Penetration_Testing_POC/books/用友NC complainbilldetail SQL注入漏洞.html

<!DOCTYPE html> <html><!--
 Page saved with SingleFile 
 url: https://forum.butian.net/article/503 
--><meta charset=utf-8>
<meta http-equiv=X-UA-Compatible content="IE=edge">
<meta name=viewport content="width=device-width, initial-scale=1">
<meta name=csrf-token content=sKaWQokrOTC3iA9XXzaH65D8iBGicq4jNmsDOLZX>
<title>用友NC complainbilldetail SQL注入漏洞</title>
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
<meta name=description content="奇安信攻防社区-用友NC complainbilldetail SQL注入漏洞">
<meta name=author content="QIANXIN Team">
<meta name=copyright content="2021 QIANXIN.com">
<style>@media (max-width:767px){}</style>
<style>/*!
 * Bootstrap v3.4.1 (https://getbootstrap.com/)
 * Copyright 2011-2019 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}footer,nav{display:block}template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}img{border:0}button,input,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button{text-transform:none}button{-webkit-appearance:button}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" ("attr(href)")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}img{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}}@font-face{font-family:"Glyphicons Halflings";src:/* original URL: https://forum.butian.net/static/css/bootstrap/fonts/glyphicons-halflings-regular.woff2 */url(data:font/woff2;base64,d09GMgABAAAAAEZsAA8AAAAAsVwAAEYJAAECTQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACMcggEEQgKgqkkgeVlATYCJAOGdAuEMAAEIAWHIgeVUT93ZWJmBhtljDXsmI+A80Cgwj/+vggK2vaIIBusdPb/n5SghozBk8fY3CwzKw8ycQ3LRhauWU8b7AQmPrHpsWLSbaQ1gVqO5kgksapZihmcvXvsSAlqZIYL1YkM/LIl97nZp395IqcEA/f21yuNQLmMXb2rZZ/7e/rS+3aQoE5jiykOu275k8k/fj/okKRo8gD/nl/nJmkfxsrIHdGdBcGkiz+6PvzlXksg+3a0LRtj240x7fSAEokyS6Dhebf1LCdu5KvgAAco8DNFd2ngQgUXgqAmqf8L6c5UtGxo2DBNGtLY2tKGZOVZ2HLx77Kss250ad5d3Xl1cpW0vK77me4TVlhzag6hop7lZ01uGarTmUiBV5Wpw9QIIHIy9D5pVGBWN7jNUiixqMnPGuD/K6BvNvMnY8XIQrCP5gbrNOe31s653X+Hg4vjv5quVAldYVtRZDwzd3E4LI6F7nJUSRahOOESHI4wPkW4P/kqRajnl6aVI8/6NyeN7N39hlMJDAtvY/vKt+1fizcmIyrRKym9s6DQKzRhAbBBNrZjjOd5sdmjhmYoYhlG6ebk/+m0JDt7IFlBwzF2UC10R/j/jOHAsRXNIvuwldsBQ8JmLSBXgveuAprUmc51S9awSwjjI63tDuSs1ipLhjzb/AQgKNHf69T31/9a/mDZqwzltVuXJepZBVSKrHslr8mKJIitEKBze2/v7RmcF/KIgxjVu+92dCJw4Jw0YMjq36mKz6R9bwxg47PdFPonbhRl3D4K5EceNXMAevNfTvMKklBL06Z2bVXeC8m+e3q93PLu8/+fGfh/+IyHIjNgbA2SHAOWVyPUkL1eGEArjSwHY7nJa2+pjUFPG3AVbnW1p9R685Z6Sin13M6lHveY2zHHfeHh/0893n+ttoB4vlLGxGDBSolgp3GDFaWCVXMvvyv4a9J2xzF4bBrd3+dqEmwFlkVs7FxuRIzIw8a2r1aGseb/0Gpnm3taZOWJCHo3jwsUNf/fIQR4bcI1b8JbBxy9v3Xv+ya3rzHagkgQQmtB4uwIcXLqzlKQxA2jt7AWjyhcZ2j0EBTIN4ns0op5jz2GSLVa81VQaOnQJDgQUmfTBcQYgHrCZ82tyU46i+AAMXWsJNyFr6Shnj5S/V3l+hSXDqasIp/0Zje8lwv1S69efyeYquu9M5MrRS+8xF6JWVU1XahOQhcu3sqLpdI438Urzs2POI/5LHyJe018jEGKEeV1YXzQYYiSf+yO1d7LhdWdJQAKf2xLR6JQ7SwXTnUU5tzUa/5j7zhtWEDa02T/F8yYP3/x/NrzoudZ0ybP/nvq9pT4s8fPDj/bUNworhRHil22v8/G5K/kT+SP5Lfk1+SX5AZyLbmSXExGyQg5lywmp5N55DhyrPu0+zP3H9yfuD9wv+8+6n7b/br7FXPo5P8Fi54S0BCi00THCKR68zH6oT8SXFU1FnE9rdl00XrUkg6GJlqQbmqiJeltTbQifbyJ1nRr3kQbundooi09/22iHb1CE+3p9Tc28fSugyY60rvJcXQiC9YxOpMVrOvQlaypdTv0IktfoS9KZNZjMJZssvUcMB2yxSdeAxZCtvk4VkO21XpnsAayvawPBlsgO8r6ZOwK2VnWF2J/yIN1HQ6HvKl1O5xAnip9AQZ5iXwMLqmsJ0M+E1xnPRvyOeBW68WQrwG3W2+GfGfwoPVekB8MnrY+ivxkvAo5rc/H++QX7tjF+JQKKkV8QaUOj+MbKk2tW+NbKm1P3A7fUel6HD9Q6W7dGz9SKVmPwW9UJlvPAVUqi5U1EMBT2QxNQgv+7AShpfBbsxMKrYTfb1lEaK0Y1Xvs0Sx9MTxmjSYCNmikGIYnj4F/B8qlVSNWqAjeEa28H6GlRftEfyJUwaXeqdAGokFEOYP/ZUK5OqkHBhXEJQ8CT5zBINLQBBPxgofYRhJ1im4gFjc/JVIDRzQihLhmqWfHwUbquoEgDmE9gpEts9VRl+G9eStCvSzE+NAyw8sT1oU1opWH8JmEjHhuoQUVzqoEZiohobPm62zifEdYUfgg3oNVcJTkCsVFdSDCQJ4Bj6blLfCABB9Eby42WVr2gi0mYT5mEj+bAKuTTo9OnKIJXdRPL147XNoOwkrKDc9CBsdFc0pyGQSqkBkBoMSa9cYPFCfyhWcSL+Pj0UIXJZ+hHm8gH0P16rpulTeL3DoFfPV5g0t0sib3JKfYc698ufV3UIj5xFxpXb4kWhJAKwHNDLa21YA5MHhdu3K4rSW+yNUr9gdSVaxFbYcrFtywqqM7d6B1rMA5L0m8BdQ3yDfVprlR/mx1XKZ50A5XixBOKes4idywdlnuKnW0bQKUobG/6eKp4gS6bSgJZgbKRb3y/0c4sgyiaiNJrL1SjswX+XoMI3G437ffAQYJhClZoNckiwvh0JuGY18lv20teyEwLWALO+HlhazxFGh5VvXkwV1IdiEJzx90HGG9XEvvxRAeBqVbzDF7GgMi52ogNkDsljNUMCWlE78P6c6YIsfUmcZaSYZH5AabU5P3jYIusxHEzqNwB4HG06xTxjFl6fvZk8TYm535DFnBHv92uzgaCGSxXLFCoRdsoVP7/lIpBtIT04bn+a+WroALewJJitOG9NIlnZSvPvsw0I7aprNc8CeUY2e9MiU0oFGORKEKMM2SM0KyIslNjtWOJoDbimhJFcfC2qfSUmcQt01FpKGpobaaDUm9zigHqd7VNVWWRF0MffIdmQdi7Tgkl4fsOKg+8+FYIAGyB2iVImwetc6A4mocnS4liNuAGEhIxy0LSZqm3bgjMZIdQwE09d5Z
<style>/*!
 *  Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
 *  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
 */@font-face{font-family:"FontAwesome";src:/* original URL: https://forum.butian.net/static/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 */url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3L
<style>@media (min-width:1200px){.navbar-form{width:235px}}@media (min-width:768px){.navbar-form .form-control{width:100%}}@media (max-width:767px){.global-nav{width:100%;text-align:center;z-index:1000}}@media (max-width:767px){}.global-nav .nav{height:44px;padding:0}.navbar-form .btn{position:absolute;top:8px;right:30px;color:#999;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}.navbar-form .btn:hover,.navbar-form .btn:focus{color:#777}@media (min-width:768px){}@media (min-width:992px){}@media (min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}button,input,textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mb-50{margin-bottom:50px}.mt-10{margin-top:10px}.mt-15{margin-top:15px}.mt-30{margin-top:30px}.mt-60{margin-top:60px}.ml-10{margin-left:10px}.mr-5{margin-right:5px}.span-line{margin-left:8px;margin-right:8px;color:#999}.logo{float:left;margin:0;display:inline-block;width:150px}.logo a{display:block;height:50px;width:145px;background-image:/* original URL: https://forum.butian.net/css/default/logo.svg */url(data:image/svg+xml;base64,PHN2ZyBpZD0i5Zu+5bGCXzEiIGRhdGEtbmFtZT0i5Zu+5bGCIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQyNi4xMyAxMTEuNDIiPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+5aWH5a6J5L+h5pS76Ziy56S+5Yy6X2xvZ288L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTExMiw1Ny4zM3YtNGgzNy43OHY0aC00LjM5VjcxLjE4cS4wOCw1LjUzLTUuMTksNS40NGgtNC44OXYtNGgyLjM0YzEuMiwwLDEuNzgtLjYyLDEuNzUtMS45M1Y1Ny4zM1ptMS44LTExLjkydi00aDEzLjg1VjM4LjkzaDYuNDh2Mi41MWgxMy45M3Y0SDEzNi4zNXEzLDIuNTEsMTAuOTIsNC4zMXYzLjQ3UTEzNiw1MS42NSwxMzAuODcsNDcuNXEtNS4xLDQuMTQtMTYuMzYsNS42OVY0OS43MmM1LjI1LTEuMiw4Ljg4LTIuNjQsMTAuOTItNC4zMVptMi4wOSwyNy4yOFY1OS43NmgxOS4zN3Y3LjM2Yy4xMSwzLjgzLTEuNjcsNS42OC01LjM1LDUuNTdabTUuNDgtNGg2LjQ1YzEuMzkuMDksMi4wNS0uNjEsMi0yLjA5VjYzLjc4aC04LjQxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1My42Nyw1OC43MlY1NC41M2g0LjY5VjUwLjMxaDYuNTJ2NC4yMmgxNS42OVY1MC4zMWg2LjUzdjQuMjJoNC44MXY0LjE5aC01LjA2YTE1LjM2LDE1LjM2LDAsMCwxLTcuNTcsMTEuODgsOTIuNiw5Mi42LDAsMCwwLDEyLjIxLDIuMzR2NHEtMTIuMTMtMS4yNS0xOC43OC0zLjQ3LTYuNTcsMi4yMi0xOC43LDMuNDd2LTRhMTA0LDEwNCwwLDAsMCwxMi4xNy0yLjM0LDE1LjA2LDE1LjA2LDAsMCwxLTcuNTctMTEuODhabTM2LjYxLTE2Ljg2djcuMzZoLTYuMTVWNDZIMTYxLjM3djMuMjJoLTYuMTVWNDEuODZoMTMuODlWMzkuMDloNy4ydjIuNzdaTTE3Mi43NSw2OC4yMXE2LjY5LTMuMTgsNy42MS05LjQ5SDE2NS4wOVExNjUuOTMsNjUsMTcyLjc1LDY4LjIxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE5OSw3N1Y1Mi43M2EyNywyNywwLDAsMS0zLjQ3LDEuNDNWNTAuMzVhMTcuMiwxNy4yLDAsMCwwLDUuOS0xMWg1LjlhMzIuODYsMzIuODYsMCwwLDEtMi42OCw3LjdWNzdabTcuNzQtMzF2LTRoMTBWMzkuM2g2Ljd2Mi43NmgxMC4xMnY0Wm0xLjM0LDMwLjVWNjIuMjNIMjMxLjd2Ny43cS4xNyw2LjgxLTYuMTUsNi42MVptLjEzLTI0di0zLjhoMjMuNDJ2My44Wm0wLDYuN1Y1NS40MWgyMy40MnYzLjgxWm0xNy44NiwxMC42MlY2Ni4ySDIxMy43MXY2LjMyaDEwLjEyQzIyNS4zOSw3Mi42MywyMjYuMTMsNzEuNzQsMjI2LjA1LDY5Ljg0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTIzNy43Niw0Ni40NnYtNGgxNC40OHY0SDI0OFY2NS4yNGMxLjQyLS4zLDMtLjcxLDQuNzMtMS4yMXY0LjE0YTU1LjQxLDU1LjQxLDAsMCwxLTE1LjE0LDMuNzdWNjYuNzljMS4yNS0uMDgsMi43OC0uMjQsNC42LS40NlY0Ni40NlptMTMuNDMsOC4wN1Y1MC44MXE0LjY5LTQsNS40NC0xMS41NWg2LjExYTMyLjMxLDMyLjMxLDAsMCwxLTEuMDUsNC40NGgxMy43N3Y0aC0zcS0uODQsMTEuODUtNS44NiwxOC4yYTQzLjI2LDQzLjI2LDAsMCwwLDguNDksNi44MnY0LjQ0YTQ5LjQxLDQ5LjQxLDAsMCwxLTEyLTcuNTMsNTIuMTMsNTIuMTMsMCwwLDEtMTIuNjQsNy41N1Y3Mi44MUE0MC4wNyw0MC4wNywwLDAsMCwyNTkuNzMsNjZhMzQuMzgsMzQuMzgsMCwwLDEtNS42MS0xMi44QTIxLjc4LDIxLjc4LDAsMCwxLDI1MS4xOSw1NC41M1ptOC4yNS0zLjcyYTM2LjQsMzYuNCwwLDAsMCwzLjc2LDEwLjVxMi43MS00Ljg5LDMuNDMtMTMuNTZIMjU5LjlhMTUuMSwxNS4xLDAsMCwxLTIuNDcsMy4wNloiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yODAuNTYsNzYuOTFWNDAuNjRoMTMuNzN2NGEyNS44NiwyNS44NiwwLDAsMS0yLjY0LDEwLDExLjMyLDExLjMyLDAsMCwxLDMsNy40cS4xNyw4LjUzLTcuOTEsOC4zN1Y2NS45MWMyLDAsMy0
<style>a{text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}.navbar-inverse{background-color:#2a8c70;border-color:#2b7a5c}.navbar-inverse .navbar-nav>li>a{color:#fff;padding-left:6px;padding-right:6px}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#008151}@media (max-width:767px){}@media (max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#E7F2ED;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}.btn-primary{border-color:#008151;background-color:#009a61;color:#fff}.btn-primary.active,.btn-primary:active,.btn-primary:focus,.btn-primary:hover,.open>.btn-primary.dropdown-toggle{border-color:#00432a;background-color:#006741;color:#fff}.btn-primary.active,.btn-primary:active,.open>.btn-primary.dropdown-toggle{background-image:none}.btn-success{border-color:#4cae4c;background-color:#5cb85c;color:#fff}</style>
<style>@font-face{font-family:qax-design-icons;src:/* original URL: https://forum.butian.net/static/js/qaxd/fonts/qax-design-icons.woff */url(data:font/woff;base64,d09GRgABAAAAAG4oAAsAAAAA2pQAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFY9Fkm8Y21hcAAAAYAAAAdUAAARKjgK0qlnbHlmAAAI1AAAWZoAALGMK9tC4GhlYWQAAGJwAAAALwAAADYU7r8iaGhlYQAAYqAAAAAdAAAAJAfeBJpobXR4AABiwAAAABUAAARkZAAAAGxvY2EAAGLYAAACNAAAAjR9hqpgbWF4cAAAZQwAAAAfAAAAIAIxAJhuYW1lAABlLAAAAUoAAAJhw4ylAXBvc3QAAGZ4AAAHsAAADQvkcwUbeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2BkYWCcwMDKwMHUyXSGgYGhH0IzvmYwYuRgYGBiYGVmwAoC0lxTGByeLXh+irnhfwNDDHMDQwNQmBEkBwD5Vw1OeJzd1/W3l3UWxfH359JdUoPBYMugiNjJDAx2dzMY2N3d3d0oJd1IIx12d+s5JoPiICbuh/0H+Puw1ot17113rfu98ey9D1AHqCX/kNp68xeK3qLmR320rP54LRqu/njtmkV6vxMd9Xk10T+GxKSYFUtjeazKVtk+O2bn7JG9sk8uzCWrVoE+Z0AMjckxO5bFiqzJ1tkhO2WX7Jm9s28urj7nL/4Vfb1ObEJP9mcE45hHsJSVpWHpVrqXfjVdV39OjV5jbX0ndalHfRro9TaiMU1oSjOa04KWtGINWtOGtrSjPX+jA2uyFmuzjr6bv+srrMt6rM8GbMhGbKyv11nfdxc2ZTO6sjnd2ILubMlWbM02bMt2bM8O7MhO7Mwu9OCf/EuvsBf/pje7shu7swd7shd7sw/7sp9e+wEcyEEczCEcymEczhEcyVEczTEcSx/+Q1+O43hO4ET6cRIncwqnchqncwZnchZncw7nch7ncwEXchEXcwmXchmXcwVXchVXcw3Xch3XcwM3chM3cwu3chu3cwd3chd3cw/3ch/38wAP8hAP8wiP8hiP8wT9eZKnGMBABjGYITzNUIYxXD/tkYxiNGMYq5/7eCYwkUk8w2SmMJVpTGcGM5nFs8xmDnP1m5nPAhayiMUs4Tme5wXe4E3e4kXe5h1e4mVe4VVe411e5z3e5wM+5CM+5hM+5TM+5wv9bpMv+Yqv+YZv+U6/6f+yjO/5geX8yP9YwU+s5Gd+4Vd+43f+YFWhlFJTapXapU6pW+qV+qWB/joalcalSWlampXmpUVpWVqVNUrr0qa0Le30B1P3L//u/v//Na7+a9LV71Q/lehv1VMfA0xPFjHQqpSIQVYlRQy2KkFiiOkJJIaankVimOmpJIabnk9ihFXJEiNNzywxyqpXF6NNzzExxvREE2NNzzYxzvSUE+NNzzsxwfTkExNNGUBMMqUBMdmUC8QUU0IQU01ZQUwzqp/PdFN+EDNMSULMNGUKMcuULsRsU84Qc0yJQ8w1ZQ8xz5RCxHxTHhELTMlELDRlFLHIlFbEYlNuEUtMCUY8Z8oy4nlTqhEvmPKNeNGUdMRLpswjXraqDeIVUw4Sr5oSkXjNlI3E66aUJN4w5SXxpik5ibdMGUq8bUpT4h1TrhLvmhKWeM+UtcT7ptQlPjDlL/GhKYmJj0yZTHxsSmfiE1NOE5+aEpv4zJTdxOemFCe+MOU5EaZkJ9KU8cSXprQnvjLlPvG1qQGIb0xdQHxragXiO1M/EEtNTUEsM3UG8b2pPYgfTD1CLDc1CrHC1C3ET6aWIVaa+ob42dQ8xC+mDiJ+NbUR8Zupl4jfTQ1F/GHqKmKVqbXIGlN/kbVMTUbWNnUaWcfUbmRdU8+R9UyNR9Y3dR/ZwNSCZENTH5KNTM1INjZ1JNnE1JZkU1Nvks1MDUo2N3Up2cLUqmRLU7+SrUxNS7Y2dS7ZxtS+ZFtTD5PtTI1Mtjd1M9nB1NLkmqa+JtcyNTe5tqnDyXVMbU52NPU62cnU8OS6pq4n1zO1Prm+qf/JDUxLgNzQtAnIjUzrgNzYtBPITUyLgexs2g5kF9OKIDc17QlyM9OyILuaNga5uWltkN1Mu4PcwrRAyO6mLUJuaVol5FamfUJubVoq5DamzUJua1ov5HamHUNub1o05A6mbUPuaFo55E6mvUPubFo+5C6mDUT2MK0hsqdpF5G9TAuJ7G3aSuSuptVE7mbaT+TupiVF7mHaVOSepnVF7mXaWeTepsVF7mPaXuS+phVG7mfaY+T+pmVGHmDaaOSBprVGHmTabeTBpgVHHmLacuShplVHHmbad+ThpqVHHmHafOSRpvVHHmXageTRpkVIHmPahuSxppVI9jHtRbKvaTmSx5k2JHm8aU2SJ5h2JXmiaWGS/UxbkzzJtDrJk037kzzFtETJU02blDzNtE7J0007lTzDtFjJM03blTzLtGLJs017ljzHtGzJc00blzzPtHbJ8027l7zAtIDJC01bmLzItIrJi037mLzEtJTJS02bmbzMtJ7Jy007mrzCtKjJK03bmrzKtLLJq017m7zGtLzJa00bnLzOtMbJ6027nLzBtNDJG01bnbzJtNrJm037nbzFtOTJW02bnrzNtO7J2007n7zDtPjJO03bn7zLdAWQd5vuAfIe02VA3mu6Ecj7TNcCeb/pbiAfMF0Q5IOmW4J8yHRVkA+b7gvyEdOlQT5qujnIx0zXB/m46Q4hnzBdJGR/021CPmm6UsinTPcKOcB0uZADTTcMOch0zZCDTXcNOcR04ZBPm24dcqjp6iGHme4fcrjpEiJHmG4icqTpOiJHme4kcrTpYiLHGOr1HGvVoZ/jrOidHG+l6vwJVqrOn2il6vxJVqrOf8aqyyonW6k6f4qVqvOnWqk6f5qVqvOnW6k6f4aVqvNnWqk6f5aVqvOftVJ1/mwrVefPsVJ1/lwrVefPs1J1/nwr2v+5wErV/wutVP2/2ErV/0ustPsTkfxhoXicrL0JYFvVlTD87n3aV2u3LVvWYkl2HCu2ZUl2nNjPibM6GyGrQxKFhCRAEkKAsIYIaIeUJYQBSsO0YEjLsJXSQqa0LBVbof0oy7TTUjpQt512Ol9ppzt0Gr3859z7nvTkWCTM9yfWffu9525nv+cKegH+iYdEk+AQ4kKn0C/MEwQS8PcMkWxvMhF1EoM3YDSk6BBJJnrhZk/A74Wb0RnUaPD6e3KEXaZI5RE/J72/sDRYXu/rm3V04HXz7Yeal/STphs7g8HXl7++fHT09ablzWOdh8yeBgu5zmw+7mg1249bGrdZLMftMYv9uDlI7v6F2fz6wNFZfX2vWxo/uLGJ9C9pPtTZvLzp9dFRyOP1pqYNnYcsDR4zNUFJx+3mVshhm6XR8hQ7NQuiIJwsioIoCXVCm9AF9Yr0ZDOu3kQsEjX4XF5/Wu9zkGgimYmlSNI1SHKREAm4HMTYQXxQt2yGjBPB4XY75CKmRCDZlVkitWcJybarx4LkbnITAR6zl2TJ4ZbG27PZ9nF8qchfkvHlcXwOza0DuP4uviYuFDxChzAozAfIEoMkRAzGEBkkmTRAkCIz4EbAn81lE8mEwYiPAwhmwuDh3ZGAR/5AiBgdcDNpNIRIjhJdU2aaranRNTCUlOjYyMgYvdb5qU2bjtR7l69e++XcrFuuW0gkeu7SpfvOeSM02k+Cb2R7t2z95dpV7vmLf3qswfeK3RKzk2JwmjWY6TA2Bdw9EcgDcgptutIo7tpwzv3t8a6l7ea5VyxaeqFRPyZ/840g6R8NvbH7p4vnu1et/eXWLb1jvoZvYx8KRqjnSXGvOCJYBL8wJGwQzhMuFq6G2mZ6E9gDaRhlUWMmzS6bSbonRI0iVD4C9RQTgzQdywxSfyAb4IcQbcbadmCXxTKJGSQWNbSQCLR
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}@media print{}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#FFEBE9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#ffffff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body a{background-color:transparent;color:var(--color-accent-fg);text-decoration:none}.markdown-body a:active,.markdown-body a:hover{outline-width:0}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:0.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body a:hover{text-decoration:underline}.markdown-body h2{margin-top:24px;margin-bottom:16px;line-height:1.25}.markdown-body h2{font-weight:600;padding-bottom:0.3em;font-size:1.5em;border-bottom:1px solid var(--color-border-muted)}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0!important}.markdown-body>*:last-child{margin-bottom:0!important}.markdown-body a:not([href]){color:inherit;text-decoration:none}.markdown-body p{margin-top:0;margin-bottom:16px}.markdown-body code{padding:0.2em 0.4em;margin:0;font-size:85%;background-color:var(--color-neutral-muted);border-radius:6px}.markdown-body ::-webkit-calendar-picker-indicator{-webkit-filter:invert(50%);filter:invert(50%)}</style>
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
<!--[if lt IE 9]>
    <script src="/static/js/html5shiv.min.js"></script>
    <script src="/static/js/respond.min.js"></script>
    <![endif]-->
<style>.hot{z-index:10}</style>
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
 * Waves v0.7.5
 * http://fian.my.id/Waves
 * 
 * Copyright 2014-2016 Alfiana E. Sibuea and other contributors
 * Released under the MIT license
 * https://github.com/fians/Waves/blob/master/LICENSE
 */</style><style>@media (max-height:620px){}@media (max-height:783px){}@-webkit-keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}@keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}</style><style>@-webkit-keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@media (pointer:coarse){}</style><style>:root{--sr-annote-color-0:#b4d9fb;--sr-annote-color-1:#ffeb3b;--sr-annote-color-2:#a2e9f2;--sr-annote-color-3:#a1e0ff;--sr-annote-color-4:#a8ea68;--sr-annote-color-5:#ffb7da}</style><style>@-webkit-keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@-webkit-keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes fadeOut{0%{opacity:1}to{opacity:0}}@keyframes fadeOut{0%{opacity:1}to{opacity:0}}@-webkit-keyframes fadeIn{0%{opacity:0}to{opacity:1}}@keyframes fadeIn{0%{opacity:0}to{opacity:1}}@-webkit-keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:tra
<body>
<div class="global-nav mb-50">
 <nav class="navbar navbar-inverse navbar-fixed-top">
 <div class="container nav">
 <div class="visible-xs header-response sf-hidden">
 
 
 
 
 </div>
 <div class="row hidden-xs">
 <div class="col-sm-9 col-md-9 col-lg-9">
 <div class=navbar-header>
 <button type=button class="navbar-toggle collapsed sf-hidden" data-toggle=collapse data-target=#global-navbar>
 
 
 
 
 </button>
 <div class=logo><a class="navbar-brand logo" href=https://forum.butian.net/></a></div>
 </div>
 <div class="collapse navbar-collapse" id=global-navbar>
 <ul class="nav navbar-nav">
 <li><a href=https://forum.butian.net/>首页 <span class=sr-only>(current)</span></a></li>
 
 
 
 <li><a href=https://forum.butian.net/questions>问答</a></li>
 
 
 
 <li><a href=https://forum.butian.net/shop>商城</a></li>
 
 <li><a href=https://forum.butian.net/community>实战攻防技术</a></li>
 <li><a href=https://forum.butian.net/articles>漏洞分析与复现</a>
 <span class=hot>NEW</span>
 </li>
 <li><a href=https://forum.butian.net/movable>活动</a></li>
 <li><a href=https://forum.butian.net/questions/Play>摸鱼办</a>
 
 </li>
 </ul>
 <form role=search id=top-search-form action=https://forum.butian.net/search method=GET class="navbar-form hidden-sm hidden-xs pull-right">
 <span class="btn btn-link"><span class=sr-only>搜索</span><span class="glyphicon glyphicon-search"></span></span>
 <input type=text name=word id=searchBox class=form-control placeholder value>
 </form>
 </div>
 </div>
 
 </div>
 </div>
 </nav>
</div>
<div class="top-alert mt-60 clearfix text-center">
 <!--[if lt IE 9]>
    <div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>，放学别走，升级完浏览器再说
        <a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
    </div>
    <![endif]-->
 
 </div>
<div class=wrap>
 <div class=container>
 <div class="row mt-10">
 <div class="col-xs-12 col-md-9 main" style=width:100%>
 <div class=widget-article>
 <h3 class="title word-wrap">用友NC complainbilldetail SQL注入漏洞</h3>
 <ul class=taglist-inline>
 <li class=tagPopup><a class=tag href=https://forum.butian.net/topic/48>漏洞分析</a></li>
 </ul>
 <div class="content mt-10">
 <div class="quote mb-20">
 用友NC是用友网络科技股份有限公司开发的一款大型企业数字化平台。它主要用于企业的财务核算、成本管理、资金管理、固定资产管理、应收应付管理等方面的工作，致力于帮助企业建立科学的财务管理体系，提高财务核算的准确性和效率。 
用友NC 存在SQL注入漏洞，未授权的攻击者可以通过该漏洞获取数据库敏感信息。
 </div>
 <textarea id=md_view_content style=display:none value="一、漏洞简介
------

用友NC是用友网络科技股份有限公司开发的一款大型企业数字化平台。它主要用于企业的财务核算、成本管理、资金管理、固定资产管理、应收应付管理等方面的工作，致力于帮助企业建立科学的财务管理体系，提高财务核算的准确性和效率。

用友NC 存在SQL注入漏洞，未授权的攻击者可以通过该漏洞获取数据库敏感信息。

二、影响版本
------

NC633、NC65

三、漏洞原理分析
--------

漏洞主要因为complainbilldetail接口的pk\_complaint参数未进行过滤，存在SQL注入。

首先定位到漏洞入口

`nc.bs.ebvp.adviceorappeal.AppealrespController#complaindetail`

在入口处设置断点，构造`payload`并进行发送，成功在断点处停下。同时可以看到，我们传入的载荷。

![image-20240731212804275.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-e5a62d94c76deeb717618616f2186643b25f7201.png)

继续跟进该参数，直接传递到`nc.impl.ebpur.adviceorappeal.service.AppealQueryServiceImpl#queryComplaintVOByPk`函数，该函数接收两个参数，两个参数都是从http请求传递过来，未进行任何过滤。

![image-20240731213246943-1722432768861-1.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-375564f065d8fe6589459f2709422c8aa9922e1c.png)

紧接着又把`pk`传递给`nc.pubimpl.srmsm.complaint.ComplaintMaintainServiceImpl#queryComplaintVOByPk`，另一个参数不用理会，用不到。

![image-20240731213200466.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-f49f3e89f85dd55f9f18b4d6026817ba411d011c.png)

接着把`pk`参数转换成字符串列表，传递给`nc.impl.pubapp.pattern.data.bill.BillQuery#query(java.lang.String[])`。

![image-20240731213452223.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-391cec5f03c4e4d000a70746f150de36279bc289.png)

接下来就开始拼接sql语句了。这里的`query`函数，说明是一个查询语句。进行跟进

先判断参数长度是否为空，接着用`nc.impl.pubapp.pattern.data.table.TableIDQueryCondition`构造查询条件，后边就进行数据库中操作了。

![image-20240731213901939.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-fa724f37afb6c659f2c5171989043e35ca4ab20f.png)

主要的sql语句拼接就是在这个位置，该函数先把传递的字符串初始化给idList数组。

![image-20240731214800337.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-50d3db90308da55fcdf1e495d3394523b72fb4fe.png)

之后会调用build进行生成

![image-20240731214853928.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-b5ad3a49caeb80810c1ead4aca6f6ad9141df468.png)

可以看到，在`buildInSql`中直接把参数拼接进了sql语句。这里之所以两个处理函数，是为了应对多个`where`条件的情况。第二个参数`field`就是表列名，不同的模块，不同的表列名。这里不用理会第二个处理函数，因为sql注入的时候，直接用注释符把后边的语句注释掉了。

![image-20240731215023881.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-4fcef3b94620528ed3caea54a4db276402657c3f.png)

现在的sql语句虽然没有过滤就进行了拼接，还不能100%保证一定存在sql注入。还需要继续跟进，看看执行sql语句的时候，是否用来占位符查询。

跟进另一个Query函数，这里正是进入sql执行阶段。第一个红框把表列传递给build生成sql语句。第二个红框进行查询执行。

![image-20240731215621911.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-d7ba917e9b59d082494e7efde564500459ee078b.png)

把前边`where`语句拼接进整个sql，用`DataAccessUtils.query()`进行查询。

![image-20240731215938107.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-934398c6583f2628654e0ad5fe6cbc3eed5481b3.png)

同样没有进行任何过滤，也没有用占位符查询的方式。同样的，后边的sql语句不用理会，直接被注释掉了。

![image-20240731220135136.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-da9aead1a089be7bc4a3ad5fee922e185cd70f0d.png)

至此，已经可以确定存在SQL注入漏洞。

四、环境搭建
------

环境搭建部分，这里就不重复了，奇安信攻防社区有很详细的安装过程。直接参考即可。

传送门： (通过代码审计某友获取CNVD高危证书)\[<https://forum.butian.net/share/3058>\]

![image-20240731220605865.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-cdd6fa0618c3677db7865301b3b00e73ddeb8c23.png)

五、漏洞复现
------

[http://192.168.45.148/ebvp/advorappcoll/complainbilldetail?pageId=login&amp;amp;pk\_complaint=1](http://192.168.45.148/ebvp/advorappcoll/complainbilldetail?pageId=login&amp;pk_complaint=1)'waitfor+delay+'0:0:10'--

![image-20240731220820235.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-70ff300d3d03b6d0d7ccac47c3c5aabe23d46c8c.png)

六、总结
----

该SQL注入漏洞主要是因为系统未对`pk_complaint`参数进行任何过滤，导致sql注入漏洞。经过我的分析，这个接口很有可能是被作者忘记了，因为其他接口基本都采用占位符的方式进行查询，可以有效的防治SQL注入漏洞。">一、漏洞简介
------

用友NC是用友网络科技股份有限公司开发的一款大型企业数字化平台。它主要用于企业的财务核算、成本管理、资金管理、固定资产管理、应收应付管理等方面的工作，致力于帮助企业建立科学的财务管理体系，提高财务核算的准确性和效率。

用友NC 存在SQL注入漏洞，未授权的攻击者可以通过该漏洞获取数据库敏感信息。

二、影响版本
------

NC633、NC65

三、漏洞原理分析
--------

漏洞主要因为complainbilldetail接口的pk\_complaint参数未进行过滤，存在SQL注入。

首先定位到漏洞入口

`nc.bs.ebvp.adviceorappeal.AppealrespController#complaindetail`

在入口处设置断点，构造`payload`并进行发送，成功在断点处停下。同时可以看到，我们传入的载荷。

![image-20240731212804275.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-e5a62d94c76deeb717618616f2186643b25f7201.png)

继续跟进该参数，直接传递到`nc.impl.ebpur.adviceorappeal.service.AppealQueryServiceImpl#queryComplaintVOByPk`函数，该函数接收两个参数，两个参数都是从http请求传递过来，未进行任何过滤。

![image-20240731213246943-1722432768861-1.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-375564f065d8fe6589459f2709422c8aa9922e1c.png)

紧接着又把`pk`传递给`nc.pubimpl.srmsm.complaint.ComplaintMaintainServiceImpl#queryComplaintVOByPk`，另一个参数不用理会，用不到。

![image-20240731213200466.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-f49f3e89f85dd55f9f18b4d6026817ba411d011c.png)

接着把`pk`参数转换成字符串列表，传递给`nc.impl.pubapp.pattern.data.bill.BillQuery#query(java.lang.String[])`。

![image-20240731213452223.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-391cec5f03c4e4d000a70746f150de36279bc289.png)

接下来就开始拼接sql语句了。这里的`query`函数，说明是一个查询语句。进行跟进

先判断参数长度是否为空，接着用`nc.impl.pubapp.pattern.data.table.TableIDQueryCondition`构造查询条件，后边就进行数据库中操作了。

![image-20240731213901939.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-fa724f37afb6c659f2c5171989043e35ca4ab20f.png)

主要的sql语句拼接就是在这个位置，该函数先把传递的字符串初始化给idList数组。

![image-20240731214800337.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-50d3db90308da55fcdf1e495d3394523b72fb4fe.png)

之后会调用build进行生成

![image-20240731214853928.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-b5ad3a49caeb80810c1ead4aca6f6ad9141df468.png)

可以看到，在`buildInSql`中直接把参数拼接进了sql语句。这里之所以两个处理函数，是为了应对多个`where`条件的情况。第二个参数`field`就是表列名，不同的模块，不同的表列名。这里不用理会第二个处理函数，因为sql注入的时候，直接用注释符把后边的语句注释掉了。

![image-20240731215023881.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-4fcef3b94620528ed3caea54a4db276402657c3f.png)

现在的sql语句虽然没有过滤就进行了拼接，还不能100%保证一定存在sql注入。还需要继续跟进，看看执行sql语句的时候，是否用来占位符查询。

跟进另一个Query函数，这里正是进入sql执行阶段。第一个红框把表列传递给build生成sql语句。第二个红框进行查询执行。

![image-20240731215621911.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-d7ba917e9b59d082494e7efde564500459ee078b.png)

把前边`where`语句拼接进整个sql，用`DataAccessUtils.query()`进行查询。

![image-20240731215938107.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-934398c6583f2628654e0ad5fe6cbc3eed5481b3.png)

同样没有进行任何过滤，也没有用占位符查询的方式。同样的，后边的sql语句不用理会，直接被注释掉了。

![image-20240731220135136.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-da9aead1a089be7bc4a3ad5fee922e185cd70f0d.png)

至此，已经可以确定存在SQL注入漏洞。

四、环境搭建
------

环境搭建部分，这里就不重复了，奇安信攻防社区有很详细的安装过程。直接参考即可。

传送门： (通过代码审计某友获取CNVD高危证书)\[&lt;https://forum.butian.net/share/3058&gt;\]

![image-20240731220605865.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-cdd6fa0618c3677db7865301b3b00e73ddeb8c23.png)

五、漏洞复现
------

[http://192.168.45.148/ebvp/advorappcoll/complainbilldetail?pageId=login&amp;amp;pk\_complaint=1](http://192.168.45.148/ebvp/advorappcoll/complainbilldetail?pageId=login&amp;pk_complaint=1)'waitfor+delay+'0:0:10'--

![image-20240731220820235.png](https://shs3.b.qianxin.com/attack_forum/2024/07/attach-70ff300d3d03b6d0d7ccac47c3c5aabe23d46c8c.png)

六、总结
----

该SQL注入漏洞主要是因为系统未对`pk_complaint`参数进行任何过滤，导致sql注入漏洞。经过我的分析，这个接口很有可能是被作者忘记了，因为其他接口基本都采用占位符的方式进行查询，可以有效的防治SQL注入漏洞。</textarea>
 <div id=layer-photos-demo>
 <div id=md_view><div class=markdown-body><h2 blockindex=0>一、漏洞简介</h2>
<p blockindex=1>用友NC是用友网络科技股份有限公司开发的一款大型企业数字化平台。它主要用于企业的财务核算、成本管理、资金管理、固定资产管理、应收应付管理等方面的工作，致力于帮助企业建立科学的财务管理体系，提高财务核算的准确性和效率。</p>
<p blockindex=2>用友NC 存在SQL注入漏洞，未授权的攻击者可以通过该漏洞获取数据库敏感信息。</p>
<h2 blockindex=3>二、影响版本</h2>
<p blockindex=4>NC633、NC65</p>
<h2 blockindex=5>三、漏洞原理分析</h2>
<p blockindex=6>漏洞主要因为complainbilldetail接口的pk_complaint参数未进行过滤，存在SQL注入。</p>
<p blockindex=7>首先定位到漏洞入口</p>
<p blockindex=8><code>nc.bs.ebvp.adviceorappeal.AppealrespController#complaindetail</code></p>
<p blockindex=9>在入口处设置断点，构造<code>payload</code>并进行发送，成功在断点处停下。同时可以看到，我们传入的载荷。</p>
<p blockindex=10><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABhEAAAHBCAYAAABnkZoiAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3wc1b338c9skVa9Ws0qtuVOccOmmGZjsGNK6CW0EEjCDdxcEu7Nk3sf8qR3Qm5IMCmkUEJvoRgMBhOMA9i4gLtlWZKt3rXSFmnLef6QbLW1Lcmy5fJ9v155hZ09c86ZOTMrOL+Z37HyC8YZZL/SRmXQUFc70t0QERERERERERE5qNG5+VSU7x7pbojIccQ20h0QEREREREREREREZGjk4IIIiIiIiIiIiIiIiISkYIIIiIiIiIiIiIiIiISkYIIIiIiIiIiIiIiIiISkYIIIjI0caM55eQ8oozWZhcRERERERERETleOUa6AyIyNMZYOB1hgiHryLZLIidf/iVuXjidUZXPc+/G3XQc0R6IiIiIiIiIiIjIkeIwBqJS8hmdnUas0yLY4aGlupSaJj9YESYn4wqYOCEVz64NVLh7P4FsbHGkj5lAdmIUtBSzqaThCB2G7GUMpE7N5fMLMpk8OgaXLUhLRTMfLSvmja0d+8a04POz+Nb5cfv2C7b7qS2r5+0Xd7G6ZqR6f3gZA+POLOBUGnj9w1aCfa5vY2K58v/OYl6aofT1j3ng3UDntv+ZyXlpFlVvrebnb7WPUO97Myaai/5jJp/Pa2fZb9fy6u4jE0gwJp4Zt9/H1+a62Lns9yx5czXNkX4nRERERERERERE5LjgsCWOYeyYNIJ1FVR4AjiSsskcMxlb4FOqPL0LG+MiMy8Dh7uU6pZw7yCDM4nRhRNIdfrwdkQRe2SPQ7okTJvEvbemQXE17726m4agk7xTc1h4x6nE/34dz+3sDvwYbwOvPVVFFeBIiOO0+QXc8jUn7T/bxqe+43Fi2EbBzHwupJ1lH7YS3E+p6moP+ZNSiXmnGm9GGlMS3eypSzrKXtsxBAJhgh1hAkcwm1D0jC9w69nJ7Hr+B/zq9T2EFEAQERERERERERE5rjkS00fhdJdSXF5LyLIwTW3YY6aRnp5ClaepV2Fn2hjSo33Uldb2mzxMHD2RZKuePdtKsXJnK4gwAgzxfO7yDJxbtvHDR2pp6xqj1R/VUfe107jqokxeL6rCu3fswn5KNjaw3bKARtbutvH/7s3jvFnFfPrB/qbYj3+BMjc1p6VykrOa4lNSSN/RwofZSYwb6Y71YFkdvPfwx7zX+emItGlMLGddMIfEund4cKkCCCIiIiIiIiIiIicCR6Ctimp/874JQctqx+832BxOLGMwXduNLYWsnESCjVup89Fv3jLYUsqu3bX4QhYpR/ggpEt2KpOT/Xz8WHcAwQA2q4N1m9q47qIE8qhi+352N+WtlActxqTHAK2d24whYdxorro0m0nZMbiCPko/28MLL9dQEei+CIyxyD1zPNcvSGN0AjTuquDZjXHcfbWLN36ynjfqO8tOumYO/z6lnge+X8yuvX08eRK//lI87/3yE16psgbZroNJC8Zz+dxkspKc2AMdNOyuY9lLu/i4qqvM5EJ++ZUc4vZNek/kV/87sWv/MBueWMkj67rrjPa2sLFxPFMnO4mfHM/2NWVYBfm9z5WxGDN3HJedk0ZeWhSOdj9VO2t47eXdbG3prmvc5afxzVlNPPZMiLMuzyI/3tC8u47Xni1hXb0ZdDkzczK/vWkU9r3nzlPFkv+7gy19JvT31vfEC4a5l2UwOjZMU1kdrz5Xwob6nscB2bMLuf6idPKTLdxl1by4ycUdn3fx+o/Ws6yxZ73jGT/OSdNH6yk5QoELERERERERERERGVkOb1053h4bjHHhclmEPP7uAIKB2Kw8kmliT6U74loJ3qY6jtQT0bIfKdEk4aOmonPMcs+ZwpcvSSMt7OGfGwKEnTaiD7R/kotUB7S2def9t0aN5it3jiOtrIK3X2jFm5jEufMn8fUEww//3B2scIwdw5evycS2bQ8vveEhmJbKgrlxQGhIhzLQdqOmFfLli5Op+aCUJ3d2EIyKYdoFBdz0JUP1j3ZRZllQUc2TTzRjx8akBZM5i0oeX968L51R467ebTvsfj7bFuSOaWNJyG9hw19h7Od7l4maPpG7r06i/P1yXihtJxgTw7Rz8/nyLSF++mAFdT3vESuZ885xs2HZTv4VF8/c+XncckuAil/tpmaw5Xbu4ZG/1GIB6bMLuaLwQCcxmfPOcrP+zZ2sik/i/Aty+eLNAX7ywB5qu+qz5Rfw5RuyiS4u55W32mhPTeX8uQlYBPrX50wmMQaaGuoOOn4iIiIiIiIiIiJyfOiX5t2Rmk+ay09jmbt7oyuL7FHReKu20RKyMCaNghmFULaa3U19a5ARY7NhI0ygA3CkcfGl6di2FvPnTwJMuLAQm9XUJ8xjJyrGjguISkjgzKtyGRNu4cV17ewNCOWekc24QB2P/GkXGwIWUM8mn4sfX53DGSm1LG/urGn0Kamkt9fxp7+U8mmos9xu50ymZg/tUAbabkZ+HDH+Rt58oYpNXRPjG8vcbMqz8DqAEFitHjas82CMjYQzADx8urYe/74J/N5nxWZZ7NrUCP+Ww4TinTzqhUJb7/4FtxTzw++E8XjC2F02bDSxlUR+fnUqk2IqqPP3KBwTYO3fd/Cuu/M4NnbE84urUzkleTc1LYMrZ7k9fLapc7GSgsKxcKAgQkyQtX/fwfKWzvqK7Ql893OpTI3fQ23Xeic5p6aRGWjgr38qYW3XeS5zzOB/FkSoz+HEDoRCEQIMIiIiIiIiIiIiclzqHURwZVGQl0Swbju1XgOWhTE2UnJyiO2oZmdt9+SyHOVSY0l3evlkWQUbqiw2xo7i3Kt6F7His7jzp1n7Poe9rfzrye2828C+Yc5Ii4HGWqrsdlz2zm2hGg8tViZp6UDXZH5yohPcfuqC3ftWVPswB373Yb8G2m7dHg8+VyqLbyggfZeH2jof5XvcrK2zGOq1atmAnbWs+DSaxI0NtBLf7+WbsC2a066awMJTEoh39Eyv5CYhHugZRPD6qGjp7o633ouXNJJSgJYhlBson5eK5u76amu8BEggIRHoCiKkJESBu5G6ju5yFTX+IY+biIiIiIiIiIiIHF/2BRGMPYncwjyiPbvZWdGyL5URJBCX4MBbU0fA3vkkMtiw6My3L0cph4WdEIGuh8aDwXC/8TLeel78WzkVziQW3TqG9HU7eWqtv1e6KocdrLyx/L+fju29r+nA3iMEFWm63hgz5GtkoO22byjmT+njWDhjFAun5ZPoshEO+Nj65lb++E4rwSEs/tsZfmhj+WNbI35vDEz9/ElceUqINa9vZk1FsDNp0/gC7rrQHmGPcJ8KLAxWhKxgAy03QCbcu8awhaHPWEUeuP2M29DHU0RERERERERERI5NDgBDHJnjJpAcqqGkpJpAhJnFuJxpTM3pvW0oD0fLERIyhLFh65rTtiwLKxjetw4AAOF2Kna0sA03oY8zuWdOAWe8tZEPW7uLBENgqst55MV6fL0aMDSV9/zUn2VZ/a6kcBiw9Zm7thksDKEeM94Dbdeygux4Zwc73umc3I9OimXqhZO4bfFYzlrzGe+3chgkcPKUaNo3buGxFQ3dAbeEIBaRggh9ciFZnccb7nfSBlpu+Hh8QYh1EtNjW1JiVN+edPJ78RsYFZsAuCOVEBERERERERERkeOMzZgoksdOYFRUC+XFZXjDfad9W6kr3squnVt6/K8Cj9EzyUe1Bi+1gVimzk4iNSmWc2YkYOo8VEYoallQ9G45xfYULpwX3zkb36W2wQcuaC1qYXuRm+1FbrZVB8EOpkdEotkdgAQXo3q8JTA6K6ZfEKGuyQ/x8eQldm/LGh2LM+ynvqF720DbzZxVwLWLUkk2BsuCDreX9RtaaLNFk5bS90gNoa5DO7SkXCGCHWA5bPtCBsZAYUFc5HpjYxid1ONjegyxdODuu57IQMsNo4qSVryx6VxyWRrZSU5GjcvkitNjI79xYCqoqoGsgkKidP+LiIiIiIiIiIicEBwx2RPJTbLRVlVPKCaZ+L2
<p blockindex=11>继续跟进该参数，直接传递到<code>nc.impl.ebpur.adviceorappeal.service.AppealQueryServiceImpl#queryComplaintVOByPk</code>函数，该函数接收两个参数，两个参数都是从http请求传递过来，未进行任何过滤。</p>
<p blockindex=12><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABYEAAADPCAYAAACjpR4OAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd2BUVdr48e+dySSZ9N5D6EhvAgpIRxDEhoANu6uurrqr7m+Lbnn3Vbfou+oqrmXX3lEQUQFReicUKQGSkN57m2Tq+f0xSUhCykxIDMTn8w/cmTvnnnPuuXcyzz33uVqfhP4K4ZLQ8AhKigp7uhrtuhDq+GNSkx7kjXsjWfObJ/iyUOvp6gjxkxN09TymjC1g9x8PUqLJMdjS0Ftf4LFLT/Dy/Ss4gPSPaJtSMPGB17hvwHae+dXbpMjxJIQQQgghXBAb14ec7MyeroY4D2gSBHbdhRBgvRDqKIQQQgghhBBCCCG6nwSBRQNdT1dACCGEEEIIIYQQQgghRPeRILAQQgghhBBCCCGEEEL0YhIEFkIIIYQQQgghhBBCiF5MgsBCCCGEEEIIIYQQQgjRi3n0dAUuNP09jT1dhXZVcP7XUbTDx7tryzPVdW15QgghhBBCCCGEuGCYkTiRcJIgsDgnn9Wae7oKvYv0pxBCiPPUYqNXT1dBCCGEEEII0UmSDkIIIYQQQgghhBBCCCF6MQkCCyGEEEIIIYQQQgghRC8m6SBEl5HbRLuA5AQWQghxHpG0T0IIIYQQQvQO5xwE1msas0MimB4SzlC/AMI9vbE4HGTX1bKnvIS1Rblk1pkAiI2N44kn/8j9991zzhUXQgghhBBCCCGEEEII0bFzCgKP8g/kt/2H0tfoC4BVOXgy+Qg7y0u4NCiUJwcM49qoWG46vBvP8HD+96mn0dC6pOJCCCFEr+IbTf8EPZnHsrBp8l0p3Kd8EhjQp5askwVYlYwhIYQQQgghxBmdDgJfHhrJkwOH49Hkh+q6onwSrXU8/OjjfPjhBzycdAidRrMA8O+f+F2XVFyIrqCUHr3BgcOmeroqQoifKKUF0G/BLSy4fCTBeat54VgW1T1dKdEhpTQ0DwfYz6Nga9Bo5j5yBX55iWx59332n67t6RoJIYQQQgghzhP6wKDgP7n7oVH+gfx1yCgMWvPnyiWbqtlTU8nyW29j9py5fLNzO7Vens0CwDnZWV1V9x+dj68v3mZLT1ejXWZvrx+1jsts9sb/f2Jw75qCUhr+wxdw5T13sHDZtUyZNYm+EQ7yT6Vjsmkt1tUTO+0axieYycwoQ3XBLDmlIpj0/57itmUT0Y5tJqPiPPgh70YfBs15lEcfGErx+kSK2+oPq62LKiZc0R3jtCu5Ur+YpU/x8EPLmLZoEdMWLWLK3MsYOaYfhuIUsovq4DxrU1foyf2mlC+Dbv01y2aHUvj9+3zy4Q7KrWcuSiktmrinphAdXEFJkumsZXd5zLyUIXeFYf4+D0sv3JdNeV8xjcF3DiV89kDCZw8kbKqR2s0FWLvk+8OHkHun029RLCo5g9qqzpeplIZxwiCCYmyYclo/xlweB5UpnEgqxWvoZUybOxYteQ8ZpfazynPHuXzPCyGEEEKInmf39cWjxv3fDqL30XW8SnN6TeO3/YeeFQAGmB8WRX/0PPn73+Fw2Pnfp55pFgAOKq9kdmhkl1Rc9AKx81j680XEWw6x+f132LApA7+JN3HL7RPxVi1n5noSNWEeUyb0Rd9lFXBgt1ixWS3IRGDRNbpjnHYl1+qnTEf57pUVfPzKCj7/aAOnbYOY+YtHmJbQWwNAPbffDKOu58rJgWStfoEPPttLUXWLgJ3DAQ7AoVpfFm0y7z9KxrsHyHj3ALmHu3pGrEJZFcpm56yvK7fp8R7dn/DRgW0nzHJxHGianZrTO1j/7L/YURjN1FsXEaXJWBFCCCGEEEJ0Ih3ErJCIxhzAZxWmafzf0DH8MukgT/7+d/zlqafRabrGAPALQ8dQYrXwXUnBOVdcXPjCL55ItP0wn//rY5LMGrCXTKL4+ZWTGWLcy+G67t2+phWT+PxjJDqXundjQlxI7OXkHjxERv2MxBP7C/F85gEmzh3B1v8c7uHK9R5KGRk+62J8i7fw4YacNmYgKxw2UDZHG8uiLaqolJoi5/8NcYO7tGxNq6X8ze8ody51admtc28caNYMtn6+h9EPTWXi6NWsOXRus4GFEEIIIYQQFz63g8AzQyLafd9Hp+efQ8fyy6SDPPzQgwD0UTpeGDoGX70HvvreOpNMuEvvoQebibom2StK1z/PCzt11Jmdy2r4ch77xRSMjcGRG/h/r93gfE/ZOf7G/aza73xPDVzKQ49NIOXt97FPWcKoBD9s5RkkrXmfDXvzGwMs6uKf8fu7x6FrWDbt4INH3iatRQAmZulT3DHxBGs+sDHu+klE+lqoSNvP5vc+42TxmR/USnkQNnkpCxaOJSrQg5r0nXx7KJglS0L5/vdPs7vEvQBBzNV/4I6LT7D6YzPjrrmEaH8bVemH2PTJKk6UtB/40eKv5GePzMS64Vn+uy7Hre3i4Y3Bo7W62rGbzTjcfMiQy/tDafgMms3cay+jX2wInrZScg5+y4aV2yg2n9mmUp6ET1vGwvmjifCHytStrDsUxc03RrD5yb+ws8i5bsLNf+OWEYd48zcfkNuwjTF38Ov7+rL3L39gS4672/Ul4YqbmDNtCGHBfuitVZSlH2L7Rx9xNNc5DtwZpy73n4vjypV2nHP9LCnk5sGo0HB8lMKkaSjlSdSM65k1YxQxYb5odRWUnNrFppVfk17WJJ2By+Og4/KU93Rufv4KqtcfI3r6xRiSP+ezrVEsvHMyfkV7+erl90iu6J5+cXm8uNhep/7E9zVQufcwBW0eX3aUA5TD0cayk/fC6fQbXUz2KishC+Ix+ims2XkUrD5BdUn7M0FV7CAG3NcPx6adpH9X5XbKD118POHzEvCP9kbvsGJOz6XomxRqSpuMA6WhH5BA5Nw++EV4olnMmE+lU7Auk7ra+j72iif+DwOwby3CODEaLf0kOXt9iV4ah0dJLrnvHKOmWjvn9rbaB0qP98TBhE+OxCfYgGY2Y07LpvCbVExNUgWpkaMZdkMUWuP3RxYZfzmKqUWfNdQv5wsHwVfEYvSxY8nKo3D1KarLnPtODRrOkNvjmjxbYThDnxleXx8HFR+tJ/dIw3uujYOm7EmHOF03hfiBfeBQWqvrGMffzl23T8C7eBsrn/6QdKtcEBVCCCGEEKK3cjsie5Gff4fr+Oj0vDxsPN8U5eFAsSA8utX0EeKnrfDYCSovv4SZN6dS99Ve8sqsaDYT1WXQOLMqaytr3jiBBwb6LriVcexgzdcncGa6VZSfblmqjn4zppKauJZvdvgQM2U+E++4k/LMp9nTMAE9eT2f/HsPGhB0yU1cPqSdSuoGMWF6CsfXfsAB/yFMmD+La+6p5LWnv6Gs/oe7lnAl1996GZ6nvuP7rzKwBY9kwowBUD9HrFN0g5k4NZlj6z/hoE8CY2ZN55rbKnn1ufWUtXEsKaKYunQGoUVb+O+3OeDmMTf0zmdZPN5wdrmqksTnH2PdiU41pMP9oUXMZslD1xGUvpkdH6djDhjI+Hm3sDzAyr9X7Ka2vp91Axex5KZL0B/bwMY1uThCR3LJtDigczmwXd2ux/hlLLlmKMWb1/LVqRJsXhEMvnwRV/28juLfryRf0zoxTl2on4vjyqV2nGv9dBEEh4Atq4KGTFIe45dzy41DyP9+AxtSy7D5RDBk1nyW3GXmtX98S0WzoFjH48D18ozERVawddUBptxwNYv1u9n22VbGLJ7LrFnbSF6V2S394up4cbW9zkYH4muEytKSdjpfoWyg7KqN5aabDSX0kmIqvj9GqU8gwdP6ErfMTMrLqdjaCOwqzY/Qa/riVZJO2hb3A8AqOJ6424fhXZxF0Vel2Dz8CLisH31u9yDtxePUNeR3D08g/tbBGLIyKF5bgd03iOBpw+gTYCf1rRzsjdv1wCfMTNH6fMKuGkycLpvCrzMJXtCPyClZnF5fdU7tbYs2chgJ14RRt/M0eRl14O2L/5T+xC91kPJa2pn6ZaSR+V4eAJ5jhxHVv51CdSGEXlJK+XdHKf
<p blockindex=13>紧接着又把<code>pk</code>传递给<code>nc.pubimpl.srmsm.complaint.ComplaintMaintainServiceImpl#queryComplaintVOByPk</code>，另一个参数不用理会，用不到。</p>
<p blockindex=14><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABgIAAAFSCAYAAAAw+sQkAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3gcxeHw8e+eTtKp9y5Ltqrl3nu3cQPjbkwxIYHQISGk/gIpvAFCEkLogYDpuIAB22Ab9y73Ilf13nu7frvvHydLp2L7TpaRZebzPDxYd3Ozs7szs7Mzs7NSVHSMgtApAUHBVJaXdXcyBEEQBEEQBEEQBEEQBOGqIiKjKCzI6+5kCILQDVTdnQBBEARBEARBEARBEARBEARBEK4fMRAgCIIgCIIgCIIgCIIgCIIgCDcxdXcnQBAEQRAEwREnLWIegyAIN6ahTnJ3J0EQBEEQBEEQOqTWuHl2dxp6NHH8BEG43lwH+HV3EgThxnKosLtTIAiC0CFxbyAIgiD0BOJ6JQg/TmJKnSAIgiAIgiAIgiAIgiAIgiDcxMTSQIIgCIIg9FhjPd27Owk91urVqwF45LH7uyzO6srGLotLEHqK5AZtdydBEARBEARBEK5KPBEgCIIgCIIgCIIgCIIgCIIgCDcxMRAgCIIgCIIgCIIgCIIgCIIgCDexm3YgYGagPx8M6kucu1t3J0UQBEEQBEEQBEEQBEEQBEEQuk2PHghQuzujcm6/CzMD/XkiOoJgFxeeT4wRgwGCIAiC8GPjFkK/vhG4KEp3p0QQhB5MdutFv8QgXBF1ifDjJiugcnZGJa6rgiAIgtBj9biXBbuHuBEyPBjv3l6o1NZBAFOjmer0aor2lzDFz4cnekeyq7Ka6QF+HKqu5fnEGO44ea6bUy44QlbAWVKwIHV3UoTrQFZUqJ1kZLm7UyIIPxxFcUJSWRB9SdeXjCf95t7DnTMGEFi8nv+7UICxuxNlQ9R/PZM4bz9ivoNZ/ORsfIpPsOmzz9mZre/uFAk3mRu9fpEJYPiSO7l9dCxB7gV89ft/sbO+u1MlCIIgCEJnXHUgQHYJZ/zipUzp44WUsZ4X1p5p/b3iTNjQGdwyph9hvmrMtUVcTP6ebSdLMUuS3fFclQRho0MJHRlMTXYNObtz0NdpkZBwD/QksG8wanc1vmo1/87Oo8JoYnqAH6/mFlJrNju2LcEuCWNH8VxcFX/7OJ2zUscd9rGjR/LCYPfmvxVTCf9aeZFjlwkPICsa5s8fwd2Ber7ecJQ1FT/MYIA06Cf866FRaBoO8upvPyXtCmnsKprIcSxcPJ0Bvfxxs9RRkn6IDV9s4WJt9/YURi36C7+fEdz8t2I4yju/XElKFxwTWQli5m/+wMJe1Wz+93N8m9v5OGVFReyEeQzkNN/uz0buIH0xS57j19MCm/8262uoLM7k0IYv+P5iLdj8xj1mKksXTqRvuB8uhmryzu5g3br9FBiunMaoRX/hd+MyeOPpT7jQBfHd7CSfWQQNWoC3XygquRpD2TbKTq9GZ+jefO864D1i+oY3/62YdpP3zUtouyDfK0oY/lPfJMS3jPLdD1FZ0/k4FUWNW+978OQQFTkXWuVhAMVlPr1v+znyiTvJz6m3+V0Egbe8S2DDv0lN3t78O5XffIIH3YanbyAqUxn64m8oTdmEwdISr+2xURQzsqECQ+lWylLWdOq8aQZ+QJ/EkOa/ZWM1pvoUas68S1V5VXPa1ImvEde/jIJ1/48GO86DrLgzaMXTPDjGlaztH/Lu9uPU2rZFFPBLms3SBeNJCvNG0leSe3onX67bR2GbcmlP/eKorqz/uoP/pCf51fQaVv/po8te968Hcd6EblW0iVf/VcnspQtZ/ORTeLz+Mhuzrm14UVYgMbE3I6hgbWo9lg7yqT3t7JuJ17Rf8tKShHafK4qFEysf5/3jPecYOFIP9YT6xX/qCu6bEkTqplV8mVVMYWN3p0gQBEEQhM664kCA5J3IrcvnM8SjnJIaL8I6CKNJnMudcxOoTznA5r31eMWMYdzcu1E3vsHGdJPd8VxN6MhggocGkrE1nbrimlbf6eq0VGaX4eKs4evSCgAGenkAICsKKwtKOrFFoSsUXUzlnyXWbBYYF8d9Ufb8SsFksmCWLRh/wJkxMYlxaHRadJ6xJEZAWtH13Z7sNZKfPHk38TWH2LZuM9UukYy6ZQ6PPubEP/6+kQK5+24Eyg5+zn8zXAHwG7GUZQO7MnYZs9GEyWTAbLnWuJyJGjGTWdTw/f5sDJcJpWjPsfHjvRQBKrdAEsbNZN7jT+D80gt8W2DtxJR9J/LAY4sJK9zLtrXZaL3jmTzrLh5z0/Hce8fROXgT3tXx3SwUlylETHoSd+0OKk+uxqSOwafvnURNUJOz42MM3fgUkDHndXIrrEvJufR6iNDwq/zAITKKyYAiG7j2J+qd0UQtJZAKKnMutH/AwHCaxnoJ/6BBkL2/ZaDAeRAe3qDPOdn8meI6h8hJD+Jas5Hy4xexaAYS0O9xotT1ZBzZh2KTTxXDUUqPbsaAE06eA/FPWkGUF2TvWIWxE/lZMR6n7Mh36AGVOgT32GUETXweaefjVNZ2rvLXDFzM3WN9yP7mn7y2tah950v4TB555DZ8cnbz7ee5GPz7M23mnTzpoecv7x5tUy7tq18c05X134+IOG9CN1JJMnXZyax+pRDDb55m1opbOf3Xr8i7puuVRGx8FPMx8HVqPSJbWSlKHrve+460VgdEoTqnmxLUaY7UQzd+/RISFoy65iSbvztMtiSBeGJbEARBEHqsKw4E9J2xiP6cZf2HW3Ce+TtubfO9rEBM/764Fx9g5cYD1EkS8rlcVMFPMm5AHBvTzoMkXTWeq9H4awgbHUrWjszmQYBh941s/r6+pJ70LRcxWvRILmowOjm4BeFaXKlPS1dbx7Fa6797BVrAjoEAlWRgy+ZktgA/VENTVgJIiPenPmU/WcPHE9fXC4oarus2PYaNZZB7Nl89/zE7aiXgGMcqvfj7I+MYG7ORLzKu6+avSF+SRkrT+Fl49PwujVslVbL7td+xG/jBbiQs1WSdTml+yuPEiTLc//YoU2cM4NsPrU8nBYweTaL6PJ+8vYZDOgk4ykXCeH7+OIa6Huegg5P/ujq+m4UqYiZezhcp3f8y1QYJ2EO9zo/48TPxCfiYssruS5vScBptU7E3+/2kS+OWpFJqDtyJ9Qp2ffO9JOXQWFFDYOhANOzn0iIWUmA/NFIRVWWVzWlwjp6Ju3Scwv1vU2+RgN00Ek3CoDl4H99Hq/54uQxdcTJ6SQIO0GAKJ3HEODw8VmHUdiKhcjm64uTmTtz6oiJUc/9CQPwoKo8dcjw6RcOoKcPxrtjLW9s6GAQAIoaPpJclhfff/IITRmu5zJBC+fPcMQzTHOVA1/QaX1a31H83AXHehBuBypTHxq+OMOaJ8UwbtJ4PU27QdVx6tAaKzqaQYmpbzm7ectcT6he93giurrh2d0IEQRAEQbhmVxwIqM/Yxicbj1JslBjawfcqCZBBMehoWS1Th1avoMhy84zDq8VzNUGDA6gvbqSmoKr5s/QtF4kcFYW2SkvZ+dLmzxVXC5LJ8Xcgq52dMZtMl/3eyckap8XScxv9lx4xfnOvheljw4hxU6gsK2XtviyS61rCDZgwmmeiyvnTZ5nNHadydAKfzPRm05dHWVNt00hVwKd3DH8aE0acu0xFaRlr92VyqN7xhqwc25fV04JxujRT1VDEix+mcbqDzhyP4DDuGRnB4CBXPGQTRSWlrEvO5Vhn16t070dCuEzenp3khk5gTlwSqh1HWnUkyYoT4WOWcufcIfTyUVOfk8yXp315cEkgG5/9O1urJIfCBQf4gzadwhqa2/3mtO18/Gka+pasjqyAT+IMltw+noQwX1wM1RSc38O6dbvJ0zVt03UiT/17NrVbz9Fr0ghcMr5h5b4Q7rpvLF4VR/n8rc9JqbOGjVnyHE+PvMiHn+mZsGQcUV5manJOsOHzLzlZ7nj+lhUXoictYsHkQUQHuqMy1FGSlsyGLzdzsdYm3PD7efNnw1rOr/Zgu6V0bNP30WozExePJtLdSFXOcTZ+vo5TFU2z95Pu4uXHx+PR/Ns7eOXtO6zx2vMIuT
<p blockindex=15>接着把<code>pk</code>参数转换成字符串列表，传递给<code>nc.impl.pubapp.pattern.data.bill.BillQuery#query(java.lang.String[])</code>。</p>
<p blockindex=16><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABgwAAAEHCAYAAABycG3TAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOydd3Rcx3W4v7e9ofdOgigEu9ibKIlVVKW6bBUr/jm2VSzbiZI4cUliWy6pkh1HtmzL6r2ZElWowt4b2EEUEr0stmCxvc7vjwWBRSGxC4KiHL3vHJ7DfZg3786bmftm5t65IxWXlApkLoiMrGys3eZLLYaMjIyMjIyMjIyMjIyMjIyMjMyoFBQW09bafKnFkJGR+RyiuNQCyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMhcemSDgYyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMbDCQkZGRkZGRkZGRkZGRkZGRkZGRkZGRkZENBjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIygOpSC/B/hVKN/lKLICMj8znDOjPzUosgI/O5JeOw5VKLICMjIyMjIyMjI/OFxY+8liUjIzMy8g4DGRkZGRkZGRkZGRkZGRkZGRkZGRkZGRnZYCAjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIxsMZGRkZGRkZGRkZGRkZGRkZGRkZGRkZGSQDQYyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMlxkg4FaoeCGvFzKTMYR/15QUMgTv/39RXn22twcXpo/h4pzPFtGRkZGRkZGRkZGRkZGRkZGRkZGRkZGZoCLZjDQKBT8cHIFjlCIRrdn2N8LCgr56aM/Q6/TjfkZaqMGpWZ4Edbm5vA3ZaVka7X82/SpstFARkZGRkbmLwVjHqVTClEJcakl+cIhDCWUTs5GLcnvXkZGZuwIISGp1UiyHpeRkZGRkZGR+YtEdTEy1SgU/OuUyVj9fg76/Hz3kb/npZdepLW1BRgwFkhIfP8H/5RQ3qY8E/kLCkgtTUWpVgIQcAWw1Fho3tTEisxMvls2iY/N3azOyWKn1ca/TZ/Kul17x72cMhcfISRUygjhiHSpRZG5CAihRKmOEAnJE0qZzy9CKJEUYZCb6UVFSMlMvOZurlk9nbSOt3n8eAuuSy1UDF8IfZU6k1XfWYup4wBbnnuB/ae9l1oimYvEF6I9/x/k815vQsqk6ra7uGrhJNIMLWz8+39jf++llkrm84IQAkmhANmQJCMjIyMj87ln3A0GZ40F89NS+aDLDEDVlCn89NGf84Pv/yNCiEHGgrY+I8KoSFC0pJjCxYXYG6w0bjqNz+lDAvTpRrKqclAb1aSp1fxbbR3dfj+rc7L4j7oGvhYIjncxZWIoWbKIb5fbeOJPNdRJIy/sFy5ayN/OMvT/FsEO/vj7Exw/R3oAIfRcddM8bsjy8dFbe3jf8hkZDWZ9lUe+OR+tcwfPP/IsTeeRcbzQFi9l+S0rKCvOQBtyYK3bzabX3qfRHrnozz4fubf+hK+tyu7/Lfx7efVbfzhnPSeCENks+Ifvs6rYxrZ//xe2No09TyGUFCy7gQqq2br1NJEh8omUFdz3i1sJvvIIL252x9yXwxX//K8ssjzDf/xmJ+G++/RlK1h50zJKC9JQ+220H/2Ej1/fitn3xTZcSSlryJqxjuS0XBQRO37zR5gPv4zXf2knftppf6B0cn7/bxHcTPPbv8QzLu00j/SrfkNOqpnuzd/A2nMh7VSFfsLdmNiNpfEkDG2nmhuZcN1fEzn4JVoanTH3FZC56kkyXf/FqV0f99+nSLuR7BnXYUrNRBE04+t4m64j7+EPD+Qb+26ECBHxW/B3bcR85JUx1Ztu+p+YWJnT/zsSsBN0HqHn6JPYum39sqkqf0XZVDOtb/wEVxz1IISR8nsf4bZFWpo/eorXNh4cdJ8QEklT17J63VJK85ORfFbaqj/ho9e30D2kX46mD8bCeOqrS0HqNf/Ig9fbefObT3DyfO+jbQPP/5uVJXfcxJrv/A2GX/07W+sDF/RsISQmVE1kKt18eLK3X8/GEs844v8Ssd9WIUL4e21Y6naz5Y33OGO7+Pr0L709G1b+LX9zW8Ww60KEOfGH+3lr/19OeRLRV38J9Za8/F5uvCqbxndfZOOZDrrco99zqZAK51M2VUHXJ7voDX1271KIDLJXzifVdpS6gy0IMgf9jh0bCEmHoWwGuRMzUElOurduo8c7sqxD8x06xrjUCKHEMGUpBcUaXEc+pbMjPGI6dV45SUoL9hYb4rz9QaDKrCCrsgijSYtSIRE4vY3GWuc577lUiLQplM7PoXf3p1gd8deLatISSstTBvIR3XR+tBfn59CRbrT2J4QCVUYJGZOKMCbrUEQC+G3NWE404AsmXp5xzy9vFuUz8lAMldvXSMum4/iGleez7W+J6A0ZGRmZ8WJcDQaxxgKAldlZfNBl5off/yd+8ujP+OmjP0eISOLGAqBwcSF58/Ko/eAUrq7Brio+pw97sxWlXslrbe0AzExJBiAiBE82No1TCWXGiuXkSf7QoQYgtbycW0riuUsQDEYIRyJ8liafgsoytF4PvqQyJhRCU9vFfZ5Ins8N376bYvsudr7+Hk51EdPWXMOdDyl56md/xhy+dAMA+44XeKVeC0DS3NtZO2M8c48QDgQJBQNcuKOchtx5a1hCDzu2nmaYmaXnJE1mibllk2HT/oFBlaGSwjzo2H2ifxFLpF/BTQ/dSnbrVra/0oA/uYJ5V9/Fl/VennhyH/4v6IBMaK6kYNnDGDyfYD30MkFVKSmTv0TxUhWNnzyLn0v3XgKNv6bJogdAU/QNcvNHuSEhIoigHxHxj4NDnBpd8W1kYsHaeHL4hgX/YdxOifSsGXBm+0A7Vc/AmAy+xkP914R2LYXLvo625x26D9QQ1k0nY8pDFKuc1O/dNmiSLfz76Nr3Pn6UKE3TSa+6h+IkOPPJSwTG0J5F4ADmvRvwAQpVDoZJt5N1+aNInz6E1TE2I6d6xq1ctziFlrd+yYsftA1fJChYw+0PXE9S4yY2v9BIMH0aC9Z8mbtNXp54Yu+Qidwo+mBMjKe++vwiSWHcp3fw4X+0EviHv2PpvddT+8+v0ykupH8rKCwvYSU+PjnZy8hLRF88hPsonzy7DSsqtNkVzFlzPbd/M8IfHn0P60X/zvzlt2chmtj75AYaB3VwQe+ZSyXRWElEX33+6y0jLwdVz0G2vbuLdkmCSzg2GA2NyQBBC8Egn62YaiNqFQRcjug3XTXk91kMeWRPn0pqShivO4jK4CLoOY+sQ/P93KFEpVVD0I3fM3IDFkKPaUIZ6R4nttGWCUxl5M2eiKK9lq46DxEg7Pw87UscQGE0ocJNMEEDWrjzFK290fDL2qKZZCa5CYT5fHarUdqfInMKRXPyEeYmrCd7Ebos0korKZgR5Mz+5oSdO8Y7P7XBhOTvoPNo2+B1h7AL34g3fMb9LV69ISMjIzOOjJvBYKixAEAlSfx8ahXfO3ai32igkBR8/wf/hLWjPe689RkGChcXc/rj2n5jwez75vX/3dnppO6DGiJSGKVBQdhzab2yv5AIcd5oHb4eB8d7ov/PySqFOAwGkuRjx4bt7Ij+unAZ40CITCaWp+M+vI2WuUsprkqBtou7l1o/ZzEVhjNs/MnT7OuRgH2csCbxnQeXMGvSn9lYe1Eff178HTXUdUT/n1myblzzliQLBx57hAPRX+Oa9/BntdNU72TJlAry2c9Z7SNVlJIvdbHvRE+/DCkLFjJRdZz1//siRz0SsJczIo9v37SEybp9HPZfVFE/tygKVpOkrqFr+39i90vAFpzeNMqXrCYl41nM1ksnm3AdxtM3RwylfWVc85akLnp2fImo+rrY7bQRt6WHzNzp6NjeP0GRMqegk9qxma39MqhLVmOQDtC2/QmcYQnYjJsSKmasJfnANgat20fMeDt29S2q78AVzKdy7mKMxpcIDD9iaHQi3Xg7duHtm6A429tRXPMvZJTPx7p/d8LZCaFn6vK5GC1beGnjCMYCIGvufPLCh3nz169w0h/tl83k8sB1i6nU7+XwiLO58eOz1FefB6RgE1vf3MPMh5cyf+bbrK+Wl/nHnZCN1kPVtEoScIA6bwZ
<p blockindex=17>接下来就开始拼接sql语句了。这里的<code>query</code>函数，说明是一个查询语句。进行跟进</p>
<p blockindex=18>先判断参数长度是否为空，接着用<code>nc.impl.pubapp.pattern.data.table.TableIDQueryCondition</code>构造查询条件，后边就进行数据库中操作了。</p>
<p blockindex=19><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABg4AAAJ9CAYAAADt1InUAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3xUVfr48c+dmZRJD+lASKgCht40FAFRkaIoKqIiKLZ1VXYt+9XvV3+u7rruqqjrCgp2QbGwIlIERAFpoSS0hBBCSO+9J9PO748J6ZEkBAj4vF8vXy9ncubc59575oac597naD1CeinEb/Lx8yc/N+dihyEuY56jgi92CB2i+EDqxQ5BCCGEEEIIIYT43evWvQfpaSkXOwwhxCVMd7EDEEIIIYQQQgghhBBCCCFE5yGJAyGEEEIIIYQQQgghhBBC1JLEgRAt0Ds44+x85j9HDDSt6qUZnOq1ccKgk8pfzXLtxqCwYByVHB8ZVw0p11AGDQzAuZnj0GHbUKB3cEAv408IIYQQQgghhBCiVQwXOwDx+6aUhqPehtmmXexQGlDKmUlPLuOu/lrN6wK2vrqIVfEN2w1e8BaLxrrVtLESuWwBS/dd6Gg7L4UHYbPuZ94NQ/HLWM1Tx1IwXeyg6lHKgIODBYvlQm1PxlUTXsOZ8/RNeGbsZ90nn7IloaLDulb4MXruAm4Z2w9/l2S++dPf2FLSYd0LIYQQQgghhBBCXLZanThQygHffsPo6tZ0glepKnLjDpNdqaEUOHn3oGuQDy4OGhZzBaWZSWQWVoLWuSaHResMGD+JVwfk8tdlxzjcwjnsO+4a3hjhVvtamdP455LDRPzGOVfKhdl3jOde/0pWf7uDlTnnd3yo6x6m+o7ezcRhRf/hszjub2ZsJ23mP98exoSZvGbW/Y3f8G/e2GMAzzHMe3D8+Qj7kqWUG8MWPs+jY505tfl9lm7aT1G98aAUeA+6mbtnX8OAbp7oqvJJjNrE11/9TEqV1qgvHX0m3cZQIlm77RSWDriWKBXAtOf/xm0h+ax/9VnWJF6469OFHFcBN73EP24uYNn9b7O/M16D037g9VfymHH3HOY88yxui//Od/Edk17yuf4BHpgSQOy6z/j6VBop5R3SrRBCCCGEEEIIIcRlr81PHFiKU0nNq5t90bsHE+ynau/Y1TxCCQ31wZqfTnqpGUf3IPxC+4P1CJmlUibicpUec4xXM+zDye+KK1nYszWfsmEyW7FYLRfsLnSl0jEs34quwR3mNkhs4QNVOZyIiaZK04Cmk64VmXEczwTl37tT3UnfGTgNu4v547w4vfplFm9Ixdp40rr7TBY9cQuep39i7aenqfIbwg03zucptwr+9z97KW/Q3pGeY6YzjUI2bDtFxzwgYMNsMmE2V2O50JcmGVe1NM1CccKvrHw1lernn2fa/bM59NyXJDZzXNoqsGsQhqL9rFuzk4QWjrUQQgghhBBCCCGEaKrtpYrMpZSVlAL2u4C9fY2o8lSKTaAALx8/HEqTOZ2SjUXTUIXFWByH0dXHm4ySfLTOeMerODulfrMCeUVhARGF9v8P9b8CWpE40LQq1n+/lfX2V+ceY6uUox2ORm9pvD0Zlx1JKRfCrx2NR+7PvLOxmaQB0H30VfSwHmLZWyvZX60BezmpdeUfM8czwriXX6vOb4yalsvW1x9jq/3V+d2YOCvNnMj33+4m/MkJTBn+LR9EnXt6qKqqCpyMOHdAfEIIIYQQQgghhBC/J21IHJgpTo2lwlqv1oPBB293KE/Ps5cOUY4YHDRM5eW1pUQ0zUJlZTWaqzMO0EF3Covfcqa00L+3WrhuQjB9XBR5WRl8+XMsu4rrpv+HTp7MX0OzeO6jGGJrzpfqNYRvZnix7svtrMyrN5mqwKP3AP4+vgf9XK3kZWaw8pdY9hS3PT7VbxhrpgahP7PNqhRefv8oUc1MLnsEBjM/vCfD/I24KhPpGel882s8EcWX39MrSjniFPoHggZcjZOThjl3HVnpwfQY2ZXcTY9RUG4/PsahKwkJ2kXSxvdq7lgHFfg0V4ztS8GWh8grPVM/H/Q+s/AfNB03Lz901hyq0r4j6+iPmOqtKaG8H6Lv5ImU7PsP9H4IL28PVGU8xdHvkJ2WjqZpKG0M3Wb+P1wzXiL+wL7asmNKu4puM1/AmPw/nDp8rN7e9KFPLwcKIw61eOe4g4MDWCqoqK57L2v9v3hqh0ZFTdJADbqf//z5Gtxqx8Y8ln46r2b/ztT+r4ml790sfu4qjn74GdZr5hIe6o6pMJHI7z9h1d7M2uSFGvMYHz48qm78le/krT8uJ7rR+OszdzHPXR3DxyssXDMnnGBXE/mn97Hms1VE5tjqnTcD3cbew703j6CHl4GSxJ18HdWFR+/04/v/+X9syO18SQl9zzt46fmpmNe9yEtrUkCzl5nz7DeVObdPZkD3LjhbCkiM3Miqr7aRVl1zrAzDeeTtRQw88jZPLo+qO6aG4Tzy70X02fsqz6yIrenPjYEz5nPbpIF09XZDby4hNzGSDSs/Z0+6rdm4zNFRxFZeQ+9+IRCVcM77WVxaBkZ3PPVA85sUQgghhBBCCCGEEM1odeJA08BSVdpg4t/BxxdXSkkrNHPmjl2dZp/QA/vEpaZhfxRB0+Se3gtJ82H64Hz27DvGVicvrhvViz/dWE3iqlOkt+epD82Xm4bks3f/UX6p6e+pqdUkfZVARlv7SzvFP9enowMCB4SxoHvzzZRHMH+5ZRChBcms+TWffJ07Y0f04ZmbDbz4RQzR1vaMKA1cnFD1679YLWCyXvSnYTSfeXQfMQUtczXZqUngOhqfPn2Adi4W6zaL4PEPYChYR15kHFbnK+ky4HFCnKpJiPgFW4P9NeDe90ZKU1eSkeCKsfccfEb/D5aiJygoB2z7KUrNxyN4Cm76fZTVTMJqQRNwc8ihIPlYw+Pn4IWHEQrzc1sML/VYDIVTxzJ7QRyVa/eSUGhGs5RTVAi1TwAk/8Kny2Iw4MjAGQ8wnh18vD4GMwCK/PjGveoZOGUi0QfWsGKHK72umcG1Cx+hIPFFNmbXNDmxniXv7kEH+IXP547+v3EMdf2ZPCmeqO8/Y4fHAKZMv56HHinhxZd+IKtmf3U9b+HRhRMxxm3mu7WJVPsOZcrkvmgU/dbZuWgU3Zk5/wYCsn7iH+tTapNAWsBU/vjUHPwSt/LjytNUeF3BxGn38YyHiRfe2U2JpoE5ip0Hixg9ahzDHKM4aD8ROAwdw2BjLtt3x9b25zjqHh6dHUbmL2v47EQeZscghk+bxf1PVJP5ly9JbO77pvIoLAIPL+8O2dfyykrQHHF2Aio7pEshhBBCCCGEEEKI34W2lyqqoZQj3l7u2EoSKLbQpNKHcg9hYK8uFJ0+ROE5BinawamanVuOsbZCA7LYZ3VnxSR/RrudYk17Fgg1VrNrc+P+AhjjltDm/rSKUvaftpe76tvVCi0kDrpdEUyYLpcl30fzU7V9uzsKHPjwtm5MCo4hOqntu6FpfbEs/nuDBJhK3IjjK9vQt727DuUUNAZHy05SIj6lQmnADip179HLq339OYfeiFH9Suru9ym3acB2ys0B9B0xE0/nXyisrt/aFXPyYnJO2x8hKc3RcJn5EG7+bhQklqNpivLEHZh6zcCzmytlqRUo5YB799HoStZRUkjDa4DBAT1gtZpbjM9y/GuWrfXnDzMW8r/j51GccZIj+37ix02HyKkpJaWVJBG1LwmlnPGY+ACQSmRERO2TFk1LDLlQGLGclVtKANgbA6Fv3cXAMDc2ZtsHqlacxOGoJAB69rvztw+isZwDHyxnU6G9lFK8vgev3jKEMM8fyLJvgm4jhhNkOsSyt75kv1kDIkg0vMJLM36764slaNp9TA0uZMcbq0msV7IrZMJE+lgOsOTNlUSZ7ft7pMKXN+ZNIdxnN5sK7DmBmO17yZ1wLVePNnJwdxVKGRg+egjOmVvZc5raUxIUEoJL5WHWr9jM0ZrzdTghgSOhOspbfPzMhMUKel37vo1KgcHRGQc9GFwCGHVld6wZOzlVgVSjEkIIIYQQQgghhGiDdicOMPrh6WKlJDEf1dydo6XpnDqZhaVS4eR2DhGK9qkqI6mc2smysqIKyg
<p blockindex=20>主要的sql语句拼接就是在这个位置，该函数先把传递的字符串初始化给idList数组。</p>
<p blockindex=21><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABPwAAADzCAYAAAASJAgwAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3xV5f3A8c+5I3vvnZCEAGHvPUVBhoAoinv9qrV1tGpbW9ta22pdtVq1Yt1oHagMARVBRWQTZCWBhOy9983d5/fHDSETk5CE4ff9evF6ec997jPOee6J53ufoURFx6r8RPkHBlFRVnquqyGEEEIIIYQQQgghxI8Kj4iiID/3R9Np+qEuQgghLkTu4QwfFomT+pP9XaiZVu+Ci8upf07oaH9OFJ1zizTO6DQX3nlT3WMYnhiMSwft67UyVNDq9WilXwkhhBBCCNFndOe6AuLipKoKTlo7FrtyrqsiRL9RVT0anQXVdn7m1+Vy8WLY0tu4cd4oAgs/5oGjuZj7twpnpKo69HorVmt/lefC7F+v4rrBStPrSrY+cR/vp7dON+KW57hvqkdTGhtJq27h5b29UX4/ttdnDNc8eAXehfv47M232JJh6LWsVQKZsPIWlk1NIMgth4/u/ytbansteyGEEEIIIUQLOgDvAeOJ8mk/2K8uZx/ZlY5f4LuSRlxYhkyfzRNDynh01VEOKR0H5gZOm8kzYz2aX6uWfP7x0iH2dJIeQFXdWL5iOjcFNfLxmu28W9p3QT/V7y5G/OZu3Dupj5rxBPtWvYd6hvq25b74S4aN2kPqY3+itpPPuS3azIjpkafLMX/OiUceorob5bSr68h/MnHlXDRt8lANG0h99PfNdXFf/CXDp4U53rOZsNZmUHPwVXK2bm0VYFVVBX387UTPW4Z3SBCaxhIM6R+QvXk1BsOFFYjVhl9F5MIb8A0LR2srpzHzM/I+e4XaWnu/1sNxjaLIe2o5RZVtrpMaTegv1hAdVkT+f66goKD9OVZVPR4T78GXrynY+8MZ+2VX8usLqurB6Nsf4e6pLpz88hVe/mJfq36tquA7fAnXL5/JkHBvNMYKsg5+wYcfbCPX2PacaIiffRWjSGL9NyexnsX343SewSx45K9cFV3Bxid+x9qs/uvLavaX/HvNIcxYKM9r/376pud5ZpcOvCdy4/9N750ye9BedeIvee3OYDb87hE+6+79N38DT/+9nEXXX8M1D/0Oj2f/xqfpvRPu9b/sDu6YG0zqZ2/z4cl8cht6JVshhBBCCCFEB3QA9cVpZFWcOqRB7xtJmA8YjKcDeV1JIy4+BclHeaLQMRA0cNBQbh/QlU/ZMVtsWG3Wvh8VVLuZrHdONg1VHUjotT/HJe2fZB3Md7zfcLxPJqaZ9j3G8UxHINR55G+ISeyFTDPfIO2dzcAgQlfeiWv682QeyAF7Pm3H2KiNu8n96CMade44Ry0kdMY/Ger+cw59uhOagipK2F0Mue0u9LkfUbD+CFbPsYTO/A2JfipHVr2LuReCL/1BdV9M7O1/wqtmI0UbX8OkH0TArDsYdKuO5H8/j+G8GUVqx242olqNZ+hzTniMuoVwiinY+0Mv5Nf7nEdfx83TfMj8+DGe3ZSHrW0/iVjMffcuwzvzK9a/lYkxcCTzLr+ZBzwM/P7fu2lold6JARMXsoAqNn1zkt4ZoGbHYjZjsZiw9vefH2Mpx5OPYVQUoH2/MxSdIKUI1KC4Xrz39W97FcVKTcZ3vPtEHqZHHmHBbcv54eH/kdVBe7srJCwUXfU+Plu7g4xOzqEQQgghhBCid+gAbI011Dc6DijuUcT5aKnLTaakQUVpenjrShpxAVLVMwYTDFWV7Kly/HdM0CDoQsBPUYxsXLeVjY5XZ1/HM5VlzaU+xbFYpaoa8bOBU/VBqlOOtKxQD3I+85O1rXQP1U37vbhG/qIH+ben1B2jOuUYqmrFzw4uVT9QnXKw6c02bbAV0ZD8FbWKgnp4A3XqBoZPuQn/zTupMDmSeE28CjfjFxx//W/UWBXgM6rrAhhz9QoCQ96loKRXqt3ndCOW4ud6lJx/PUxxrQJspLLGnzE3LSEo+nmys851DR0UJY/S12bg6BZn3+97O7+uUFU3plwyAa+ybbywuYNgHxAxYRJRth9Y9dy77DMpwG7SlDAeXzydsa67+c7Yt3VUlDK2Pv1Ltjpe9W1h54Fz1V7FksW6NTuZ8usZzB2zhv8ePPtwrdFoBGdXXHqhfkIIIYQQQogza72Gn3MQ0QOCsBenkltp6jiQ15U0ok+cmoL7/FYrl86IJN5Npby4kP9tS+X7mtMBqlFz5vBoTDEPv55MatP1UWNH8tEiHz7737e8W97imqngFTeEv02PIsHdRnlRIe9+ncqumu7XT00Yzdr5oWhPlWnM5bFXjnCwgz7iFRLJzVMGMDrIFXfVTEFhAR99l86emr5cKN4N90kPET11Bm6+PijmMhoz1pO38T/Utl1Hyq6iG/obhixahoeHBXP+l+R+/BRVld1/6FVV0A+4majLV+ATGoLWUkT9sbfJ3vgRjZbeCAypNGQdwzZ9BK5+QBGoqjMuAYFQeox6C81xAmtuCiYm4xIINAX8vJZ9zZBB2zj2xN+aR2epiU8y4aZEiv61iPziU+uWda0davTvGPPzBVR99DfUiQ8QGOaDWptCxVd/IfuHLFAUVN0lxP/hOXxS7yfpw23NAU1VO5f4P/4Tz0O38cPa/SiKgrN/KDQmYag53Q57+ltkrNmLtUU/VVUFfdztRM9vOYX5f2Rveg9D4+n6nZqynbneTNCCRbi5mTDlfknup09T3eL6qqozbuMfJvaSS3DzAFPm+2Qnt59C3HYqdtsp2ABqwl8Yd9sy9M3HHmbiUw83lWOj4v2RnDysdDm/vmivQzzxsXqq9vzQ6YguvV4PVgMG0+ljxRuf5IHtCoamYJ86/Db+/auZeDTX+UZefuvG5vY61rZrat/A63n24Ukcee1tbDNXMiXGE3NVFknr3uT93UXNQUfHNNXxp+8vDTt47hevcqzNeYlf+SwPT07mjdVWZl4zhUh3MxWZe1n79vsklZ6+fqqqI3zqDdy0ZCxRPjpqs3bw4UE/7r42kHW//RObys7t37autldV9UTMuJGbFo8l0gsq077ivYPtf8hRVQ8SF93MVbMTCfP1QGuppSwriU3vvsOugo6nxluOHSS1cSZxCdFwMOOs21RTVw+unnhrgf6djS+EEEIIIcRPTnPAT1WdCIiKxkPTSKXqjIu2HmOb/yHvShrRxxR/Fo6oYNfeo2x19uHS8bHcf7mJrPdPUtCT4KsSwBUjK9i97whfN+X3wHwT2R9kUNjd/PJP8o+NBWiAkCHDuCWi42SqVyS/WTacmMoc1n5XQYXGk6lj43loiY4/v5fMMVvfPGgrIx5lyLIJGHa+SXZOMapLDH7T7mDQ9Y0cfvnN1lNcNRMInZpExbbHKXUdSvCs6xl4XQWH/v1K96fC+t/MoNt/hVPehxSsO4bVcwwhs/5IooeRw+9s6JV1zbCaUdGhaf5G61A0gGpr/Vxts6OiRdH2oIxutUOLz+QrqTr2Mpl7vPCcdAchVz2JKX8FReWA5WvKjpYRMHIxvvptVDXFnZTEy/B1KaR4//7mHxMURQtq6xuNYkmjOimNViOegm5j0G334JT7PgXrjmH3HEXQzN8xxNPM4TfWtK6fZjzBkw5S8dXjlHqMI3j2ShKuq+DIv1c1TdcEJfpeEpYvQZO+mtwtadj9ZhA6ORHaTrBunooNLmMeJjqug3NXsIbM9/ei4IT37McIYi0nv9nbFJSxY8ruZn590F4A9D54uUJVRVknhULe0WSq5k9l+S0naFy/m4wqC4q1geoqaL4eOV/z1qpkdDiRuOgOprOdNzYmYwFApSK9ba5aEufO4tj+taze7k7szEVccvtdVGb9mc2nRqIe38hLL+5CAwROuZkVgzutImgGM2d2OgfXvc12ryHMXXgZP7urlj//ZQPFTe3VDFjG3bfPwvXEl3y6PgtTwCjmzhmIQvUZMu5HXWyvLm45v7hlGvrkL/hkbS7mwFEsmBONHVOrdE7jb+Du5cMo+notbx8vx+IUypgFS7ntXhNFv/kfWR3dh9RyqqrBy8e3V5
<p blockindex=22>之后会调用build进行生成</p>
<p blockindex=23><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABQcAAAHVCAYAAABMhE0BAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeXhU1f348fedmewrZA+BBBISCIR9R1bZRBEEQRCpW91tbavtr99W22qrtnWrVlGsOyogKCKrgIAihB0ChBCyk33ft9nu748JIQkJmclCWD6v5+F5mMmZs9x77knuZ845VwnvN0hFXMLF1ZnKiqquroYQHc4QuLCrq9Ah7LLWdnUVhBBCCCGEEEKIq4aXV3cKC4ts/pymE+oihBBCCCGEEEIIIYS4BkhwUAhxzfn69QWsXr26q6shhBBCCCGEEEJc8yQ4KIQQQgghhBBCCCHEDUqCg0IIIYQQQgghhBBC3KAkOCiEuL44+RHZrwf2qjxrSbSPxs4BB4cL/+zRcGmfUnQN0zigVaTfWcvs1JPICB8cmjmuHVaGCho7OzQyHgghhBBCCNEiXVdXQNx4zCrYKSomlK6uyhVhVjXotGbM5q6uyZVhVjVoNWau9L24GVciZ9/DkmkD8c7ewJ/iMtBf2SpcUTdav7rSzKoDkx5/nbsiLOOUqhaz+7U/sS65cbrIu//OE2Nc69KYOPbRk3x49ErW8xruB56DWfDrWXhkH2PLF1+yK6Wmw7I248XwO5dw++hQfJwz+OaPr7KrvMOyF0IIIYQQ4rpiU3BQ23s2jy2JIHXt22xKMNS/P2DBn5jXT3tJ+qQt/2T1ccMl74urX/jYUbwQVsQ/PkvgtNJ8EC909EheGuxc/1o15PDqR2c50kJ6ALPqyNy5I1jqXcP67w6zpqBzA4RmFbr1n8XCeePpH+COUlNIWswu1n29l8xapUlaDaE3zSGKGDb9nIL5Mu2wvnwfZvz+/7ijZzFbX3+BTWlXR0DUZfSD9A9P5exnO6nogHZeYFbd8b/9F/TyKSNzw6dkF17M22nU/Qwc0q3+tao/w7mPt1JmZfnm3rMZOa0bGas/b6ZcZwYte5qHxziQvPMT3t95lNIG+ZqHP8g7DwxD26QstWo/bz+9krgm7yuD7uXVR0bhWLGfN//wOeeaqaO1/aUr+lWfO1/g6ZFnefMPXzRb97aV2THtMKtBLHjh/5jqZSbl22d5fWcpZrUH8//2B6Z46cja8lf+ta2gy+rXlHp+F++uP4keA4WZl/48+fsV/OegFjxGcPe9YzukTLOuJ1PvXcqMyEDcHbVoFIWsrf/gHxuzGqfrgPGl1/y/8cdpvvWv1drDrPjNR5y09roc/iDvPODLlr+9xNZ8G8vP2sKbrxYya+EdLPj1b3H572tsTO6YkH73Kcu4b7IP8VtWsS45m8zKDslWCCGEEEKI65LVwUEzPky6eSgOKVvZfU4PDW4cUvd9xVcnL7xWcO8/jemRKrm5Ehi8nmWdjeeVHEsX8g4L475e1nxKxWAwYTSb0F+JmS6BM3jssdvwSN3Dpi/TqO0+gKkzlvBrlxr+9v5hqhvdANvRa8QMZlLC9z+nUNshFTBj1BswGGoxmjokw6ueajSimoyXzBysjd9OfI49AA6hUwkO7rgyHaMWsHSsBynfvsJb27MuDQwlbGfFikNo6MmU+2/F/+w3rIrOA2MRac3k1yciDMfqKqpdQ4noAeeymklkdX+5XvpVx7YjJyubkP6DcNrxE5V+gxjgfp7zeX3aMZ29M44zUJ1Pwtl4ahUFmpntXJ2bxLlcMPv07rCZqt2nLOLOIXYcXPsJMSWW36PVOYXNpGx/P8jb/yXvJToA0G3EQhZFtbHSbaBRzJSlRLP6jUxqf/80M5fdSszz33C+A2aV+wX4ois5ztbNB0lp4dwJIYQQQgghLKy+D/MYPoNRPnlEbzhGZZMb78qcRBJyLP93CJnBL/o7kLjlY3Znqo2CiOLac7mVodWlZRwptfy/p7cJrAgOapRatm2NZhtwJW7WegwfSU/TST58Zy3H9ApwmETFn7/OHsMwx8Ps67AIQvM0SiF73vp/7AGuvpvTjl/3q1HKyN/6HvlA0/aaSzMpq+svjj4dt+DXrDoyavJw3At+YvmOZgKDgKYsndMn0zGrJoaZwaswmZMnUyw/bJLerHoR3rc75Sd/Jnn4eML6uUFWRYfVtyNY16+utv7WmCE1lZxRkUTa/0TS4AF4nY0nOqgPfbq6YlcBXy8vlNIT7PvxKMmX+R3aEeNLTc45Ttb9/g4MntumPNpLYzjPxm8OMeZX45k6aAOfnGz/N0c1NXpwcMChA+onhBBCCCHE9c6q4KDZIYKbJ/Sm6vjn7M9rOeCneI/kzvlDMB74gvUxxRIYvIIuLAN+5ycTN48NoI+TSmFeLl/tTSa67GK6gTeN5tle+fzli6T65Ybm4HBWznBny7rDrClucM5U8Ajpw1/GBBDmbKYgN4+v9iZxoNz282oO7cfqqb71yzrV2ixe/uQcMc30ERffAO4Z2YPBPg64mA1k5eTydXQaR9qwX5ROpwVjFdUNYlE529/kT/s0VNcFBs397+a1J8fjUl+Xu3jj3bss9azfQ6zuWPW5k5efHsHpz1ZjGj+f0b1c0Zec5/jGL1l3JLc+MNV0GWtLy1cvLP/8dLWRCQtGE+Sspyj1KBu//JoTBReDd2ZVS+CYhSyZPYSeHjrKU6NZF+PJw3d6s/G5f7K9qA3XmllF1+smIsYOxsXZhD7vLBk//URJxcVyXcc/TL9e8cR9uaf+SwFzr5mMmOlP7tpPyCype6/3bEZOi0BTf35PEf/JdsrbvPRUi3P4JEKGhePsBPrsY6SmthTM7EOfEDtKDp8kvSMCYs6RhAeaOf/jLtL8b+KWsP5ofjh08dxa2V+6sl9ZfmjGddB8fnPnOILdTBSnHeW7L9Y16lfhS17iqQEneO3Pa+qDUOZBv+A/j4Sw+8Xn2ZhlYztUcAudwsI7JhAR2B0HYxFpJ3ay9ut9ZOkb19GhMoGY4rsY0M8NtwGBxB/YgqZ34yZYk59t9bMneOJ85k0aRLC3M5raMnLORfPduq2cLb1cp+h8ZjTYO9ihBex1gKLFztGxPrhlMtRirIuZWdsPbDkfVtVRtaPHuEUsuWUwQW5QlLibNScu/ZrBrDoTMXMJ8ydG4O/pgtZQTkFqDNu+WsOh7OYDf8azJ4ivGUfvsF5wMtXmujVVVlEBTm64a+iM70GEEEIIIYS4rrQaHDSrCr0m3kx/zTk27LncvlrujJ8zg2BtHqeMnng7ZpDbybOyRBOabtwSWUz00XPssndj6rCePHmzgbRvzpPVliCN4smtA0o4cOwce+ry+9XNBtLWnyfb1vyyzvPq9jw0gF/fcJb1aD6Z2TWAp2/tS6+iLL7bX0KRxoWxg3vx21u0/GNdEnFm28rNPBNPyfTRzL07iZrNR0gpNaAxVlNaCvUzbTL2svKjeHTY0W/WMsazj5Xb4uuWCKoUJzXNVUO/SeM4c2wzq/Y5EzJ+JlPuu4/i9H+xI68uSf0yVvAZvYT5EZeppCacyRMTObF5NXtd+zJ15hTuf6CMF//1PXl1x1nb61YeWnYTTgm7+G7LefTdBjJ1UigK7YhoaIIJGJhO4fEd5DsE4DNkOKHTqji1/hB6W89vziESvo8DwLHvdHoFtb1aABqfMYRNGoQm/RDpR/NRXULxH+APzS3c1Hrg7gTFRc0tu7Sdrl9fgpUsdpzLIalHMXbDw+nLIeIvJLC2v3R1v1L6cvPUJI5vXcN+52DGz5jC/Q+W8eI/t9X3K6vY0A6N7xQe+dV8vFN/ZPtXaVS7hzJhxlKecjPwwopDjWada7V5nDpdyUPD5+IenMzxFWZ6L2hyRKzJz4b62Q9dylOLw8nYvZ11ySXonXwZMmUmDz9Yy4uv/UBhV36h5TOdP/ztdoLq6zCBp96YUP/jRnsOWtkPbDkf1tD1vo2Hl45BF7eTbzdlYuw+kJmTemJusojbfugiHpnbj+wfN/PFuUKMDr4MmX4bv3i0hpy/fMP5ZoPZRRSXwiAPT5vq1JKq6hpQ7HFwADruOSdCCCGEEEJcl1oNDmq6j2X6cHcy96ziTI2CWR3Aoj/fARv/wb
<p blockindex=24>可以看到，在<code>buildInSql</code>中直接把参数拼接进了sql语句。这里之所以两个处理函数，是为了应对多个<code>where</code>条件的情况。第二个参数<code>field</code>就是表列名，不同的模块，不同的表列名。这里不用理会第二个处理函数，因为sql注入的时候，直接用注释符把后边的语句注释掉了。</p>
<p blockindex=25><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABREAAAJbCAYAAABzZtObAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3hUVf748fedyaT3XkkIEHoLUgQBaYIIKqJiw7qrfO27rvtTv7ir7q5+bevaUCyriCu6oggKgqJY6JhQE0xCCum9TzLJlPP7IyGNEDIpBPDzeh6eh8zcOfdz7j1nZu5nzjlX6xcZrRCn5RcQSElRYV+HIYQQQgghhBBCCCHEaYWF9yMnO7PHytP1WElCCCGEEEIIIYQQQojzkiQRhRBCCCGEEEIIIYQQHZIkohBCCCGEEEIIIYQQokOSRBRCCCGEEEIIIYQQQnRIkohCCHE+cQtj5IgIHJXcM+t8oTc44+x84p8jDpx8bjUHpxbbOOGgk/MvhDhzlFsUI4cF4dzO+1OP7UOB3mBAL59vQgghRJ9x6OsAxLlHKQ1HvQ2zTevrUM5rSjlgMFiwWPo6kjNDKQM6BzPK2teRnJsUnoy48naWzh1DQO5aHjqcSX13yvuNtb/OOtPHRSlnZvxxJTcM0Rr/LmXrMw+wJqX1dqNufYkHprg3bmMlbuWtrNhzZmK0h7Srs4ucj3PTWXnevGNZ8qfL8crdy5fvvc83qTU9VrQigAnX38qiKTEEuh7nvw/+jW8qe6x4IYQQQtihy0lEpQz4x4whmCySkvOwaK0TSkrnhn/UIEI8HaEilSPpJd0OVvQ9pVxZfO1Ubg6sZe2nP/JhYe8nEpWCISMGM5F81hwpx6ydmX36jLyCGxdPZ2iYFzpTCenxm/nk4+/INLVp60rHwBlXM4Y41m87dlJf6Nr+g5i//G9cHVnCV888wrr0syNh67ZwCyPG7OboU3+hsgfPg1KRhNzzKZGheWS/cTk5Oc1luy7YxKipEc3b1n9N0vKHKe/k/tXofzLx+n5kPbeYvFKtxWOz0bV936rZwNEnHrO7bkqBIWYZ/ecuxivYF60uj+qE1WRs/JjaOvvK6kp9lXJn7B3LuXuKM8e2vMmKzXtbba/UCH73+sMM3P4kj36c1on69Fz768n+8VvulypjC69+eoB6zBRnnfx8ysaXeWGnA3hNZOnvp/Z6PP2ve47H5wY3x1e3i9fvWkF8h+307GxXnd7nxHt5567x6Nu+bxh/5qV73uJIm8e12Lt47d7JOFf9yIv3v0tiOzF2th590Z4HXv8ij16YwIv3tR971/bZM/VQKpIlzz3FHH8raWsf4pmvy1Aqgmv/7wlm+zuQ8+XDPLWhsM/i6wrlEMWcO29n/ohwPJ316DSN3C//l+Wft+7wPdGPutJ/W8Uw8V7euSuIDY8s58sT3wOzN/D8P4pZcOMSljz8CO4v/p3PU7rzU1Yzv0t+x+9mB3H0y1V8ciybTGOPFCuEEEKILuhyElHziiDQzUp5Wv7JX7IMXoQNGISvoZaaekdcuxulOIvYqDdbsVgt3RrlZB8dMYMHcBW1fHqkHPOZ2GX4Qh64fxFead+y/v00TAGjmXvpLTzkXsNjr+7C2KrNO9J/4mXMp4yN247RMwMDbJjr6zGb67D8Jmbt2LDVm1AW00kToer2PsWvaQ0jrJxG/5moYT2wu7R/k/zBJmAwIdffhUvKy6T9chxs2XRp7ETwnQy55W4cs9eQ9dkRbH5TCZn+vwxzNXJg9ZdY7bgQ7Up9ncbewC0XeZO29ile3Jhl1/7a15Ptrwf7x2+5X5oK+TXhCCZNA04+vzV5SSTmgQoccEbem/N/WsVryU4A+E68ketHd+ZVZ2m76qxfv+L113aiI5JZd15JaOJ/Wb09DyxFZLSz+cChg3GuqaHGYzBD+kFiO8nfztfjfGnPPVuPvNxcoobH4rppK8aQcYz0TOd4waBuTLPpg3bVyO+Sm7hurIFda95kf3nDnmtz20uEdv+8da3/dkzTLFSk/sSHz2RRt3w5829fzP5HPyK9nfcrewWHhuBQvpcv1/1M6ineA4UQQghxZnTpe5ZSTgQG+6Ez5lBUoaDNBatnWAzeWjFZv2aghY+XJOJ5RNNMfPXFVr5q+KuPo+k94RMm0c+6n5UvfcjeOg3YRbIWytMLpzLOZRc/mXp3/5pWxNbn72Vrw1+9uzO79fzVpqZlUfjONBoul1rX11q4m/LG6yiXiHt6Zn9VRyhPPIJSFnxt4Fy2n/LE+BPB2F2e6+hLcbP9QMq7T1Nq1oAvqaA/Y2ddjq/zlxTVdb4se+urlCuTZ03As+g7XtnUEwnEs6f9uUSMIrz2ICnFDTFIv+yeoKGj4dgBCszdj702N4H43Ib/h0dd3anXnOvHT6vI4EB8BkpZGWeFgKIU4uOTG59sOxI2gGExflQd2EbKhIuJGeYFWWfX/MtOnY+z/Ees+tRU8i8cwUjHraTEjsL/aCI7IgYxoK8D64Jg/wC0yjh+/G4Pxzp4H++JftSV/ttZmjmdLz7dweQ/TmN27Ke8Hd/9VKzJZAInF5x7ID4hhBBCdE+Xkog6n3D8XW2Up+dR384XHUtFBmmZhdRaNXy6HaLoiqFTZ/DM0CJe3mphzrQIBroqivNz+ei7o2yvaL4qUCFD+fc1YcR/cxjLiGFMDzRgri5n1+4jvJNkbBplqmLGsm5eSNM0LmXK5Kk3D7Wa+qJ0QTx21ziGJO/hlq3FTRdVShfAQ78fz8hje7it8XGldAwaNZRbRgcT7WlAbzaRnZPFf348xn5j4+siR/CfK/rh0bSPkXz84MiG55SNXZs38WzyiXXCFD6hUdw2JYrRAS64WGtJOZbKuz9lkW6x/0u2wWAASw01LZI/+V89y0M/atQ0JirUyNt59Q/TcW+Kbykr3l/aGM+JNcka4xt0Iy8+OolD76zCOv16Jkd5UF+WTtwX77FmV15T4qftdLlTTZM7Mc3s36stTF8ymQi3ekrS9rBu1RriCm3N50Q5EDblJm6+Yhz9vB2oTP+ZT+J9ufu6AL74f39hY1EXLkBsCofhf2bogkW4u5upz95C5trnKCttvlDwXPQ9Qwd/x5Fn/t40OkwNe5YJNw8j718LyM5vf1pxV6cTN9fXCdfxjxI9axau7lCXtoaMBNvpX3gKJ6Zvp62vJ3D+Alxd66jL3ELm589T3qK+moMBLFVYWgyTrdt2B3F79VhbtCGlnHGd+BjRM2bg6q5Rl/4xGQnRDFnUerq1fQYyMNpA2e793R7x0dn2p5Q7wxbcwtUzhhHq447eXElRehwbP/yAnTkNx9ue/tGWS8QE5l1+OTNjPdj9/P2kFDc8Lv2ye/rNuJffL8th77cb+HJLXI8kEzvjbGlXZ5T7KGLCbWRs+5bjoTNYEDMCh807mj9TO1mPvmzPDU/acI+9nj9fN53+nhZK0/fw+fsftWrPw255mYdGxfHMH1c1Jb9U7F28cW80W//6Zz7PsrMeCrxi5rHkmpkMDffF2VJKetwm1ny8jew2y0M4V//K/pKbGTnCC49R4Rz9+Qu06DZV6ER59sXnSP9ZN3D1zLFEBrihN5WTm7SddWu+IKGso0bRzuHFAUdnB/SAo4MG6HB0aU6WWS0mzI0fNZ3vR50/fp2KURkIn7aUmxeOI8ITSpO/5T/xqsP8svlIPEdrpzMgJhLiU+3eZ1sVVdXg4oGXHuj6R7oQQggheoDdSUSlnAkK9kVvyqWo3NbuqJ2asiLOxVEG5x3Nj8tGlbBzz2G2OnkzZ3w0D15aR/qaY+S0Om8aI0dHcCAlibeOGIgZMZD5c8ZQWLCDzysaN8k+xv99lYMOCB46glvD29mftYDtxy1M7B/MSIo53Piwrl8wsU517EwuaWovToNG8tQMf9L2H+Pf+bXUO7kzacwgHrnUygOfppOvaVB4nNc3F+OAjtHjxzCbTF7dV9w4VU9RnNOiBt5RPLJoGIF5GXy+rQKjqw/zxo/iKVcb932Z0+n1807IOpxA2bwpLL41idr1u0gtM6NZjJSXNRwvAI5/z/srE3DAkWELfsdUfuTfXyU0TrdWlKS0LVXPsNkXc2TfOlb/6Eb09AXMumMZpel/ZVNB4yZN0+UgYPItXDukgyB1Q5
<p blockindex=26>现在的sql语句虽然没有过滤就进行了拼接，还不能100%保证一定存在sql注入。还需要继续跟进，看看执行sql语句的时候，是否用来占位符查询。</p>
<p blockindex=27>跟进另一个Query函数，这里正是进入sql执行阶段。第一个红框把表列传递给build生成sql语句。第二个红框进行查询执行。</p>
<p blockindex=28><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABWMAAAINCAYAAABbDW3UAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3gVVf748ffckl5JL5BAIITQg4CgdBAIYEMpqwiWVXZV7P50V9ey+9VVYbGi2FlcwYogTQEB6WCoKaT33nty2/z+SLspwNxwk4Ce1/P4PHLvydxz5pzzmZkzZ85IfYL6yQgAeHh5U1xY0NPZEARBEARBEARBEARBEIRLCgjsQ3ZWRk9nQ7CAqqczIAiCIAiCIAiCIAiCIAiC8EcgBmMFQRAEQRAEQRAEQRAEQRC6gRiMFQRBEARBEARBEARBEARB6AZiMFYQBEEQBEEQBEEQBEEQBKEbiMFYQRAui1prh51d0382aGj/TkBJY2uWxhaNSrw3sEOOAQwd0hsbWewfQRAEQRAEQRAEoWfIjsEMDffBroPre6v9hgxqrRb1H/D6V9PTGRCuTLIsYaM2oTdJPZ0V4Qomy3ZMeXwtfwqTGv9dwu5XH2FDYut0w5at5pHrnBrTGIlau4w1x7o7t1cuGReG3HwPS2aOwCvnW544l4GupzMlCIIg9BhZ1qDVGjAYejongiVEvQlC97F2fxP99/KI+ujYVV0OtwgWPnkjrjnH+fGzz/k5ucZqm5bxYsziZdxyXSjeDul8/eg/+bnCapu/KnQ4GGvnN4wBvvbtPi9NPUpWWdOgC9i698HfzwMHrYRBX0Nlbhq5pbUgiQG8q5ksOzB/wQTu8q7l22/280VB19enLEPYkIGMJY8N0WXou6ENyWMf4uMHRqNu81ty9QFWP/gh0VJLW3cfehN3zJ/EoABXVHXFpJ7cyVcb95BRd3W0ddl1Jn//z2J0Xz7Eyj1VLZ/Lvtz6r9eYWfQRD715AENjmZ0GzGTR7dMID3THpq6Y9LM/8fXGX0i/QHnltJ9455vT6NBTlNn++8Rtb7HysAZcx7LkzxO6pIxXK1l2YuS9z/HX6+xI+ukD1uw8TlmbNmkfPJnbF8xkWJAnDoYycuIPsWnDZmJKG+4g9l30Os/P9G3ZZv0R3ntgDSevwlgsy0O4772nGO8gY9RVUph2hr3fbGB3cnVPZ61ZT8SrDvMROpJNsxzZuO4AX5d3TR5EnLRenOwuv6d4oJTSdtpEiniAdx8aj13lflat+ITYDvaNLKvoP+U2RhDF5r1JzfXe2XQWlUf2IfK5f3JbUDFbX32GTamtt9l/8SqeHRfDqoc7znvnftM65ZDlIBa+/jIzPI2kfPsEr+4oRZZ7s+DfLzLdU0P2j0/x8paCHstfZ8iaYGbcfw+RQwJxsVOjkiRyfvw7z33f+oTnUvWmxOX234a+4MOWZ57jxy44f5e9b+Tlf8+n94X6w/n1PPjvn6mzoH6UtOeuiGtK40b/xav42w1eDd+Z6qkuzeb8oS1s3BxFidmkFVkGt/C5LJo/kYH+7tjUlZIVs5uvN/5ESvXVFX8vdd7ZXS7WnpX0N0vihjX67+/d77k+zGOMLOupqyghJ+EQmzf+QHRJ57d7sXJc6fEegKwtvPF/Rcy9YyELn3oGp1X/4vtE60wZ8rjhPu6b7kPcj+v4KimLjCvnUq/bXHBmrFxXQGZ2CUazzwxmA+GSSzDBwR4Yi7PJrtRj4+yHV3AYGM+QW/nHm2L8+2JCpzdiMBq6cXaeitCBIdxKLd9El6Hvjp88v5X33j2MiiCm3X8z/rFfs/5gLhgKSTNPFziPR1bcgmvKLjZ/nkKd13Bmzl7KE041/O2dI1RfDRe4ZbHE50tMCx2EtPs4clOeHcIJ8Yf0wzHNB0S51zSWP7aYgMxf2PFFItVuYUyLXMajDtX8/b1j1HRU3roCzsdEN558t/++Jjee2FyQvUPEjM82bEf+iaXXu5Hy7cus2paJse1Fgcs47nvibkJLDvHTxs2U2AQxLnIeKx5T88pL35JulMj7dR3vJtgC0GvsHSwe3hMlsZY0dn34Fqc0EhpHP8KnzGbRUwFoX36JHTk9nbcmPRCveoqIk9aLk93k9xUPFFLaThv1HzQQu5oaapwHEtYHYju4iQg29B07h0hK2bY3iQtPaFGazhIm9Doden09hm47pbZuOXJzcggeHIHD9t1U+41iqEsq6fkDLuORvK7Yz8p43HAni0ZqObLhA06VNfxybU5HA8qXX29XfP8tPcqX72bhCEAfpt53C/6xG/nicH7D9xUZ1HfBz3bJfrEgbsg159j0yR5y1A54hIzjhsgVPO2ykuc/P9d8Q1YVdDOPPn4zrsm/sPN/iVS7DWLq7Dt4wlPmH//+meKr4TiIsvPOK4OS/mZJ3OiJuPt7cvXXh1x9hu8/3Usuaux8BjE58hYeetjEyy9uJqfT/ffC5bji4z0gSQbKk3/li1czqX/uOSLvmc+pZ78ktYPrfUv5+vuhKTvOj5sOkHyBMYTfuwufExlqqS4va3PHomUGjJuHF9rKdFIy8jFIEnJpOQabkfh7uJNTUYx0lRxwhPYkqY6tP+xma8O/ejg3XUcqT+P0yTRk2cgoI3gVJnLyZELjly3lDhxzLX2Mp1i7+guO10vAERIkf16ZN4FR9kf4ta5n8m8JScokPrGCyCGDCOE4SU2fhw2gr5TPLzElNNW15/jrGaSJ5tO31nGopqG8sQSwcv4kRtkd40BXnGX/QcmyA+OnjcGlcA9vb28/EAvgNGYiIxyS+fr5tfxUJgFHOV7syn9WTOT6Ad+Sfh5qc2I42ThQGRh8W/cW4jLZ9x5GYO0ZEosayi5JVWScPUlG4/fHTuRh/8bDzLhhMDs+j+m5jP5BiTh5eXHSZ9BwSDpNvr77jqVXczzoLKXtFECWvQgP9aDy9F4Sx0wmNNwVMq+s5+IkqZDdbzzE7oZ/dZzoCh8s0CUnkzduCENtdpMYMQzPuFgO9R5ASE9nrBN8Pb2QKqLYv+cYSRe5vlFUb5dwpfdfSV9A/MmGgWhZ1jHyHvAoiufkyRSzRJ0o+yXac1fsF0viBsZiUqKiiJUk5OMHSTK9xnMzZjHmq3Mcajy+DZo8hT41R3h71TrO6BuOC6fLXXnjnqlMDPyZTdlWyXaXU3LeeSWwRn/ryu390fwu6kNfTFJUFPGSBJzgVK03b901ipHem8kp7NwmL1aOKz3em5P0qfzwzSHGPz6R6RHf8NHJy78lWldXB7b22Fkhf1eri9ygvti7vWzQaCV01dXNg7WSZKC2th7J0Q4tdOsd6z+qQROm8OqgQt7abWDGxN70d5Apysvhyz1xHCxvOauR/Qbx6e0BnPz5HIYh4Uzy1qKvKuPI0Wg+jm+pw4ZHXv2aH9eR6zJ4+YOzrabKyyof/vbAKMISjrF0d1HzyYqs8uKJP49maNIx7m78XJZVDBg2iKXDfennokWtryMrO5P/7U/iVOPjOnLQEP53Ux+cm39jKBsfHdrwnWziyM7tvJbQdBNAxt0/mLuvC2a4lz32xloSk5L55NdMUg1dF6S1Wi0YaqgxG4TM2/oaT+yXqDEbYAhf+hZPDIvi1cfXNZ+syxEP8P5D/dj9wtN8n9nyuNOz42L4+PNaJi2aSJCLgdLUE2z67EtOFLT0HFkG19BZLLx9KoMCe2FnKCE1ajsbNu4lq96sTgbcwapnr+Xsx+swTlrM+GBndKWpRP3wGRuO5DYP8J2PS0Q/YQCDfCCpcUJHcGgIdtUJnE+n+fjg6+kBZQnkVLd8VpKVR40Uio8vkG7NvWs5WbbDYezf6DdlCg5OEvWpG0mL6UfYLX3IfH0+uSUNmXa55RcGDdxD9Kv/ap6VJ4e/xpi7wsl9cy5ZeS03l7R9l9Jn9gLc/HxR63Opil5H2tavqTUbQJGDniHiL5GUfv0v5LFP4OXvhlwRS/Gul0g7ldrQ5jXT6P/31bjFPUrUV3ta+od6Ov2f/w/Op+/h1KYTZjer+tO/n5bSo6cueIfRx9MDahLIKqW5PvRx2/n001hqizuz/2zoO+1P3DZ1JEFejqjrysiJP8imDT8QU2qezonwuUu5bUo4/u5OqPUVFKZGse2L/3I422Rxurbse49h1o0
<p blockindex=29>把前边<code>where</code>语句拼接进整个sql，用<code>DataAccessUtils.query()</code>进行查询。</p>
<p blockindex=30><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABR8AAAExCAYAAAD1KNWJAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3hUVfrA8e+dSZn03iuhN+lFkF5EEBERESura9m167prYfe3667rWlldQbFXpCmKIAgoXXoIEFpCCqT3nkwy5fz+SAiTAikk1PfzPHlgZs6ce+655965973n3KOFR0QpRKv5+PmTl5ONwckVY0XpxS6OEEIIIYQQQgghhBBnFRIaTlrqqQu2PN0FW5IQQgghhBBCCCGEEOKqIsFHIYQQQgghhBBCCCFEu5DgoxBCCCGEEEIIIYQQol1I8FEIIYQQQgghhBBCCNEuJPgoRCvo7Q0YDKf/HLCj4bxNmp2jTRpH7HQyt5MQlxyXEHr3CsNByf4phLh0KJdIevcIwNDI+UWbLUOB3t4evRz/hBBCCNHO7C52AYQ4G6U0HPRWTFbtYhelDqUMjHl6IXd002pe57PhlSf4Jr5uumvmzOOJ4a41aSzsWziHBbsudGkvf0rZo7MzoSwXuyTiSqJwp9fN93H39X3xS1/OM4dOUXWxC2VDKTvs7c2YzRe7JEKcnbTTduTZn1l/ugmP9N38+OlnrEsob7OsFX4Mnj2H6cO74O98kqVP/pN1xW2WvRBCCCFEA3oPT6+/Nzu1SwRdekZhKM+ipLLhx0rZ49tlAFE+VgrySrBqms1nGk4+EYRFdiQkJARfbw/sraWUlptAu7SCSy3h7OJCRXkZdvYOmM2X0qXrhdF9xBg+muTKsb1ZZJ5lO3a+bhSfTu/F7KFdmD20C7cPcCZ5dyap59juSjkz47axvDw6BLuTyRwsa982oiY8ROXzszDfNKHOn2nqWFTWBvRptsu3o+N1U+lVuo7/ffgt237bxeGTeZSZ65axJOMER6J38NthM50GRFC873v2pF2+bf18ed2xhz4DC0jffxiln0bXl5fRMTSdtJhjKIdZdPv3/3BL/IzCAtvjRgRBj6yl5003wvFvKClpWH9K2eM65EkCQiooSc1o9HjiMvVn+s/qTMnmjVSepd21pHzNye9iaqx8yuVWevx1MaGuu8g8nt7mx93WbN/2pPq8xZCnHsAavYTSirrLVMqVfvf/lcfG+5G24VPmf72JrCrbz8Gr9zTu/8ND3Hvnbdw44Tp6BFhIPZZIkbl+Xjo6jZnJ2Egj8Un5dX73Wl12FcDkuW/ylzuHoY/dwLHCS6+NnUun2W/y+oOhnPgpmpxLcP9oyfZtSofbX+OtZ+5m2s3TmXbzdG66IZDUH/eQcQHWW9rpxaOGPMpH/5wKO34lrr3OT4rjiT6ci3PPMUydNAC749s5mt82d+F8Jj7Bn28K4uTab1iyehtH0wsxqqtn+wkhhBAC3N09KCkuumDLa3bPR6UMBIT5Y1ecTGaRtdELV80jDH8XC4WJmZjrfa7z6ECHcC+q8tNIzTBh5x5IQHh3NHMM6cUy3ONKlnb4EK+kVzc1v649ub9Dc75lpcpkwWwxX7DeSEqlYffBBnR1enBYIeksXzBmc+xwLEZNAxruD+UZxzmSAcq/4yXVo+piqSzOgY7+2AOVPiEYTGVYPYJxACq9/XEkh+L8+t+yYq0yoszGcww8c8C17xxCyCRt1/4LXL7Lg1J2uE14AHe2k/jrvna54XM51Z9jvzu49zpPEpe/xJurU7DUr4/QqTzx+HQ8Etfzw2eJGP36cP0N9/KMazkv/G8HZXXSO9BhyBQmU8DqjSdomw5gVkxVVZhMlZjl57HttWj7nlvmls95N84RAO8hdzK7T3sVuhHSTq9ommamKGELX72SQuXcuUy+bwb7n19EUiPnGy0VGByEXeFuflyxlYSznMMIIYQQQrSlZgcf7X0i8XWsICc5u+GFGqCUI/6BPujK0sgpUnUubpVSuHt5oy9L5eTJDMyahiooAce+BHp5klaUj3YJ9o4QzaTUOZ9IVF6Qz86C6v9H+neFZgQfNc3Iqu83sKr61fmXsVnK0GJi0Tfo+SJtsy1UFWSBmz8GoNI3FIeck1R4B1e/9grA3pyJsbDudzQtheyPRpJd/eqSK99lw+sOIgYGUrHtabJL26ez+eVSf0o5M2zcYNxzfuGdnxoJPAKhg4cSbtnPwnlfsbtSA3YQpwXz76kjGOC0gy3G9i2jpuWw4fVH2VD9qn0XdhVqy+1bkX6Y6PSafCNvbZfyno2006uDZkri+2XbGfb0SMb3X8aH0ecfOjYajeDohKENyieEEEII0RzNCj4qnReBwe6Y84+SU0Gj55g6r1B8na0UJmVQVe9iTtM0rABWK2cGjJiwWkHVfC4ujO4jxvBK9xze3mBmwsgwOjkrcjPTWfTLUbYVnQkh9h07lr9HZvL8x4c5enrYZlQflt7oyY+LNvFVrs02U+DesTv/GhFOFxcLuRnpfPXrUX5rRQ9e1aUfKyYFoT+9TOMpXnr/INGNtBH3wDDuHdaBfv5OuKgq0tLTWLolnp1FV14XDKUMOA95gagxY3B21ahMWkzy4Si6TQ8n5bUZZORX14/79F/p3vUXYl/5V22vF9XjVQbf04OM/95Iaubp51SCfYd7Cb/hNjyDAtGbMiiN/ZzkVUupMNncOIh4jv5/mEzB0n+hhjyDX7AnqvgIeev/QfL+JNA0lN04Or04D8+jT7JvyS+1kS2lH0+nv76FW8x97F+xB1NBNlYXX+z1YO8VhMqKpTIgHEcH0DwCsCtNolIBWs2Q2dnj0Z3Oq3wlR//+AsW2NzW6/IOB903Hvva95xny2vM162ch75s+nDhQt9049plLz8k34uxcSeWpnzn13esU5ldfyLWkfM3Jr63ruSX51W07jnhNnIOr6VfiNsXWOd42J7922b5Kw77j/URMmo5HoD+6iizK4xeRvPpryitaUy+OOA96nqhx43B2hcrEb0g+bG20PqATnaLsKdi5/6w9iOzt7cFcTrnN40UyV73KM5s1ymsCOqr3ffzvqVG41tbn3Sz47O6a8px+xmtN+TrfyZvPD+XgR59jGTWbYZFuVBUkse/7T/lmR0ZtAFQNeZSPHhp05vhXtpV5j3xAbL3jX6fZb/L8tYf55Eszo2YNI8ylirzEXaz4/Bv2ZZ9Zb6XsCBl+F/dMG0C4px3FSVtZEu3NH2/34/u//I3VOc3/7fWaPJc3hh/jry8sI81+BE+9/wAdd87jsY9iUCG38PJLUax5+HW227RDr8H38sI5ywceXSYxa+ZYuod6YzDnk7TvJ75ZvJHUSpt20Nz6a2Z+zdm+1fk5EDbmbu6Z3J9Qd8iP/4VF+4N56q4AVj43lx+zL+65i7TTxikFHj1uZPaMkXQN9sLBWEBK7HqWLllHUllr2pU9oSPv5p6pAwhzh/y49Xwd3fCma1u3Z1um2GiOVoyiY5cIiE5oUX00pqikFJzc8NADZztUCiGEEEK0oSZnu1YKnAPD8KSArPTiRrvMKGXAP9AbvTGTnMLGz2JKc7Opcg0k2NsVO70DTt6R+Loayc8pOP+1EC2j+TDlGjv27jrE+7+lUuQTyZM3RBHS2tkONV9u6mNH9O6DvP9bGkW+HXhmUhTBrckv9QT/WbWXV37cw6cnKs6aTLmH8efpvRlin8fqLQd4b3sqed4deXZad3rpWxt81MDZEWVwOPNnr0NdArNAapGP02X6VByyvuXkd/8h42Q4gdd2a32GPvfS9f6n8LBsI+37v5O4ZQ+6a/5Kj9tvwq7B+urxvPYWOLKAxO/eJbc0ioBbXyXIr+Zj06/kHMrBrudUvOxtytxjIl6GdHL37KkOeBVkUKX54eAOjt5BVBXuw1gcjKMvGDx8oCjzzPD0xE+I++Jpjn3+FMmHshtfh7RlJH7zHHGL/kpWhkJlfEf8or8Qt+gvxH/zHBnJ9dLrBhEw1In89f8m+ZfNWENn0+WO+zCcXt+WlK85+bV1Pbc0P80encEVXcj9hPX1omzbuxQY6x2/m5Nfe2xf//voet9juJu3kvb9Pzj52060Hs/R/faZraoXLeJxusyYhkPOCk599yoZpyIJurYHjbL
<p blockindex=31>同样没有进行任何过滤，也没有用占位符查询的方式。同样的，后边的sql语句不用理会，直接被注释掉了。</p>
<p blockindex=32><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABUMAAAJ/CAYAAABSusLOAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOydd3hUx/Ww37ur3nsvgIRAoiN672BsMM3YYNwTlzhOc+I0pzlx7Pzi8rmbxDWYajA2zRgwmCo6QkgI9V5Wq96l3b33+2OFtCrArlghyrzPw/Og3dmZM2fOmZl7plwpLLyfguCKePv6UaYt6W0xBAKBQCAQCAQCgUAgEAgEgmsSHBJGQX5ub4tx06LqbQEEAoFAIBAIBAKBQCAQCAQCgeBGYNPbAggEgpsbh8BgIsL79rYYgh4gIyeLxqKC3hZDIBAIBAKBQCAQCASCG4aNg6NLb8tw0yN0JLiT+dfLrxLu7dnbYgh6gJyyCn777DO9LYZAIBAIbmM8vZ17WwRBD1JRVtfbIggEAoHgCohY1pURO0MFAsFVCff25NefruNcalpviyKwIiOi+vPaYyt7WwyBQCAQCAQCgUAgEAhuKOLOUIFAIBAIBAKBQCC4Tj5472M+eO/j3hZDIBAIBALBNRDBUIFAIBAIBAKBQCAQCAQCgUBwRyCCoQKBQCAQCAQCgUAgEAgEAoHgjkAEQwUCgUAgEAgEAoFAIBAIBALBHYEIhgoEAoGgM47+xAwMxk5RelsSwS2OytYee/vL/+xQ0dmmJBvTNPaoJWF3AoFAIBAIBIKbG9kxlJgBvth3Mb+1WhkKqGxtUYnnMqsi3iYvMBtZAVtJwYDU26Lc1siKChu1jCz3tiSCOxEZF2Lmr2LFrMH4FH3DH5Lzae5toXoQ4W89i6zYM/Unb3D/AOO4oSgVHHj9D2zObJ8uZuXfeXacS0saA2c/+Skfn7nR0t54hP0JegJhVwLB9SP86Pqwtv5Ee1wfQn89iMcwlv5sHu5FZ9m1dh37sxqtlrWMN7HLVrBwbAS+Tvl89bvX2F9jtezveMwOhsqKLYEjZjF7XAyBHjboqwq5FPcde89p0EvGh5xBS//AooHqTr/N2PUqG87prCe14IYjKw7ce+8oHvRpZOu2U2ws7fmAqKzAgAF9GEUpm1JqMEg3pkzP6Hnct2gi0YFuSI1l5Jzfz+YthylokjqkVRExaQFDOM+OI1nIVpBPVnyZ85vfszi0gm/feIkdOSLwbC6yosaj/yL8OEtGWibKDbAXSzBHPlkB+8C7iR45DW9PN9CVUZ3zHSlnfqBWL7VPF3AXA0ZMwcvTE3VzOdWF+0g9/T01OtN0MQxZ8TzuqX/n2NlsM2R0YuhDz/PkOHsy933Gf/adocpETjn2Cd57fCTqDrIr9cd49/k1JHf4XBr6CK89NQaH2mO89cIXpHZZZ/P8qDf8rd+yl3h+9CXeemFtl7J3r0zr1ENWQlj60u+Z4S2T9fWLvLGvClkJZslfX2C6tw2Fu/7Cv3aX9pp8HVFy9/PB1gSa0VFW0Pn7zO9W8/9OqMF9FCsfGW+VMs1B2N+dYX83EjGPuD5C7/o9Tw1L5eNXNpN1C7a/JQTNfYFnJ/m2/q00n2PtS2s7jaW9jaKoCR01h2gS+f507g3xS+FHNz/GOaEfu/76T77VdmyTa+vPkna71dtD2HPvcTU7tRqFu3jrtTLm3beYpT/7Jc7vvM72TOtsJfGa/hCPTvMlZdd6NmcWUVBnlWwFLZh9TN5hwHxWzB+MfX4c327bxfE8B2LmP8hdUXatabKPbmLTpg0t/zay+0IZBkMpGo0IhN76KOh0BvSygeYbtqIkEdE/jHv7u2J7o4oMmsMzz9xDRNN5dqz7gs0/5OI6egU/e3g0jp22pdsSNmoOc0eFW1E+GX2zDp2uCb3BapneIdji1nc+ffr2uUn3Lpshn/t8Rs5cgofhDOlHPyb1Yhb2EQ8TO3FMu2MRKo97iJ29DC/5AlknPuFS8iVswh8kdtoMHK7j+ITDkKU8ON6drG/e4e2tpyio7ZBX2h5Wr/6QDz/cQUqTQtX5LXz44Qes/uQAOV3k129AJA4N9TS4RDAg+EqlmutHt4u/WbcexYVF9Ikeauyf/IcyyC2X3JKbR75WGrSkXUohNSWLsqbOHtCgySA1JZVLWWU3eCeysL/r4ZaxvxuJmEcIzKTs7Ba+WPcpX6z7lG0J5b0tzlWwIXjIdKYOCb1xRwqFH93imKM/S9rtFm8PYc+3NSpJpjorjg1vvssebQBzH7qbMCsdmfcP9MOmMp5vd54g6VIelfLN+ZR7q2LWmCYr0G/QQJyKjvLJ9qNUSxJyUg4qv58xYXAk21MvgiRRV5xOWrHxN/Z95vBwtD3puz7lQIECN9kqp8AyVFITu7+NYzfATRpqsgbBsaMJNSTw8XtfcrZZAk6RLgXwl/njGOlwiqNNPVu+Sirjh7d/yw/A7axnQde49RmLq3yWC/vWozFIwEnKCWLiiMkE2pykoGUC4zlgOi7NcZzbt5Yy2ZhO0+jO1EkzCHbfT0a15WXLigNjpsXiVnqI9/cWdrkSrarOIzEhD1kxMFIG77JMEhKyjF9KHVe2vYnq70VNwhEyYycSOdAVCmstF6wHMc/fbm4/1GVnUzwmhhi7Q2QMG4T3pRTiQvrRr7cFE1wTYX+3J2IeITCXJm0GyVrj//2D7updYW4yhB/d2lhbf7d6ewh7vjNQ6XLZ/tVJxj03kRlDv+GzhOvfQdbY2Az29thbQT5BZ8wKhqokQAalqYG2GxAaqG9UUGS500Ow5DOaZUuGoz++lq3nK0Qg9AYSNX4ML0WW894hAzPHB9LPUaGsRMOmw5nEmQRIZL9+fHivP+cOpGKIjmCSjy26umpOnE7j84yG1iPpcsRANszwaz0WqzQV8spnqZw3PTorefPrRwYxICOBpw61tbcsefLzh4cwKPM8Tx+qBElCVlRERvdl5WBf+rnaoNI3U1hUxIajuSQ0tPwuOJJP5wfh0lpGFJ8/FWUsX5E5sf8Qb2a0pFUUPPyDeXhsEEO8HXAwNJKelcvnxzXk6i23OxsbNejraTDZmlS85y3+cFRFQ8tAJUev5PWfTsS5Vb77efOD+1vku3zXXYt8/ZbxyvOjSPzfBgwTlzA2zIXmylzObV/H5tOa1oBTx+PHVzp2fPnY5Ocb9ExeOpYQp2bKs8+wfd0W4kvbVqBkRU3QuPtYMX84oe421GTHsfm8B08u82H7n15lT3k3dOM1jf6xs/Dx8cFGrqZec5z0U99QVte2xCgrYO8/jwEjp5oc395L6un97Y5vu8X+H2MiEkk6ric4diKuDs00lZwgLW4T2nrZJD9nvAetImrAIJxcnFEZamjQniHzxDqKq43lyoEPM2P2VGxbdfUQMx99qKU9ZDQ/PMGF3BY9ez/A1LvHoT38OUrUCoK8XZHrMyk+9z9SsotbbddzzOvEhp7h5Oa1VF9uo+AfMXNmX/K+/gPp1W11uZZeLJEPtS3I9ehMVm3rkv7NwXQVBsNlndji7OoBlVlUGGid0+hLsmhkEI7uQDeCodCPfn1sqTyVQJ41JkpOMUQFyeQe3E9OwCTuioxG9f3JNps3049609+MX8q4DF3CL5ZNINzVQEXOGbat3dzO36JW/JOfD4rn9T9uJPNyGUMf5v891YcDL/+N7YUW1kMB14jp3Ld4MgOCvLDXl5MTv48vtxylsLm9jPZ1aZyvuJ9BA11xHRREyvFdqPq2r4I5+Vkmnx3hU5awaOpQwn2cUDVVU5wax7bN33Kp6mpGcWMwRz5hf7e//cmKEwPmrmDJlAEEeDij1tVQmn2e3Zs2crKo5464iHlEZ1wnPMNvYzN56+3dlNiM4pE/309Y/Kf8Y2syiu8cfvHTEA7942POmcwT3Acv5sm5Iwl00lGZF8/ebTu4WNEmn6KAc9gk5s8dT4S/B/aGSvKSDrJr9wk0JvkooQt54cfDSdnyFfKoBYwIdkJXnU/i91vYmaBtvbLG7PwUR/pOXsJdYyLxc3dGra+lPP8CP+zYRrzWYJLOjoBRC7h3ymACXKAqO45tyX48ttCH7998k4MVlo2zl68P+PKbJkbPG0Owi56qvAT2fbOdxArTcm0JHn03c8
<p blockindex=33>至此，已经可以确定存在SQL注入漏洞。</p>
<h2 blockindex=34>四、环境搭建</h2>
<p blockindex=35>环境搭建部分，这里就不重复了，奇安信攻防社区有很详细的安装过程。直接参考即可。</p>
<p blockindex=36>传送门： (通过代码审计某友获取CNVD高危证书)[<a href=https://forum.butian.net/share/3058>https://forum.butian.net/share/3058</a>]</p>
<p blockindex=37><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABLYAAAJ+CAYAAACuDYl2AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzde3wU9bk/8M9sQkKAAEJCICRcQgIhidyiEFQ0ChKqIio9oPVIE2o9gtiKObYcSrFNldJjaXqh6uGnQG29YEutopYgYESFIEQuJuGSEC6BSEi4hiTktvP7Yy47szOzO7u5Efi8Xy9aMzuX78zOzs732ef7jCCKoggfNTtF1NY1oqHR6euiRERERERERERErSLQl5lFEaita8SVhua2ag8REREREREREZEttgNboghcutyApmZmaRERERERERERUcezFdhyOkVcvNwAp9PnUYtERERERERERERtwmtgq6nJiUs1DbBbiSuoiwOBAQ44HAIEQYAgAE5RhOgEmp1ONDY60dyeATJBAACITicE+b+JiIiIiIiIiKjz8xjYEgFU1zZ6DWoFBAjoHtIFXQIdXjYXAIRIGWB19c24Ut/kW2t9IAiAKIrSTgAMahERERERERERXWMET09FvHS5AY1N1jW1BAHoFtIFXYMC/Np4s1NETW2jx234ToAoimAci4iIiIiIiIjo2mYZ2LrS0Iya2kbLBR0CENojGIEBLY8g1dQ14kp9Kz1pURTBqBYRERERERER0bXPdCiiCKC2zjqoFeAQ0DM0GI5Wih91D+mCAIcDNR62aRuDWkRERERERERE1wXTolh1dU2WdbUEAegZGtRqQS1F1+AAdA32b0gjERERERERERFdfwyBrWaniDoPRd179giCo42yorqHdGmVoY1ERERERERERHTtMwS26j3UuuoWEojAAG9PPmyZ0O5BfowmZDCMiIiIiIiIiOh6Y6ix1dBoHtgSBCAk2LQkFwDgww8/xAcffIA+ffpg3rx5GDx4sF8NcjgEhAQHovaKddaYkWbcZNVHyJySiVwAwLNYu/cJ3OhXS64me7FmzMNYeecK5GTfi7B22GLVxqeQtmgLFrxxEBmj2mGDV4HKT36CZ14HMv70v5gS7m3mjXj+6VdRMuUFvPl4Uru0z3cFWP3wEmzRtLHotQfw4mbNLJbtP4PNS57AmhLXlMlL/4W5CZ7n8bjeolfwaFaOjW0TERERERER2aOLVDU7RTQ7zYtrdQvpYrmSv/71r/j5z3+u/v3hhx/i3//+N6Kjo/1qVHBQgI+BLZkS1PrRO8ifO8avbV935GOWdA0HsL5ZHY/0b7wFBQuw4fXDQOyTGO0tqNVJVH7yBrYAmHyLK6iVd8u/8Objygwb8fzTS/DosSfx+xemwbXbckAs9kn8/h1peuUnP8EzWQ8AhuAWgFj35c3a8hM88/phTXBM2oZx20RERERERET26cYVNjRYD0PsGmRe2L2pqQm//vWvER4ejj/84Q+YN28eLl++jJUrVwIAli1bhtmzZ5v+U+YxNMohoEug70Meq3Z/jFwAC25iUMsu5Zi5C5v2Z+TvvRaCXXux+482Ziv6XAoCfe9aCbKcwb7PpEDddDkQlfC4W1AqfBpmTwFQshX7Kl2TpYDYcGT82HUswu/+b2TEAlve2gjXrGdwogTAkCgvx0wOGk55QbP9JMxdmgaUvIoNRS3bUyIiIiIiIrp+6TK2mprNs7U8BZkuXryI2tpajB07FjNmzEBycjJeeeUVlJWVAQAOHDiAnTt3mi7bv39/y/UGBwWgscnpdQeIWu4MNr+VAyANKe7ZSJ1V0XqsKQFifzDOY9ApfPBwtymugJg+c60fRt8xHHh9K/ZVTvM+VFOr8iSOm258KGIBHD91Bkjo58MKiYiIiIiIiCS6iJVTNA9sBXh4UmHfvn0xcOBA7NixAy+88AJmz54NABg3bhwAYPHixXj77bdN/z399NOW6w3qYp4hZqrqI2SOiUfaoi0AgJVz4pE8Jh7Jq/ca5knW/MvcWOm2or1YMyYeyQs/QtX+Vep8a/ZLw9mSxzyFnCrzbWu3VbXxKbfllH+u5a2meye30XLZSuQsjEfymFX4xn1ReZ8yN1Z6PWbafdDtrjzdcvva46E5hob3w4wfy+qPo34+6bWHsRIAPs1EmtWxrvwan5cAsT+YCV1cq+gVPPrwA+q/5z85Y95ut/keXaLNarKY5+EHsFqXqVSA1cqymnm18xS9pl/+0dcKLA9l0XYpUDf7bs8Bo8rjhwEMRaQSqFKOxR3GgFj4wKEADuPzvRbHwUp4FAYDwLGT+uNSeRQlAAYPZFCLiIiIiIiI/KPL2HJa1NcKcHgeFrhixQp8//vfx2uvvQYASExMxLx58wAAI0eO9KthPj0ZMexerNh7r2XBc+30Fcr0qo+QOWUSknNMai99mok0rEDO3oPq9G92+74PK+fEY8EbB5G/F1AKwC+eEo/FAFKXf478veGQAlGTsHjKU8DmPyPNU2X4TzORNmYylm0+iPww+LasOy/HzEzVxqfwa/wC+Xv/LE9Rtr8Kke5F+v/4MJLv1BzD/auQPOdhJMNG/TNby8rb/lTzgICqj5A5xTXfjXMPIn+u98L7Re+/ihIMR8YYV4DFVUj+X2p2UuUnr2Bz5Tx9ttJmuU7UO/+SAkFFr+DRrFfxzGtRrsLoRa/g0e2T8OY781zbfO0BvJj1EwxyL1Rf8iqeeUuzPgCuIu1p+Nk786Tgm1IfCyYF2Cs3Yt1mAFMmwVMCWuUnP8GLm4HJS+e55pODTbFmC8gZVq4VSJlYsYO9BaakYYdbsl7Fyk/G4Zd39wNQgNVZOW7DE4mIiIiIiIh8o8/YsghsORyeo0wpKSnYvHmzmon1z3/+E927d2+9VrbE/lVIW7QFqcs/1wduwu7FijeeBT7NxK8NmVuTsexnrfD0wR+9o9nmGExfPln6zztX4H+mqdWLkJbxLIAt2LTbkOdjsOANbQArHGnZ72ABtmDxix/BdtKXn8Km/RkrpmmjMErbf4fd+93nfhZrtYGkUQ9i2Z0A/viVMZPMwPuyVRt/gcWfTsayzZqAWti9+J/lk4E/PmzINLNWgLzNAGLv0gy9UwrJ36Ubjhd+9zyTIXhp+Jm2+HnCTGTEAtj8OdRkq4R5huBTwownEWua/aSvbQUAlZ/8FmtKhiPjT5oAVPg0LPjBcGDzErfML6By71aUwFU03uUMNi9xZXw989ld+P07JsXg4VsWVcnrT3jIRFN2eB7eXJqmmVf/tEYiIiIiIiIif+gytgQAZqEtb4EtAIiOjvb7KYht6ZvdvwMwGVNvMikKNGo8FgBYmfMVqqZpAil33oPkFke1jEXswyJHA9iC1LTx+qBZ5ECk2lnhnSsw3ZBVNQY3/QjAH0/hW6DlwThf7F+F5Dm/AwAUlFcCozTH+Efj9RlcCEfkjQA+3YfyKuBGTw31uuxebFi0BfjRO4YsNeUYG9pjxVPR+JKjqAQ8F0Y3ZEX1Q+QQadnySiDBbOHKjXj+6VdRAgDHzwDQBJHcgmnawuvuQTVlaKC+RpWxaLy2bVNe+BemKH/KQx7tPNXQVPg0/PKdabpJUibaAzj+g1VyZpbUJinjbLgmA06a9ujDw5HhnrVGREREREREZJMusOVwCGg2ydpyOp1AgA81r0xcuXIFf/nLX5CXl4fBgwfjsccew7Bhw1q0Tu8qUf4NAIxGpGkgZSAi72zjJrQbGwGjlqr6CJlTMk2fotiuqk6hAJCGLNp54qElq6LxSUiZAmzZnIMXH5aGy7Uss6gAqx9egi3+LKoUXt+8BI9utjG/zaLxAOQsKuBR3RBBib8F3RMeX4WMY09gzeu/xeYxUsBKyjgDJi/VBrD6YcoLL+DEw0uw5g8bMdqfwBoRERERERFd9/QZWw4BMA1stXxDc+fOxfbt29W/33zzTWzatAlDhw5t+cqpHezFGjWo5V7XKrNjmvQjG/W6PLEqGg9NgKYErqCSXwGuM9i8RAlqabOTfAx22dy23aLxqoRJmIwcbFEyx9zraGnJ9bcmexymKD89seQwTlQCCJczyEyfOKkEEP140iIRERERERER3GpsOSwqtjc2WUe2Tp8+jdmzZ1v+Ky4uRmlpKbZv347
<h2 blockindex=38>五、漏洞复现</h2>
<p blockindex=39><a href="http://192.168.45.148/ebvp/advorappcoll/complainbilldetail?pageId=login&amp;pk_complaint=1">http://192.168.45.148/ebvp/advorappcoll/complainbilldetail?pageId=login&amp;pk_complaint=1</a>'waitfor+delay+'0:0:10'--</p>
<p blockindex=40><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABYQAAAKjCAYAAACtJQtCAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd1hUZ9o/8O8gTcUCAkYTRKpgQeygEmNBRd0scc1rFDf2uhqTiBuzGw1Gf9ebvPYUDQYTdTWa6BrdFRFQ14LAKvYC0hTRGAXBKCowwPn9MYUZpjANZoDv57q4NpzzzPPcZw66jzf33EckFouF0tJSlJWVoSGzs7ODvb292nO8Psun7fqIiIiIiIiIiIjIcEuXLsXEiRNhb28PK7FY3OCTiQBQVlYGsViscpzX1zBouj4iIiIiIiIiIiIyHavy8nJzx2Ay6q6F19dwNKZrISIiIiIiIiIiskTWlZWV5o7BZNRdC6+v4WhM10JERERERERERE1LaWkpcnJyUFZWhubNm8PT0xN2dnbmDkuFtSAI5o7BZNRdC6+v4WhM10JERERERERERE2DWCxGfHw8zp07p1TwaG1tjeDgYIwYMQLW1tZGrZGXl4erV68iICAA7u7uRs1lXCREFuTJkyf45Zdf8NZbb6Ft27bmDoeIiIiIiIiIiBo5sViMbdu2IT8/Hz4+PujZsyfatWuHwsJCXLp0CWfOnMG9e/cwbdo0g5PClZWV2LlzJ0pLS3H58mX87W9/Q7NmzQyO2crgV0oJwnF86Pwhjjey6k4h91uEOTvDWfYV9i1yG9E1CkIuvg1TuL4Pj5s7JKM9fPgQ2dnZePjwoblDISIiIiIiIiKiJiAuLg75+fkYPXo0pk2bhl69eqFTp07o3bs3ZsyYgeHDh+P27ds4duyYwWuIRCJ5ArhZs2YQiURGxWxUQjj32zC4uEzETqNCsDyCkIvov2QisqAAhYWFKCg4h9X4BP2XnDB3aCZzYslfgG9k1/cT3t05EWHf5po7LCIiIiIiIiIiogbh+fPnOH/+PLp06YKQkBCV8yKRCEOHDoWnpydSUlJQWlpq0DpWVlaYOXMmhg8fjpkzZ8LKyrgaX4NfffxDZ/TPjETBudXoZ1QIlkck8sS8uPUYLs22i0SemBv5LrAzttFUQg9fH4d5nrLrG46x75o5ICIiIiIiIiIiogYkJycHVVVV6NWrl8YxIpEIvXr1QkVFBe7cuWPwWu3bt8ewYcPQvn17g+eQMTghPHx9IQrXDzdqcWdnZ63fW5LbWelAP1946PGahnJ9Qu63WLuzH/44Up+razjXR0REREREREREZGolJSUAAFdXV63jXFxcAEgqio2h+MA6Y5j1oXKFhYVwdnZW+l9LJAjH8fUn59Fv9Tfw1KNHhyVfnyAcxxJ5u4938VPBEXlFtK7MeX1PnjxBcXGx0jFZ7+CHDx/C1tZW6ZyjoyMfNEdERERERERERCbTsmVLAEBBQYHWyt2CggIAQIsWLQxea//+/bh06RJ69eqFCRMmGDwPYOaEMACLTJYqEo5/CJeJO9Fv9TnEzfPU+/WWen0i0XCsLyzEekgqhMe4uGCtAddorus7cOAAcnJy1J6Lj49XOebl5YUZM2bUdVhERERERERERNREeHp6wsrKClevXkX37t01jrt69SqaNWuGzp07G7RORUUFLl26BAC4dOkSwsPDYW1teFrX7AlhS62gBSR9kifu7IfV5wrk/Xb1ZcnXJyPynIdvVh9C/0MJyJ07V68qaHNd3/jx41UqhPPz8xEfH49Ro0bBzc1N6Zyjo2O9xUZERERERERERI1fq1at0KtXL1y4cAH//e9/MWDAAJUxZ86cQVZWFoKDg9G8eXOD1rG2tkavXr3kFcLGJIMBMyeEFZOIlpY0Pf6hMyamr8a5Av0SpIos+fpMwZzX17ZtW5UWEOXl5QAkTbY9PPTrh0xERERERERERKQPQRAgkuYN//WvfyE7OxuBgYFwdnZGQUEBLly4gMzMTLi5uWHUqFFGrTVhwgS89dZbaNasmdFxm72HsLbvzUX2kLXV5wxPBgMWfH3CcSwZk4WFRyTXZ0yPZG3fExERERERERERNUaCIODgwYNIS0tD3759IQgCLl26hJs3b8rHWFlZYcCAAQgLC4ONjY3Ra5oiGQxYQMsIy3Uen/R3wSc1jr77UwHWDzc8SWwJRKLhWBcZK3/CISC5rrgGfl1ERERERERERER1rWYyODw8HCKRCKGhobh9+zaeP3+Oli1bwsvLS/7gOWM9fPgQN27cQLdu3bQ+wE4XRieERZ7zENfICkMl1zTP3GHUKdHw9SgsXG/uMIiIiIiIiIiIiBoMTclgQNJTOCAgwORrVlVVYdu2bXj+/DlSU1OxbNkyWFlZGTyf4a8ksjDt27eHt7e30b8lISIiIiIiIiIiqklbMriu162srAQAVFZWQhAEo+ZjywhqNNq2bYvp06ebOwwiIiIiIiIiImqEbt26Ve/JYEDSO/jdd9/F1atXERAQYHQvYWuRSGR0VtlSqLsJvL6Go77+EBEREREREREREenL09MTf/7zn9GlS5d6z2O5u7vD3d3dJHNZmerpdJZA3bXw+hqOxnQtRERERERERETUuNja2sLPz6/BFzVa2dramjsGk1F3Lby+hqMxXQsREREREREREZElsraxsYGdnR3KysrMHYtR7OzsYGNjo3K8qVyfw5I36j8oE6v4JtXcIRARERERERERETVq1gBgb2+PZs2aoby83CRPqqsvIpEIzZo1g62trdpkqUxTuL6XG8+g+fsh9Rid6bzceEbr9REREREREREREZFpWMv+w8bGplEn5ZrC9TXUCtvGe1eIiIiIiIiIiIgsi5W5AyAiIiIiIiIiIiKi+mF9+cZNc8dARERERERERERERPXAOrBbV3PHQERERERERERERER1ZLfCf7NlBBEREREREREREVETwYQwERERERERERERURPBhDARERERERERERFRE8GEMBEREREREREREVETwYQwERERERERERERURPBhDARERERERERERFRE8GEMBEREREREREREVETwYQwERERERERERERURPBhDARERERERERERFRE2Gt88C/BNVlHBat4ptUrefLSktxOzsbT4qKUFZWZvR6dnZ2aOvkBA9vb9jZ22scJxaL8ejRI5SUlEAsFhu9bkNmY2MDBwcHuLq6wsbGRuM4U98rU2oM913X+0BERERERERETcvNmzfRtWtXc4dB0DEh3JSTwYDk+jUlhctKS3Hx3Dm4de4MX39/2NrZGb1eeVkZfr1/HxfPnUPv/v3VJgfFYjFyc3Ph7OyMjh07Nvnkm1gsRlFREXJzc+Hp6an2/aiLe2VKjeG+63IfiIiIiIiIiKhhuH37No4cOYLCwkJ07twZf/jDH+Dk5GTusBq1Fy9eICMjAxkZGXjw4AFKSkoAAA4ODujQoQP8/Pzg5+eHFi1aGLyGSCwWC9oGNPVksCJ1SeGM69fRqnVruHt6mny9vNxcPHv6FH7du6ucu3//Ppo3bw5XV1eTr9uQPXr0CC9fvsSrr76qcq4u75UpNYb7ru0+EBEREREREZHlu3HjBn766SdUVlbKj7Vs2RIzZszAK6+8ovd8rBDWTiwWIykpCUlJSSgtLdU61t7eHoMHD8bgwYN1LsZbunQpJk6cCHt7e91bRpB6T4qK4OPvX+u4ly9f4sqVKygpKUGrVq3Qs2dP2GtpCwAAr7z6KvLv3FF7rqSkBB07djQk5EbN0dERBQUFas/peq/MrTHcd233gYiIiIiIiIgs2/Xr1/HTTz+hqqoKQ4YMwYABAxAbG4sbN27g+++/NzgpTOo9efIEu3btwoMHDwAAPj4+6NGjBzp37oxWrVoBAJ49e4Y7d+7g2rVryMrKwrFjx3Djxg1MmTIFbdu21Ws9JoSNVFZWBjsdWg/88ssvuHLlivz7zMxM/PnPf9b6Gjs7O419bsViMT+Or4aNjY3Gvrq63itj3b9/H4Ig4LXXXjPo9ZZw3588eQIAev+FIqPtPhARERERERGR5bp27Rp+/vlnVFVVYfjw4Rg2bBgA4J133sHevXtx48YN7Nq1C4sWLaqXPEtj9+TJE0RHR+Pp06dwdn
<h2 blockindex=41>六、总结</h2>
<p blockindex=42>该SQL注入漏洞主要是因为系统未对<code>pk_complaint</code>参数进行任何过滤，导致sql注入漏洞。经过我的分析，这个接口很有可能是被作者忘记了，因为其他接口基本都采用占位符的方式进行查询，可以有效的防治SQL注入漏洞。</p></div></div>
 </div>
 <div class="post-opt mt-30">
 <ul class="list-inline text-muted">
 <li>
 <i class="fa fa-clock-o"></i>
 发表于 2024-08-07 09:45:26
 </li>
 <li>阅读 ( 1121 )</li>
 <li>分类：<a href=https://forum.butian.net/articles/Web2 target=_blank rel="noopenner noreferrer">Web应用</a>
 </li>
 <li><a href=# class=report_btn data-source_type=vulnerabilities_article data-source_id=503 data-toggle=modal data-target=#send_report_model><i class="fa fa-flag-o"></i> 举报</a></li>
 </ul>
 </div>
 </div>
 <div class="text-center mt-30 mb-20">
 <button id=support-button class="btn btn-success btn-lg mr-5" data-loading-text=加载中... data-source_type=article data-source_id=503 data-support_num=0> 0 推荐</button>
 <button id=collect-button class="btn btn-default btn-lg" data-loading-text=加载中... data-source_type=article data-source_id=503> 收藏</button>
 </div>
 </div>
 
 <div class="widget-answers mt-15">
 <h2 class="h4 post-title">0 条评论</h2>
 <div class=comment>
 </div>
 
 <div class="widget-comment-form row mb-20">
 <form class=col-md-12>
 <div class=form-group>
 <textarea id=comment-content name=content placeholder=写下你的评论 class=form-control value></textarea>
 </div>
 </form>
 <div class="col-md-12 text-right">
 
 <button type=submit data-token=sKaWQokrOTC3iA9XXzaH65D8iBGicq4jNmsDOLZX data-source_id=503 data-source_type=article class="btn btn-primary btn-sm ml-10 comment-btn">提交评论</button>
 </div>
 </div>
 
 <div class=text-center>
 
 </div>
 </div>
 </div>
 <div class="col-xs-12 col-md-3 side" style=display:none>
 
 
 </div>
 
 </div>
 </div>
</div>
<footer id=footer>
 <div class=container>
 <div class=text-center>
 <a href=https://forum.butian.net/>奇安信攻防社区</a><span class=span-line>|</span>
 <a href=mailto:butian_report@qianxin.com target=_blank rel="noopenner noreferrer">联系我们</a><span class=span-line>|</span>
 <a href=https://forum.butian.net/sitemap>sitemap</a>
 </div>
 <div class="copyright mt-10">
 Copyright © 2013-2023 BUTIAN.NET 版权所有 <a href=https://beian.miit.gov.cn/#/Integrated/index>京ICP备18014330号-2</a>
 </div>
 </div>
</footer>
<div class="modal fade sf-hidden" id=sendTo_message_model tabindex=-1 role=dialog aria-labelledby=exampleModalLabel>
 
</div>
 <div class="modal fade sf-hidden" id=send_report_model role=dialog aria-labelledby=exampleModalLabel>
 
</div> <div class="modal fade in sf-hidden" id=payment-qrcode-modal-article-503 tabindex=-1 role aria-labelledby=exampleModalLabel aria-hidden=false>
 
</div> 
 
 <div style="display:none;position:fixed;top:40%;left:50%;z-index:9999;transform:translate(-50%,-50%);padding:3px 15px;border-radius:8px;background:rgba(120,120,120,0.7);box-shadow:1px 1px 3px 1px rgba(160,160,160,0.6);text-align:center;font-size:12px;color:#fff"></div><div id=windowLoading class="modal fade sf-hidden" tabindex=-1 role=dialog>
 
 </div>
 
 
 
 
 
 
<span id=cnzz_stat_icon_1279782571></span>
<div class="geetest_panel geetest_wind" style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
 * Pico.css v1.5.6 (https://picocss.com)
 * Copyright 2019-2022 - Licensed under MIT
 */#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c