Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Web Security - The Basics

Inndy
October 07, 2016
Technology
0
520

Web Security - The Basics

2016/Computer Security at National Taiwan University of Science and Technology (NTUST)

Inndy

October 07, 2016
Tweet

More Decks by Inndy

See All by Inndy
工程師一定要懂的 Text Encoding
inndy
0
240
資訊安全:麻瓜的黑魔法防禦術
inndy
3
2.5k
HackmeCTF 平台背後的心酸血淚史
inndy
2
660
COSCUP 2018 Lightning Talk - 審稿好難,所以我們來寫程式吧
inndy
0
300
逆向工程:從入門到放棄
inndy
7
3.2k
HITCON 2017 Zeroday 發表會
inndy
0
1.2k
No More Crypto Fails
inndy
33
6.8k
你再共用密碼啊
inndy
1
630
CTF From Zero To One
inndy
5
4.1k

Other Decks in Technology

See All in Technology
NGINXENG JP#2 - 3-NGINX Plus・プロダクトのアップデート
hiropo20
0
220
立ち止まっても、寄り道しても / even if I stop, even if I take a detour
katoaz
0
410
Oracle Transaction Manager for Microservices Free 22.3 製品概要
oracle4engineer
PRO
5
100
cdk deployに必要な権限ってなんだ?
kinyok
0
160
創業1年目のスタートアップでAWSコストを抑えるために取り組んでいること / How to Keep AWS Costs Down at a Startup
yuj1osm
3
2.1k
Pentesting Password Reset Functionality
anugrahsr
0
440
ML PM, DS PMってどんな仕事をしているの?
line_developers
PRO
1
230
ChatGPT for Hacking
anugrahsr
0
4.3k
Deep Neural Networkの共同学習
hf149
0
140
マイクロサービス宣言から8年 振り返りとこれから / Eight Years After the Microservices Declaration A Look Back and A Look Ahead
eisuke
2
150
02_プロトタイピングの進め方
kouzoukaikaku
0
350
MarvelClient Upgrade 64bit クライアントへの自動アップグレード設定
mitsuru_katoh
0
120

Featured

See All Featured
From Idea to $5000 a Month in 5 Months
shpigford
374
44k
Optimizing for Happiness
mojombo
365
64k
Documentation Writing (for coders)
carmenintech
51
2.9k
4 Signs Your Business is Dying
shpigford
171
20k
Become a Pro
speakerdeck
PRO
6
3.2k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
17k
Support Driven Design
roundedbygravity
88
8.9k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.5k
Building a Scalable Design System with Sketch
lauravandoore
451
31k
Navigating Team Friction
lara
177
12k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
128
8.8k
Building Your Own Lightsaber
phodgson
96
4.9k

Transcript

  1. $PNQVUFS4FDVSJUZBU/5645 *OOEZJOOEZUX!HNBJMDPN 8FC4FDVSJUZ5IF#BTJDT

  2. 4PVSDFDPEFPGIUUQTWVMTFDVSJUZOUVTUJTBWBJMBCMFBU IUUQTHJUIVCDPNJOOEZXFCTFD

  3. XIPBNJ ˙ *OOEZ加啄 ˙ 1MBZ$5' ˙ 3FWFSTF&OHJOFFSJOH ˙ (BNF)BDLJOH ˙

    JOOEZUX!HNBJMDPN

  4. 0VUMJOF ˙ *OUFSOFUBOE/FUXPSL ˙ 'SPOUFOE#BDLFOE ˙ )551 ˙ $PNNPO)551)FBEFST ˙

    $PPLJF ˙ &ODPEJOH ˙ 44-5-4 ˙ 08"415PQ

  5. *OUFSOFUBOE/FUXPSL

  6. *OUFSOFUBOE/FUXPSL   1PSUPG,BPITJVOH

  7. *OUFSOFUBOE/FUXPSL  XXXOUVTUFEVUX

  8. *OUFSOFUBOE/FUXPSL '51  44)  5FMOFU 155  )551 

    )5514  .Z42-  3%1  7/$  3FEJT 

  9. 8FC"SDIJUFDUVSF

  10. 4FSWFS $MJFOU Ճ)551PWFS*OUFSOFUՃ

  11. #BDLFOE 'SPOUFOE Ճ)551PWFS*OUFSOFUՃ

  12. OHJOYBQBDIFMJHIUUQE 1)1QZUIPOSVCZ )5.-$44 +BWB4DSJQU Ճ)551PWFS*OUFSOFUՃ

  13. 8FC'SPOUFOE

  14. )5.-

  15. )5.- $44

  16. )5.- $44 +BWB4DSJQU

  17. 8FC#BDLFOE

  18. )5513FRVFTU

  19. 8IBUIBQQFOFEBGUFS&OUFS  $MJFOU ˙ %/4MPPLVQ *GOFFEFE  ˙ $SFBUF5$1DPOOFDUJPO ˙

    44-IBOETIBLF *GOFFEFE  ˙ $PNQPTFBOETFOE)551SFRVFTU

  20. 8IBUIBQQFOFEBGUFS&OUFS  4FSWFS ˙ "DDFQU5$1DPOOFDUJPO ˙ 1BSTFSFRVFTUIFBEFST ˙ $IFDLSPVUFSVMFT ˙

    'JMFPS3FWFSTFQSPYZ

  21. 8IBUIBQQFOFEBGUFS&OUFS  'JMFCBTFE ˙ $IFDLJGMFFYJTUT  ˙ *GOPU SFTQPOTFXJUIFSSPS ˙

    *TJUBTUBUJDMF  ˙ *GTP TFOEJUUPDMJFOU ˙ 0UIFSXJTF DBMMSFTQPOEJOHQSPDFTTPS ˙ .BZCFBDHJ QIQ QFSMTDSJQU ˙ 4FOESFTQPOTFUPDMJFOU

  22. 8IBUIBQQFOFEBGUFS&OUFS  4PGUXBSFSVMFT ˙ 1BSTFSFRVFTUGSPN)551TFSWFS ˙ 3PVUF ˙ %JTQBUDIDPOUSPMMFS ˙

    1SPDFTTSFRVFTUBOE3FOEFSSFTQPOTFEBUB ˙ 4FOEJUCBDLUP)551TFSWFS ˙ 4FSWFSTFOESFTQPOTFEBUBUPDMJFOU

  23. 8IBUIBQQFOFEBGUFS&OUFS  $MJFOU ˙ (PUSFTQPOTFEBUB .BZCFB)5.-EPDVNFOU  ˙ 1BSTF)5.-BOE%PXOMPBESFMBUFEBTTFUT ˙

    $44 *NBHF +BWB4DSJQU 'MBTI PS0UIFSNFEJBDPOUFOU ˙ 3FOEFSFOHJOFTUBSUXPSLJOHXJUI$44BOE)5.- ˙ 8FCLJU (FDLP #MJOL 5SJEFOU &EHF)5.- ˙ +BWB4DSJQUFOHJOFSVOUIFTDSJQUT ˙ 7 4QJEFS.POLFZ $BSBLBO $IBLSB 3IJOP

  24. )551

  25. )5513FRVFTU$PNQPTJUJPO POST /sqlinj/ HTTP/1.1<CRLF> Host: vul.security.ntu.st<CRLF> Content-Length: 45<CRLF> Content-Type: application/x-www-form-urlencoded<CRLF>

    <CRLF> title=title+text&msg=This+is+message+content. .FUIPE 1BUI 1SPUPDPM7FSTJPO "\r\n"JO$

  26. )5513FRVFTU$PNQPTJUJPO POST /sqlinj/ HTTP/1.1<CRLF> Host: vul.security.ntu.st<CRLF> Content-Length: 45<CRLF> Content-Type: application/x-www-form-urlencoded<CRLF>

    <CRLF> title=title+text&msg=This+is+message+content. 3FRVFTU)FBEFST 3FRVFTU#PEZ .BZCFCJOBSZEBUB

  27. )5513FTQPOTF$PNQPTJUJPO HTTP/1.1 200 OK<CRLF> Server: nginx<CRLF> Date: Thu, 06 Oct

    2016 15:03:36 GMT<CRLF> Content-Type: text/html; charset=UTF-8<CRLF> Content-Length: 1973<CRLF> Connection: keep-alive<CRLF> <CRLF> <!DOCTYPE html>..... )5517FSTJPO 3FTQPOTF4UBUVT

  28. )5513FTQPOTF$PNQPTJUJPO HTTP/1.1 200 OK<CRLF> Server: nginx<CRLF> Date: Thu, 06 Oct

    2016 15:03:36 GMT<CRLF> Content-Type: text/html; charset=UTF-8<CRLF> Content-Length: 1973<CRLF> Connection: keep-alive<CRLF> <CRLF> <!DOCTYPE html>..... (1973 bytes) 3FTQPOTF)FBEFST 3FTQPOTF#PEZ .BZCFCJOBSZEBUB

  29. -FUTUSZOD $ nc www.ntust.edu.tw 80 GET / HTTP/1.1 Host: www.ntust.edu.tw

    <Enter> <Enter>

  30. )5514UBUVT$PEF ˙ 99 ˙ *UTOF ˙ 99 ˙ 3FEJSFDUJPO ˙

    99 ˙ *UTZPVSGBVMU ˙ 99 ˙ *UTNZGBVMU

  31. )5514UBUVT$PEF ˙ 0, ˙ *UTBMMHPPE ˙ /P$POUFOU ˙ 3FRVFTUJTOFCVU*IBWFOPUIJOHUPUBML ˙

    1BSJUBM$POUFOU ˙ *IBWFQBSUPGEBUBGPSZPV

  32. )5514UBUVT$PEF ˙ .PWFE1FSNBOFOUMZ ˙ 'PVOE ˙ 7FSZDPNNPOGPSSFEJSFDUJPO ˙ /PU.PEJFE ˙

    $BDIFJTOF ˙ 5FNQPSBSZ3FEJSFDU

  33. )5514UBUVT$PEF ˙ #BE3FRVFTU ˙ :PVKVTUHBWFNFXSPOHUIJOHT ˙ 6OBVUIPSJ[FE ˙ 'PSCJEEFO ˙

    :PVBSFOPUBMMPXFEIFSF ˙ /PU'PVOE ˙ .FUIPE/PU"MMPXFE ˙ *NBUFBQPU ˙ 6OBWBJMBCMF'PS-FHBM3FBTPOT

  34. )5514UBUVT$PEF ˙ *OUFSOBM4FSWFS&SSPS ˙ &YDFQUJPOSBJTFEJOZPVSDPEF ˙ #BE(BUFXBZ ˙ 6QTUSFBNPGSFWFSTFQSPYZJTEFBE ˙

    4FSWJDF6OBWBJMBCMF ˙ .BJOUFOBODFNPEF  ˙ (BUFXBZ5JNFPVU ˙ 6QTUSFBNPGSFWFSTFQSPYZUJNFPVU

  35. 8IBUTUIFEJFSFODF

  36. )551.FUIPE (&5 1045 165 1"5$) %&-&5& 015*0/4 )&"% $0//&$5 53"$&

    $034 "QBDIFEFCVHQVSQPTF )551QSPYZ /PSFTQPOTFCPEZ

  37. )551.FUIPE ˙ (&5 ˙ %PXOMPBETPNFUIJOHGSPNXFCTJUF ˙ 1045 ˙ 4FOETPNFUIJOHUPXFCTJUF ˙

    )&"% ˙ +VTUHJWFNFSFTQPOTFIFBEFST CVU*EPOUXBOUCPEZ ˙ 53"$& ˙ "QBDIFXJMMSFUVSOXIPMFSFRVFTUBTQMBJOUFYUUPZPV ˙ $0//&$5 ˙ 4QFDJBMNFUIPEGPSQSPYZUPEFBMXJUI)5514SFRVFTU

  38. )551.FUIPE 3&45GVM"1* ˙ (&5 ˙ (FUMJTUBSFTPVSDF ˙ 1045 ˙ $SFBUFBOFXSFTPVSDF

    ˙ 165 ˙ 3FQMBDFBOFYJTUFESFTPVSDF ˙ 1"5$) ˙ 1BSUJBMVQEBUFBOFYJTUFESFTPVSDF ˙ %&-&5& ˙ %FMFUFBOFYJTUFESFTPVSDF

  39. $PNNPO3FRVFTU)FBEFST&TTFOUJBM ˙ )PTUOUVTU ˙ 3FRVJSFE ˙ :PVDBOIBWFNVMUJQMFXFCTJUFPOPOF*1IPTU

  40. $PNNPO3FRVFTU)FBEFST$PNNPO ˙ "DDFQUUFYUIUNMUFYUQMBJO ˙ 8IJDIUZQFPGDPOUFOUEPFTDMJFOUBDDFQU  ˙ "DDFQU&ODPEJOH H[JQ]EFBUF]TEDI]C[JQ]Y[ 

    ˙ )PXUPDPNQSFTTEBUB ˙ "DDFQU-BOHVBHF[IUXFO ˙ 8IBUMBOHVBHFEPZPVQSFGFS  ˙ "MPUPGXFCTJUFDPOTJEFS[IUXBT[I

  41. $PNNPO3FRVFTU)FBEFST$PNNPO ˙ 3FGFSFS63- ˙ 8IFSFEJEZPVGSPN  ˙ 8FCQBHFBDPNCIUNMIBWF<img src="b.com/a.jpg"> ˙

    3FRVFTUUPCDPNBKQHDPOUBJOTIFBEFS • Referer: http://a.com/b.html ˙ 1SJWBDZJTTVF ˙ KNQESPQCPYSFGFSFSWVM

  42. $PNNPO3FRVFTU)FBEFST$PNNPO ˙ 6TFS"HFOU.P[JMMB .BDJOUPTI*OUFM.BD049SW  (FDLP'JSFGPY ˙ *UUFMMTTFSWFSXIJDICSPXTFS041MBUGPSNBSFZPVVTJOH ˙ 3FEJSFDUHPHPPHMFDPNDISPNFJG*&EFUFDUFE

    ˙ 5FMMTTFSWFSXIJDIFYQMPJUQBZMPBEUPTFOE ˙ #BEGPSQSJWBDZ UPP

  43. $PNNPO3FRVFTU)FBEFST"VUIFOUJDBUJPO ˙ "VUIFOUJDBUJPO #BTJD]#FBSFS "65)@50,&/ ˙ "VUIUPLFOJTVTVBMMZCBTFTUSJOH ˙ CBTF 64&3/".&1"44803%

    GPS)551 CBTJDBVUIFOUJDBUJPO ˙ 0"VUIVTFT#FBSFS

  44. $PNNPO3FRVFTU)FBEFST$POOFDUJPO ˙ $POOFDUJPOLFFQBMJWF ˙ 5$1IBOETIBLFJTFYQFOTJWF TPXFXBOUUPSFVTFFYJTUFEDPOOFDUJPO ˙ "TLTFSWFSOPUUPTIVUEPXO5$1DPOOFDUJPOBGUFSUIJTSFTQPOTF ˙ 4VQQPSUFETJODF)551

    ˙ 3FTQPOTFIFBEFSTXJMMDPOUBJOTBNFIFBEFSJGTFSWFSTVQQPSUTJU ˙ *UTVTFGVMBOEJNQPSUBOUUPFYQMPJUTPNFCVH FY"4-3QSPUFDUJPO

  45. $PNNPO3FRVFTU)FBEFST3FRVFTU#PEZ ˙ $POUFOU-FOHUI ˙ *UNFBOTXFIBWFCZUFTPGCPEZDPOUFOUBGUFSSFRVFTUIFBEFST ˙ $POUFOU5ZQF.*.& • application/x-www-form-urlencoded ˙

    /PSNBMGPSNQPTU • multipart/form-data; boundary=$RANDOM_STRING ˙ 4UBOEBSEMFVQMPBEUBLFTUIJT ˙ UZQJDBMCPVOEBSZGPSXFCLJU----WebKitFormBoundaryo3CVe... ˙ application/jsonGPS8FC"1*

  46. $PNNPO3FRVFTU)FBEFST.JTD ˙ %/5 ˙ %P/PU5SBDL ˙ 93FRVFTUFE8JUI9.-)UUQ3FRVFTU ˙ 'PS"+"9SFRVFTUT ˙

    3BOHFCZUFT ˙ 3FRVFTUQBSUJBMDPOUFOU %PZPVLOPX'MBTI(FU  ˙ .VMUJUISFBEFEMFEPXOMPBE ˙ 9'PSXBSEFE'PS ˙ 1SPYZNBZBEEUIJTIFBEFSXIJMFGPSXBSEJOHSFRVFTUUPUBSHFUTFSWFS

  47. $PNNPO3FTQPOTF)FBEFST3FTQPOTF#PEZ ˙ $POUFOU-FOHUI ˙ 5IJT)551SFTQPOTFIBTCZUFTPGCPEZDPOUFOU ˙ $POUFOU&ODPEJOH H[JQ]EFBUF]TEDI]C[JQ]Y[  ˙

    *OEJDBUFXIBUDPNQSFTTJPONFUIPEXBTVTFEXJUISFTQPOTFEBUB ˙ $POUFOU5ZQF.*.& ˙ text/html; charset=utf-8JTWFSZDPNNPOJONPEFSOXFCQBHFT ˙ &5BH)"4) ˙ )BTIWBMVFGPSDBDIFEBUB

  48. $PNNPO3FTQPOTF)FBEFST3FEJSFDU ˙ -PDBUJPOIUUQTHPPHMFDPN ˙ 3FEJSFDUJNNFEJBUFMZ ˙ 3FGSFTIVSMIUUQTTFDVSJUZOUVTU ˙ 3FEJSFDUCVUEFMBZGPSTFDPOET VTFGVMUPTIPXTPNFNFTTBHF

  49. $PNNPO3FTQPOTF)FBEFST.JTD ˙ 4FSWFSOHJOY ˙ )BDLFSTXJMMCFIBQQZUPLOPXXIJDI)551TFSWFSZPVBSFVTJOH ˙ 91PXFSFE#Z1)1 ˙ )BDLFSTXJMMCFIBQQZUPLOPXXIBUMBOHVBHFZPVBSFVTJOH UPP

    ˙ %BUF5IV 0DU(.5 ˙ 4PNFTFSWFSTFOETEBUF JUTBHPPEXBZUPPCUBJOEBUF

  50. $PNNPO3FTQPOTF)FBEFST4FDVSJUZ ˙ 99441SPUFDUJPONPEFCMPDL ˙ #BTJD944QSPUFDUJPO EFGBVMUFOBCMFEJO(PPHMF$ISPNF ˙ 3FGVTFUPFYFDVUF+4XIJDIBQQFBS ˙ 9'SBNF0QUJPOTEFOZ

    ˙ $BOUIJTXFCQBHFQVUUFEJOBJGSBNF  ˙ $POUFOU4FDVSJUZ1PMJDZ ˙ *UTDPNQMJDBUFE JUQSPWJEFEBCVODIPGTFDVSJUZQSPUFDUJPO

  51. $PPLJFT

  52. ˊ8JLJQFEJB չ$PPLJFJTBTNBMMQJFDFPGEBUBTFOUGSPNB XFCLJUBOETUPSFEJOUIFVTFSTXFCCSPXTFS XIJMFUIFVTFSJTCSPXTJOHպ

  53. $PPLJF ˙ "DPPLJFDPOUBJOT ˙ /BNF ˙ 7BMVF ˙ %PNBJO ˙

    1BUI ˙ .BY"HF ˙ )5510OMZ'MBH ˙ 4FDVSF'MBH

  54. $PPLJF ˙ IUUQTWVMTFDVSJUZOUVTUDPPLJF ˙ IUUQTWVMTFDVSJUZOUVTUDPPLJFTJOHMFQIQ ˙ 4FU$PPLJF[email protected]EBUB PG TJOHMF DPPLJF

    ˙ -FUTPCTFSWFJUJO$ISPNFTEFWFMPQFSUPPMT

  55. $PPLJFBOE4FTTJPO ˙ 4FTTJPOJOEJFSFOUGSBNFXPSLNBZIBWFUIFJSJNQMFNFOUBUJPO ˙ #VUUIFZIBWFTBNFJEFB ˙ 4UPSFEBUBJOTPNFXIFSFTBGFUZBOEHJWFZPVUIFLFZ TFTJTPOJE  ˙

    &ODSZQUFEDPPLJF ˙ $BDIFTFSWJDF 3FEJT .FNDBDIFE  ˙ 5FNQPSBSZMF 1)1TEFGBVMUTFTTJPO  ˙ 4UPSFEJOEBUBCBTF

  56. &ODPEJOH5FYU&ODPEJOH

  57. &ODPEJOH ˙ )PXUPFYQSFTTBOVNCFS  ˙ CJO#JOBSZ ˙ PJO0DUBM ˙ JO%FDJNBM

    ˙ YBDJO)FY ˙ =YD=YB=Y=YJOCZUFTMJUUMFFOEJBOJOUFHFS

  58. 5FYU&ODPEJOH ˙ )PXUPFYQSFTTBDIBSBDUFS" ˙ STUBMQIBCFUJOVQQFSDBTF ˙ " ˙ BTDJJDPEFY

  59. 5FYU&ODPEJOH ˙ )PXUPFYQSFTTBDIBSBDUFS꽺 ˙ 꽺 ˙ 6OJDPEFYFE ˙ #JH&ODPEJOH=YD=Y ˙

    4UBUJDNBQQJOH ˙ 65'&ODPEJOH=YF=YB=YBE ˙ 8FIBWFBSVMFUPUSBOTGPSNCFUXFFOVOJDPEFBOE65'

  60. &ODPEJOH 4(7TC(T*'EWDNYL*2

  61. &ODPEJOH ˙ 8FBMTPIBWFPUIFSFODPEJOH ˙ )FYFODPEF ˙ CBTF ]] FODPEF ˙

    63-&ODPEF

  62. 44-5-4

  63. 44-5VOOFM GET /user/login.php HTTP/1.1.... $MJFOU 4FSWFS

  64. openssl s_client -host google.com -port 443

  65. 08"415PQ

  66. 08"41 0QFO8FC"QQMJDBUJPO4FDVSJUZ1SPKFDU

  67. "6OWBMJEBUFE3FEJSFDUTBOE'PSXBSET ˙ 4PNFUJNFTZPVOETPNFUIJOHJO63- ˙ FYBNQMFDPNMPHJOQIQ SFEJSFDUIPNFQIQ ˙ 8FDIBOHFSFEJSFDUUPBQIJTIJOHTJUF BOETFOEJUUPTPNFPOF ˙

    FYBNQMFDPNMPHJOQIQ SFEJSFDUNBMXBSFDPNIPNFQIQ

  68. "6TJOH$PNQPOFOUTXJUI,OPXO7VMOFSBCJMJUJFT ˙ 7VMOFSBCJMJUJFTJOUIJSEQBSUZMJCSBSZ ˙ &YDLFEJUPS

  69. "$SPTT4JUF3FRVFTU'PSHFSZ $43' ˙ 4FOESFRVFTUGSPNBOPUIFSEPNBJO ˙ JNHTSDFYBQMFDPNMPHPVUQIQ ˙ IUUQTVQFSMPHPVUDPN ˙ &YQMPJU944CVHUPNBLFBGPSNBOEQPTUJU

  70. ".JTTJOH'VODUJPO-FWFM"DDFTT$POUSPM ˙ *DBODIBOHFPUIFSVTFSTQBTTXPSECVU*NOPUBENJO • curl https://vul.security.ntu.st/sqlinj/ --data 'truncate_confirm=1'

  71. "4FOTJUJWF%BUB&YQPTVSF ˙ IUUQTWVMTFDVSJUZOUVTUTRMJOKDPOHJOD

  72. "4FDVSJUZ.JTDPOHVSBUJPO • google('"index of"') ˙ 4PNFUJNFT JUMFBLTTPNFVTFGVMJOGPSNBUJPOUPIBDLFST

  73. "*OTFDVSF%JSFDU0CKFDU3FGFSFODFT ˙ *VQMPBEFENZQSJWBUFQIPUPTUPTPNFXFCEJTL CVUBOZPOFDBO EPXOMPBEJUXJUIMFBLFE63-/PBDDFTTDPOUSPMPOUIBUMF

  74. "$SPTT4JUF4DSJQUJOH 944 • "><script>alert(1)</script><br " ˙ %FNP

  75. "#SPLFO"VUIFOUJDBUJPOBOE4FTTJPO.BOBHFNFOU • function is_admin() {
 return $_COOKIE['role'] == 'admin;
 }

    ˙ %FNP

  76. "*OKFDUJPO • ' or '' = ' ˙ %FNP

  77. 4PNF6TFGVM5PPMT

  78. #VSQ4VJUF

  79. )BDLCBS

  80. $PPLJF.BOBHFS

  81. .PEJGZ)FBEFST

  82. 6TFS"HFOU4XJUDIFS

  83. 8BQQBMZ[FS