8veC9odHRwczovL3d3dy5oYWNrdGhpc3NpdGUub3JnL25ld3Mvdmlldy82NDknIHRhcmdldD0nX25ldyc+ZGlzY3Vzc2VkPC9hPiA8YSBocmVmPSdodHRwOi8vaHRzLmlvL3gvaHR0cHM6Ly93d3cuaGFja3RoaXNzaXRlLm9yZy9uZXdzL3ZpZXcvNjU2JyB0YXJnZXQ9J19uZXcnPnF1aXRlPC9hPiA8YSBocmVmPSdodHRwOi8vaHRzLmlvL3gvaHR0cHM6Ly93d3cuaGFja3RoaXNzaXRlLm9yZy9uZXdzL3ZpZXcvNjU3JyB0YXJnZXQ9J19uZXcnPmV4dGVuc2l2ZWx5PC9hPiwgSGFja1RoaXNTaXRlIGZvdW5kZXIgPGEgaHJlZj0naHR0cDovL2h0cy5pby94L2h0dHA6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvSmVyZW15X0hhbW1vbmQnIHRhcmdldD0nX25ldyc+SmVyZW15IEhhbW1vbmQ8L2E+IGlzIG5vdyBnb2luZyB0byBzZXJ2ZSBhIHRlbiB5ZWFyIHNlbnRlbmNlIHVuZGVyIGEgYmlhc2VkIGFwcGxpY2F0aW9uIG9mIHRoZSAyNy15ZWFyLW9sZCBhbmQgYW50aXF1YXRlZCA8YSBocmVmPSdodHRwOi8vaHRzLmlvL3gvaHR0cHM6Ly9pbHQuZWZmLm9yZy9pbmRleC5waHAvQ29tcHV0ZXJfRnJhdWRfYW5kX0FidXNlX0FjdF8oQ0ZBQSknIHRhcmdldD0nX25ldyc+Q29tcHV0ZXIgRnJhdWQgYW5kIEFidXNlIEFjdDwvYT4uIEplcmVteSBoYXMgYXQgbGFzdCBmb3VuZCBoaXMgZmluYWwgZGVzdGluYXRpb24gYXQgdGhlIG1lZGl1bS1zZWN1cml0eSA8YSBocmVmPSdodHRwOi8vaHRzLmlvL3gvaHR0cDovL3d3dy5ib3AuZ292L2xvY2F0aW9ucy9pbnN0aXR1dGlvbnMvbWFuJyB0YXJnZXQ9J19uZXcnPkZlZGVyYWwgQ29ycmVjdGlvbmFsIEluc3RpdHV0aW9uIG9mIE1hbmNoZXN0ZXIsIEtlbnR1Y2t5PC9hPi48YnIgLz4NCjxiciAvPg0KRmlyc3QsIHdlIHN0cm9uZ2x5IGVuY291cmFnZSBldmVyeW9uZSB0byB3cml0ZSBKZXJlbXk6PGJyIC8+DQo8YnIgLz4NCjxiPkplcmVteSBIYW1tb25kICMxODcyOS00MjQ8YnIgLz4NCkZDSSBNYW5jaGVzdGVyPGJyIC8+DQpGZWRlcmFsIENvcnJlY3Rpb25hbCBJbnN0aXR1dGlvbjxiciAvPg0KUC5PLiBCb3ggNDAwMDxiciAvPg0KTWFuY2hlc3RlciwgS1kgNDA5NjI8L2I+PGJyIC8+DQo8YnIgLz4NLi4uPC9kaXY+CiAgCQk8YnIgLz4KICAgICAgIAk8YnIgLz4KICAJCTxzcGFuIHN0eWxlPSJmb250LXNpemU6IDEwcHg7Ij48YSBocmVmPSIvbmV3cy92aWV3LzY3MiI+cmVhZCBtb3JlLi4uPC9hPiB8IDxhIGhyZWY9Ii9uZXdzL3ZpZXcvNjcyLyNjb21tZW50cyI+Y29tbWVudHMgKDIyKTwvYT48YnIgLz48YnIgLz48L3NwYW4+CiAgICA8L3RkPgoJPC90cj4KCTx0cj4KCgkJPHRkPiZuYnNwOzwvdGQ+Cgk8L3RyPgogICAgICAgCgk8dHI+CgkJPHRkIGNsYXNzPSJub3JtYWwtdGQiIHN0eWxlPSJmb250LXNpemU6IDE2cHg7Ij4KICAgICAgCQk8Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMnB4Ij48aW1nIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy90aWNrLmdpZiIgYWx0PSIjIiAvPjE0LzAxLzE0Ojwvc3Bhbj4mbmJzcDsmbmJzcDtFVSBjb3B5cmlnaHQgcmVmb3JtIHdhbnRzIHlvdXIgaW5wdXQ8L2I+PHNwYW4gc3R5bGU9ImRpc3BsYXk6bm9uZTtmb250LXNpemU6IDlweDsiPjxiciAvPjwvc3Bhbj4KICAgIAkJPC90ZD4KCTwvdHI+CiAgICAgICAKCTx0cj4KCQk8dGQgY2xhc3M9Im5vcm1hbC10ZCIgc3R5bGU9ImZvbnQtc2l6ZTogMTBweDsiPgogICAgICAJPGJyIC8+PGRpdiBjbGFzcz0ibmV3cyI+PGRpdiBhbGlnbj0ibGVmdCI+SW4gMjAxNCB0aGUgRXVyb3BlYW4gQ29tbWlzc2lvbiB3aWxsIChtYXliZSkgcHJvcG9zZSBuZXcgY29weXJpZ2h0IGxhd3MgYW5kIGlzIGFsbG93aW5nIGV2ZXJ5b25lIHdpdGggYW4gaW50ZXJlc3QgaW4gY29weXJpZ2h0IHRvIHN1Ym1pdCB0aGVpciB2aWV3cyBpbiBhIHB1YmxpYyBjb25zdWx0YXRpb24uICBBbmQgd2hlbiB0aGV5IHNheSBldmVyeW9uZSB0aGV5IGRvIG1lYW4gPGI+PHU+ZXZlcnlvbmU8L3U+PC9iPiwgZXZlbiBpZiB5b3UncmUgbm90IGluIHRoZSBFVSBvciBtYXliZSBkb24ndCBldmVuIGxpdmUgb24gdGhpcyBwbGFuZXQuICBJZiB5b3UgaGF2ZSBhbiBlYXJ0aGxpbmcgbmFtZSwga25vdyBvbmUgb2YgPGEgaHJlZj0naHR0cDovL2h0cy5pby94L2h0dHA6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvTGFuZ3VhZ2VzX29mX3RoZV9FdXJvcGVhbl9VbmlvbicgdGFyZ2V0PSdfbmV3Jz50aGUgbGFuZ3VhZ2VzPC9hPiwgYW5kIGhhdmUgYW4gZW1haWwgYWRkcmVzcywgdGhlbiB0aGV5IGFyZSB3aWxsaW5nIHRvIGhlYXIgd2hhdCB5b3UgaGF2ZSB0byBzYXkuICAoTm8gY2hlYXRpbmcgdGhvdWdoLCB0aGV5IHdpbGwgcHJvYmFibHkgY29tcGxhaW4gdGhhdCBhIGxvdCBvZiBzdWJtaXNzaW9ucyBhcmUgdGhlIHNhbWUgYW5kIGp1c3QgaWdub3JlIGV2ZXJ5b25lIGFzIHVzdWFsLiAgRG9uJ3QgcnVpbiBpdCBmb3IgZXZlcnlib2R5ISk8YnIgLz4NCjxiciAvPg0KQWxsIHlvdSBuZWVkIHRvIGRvIGlzIGFuc3dlciBhYm91dCA4MCBob3JyaWJseSBkZXByZXNzaW5nIHF1ZXN0aW9ucyB3aGljaCB0cnkgdG8gbGVhZCB5b3UgdG93YXJkcyBzb21lIGhvcnJpYmx5IGJhZCBsZWdpc2xhdGlvbiBhbmQgZW1haWwgaXQgYmFjayB0byB0aGVtLiAgKE5vdGU6IFlvdSBkb24ndCBoYXZlIHRvIGFuc3dlciBhbGwgcXVlc3Rpb25zLCBqdXN0IHRob3NlIHlvdSBjYXJlIGFib3V0LikgIEx1Y2tpbHkgd2UgcGVvcGxlIGZyb20gdGhlIGludGVybmV0IGhhdmUgc29tZSByZXNvdXJjZXMgdGhhdCBjYW4gaGVscCB1cyBhdm9pZCBnZXR0aW5nIHRyaWNrZWQgaW50byBzdXBwb3J0aW5nIGJhZCBsZWdpc2xhdGlvbiBhbmQgY29pbmNpZGVudGFsbHkgdGhvc2UgcmVzb3VyY2VzIGFyZSBmb3VuZCBvbiB0aGUgaW50ZXJuZXQuPGJyIC8+DQo8YnIgLz4NClRoZXJlIGlzIGFuIC4uLjwvZGl2PgogIAkJPGJyIC8+CiAgICAgICAJPGJyIC8+CiAgCQk8c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMHB4OyI+PGEgaHJlZj0iL25ld3Mvdmlldy82NzEiPnJlYWQgbW9yZS4uLjwvYT4gfCA8YSBocmVmPSIvbmV3cy92aWV3LzY3MS8jY29tbWVudHMiPmNvbW1lbnRzICgyKTwvYT48YnIgLz48YnIgLz48L3NwYW4+CiAgICA8L3RkPgoJPC90cj4KCTx0cj4KCgkJPHRkPiZuYnNwOzwvdGQ+Cgk8L3RyPgogICAgICAgCgk8dHI+CgkJPHRkIGNsYXNzPSJub3JtYWwtdGQiIHN0eWxlPSJmb250LXNpemU6IDE2cHg7Ij4KICAgICAgCQk8Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxMnB4Ij48aW1nIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy90aWNrLmdpZiIgYWx0PSIjIiAvPjI1LzEyLzEzOjwvc3Bhbj4mbmJzcDsmbmJzcDtIYXBweSBIb2xpZGF5cyE8L2I+PHNwYW4gc3R5bGU9ImRpc3BsYXk6bm9uZTtmb250LXNpemU6IDlweDsiPjxiciAvPjwvc3Bhbj4KICAgIAkJPC90ZD4KCTwvdHI+CiAgICAgICAKCTx0cj4KCQk8dGQgY2xhc3M9Im5vcm1hbC10ZCIgc3R5bGU9ImZvbnQtc2l6ZTogMTBweDsiPgogICAgICAJPGJyIC8+PGRpdiBjbGFzcz0ibmV3cyI+PGRpdiBhbGlnbj0ibGVmdCI+PGRpdiBhbGlnbj0iY2VudGVyIj48YSBocmVmPSdodHRwOi8vaHRzLmlvL3gvaHR0cHM6Ly9kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL2NocmlzdG1hczIwMTMtbGFyZ2UuanBnJyB0YXJnZXQ9J19uZXcnPjxpbWcgc3JjPSdodHRwczovL2RhdGEuaHRzY2RuLm9yZy9pbWFnZXMvY2hyaXN0bWFzMjAxMy1zbWFsbC5qcGcnIC8+PC9hPjwvZGl2PjxiciAvPg0KPGJyIC8+DQpUaGUgZXZpZGVuY2UgaXMgbm93IGNsZWFyOiBGT1ggTmV3cyB3YXMgcmlnaHQsIDxhIGhyZWY9J2h0dHA6Ly9odHMuaW8veC9odHRwOi8vd3d3LnNhbG9uLmNvbS8yMDEzLzEyLzI0LzlfcmVhc29uc19mb3hfbmV3c190aGlua3NfdGhlcmVzX2Ffd2FyX29uX2NocmlzdG1hcy8nIHRhcmdldD0nX25ldyc+dGhlIHdhciBvbiBDaHJpc3RtYXMgaXMgcmVhbDwvYT4hICBUaGUgTlNBIDxhIGhyZWY9J2h0dHA6Ly9odHMuaW8veC9odHRwczovL3d3dy5lZmYub3JnL25zYS1zcHlpbmcnIHRhcmdldD0nX25ldyc+c3RvbGUgYW5kIGFidXNlZDwvYT4gU2FudGEncyB0ZWNobm9sb2d5IGZvciB0aGVpciBvd24gbmVmYXJpb3VzIHB1cnBvc2VzLCB0aGVyZWJ5IGRpcmVjdGx5IGFzc2F1bHRpbmcgPHN0cmlrZT5jYXBpdGFsaXNtPC9zdHJpa2U+IENocmlzdG1hcyBhdCBpdHMgY29yZS4gIFRob3NlIGRhbW4gc29jaWFsaXN0IGF0aGVpc3RzITxiciAvPg0KPGJyIC8+DQpBbGwgam9rZXMgYXNpZGUsIGl0IGhhcyBiZWVuIG9uZSBoZWxsIG9mIGEgeWVhciwgbW9zdCBlc3BlY2lhbGx5IGZvciBjaXZpbCByaWdodHMgYW5kIGhhY2t0aXZpc20uICBBIHByb2dyZXNzaXZlIFBvcGUgc3RlcHBlZCBpbiwgZ3VuIGNvbnRyb2wgYW5kIDxpPjxhIGhyZWY9J2h0dHA6Ly9odHMuaW8veC9odHRwOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL1N0YW5kLXlvdXItZ3JvdW5kX2xhdycgdGFyZ2V0PSdfbmV3Jz5TdGFuZCBZb3VyIEdyb3VuZDwvYT48L2k+IHdlcmUgaG90bHkgZGViYXRlZCwgYSBib21iaW5nIHJlaWduaXRlZCBJc2xhbW9waG9iaWEsIGFuZCBlYXN5IGFjY2VzcyB0byBhZmZvcmRhYmxlIGhlYWx0aGNhcmUgKHNvbWV0aGluZyA8aT48dT5hbGw8L3U+PC9pPiBpbmR1c3RyaWFsaXplZCBuYXRpb25zIGhhdmUsIGV4Y2VwdCB0aGUgVW5pdGVkIFN0YXRlcykgd2FzIG9ic3RydWN0ZWQgdG8gYSBsZXZlbCBvZiBzZWRpdGlvbiBib3JkZXJpbmcgb24gZG9tZXN0aWMgdGVycm9yLi4uPC9kaXY+CiAgCQk8YnIgLz4KICAgICAgIAk8YnIgLz4KICAJCTxzcGFuIHN0eWxlPSJmb250LXNpemU6IDEwcHg7Ij48YSBocmVmPSIvbmV3cy92aWV3LzY2NiI+cmVhZCBtb3JlLi4uPC9hPiB8IDxhIGhyZWY9Ii9uZXdzL3ZpZXcvNjY2LyNjb21tZW50cyI+Y29tbWVudHMgKDIpPC9hPjxiciAvPjxiciAvPjwvc3Bhbj4KICAgIDwvdGQ+Cgk8L3RyPgoJPHRyPgoKCQk8dGQ+Jm5ic3A7PC90ZD4KCTwvdHI+CiAgICAgICA8L3RhYmxlPgo8L2Rpdj4KPGJyIC8+Cgk8ZGl2IHN0eWxlPSJmb250LXNpemU6IDEwcHg7Ij48Yj4gQ3VycmVudCBPbmxpbmUgVXNlcnM6PC9iPiAoPGEgaHJlZj0iL3VzZXIvb25saW5lLyI+NDEgVXNlcnMgKDMgQW5vbnltb3VzKSwgMTc2IEd1ZXN0cywgMjE3IFRvdGFsOyA8c3BhbiB0aXRsZT0iT24gSmFudWFyeSAxMnRoLCAyMDE0IEAgNzozOTo1NyBBTSBVVEMiPjEsMzczPC9zcGFuPiBNb3N0IEV2ZXI8L2E+KTwvZGl2PgoJCTxkaXYgc3R5bGU9ImZvbnQtc2l6ZTogMTBweDsiIGNsYXNzPSJsaWdodC10ZC1zaG9ydG5ld3MiPgo8YSBocmVmPSIvdXNlci92aWV3L0FFc3R5cyI+QUVzdHlzPC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcvYWxrZW5pb24iPmFsa2VuaW9uPC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcvQXNtb2RldXNfNjY2Ij5Bc21vZGV1c182NjY8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9iYWJhc2VydCI+YmFiYXNlcnQ8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9iYW5hbm9uZTk2Ij5iYW5hbm9uZTk2PC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcvYmF6c2FnYWJpIj5iYXpzYWdhYmk8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9jYXB0YWluYmx1bXBraW4iPmNhcHRhaW5ibHVtcGtpbjwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L2NyaXh4eHkiPmNyaXh4eHk8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9nYW1iaWp1bmlvciI+Z2FtYmlqdW5pb3I8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9naTc1YzBkM3IiPmdpNzVjMGQzcjwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L0dNUjUxNiI+R01SNTE2PC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcvR29keiI+R29kejwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L2g0Y2tpTkdfMzIiPmg0Y2tpTkdfMzI8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9oYXhvcm8iPmhheG9ybzwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L2llaG92NjEiPmllaG92NjE8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9pTVByb3ZlIj5pTVByb3ZlPC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcvSmFkZXhvbiI+SmFkZXhvbjwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L0pvdGFQIj5Kb3RhUDwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L2pwbTA3MDA2Ij5qcG0wNzAwNjwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L2pzbmV4NyI+anNuZXg3PC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcva3VtYXVzIj5rdW1hdXM8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9LempMZSI+S3pqTGU8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9MMHlkIj5MMHlkPC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcvbGJtNTgyMiI+bGJtNTgyMjwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L2x1Y2FuZGlkb2FuIj5sdWNhbmRpZG9hbjwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L21heGlkb2cxMjMiPm1heGlkb2cxMjM8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9tZXJjdXJpYWxvbCI+bWVyY3VyaWFsb2w8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9tdHRkIj5tdHRkPC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcvTjNSMDhMNEQzIj5OM1IwOEw0RDM8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9Ob294ZXQiPk5vb3hldDwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L05fU19LIj5OX1NfSzwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L1BoZW9uaXgxMSI+UGhlb25peDExPC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcvcHJpbmFuZCI+cHJpbmFuZDwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L1B5bHRzaSI+UHlsdHNpPC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcvU2VjdXJpdHlTdHVkZW50Ij5TZWN1cml0eVN0dWRlbnQ8L2E+IC0gPGEgaHJlZj0iL3VzZXIvdmlldy9zaGFraXIxNDQzIj5zaGFraXIxNDQzPC9hPiAtIDxhIGhyZWY9Ii91c2VyL3ZpZXcvU2lkdXMwOSI+U2lkdXMwOTwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L1QzTlNFIj5UM05TRTwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L3RyaXBiZWFtIj50cmlwYmVhbTwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L3dhcnJpdjkzIj53YXJyaXY5MzwvYT4gLSA8YSBocmVmPSIvdXNlci92aWV3L1dpbGRib3lzIj5XaWxkYm95czwvYT4JCTxiciAvPjxiciAvPjxiPk5ld2VzdCBVc2VyPC9iPjogPGEgaHJlZj0iL3VzZXIvdmlldy9DYXR6UmV2ZW5nZSI+Q2F0elJldmVuZ2U8L2E+IChKb2luZWQgMyBtaW51dGVzIDMgc2Vjb25kcyBhZ28pCQkgIDwvZGl2PgoJPC90ZD4NCiAgICAgICAgPC90cj4NCiAgICAgIDwvdGFibGU+PC90ZD4NCiAgICA8L3RyPg0KIDx0cj4NCiAgICAgIDx0ZCBjbGFzcz0ic2l0ZWJvdHRvbWhlYWRlciI+PGltZyBzcmM9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy90aGVtZXMvRGFyay9pbWFnZXMvaHRzX2JvdHRvbWhlYWRlcm4uanBnIiBhbHQ9IkVuZCBGb290ZXIiIHdpZHRoPSI3ODAiIGhlaWdodD0iNjAiIC8+PC90ZD4NCiAgICA8L3RyPg0KICA8L3RhYmxlPg0KICA8YnIgLz4NCjxkaXYgYWxpZ249ImNlbnRlciIgc3R5bGU9ImZvbnQtZmFtaWx5OlZlcmRhbmEsIEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IGZvbnQtc2l6ZToxMHB4OyBjb2xvcjojQ0NDQ0NDIj5IYWNrVGhpc1NpdGUgaXMgaXMgdGhlIGNvbGxlY3RpdmUgd29yayBvZiB0aGUgSGFja1RoaXNTaXRlIHN0YWZmLCBsaWNlbnNlZCB1bmRlciBhIDxhIHJlbD0ibGljZW5zZSIgaHJlZj0iaHR0cDovL2h0cy5pby94L2h0dHA6Ly9jcmVhdGl2ZWNvbW1vbnMub3JnL2xpY2Vuc2VzL2J5LW5jLzMuMC8iIHRhcmdldD0iX25ldyI+Q0MgQlktTkM8L2E+IGxpY2Vuc2UuPGJyIC8+DQpXZSBhc2sgdGhhdCB5b3UgaW5mb3JtIHVzIHVwb24gc2hhcmluZyBvciBkaXN0cmlidXRpbmcuPGJyIC8+PGJyIC8+DQo8c3ViPlBhZ2UgR2VuZXJhdGVkOiBUdWUsIDE0IE9jdCAyMDE0IDIwOjU4OjAxICswMDAwPGJyIC8+V2ViIE5vZGU6IHd3dzIgfCBQYWdlIEdlbjogMC4xcyB8IERCOiAxMnE8YnIgLz5DdXJyZW50IENvZGUgUmV2aXNpb246IDxhIGhyZWY9Imh0dHA6Ly93d3cuaGFja3RoaXNzaXRlLm9yZy9DSEFOR0VMT0ciPnYzLjIuMwogKEZyaSwgMjcgSnVuIDIwMTQgMjA6MTM6MTAgKzAwMDApPC9hPjwvc3ViPjxiciAvPgo8L2Rpdj4NCjwvZGl2Pg0KPGRpdiBhbGlnbj0iY2VudGVyIj4NCiAgPHA+DQogICA8YSB0YXJnZXQ9Il9uZXciIGhyZWY9Imh0dHA6Ly9odHMuaW8veC9odHRwOi8vY3JlYXRpdmVjb21tb25zLm9yZy9saWNlbnNlcy9ieS1uYy8zLjAvIj48aW1nIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy9jY184MHgxNS5wbmciIHdpZHRoPSI4MCIgaGVpZ2h0PSIxNSIgYm9yZGVyPSIwIiBhbHQ9IiIgLz48L2E+DQogICA8YSB0YXJnZXQ9Il9uZXciIGhyZWY9Imh0dHA6Ly9odHMuaW8veC9odHRwOi8vdmFsaWRhdG9yLnczLm9yZy9jaGVjaz91cmk9cmVmZXJlciI+PGltZyBzcmM9Imh0dHA6Ly93d3cxLmRhdGEuaHRzY2RuLm9yZy9pbWFnZXMveGh0bWwxMC5wbmciIHdpZHRoPSI4MCIgaGVpZ2h0PSIxNSIgYm9yZGVyPSIwIiBhbHQ9IiIgLz48L2E+Jm5ic3A7DQogICA8YSB0YXJnZXQ9Il9uZXciIGhyZWY9Imh0dHA6Ly9odHMuaW8veC9odHRwOi8vamlnc2F3LnczLm9yZy9jc3MtdmFsaWRhdG9yL2NoZWNrL3JlZmVyZXIiPjxpbWcgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL2Nzcy5wbmciIHdpZHRoPSI4MCIgaGVpZ2h0PSIxNSIgYm9yZGVyPSIwIiBhbHQ9IiIgLz48L2E+IA0KICAgPGEgdGFyZ2V0PSJfbmV3IiBocmVmPSJodHRwOi8vaHRzLmlvL3gvaHR0cDovL3d3dy5waHAubmV0LyI+IDxpbWcgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL3BocHBvdy5naWYiIHdpZHRoPSI4MCIgaGVpZ2h0PSIxNSIgYm9yZGVyPSIwIiBhbHQ9IiIgLz48L2E+DQogICA8IS0tPGEgaHJlZj0iaHR0cDovL3d3dy5saW51eC5jb20vIj4gPGltZyBzcmM9Ii4uLy4uL2ltYWdlcy9saW51eDIuZ2lmIiB3aWR0aD0iODAiIGhlaWdodD0iMTUiIGJvcmRlcj0iMCIgYWx0PSIiIC8+PC9hPi0tPg0KICAgPGEgdGFyZ2V0PSJfbmV3IiBocmVmPSJodHRwOi8vaHRzLmlvL3gvaHR0cDovL3d3dy5mcmVlYnNkLm9yZy8iPiA8aW1nIHNyYz0iaHR0cDovL3d3dzEuZGF0YS5odHNjZG4ub3JnL2ltYWdlcy9mcmVlYnNkLnBuZyIgd2lkdGg9IjgwIiBoZWlnaHQ9IjE1IiBib3JkZXI9IjAiIGFsdD0iIiAvPjwvYT4NCiAgIDxpbWcgc3JjPSJodHRwOi8vd3d3MS5kYXRhLmh0c2Nkbi5vcmcvaW1hZ2VzL2NvdW50ZXIucGhwIiBoZWlnaHQ9IjE0IiBib3JkZXI9IjAiIGFsdD0iUGFnZSBWaWV3IENvdW50ZXIiIC8+DQogIDwvcD4NCjwvZGl2Pg0KPGEgaHJlZj0iaHR0cDovL2hhY2t0aGlzc2l0ZS5vcmcvaHAucGhwIj48c3BhbiBzdHlsZT0iZGlzcGxheTogbm9uZTsiPnJldGlyZWQ8L3NwYW4+PC9hPjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4NCnZhciBnYUpzSG9zdCA9ICgoImh0dHBzOiIgPT0gZG9jdW1lbnQubG9jYXRpb24ucHJvdG9jb2wpID8gImh0dHBzOi8vc3NsLiIgOiAiaHR0cDovL3d3dy4iKTsNCmRvY3VtZW50LndyaXRlKHVuZXNjYXBlKCIlM0NzY3JpcHQgc3JjPSciICsgZ2FKc0hvc3QgKyAiZ29vZ2xlLWFuYWx5dGljcy5jb20vZ2EuanMnIHR5cGU9J3RleHQvamF2YXNjcmlwdCclM0UlM0Mvc2NyaXB0JTNFIikpOw0KPC9zY3JpcHQ+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+DQp2YXIgcGFnZVRyYWNrZXIgPSBfZ2F0Ll9nZXRUcmFja2VyKCJVQS0yMzkxMTc2LTEiKTsNCnBhZ2VUcmFja2VyLl9pbml0RGF0YSgpOw0KcGFnZVRyYWNrZXIuX3RyYWNrUGFnZXZpZXcoKTsNCjwvc2NyaXB0Pg0KPCEtLVtpZiAhKGx0IElFIDgpXT48IS0tPg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPg0KICB2YXIgdGR3ZmJfY29uZmlnID0ge2dyZWV0aW5nOiAnRGVhciBIYWNrVGhpc1NpdGUgVXNlcid9Ow0KICAoZnVuY3Rpb24oKXsNCiAgICB2YXIgZSA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ3NjcmlwdCcpOyBlLnR5cGU9J3RleHQvamF2YXNjcmlwdCc7IGUuYXN5bmMgPSB0cnVlOw0KICAgIGUuc3JjID0gZG9jdW1lbnQubG9jYXRpb24ucHJvdG9jb2wgKyAnLy9kMWFnejAzMXRhZno4bi5jbG91ZGZyb250Lm5ldC90aGVkYXl3ZWZpZ2h0YmFjay5qcy93aWRnZXQubWluLmpzJzsNCiAgICB2YXIgcyA9IGRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdzY3JpcHQnKVswXTsgcy5wYXJlbnROb2RlLmluc2VydEJlZm9yZShlLCBzKTsNCiAgfSkoKTsNCjwvc2NyaXB0Pg0KPCEtLTwhW2VuZGlmXS0tPg0KICAgIDwvYm9keT4NCjwvaHRtbD4NCg==</Response>
137
+ <Benign>0</Benign>
138
+ </AttackRequest>
139
+ </AttackRequestList>
140
+ </Attack>
141
+ <Attack>
142
+ <DbId>96A0331A38FF47AFA13C547518721E08</DbId>
143
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
144
+ <AttackValue><![CDATA[<img """><script>alert("x9khdxei")</script>">]]></AttackValue>
145
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
146
+ <AttackPostParams />
147
+ <AttackMatchedString>x9khdxei</AttackMatchedString>
148
+ <AttackRequestList>
149
+ <AttackRequest>
150
+ <DbId>49A7844AA3884CE19078E68B4F12E04B</DbId>
151
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
152
+ <Request>R0VUIC8/PGltZyUyMCIiIj48c2NyaXB0PmFsZXJ0KCJ4OWtoZHhlaSIpPC9zY3JpcHQ+Ij4gSFRUUC8xLjENCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtQ2hhcnNldDogKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoY29tcGF0aWJsZTsgTVNJRSA5LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC81LjApDQpIb3N0OiB3d3cuaGFja3RoaXNzaXRlLm9yZw0KQ29va2llOiBQSFBTRVNTSUQ9OWh2bmxmczUxanNqMmlpZWZtaDc0dXN0YTA7IF9fdXRtYT0xOTg0MDI4NzAuNjA3MzIxMjgwLjE0MTMyNjA5MjMuMTQxMzI2MDkyMy4xNDEzMjYwOTIzLjE7IF9fdXRtYz0xOTg0MDI4NzA7IF9fdXRtej0xOTg0MDI4NzAuMTQxMzI2MDkyMy4xLjEudXRtY3NyPShkaXJlY3QpfHV0bWNjbj0oZGlyZWN0KXx1dG1jbWQ9KG5vbmUpOyBhZHNfYm1fbGFzdF9sb2FkX3N0YXR1cz1OT1RfQkxPQ0tJTkc7IGJtX21vbnRobHlfdW5pcXVlPXRydWU7IGJtX2RhaWx5X3VuaXF1ZT10cnVlOyBwaHBiYjNfMjhwbGFfdT0xOyBwaHBiYjNfMjhwbGFfaz07IHBocGJiM18yOHBsYV9zaWQ9YmE3M2I1YmRkZjA2NTA5YzI3OGQ5N2Q2ZWQzODE5Mzg7IGxldmVsMTBfYXV0aG9yaXplZD1ubzsgYnNfdXNlcj14aXk5MnExcjsgYnNfcGFzcz14aXk5MnExcyUyNDsgYm1fbGFzdF9sb2FkX3N0YXR1cz1OT1RfQkxPQ0tJTkc7DQoNCg==</Request>
153
+ <Response></Response>
154
+ <Benign>0</Benign>
155
+ </AttackRequest>
156
+ </AttackRequestList>
157
+ </Attack>
158
+ <Attack>
159
+ <DbId>23E5FDE97F5E42628FC74477F8513B8D</DbId>
160
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
161
+ <AttackValue>');alert('x9krdis7');//</AttackValue>
162
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
163
+ <AttackPostParams />
164
+ <AttackMatchedString>x9krdis7</AttackMatchedString>
165
+ <AttackRequestList>
166
+ <AttackRequest>
167
+ <DbId>E982E7BCB4F64A56AC6AC1B8C697E284</DbId>
168
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
169
+ <Request>R0VUIC8/Jyk7YWxlcnQoJ3g5a3JkaXM3Jyk7Ly8gSFRUUC8xLjENCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtQ2hhcnNldDogKg0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoY29tcGF0aWJsZTsgTVNJRSA5LjA7IFdpbmRvd3MgTlQgNi4xOyBXT1c2NDsgVHJpZGVudC81LjApDQpIb3N0OiB3d3cuaGFja3RoaXNzaXRlLm9yZw0KQ29va2llOiBQSFBTRVNTSUQ9OWh2bmxmczUxanNqMmlpZWZtaDc0dXN0YTA7IF9fdXRtYT0xOTg0MDI4NzAuNjA3MzIxMjgwLjE0MTMyNjA5MjMuMTQxMzI2MDkyMy4xNDEzMjYwOTIzLjE7IF9fdXRtYz0xOTg0MDI4NzA7IF9fdXRtej0xOTg0MDI4NzAuMTQxMzI2MDkyMy4xLjEudXRtY3NyPShkaXJlY3QpfHV0bWNjbj0oZGlyZWN0KXx1dG1jbWQ9KG5vbmUpOyBhZHNfYm1fbGFzdF9sb2FkX3N0YXR1cz1OT1RfQkxPQ0tJTkc7IGJtX21vbnRobHlfdW5pcXVlPXRydWU7IGJtX2RhaWx5X3VuaXF1ZT10cnVlOyBwaHBiYjNfMjhwbGFfdT0xOyBwaHBiYjNfMjhwbGFfaz07IHBocGJiM18yOHBsYV9zaWQ9YmE3M2I1YmRkZjA2NTA5YzI3OGQ5N2Q2ZWQzODE5Mzg7IGxldmVsMTBfYXV0aG9yaXplZD1ubzsgYnNfdXNlcj14aXk5MnExcjsgYnNfcGFzcz14aXk5MnExcyUyNDsgYm1fbGFzdF9sb2FkX3N0YXR1cz1OT1RfQkxPQ0tJTkc7DQoNCg==</Request>
170
+ <Response></Response>
171
+ <Benign>0</Benign>
172
+ </AttackRequest>
173
+ </AttackRequestList>
174
+ </Attack>
175
+ <Attack>
176
+ <DbId>B87C5202F4A74BEBA06936F6BD186076</DbId>
177
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
178
+ <AttackValue>'-alert(15189768)-'</AttackValue>
179
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
180
+ <AttackPostParams />
181
+ <AttackMatchedString>15189768</AttackMatchedString>
182
+ <AttackRequestList>
183
+ <AttackRequest>
184
+ <DbId>E3F212EBD7134B958D3EB7D4369FE1A9</DbId>
185
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
186
+ <Request>R0VUIC8/Jy1hbGVydCgxNTE4OTc2OCktJyBIVFRQLzEuMQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgNCkFjY2VwdC1DaGFyc2V0OiAqDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzUuMCkNCkhvc3Q6IHd3dy5oYWNrdGhpc3NpdGUub3JnDQpDb29raWU6IFBIUFNFU1NJRD05aHZubGZzNTFqc2oyaWllZm1oNzR1c3RhMDsgX191dG1hPTE5ODQwMjg3MC42MDczMjEyODAuMTQxMzI2MDkyMy4xNDEzMjYwOTIzLjE0MTMyNjA5MjMuMTsgX191dG1jPTE5ODQwMjg3MDsgX191dG16PTE5ODQwMjg3MC4xNDEzMjYwOTIzLjEuMS51dG1jc3I9KGRpcmVjdCl8dXRtY2NuPShkaXJlY3QpfHV0bWNtZD0obm9uZSk7IGFkc19ibV9sYXN0X2xvYWRfc3RhdHVzPU5PVF9CTE9DS0lORzsgYm1fbW9udGhseV91bmlxdWU9dHJ1ZTsgYm1fZGFpbHlfdW5pcXVlPXRydWU7IHBocGJiM18yOHBsYV91PTE7IHBocGJiM18yOHBsYV9rPTsgcGhwYmIzXzI4cGxhX3NpZD1iYTczYjViZGRmMDY1MDljMjc4ZDk3ZDZlZDM4MTkzODsgbGV2ZWwxMF9hdXRob3JpemVkPW5vOyBic191c2VyPXhpeTkycTFyOyBic19wYXNzPXhpeTkycTFzJTI0OyBibV9sYXN0X2xvYWRfc3RhdHVzPU5PVF9CTE9DS0lORzsNCg0K</Request>
187
+ <Response></Response>
188
+ <Benign>0</Benign>
189
+ </AttackRequest>
190
+ </AttackRequestList>
191
+ </Attack>
192
+ <Attack>
193
+ <DbId>ED858AB85A2C46C9953BA5E86C412BEE</DbId>
194
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
195
+ <AttackValue>';alert('x9lj3cup');//</AttackValue>
196
+ <AttackVulnUrl>http://www.hackthissite.org/</AttackVulnUrl>
197
+ <AttackPostParams />
198
+ <AttackMatchedString>x9lj3cup</AttackMatchedString>
199
+ <AttackRequestList>
200
+ <AttackRequest>
201
+ <DbId>2F292FE91CD64B86B98B536D9BA66FE7</DbId>
202
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
203
+ <Request>R0VUIC8/JzthbGVydCgneDlsajNjdXAnKTsvLyBIVFRQLzEuMQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgNCkFjY2VwdC1DaGFyc2V0OiAqDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzUuMCkNCkhvc3Q6IHd3dy5oYWNrdGhpc3NpdGUub3JnDQpDb29raWU6IFBIUFNFU1NJRD05aHZubGZzNTFqc2oyaWllZm1oNzR1c3RhMDsgX191dG1hPTE5ODQwMjg3MC42MDczMjEyODAuMTQxMzI2MDkyMy4xNDEzMjYwOTIzLjE0MTMyNjA5MjMuMTsgX191dG1jPTE5ODQwMjg3MDsgX191dG16PTE5ODQwMjg3MC4xNDEzMjYwOTIzLjEuMS51dG1jc3I9KGRpcmVjdCl8dXRtY2NuPShkaXJlY3QpfHV0bWNtZD0obm9uZSk7IGFkc19ibV9sYXN0X2xvYWRfc3RhdHVzPU5PVF9CTE9DS0lORzsgYm1fbW9udGhseV91bmlxdWU9dHJ1ZTsgYm1fZGFpbHlfdW5pcXVlPXRydWU7IHBocGJiM18yOHBsYV91PTE7IHBocGJiM18yOHBsYV9rPTsgcGhwYmIzXzI4cGxhX3NpZD1iYTczYjViZGRmMDY1MDljMjc4ZDk3ZDZlZDM4MTkzODsgbGV2ZWwxMF9hdXRob3JpemVkPW5vOyBic191c2VyPXhpeTkycTFyOyBic19wYXNzPXhpeTkycTFzJTI0OyBibV9sYXN0X2xvYWRfc3RhdHVzPU5PVF9CTE9DS0lORzsNCg0K</Request>
204
+ <Response></Response>
205
+ <Benign>0</Benign>
206
+ </AttackRequest>
207
+ </AttackRequestList>
208
+ </Attack>
209
+ </AttackList>
210
+ </Vuln>
211
+ <Vuln>
212
+ <DbId>7B9CAABF300A49688F4D30FA423EDFB8</DbId>
213
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
214
+ <ScanName>hackthissite</ScanName>
215
+ <WebSite>http://www.hackthissite.org:80</WebSite>
216
+ <VulnType>Sensitive data sent over Un Encrypted Channel</VulnType>
217
+ <VulnUrl>http://www.hackthissite.org/register</VulnUrl>
218
+ <NormalizedUrl>http://www.hackthissite.org/register</NormalizedUrl>
219
+ <MatchedString>action=http://www.hackthissite.org/register/submit</MatchedString>
220
+ <NormalizedPostParams />
221
+ <VulnParam />
222
+ <ParameterName>N/A</ParameterName>
223
+ <HtmlEntityAttacked>URL</HtmlEntityAttacked>
224
+ <AttackType>N/A</AttackType>
225
+ <AttackScore>2-Low</AttackScore>
226
+ <AttackValue>N/A</AttackValue>
227
+ <Method>N/A</Method>
228
+ <RootCauseId>505F0E05CF0EAA863C010E0D013800DB</RootCauseId>
229
+ <Description><![CDATA[<p>Sending sensitive data over HTTP</p>]]></Description>
230
+ <Recommendation><![CDATA[<p>Credentials or sensitive data is transmitted without encryption and a malicious user could read user's sensitive data by simply sniffing the net with a tool like Wireshark. HTTPS protocol ensures that data is sent through an encrypted channel and not readable by other people.</p>]]></Recommendation>
231
+ <Page>http://www.hackthissite.org/register</Page>
232
+ <Url>http://www.hackthissite.org/register</Url>
233
+ <VulnParamType>unknown</VulnParamType>
234
+ <CrawlTrafficTemplate>R0VUIC9yZWdpc3RlciBIVFRQLzEuMQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgNCkFjY2VwdC1DaGFyc2V0OiAqDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzUuMCkNCkhvc3Q6IHd3dy5oYWNrdGhpc3NpdGUub3JnDQpDb29raWU6IFBIUFNFU1NJRD05aHZubGZzNTFqc2oyaWllZm1oNzR1c3RhMDsNCg0K</CrawlTrafficTemplate>
235
+ <AttackClass>Privacy</AttackClass>
236
+ <CweId>311</CweId>
237
+ <CAPEC>0</CAPEC>
238
+ <DISSA_ASC>0</DISSA_ASC>
239
+ <OWASP2007>9</OWASP2007>
240
+ <OWASP2010>9</OWASP2010>
241
+ <OWASP2013>6</OWASP2013>
242
+ <OVAL>0</OVAL>
243
+ <WASC>0</WASC>
244
+ <ScanDate>2014-10-14 07:26:14</ScanDate>
245
+ <ScanEnd>2014-10-15 01:59:37</ScanEnd>
246
+ <DefenseBL>
247
+ <DbId>E00DA69EEFFE4556A2EA833A05174698</DbId>
248
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
249
+ <PcreRegex />
250
+ <ModSecurity />
251
+ <Snort />
252
+ <Imperva />
253
+ </DefenseBL>
254
+ <DefenseWL>
255
+ <DbId>ED59621943E9405B98ED9C3642011DBB</DbId>
256
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
257
+ <PcreRegex />
258
+ <ModSecurity />
259
+ <Snort />
260
+ <Imperva />
261
+ </DefenseWL>
262
+ </Vuln>
263
+ <Vuln>
264
+ <DbId>7B9CAABF300A49688F4D30FA423EDFB8</DbId>
265
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
266
+ <ScanName>hackthissite</ScanName>
267
+ <WebSite>http://www.hackthissite.org:80</WebSite>
268
+ <VulnType>Credentials Over Un Encrypted Channel</VulnType>
269
+ <VulnUrl>http://www.hackthissite.org/register</VulnUrl>
270
+ <NormalizedUrl>http://www.hackthissite.org/register</NormalizedUrl>
271
+ <MatchedString>action=http://www.hackthissite.org/register/submit</MatchedString>
272
+ <NormalizedPostParams />
273
+ <VulnParam />
274
+ <ParameterName>N/A</ParameterName>
275
+ <HtmlEntityAttacked>URL</HtmlEntityAttacked>
276
+ <AttackType>N/A</AttackType>
277
+ <AttackScore>3-Medium</AttackScore>
278
+ <AttackValue>N/A</AttackValue>
279
+ <Method>N/A</Method>
280
+ <RootCauseId>5221EFE5141AD7B9634AECD1C77765C9</RootCauseId>
281
+ <Description><![CDATA[<p>Sending credentials over HTTP</p>]]></Description>
282
+ <Recommendation><![CDATA[<p>Credentials or sensitive data is transmitted without encryption and a malicious user could read user's sensitive data by simply sniffing the net with a tool like Wireshark. HTTPS protocol ensures that data is sent through an encrypted channel and not readable by other people.</p>]]></Recommendation>
283
+ <Page>http://www.hackthissite.org/register</Page>
284
+ <Url>http://www.hackthissite.org/register</Url>
285
+ <VulnParamType>unknown</VulnParamType>
286
+ <CrawlTrafficTemplate>R0VUIC9yZWdpc3RlciBIVFRQLzEuMQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgNCkFjY2VwdC1DaGFyc2V0OiAqDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzUuMCkNCkhvc3Q6IHd3dy5oYWNrdGhpc3NpdGUub3JnDQpDb29raWU6IFBIUFNFU1NJRD05aHZubGZzNTFqc2oyaWllZm1oNzR1c3RhMDsNCg0K</CrawlTrafficTemplate>
287
+ <AttackClass>Application Developer</AttackClass>
288
+ <CweId>311</CweId>
289
+ <CAPEC>0</CAPEC>
290
+ <DISSA_ASC>0</DISSA_ASC>
291
+ <OWASP2007>9</OWASP2007>
292
+ <OWASP2010>9</OWASP2010>
293
+ <OWASP2013>6</OWASP2013>
294
+ <OVAL>0</OVAL>
295
+ <WASC>0</WASC>
296
+ <ScanDate>2014-10-14 07:26:14</ScanDate>
297
+ <ScanEnd>2014-10-15 01:59:37</ScanEnd>
298
+ <DefenseBL>
299
+ <DbId>E00DA69EEFFE4556A2EA833A05174698</DbId>
300
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
301
+ <PcreRegex />
302
+ <ModSecurity />
303
+ <Snort />
304
+ <Imperva />
305
+ </DefenseBL>
306
+ <DefenseWL>
307
+ <DbId>ED59621943E9405B98ED9C3642011DBB</DbId>
308
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
309
+ <PcreRegex />
310
+ <ModSecurity />
311
+ <Snort />
312
+ <Imperva />
313
+ </DefenseWL>
314
+ </Vuln>
315
+ <Vuln>
316
+ <DbId>7B9CAABF300A49688F4D30FA423EDFB8</DbId>
317
+ <ParentDbId>00000000000000000000000000000000</ParentDbId>
318
+ <ScanName>hackthissite</ScanName>
319
+ <WebSite>http://www.hackthissite.org:80</WebSite>
320
+ <VulnType>Autocomplete Attribute</VulnType>
321
+ <VulnUrl>http://www.hackthissite.org/register</VulnUrl>
322
+ <NormalizedUrl>http://www.hackthissite.org/register</NormalizedUrl>
323
+ <MatchedString><![CDATA[<input
324
+ name='password2'
325
+ value=''
326
+ placeholder='Confirm Passphrase'
327
+ type='password' />]]></MatchedString>
328
+ <NormalizedPostParams />
329
+ <VulnParam />
330
+ <ParameterName>N/A</ParameterName>
331
+ <HtmlEntityAttacked>URL</HtmlEntityAttacked>
332
+ <AttackType>N/A</AttackType>
333
+ <AttackScore>2-Low</AttackScore>
334
+ <AttackValue>N/A</AttackValue>
335
+ <Method>N/A</Method>
336
+ <RootCauseId>E513683B583A3E704BF1B33C4E527EFF</RootCauseId>
337
+ <Description><![CDATA[<p>HTML forms are a key component to exchanging information between a user and the server.<br/>
338
+
339
+ Browser feature of remembering what you entered in previous text form fields with the same name. <br/>
340
+
341
+ So, for example, if the field is named 'name' and you had entered several variants of your name in other fields named name, then autocompletion provides those options in a dropdown.</p>]]></Description>
342
+ <Recommendation><![CDATA[<p>The password autocomplete should always be disabled, especially in sensitive applications, since an attacker, if able to access the browser cache,
343
+
344
+ could easily obtain the password in cleartext (public computers are a very notable example of this attack).<br>
345
+
346
+ You can turn it off by setting AUTOCOMPLETE to OFF: <br>
347
+
348
+ <code>&lt;input autocomplete="off" name="oPassword" type="password" &gt;</code></p>]]></Recommendation>
349
+ <Page>http://www.hackthissite.org/register</Page>
350
+ <Url>http://www.hackthissite.org/register</Url>
351
+ <VulnParamType>unknown</VulnParamType>
352
+ <CrawlTrafficTemplate>R0VUIC9yZWdpc3RlciBIVFRQLzEuMQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSwqLyo7cT0wLjgNCkFjY2VwdC1DaGFyc2V0OiAqDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChjb21wYXRpYmxlOyBNU0lFIDkuMDsgV2luZG93cyBOVCA2LjE7IFdPVzY0OyBUcmlkZW50LzUuMCkNCkhvc3Q6IHd3dy5oYWNrdGhpc3NpdGUub3JnDQpDb29raWU6IFBIUFNFU1NJRD05aHZubGZzNTFqc2oyaWllZm1oNzR1c3RhMDsNCg0K</CrawlTrafficTemplate>
353
+ <AttackClass>Best Practice</AttackClass>
354
+ <CweId>0</CweId>
355
+ <CAPEC>0</CAPEC>
356
+ <DISSA_ASC>0</DISSA_ASC>
357
+ <OWASP2007>0</OWASP2007>
358
+ <OWASP2010>0</OWASP2010>
359
+ <OWASP2013>0</OWASP2013>
360
+ <OVAL>0</OVAL>
361
+ <WASC>0</WASC>
362
+ <ScanDate>2014-10-14 07:26:14</ScanDate>
363
+ <ScanEnd>2014-10-15 01:59:37</ScanEnd>
364
+ <DefenseBL>
365
+ <DbId>E00DA69EEFFE4556A2EA833A05174698</DbId>
366
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
367
+ <PcreRegex />
368
+ <ModSecurity />
369
+ <Snort />
370
+ <Imperva />
371
+ </DefenseBL>
372
+ <DefenseWL>
373
+ <DbId>ED59621943E9405B98ED9C3642011DBB</DbId>
374
+ <ParentDbId>7B9CAABF300A49688F4D30FA423EDFB8</ParentDbId>
375
+ <PcreRegex />
376
+ <ModSecurity />
377
+ <Snort />
378
+ <Imperva />
379
+ </DefenseWL>
380
+ </Vuln>
381
+ </VulnList>
382
+ </VulnSummary>