Jump to content

MySQL Database Error Disclosure Vulnerability

maxtors

By maxtors
in PHP Coding Help

 Share

Recommended Posts

maxtors Newbie

maxtors

Posted
Posted

Hello my mcafee secure gave me a MySQL Database Error Disclosure Vulnerability error found in this code i installed here is the code in question maybe someone can help me find a fix for it thanks

 

pfrom=From

pto=To

refine=Refine+your+results

categories_id=334

search_in_description=1

subsearch=0

max_pages=x%27%3B%22%2C%29%60

 

THE SINGLE BEST WAY TO FIX THIS VULNERABILITY IS TO IDENTIFY THE ACCEPTABLE INPUT FOR EACH FORM PARAMETER AND REJECT INPUT THAT DOES NOT MEET THAT CRITERIA.

 

The following is an acceptable solution however it is not optimal.

 

Implement content parsing on data input fields including URL parameters.

 

Remove the following characters from any user or dynamic database input: (examples in VBScript)

 

' (escape the single quote) input = replace( input, "'", "''" )

" (double quote) input = replace( input, """", "" )

) (close parenthesis) input = replace( input, ")", "" )

( (open parenthesis) input = replace( input, "(", "" )

; (semi-colon) input = replace( input, ";", "" )

- (dash) input = replace( input, "-", "" )

| (pipe) input = replace( input, "|", "" )

 

On text input it is recommended to append quotes around the user supplied input.

 

Please contact ScanAlert Support if you need further instructions.

 

<?php require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ADVANCED_SEARCH); ?>

<script language="javascript" src="includes/general.js"></script>
<script language="javascript" src="includes/jquery1.2.6.js"></script>
<script language="javascript">
<!--
function check_form() {
  var error_message = "<?php echo JS_ERROR; ?>";
  var error_found = false;
  var error_field;
  var keywords = document.adv_filter.refine.value;
  var pfrom = document.adv_filter.pfrom.value;
  var pto = document.adv_filter.pto.value;
  var pfrom_float;
  var pto_float;

  if (((keywords == '') || (keywords.length < 1)) && ((pfrom == '') || (pfrom.length < 1)) && ((pto == '') || (pto.length < 1))) {
    error_message = error_message + "* <?php echo ERROR_AT_LEAST_ONE_INPUT; ?>\n";
    error_field = document.advanced_search.keywords;
    error_found = true;
  }

  if (pfrom.length > 0) {
    pfrom_float = parseFloat(pfrom);
    if (isNaN(pfrom_float)) {
      error_message = error_message + "* <?php echo ERROR_PRICE_FROM_MUST_BE_NUM; ?>\n";
      error_field = document.advanced_search.pfrom;
      error_found = true;
    }
  } else {
    pfrom_float = 0;
  }

  if (pto.length > 0) {
    pto_float = parseFloat(pto);
    if (isNaN(pto_float)) {
      error_message = error_message + "* <?php echo ERROR_PRICE_TO_MUST_BE_NUM; ?>\n";
      error_field = document.advanced_search.pto;
      error_found = true;
    }
  } else {
    pto_float = 0;
  }

  if ((pfrom.length > 0) && (pto.length > 0)) {
    if ((!isNaN(pfrom_float)) && (!isNaN(pto_float)) && (pto_float < pfrom_float)) {
      error_message = error_message + "* <?php echo ERROR_PRICE_TO_LESS_THAN_PRICE_FROM; ?>\n";
      error_field = document.advanced_search.pto;
      error_found = true;
    }
  }

  if (error_found == true) {
    alert(error_message);
    error_field.focus();
    return false;
  } else {
    return true;
  }
}

function popupWindow(url) {
  window.open(url,'popupWindow','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no,width=450,height=280,screenX=150,screenY=150,top=150,left=150')
}

//Search Box controls
$(document).ready( function() { searchBox(); } );

function searchBox() {
$("#refine").focus( function() {
	if(this.value=='<?php echo REFINE_RESULTS; ?>') {
			this.value='';
		} } );
$("#subsearch").click(
	function() {
		if($("#refine").val()=='<?php echo REFINE_RESULTS; ?>') {
			$("#refine").val('');
		} } );
$("#refine").blur(
	function() {
		if(this.value=='') {
			this.value='<?php echo REFINE_RESULTS; ?>';
		}; } );
$("#pfrom").focus( function() {
	if(this.value=='<?=PRICE_FROM?>') {
			this.value='';
		} } );
$("#subsearch").click(
	function() {
		if($("#pfrom").val()=='<?=PRICE_FROM?>') {
			$("#pfrom").val('');
		} } );
$("#pfrom").blur(
	function() {
		if(this.value=='') {
			this.value='<?=PRICE_FROM?>';
		}; } );
$("#pto").focus( function() {
	if(this.value=='<?=PRICE_TO?>') {
			this.value='';
		} } );
$("#subsearch").click(
	function() {
		if($("#pto").val()=='<?=PRICE_TO?>') {
			$("#pto").val('');
		} } );
$("#pto").blur(
	function() {
		if(this.value=='') {
			this.value='<?=PRICE_TO?>';
		}; } );
}

//-->
</script>
<?php

$hold_max_pages = MAX_DISPLAY_SEARCH_RESULTS;

if ($HTTP_POST_VARS['max_pages']) {
$hold_max_pages = $HTTP_POST_VARS['max_pages'];
} else {
$hold_max_pages = MAX_DISPLAY_SEARCH_RESULTS;
}

$error = false;

if ( (isset($HTTP_POST_VARS['refine']) && empty($HTTP_POST_VARS['refine'])) &&
     (isset($HTTP_POST_VARS['pfrom']) && !is_numeric($HTTP_POST_VARS['pfrom'])) &&
     (isset($HTTP_POST_VARS['pto']) && !is_numeric($HTTP_POST_VARS['pto'])) ) {
  $error = true;

  $messageStack->add_session('search', ERROR_AT_LEAST_ONE_INPUT);
} else {
  $pfrom = '';
  $pto = '';
  $keywords = '';

  if (isset($HTTP_POST_VARS['pfrom']) && $HTTP_POST_VARS['pfrom'] !== PRICE_FROM) {
    $pfrom = $HTTP_POST_VARS['pfrom'];
  }

  if (isset($HTTP_POST_VARS['pto']) && $HTTP_POST_VARS['pto'] !== PRICE_TO) {
    $pto = $HTTP_POST_VARS['pto'];
  }

  if (isset($HTTP_POST_VARS['refine']) && $HTTP_POST_VARS['refine'] !== REFINE_RESULTS) {
    $keywords = $HTTP_POST_VARS['refine'];
  }

  $price_check_error = false;
  if (tep_not_null($pfrom)) {
    if (!settype($pfrom, 'double')) {
      $error = true;
      $price_check_error = true;

      $messageStack->add_session('search', ERROR_PRICE_FROM_MUST_BE_NUM);
    }
  }

  if (tep_not_null($pto)) {
    if (!settype($pto, 'double')) {
      $error = true;
      $price_check_error = true;

      $messageStack->add_session('search', ERROR_PRICE_TO_MUST_BE_NUM);
    }
  }

  if (($price_check_error == false) && is_float($pfrom) && is_float($pto)) {
    if ($pfrom >= $pto) {
      $error = true;

      $messageStack->add_session('search', ERROR_PRICE_TO_LESS_THAN_PRICE_FROM);
    }
  }

  if (tep_not_null($keywords)) {
    if (!tep_parse_search_string($keywords, $search_keywords)) {
      $error = true;

      $messageStack->add_session('search', ERROR_INVALID_KEYWORDS);
    }
  }
}

if (empty($pfrom) && empty($pto) && empty($keywords)) {
  $error = true;

  $messageStack->add_session('search', ERROR_AT_LEAST_ONE_INPUT);
}

if ((isset($HTTP_POST_VARS['refine']) && (!empty($HTTP_POST_VARS['refine']) || ($HTTP_POST_VARS['refine'] !== REFINE_RESULTS))) ||
    (isset($HTTP_POST_VARS['pfrom']) && is_numeric($HTTP_POST_VARS['pfrom'])) ||
    (isset($HTTP_POST_VARS['pto']) && is_numeric($HTTP_POST_VARS['pto']))) {

  // create column list
$define_list = array('PRODUCT_LIST_MODEL' => PRODUCT_LIST_MODEL,
                       'PRODUCT_LIST_NAME' => PRODUCT_LIST_NAME,
                       'PRODUCT_LIST_MANUFACTURER' => PRODUCT_LIST_MANUFACTURER,
                       'PRODUCT_LIST_PRICE' => PRODUCT_LIST_PRICE,
                       'PRODUCT_LIST_QUANTITY' => PRODUCT_LIST_QUANTITY,
                       'PRODUCT_LIST_WEIGHT' => PRODUCT_LIST_WEIGHT,
                       'PRODUCT_LIST_IMAGE' => PRODUCT_LIST_IMAGE,
                       'PRODUCT_LIST_BUY_NOW' => PRODUCT_LIST_BUY_NOW);

asort($define_list);

$column_list = array();
reset($define_list);
while (list($key, $value) = each($define_list)) {
  if ($value > 0) $column_list[] = $key;
}

$select_column_list = '';

for ($i=0, $n=sizeof($column_list); $i<$n; $i++) {
  switch ($column_list[$i]) {
    case 'PRODUCT_LIST_MODEL':
      $select_column_list .= 'p.products_model, ';
      break;
    case 'PRODUCT_LIST_MANUFACTURER':
      $select_column_list .= 'm.manufacturers_name, ';
      break;
    case 'PRODUCT_LIST_QUANTITY':
      $select_column_list .= 'p.products_quantity, ';
      break;
    case 'PRODUCT_LIST_IMAGE':
      $select_column_list .= 'p.products_image, ';
      break;
    case 'PRODUCT_LIST_WEIGHT':
      $select_column_list .= 'p.products_weight, ';
      break;
  }
}

$select_str = "select distinct " . $select_column_list . " m.manufacturers_id, p.products_id, pd.products_name, p.products_price, p.products_tax_class_id, IF(s.status, s.specials_new_products_price, NULL) as specials_new_products_price, IF(s.status, s.specials_new_products_price, p.products_price) as final_price ";

if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) {
  $select_str .= ", SUM(tr.tax_rate) as tax_rate ";
}

$from_str  =  "from  (("  .  TABLE_PRODUCTS  .  "  p)  left  join  "  .  TABLE_MANUFACTURERS  .  "  m  using(manufacturers_id),  "  .  TABLE_PRODUCTS_DESCRIPTION  .  "  pd)  left  join  "  .  TABLE_SPECIALS  .  "  s  on  p.products_id  =  s.products_id,  "  .  TABLE_CATEGORIES  .  "  c,  "  .  TABLE_PRODUCTS_TO_CATEGORIES  .  "  p2c";

if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) {
  if (!tep_session_is_registered('customer_country_id')) {
    $customer_country_id = STORE_COUNTRY;
    $customer_zone_id = STORE_ZONE;
  }
  $from_str .= " left join " . TABLE_TAX_RATES . " tr on p.products_tax_class_id = tr.tax_class_id left join " . TABLE_ZONES_TO_GEO_ZONES . " gz on tr.tax_zone_id = gz.geo_zone_id and (gz.zone_country_id is null or gz.zone_country_id = '0' or gz.zone_country_id = '" . (int)$customer_country_id . "') and (gz.zone_id is null or gz.zone_id = '0' or gz.zone_id = '" . (int)$customer_zone_id . "')";
}

$where_str = " where p.products_status = '1' and p.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p.products_id = p2c.products_id and p2c.categories_id = c.categories_id ";

if (isset($HTTP_POST_VARS['categories_id']) && tep_not_null($HTTP_POST_VARS['categories_id'])) {
  if (isset($HTTP_POST_VARS['inc_subcat']) && ($HTTP_POST_VARS['inc_subcat'] == '1')) {
    $subcategories_array = array();
    tep_get_subcategories($subcategories_array, $HTTP_POST_VARS['categories_id']);

    	$where_str .= " and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and (p2c.categories_id = '" . (int)$HTTP_POST_VARS['categories_id'] . "'";

    for ($i=0, $n=sizeof($subcategories_array); $i<$n; $i++ ) {
      $where_str .= " or p2c.categories_id = '" . (int)$subcategories_array[$i] . "'";
    }

    $where_str .= ")";
  } else {
    $where_str .= " and p2c.products_id = p.products_id and p2c.products_id = pd.products_id and pd.language_id = '" . (int)$languages_id . "' and p2c.categories_id = '" . (int)$HTTP_POST_VARS['categories_id'] . "'";
  }
}

if (isset($HTTP_POST_VARS['manufacturers_id']) && tep_not_null($HTTP_POST_VARS['manufacturers_id'])) {
  $where_str .= " and m.manufacturers_id = '" . (int)$HTTP_POST_VARS['manufacturers_id'] . "'";
}

if (isset($search_keywords) && (sizeof($search_keywords) > 0)) {
  $where_str .= " and (";
  for ($i=0, $n=sizeof($search_keywords); $i<$n; $i++ ) {
    switch ($search_keywords[$i]) {
      case '(':
      case ')':
      case 'and':
      case 'or':
        $where_str .= " " . $search_keywords[$i] . " ";
        break;
      default:
        $keyword = tep_db_prepare_input($search_keywords[$i]);
        $where_str .= "(pd.products_name like '%" . tep_db_input($keyword) . "%' or p.products_model like '%" . tep_db_input($keyword) . "%' or m.manufacturers_name like '%" . tep_db_input($keyword) . "%'";
        if (isset($HTTP_POST_VARS['search_in_description']) && ($HTTP_POST_VARS['search_in_description'] == '1')) $where_str .= " or pd.products_description like '%" . tep_db_input($keyword) . "%'";
        $where_str .= ')';
        break;
    }
  }
  $where_str .= " )";
}

if (tep_not_null($pfrom)) {
  if ($currencies->is_set($currency)) {
    $rate = $currencies->get_value($currency);

    $pfrom = $pfrom / $rate;
  }
}

if (tep_not_null($pto)) {
  if (isset($rate)) {
    $pto = $pto / $rate;
  }
}

if (DISPLAY_PRICE_WITH_TAX == 'true') {
  if ($pfrom > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) >= " . (double)$pfrom . ")";
  if ($pto > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) * if(gz.geo_zone_id is null, 1, 1 + (tr.tax_rate / 100) ) <= " . (double)$pto . ")";
} else {
  if ($pfrom > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) >= " . (double)$pfrom . ")";
  if ($pto > 0) $where_str .= " and (IF(s.status, s.specials_new_products_price, p.products_price) <= " . (double)$pto . ")";
}

if ( (DISPLAY_PRICE_WITH_TAX == 'true') && (tep_not_null($pfrom) || tep_not_null($pto)) ) {
  $where_str .= " group by p.products_id, tr.tax_priority";
}

if ( (!isset($HTTP_POST_VARS['sort'])) || (!ereg('[1-8][ad]', $HTTP_POST_VARS['sort'])) || (substr($HTTP_POST_VARS['sort'], 0, 1) > sizeof($column_list)) ) {
  for ($i=0, $n=sizeof($column_list); $i<$n; $i++) {
    if ($column_list[$i] == 'PRODUCT_LIST_NAME') {
      $HTTP_POST_VARS['sort'] = $i+1 . 'a';
      $order_str = ' order by pd.products_name';
      break;
    }
  }
} else {
  $sort_col = substr($HTTP_POST_VARS['sort'], 0 , 1);
  $sort_order = substr($HTTP_POST_VARS['sort'], 1);
  $order_str = ' order by ';
  switch ($column_list[$sort_col-1]) {
    case 'PRODUCT_LIST_MODEL':
      $order_str .= "p.products_model " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name";
      break;
    case 'PRODUCT_LIST_NAME':
      $order_str .= "pd.products_name " . ($sort_order == 'd' ? "desc" : "");
      break;
    case 'PRODUCT_LIST_MANUFACTURER':
      $order_str .= "m.manufacturers_name " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name";
      break;
    case 'PRODUCT_LIST_QUANTITY':
      $order_str .= "p.products_quantity " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name";
      break;
    case 'PRODUCT_LIST_IMAGE':
      $order_str .= "pd.products_name";
      break;
    case 'PRODUCT_LIST_WEIGHT':
      $order_str .= "p.products_weight " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name";
      break;
    case 'PRODUCT_LIST_PRICE':
      $order_str .= "final_price " . ($sort_order == 'd' ? "desc" : "") . ", pd.products_name";
      break;
  }
}

$listing_sql = $select_str . $from_str . $where_str . $order_str;

}

$listing_split = new splitPageResults($listing_sql, $hold_max_pages, 'p.products_id');

if (($listing_split->number_of_rows > 0) && ((PREV_NEXT_BAR_LOCATION == '1') || (PREV_NEXT_BAR_LOCATION == '3'))) { ?>

<div class="infoBoxContents" style="padding:0.5em; text-align:center;">
	<form name="filter" action="<?php echo tep_href_link(basename($PHP_SELF),tep_get_all_get_params(array('pfrom', 'pto', 'refine', 'page', 'info', 'x', 'y', 'manufacturers_id'))); ?>" method="post">
		<label for="pfrom" class="fieldKey"><?=PRICE_RANGE?></label>
		<input id="pfrom" name="pfrom" value="<?=PRICE_FROM?>" class="fieldValue" style="width:5em" /> -
		<input id="pto" name="pto" value="<?=PRICE_TO?>" class="fieldValue" style="width:5em" />
		<input id="refine" type='text' name='refine' value="<?=REFINE_RESULTS?>" style='width:42%;' class="fieldValue" />
<?php echo tep_draw_hidden_field('categories_id', (int)$current_category_id) . tep_draw_hidden_field('search_in_description', '1') . tep_image_submit('button_search.gif', IMAGE_BUTTON_SEARCH, "id='subsearch' name='subsearch' style='margin:0 5px;'"); ?>
		<div style="display:inline-block; width:49%; margin: 0.5em 0; text-align:center;">
<?php

  // optional Product List Filter
  if (PRODUCT_LIST_FILTER > 0) {
    $filterlist_sql = "select distinct m.manufacturers_id as id, m.manufacturers_name as name from " . TABLE_PRODUCTS . " p, " . TABLE_PRODUCTS_TO_CATEGORIES . " p2c, " . TABLE_MANUFACTURERS . " m where p.products_status = '1' and p.manufacturers_id = m.manufacturers_id and p.products_id = p2c.products_id and p2c.categories_id = '" . (int)$current_category_id . "' order by m.manufacturers_name";

    $filterlist_query = tep_db_query($filterlist_sql);

    if (tep_db_num_rows($filterlist_query) > 1) {

		echo tep_draw_hidden_field('cPath', $cPath);
      $options = array(array('id' => '', 'text' => TEXT_ALL_MANUFACTURERS));

      echo tep_draw_hidden_field('sort', $HTTP_POST_VARS['sort']);

      while ($filterlist = tep_db_fetch_array($filterlist_query)) {
        $options[] = array('id' => $filterlist['id'], 'text' => $filterlist['name']);
      }

      echo tep_draw_pull_down_menu('manufacturers_id', $options, (isset($HTTP_POST_VARS['manufacturers_id']) ? $HTTP_POST_VARS['manufacturers_id'] : ''), 'onchange="this.form.submit()"');
    }
  }
?>
		</div><div style="display:inline-block; width:49%; margin: 0.5em 0; text-align:center;">
<?php
  $all = $listing_split->number_of_rows;

  $page_options = array(array('id' => $hold_max_pages, 'text' => sprintf(SHOWING_RESULTS, $hold_max_pages)));
  $page_options[] = array('id' => $all, 'text' => sprintf(SHOW_RESULTS, 'All') . " ($all)");
  $page_options[] = array('id' => 5, 'text' => sprintf(SHOW_RESULTS, 5));
  $page_options[] = array('id' => 15, 'text' => sprintf(SHOW_RESULTS, 15));
  $page_options[] = array('id' => 25, 'text' => sprintf(SHOW_RESULTS, 25));
  $page_options[] = array('id' => 50, 'text' => sprintf(SHOW_RESULTS, 50));

  echo tep_hide_session_id();
  echo tep_draw_pull_down_menu('max_pages', $page_options, '', 'onchange="this.form.submit()"');
?>
		</div>
	</form>
	<div>
<?php
// Sort columns by ???  You may need to rearrange the numbers in order of your columns in product listing
echo SORT_BY . tep_create_sort_heading($HTTP_GET_VARS['sort'], 1, TABLE_HEADING_MODEL) . ' | ' .
								tep_create_sort_heading($HTTP_GET_VARS['sort'], 4, TABLE_HEADING_PRODUCTS) . ' | ' .
								tep_create_sort_heading($HTTP_GET_VARS['sort'], 2, TABLE_HEADING_MANUFACTURER) . ' | ' .
								tep_create_sort_heading($HTTP_GET_VARS['sort'], 5, TABLE_HEADING_PRICE);
?>
	</div>
</div>
<div class="smallText" style="display:inline-block; width:49%;"><?php echo $listing_split->display_count(TEXT_DISPLAY_NUMBER_OF_PRODUCTS); ?></div>
<div class="smallText" style="display:inline-block; width:49%; text-align:right;"><?php echo TEXT_RESULT_PAGE . ' ' . $listing_split->display_links(MAX_DISPLAY_PAGE_LINKS, tep_get_all_get_params(array('page', 'info', 'x', 'y'))); ?></div>
<?php } ?>

blacknight Member

blacknight

Posted
Posted

try adding mysql_real_escape_string() around every car that is in the sql queries thsi shoudl saolve this issue

best way is to use a function

function escape( $string )
{
	if( version_compare( phpversion(), '4.3.0', '>' ) )
	{
		return mysql_real_escape_string( $string );
	}
	else
	{
		return mysql_escape_string( $string );
	}
}

 

then its just escape($value) and its cleaned for sql

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

Is that McAfee whatever-it-is a client side tool? Doing that on the client side with javascript has nothing to do with security, really. All a user has to do is disable javascript, or submit their own form and all the javascript in the world is completely irrelevant. Your server-side code is what should protect against database vulnerabilities.

maxtors Newbie

maxtors

Posted
  • Author
Posted

will this work?

 

$keyword = tep_db_prepare_input($search_keywords[$i]);

$keyword = tep_db_prepare_input(mysql_real_escape_string($search_keywords[$i]));

 

 

 

 

try adding mysql_real_escape_string() around every car that is in the sql queries thsi shoudl saolve this issue

best way is to use a function

function escape( $string )
{
	if( version_compare( phpversion(), '4.3.0', '>' ) )
	{
		return mysql_real_escape_string( $string );
	}
	else
	{
		return mysql_escape_string( $string );
	}
}

 

then its just escape($value) and its cleaned for sql

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

And the application is OSCommerce, right?

 

Look at post #4 in this thread: http://www.oscmax.com/forums/oscmax-v2-features-discussion/19270-discussion-mysql-security-oscmax.html

 

Also see this thread: http://forums.digitalpoint.com/showthread.php?t=1433287

 

And this one, which was also was linked to in the thread you started back in 2009 about the same problem: http://forums.oscommerce.com/topic/313323-how-to-secure-your-oscommerce-22-site/

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.