|
The Web Hacking Incidents Database
Last update:17 February 2008
List of Incidents for a Classification
Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.
Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical Select criteria for classification "Outcome":
Blackmail, Chaos, Deceit, Defacement, Disclosure Only, Downtime, Extortion, Identity Theft, Information Warfare, Leakage of Information, Link Spam, Loss of Sales, Monetary Loss, Phishing, Planting of Malware, Political Defacement, Spam, Worm
List of incidents for which Outcome is Disclosure Only
86 incidents listed
Reported: 19 January 2008Occurred: 19 January 2008
Classifications:
- Attack Method: SQL Injection
- Country: USA
- Outcome: Disclosure Only
- Vertical: Retail
An SQL injection vulnerability that could result in a hacker being able to access credit card numbers, expiration dates, and security codes of thousands of consumers was discovered in the web site of retailer "life is good". The US Federal Trade Commission charged "life is good" with lack of reasonable and appropriate security for the sensitive consumer information stored on its servers. The company's settlement with the company requires the company to accept a very comprehensive and costly security procedure going forward.
References:
- Online Retailer Settles Charges That It Left Consumer Data Open To Hackers
News Story, Information Week, 18 January 2008
- FTC Wags Finger At Site For Weak Consumer Data Security
News Story, Storefront Backtack, 18 January 2008
- n the Matter of Life is good, Inc., a corporation, and Life is good Retail, Inc., a corporation. FTC Matter No. 072-3046
Case File, Federal Trade Commission, 17 January 2008
Reported: 01 January 2008Occurred: 29 January 2007
Classifications:
- Attack Method: Credential/Session Prediction
- Country: Brazil
- Outcome: Disclosure Only
- Vertical: Finance
IDG now reports a bug in the internet banking application of Unibanco, a Brazilian Bank. The vulnerability allowed logged users to view transaction receipts of other unrelated users by changing the "receipt ID" on the form or URL.
Reported by Alexandre Sieira
References:
Reported: 19 December 2007Occurred: 01 December 2007
Classifications:
- Attack Method: Credential/Session Prediction
- Country: Canada
- Outcome: Disclosure Only
- Vertical: Government
The Web site of the Canadian passports authority enables users to access others' record by modifying a value of a parameter in the URI.
References:
Reported: 07 November 2007Occurred: 23 September 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Country: USA
- Outcome: Disclosure Only
- Vertical: Retail
A small XSS vulnerably caught RSnake eyes. What makes it different, after all xssed.com lists thousands and thousands of those? What caught RSnames eyes was the vulnerable site. TJMaxx earned the reputation as the company that suffered the biggest security breach ever. You would expect them to be more careful.
References:
Reported: 25 October 2007Occurred: 01 November 2004
Classifications:
- Attack Method: Insufficient Authentication
- Attack Method: Predictable Resource Location
- Outcome: Disclosure Only
Following a software upgrade, Cahoot, a UK based Internet only bank allowed accessing user accounts by guessing their user names. At least on one page allowed accessing an account by only specifying the user name in the URL. The bug was open for 12 days before being discovered.
The site was taken off line for 10 hours to fix the issue. It is a significant incident, as it is one of those rare occasions where vulnerability was serious enough to force the organization to just take the site off line until it is fixed.
We somehow missed this story so it finds its way to WHID only now in late 2007.
References:
Reported: 01 July 2007Occurred: 17 May 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Country: Germany
- Outcome: Disclosure Only
- Vertical: Finance
I seldom add disclosures anymore to WHID, even less XSS disclosures, but since this time they were discovered in banking sites, I thought it was worth it. After all, too many times people think that application vulnerabilities are found only at less "serious" or less "important" web sites where no real damage can occur.
References:
Reported: 02 April 2007Occurred: 02 March 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Attack Method: SQL Injection
- Country: Germany
- Outcome: Disclosure Only
- Vertical: Retail
While vulnerabilities in public web sites are dime a dozen this days and rarely included in WHID, a classic SQL injection in the login form on the home page of the web site of a very big company is worth an entry. In my presentation I usually claim that such vulnerabilities have disappeared years ago and then go on to show advanced SQL injection techniques. It seems that they exit.
References:
Reported: 24 July 2006Occurred: 04 July 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
An XSS vulnerability in the feature allowing adding an arbitrary RSS to personal web pages. Since this page resides on the main www.google.com host, the executed JavaScript can access any Google resource.
References:
Reported: 24 July 2006Occurred: 12 July 2006
Classifications:
- Attack Method: Insufficient Authorization
- Outcome: Disclosure Only
Altiris seems to have designed their servers so that it is easy to both access their customers upload as well as find out their e-mail addresses.
References:
Reported: 24 July 2006Occurred: 30 June 2006
Classifications:
- Attack Method: Insufficient Authorization
- Attack Method: Predictable Resource Location
- Outcome: Disclosure Only
MySpace bulletins, presumably accessible only to the social network of the originator can be access by anyone by iterating through a message id query parameter.
References:
Reported: 09 May 2006Occurred: 03 January 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
This community site allows including scripts in multiple locations including ones personal profile thus enabling XSS.
References:
Reported: 09 May 2006Occurred: 04 May 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Alexadex is an online investment game. There is an XSS vulnerability in the group adding functionality.
References:
Reported: 09 May 2006Occurred: 28 April 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Libero.it is a Web portal of big Italian ISP offering dial-up, Broadband and talk services. A script on it's customer service pages which enabled a connection speed test is vulnerable to XSS.
References:
Reported: 09 May 2006Occurred: 05 May 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
A researcher found that the login error page on this sites can be injected.
References:
Reported: 09 May 2006Occurred: 21 April 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Yahoo mail does not filter properly the CSS "expression" keyword when it includes a comment that is encoded.
References:
Reported: 20 April 2006Occurred: 16 April 2006
Classifications:
Tlen.PL is a popular Polish IM system provided by o2.pl, which includes e-mail accounts. The e-mail client is web based with a browser embedded in the communicator software. Certain webmail servers do not validate e-mail subject for HTML tags, allowing attacker to inject script code.
References:
Reported: 20 April 2006Occurred: 29 March 2006
Classifications:
- Attack Method: SQL Injection
- Outcome: Disclosure Only
www.incredibleindia.org is official Indian government tourism website.
The researcher has found that the parameter PageID in the page ms_Page.asp is vulnerable to SQL injection. He further tested that SQL error messages enable standard probing methods for finding out the number of columns and their type work.
References:
Reported: 12 April 2006Occurred: 10 January 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
ICQ.com search script (search_result.php) is vulnerable to cross-site scripting attacks. This problem is due to a failure
in the application to properly sanitize user input, the input can be passed to the vulnerable script in 2 variables
(gender and home_country_code).
References:
Reported: 12 April 2006Occurred: 01 January 2006
Classifications:
- Attack Method: SQL Injection
- Outcome: Disclosure Only
A CIO of a bank in Singapore reports that many application layer vulnerabilities, including SQL injection, where discovered in a banking application they purchased before it was put into production.
References:
Reported: 12 April 2006Occurred: 12 February 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Everyone.net login script (loginuser.pl) is prone to a cross site scripting attack in the variable loginName.
References:
Reported: 12 April 2006Occurred: 18 October 2005
Classifications:
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
A bug in Gmail's authentication and session management allows direct login to anybodies account without requiring any involvement of the victim.
References:
Reported: 12 April 2006Occurred: 20 February 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
The $a variable in Hotmail's inbox is vulnerable to cross site scripting vulnerability. Exploit requires the victim to open the email message.
References:
Reported: 12 April 2006Occurred: 24 February 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Sourceforge download pages are vulnerable to XSS
References:
Reported: 10 April 2006Occurred: 09 April 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Sourceforge forums search is vulnerable to XSS
References:
Reported: 10 April 2006Occurred: 04 April 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Yet another Google XSS. This time it seems to hit Arabic variant of the main search site. It seems that the actual language selector parameter enables the attack.
References:
Reported: 10 April 2006Occurred: 05 April 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Forget putting <script> tags in input field. This high tech vulnerability exploits the code handling online/offline flags by inserting a malicious online/offline flag. Awesome.
References:
Reported: 04 April 2006Occurred: 19 April 1999
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Country: USA
- Outcome: Disclosure Only
A very early XSS issue at eBay. Interesting historically as it seems that at the time the term XSS was not yet in use.
References:
Reported: 04 April 2006Occurred: 04 April 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
eBay contains a cross-site scripting vulnerability. When an eBay user posts an auction, eBay allows SCRIPT tags to be included in the auction description which creates a cross-site scripting vulnerability in the eBay website
References:
Reported: 04 April 2006Occurred: 20 March 2006
Classifications:
- Attack Method: Weak Password Recovery Validation
- Outcome: Disclosure Only
A UK Security Consulting firm reports that 54 UK sites that it has surveyed have flaws in the "forgotten password" feature.
References:
Reported: 29 March 2006Occurred: 28 January 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Hotmail's filtering engine insufficiently filters JavaScript scripts. It is possible to write JavaScript in the BGCOLOR attribute of the BODY tag, using CSS. This leads to execution when the email is viewed. JavaScript must be Unicode encoded in order to fool the filter. This encoding is recognized with IE >= 6
References:
Reported: 05 March 2006Occurred: 25 February 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Links sent to a user as part of the mail content are not properly sanitized, so a user receiving such mail and activating a link would be affected.
References:
Reported: 05 March 2006Occurred: 22 February 2006
Classifications:
- Attack Method: Redirection
- Outcome: Disclosure Only
Google reader allows redirection so sites can fool users to subscribe to malicious content.
References:
Reported: 05 March 2006Occurred: 02 March 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
A 14 years old claims to have discovered an XSS flaw in Google's Gmail. Comments have been mixed, and Google did not comment, so either the flaw was fixed pretty fast, or did not exits.
References:
Reported: 28 February 2006Occurred: 21 November 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
XSS in Google Base search function
References:
Reported: 28 February 2006Occurred: 23 November 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Inserting code in an HTML attachments enables changing the user interface of Yahoo mail, which may enable fraud.
References:
Reported: 28 February 2006Occurred: 24 December 2005
Classifications:
- Attack Method: Credential/Session Prediction
- Attack Method: Insufficient Authentication
- Outcome: Disclosure Only
Janus mutual fund uses predictable identifier to authenticate its share holders enabling them to vote for others.
References:
Reported: 28 February 2006Occurred: 18 December 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
A malicious site can offer users a malformed RSS XML file to be included Yahoo RSS aggregation that would enable stealing Yahoo cookies
References:
Reported: 28 February 2006Occurred: 05 December 2005
Classifications:
- Attack Method: Abuse of Functionality
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
An XSS when receiving notification of an incoming IM message. Additionally it is possible to send an IM message to somebody who has blocked such messages by pretending to be answering a message from him.
References:
Reported: 28 February 2006Occurred: 21 December 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
A redirection to an error page on Google.com includes values sent by the the user. This vulnerability allows phishers to send an e-mail with links to Google that will include their attack page.
References:
- XSS vulnerabilities in Google.com
Advisory, Watchfire, 21 December 2005
- Google Cross-Site Scripting Flaw Fixed
News Story, Beta News, 21 December 2005
- Google plugs 'obscure' phishing holes
News Story, CNet, 21 December 2005
- Google XSS Example
Blog Entry, Chris Shiflett, 21 December 2005
- Google's XSS Vulnerability
Blog Entry, Chris Shiflett, 21 December 2005
Reported: 28 February 2006Occurred: 22 December 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
An attacker can send an e-mail with a malicious script to a victim which is perform its actions immediately when the e-mail is read.
References:
Reported: 26 February 2006Occurred: 27 December 2005
Classifications:
- Attack Method: Unknown
- Outcome: Disclosure Only
Web site used to file online for housing at KU was shutdown for lack of proper security measures to prevent visitors from viewing personal information about others
References:
Reported: 26 February 2006Occurred: 14 December 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Netcraft discovered an XSS vulnerability in NIST web site, which ironically hosts the U.S. National Vulnerability Database.
References:
Reported: 26 February 2006Occurred: 02 January 2006
Classifications:
- Attack Method: HTTP Response Splitting
- Outcome: Disclosure Only
References:
Reported: 26 February 2006Occurred: 13 January 2006
Classifications:
- Attack Method: Insufficient Authorization
- Attack Method: Predictable Resource Location
- Outcome: Disclosure Only
Documents uploaded to GSA site where accessed using a predictable sequential identifier without requiring special permissions. The documents where available both for viewing and modifying. The site was in service for more than 18 months until the vulnerability was discovered.
References:
Reported: 26 February 2006Occurred: 01 July 2005
Classifications:
- Attack Method: Known Vulnerability
- Outcome: Disclosure Only
An audit of a major Environmental Protection Agency contract management system uncovered significant security lapses that, if exploited by hackers, could have serious consequences for the agency's operations, assets and personnel. The audit focused on lack of monitoring for known vulnerabilities on these systems.
References:
Reported: 10 November 2005Occurred: 07 November 2005
Classifications:
- Attack Method: Insufficient Authorization
- Outcome: Disclosure Only
References:
Reported: 10 November 2005Occurred: 21 October 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
XSS in Yahoo mail, Allows phishing
References:
Reported: 10 November 2005Occurred: 21 October 2005
Classifications:
- Attack Method: Insufficient Authentication
- Outcome: Disclosure Only
The software has a default password for teachers, enabling anyone to access the system with teachers privileges.
References:
Reported: 10 November 2005Occurred: 10 October 2005
Classifications:
- Attack Method: Other
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
References:
Reported: 08 November 2005Occurred: 25 May 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
References:
Reported: 22 August 2005Occurred: 12 August 2005
Classifications:
- Attack Method: Insufficient Authentication
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
A web site flaw could have allowed a user to view another subscriber's balance of remaining airtime minutes and the number of minutes that customer had used in the current billing cycle
References:
Reported: 08 August 2005Occurred: 03 August 2005
Classifications:
- Attack Method: Weak Password Recovery Validation
- Outcome: Disclosure Only
Weak password recovery procedure at Citrix
References:
Reported: 04 August 2005Occurred: 26 January 2004
Classifications:
- Attack Method: Insufficient Authorization
- Outcome: Disclosure Only
References:
Reported: 04 August 2005Occurred: 02 February 2004
Classifications:
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
References:
Reported: 04 August 2005Occurred: 02 February 2004
Classifications:
- Attack Method: SQL Injection
- Outcome: Disclosure Only
References:
Reported: 04 August 2005Occurred: 02 February 2004
Classifications:
- Attack Method: Insufficient Authorization
- Outcome: Disclosure Only
References:
Reported: 04 August 2005Occurred: 02 February 2004
Classifications:
- Attack Method: Insufficient Authorization
- Outcome: Disclosure Only
References:
Reported: 04 August 2005Occurred: 02 February 2004
Classifications:
- Attack Method: Insufficient Authorization
- Outcome: Disclosure Only
References:
Reported: 04 August 2005Occurred: 26 January 2004
Classifications:
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
References:
Reported: 04 August 2005Occurred: 06 September 2001
Classifications:
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
References:
Reported: 31 July 2005Occurred: 28 July 2005
Classifications:
- Attack Method: Path Traversal
- Outcome: Disclosure Only
References:
Reported: 31 July 2005Occurred: 30 July 2005
Classifications:
- Attack Method: Insufficient Authentication
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
While not strictly web security, this discussion of hotel rooms TV application security is a very good example of the dangers of our networked society
References:
Reported: 11 July 2005Occurred: 27 October 2004
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
An XSS was found in G-Mail
References:
Reported: 11 July 2005Occurred: 27 December 2004
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
An XSS was found in Lycos Web Mail
References:
Reported: 11 July 2005Occurred: 12 January 2005
Classifications:
- Attack Method: Unknown
- Outcome: Disclosure Only
Parameter tampering enabled exposing sensitive information in G-Mail
References:
Reported: 11 July 2005Occurred: 14 January 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
An XSS was found in Froogle
References:
Reported: 08 April 2005Occurred: 08 March 2005
Classifications:
- Attack Method: Unknown
- Outcome: Disclosure Only
An undisclosed application security issue on Cisco web site required resetting passwords for all registered users.
References:
- Cisco.com passwords reset after Web site exposure
News Story, Computer World, 08 March 2005
- Cisco Web Site Breached by Hackers
News Story, Beta News, 08 March 2005
- Cisco warns customers of site breach
News Story, Cnet, 08 March 2005
- Cisco Connection Online Compromised?
Mirror of Victim's Response, TaoSecurity Blog, 08 March 2005
- Cisco Web Portal Password Security Compromised
News Story, eWeek, 08 March 2005
Reported: Occurred: 05 July 2005
Classifications:
- Attack Method: SQL Injection
- Attack Method: OS Commanding
- Attack Method: Insufficient Authorization
- Outcome: Disclosure Only
A person who discovered an SQL injection vulnerability in a USC system and informed security focus about the flaw was criminally charged with breaking into the system.
References:
Reported: Occurred: 04 June 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
References:
- Microsoft fixes Hotmail hack
News Story, VUnet, 09 June 2005
- Hotmail users exposed to cookie snaffling exploit
News Story, The Registrer, 08 June 2005
- MSN Site Flaw Exposes Hotmail Accounts to Prying Eyes
News Story, PC Magazine, 07 June 2005
- MSN flaw put Hotmail accounts at risk
News Story, CNet, 06 June 2005
- Hacking hotmail, by Alex de Vries
Technical Information, Personal Web Page, 04 June 2005
Reported: Occurred: 27 May 2005
Classifications:
- Attack Method: Insufficient Authorization
- Outcome: Disclosure Only
Files containing sensitive information left unprotected on the web server
References:
Reported: Occurred: 27 June 2005
Classifications:
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
References:
Reported: Occurred: 05 May 2005
Classifications:
- Attack Method: Insufficient Authentication
- Outcome: Disclosure Only
Extranet system accessible to the public
References:
Reported: Occurred: 23 February 2005
Classifications:
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
Parameter tampering enabled jumping into someone else's account data on PayMaxx Inc. site
References:
Reported: Occurred: 05 December 2003
Classifications:
- Attack Method: SQL Injection
- Outcome: Disclosure Only
References:
Reported: Occurred: 14 June 2004
Classifications:
- Attack Method: Insufficient Authentication
- Attack Method: Insufficient Authorization
- Outcome: Disclosure Only
A billing information system required only phone number and zip code to pull up account details
References:
Reported: Occurred: 24 October 2003
Classifications:
- Attack Method: Insufficient Authorization
- Outcome: Disclosure Only
View other customers orders by changing a sequential number within a URL parameter
References:
Reported: Occurred: 18 June 2003
Classifications:
- Attack Method: SQL Injection
- Outcome: Disclosure Only
References:
Reported: Occurred: 08 May 2003
Classifications:
- Attack Method: Weak Password Recovery Validation
- Outcome: Disclosure Only
References:
Reported: Occurred: 13 February 2003
Classifications:
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
View other customers information by modifying a cookie
References:
Reported: Occurred: 09 July 2002
Classifications:
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
Opening an account with a discontinued e-mail address exposes all the information of the discontinues account
References:
Reported: Occurred: 05 November 2001
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
References:
Reported: Occurred: 03 August 2001
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
Persistent XSS HTML Injection inside an HTML email message to hotmail
References:
Reported: Occurred: 18 June 2001
Classifications:
- Attack Method: Credential/Session Prediction
- Outcome: Disclosure Only
View other orders by changing a sequential parameter number. Security was provided by client side JavaScript
References:
Reported: Occurred: 22 January 2001
Classifications:
- Attack Method: Predictable Resource Location
- Outcome: Disclosure Only
Sensitive files were left in a publicly accessible directory of a new web server install
References:
Reported: Occurred: 16 February 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Disclosure Only
An Israeli public debates site called Hyde Park has an XSS vulnerability that exposes session cookies.
References:
Reported: Occurred: 30 June 2004
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Attack Method: SQL Injection
- Outcome: Disclosure Only
References:
This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
|
