Not to mention the many web scanning tools recently released and available from
packetstorm's "tools" index. Various crawlers and scanners and fun stuff from
the hacker community...

-dave

Bill Pennington wrote:

> I thought this paper might be of interest to some people on the list.
>
> Forwarded with permission :-)
>
> ----- Original Message -----
> From: "Haroon Meer" <haroonsensepost.com>
> To: <vuln-devsecurityfocus.com>
> Sent: Friday, January 11, 2002 5:43 AM
> Subject: MS-SQL Insertion
>
> > Hi..
> >
> > There has been a fair bit of talk recently on MS-SQL insertion wrt. to web
> > forms and poor input validation. We wrote a paper a little while back on
> > this, and decided to release it in its original form.. A more readable
> > version is currently being written (because apparantly my writing style
> > sucks :/ )
> >
> >
> > ======================================================================
> > Haroon Meer SensePost Information Security
> > +27 837866637 haroonsensepost.com
> > ======================================================================
> >
> >
>
> M4U%,($EN:F5C=&EO;B]);G-E<G1I;VX071T86-K<PT*#0I);G1R;V1U8W1I
> M;VXZ#0I4:&ES(&%R=&EC;&4=&%K97,82!B<F]A9"!L;V]K(&%T('1H92!S
> M96-U<FET>2!I<W-U97,<W5R<F]U;F1I;F<35,M4U%,#0IA;F082!C;&]S
> M97(;&]O:R!A="!T:&4<')O8FQE;7,;V8<&]O<B!I;G!U="!V86QI9&%T
> M:6]N("F('1H96ER#0II;7!L:6-A=&EO;G,I('=H96X:'1T<"!F;W)M<R!A
> M<F4=7-E9"!T;R!Q=65R>2!344P<V5R=F5R<RX-"T*2709&ED;G0=&%K
> M92!P96]P;&4;&]N9R!T;R!R96%L:7-E('1H870=VET:"!A;&P=&AE(")F
> M=6YC=&EO;F%I;&ET>2(-"F)U:6QT(&EN=&\35,M4U%,('1H87082!C;VUP
> M<F]M:7-E9"!-4RU344P<V5R=F5R('1R86YS;&%T96086QM;W-T#0ID:7)E
> M8W1L>2!T;R!A(&-O;7!R;VUI<V5D('-E<G9E<B!A;F0<V5R=F5D(&%S(&%N
> M(&5X8V5L;&5N="!S<')I;F=B;V%R9 T*:6YT;PT*:6YT97)N86P;F5T=V]R
> M:W,N($UA;GD97AC96QL96YT('-I=&5S(&QI:V46VAT=' Z+R]W=W<N<W%L
> M<V5C=7)I='DN8V]M70T*:&%V92!S<')U;F<=7 9&5D:6-A=&5D('1O(&ES
> M<W5E<R!B;W1H(&AA=',8V%N('5S92!W:&5N(&1E86QI;F<=VET: T*4U%,
> M+5-E<G9E<BXN#0H-"E1H:7,<&%P97(:7,;6]R92!A8F]U="!A8G5S:6YG
> M('!O;W(861M:6YI<W1R871I;VX86YD(&-O;F9I9W5R871I;VX=&AA;T*
> M:70:7,86)O=704V5R=FEC92!086-K<R!A;F02&]T+49I>&5S+T*#0I"
> M;&%N:R!303H-"E1H92!M;W-T(&-O;6UO;B!P<F]B;&5M('-E96X;VX35,M
> M4U%,(&)O>&5S(&ES('1H92!D969A=6QT(#QB;&%N:SX4T$-"G!A<W-W;W)D
> M+B!)9B!Y;W4:&%V92!A($U3+5-13"!S97)V97(97AP;W-E9"!T;R!T:&4
> M:6YT97)N970=VET:"!40U O25 -"F-O;FYE8W1I=FET>2!E;F%B;&5D("AD
> M969A=6QT*2!A;F04T$<&%S<W=O<F1L97-S("AD969A=6QT*2!Y;W4-"F1E
> M9FEN:6%T96QY(&%S:VEN9R!F;W(*&%N9"!I;B!T:&4;W!I;FEO;B!O9B!M
> M;W-T+"!P<F]B86)L>2!D97-E<G9E*2!T;PT*9V5T(&AA8VME9"X-"E1H92!F
> M;VQL;W=I;F<<&5R;"!S;FEP<&5T(&QO9W,:6YT;R!A(%-13"!S97)V97(
> M;W9E<B!40U O25 =VET:"!T:&4-"G-U<'!L:65D('5S97)N86UE(&%N9"!P
> M87-S=V]R9"X270=V]U;&08F4=')I=FEA;"!T;R!S8W)I<'0=&AI<R!S
> M;FEP<&5T#0II;G1O('-O;71H:6YG('1H870.T*("!A*2!S8V%N<R!F;W(
> M:&]S=',=VET:"!B;&%N:R!P87-S=V]R9',-"B 8BD0G)U=&41F]R8V5S
> M(&QO9VEN(&%T=&5M<'1S+T*#0HM8W5T+0T*(R$O=7-R+V)I;B]P97)L#0HC
> M(PT*(R,4U%,('5S97)N86UE+W!A<W-W;W)D(&-H96-K97(-"B,C(%!A<F%M
> M971E<G,Z('-E;G-E<6P/$E0/B \=7-E<FYA;64^(#QP87-S=V]R9#X-"B,C
> M#0HC(R!%9RX=&\8VAE8VL9F]R(&)L86YK(%-!.T*(R,<V5N<V5Q;" Q
> M,"XP+C N,2!S82 B(T*(R,-"B,C(%)O96QO9B!496UM:6YG:" O($AA<F]O
> M;B!-965R#0HC(R!R;V5L;V9 <V5N<V5P;W-T+F-O;2 O(&AA<F]O;D!S96YS
> M97!O<W0N8V]M#0HC(R!396YS95!O<W02504V5C=7)I='D-"B,C(&AT=' Z
> M+R]W=W<N<V5N<V5P;W-T+F-O;0T*(R,:'1T<#HO+W=W=RYH86-K<F%C:RYC
> M;VT-"B,C(#(P,#$O,3$O,#D-"T*=7-E($E/.CI3;V-K970[#0HD?#TQ.PT*
> M:68*"0C05)'5CPR*2![9&EE(")5<V%G93H<V5N<V5Q;"!)4"!U<V5R;F%M
> M92!P87-S=V]R9%QN(CM]#0HD<&]R=#TQ-#,S.R D:&]S=#TD05)'5ELP73L
> M)'5S97)N86UE/21!4D=66S%=.R D<&%S<STD05)'5ELR73L-"B1U;F]<&%C
> M:RB83,P(BPD=7-E<FYA;64I.R1P<V]<&%C:RB83,P(BPD<&%S<RD[#0HD
> M;G5M=3UP86-K*")C(BQL96YG=&H)'5S97)N86UE*2D[("1N=6UP/7!A8VLH
> M(F,B+&QE;F=T:"D<&%S<RDI.PT*)$923TY4/2(P,C P,#(P,# P,# P,C P
> M,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P#0HP,# P,# P,# P,"([#0HD4D535#TB,S S,#,P,S S,#,P-C$S
> M,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# R,#$X.#%B.#)C
> M,#P,S Q,#8-"C!A,#DP,3 Q,# P,# P,# P,# P,# P,# P-S,W,3<U-C4V
> M8S8T-C$R,#,Q,F4S,# P,# P,# P,# P,# P,# P,# P,# P,# P, T*,# P
> M,# P,# P,# P8C P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P,# P,# P,# P,# P,# P,# P,# P#0HP,"([#0HD4D535#(](C P
> M,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P,# P,# P,# P,# P,# -"C P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P, T*,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P#0HP,# P
> M,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P,# P,# P,# P,# P,# P,# P,# -"C P,# P,# P,# P,# P,# P
> M,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P,# P,# P, T*,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P
> M#0HP,# P,# P-# R,# P,#1D-3,T-#0R-&,T.30R,# P,# P,#<P-C P,# P
> M,# P,&0Q,3 P,# P,# P,# P,# P,# P,# P,# P,# -"C P,# P,# P,# P
> M,# P,# P,# P,# P(CL-"B1H9G)O;G0]<&%C:RB2"HB+"1&4D].5"D[)&AR
> M97-T/7!A8VLH(DJ(BPD4D535"D[)&AR97-T,CUP86-K*")(*B(L)%)%4U0R
> M*0T*.PT*)$953$P])&AF<F]N="XD=6YH+B1N=6UU+B1P<VN)&YU;7 N)&AR
> M97-T+B1N=6UP+B1P<VN)&AR97-T,CL-"B1314Y$63(](C R,#$P,#0W,# P
> M,# R,# P,# P,# P,# P,# P,# Q,# P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P,# P, T*,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P,# P
> M,# P,# P,# P,# P,# P,# P,# P,# S,#,P,S P,# P,# P,S P,# P#0HP
> M(CL-"B1314Y$63(/2!P86-K*")(*B(L)%-%3D19,BD[#0IP<FEN=" B)&AO
> M<W0Z)'5S97)N86UE.B1P87-S.B([#0HD<F5M;W1E(#T24\Z.E-O8VME=#HZ
> M24Y%5"T^;F5W*%!R;W1O/3XB=&-P(BQ0965R061D<CT^)&AO<W0L4&5E<E!O
> M<G0/3X-"B1P;W)T*2 ?'P9&EE(").;R!344P:&5R92!M86XN+BXB.PT*
> M<')I;G0)')E;6]T92 D1E5,3#L<')I;G0)')E;6]T92 D4T5.1%DR.PT*
> M<F5C=BD<F5M;W1E+"1B86-K+#$P,"Q-4T=?4$5%2RD[#0II9B H)&)A8VL
> M/7X+V-O;G1E>'0=&\)VUA<W1E<B<O*2![<')I;G0(EEE<" M(&=O(&9O
> M<B!I=%QN(GT-"F5L<V4>W!R:6YT(").;R!D=61E+BY<;B([?0T*8VQO<V4
> M*"1R96UO=&4I.PT*#0HM8W5T+0T*#0I,971S(&UO=F4;VXN+B!A="!L96%S
> M="!T;R!A9&UI;G,=VAO(&AA=F4:&%D('1H92!S96YS92!T;R!C:&%N9V4
> M=&AE#0IA9&UI;B!P87-S=V]R9"X-"T*26YP=705F%L:61A=&EO;B!;4VEM
> M<&QE73H-"T*4&5O<&QE(&AA=F48F5E;B!S8W)E86UI;F<86)O=70<&]O
> M<B H;F]N*2!V86QI9&%T:6]N(&]F('5S97(:6YP=709F]R(&%S#0IL;VYG
> M(&%S(&D8V%N(')E;65M8F5R('-O(&D9&]N="!E=F5N('1H:6YK('1H870
> M86YY(&]F('1H92!N;W)M86P97AC=7-E<PT*87!P;'D86YY;6]R92X0GD
> M;F]W+BX9&5V96QO<&5R<R!S:&]U;&0<VEM<&QY(&AA=F4;&5A<FYT('1H
> M870(F%L;"!U<V5R#0II;G!U="!S:&]U;&08F4:6YH97)E;G1L>2!D:7-T
> M<G5S=&5D(B!A;F0=&AE<F9O<F4<V%N:71I>F5D+T*56YF;W)T=6YA=&5L
> M>2!M;W-T(&]F('1H92!S:71E<R!Y;W48V]M92!A8W)O<W,<V5E;2!T;R!I
> M9VYO<F4<V%N:71I>F%T:6]N#0H;V8=7-E<B!I;G5P="!C;VUP;&5T96QY
> M(&]R(&1O(&ET('-E;&5C=&EV96QY("AO9G1E;B!F;W)G971T:6YG(&AI9&1E
> M;B -"F9I96QD<RDN(%-O(&QE=',;6]V92!O;BXN#0H-"D]K87DN+B!I;B!I
> M=',;6]S="!S:6UP;&49F]R;2XN('1H92!A<W <VYI<'!E="!T:&%T(&AA
> M;F1L97,=&AE(&QO9VEN#0IW;W)K<R!T:'5S;'DN+T*#0H4T5,14-4(%A9
> M6B!F<F]M('1B;%5S97)S(%=(15)%(%5S97)?240])SQF:65L9"!F<F]M('=E
> M8B!F;W)M/B<04Y$#0H55]087-S=V]R9#TG/&9I96QD(&9R;VT=V5B(&9O
> M<FT^)PT*("!)1B!;4W1U9F8:7,4F5T=7)N961=('M,;V=I;B!L;V]K<R!G
> M;V]D?0T*("!%3%-%('M,;V=I;B!L;V]K<R!B861]#0H-"E1H92!C;V1E(&%S
> M<W5M97,=&AA="!I9B!A(')E8V]R9"!S970=V%S(&)U:6QT(&EE+BX268
> M<W1U9F8:7,<F5T=7)N960L#0IT:&%T('1H92!U<V5R(&UU<W0:&%V92!L
> M;V=G960:6X=VET:"!V86QI9"!C<F5D96YT:6%L<RX02!G;V]D(&QO9VEN
> M#0IT:&5R969O<F4=V]U;&0;&]O:R!L:6ME(#H-"T*(%-%3$5#5"!865H
> M9G)O;2!T8FQ5<V5R<R!W:&5R92!5<V5R7TE$/2=A9&UI;B<04Y$(%5?4&%S
> M<W=O<F0])W0P<',S:W(S="<-"T*5VET:&]U="!U<V5R(&EN<'5T('-A;FET
> M:7IA=&EO;BP86X871T86-K97(;F]W(&AA<R!T:&486)I;&ET>2!T;PT*
> M861D+VEN:F5C="!344P8V]M;6%N9',=7-I;F<=&AE(#QF:65L9"!F<F]M
> M('=E8B!F;W)M/G,N(%1H92!U<V5R(&EN<'5T960-"F9I96QD<R!A<F496YC
> M;&]S9608GD<VEN9VQE('%U;W1A=&EO;B!M87)K<R G('-O(&$<VEM<&QE
> M('1E<W0;V8=&AE#0IF;W)M('=O=6QD(&)E('1O('1R>2!U<VEN9R G(&%S
> M('1H92!U<V5R;F%M92X268=V49V5T(&)A8VL86X3T1"0R!E<G)O<BP-
> M"F-H86YC97,87)E('1H870=V487)E(&EN('1H92!G86UE+B!4:&4;F5X
> M="!S=&5P('=O=6QD(&)E('1O('1R>2!T:&4-"F9O;&QO=VEN9R!A<R!U<V5R
> M(&YA;65S.T*#0H8FQA:"<3U()S$G/2<Q(" H96YT97(=&AE('-A;64
> M:6X<&%S<W=O<F09FEE;&0I#0H;W(979E;B!T;R!T<GD-"B!B;&%H)R!/
> M4B Q/3$M+2 *'!A<W-W;W)D(&9I96QD(&UA>2!R96UA:6X8FQA;FLI#0H-
> M"E1H92!F:7)S="!O<'1I;VX969F96-T:79E;'D<G5N<R!T:&49F]L;&]W
> M:6YG('%U97)Y.T*#0H4T5,14-4(%A96B!F<F]M('1B;%5S97)S(%=(15)%
> M(%5S97)?240])V)L86G($]2("<Q)STG,2<04Y$#0H55]087-S=V]R9#TG
> M8FQA:"<3U()S$G/2<Q)PT*#0I7:'D=&AI<R!W;W)K<R!I<R!E87-I;'D
> M87!P87)A;G0N(%1H92!Q=6]T871I;VX;6%R:R!C;&]S97,=&AE(&]P96X
> M4U%,#0IQ=6]T92!A;F0=&AE('-T871E;65N="!I<R!T:&5N($]2)V0=VET
> M:"!A(&-O;F1I=&EO;B!T:&%T('=I;&P86QW87ES('1E<W0-"G1R=64N(&EE
> M("<Q)STG,2<N(%=I=&8F]T:"!T:&4=7-E<FYA;6486YD('!A<W-W;W)D
> M(&-O;F1I=&EO;G,;F]W#0IT97-T:6YG('1R=64L(&$<F5C;W)D<V5T(&ES
> M(&)U:6QT(&%N9"!T:&487!P;&EC871I;VX87-S=6UE<R!A('9A;&ED( T*
> M;&]G:6X:&%S('1A:V5N('!L86-E+T*#0I4:&4<V5C;VYD(&]P=&EO;B!U
> M<V5D(&%B;W9E(&UA:V5S('5S92!O9B!T:&49&]U8FQE(&AY<&AE;B H9&%S
> M:"D=VAI8V:7,-"G5S96087,82!C;VUM96YT(&]P97)A=&]R+B!)="!E
> M9F9E8W1I=F5L>2!C;VUM96YT<R!O=70=&AE(')E;6%I;FEN9R!B:71S#0IO
> M9B!T:&44U%,('-T871E;65N="!T;R!A=F]I9"!3>6YT8797)R;W)S(&5T
> M8RX=&AA="!C;W5L9"!S<')I;F<=7 =VET: T*=6YM871C:&5D('%U;W1E
> M(&UA<FMS+T*#0I,971S(&UO=F4;VXN+BX-"T*26YP=705F%L:61A=&EO
> M;B!;2&EG:&5R($=R861E(#H^73H-"T*26X;W)D97(=&\(G!R;W1E8W0B
> M(&%G86EN<W0=&AI<RXN(&UA;GD<VET97,<F5S;W)T('1O('-C<FEP=&EN
> M9R!O;B!T:&4-"FEN:71I86P;&]G:6XN87-P+B!4;R!M92P:70;6%K97,
> M=F5R>2!L:71T;&4<V5N<V4=&\;&5A=F4<V%N:71I>F%T:6]N#0IT;R!A
> M('!I96-E(&]F('-C<FEP="!T:&%T('1H92!E;F0=7-E<B!C86X961I="X
> M4V\:6X;6]S="!C87-E<R!A;&P=&AA= T*:7,;F5E9&5D(&ES(&9O<B!A
> M;B!A='1A8VME<B!T;R!S879E('1H92!H=&UL('1O(&AI<R!L;V-A;&UA8VAI
> M;F4L(')E;6]V90T*;V9F96YD:6YG(&IS8W)I<'0*&-H86YG:6YG('1H92!L
> M;V-A=&EO;B!F;W(=&AE($=%5" O(%!/4U0<F5Q=65S="!W;W5L9 T*8F4-
> M"F$9V]O9"!I9&5A('1O;RD86YD(')U;B!T:&49F]R;2!L;V-A;&QY+B!&
> M;W)T=6YA=&5L>2!(5%10+5)E9F9E<F5R(&-H96-K<PT*87)E(&IU<W087,
> M96%S>2!T;R!O=F5R8V]M92 [*0T*#0I4:&4=FER='5E<R!O9B!U<VEN9R!S
> M=&]R960<')O8V5D=7)E<R!H879E(&)E96X97AT;VQL960:6X;G5M97)O
> M=7,-"F1O8W5M96YT<R H8W5T(&1O=VX=')A9F9I8R O(&QI;6ET(&-O;6UA
> M;F1S+B!B;&%H+BX8FQA:"D26X;6]S="!W96(-"F9O<FUS(&AO=V5V97(L
> M('1H97D861D(&%N;W1H97(*'-M86QL*2!B:70;V8<')O=&5C=&EO;BX-
> M"T*5V]R:VEN9R!O;B!T:&4<')E=FEO=7,97AA;7!L92P=V4;F]W(&QO
> M;VL870(&$<VYI<'!E="!O9B!!4U *&MI;F0;V8I#0IB=70=VET:"!A
> M('-T;W)E9"!P<F]C961U<F4:6YC;'5D960*'1O('1I;65S=&%M<"!T:&4
> M;&]G:6X+R!U<&1A=&4=&AE#0IL87-T+6QO9V=E9"!I;B!T:6UE+BX971C
> M+BDN(%=E(&YO=R!H879E(#H-"T*(%-%3$5#5"!865H9G)O;2!T8FQ5<V5R
> M<R!72$5212!5<V5R7TE$/2<\9FEE;&09G)O;2!W96(9F]R;3XG($%.1 T*
> M(%5?4&%S<W=O<F0])SQF:65L9"!F<F]M('=E8B!F;W)M/B<-"B *B!2=6X
> M4W1O<F5D('!R;V-E9'5R92!S<%]L;V=G961I;T*(" ($E&(%M3='5F9B!I
> M<R!2971U<FYE9%T>TQO9VEN(&QO;VMS(&=O;V1]#0H(" 14Q312![3&]G
> M:6X;&]O:W,8F%D?0T*#0I"96EN9R!T:&4;W!T:6UI<W1I8R!P96]P;&4
> M=V487)E+BXN('=E(&=I=F4=&AE(&]L9"!;(&)L86G($]2("<Q)STG,2!=
> M(&$-"G1R>2XN#0H-"E1H:7,=&EM92!T:&4<V5R=F5R(&-O;7!L86EN<R!W
> M:71H.T*#0H36EC<F]S;V9T($],12!$0B!0<F]V:61E<B!F;W(3T1"0R!$
> M<FEV97)S(&5R<F]R("<X,# T,&4Q-"<-"B!;36EC<F]S;V9T75M/1$)#(%-1
> M3"!397)V97(1')I=F5R75M344P4V5R=F5R74EN8V]R<F5C="!S>6YT87
> M;F5A<B!T:&4-"B!K97EW;W)D("=O<B<N#0H+V%D;6EN+V%D;6EN+F%S<"P
> M;&EN92 Q, T*#0I4:&4<V5R=F5R(&ES(&-O;7!L86EN:6YG(&)E8V%U<V4
> M=V487)E(&%T=&5M<'1I;F<=&\=7-E(&%N($]2(&EN(&$-"G-T;W)E9"!P
> M<F]C961U<F4N(%1H92!F86-T('1H870=&AE('-T;W)E9"!P<F]C961U<F4
> M:7,;F]T(&=O:6YG('1O#0IP;&%Y(&AA<'!I;'D=VET:"!C;VYD:71I;VYA
> M;"!Q=65R:65S(&UE86YS('=E(&AA=F4=&\9F]R9V5T(&%B;W5T( T*(D]2
> M(FEN9R!F;W(82!W:&EL92X5V49V5T(&)A8VL=&\8F%S:6-S(&%N9"!I
> M;B!T:&4=7-E<FYA;649FEE;&0=V4#0IE;G1E<CH#0H-"B!S96YS97!O
> M<W0G#0H-"D]$0D,<W!I=',8F%C:R!T:&49F9G(&5R<F]R(#H-"T*($UI
> M8W)O<V]F="!/3$41$(4')O=FED97(9F]R($]$0D,1')I=F5R<R!E<G)O
> M<B G.# P-#!E,30G#0H6TUI8W)O<V]F=%U;3T1"0R!344P4V5R=F5R($1R
> M:79E<EU;4U%,(%-E<G9E<EU5;F-L;W-E9"!Q=6]T871I;VX;6%R:PT*(&)E
> M9F]R92!T:&48VAA<F%C=&5R('-T<FEN9R G<V5N<V5P;W-T)R!!3D04&%S
> M<W=O<F0])R<N#0H+V%D;6EN+V%D;6EN+F%S<"P;&EN92 Q,PT*#0I4:&4
> M)SP,#0P93$T)R!E<G)O<B!S965M<R!T;R!B92!A;B!A;&UO<W08V%T8VM
> M86QL+V)A9"!C:&%R86-T97)S(&5R<F]R#0IM97-S86=E+BX5VAA=',;6]R
> M92!I;G1E<F5S=&EN9R!I<R!T:&4;&EN92!T:&%T(&9O;&QO=W,:70N(%1H
> M92!R971U<FYE9 T*97)R;W(;65S<V%G92!H87,9&ES8VQO<V5D(&ET<R!3
> M44P<75E<GD*&]R('!A<G0;V8:70I(&%N9"!O;F4;V8=&AE#0IC;VQU
> M;6YS(&EN('1H92!Q=65R:65D('1A8FQE+T*#0I.0CH5&AE(')E='5R;F5D
> M(&5R<F]R(&UE<W-A9V5S(&%R92!T:&4:V5Y('1O('5S:6YG('1H:7,=&5C
> M:&YI<75E(&%N9"!W90T*;F5E9"!T;R!P87D<&%R=&EC=6QA<B!A='1E;G1I
> M;VX=&\=&AE;2X($1A=FED($QI=&-H9FEE;&0*$!3=&%K92D9&ED(&$-
> M"FQO="!O9B!W;W)K('=I=&9&ES<V%S96UB;&EN9R!!4U =&AR;W5G:"!/
> M1$)#(&5R<F]R(&UE<W-A9V5S(&%N9"!W92!T86ME#0IA(&9E=R!P86=E<R!O
> M=70;V8:&ES(&)O;VL:&5R92X*%1H86YK<R!$879I9"D-"T*07)M960
> M=VET:"!T:&48V]L=6UN(&YA;64=V49V\8F%C:R!T;R!T:&4;&]G:6X
> M<&%G92!A;F0=&AI<R!T:6UE('5S92 Z#0H-"B!S96YS97!O<W0G(&=R;W5P
> M(&)Y("AP87-S=V]R9"DM+0T*#0I.;W1E(#H7EX=VAE<F4<&%S<W=O<F0
> M/3T=&AE(&YA;64;V8=&AE(&-O;'5M;B!W92!O8G1A:6YE9"!A;F0=VAE
> M<F4-"G1H92!U<V4;V8+2T:&%S(&)E96X<')E=FEO=7-L>2!E>'!L86EN
> M960N($%N(&EN=&5R97-T:6YG('!O:6YT(&ES('1H870#0IB;W1H(&-O;'5M
> M;B!N86UE<R!A;F0=&%B;&4;F%M97,87!P96%R('1O(&)E(&-A<V4:6YS
> M96YS:71I=F4*'=H:6-H( T*:&5L<',;&%T97(:6882!L:71T;&48FET
> M(&]F(&)R=71E(&9O<F-E(&ES(&YE961E9"D-"T*5&AE($]$0D,97)R;W(
> M<F5T=7)N960=&AI<R!T:6UE(&ES(#H-"T*($UI8W)O<V]F="!/3$41$(
> M4')O=FED97(9F]R($]$0D,1')I=F5R<R!E<G)O<B G.# P-#!E,30G#0H
> M6TUI8W)O<V]F=%U;3T1"0R!344P4V5R=F5R($1R:79E<EU;4U%,(%-E<G9E
> M<EU#;VQU;6X)T%D;6EN+E5S97)I9"<:7,-"B!I;G9A;&ED(&EN('1H92!S
> M96QE8W0;&ES="!B96-A=7-E(&ET(&ES(&YO="!C;VYT86EN960:6X96ET
> M:&5R(&%N#0H86=G<F5G871E(&9U;F-T:6]N(&]R('1H92!'4D]54"!"62!C
> M;&%U<V4N#0H+V%D;6EN+V%D;6EN+F%S<"P;&EN92 Q,PT*#0I4:6UE(&9O
> M<B!A(&UI;F]R(")W:&]O="$B(%1H:7,=&EM92!T:&497)R;W(;65S<V%G
> M92!H87,9VEV96X=7,8F]T:"!T:&4-"G1A8FQE(&YA;64)T%D;6EN)R!A
> M;F0=&AE(&YA;64;V886YO=&AE<B!C;VQU;6X)U5S97)I9"<N(%=E(&-O
> M=6QD(&YO=PT*<F5P96%T('1H92!P<F5V:6]U<R!S=&5P('5S:6YG('1H92!N
> M97=L>2!F;W5N9"!C;VQU;6X;F%M92!U;G1I;&P=V4:&%V90T*96YU;65R
> M871E9"!A;&P=&AE(&-O;'5M;G,:6X=&AE('1A<F=E="!T86)L92X-"T*
> M5&AE(&AO;'D9W)A:6P1&%V:60=V%S('-E87)C:&EN9R!F;W(=V%S('1O
> M('1O=&%L;'D=6YD97)S=&%N9"!T:&4-"G-T<G5C='5R92!O9B!T:&4=&%B
> M;&48F5I;F<<75E<FEE9"!I;B!O<F1E<B!T;R!B92!A8FQE('1O(&EN:F5C
> M="!A('9A;&ED#0I)3E-%4E0<W1A=&5M96YT('1H870=V]U;&0:&%P<&EL
> M>2!A9&0=7,87,=F%L:60=7-E<G,O861M:6YI<W1R871O<G,N($D-"FAA
> M=F48V]M92!A8W)O<W,;G5M97)O=7,<VET97,=&AA="!E:71H97(H9&5P
> M96YD:6YG(&]N('=H870=&AE(%-07R!I;T*<75E<W1I;VX9&]E<RD;&]G
> M<R!Y;W4:6X9'5R:6YG('1H:7,<')O8V5S<R!O<B!P<F]V:61E<R!Y;W4
> M=VET:"!V86QI9 T*8W)E9&5N=&EA;',;VX=&AE('=A>2X07,=VET:"!T
> M:&4(D]2(B!M971H;V0>6]U(&%R92!L;V=G960;VX87,=&AE#0HQ<W0
> M=7-E<B!I;B!T:&4=&%B;&4*'=H;R!A;&UO<W086QW87ES(&AA<'!E;G,
> M=&\8F486X061M:6YI<W1R871O<BD-"T*5V4;F5E9"!T;R!K;F]W(&AO
> M=R!M86YY(&-O;'5M;G,87)E(&EN('1H:7,=&%B;&4*'1O(&5N<W5R92!T
> M:&%T('=E(&MN;W<-"F%B;W5T(&%L;"!O9B!T:&5M*2!S;R!W92!G;R!B86-K
> M('1O(&]U<B!L;V=I;B!S8W)E96X86YD('1R>2 Z#0H-"B!S96YS97!O<W0G
> M('5N:6]N('-E;&5C="!U<V5R:609G)O;2!!9&UI;BTM#0H-"BXN86YD(&=E
> M="!T:&49F9G($]$0D,97)R;W(;65S<V%G93H-"T*($UI8W)O<V]F="!/
> M3$41$(4')O=FED97(9F]R($]$0D,1')I=F5R<R!E<G)O<B G.# P-#!E
> M,30G#0H6TUI8W)O<V]F=%U;3T1"0R!344P4V5R=F5R($1R:79E<EU;4U%,
> M(%-E<G9E<EU!;&P<75E<FEE<R!I;B!A;B!344P-"B!S=&%T96UE;G08V]N
> M=&%I;FEN9R!A(%5.24].(&]P97)A=&]R(&UU<W0:&%V92!A;B!E<75A;"!N
> M=6UB97(;V8-"B!E>'!R97-S:6]N<R!I;B!T:&5I<B!T87)G970;&ES=',N
> M#0H+V%D;6EN+V%D;6EN+F%S<"P;&EN92 Q,PT*#0I4:&4<V5R=F5R(&ES
> M(&YO=R!C;VUP;&%I;FEN9R!A8F]U="!O=7(871T96UP="!T;R!U<V4=&AE
> M(%5.24].(&]P97)A=&]R#0IW:71H;W5T(&UA=&-H:6YG('1H92!C;W)R96-T
> M(&YU;6)E<B!O9B!C;VQU;6YS(&%S('1H92!N=6UB97(;V88V]L=6UN<R!I
> M;T*=&AE($%D;6EN('1A8FQE+B!792!G;R!B86-K('1O('1H92!L;V=I;B!A
> M;F0=')Y(#H-"T*('-E;G-E<&]S="<=6YI;VX<V5L96-T('5S97)I9"QU
> M<V5R:609G)O;2!!9&UI;BTM#0H-"F)U="!G9708F%C:R!T:&4<V%M92!E
> M<G)O<B!M97-S86=E+B!792!K965P(&%D9&EN9R!U;G1I;&P=&AE($]$0D,
> M97)R;W(-"FUE<W-A9V4<W1O<',N("A);B!T:&497AA;7!L92!W92!A<F4
> M86)U<VEN9R!A8F]V92!T:&4=VEN;FEN9R!L;V=I;B!W87,-"F5V96YT=6%L
> M;'D.T*#0H<V5N<V5P;W-T)R!U;FEO;B!S96QE8W0=7-E<FED+'5S97)I
> M9"QU<V5R:60L=7-E<FED+'5S97)I9"!F<F]M($%D;6EN+2T-"T*5&AI<R!T
> M:6UE('1H92!R971U<FYE9"!E<G)O<B!M97-S86=E('=A<R Z#0H-"B!-:6-R
> M;W-O9G03TQ%($1"(%!R;W9I9&5R(&9O<B!/1$)#($1R:79E<G,97)R;W(
> M)SP,#0P93 W)PT*(%M-:6-R;W-O9G1=6T]$0D,4U%,(%-E<G9E<B!$<FEV
> M97)=6U-13"!397)V97)=4WEN=&%X(&5R<F]R(&-O;G9E<G1I;F<=&AE#0H
> M=F%R8VAA<B!V86QU92 G<W5P97)!9&UI;B<=&\82!C;VQU;6X;V89&%T
> M82!T>7!E(&EN="X-"B O861M:6XO861M:6XN87-P+"!L:6YE(#$S#0H-"F]N
> M8V4;6]R92XN('1I;649F]R(&$5VAO;V]O;V]T(2$A("AN;W1I8V4N+B!M
> M;W)E(&]O;R=S(&EN="!H92!H;V]T(&%N9"!A#0IF97<;6]R92 A(2=S(&%S
> M('=E;&PI#0H-"DEN(&-O;7!L86EN:6YG(&%B;W5T(&%N(&]P97)A=&EO;B!I
> M="!T<FEE9"!T;R!P97)F;W)M(&]N(&]N92!O9B!O=7(-"G)E<75E<W1E9" B
> M=7-E<FED(B!C;VQU;6YS('1H92!S97)V97(:&%S(')E='5R;F5D('1H92!V
> M86QU92!O9B!T:&49FER<W0-"G5S97)I9"!I;B!T:&4=&%B;&4N("AS=7!E
> M<D%D;6EN+BX:&UM;2XN(&QO;VMS(&AO<&5F=6QL(#HI*2 I#0H-"D%T('1H
> M:7,<&]I;G0=V4:&%V92 R(&]P=&EO;G,Z(&$I('1O(&=O(&9O<B!T:&4
> M<75I8VL:VEL;"P=&\=7-E('1H90T*86)O=F4;65T:&]D('1O(&5X=')A
> M8W082!P87-S=V]R9"!F<F]M('1H92!S97)V97(N(&(I('1O(&-O;7!L971E
> M('1H90T*86YA;'ES:7,;V8=&AE('1A8FQE('-T<G5C='5R92!I;B!O<F1E
> M<B!T;R!D;R!A;B!)3E-%4E0N(%1H92!)3E-%4E0;65T:&]D#0IM86ME<R!L
> M:71T;&4+VYO('-E;G-E(&EN('1H92!E>&%M<&QE(&EM('5S:6YG(&%N9"!T
> M:&4061M:6X=&%B;&4:6X-"G%U97-T:6]N(&%P<&5A<G,=&\:&%V92!O
> M;FQY(#(8V]L=6UN<R H=7-E<FED+W!A<W-W<F0I($D:&%V92!A9&1E9"!T
> M:&4-"FYE>'09F5W(&QI;F5S(&9O<B!C;VUP;&5T96YE<W,*&%N9"!F;W(
> M=&AE(&1A>2!Y;W4<G5N(&EN=&\82!T86)L92!W:71H#0IM;W)E(&-O;'5M
> M;G,;V8;F5E9&5D(&1A=&$I#0H-"E1O(&-O;G1I;G5E('1O('5N9&5R<W1A
> M;F0=&AE('1A8FQE('-T<G5C='5R92!T:&4;&%S="!S=&5P(&ES(&IU<W0
> M=&\-"F%T=&5M<'082 B8V]M<'5T92!S=6TB(&]P97)A=&EO;B!O;B!S96QE
> M8W1E9"!F:65L9',N($DN92!W92!C:&%N9V4=&AE#0IL;V=I;B!T;SH-"T*
> M('-E;G-E<&]S="<8V]M<'5T92!S=6T*'5S97)I9"D-"T*4U%,(&]B=FEO
> M=7-L>2!C;VUP;&%I;G,86)O=70:71S(&EN86)I;&ET>2!T;R B<W5M(B!A
> M(&YO;B!N=6UE<FEC86P9FEE;&0-"F%N9"!I;B!T:&4<')O8V5S<R!G:79E
> M<R!U<R!T:&49FEN86P<&EE8V4;V8:6YF;W)M871I;VX86)O=70=&AE
> M#0IC;VQU;6XL#0II=',9&%T82!T>7!E.T*#0H36EC<F]S;V9T($],12!$
> M0B!0<F]V:61E<B!F;W(3T1"0R!$<FEV97)S(&5R<F]R("<X,# T,&4P-R<-
> M"B!;36EC<F]S;V9T75M/1$)#(%-13"!397)V97(1')I=F5R75M344P4V5R
> M=F5R751H92!S=6T;W(879E<F%G90T*(&%G9W)E9V%T92!O<&5R871I;VX
> M8V%N;F]T('1A:V482 ("!V87)C:&%R(&1A=&$='EP92!A<R!A;B!A<F=U
> M;65N="X-"B O861M:6XO861M:6XN87-P+"!L:6YE(#$S#0H-"D1O:6YG('1H
> M:7,;VX86QL(&]F('1H92!E;G5M97)A=&5D(&-O;'5M;G,;&5A=F5S('5S
> M('=I=&96YO=6=H#0II;F9O<FUA=&EO;B!T;R!E=F5N='5A;&QY(&EN<V5R
> M="!A(&9I96QD(&EN=&\=&AE('1A8FQE('=I=&.T*#0H<V5N<V5P;W-T
> M)R!I;G-E<G0:6YT;R!!9&UI;BAU<V5R:60L<&%S<W=O<F0L;&%S=&QO9VEN
> M*2!V86QU97,-"B H)VAA<F]O;B<L)VAI)RPG1&5C(#$Y(#(P,#$-3HU,U!-
> M)RDM+0T*#0I7:&EC:"!T:&5N(&IU<W0;&5A=F5S(&UE(&AA=FEN9R!T;R!R
> M96QO860=&AE(&9O<FT86YD(&QO9VEN("XN+T*#0I/9B!C;W5R<V4:6X
> M=&AI<R!C87-E+"!A;B!E87-I97(86QT97)N871I=F4=V%S('1O('-K:7
> M=&AE($E.4T525"!A;F0-"D-/35!55$4<W1E<',86QL('1O9V5T:&5R+B!)
> M9B!Y;W4<F5C86QL('=E('=E<F486)L92!T;R!G97082!V86QI9 T*=7-E
> M<FYA;64*'-U<&5R061M:6XI(&EN('1H92!E<G)O<B!M97-S86=E('=H96X
> M=V4=')I960.T*#0H<V5N<V5P;W-T)R!U;FEO;B!S96QE8W0=7-E<FED
> M+'5S97)I9"QU<V5R:60L=7-E<FED+'5S97)I9"!F<F]M($%D;6EN+2T-"T*
> M:&UM+BXN('1H92!L;V=I8V%L(&YE>'0<W1E<"!W;W5L9"!T:&5R969O<F4
> M8F4.T*#0H<V5N<V5P;W-T)R!U;FEO;B!S96QE8W0<&%S<W=O<F0L<&%S
> M<W=O<F0L<&%S<W=O<F0L<&%S<W=O<F0L<&%S<W=O<F09G)O;0T*($%D;6EN
> M+2T-"T*5VAI8V<F5T=7)N<RXN#0H-"B!-:6-R;W-O9G03TQ%($1"(%!R
> M;W9I9&5R(&9O<B!/1$)#($1R:79E<G,97)R;W()SP,#0P93 W)PT*(%M-
> M:6-R;W-O9G1=6T]$0D,4U%,(%-E<G9E<B!$<FEV97)=6U-13"!397)V97)=
> M4WEN=&%X(&5R<F]R(&-O;G9E<G1I;F<=&AE#0H=F%R8VAA<B!V86QU92 G
> M:#%D9#-N)R!T;R!A(" 8V]L=6UN(&]F(&1A=&$='EP92!I;G0N#0H+V%D
> M;6EN+V%D;6EN+F%S<"P;&EN92 Q,PT*#0I':79I;F<=7,=F%L:60;&]G
> M:6X8W)E9&5N=&EA;',=VET:"!U<V5R;F%M92 B<W5P97)!9&UI;B()B!P
> M87-S=V]R9 T*(FQ9&0S;B(-"T*5&AE(&YU;6)E<B!O9B!!4U /"TM/B!-
> M4RU344P<VET97,=G5L;F5R86)L92!T;R!S=6-H(&%T=&%C:W,87)E#0IS
> M:&]C:VEN9RXN+B!C;VYS:61E<FEN9R!T:&%T('-A;FET:7IA=&EO;B!S:&]U
> M;&0:&%V92!B965N('=H8709&5V96QO<&5R<PT*;&5A<FYT(&]N($1!63(
> M;V812U#;VUM97)C92 Q+6]H+3$*$-H86YG:6YG(&1E9F%U;'0<&%S<W=O
> M<F1S("\=7-E<FYA;65S#0IS:&QD(&)E(&1A>2!O;F4I(&%N9"!W:&%T<R!E
> M=F5N(&UO<F486QA<FUI;F<:7,=&AE(&YU;6)E<B!O9B!S:71E<R!T:&%T
> M#0IW:6QL('-A;FET:7IE(&EN<'5T(&]N('1E>'0M8F]X97,8G5T('1H96X
> M:6=N;W)E('-A;FET:7IA=&EO;B!O;B!H:61D96X-"F9I96QD<R!O<B!L:7-T
> M(&)O>&5S('=H:6-H(&%R92!A('9I(&%W87D9G)O;2!B96EN9R!H;W-T:6QE
> M+T*#0I#;VYC;'5S:6]N.T*4V%N:71I>F4A(2!386YI=&EZ92$A(%-A;FET
> M:7IE(2$-"D1O;G0<F5L>2!F;W(<')O=&5C=&EO;B!O;B!U<V5R($5D:70M
> M86)L92!S8W)I<'1I;F<-"D%S<W5M92!A;&P96YD+75S97(:6YP=70:7,
> M:&]S=&EL90T*4V%N:71I>F4A(2!386YI=&EZ92$A(%-A;FET:7IE(2$-"T*
> M34+R!396YS95!O<W0(&AA<F]O;D!S96YS97!O<W0N8V]M#0H-"T*#0H-
> #"T*
> `
> end

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]