Professional Documents
Culture Documents
About-Cpanel Bug
About-Cpanel Bug
About-Cpanel Bug
ﻫﻤﺎﻥ ﻃﻮﺭ ﻛﻪ ﻣﻲ ﺩﺍﻧﻴﺪ :ﻣﺘﺎﺳﻔﺎﻧﻪ ﻫﺮ ﺭﻭﺯ ﺷﺎﻫﺪ ﻫﻚ ﺷﺪﻥ ﺳﺮﻭﺭﻫﺎﻱ ﺑﺰﺭﮒ ﺍﻳﺮﺍﻧﻲ ﻫﺴﺘﻴﻢ ﻭﺍﻗﻌﹰﺎ ﺁﻳﺎ ﻣﻲ
ﺗﻮﺍﻥ ﺟﻠﻮﻱ ﺍﻳﻦ ﺣﻤﻼﺕ ﺭﺍ ﮔﺮﻓﺖ؟ ﭼﺮﺍ ﻭﻗﺘﻲ ﻣﻲ ﺗﻮﺍﻧﻴﻢ ﺑﺎ ﻛﻤﻲ ﻭﻗﺖ ﮔﺬﺍﺷﺘﻦ ﻭ ﻣﻄﺎﻟﻌﻪ ﺟﻠﻮﻱ ﺍﻳﻦ ﺣﻤﻼﺕ
ﺭﺍ ﺑﮕﻴﺮﻳﻢ ﻭ ﺍﺯ ﺧﺴﺎﺭﺍﺕ ﻣﺎﺩﻱ ﻭ ﻣﻌﻨﻮﻱ ﺁﻥ ﺟﻠﻮﮔﻴﺮﻱ ﻛﻨﻴﻢ ﺍﻳﻦ ﻛﺎﺭ ﻧﻤﻲ ﻛﻨﻴﻢ؟ ﻫﺮ ﺭﻭﺯ ﭼﻨﺪﻳﻦ ﻫﺰﺍﺭ
ﻣﺪﺭﻙ ﺳﺎﺩﻩﻱ ﺍﻣﻨﻴﺖ ﺷﺒﻜﻪ ﺑﺘﻮﺍﻥ ﮔﻔﺖ ﺗﻮﺍﻧﺎﻳﻲ ﻛﺎﻓﻲ ﺩﺭ ﺍﻳﻦ ﺯﻣﻴﻨﻪ ﺭﺍ ﺩﺍﺭﺍ ﻫﺴﺘﻴﻢ .ﻫﻢ ﺍﻛﻨﻮﻥ ﺑﻪ ﻳﻚ
ﺳﺮﻱ ﺍﺯ ﺗﻮﺻﻴﻪ ﻫﺎﻱ ﺍﻣﻨﻴﺘﻲ ﺍﺷﺎﺭﻩ ﻣﻲ ﻛﻨﻴﻢ ﺗﻮﺳﻂ ﮔﺮﻭﻩ asquadﺍﺭﺍﺋﻪ ﺷﺪﻩ ﺍﺳﺖ.
ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﻣﻄﻤﺌﻦ ﺷﻮﻳﺪ ﺳﺮﻭﺭ ﺷﻤﺎ ﺩﺍﺭﺍﻱ ﺍﻳﻦ ﺑﺎﮒ ﻫﺴﺖ ﻳﺎ ﻧﻪ ﺍﻳﻦ ﻓﺎﻳﻞ phpﺭﺍ ﺭﻭﻱ ﺳﺮﻭﺭ ﺧﻮﺩ
ﺍﺟﺮﺍ ﻛﻨﻴﺪ.
http://64.240.171.106/cpanel.php
ﺍﻳﻦ ﺩﺭ ﻭﺍﻗﻊ ﻳﻚ local exploitﺍﺳﺖ ﻛﻪ ﺑﺮﭘﺎﻳﻪ perlﻧﻮﺷﺘﻪ ﺷﺪﻩ ﻭ ﻳﻜﻲ ﺍﺯ ﺧﻄﺮﻧﺎﻙ ﺗﺮﻳﻦ Bug
ﻫﺎﻱ ﺁﻥ ﺩﺳﺘﺮﺳﻲ ﺍﺯ ﻃﺮﻳﻖ nobody shellﺑﻪ userﻫﺎﻱ ﺩﻳﮕﺮ ﺍﺳﺖ ﻳﻌﻨﻲ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺗﻨﻬﺎ ﺑﺎ ﺩﺍﺷﺘﻦ
ﻳﻚ ﺍﻛﺎﻧﺖ ftpﺍﺯ ﻳﻚ ﺳﺮﻭﺭ ﺑﻪ ﻛﻞ ﺳﺎﻳﺖ ﻫﺎﻱ ﺭﻭﻱ ﺁﻥ ﺳﺮﻭﺭ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ .ﺣﺘﻲ ﻣﻲ ﺗﻮﺍﻧﻴﺪ
ﺑﻪ ﻋﻨﻮﺍﻥ ﻳﻚ ﻗﺮﺑﺎﻧﻲ ﺍﺯ ﺁﻥ ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻴﺪ ﻭ ﺍﻫﺪﺍﻑ ﺧﻮﺩ ﺭﺍ ﺍﺯ ﻃﺮﻳﻖ ﺁﻥ ﺳﺮﻭﺭ ﭘﻲ ﺑﮕﻴﺮﺩ.
1
ﻣﺮﻭﺭﻱ ﺑﺮ ﺑﺎﮒ CPanel
ﺳﺮﻭﻳﺲﺩﻫﻨﺪﻩ ﻫﺎﻱ ﻟﻴﻨﻮﻛﺲ ﺩﺍﺭﺍﻱ ﺍﻳﻦ ﻣﺸﻜﻞ ﻫﺴﺘﻨﺪ .ﺍﻳﻦ ﻣﺎﮊﻭﻝ ﺍﻣﻜﺎﻥ ﺩﺳﺘﺮﺳﻲ ﻳﻚ userﺑﻪ ﺩﻳﮕﺮ
ﺑﺮﺍﻱ ﺭﻓﻊ ﺍﻳﻦ ﻣﺸﻜﻞ ﺑﺎﻳﺪ apacheﺭﺍ ﺩﻭﺑﺎﺭﻩ ﺑﺮ ﭘﺎﻳﻪ mod_phpsuexecﺳﺎﺧﺖ(Build) .
ﻫﻢ ﺍﻛﻨﻮﻥ ﺗﻤﺎﻡ cpanelﻫﺎ ﺍﺯ ﺟﻤﻠﻪ stables ,Releases, currentﻭ ﺣﺘﻲ Cpanel
ﺑﻄﻮﺭ ﻛﻠﻲ ﻭﻗﺘﻲ mo_-phpﻓﻌﺎﻝ ﺍﺳﺖ ﺗﻤﺎﻡ scriptﻫﺎﻱ phpﺑﺎ ﻫﻤﺎﻥ ﻛﺎﺭﺑﺮ default web
(nobody) serverﺍﻧﺠﺎﻡ ﻣﻲ ﺷﻮﺩ .ﺍﻳﻦ ﺑﻪ userﻫﺎ ﺍﻳﻦ ﺍﻣﻜﺎﻥ ﺭﺍ ﻣﻲ ﺩﻫﺪ ﻛﻪ ﻫﺮ scriptﺍﻱ ﻛﻪ
ﺑﺨﻮﺍﻫﻨﺪ ﺑﺮﺍﻱ ﺳﺮﻭﺭ ﺍﺟﺮﺍ ﻛﻨﻨﺪ ﻭ ﺍﻳﻦ ﺑﺮﺍﻱ ﺳﺮﻭﺭﻫﺎﻳﻲ ﻛﻪ ﺑﻴﺶ ﺍﺯ ١ﺍﻛﺎﻧﺖ ﺩﺍﺭﺍ ﻣﻲ ﺑﺎﺷﻨﺪ ﻭ ﻧﻤﻲ
ﺧﻮﺍﻫﻨﺪ userﻫﺎ ﺑﻪ ﻣﺤﺪﻭﺩﻩ ﻫﻢ ﺩﻳﮕﺮ ﺩﺳﺘﺮﺳﻲ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻨﺪ ﺧﻄﺮﻧﺎﻙ ﺍﺳﺖ )ﺑﻪ ﻃﻮﺭ ﻛﻠﻲ web
serverﻫﺎ( ﻣﺘﺎﺳﻔﺎﻧﻪ mod-phpﺑﻪ ﺻﻮﺭﺕ ﭘﻴﺶ ﻓﺮﺽ ﺑﺮ ﺭﻭﻱ cpanelﻧﺼﺐ ﻣﻲﺷﻮﺩ )ﻭ ﺍﻳﻦ
ﻣﺸﻜﻞ ﺑﺰﺭﮔﻲ ﺍﺳﺖ( ﺍﻟﺒﺘﻪ ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﺍﻳﻦ ﻳﻚ Bugﻳﺎ exploitﻧﻴﺴﺖ ﺩﺭ ﻭﺍﻗﻊ ﻳﻚ ﺳﺮﻭﻳﺲ
ﻋﺎﺩﻱ ﻭ ﻃﺒﻴﻌﻲ ﻭ ﻣﺨﺼﻮﺹ mo_-phpﺍﺳﺖ ﻛﻪ ﻧﻤﻲ ﺗﻮﺍﻥ ﺁﻥ ﺭﺍ ﻣﻨﻊ ﻛﺮﺩ )ﻣﮕﺮ ﺑﺎ ﺗﺒﺪﻳﻞ ﺁﻥ ﺑﻪ php
(suexce
ﺑﺎ ﺍﻳﻦ ﺣﺎﻝ ﺑﺎﺯ ﻫﻢ suexecﺍﻱ ﻛﻪ ﻫﻤﺮﺍﻩ cpanelﺍﺭﺍﺋﻪ ﻣﻲ ﺷﻮﺩ ﺍﺟﺎﺯﻩ ﺍﺟﺮﺍﻱ ﻛﻨﺘﺮﻝ ﻧﺎﺷﺪﻧﻲ ﻳﻚ
ﺍﺳﺖ Cpanel .ﺑﺮﺍﻱ ﺭﻓﻊ ﺍﻳﻦ ﻣﺸﻜﻞ patchﺍﻱ ﺍﺭﺍﺋﻪ ﻛﺮﺩﻩ ﺍﺳﺖ.
)(home/cpapachebuild/buildapache/suexec.patch
2
ﻣﺮﻭﺭﻱ ﺑﺮ ﺑﺎﮒ CPanel
ﺍﻳﻦ patchﻓﻘﻂ ﺍﺟﺎﺯﻩ ﺍﺟﺮﺍﻱ ﺍﻳﻦ scriptﻫﺎ ﺭﺍ ﺑﺮﺍﻱ userﻫﺎﻱ ﻣﺨﺼﻮﺹ wheel ،rootﺭﺍ
ﻣﻲﺩﻫﺪ .ﻓﻘﻂ ﻣﺸﻜﻠﻲ ﺩﺍﺭﺩ ﻛﻪ ﺍﺟﺎﺯﻩ ﺍﺟﺮﺍﻱ shared scriptsﺭﺍ ﺩﺭ ﺻﻮﺭﺗﻲ ﻛﻪ ﺩﺍﻳﺮﻛﺘﻮﺭﻱ ﺍﺻﻠﻲ ﺁﻥ
ﻋﻼﻭﻩ ﺑﺮ ﺍﻳﻦ ﻫﻢ ﭼﻨﺎﻥ ﻳﻚ ﺳﺮﻱ scriptﻫﺎﻱ perlﻭ cgiﻭﺟﻮﺩ ﺩﺍﺭﺩ ﻛﻪ ﺩﺍﺭﺍﻱ ﻗﺎﺑﻠﻴﺖ exploit
/usr/local/cpanel/bin/proftodvhosts
/usr/local/cpanel/cgi-sys/addalinh.cgi
/usr/local/cpanel/cgi-sys/gustbook.cgi
/usr/local/cpanel/cgi-sys/mchat.cgi
…
ﺑﺮﺍﻱ ﺍﻃﻤﻴﻨﺎﻥ ﺍﺯ ﻭﺟﻮﺩ ﺍﻳﻦ expliotﻫﺎ ﺑﺮﻭﻱ ﺳﺮﻭﺭ ﺧﻮﺩ ﺍﻳﻦ ﺩﺳﺘﻮﺭ ﺭﺍ ﺍﺟﺮﺍ ﻛﻨﻴﺪ.
ﻼ ﺩﺭ ﺑﺮﺍﺑﺮ ﺍﻳﻦ
ﺍﮔﺮ ﺑﺎ ﺍﺟﺮﺍﻱ ﺍﻳﻦ ﺩﺳﺘﻮﺭ ﻫﻴﭻ ﭘﻴﻐﺎﻣﻲ ﺩﺭﻳﺎﻓﺖ ﻧﻜﺮﺩﻳﺪ ﺑﻪ ﺍﻳﻦ ﻣﻌﻨﻲ ﻛﻪ ﺳﺮﻭﺭ ﺷﻤﺎ ﻛﺎﻣ ﹰ
ﻧﻜﺎﺕ secureﺍﺳﺖ .ﻫﻤﭽﻨﻴﻦ ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺍﺯ ﻃﺮﻳﻖ ﺍﻳﻦ ﻟﻴﻨﻚ ﺳﺮﻭﺭ ﺧﻮﺩ ﺭﺍ ﺗﺴﺖ ﻛﻨﻴﺪ:
http://64.240.171.106/cpanel.php
ﺍﻳﻦ ﻓﺎﻳﻞ ﻳﻚ ﺳﺮﻱ php scriptﺑﺎ ﻳﻚ userﻣﻌﻤﻮﻟﻲ ﺍﺟﺮﺍ ﻣﻲ ﻛﻨﺪ ﻛﻪ ﺑﺎﻋﺚ ﺍﺟﺮﺍﺷﺪﻥ ﻓﺎﻳﻞ ﺍﺻﻠﻲ
tests.plﻣﻲ ﺷﻮﺩ .ﻣﻲ ﺗﻮﺍﻧﻴﺪ ﺍﺯ ﺍﻳﻦ ﺍﻃﻼﻋﺎﺕ ﻛﺎﻣﻞ ﺩﺭﺑﺎﺭﻩ ﺍﻳﻦ testerﺩﺭﻳﺎﻓﺖ ﻛﻨﻴﺪ:
http://www.a-sqvad.co/audit
3
ﻣﺮﻭﺭﻱ ﺑﺮ ﺑﺎﮒ CPanel
ﺍﻛﺜﺮ ﺳﺎﻳﺖﻫﺎ ﻫﺮ ﻛﺪﺍﻡ ﺭﻭﺷﻲ ﺑﺮﺍﻱ patchﻛﺮﺩﻥ ﺍﻳﻦ Bugﻫﺎ ﺍﺭﺍﺋﻪ ﻛﺮﺩﻥ ﻭﻟﻲ ﺍﻛﺜﺮﹰﺍ ﻛﺎﻣﻞ ﻧﻴﺴﺘﻨﺪ ﻭ
ﻳﺎ ﺩﺍﺭﺍﻱ ﺍﻳﺮﺍﺩ ﻫﺴﺘﻨﺪ .ﺩﺭ ﺯﻳﺮ ﺑﻪ ﭼﻨﺪ ﺭﻭﺵ ﺍﺷﺎﺭﻩ ﻣﻲ ﻛﻨﻴﻢ:
-١ﺑﻬﺘﺮﻳﻦ ﻛﺎﺭ )ﻛﻪ ﺑﺎﻋﺚ ﺍﺯ ﺑﻴﻦ ﺭﻓﺘﻦ ﻣﺸﻜﻼﺕ ﺩﻳﮕﺮ ﻧﻴﺰ ﻣﻲ ﺷﻮﺩ( ﺗﻐﻴﻴﺮ ﻣﺎﮊﻭﻝ phpﺍﺯ mod-
ﺍﺳﺖ ﻭ ﺍﻳﻦ ﻛﺎﺭ ﺷﻤﺎ ﻣﻤﻜﻦ ﺍﺳﺖ ﺑﺎﻋﺚ ﺍﻳﺠﺎﺩ ﺍﺧﺘﻼﻝ ﺩﺭ ﺑﻌﻀﻲ ﺳﺎﻳﺖ ﻫﺎ ﺷﻮﺩ.
)(/home/cdapachbuidl/buildapach/suexea.patch
ﻭﻟﻲ ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ ﻗﺒﻞ ﺍﺯ ﺍﻧﺘﺨﺎﺏ ﺭﺍﻩ ﺍﻭﻝ :ﺍﻳﻦ ﺭﺍﻩ ﺳﺮﻭﺭ ﺷﻤﺎ ﺭﺍ secureﻣﻲ ﻛﻨﺪ ﺍﻣﺎ ﻣﻤﻜﻦ
ﺍﺳﺖ ﻣﺸﻜﻼﺗﻲ ﺍﻳﺠﺎﺩ ﻛﻨﺪ ﻛﻪ ﺑﺴﺘﮕﻲ ﺑﻪ shared scriptﻫﺎﻱ ﺷﻤﺎ ﻭ userﻫﺎ ﻭ ﺳﺎﻳﺖ ﻫﺎﻱ ﺭﻭﻱ
ﺷﺎﻳﺪ ﺑﻬﺘﺮ ﺑﺎﺷﺪ suexec.patchﺍﺻﻼﺡ ﻛﻨﻴﺪ ﺗﺎ ﭘﻮﺷﻪ ﻫﺎﻱ ﺍﺻﻠﻲ ﺭﺍ ﺑﺮﺍﻱ ﺍﻳﻦ ﻣﺸﻜﻼﺕ ﺍﻣﻨﻴﺘﻲ
-3ﺍﮔﺮ ﻧﻤﻲ ﺗﻮﺍﻧﻴﺪ ﺭﺍﻩ ﺍﻭﻝ ﺭﺍ ﺍﻧﺘﺨﺎﺏ ﻛﻨﻴﺪ ﻳﺎ ﻧﮕﺮﺍﻥ ﺍﻳﺠﺎﺩ ﻣﺸﻜﻞ ﺑﺮ ﺭﻭﻱ ﺳﺮﻭﺭ ﻭ ﻳﺎ ﻋﻮﺽ ﻛﺮﺩﻥ
ﻣﺸﻜﻞ ﺭﺍ ﺍﺯ ﺑﻴﻦ ﺑﺒﺮﻳﺪ ﺩﺭ ﺯﻳﺮ ﺭﻭﺷﻲ ﺑﺮﺍﻱ ﺍﻳﻦ ﻛﺎﺭ ﺫﻛﺮ ﻛﺮﺩﻩ ﺍﻳﻢ.
4
ﻣﺮﻭﺭﻱ ﺑﺮ ﺑﺎﮒ CPanel
-------snip -------
---/usr/local/cpanel/bin/proftydvhosts.o 2003-02-22
09:38:52.000000000 - 0700
+++/usr/local/cpanel/bin/proftpdvhosts 2004-05-27
00:10:20.000000000 – 0600
@@ @@-1 , 5 +1 , 6
-#! /usr/bin/perl
+#! /usr/bin/perl-T
ﻓﻘﻂ ﻣﺸﻜﻠﻲ ﻛﻪ ﺩﺭ ﺍﻳﻦ ﺭﻭﺵ ﻭﺟﻮﺩ ﺩﺍﺭﺩ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺑﺎ ﺍﻧﺠﺎﻡ ﺍﻳﻦ taint clean Scriptﻫﺎ ﺑﻌﺪ ﺍﺯ
ﻫﺮ (/Scripts/upcp) cpanel, updateﺗﻤﺎﻡ ﺍﻳﻦ ﺗﻨﻈﻴﻤﺎﺕ ﺍﺯ ﺑﻴﻦ ﻣﻲ ﺭﻭﺩ ﻭ ﺩﻭﺑﺎﺭﻩ ﺑﺎﻳﺪ
ﺍﻧﺠﺎﻡ ﮔﺮﺩﺩ.
-٤ﺭﺍﻩ ﺭﺍﺣﺖ ﺗﺮ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ owner shipﺗﻤﺎﻡ untaint scriptﻫﺎ ﺭﺍ ﺑﻪ root wheel
ﺗﺒﺪﻳﻞ ﻛﻨﻴﺪ.
ﺑﻨﺎﺑﺮﺍﻳﻦ ﺷﻤﺎ ﺍﺣﺘﻴﺎﺟﻲ ﺑﻪ fixﻛﺮﺩﻥ ﻫﻴﭻ Scriptﺍﻱ ﻧﺪﺍﺭﻳﺪ .ﻓﻘﻂ ﻛﺎﻓﻲ ﺍﺳﺖ Schared Script
ﻫﺎ ﺭﺍ ﺑﻪ root wheelﺗﺒﺪﻳﻞ ﻛﻨﻴﺪ .ﺑﻨﺎﺑﺮﺍﻳﻦ ﺑﺮﺍﻱ ﺍﺟﺮﺍﺷﺪﻥ ﺁﻧﻬﺎ ﺣﺘﻤﹰﺎ ﺑﺎﻳﺪ ﺑﺎ root ،group
wheelﻭﺍﺭﺩ ﺷﻮﻧﺪ.
ﭘﻴﺸﻨﻬﺎﺩ ﻣﻲ ﻛﻨﻢ ﺑﺮﺍﻱ ﺍﻳﻨﻜﻪ ﺧﻴﺎﻝ ﺧﻮﺩ ﺭﺍ ﺭﺍﺣﺖ ﻛﻨﻴﺪ ﺗﻤﺎﻡ perl scriptﻫﺎﻱ ﻗﺎﺑﻞ ﺍﺟﺮﺍ ﺭﺍ ﻛﻪ ﻣﺎﻝ
root.wheelﻫﺴﺘﻨﺪ ﺭﺍ taint cleanﻛﻨﻴﺪ ﺍﮔﺮ ﻧﻤﻲ ﺗﻮﺍﻧﻴﺪ ﺍﻳﻦ ﻛﺎﺭ ﺭﺍ ﻛﻨﻴﺪ ﺁﻥ ﺭﺍ ﭘﺎﻙ ﻛﻨﻴﺪ ﻳﺎ
5
ﻣﺮﻭﺭﻱ ﺑﺮ ﺑﺎﮒ CPanel
ﺩﺭ ﻛﻞ Cpanelﻫﻤﻴﺸﻪ ﺧﻮﺩ ﺩﺍﺭﺍﻱ ﻣﺸﻜﻼﺕ ﺑﺴﻴﺎﺭ ﺑﻮﺩﻩ ﺍﺳﺖ ﻭ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﺍﻳﻦ ﻣﺸﻜﻞ ﺷﺎﻣﻞ ﺗﻤﺎﻡ
ﻧﺮﻡﺍﻓﺰﺍﺭﻫﺎﻱ 3dpartyﻭ opensourceﻣﻲ ﺑﺎﺷﺪ .ﺑﻬﺘﺮﻳﻦ ﻛﺎﺭ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ adminﻳﻚ ﺳﺮﻭﺭ
6
CPanel ﻣﺮﻭﺭﻱ ﺑﺮ ﺑﺎﮒ
:ﻣﻨﺎﺑﻊ
ﺩﻳﮕﺮﻱ. ﻣﻲ ﺑﺎﺷﺪmod-phpsuexc ﻣﺸﻜﻞ ﺭﺍ ﺑﺮﺭﺳﻲ ﻛﺮﺩﻳﻢ ﻳﻜﻲ ﻣﺮﺑﻮﻁ ﺑﻪ٢ ﺗﻮﺟﻪ ﺩﺍﺷﺘﻪ ﺑﺎﺷﻴﺪ
http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2004-0490
ﺍﮔﺮ ﺳﻮﺍﻝ ﻳﺎ ﺍﺷﻜﺎﻝ ﻭ ﺍﻳﺮﺍﺩﻱ ﻭﺟﻮﺩ ﺩﺍﺷﺖ ﺑﺎ ﻛﻤﺎﻝ ﻣﻴﻞ ﺩﺭ ﺧﺪﻣﺖ ﺩﻭﺳﺘﺎﻥ ﻭ ﻋﻼﻗﻪﻣﻨﺪﺍﻥ ﻋﺰﻳﺰ ﻣﻲ
.ﺑﺎﺷﻴﻢ
ﻓﺮﺷﺎﺩ ﺍﺳﻤﺎﻋﻴﻠﻴﺎﻥ