admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-11-06 03:03:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/books/ofbiz目录遍历致代码执行漏洞(CVE-2024-32113)分析.html

355 lines
2.7 MiB
HTML
Raw Normal View History

Update README.md
2024-06-27 08:44:44 -07:00
<!DOCTYPE html> <html lang=en style><!--
Page saved with SingleFile
url: https://xz.aliyun.com/t/14733
--><meta charset=utf-8>
<title>ofbiz目录遍历致代码执行漏洞CVE-2024-32113分析</title>
<meta name=description content=先知社区,先知安全技术社区>
<meta name=viewport content="width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no">
<style>/*!
* Bootstrap v2.3.1
*
* Copyright 2012 Twitter, Inc
* Licensed under the Apache License v2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Designed and built with all the love in the world @twitter by @mdo and @fat.
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}footer{display:block}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}img{height:auto;vertical-align:middle;-ms-interpolation-mode:bicubic}input{margin:0}button{-webkit-appearance:button}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:20px;color:#333}a{text-decoration:none}a:hover,a:focus{color:#005580;text-decoration:underline}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}.container{width:940px}.span10{width:780px}.container{margin-right:auto;margin-left:auto}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}p{margin:0 0 10px}strong{font-weight:bold}.text-right{text-align:right}.text-center{text-align:center}h2,h3,h4{margin:10px 0;font-family:inherit;font-weight:bold;line-height:20px;color:inherit;text-rendering:optimizelegibility}h4{font-size:17.5px}ul{padding:0}hr{margin:20px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}pre{color:#333;-webkit-border-radius:3px;-moz-border-radius:3px}pre{display:block;margin:0 0 10px;white-space:pre-wrap;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px}input{font-weight:normal}input{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}input[type="text"]{display:inline-block;padding:4px 6px;margin-bottom:10px;font-size:14px;line-height:20px;vertical-align:middle;-webkit-border-radius:4px;-moz-border-radius:4px}input{width:206px}input[type="text"]{background-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999}input{margin-left:0}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear}.collapse{position:relative;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.btn{text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-repeat:repeat-x;border:1px solid #ccc;border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1px 2px rgba(0,0,0,0.05);-moz-box-shadow:inset 0 1px 0 rgba(255,
<style>/*! Editor.md v1.5.0 | editormd.min.css | Open source online markdown editor. | MIT License | By: Pandao | https://github.com/pandao/editor.md | 2015-06-09 *//*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
*/@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*! github-markdown-css | The MIT License (MIT) | Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com) | https://github.com/sindresorhus/github-markdown-css */.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;overflow:hidden}.markdown-body *{-moz-box-sizing:border-box}.markdown-body a:active,.markdown-body a:hover{outline:0;text-decoration:underline}.markdown-body>:first-child{margin-top:0 !important}.markdown-body>:last-child{margin-bottom:0 !important}.markdown-body img{-moz-box-sizing:border-box}/*! Pretty printing styles. Used with prettify.js. */@media screen{}@media screen{}</style>
<style>/*!
* Bootstrap Responsive v2.3.1
*
* Copyright 2012 Twitter, Inc
* Licensed under the Apache License v2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Designed and built with all the love in the world @twitter by @mdo and @fat.
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}@-ms-viewport{width:device-width}@media(min-width:768px) and (max-width:979px){}@media(max-width:767px){}@media(min-width:1200px){.row{margin-left:-30px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:30px}.container{width:1170px}.span10{width:970px}input{margin-left:0}}@media(min-width:768px) and (max-width:979px){.row{margin-left:-20px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container{width:724px}.span10{width:600px}input{margin-left:0}}@media(max-width:767px){body{padding-right:0px;padding-left:0px}.container{width:auto}.row{margin-left:0}[class*="span"]{display:block;float:none;width:100%;margin-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.modal{position:fixed;right:20px;left:20px;width:auto;margin:0}.modal.fade{top:-100px}}@media(max-width:480px){.nav-collapse{-webkit-transform:translate3d(0,0,0)}.modal{top:10px;right:10px;left:10px}}@media(max-width:979px){body{padding-top:0}.navbar .container{width:auto;padding:0}.navbar .brand{padding-right:10px;padding-left:10px}.nav-collapse{clear:both}.nav-collapse.collapse{height:0;overflow:hidden}}@media(min-width:980px){.nav-collapse.collapse{height:auto !important;overflow:visible !important}}</style>
<style>li{line-height:26px}a:hover{text-decoration:none}.post-user-action>span{margin-right:10px;line-height:21px;border:0}.post-user-action .i-seprator{color:rgba(0,0,0,0.1);margin:0 2px}.navbar .brand{padding:0;height:50px;margin-left:0;display:inline-block !important;background-repeat:no-repeat;width:120px;background-size:207px 50px;background-image:url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjEuMCwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IuWbvuWxgl8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgODAwLjQgMTMwLjQiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMC40IDEzMC40OyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+Cgkuc3Qwe2ZpbGw6IzM3M0Q0MTt9Cjwvc3R5bGU+Cjx0aXRsZT7lhYjnn6XmioDmnK/npL7ljLo8L3RpdGxlPgo8Zz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iMCwxMjEuNCAwLDI3LjMgNTYuMywyNy4zIAkiLz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iODkuOSw4LjQgODkuOSwxMDIuNSAzMy41LDEwMi41IAkiLz4KPC9nPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjcsNTguNGMtMi4zLTEuNC00LjctMi45LTcuMi00LjVjNi02LjksMTAuNy0xNi4yLDE0LjEtMjcuOWw4LjMsMS43Yy0wLjcsMS42LTEuNiwzLjktMi44LDYuOQoJYy0wLjcsMi4zLTEuMywzLjktMS43LDQuOGgxNy41VjI0aDguM3YxNS41aDI5LjZWNDdoLTI5LjZ2MTUuMWgzNC43VjcwaC0yNi41djIxLjNjLTAuMiwzLjQsMS42LDUsNS41LDQuOGg3LjIKCWMzLjIsMC4yLDUuMy0xLjMsNi4yLTQuNWMwLjItMS40LDAuNS00LjEsMC43LTguM2MwLDAuNywwLjEtMC4xLDAuMy0yLjRsNy42LDIuOGMtMC4yLDQuMS0wLjcsNy45LTEuNCwxMS40CgljLTEuNiw2LTUuOCw4LjgtMTIuNyw4LjZoLTEwLjdjLTcuNiwwLjItMTEuMi0zLjItMTEtMTAuM1Y3MC4xaC0xNS44djMuMWMwLDE1LjQtOS4xLDI2LjQtMjcuMiwzM2MtMS40LTIuMS0zLTQuNi00LjgtNy42CglDMTM1LjEsOTQsMTQzLDg1LjQsMTQzLDcyLjhWNzBoLTIyLjd2LTcuOWgzOC41VjQ3aC0yMS4zQzEzNS41LDUxLjEsMTMzLjIsNTQuOSwxMzAuNyw1OC40eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMjEzLjIsNTQuNmMtMC41LTAuMi0xLjItMC43LTIuMS0xLjRjLTEuOC0xLjQtMy4yLTIuMy00LjEtMi44YzQuOC04LjksOC4xLTE3LjksMTAtMjYuOGw3LjYsMS40CgljLTAuNSwxLjgtMS4zLDQuNC0yLjQsNy42Yy0wLjIsMS4yLTAuNSwyLTAuNywyLjRoMjQuMXY3LjJoLTEyYzAsOC43LTAuMSwxNC45LTAuMywxOC42aDE0LjFWNjhoLTE0LjhjMCwyLjMtMC4yLDQuNS0wLjcsNi41CgljMS42LDEuNiwzLjgsNCw2LjUsNy4yYzQuNiw0LjgsOCw4LjYsMTAuMywxMS40bC01LjgsNS4yYy0wLjktMS4yLTIuMy0yLjgtNC4xLTQuOGMtMS44LTIuMy00LjgtNS44LTguOS0xMC43CgljLTIuNSw3LjgtOC40LDE1LjUtMTcuNSwyMy4xYy0yLjMtMi44LTQuMS00LjgtNS41LTYuMmMxMS4yLTguOSwxNy4zLTE5LjUsMTguMi0zMS43aC0xNy4ydi03LjJoMTcuNWMwLjItMy45LDAuMy0xMC4xLDAuMy0xOC42CgloLTYuOUMyMTcuMSw0Ni4zLDIxNS4zLDUwLjQsMjEzLjIsNTQuNnogTTI1MS40LDEwMi43VjMxLjloMzUuOHY3MC41aC04LjN2LTcuNmgtMTkuNnY3LjlDMjU5LjMsMTAyLjcsMjUxLjQsMTAyLjcsMjUxLjQsMTAyLjd6CgkgTTI1OS4zLDM5LjR2NDcuOGgxOS42VjM5LjRIMjU5LjN6Ii8+CjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yOTcuMiw4MS4xYy0wLjItMC45LTAuNi0yLjMtMS00LjFjLTAuNy0xLjgtMS4yLTMuMi0xLjQtNC4xYzkuMi02LjIsMTYuNC0xNC4zLDIxLjctMjQuNGgtMTkuNnYtNi45aDI3LjV2Ny4yCgljLTIuNSw1LjUtNS40LDEwLjQtOC42LDE0Ljh2NDIuM2gtNy42VjcyLjFDMzA1LDc1LjEsMzAxLjQsNzguMSwyOTcuMiw4MS4xeiBNMzExLjcsNDAuNWMtMC4yLTAuNS0wLjYtMS4xLTEtMi4xCgljLTIuOC02LTQuNi05LjctNS41LTExLjRsNi45LTMuMWMwLjcsMS4yLDEuOCwzLjMsMy40LDYuNWMxLjYsMywyLjgsNS4yLDMuNCw2LjVMMzExLjcsNDAuNXogTTMyNi44LDgwLjcKCWMtMS42LTIuMS00LjctNS42LTkuMy0xMC43Yy0wLjItMC4yLTAuNS0wLjUtMC43LTAuN2w0LjgtNC41YzIuMSwxLjgsNC45LDQuNiw4LjYsOC4zYzEuMSwxLjIsMS45LDIsMi40LDIuNEwzMjYuOCw4MC43egoJIE0zMjguNSw1Ni42VjQ5aDE4LjZWMjQuM2g4LjN2MjQuOEgzNzV2Ny42aC0xOS42djM5LjJoMjIuNHY2LjloLTUzdi02LjloMjIuNFY1Ni42SDMyOC41eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzg5LjgsMTAxLjRWMjkuMUg0NjJ2Ny42aC02NC4zdjU3LjhoNjUuN3Y2LjlIMzg5Ljh6IE00NTAuMyw5MC40Yy02LjItNi42LTEyLjYtMTMtMTkuMy0xOC45CgljLTYsNS43LTEzLjQsMTIuMy0yMi40LDE5LjZjLTEuNC0xLjYtMy40LTMuOC02LjItNi41YzguMy01LjcsMTUuOC0xMiwyMi43LTE4LjljLTYuOS02LjQtMTMuOC0xMi43LTIwLjYtMTguOWw2LjItNS4yTDQzMSw2MC4yCgljNS41LTYuMiwxMC45LTEyLjgsMTYuMi0yMGw3LjIsNC41Yy01LjcsNy42LTExLjYsMTQuNC0xNy41LDIwLjZjNi45LDYuNywxMy42LDEzLDIwLjMsMTguOUw0NTAuMyw5MC40eiIvPgo8L3N2Zz4K)}.brand-box{position:absolute}.related-section{min-height:42px;padding:5px 0;margin-top:25px;border-top:1px solid #eee}.related-section>.related-
<style>a{color:#778087}.topic-list p{margin:0}.topic-content{min-height:40px}.collapse form{position:relative;width:300px;float:right}div.search{padding:10px 0}.d1 input{height:20px;padding-left:18px;border:1px solid #ddd;border-radius:15px;outline:0;background:#fff;color:#9e9c9c;float:right}.vote{font-weight:normal;margin-left:6px}.topic-list{word-break:break-all;word-wrap:break-word}ul{margin:0 0 10px 0}/*!*border-bottom: solid #eee 1px;*!*/.user-info{padding:5px 0 5px 0}.topic-info a,.topic-info{padding-top:5px}.topic-info a:hover{text-decoration:solid}.reminder{min-height:200px;border:1px #ddd solid;border-radius:3px;line-height:200px;text-align:center}</style>
<style>body{background-color:#eee}form{margin:0 !important}a:focus{text-decoration:none}.box ul,ol{margin-bottom:0px !important}.box a:hover{text-decoration:none}.box-container>ul>li{list-style-type:none}#Wrapper .row.box{margin-left:0px}.navbar-inner{border-radius:0px;min-height:40px;padding-right:0px;padding-left:0px;outline:0;margin-bottom:0;list-style:none;z-index:1050;background:#fff;-webkit-box-shadow:0 1px 4px rgba(0,21,41,0.08);box-shadow:0 1px 4px rgba(0,21,41,0.08);line-height:46px;-webkit-transition:background .3s,width .2s;-o-transition:background .3s,width .2s;transition:background .3s,width .2s}.bs-docs-footer{text-align:left;color:#99979c;height:64px;background-color:#FFF;border-top:1px solid rgba(0,0,0,0.22);line-height:64px}.bs-docs-footer .links>a{display:inline-block;padding:0 12px;border-left:1px solid #e8e8e8;color:#8c8c8c;line-height:1}.bs-docs-footer .links>a:first-child{border-left:0}.box-container .user-info{margin-bottom:10px;background:#fff}.content-title{font-size:24px;color:#333;text-decoration:none;line-height:24px;text-shadow:0 1px 0#fff}.markdown-body h2{border-bottom:0}.box-container{padding:20px}.breadcrumb{padding:8px 10px 8px 15px;margin-bottom:10px;border-radius:0;color:#000;background-color:#fff}.breadcrumb>li{text-shadow:none !important;margin:2px 0px}.active{text-shadow:none !important}.breadcrumb .active{color:#555;display:inline-block;text-shadow:none !important}.label{background-color:#f4f4f4;line-height:12px;display:inline-block;padding:4px 4px 4px 4px;-moz-border-radius:2px;-webkit-border-radius:2px;border-radius:2px;text-decoration:none;text-shadow:none;font-weight:normal}.topic-info{color:#999 !important;font-size:12px !important}.topic-info a{padding:0px;color:#555 !important;font-size:12px !important}.topic-info a:hover{color:#4d5256;text-decoration:underline}.topic-info .cell{padding-left:0 !important;margin-left:0px;font-size:10px;font-weight:bold}.markdown-body img{max-width:90% !important;text-align:center;margin-left:auto;margin-right:auto;display:block;padding:10px 0px 10px 0px}.topic-info span{margin-left:0px;font-size:10px;color:rgba(0,0,0,0.45)}.btn{display:inline-block;padding:4px 12px;margin-bottom:0;font-size:14px;line-height:20px;background-color:#f4f4f4;color:#444;border-color:#ddd;font-family:"Helvetica Neue For Number",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"PingFang SC","Hiragino Sans GB","Microsoft YaHei","Helvetica Neue",Helvetica,Arial,sans-serif;-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;list-style:none;font-weight:400;text-align:center;cursor:pointer;background-image:none;white-space:nowrap;border-radius:2px;height:32px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none}.box{font-family:Monospaced Number,Chinese Quote,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,PingFang SC,Hiragino Sans GB,Microsoft YaHei,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:14px;line-height:1.5;color:rgba(0,0,0,0.65);-webkit-box-sizing:border-box;box-sizing:border-box;margin-top:0 !important;margin-bottom:20px;padding:0;list-style:none;background:#fff;border-radius:2px;position:relative;-webkit-transition:all .3s;-o-transition:all .3s;transition:all .3s;-moz-box-shadow:0 1px 1px rgba(0,0,0,0.15);-webkit-box-shadow:0 1px 1px rgba(143,168,191,.35);box-shadow:0 1px 1px rgba(143,168,191,.35);border-bottom:1px solid #e2e2e9}.span10{float:left;min-height:1px}#Wrapper .span10{margin-left:0px !important;max-width:960px}@media(min-width:1200px){.container{width:82% !important}}@media screen and (min-width:1500px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{max-width:1100px !important}#Wrapper .span10{max-width:810px !important}}@media screen and (min-width:980px) and (max-width:1499px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{max-width:1100px !important}#Wrapper .span10{max-width:74% !important}}@media screen and (min-width:768px) and (max-width:979px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{width:90% !important}#Wr
<style>/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
*/.pull-right{float:right}.pull-left{float:left}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*! github-markdown-css | The MIT License (MIT) | Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com) | https://github.com/sindresorhus/github-markdown-css */.markdown-body{color:#333;font-family:Monospaced Number,Chinese Quote,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,PingFang SC,Hiragino Sans GB,Microsoft YaHei,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:15px;line-height:24px;letter-spacing:.05em;word-wrap:break-word}.markdown-body a{background:transparent}.markdown-body a:active,.markdown-body a:hover{outline:0}.markdown-body strong{font-weight:bold}.markdown-body img{border:0}.markdown-body pre{font-family:"Meiryo UI","YaHei Consolas Hybrid",Consolas,"Malgun Gothic","Segoe UI","Trebuchet MS",Helvetica,monospace,monospace}.markdown-body *{-moz-box-sizing:border-box;box-sizing:border-box}.markdown-body a{color:#4183c4;text-decoration:none}.markdown-body a:hover,.markdown-body a:active{text-decoration:underline}.markdown-body pre{font:12px Consolas,"Liberation Mono",Menlo,Courier,monospace}.markdown-body>*:first-child{margin-top:0 !important}.markdown-body>*:last-child{margin-bottom:0 !important}.markdown-body h2,.markdown-body h3{position:relative;margin-top:1em;margin-bottom:16px;font-weight:bold}.markdown-body h2{padding-bottom:0em;font-size:24px;line-height:1.225}.markdown-body h3{font-size:20px;line-height:1.43}.markdown-body p,.markdown-body pre{margin-top:0;margin-bottom:24px}.markdown-body img{max-width:100%;-moz-box-sizing:border-box;box-sizing:border-box}.markdown-body .highlight{margin-bottom:16px}.markdown-body .highlight pre{padding:16px;overflow:auto;font-size:85%;background-color:#f7f7f7;border-radius:3px}.markdown-body .highlight pre{margin-bottom:0;word-break:normal}.markdown-body pre{word-wrap:normal}/*! Pretty printing styles. Used with prettify.js. */@media screen{}.markdown-body .highlight pre{line-height:1.6}@media screen{}</style>
<style>.highlight .k{color:#204a87;font-weight:bold}.highlight .n{color:#000}.highlight .o{color:#ce5c00;font-weight:bold}.highlight .c1{color:#8f5902;font-style:italic}.highlight .s{color:#4e9a06}.highlight .na{color:#c4a000}.highlight .nt{color:#204a87;font-weight:bold}</style>
<style>@-webkit-keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@media(max-width:800px){}</style>
<!--[if lte IE 8]>
<script src="http://code.jquery.com/jquery-1.11.3.min.js"></script>
<![endif]-->
<!--[if !IE]> -->
<style>#waf_nc_block{position:fixed;width:100%;height:100%;top:0;bottom:0;left:0;z-index:99999}</style><style>@media(pointer:coarse){@media only screen and (max-device-width:1024px){}@media only screen and (max-device-width:414px){}@media only screen and (max-device-width:320px){}}</style><style>@media screen and (max-width:768px){}</style><style>/*!
* Waves v0.7.5
* http://fian.my.id/Waves
*
* Copyright 2014-2016 Alfiana E. Sibuea and other contributors
* Released under the MIT license
* https://github.com/fians/Waves/blob/master/LICENSE
*/</style><style>@media(max-height:620px){}@media(max-height:783px){}@-webkit-keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}@keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}</style><style>@-webkit-keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@media(pointer:coarse){}</style><style>:root{--sr-annote-color-0:#b4d9fb;--sr-annote-color-1:#ffeb3b;--sr-annote-color-2:#a2e9f2;--sr-annote-color-3:#a1e0ff;--sr-annote-color-4:#a8ea68;--sr-annote-color-5:#ffb7da}</style><style>@-webkit-keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@-webkit-keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes fadeOut{0%{opacity:1}to{opacity:0}}@keyframes fadeOut{0%{opacity:1}to{opacity:0}}@-webkit-keyframes fadeIn{0%{opacity:0}to{opacity:1}}@keyframes fadeIn{0%{opacity:0}to{opacity:1}}@-webkit-keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:transl
<body>
<div class="navbar navbar-default">
<div class=navbar-inner>
<div class=container style=text-align:center;position:relative>
<!--[if lte IE 8]>
<span style="display:inline-block;margin:0 auto;color:red;">为了更好的体验请使用IE10及以上版本</span>
<![endif]-->
<div class=brand-box>
<a class=brand href=https://xz.aliyun.com/tab/1></a>
</div>
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F14733&amp;from_type=xianzhi" class="pull-right anonymous-user hh_loding sf-hidden">
登录</a>
<div class="nav-collapse collapse">
<div class="search d1 text-right">
<form action=/search>
<input type=text placeholder=搜索 name=keyword value>
</form>
</div>
</div>
</div>
</div>
</div>
<div id=Wrapper class=container>
<div class=row2>
<div class=span10>
<div class="row box content" width="1200px !important" style=width:1200px>
<div class=box-container>
<div class=main-topic>
<div class="clearfix user-info topic-list">
<p><span class=content-title>ofbiz目录遍历致代码执行漏洞CVE-2024-32113分析</span>
</p>
<div class=topic-info>
<span class=info-left>
<a href=https://xz.aliyun.com/u/52701>
<span class="username cell"> Unam4</span></a> <span class=i-seprator> / </span>
<span> 2024-05-30 15:32:15</span><span class=i-seprator> / </span>
<span>发表于浙江 / </span>
<span>浏览数 48</span>
<span class=content-node>
<span class="label label-default label-node-first">
<a href=https://xz.aliyun.com/tab/1>技术文章</a></span>
<span class="label label-default">
<a href=https://xz.aliyun.com/node/11>技术文章</a></span>
</span>
</span>
<span class="pull-right t-vote cell info-right"><a class="vote vote-up" href=javascript:void(0)>
顶(0)</a>
<a class="vote vote-down" href=javascript:void(0)>
踩(0)</a></span>
</div>
</div>
<hr>
<div id=topic_content class="topic-content markdown-body">
<h2 id=toc-0>目录遍历致代码执行漏洞CVE-2024-32113分析</h2>
<h3 id=toc-1>0x01 漏洞介绍</h3>
<p> Apache OFBiz是一个电子商务平台用于构建大中型企业级、跨平台、跨数据库、跨应用服务器的多层、分布式电子商务类应用系统。2024年5月官方发布新版本修复了CVE-2024-32113 Apache OFBiz 目录遍历致代码执行漏洞,攻击者可构造恶意请求控制服务器。建议尽快修复漏洞。</p>
<h3 id=toc-2>0X02 Groovy执行分析</h3>
<p>/framework/webtools/webapp/webtools/WEB-INF/controller.xml</p>
<p>412-416行</p>
<div class=highlight><pre><span></span><span class=nt>&lt;request-map</span> <span class=na>uri=</span><span class=s>"ProgramExport"</span><span class=nt>&gt;</span>
<span class=nt>&lt;security</span> <span class=na>https=</span><span class=s>"true"</span> <span class=na>auth=</span><span class=s>"true"</span><span class=nt>/&gt;</span>
<span class=nt>&lt;response</span> <span class=na>name=</span><span class=s>"success"</span> <span class=na>type=</span><span class=s>"view"</span> <span class=na>value=</span><span class=s>"ProgramExport"</span><span class=nt>/&gt;</span>
<span class=nt>&lt;response</span> <span class=na>name=</span><span class=s>"error"</span> <span class=na>type=</span><span class=s>"view"</span> <span class=na>value=</span><span class=s>"ProgramExport"</span><span class=nt>/&gt;</span>
<span class=nt>&lt;/request-map&gt;</span>
</pre></div>
<p>可以看到是view类型</p>
<p>652行写着对应配置位置</p>
<div class=highlight><pre><span></span><span class=nt>&lt;view-map</span> <span class=na>name=</span><span class=s>"ProgramExport"</span> <span class=na>type=</span><span class=s>"screen"</span> <span class=na>page=</span><span class=s>"component://webtools/widget/EntityScreens.xml#ProgramExport"</span><span class=nt>/&gt;</span>
</pre></div>
<p>apache-ofbiz-18.12.11/framework/webtools/widget/EntityScreens.xml</p>
<p>74-96行</p>
<div class=highlight><pre><span></span><span class=nt>&lt;screen</span> <span class=na>name=</span><span class=s>"ProgramExport"</span><span class=nt>&gt;</span>
<span class=nt>&lt;section&gt;</span>
<span class=nt>&lt;actions&gt;</span>
<span class=nt>&lt;set</span> <span class=na>field=</span><span class=s>"titleProperty"</span> <span class=na>value=</span><span class=s>"PageTitleEntityExportAll"</span><span class=nt>/&gt;</span>
<span class=nt>&lt;set</span> <span class=na>field=</span><span class=s>"tabButtonItem"</span> <span class=na>value=</span><span class=s>"programExport"</span><span class=nt>/&gt;</span>
<span class=nt>&lt;script</span> <span class=na>location=</span><span class=s>"component://webtools/groovyScripts/entity/ProgramExport.groovy"</span><span class=nt>/&gt;</span>
<span class=nt>&lt;/actions&gt;</span>
<span class=nt>&lt;widgets&gt;</span>
<span class=nt>&lt;decorator-screen</span> <span class=na>name=</span><span class=s>"CommonImportExportDecorator"</span> <span class=na>location=</span><span class=s>"${parameters.mainDecoratorLocation}"</span><span class=nt>&gt;</span>
<span class=nt>&lt;decorator-section</span> <span class=na>name=</span><span class=s>"body"</span><span class=nt>&gt;</span>
<span class=nt>&lt;screenlet&gt;</span>
<span class=nt>&lt;include-form</span> <span class=na>name=</span><span class=s>"ProgramExport"</span> <span class=na>location=</span><span class=s>"component://webtools/widget/MiscForms.xml"</span><span class=nt>/&gt;</span>
<span class=nt>&lt;/screenlet&gt;</span>
<span class=nt>&lt;screenlet&gt;</span>
<span class=nt>&lt;platform-specific&gt;</span>
<span class=nt>&lt;html&gt;&lt;html-template</span> <span class=na>location=</span><span class=s>"component://webtools/template/entity/ProgramExport.ftl"</span><span class=nt>/&gt;&lt;/html&gt;</span>
<span class=nt>&lt;/platform-specific&gt;</span>
<span class=nt>&lt;/screenlet&gt;</span>
<span class=nt>&lt;/decorator-section&gt;</span>
<span class=nt>&lt;/decorator-screen&gt;</span>
<span class=nt>&lt;/widgets&gt;</span>
<span class=nt>&lt;/section&gt;</span>
<span class=nt>&lt;/screen&gt;</span>
</pre></div>
<p>可以看见调用了</p>
<p>/webtools/groovyScripts/entity/ProgramExport.groovy</p>
<p>56-82行</p>
<div class=highlight><pre><span></span><span class=n>parameters</span><span class=o>.</span><span class=na>groovyProgram</span> <span class=o>=</span> <span class=n>groovyProgram</span>
<span class=o>}</span> <span class=k>else</span> <span class=o>{</span>
<span class=n>groovyProgram</span> <span class=o>=</span> <span class=n>parameters</span><span class=o>.</span><span class=na>groovyProgram</span>
<span class=o>}</span>
<span class=c1>// Add imports for script.</span>
<span class=n>def</span> <span class=n>importCustomizer</span> <span class=o>=</span> <span class=k>new</span> <span class=n>ImportCustomizer</span><span class=o>()</span>
<span class=n>importCustomizer</span><span class=o>.</span><span class=na>addImport</span><span class=o>(</span><span class=s>"org.apache.ofbiz.entity.GenericValue"</span><span class=o>)</span>
<span class=n>importCustomizer</span><span class=o>.</span><span class=na>addImport</span><span class=o>(</span><span class=s>"org.apache.ofbiz.entity.model.ModelEntity"</span><span class=o>)</span>
<span class=n>def</span> <span class=n>configuration</span> <span class=o>=</span> <span class=k>new</span> <span class=n>CompilerConfiguration</span><span class=o>()</span>
<span class=n>configuration</span><span class=o>.</span><span class=na>addCompilationCustomizers</span><span class=o>(</span><span class=n>importCustomizer</span><span class=o>)</span>
<span class=n>Binding</span> <span class=n>binding</span> <span class=o>=</span> <span class=k>new</span> <span class=n>Binding</span><span class=o>()</span>
<span class=n>binding</span><span class=o>.</span><span class=na>setVariable</span><span class=o>(</span><span class=s>"delegator"</span><span class=o>,</span> <span class=n>delegator</span><span class=o>)</span>
<span class=n>binding</span><span class=o>.</span><span class=na>setVariable</span><span class=o>(</span><span class=s>"recordValues"</span><span class=o>,</span> <span class=n>recordValues</span><span class=o>)</span>
<span class=n>ClassLoader</span> <span class=n>loader</span> <span class=o>=</span> <span class=n>Thread</span><span class=o>.</span><span class=na>currentThread</span><span class=o>().</span><span class=na>getContextClassLoader</span><span class=o>()</span>
<span class=n>def</span> <span class=n>shell</span> <span class=o>=</span> <span class=k>new</span> <span class=n>GroovyShell</span><span class=o>(</span><span class=n>loader</span><span class=o>,</span> <span class=n>binding</span><span class=o>,</span> <span class=n>configuration</span><span class=o>)</span>
<span class=k>if</span> <span class=o>(</span><span class=n>UtilValidate</span><span class=o>.</span><span class=na>isNotEmpty</span><span class=o>(</span><span class=n>groovyProgram</span><span class=o>))</span> <span class=o>{</span>
<span class=k>try</span> <span class=o>{</span>
<span class=c1>// Check if a webshell is not uploaded but allow "import"</span>
<span class=k>if</span> <span class=o>(!</span><span class=n>SecuredUpload</span><span class=o>.</span><span class=na>isValidText</span><span class=o>(</span><span class=n>groovyProgram</span><span class=o>,</span> <span class=o>[</span><span class=s>"import"</span><span class=o>]))</span> <span class=o>{</span>
<span class=n>logError</span><span class=o>(</span><span class=s>"================== Not executed for security reason =================="</span><span class=o>)</span>
<span class=n>request</span><span class=o>.</span><span class=na>setAttribute</span><span class=o>(</span><span class=s>"_ERROR_MESSAGE_"</span><span class=o>,</span> <span class=s>"Not executed for security reason"</span><span class=o>)</span>
<span class=k>return</span>
<span class=o>}</span>
</pre></div>
<p>从groovyProgram获取参数SecuredUpload.isValidText进行黑名单检查。</p>
<p><a href=https://github.com/apache/ofbiz-framework/tree/release18.12.13 target=_blank>ofbiz-framework</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.13/framework target=_blank>framework</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.13/framework/security target=_blank>security</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.13/framework/security/src target=_blank>src</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.13/framework/security/src/main target=_blank>main</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.13/framework/security/src/main/java target=_blank>java</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.13/framework/security/src/main/java/org target=_blank>org</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.13/framework/security/src/main/java/org/apache target=_blank>apache</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.13/framework/security/src/main/java/org/apache/ofbiz target=_blank>ofbiz</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.13/framework/security/src/main/java/org/apache/ofbiz/security target=_blank>security</a>/SecuredUpload.java</p>
<p><a id=img0 href=https://xzfile.aliyuncs.com/media/upload/picture/20240530152615-e5eae774-1e55-1.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABB8AAAEWCAYAAAAuDz/HAAAMKWlDQ1BJQ0MgUHJvZmlsZQAAeJyVVwdUk8kWnr+kQkIJoCAl9CZKJ4CU0CO9F1EJSSChhJgEFOzK4gquXURBUWBRLOjqCshaEAsW1q5gXSzYn4u62FB5kwR0y3nvnTc5k/vl5ptv7r3/zH9mAKB3cyWSPFQTgHyxXBoXGsBMSU1jkp4ABH4AsAFkLk8mYcfERMBfYNT+tb29ruSCKw4KrX/+/1+bNl8g4wGApEOcyZfx8iHuAACT8CRSOQAER+g3nymXKHACxDpSGCDEQgXOVuE5CpypwiuVnIS4QIgbACCrc7nSbABoe6GfWcTLhjq0ixA7ivkiMQB0RQy+PCGXD7E/xOPz8wsUWJGHDeRLIF4LMSvzT5rZf9HP/KrP5WZ/xaq8lI0cJJJJ8rjF/2dp/nfLzyscncMKdnWhNCxOYWENe3MLwhWYCvFDcWZU9Ij/pYiv5Cv8H4WFYYlAWQQU58kC00awNp8bFK7ioExxXpTimetBbJclCuGodFB/kZyTMMoXyILjIYarCI2QFsSNzIWmZ0kD2YpnDLGQK1XOqwNxSWFuIntk7HKhgKPQxyGuKREmJENMhHhLkSgpakSzUZYbHz7CbykRBkaNcE5IC+NG4z8rEIcGjODeLGmIIne4dtBH+TLlvNCP6QlFnBFNzEIuTAhT5Yi58rjf4heI2aOavQJZSsSony8ICv6arzgxfpQjkQfEjfolecr9oeLkhY7UH/OVFcUHq+qAhcnh4hzxp0nkMV9rmMOdHKOqG8YHaYALZCAPFADxAZ3OhmvqbeQuOYgHuSAHCIAU5IMIyCiGXQrCgUjpzQMlSCyIVIyBHjm0UuWIR0p+AGQoOHyoywPCEZUo8BCqyOHnLYiBamKIuJCVB7/ZIAuIUH2IcpQY/lKO5IJsICC6Eq1htwVMaIOInkQnojuug7NwNu6He+NuuCfhEeFyVUGxV5IQhAGR8XGozYTqQuNzIAgqyYAEziIAOVm+Cg5uiPviPnB8ALT+f2IosvyWkwAUwriZMAuBUq0YchRIBP/nKVliyFBkIlHWBmZEMaX4UViUSIod7M6UUDqZ7kBn0p3pxlgt1oZ1Y4exVlgd0UhtcmFFFJUJhkg53rHLsd7xoGOP4wvHBrlgllyxmAILJMVSUbZQzmTDN56AyRHzJoxnOjs6uwKgeH+qtuSbXuV7EdEjf/NJ4D7yDILPuP6bL9MAgFa4j/Up33wW2wDQSAGgZQGvUFqk8uGKLwJcORpwF+kDY2AO388OwBm4A2/gDyOeDKJBAkgF05TPKR/GPxPMAQtBGagAK8E6sBHUgnqwHewG+0ArOASOgVPgHLgIroFboA/0g+dgAK6DIQRBSAgNYSD6iAliidgjzggL8UWCkQgkDklFMpBsRIwUInOQxUgFshrZiGxFmpCfkIPIMeQMcgm5gdxDniKvkY8ohqqjOqgRaoVORFkoGw1HE9CpaDY6Ay1BS9HlaBVah+5CW9Bj6Dn0GtqHPkcHMYCpYXqYKeaAsbBALBpLw7IwKTYPK8cqsTqsGWvHurArWB/2AvuAE3EGzsQd4HoLwxNxHj4Dn4cvwzfi2/EW/AR+Bb+HD+BfCDSCIcGe4EXgEFII2YSZhDJCJaGRcIBwknCN0E94SyQS9eAa9iCGEVOJOcTZxGXETcQ9xA7iJeID4iCJRNIn2ZN8SNEkLklOKiNtIO0iHSVdJvWT3pPVyCZkZ3IIOY0sJi8iV5J3kI+QL5Mfk4comhRLihclmsKnFFNWUBoo7ZQLlH7KEFWLak31oSZQc6gLqVXUZupJ6m3qGzU1NTM1T7VYNZHaArUqtb1qp9XuqX1Q11a3Uw9UT1cvVF+uvk29Q/2G+hsajWZF86el0eS05bQm2nHaXdp7OoM+gc6h8+nz6dX0Fvpl+ksNioalBltjmkaJRqXGfo0LGi80KZpWmoGaXM15mtWaBzV7NAe1GFpOWtFa+VrLtHZondF6ok3SttIO1uZrl2rXax/XfsDAGOaMQAaPsZjRwDjJ6Nch6ljrcHRydCp0duuc1xnQ1dZ11U3SnaVbrXtYt08P07PS4+jl6a3Q26d3Xe/jGKMx7DGCMUvHNI+5PObd2HFj/ccKxpaP3TP22tiP+kz9YP1c/VX6rfp3DHADO4NYg5kGmw1OGrwYpzPOexxvXPm4feNuGqKGdoZxhrMN6w27DQeNjI1CjSRGG4yOG70w1jP2N84xXmt8xPipCcPE10RkstbkqMkzpi6TzcxjVjFPMAdMDU3DTAtNt5qeNx0yszZLNFtktsfsjjnVnGWeZb7WvNN8wMLEItJijsVOi5uWFEuWpdByvWWX5Tsra6tkqyVWrVZPrMdac6xLrHda37ah2fjZzLCps7lqS7Rl2ebabrK9aIfaudkJ7artLtij9u72IvtN9pfGE8Z7jhePrxvf46DuwHYoctjpcG+C3oSICYsmtE54OdFiYtrEVRO7Jn5xdHPMc2xwvOWk7TTZaZFTu9NrZztnnnO181UXmkuIy3yXNpdXrvauAtfNrr1uDLdItyVunW6f3T3cpe7N7k89LDwyPGo8elg6rBjWMtZpT4JngOd8z0OeH7zcveRe+7x+93bwzvXe4f1kkvUkwaSGSQ98zHy4Plt9+nyZvhm+W3z7/Ez9uH51fvf9zf35/o3+j9m27Bz2LvbLAMcAacCBgHeBXoFzAzuCsKDQoPKg88HawYnBG4PvhpiFZIfsDBkIdQudHdoRRggLD1sV1sMx4vA4TZyByR6T504+Ea4eHh++Mfx+hF2ENKI9Eo2cHLkm8naUZZQ4qjUaRHOi10TfibGOmRHzSywxNia2OvZRnFPcnLiueEb89Pgd8W8TAhJWJNxKtEksTOxM0khKT2pKepcclLw6uS9lYsrclHOpBqmi1LY0UlpSWmPa4JTgKeum9Ke7pZelX59qPXXW1DPTDKblTTs8XWM6d/r+DEJGcsaOjE/caG4ddzCTk1mTOcAL5K3nPef789fynwp8BKsFj7N8slZnPcn2yV6T/VToJ6wUvhAFijaKXuWE5dTmvMuNzt2WO5yXnLcnn5yfkX9QrC3OFZ8oMC6YVXBJYi8pk/TN8JqxbsaANFzaKENkU2Vtch14UO0utCn8rvBekW9RddH7mUkz98/SmiWe1V1sV7y0+HFJSMmPs/HZvNmdc0znLJxzby577tZ5yLzMeZ3zzeeXzu9fELpg+0LqwtyFvy5yXLR60R+Lkxe3lxqVLih98F3odzvL6GXSsp4l3ktqv8e/F31/fqnL0g1Lv5Tzy89WOFZUVnxaxlt29genH6p+GF6etfz8CvcVm1cSV4pXXl/lt2r7aq3VJasfrIlc07KWubZ87R/rpq87U+laWbueur5wfV9VRFXbBosNKzd82ijceK06oHpPjWHN0pp3m/ibLm/239xca1RbUftxi2hL79bQrS11VnWV9cT6ovpHDUkNXT+yfmxqNGisaPy8Tbytb3vc9hNNHk1NOwx3rNiJ7izc+XRX+q6Lu4N2tzU7NG/do7enYi/YW7j32U8ZP13fF76vcz9rf/PPlj/XHGAcKG9BWopbBlqFrX1tqW2XDk4+2Nnu3X7glwm/bDtkeqj6sO7hFUeoR0qPDB8tOTrYIel4cSz72IPO6Z23jqccv3oi9sT5k+EnT58KOXW8i9119LTP6UNnvM4cPMs623rO/VxLt1v3gV/dfj1w3v18ywWPC20XPS+2X5p06chlv8vHrgRdOXWVc/Xctahrl64nXu/tSe/p6+X3PrmRd+PVzaKbQ7cW3CbcLr+jeafyruHdut9sf9vT5953+F7Qve778fdvPeA9eP5Q9vBTf+kj2qPKxyaPm544Pzn0NOTpxWdTnvU/lzwfelH2L61/1by0efnz7/6/dw+kDPS/kr4afr3sjf6bbX+4/tE5GDN49
<p>其中调用getDeniedWebShellTokens();得到黑名单。</p>
<p><a id=img1 href=https://xzfile.aliyuncs.com/media/upload/picture/20240530152622-ea1693d4-1e55-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABhIAAAJhCAYAAACkUipSAAAMKWlDQ1BJQ0MgUHJvZmlsZQAAeJyVVwdUk8kWnr+kQkIJoCAl9CZKJ4CU0CO9F1EJSSChhJgEFOzK4gquXURBUWBRLOjqCshaEAsW1q5gXSzYn4u62FB5kwR0y3nvnTc5k/vl5ptv7r3/zH9mAKB3cyWSPFQTgHyxXBoXGsBMSU1jkp4ABH4AsAFkLk8mYcfERMBfYNT+tb29ruSCKw4KrX/+/1+bNl8g4wGApEOcyZfx8iHuAACT8CRSOQAER+g3nymXKHACxDpSGCDEQgXOVuE5CpypwiuVnIS4QIgbACCrc7nSbABoe6GfWcTLhjq0ixA7ivkiMQB0RQy+PCGXD7E/xOPz8wsUWJGHDeRLIF4LMSvzT5rZf9HP/KrP5WZ/xaq8lI0cJJJJ8rjF/2dp/nfLzyscncMKdnWhNCxOYWENe3MLwhWYCvFDcWZU9Ij/pYiv5Cv8H4WFYYlAWQQU58kC00awNp8bFK7ioExxXpTimetBbJclCuGodFB/kZyTMMoXyILjIYarCI2QFsSNzIWmZ0kD2YpnDLGQK1XOqwNxSWFuIntk7HKhgKPQxyGuKREmJENMhHhLkSgpakSzUZYbHz7CbykRBkaNcE5IC+NG4z8rEIcGjODeLGmIIne4dtBH+TLlvNCP6QlFnBFNzEIuTAhT5Yi58rjf4heI2aOavQJZSsSony8ICv6arzgxfpQjkQfEjfolecr9oeLkhY7UH/OVFcUHq+qAhcnh4hzxp0nkMV9rmMOdHKOqG8YHaYALZCAPFADxAZ3OhmvqbeQuOYgHuSAHCIAU5IMIyCiGXQrCgUjpzQMlSCyIVIyBHjm0UuWIR0p+AGQoOHyoywPCEZUo8BCqyOHnLYiBamKIuJCVB7/ZIAuIUH2IcpQY/lKO5IJsICC6Eq1htwVMaIOInkQnojuug7NwNu6He+NuuCfhEeFyVUGxV5IQhAGR8XGozYTqQuNzIAgqyYAEziIAOVm+Cg5uiPviPnB8ALT+f2IosvyWkwAUwriZMAuBUq0YchRIBP/nKVliyFBkIlHWBmZEMaX4UViUSIod7M6UUDqZ7kBn0p3pxlgt1oZ1Y4exVlgd0UhtcmFFFJUJhkg53rHLsd7xoGOP4wvHBrlgllyxmAILJMVSUbZQzmTDN56AyRHzJoxnOjs6uwKgeH+qtuSbXuV7EdEjf/NJ4D7yDILPuP6bL9MAgFa4j/Up33wW2wDQSAGgZQGvUFqk8uGKLwJcORpwF+kDY2AO388OwBm4A2/gDyOeDKJBAkgF05TPKR/GPxPMAQtBGagAK8E6sBHUgnqwHewG+0ArOASOgVPgHLgIroFboA/0g+dgAK6DIQRBSAgNYSD6iAliidgjzggL8UWCkQgkDklFMpBsRIwUInOQxUgFshrZiGxFmpCfkIPIMeQMcgm5gdxDniKvkY8ohqqjOqgRaoVORFkoGw1HE9CpaDY6Ay1BS9HlaBVah+5CW9Bj6Dn0GtqHPkcHMYCpYXqYKeaAsbBALBpLw7IwKTYPK8cqsTqsGWvHurArWB/2AvuAE3EGzsQd4HoLwxNxHj4Dn4cvwzfi2/EW/AR+Bb+HD+BfCDSCIcGe4EXgEFII2YSZhDJCJaGRcIBwknCN0E94SyQS9eAa9iCGEVOJOcTZxGXETcQ9xA7iJeID4iCJRNIn2ZN8SNEkLklOKiNtIO0iHSVdJvWT3pPVyCZkZ3IIOY0sJi8iV5J3kI+QL5Mfk4comhRLihclmsKnFFNWUBoo7ZQLlH7KEFWLak31oSZQc6gLqVXUZupJ6m3qGzU1NTM1T7VYNZHaArUqtb1qp9XuqX1Q11a3Uw9UT1cvVF+uvk29Q/2G+hsajWZF86el0eS05bQm2nHaXdp7OoM+gc6h8+nz6dX0Fvpl+ksNioalBltjmkaJRqXGfo0LGi80KZpWmoGaXM15mtWaBzV7NAe1GFpOWtFa+VrLtHZondF6ok3SttIO1uZrl2rXax/XfsDAGOaMQAaPsZjRwDjJ6Nch6ljrcHRydCp0duuc1xnQ1dZ11U3SnaVbrXtYt08P07PS4+jl6a3Q26d3Xe/jGKMx7DGCMUvHNI+5PObd2HFj/ccKxpaP3TP22tiP+kz9YP1c/VX6rfp3DHADO4NYg5kGmw1OGrwYpzPOexxvXPm4feNuGqKGdoZxhrMN6w27DQeNjI1CjSRGG4yOG70w1jP2N84xXmt8xPipCcPE10RkstbkqMkzpi6TzcxjVjFPMAdMDU3DTAtNt5qeNx0yszZLNFtktsfsjjnVnGWeZb7WvNN8wMLEItJijsVOi5uWFEuWpdByvWWX5Tsra6tkqyVWrVZPrMdac6xLrHda37ah2fjZzLCps7lqS7Rl2ebabrK9aIfaudkJ7artLtij9u72IvtN9pfGE8Z7jhePrxvf46DuwHYoctjpcG+C3oSICYsmtE54OdFiYtrEVRO7Jn5xdHPMc2xwvOWk7TTZaZFTu9NrZztnnnO181UXmkuIy3yXNpdXrvauAtfNrr1uDLdItyVunW6f3T3cpe7N7k89LDwyPGo8elg6rBjWMtZpT4JngOd8z0OeH7zcveRe+7x+93bwzvXe4f1kkvUkwaSGSQ98zHy4Plt9+nyZvhm+W3z7/Ez9uH51fvf9zf35/o3+j9m27Bz2LvbLAMcAacCBgHeBXoFzAzuCsKDQoPKg88HawYnBG4PvhpiFZIfsDBkIdQudHdoRRggLD1sV1sMx4vA4TZyByR6T504+Ea4eHh++Mfx+hF2ENKI9Eo2cHLkm8naUZZQ4qjUaRHOi10TfibGOmRHzSywxNia2OvZRnFPcnLiueEb89Pgd8W8TAhJWJNxKtEksTOxM0khKT2pKepcclLw6uS9lYsrclHOpBqmi1LY0UlpSWmPa4JTgKeum9Ke7pZelX59qPXXW1DPTDKblTTs8XWM6d/r+DEJGcsaOjE/caG4ddzCTk1mTOcAL5K3nPef789fynwp8BKsFj7N8slZnPcn2yV6T/VToJ6wUvhAFijaKXuWE5dTmvMuNzt2WO5yXnLcnn5yfkX9QrC3OFZ8oMC6YVXBJYi8pk/TN8JqxbsaANFzaKENkU2Vtch14UO0utCn8rvBekW9RddH7mUkz98/SmiWe1V1sV7y0+HFJSMmPs/HZvNmdc0znLJxzby577tZ5yLzMeZ3zzeeXzu9fELpg+0LqwtyFvy5yXLR60R+Lkxe3lxqVLih98F3odzvL6GXSsp4l3ktqv8e/F31/fqnL0g1Lv5Tzy89WOFZUVnxaxlt29genH6p+GF6etfz8CvcVm1cSV4pXXl/lt2r7aq3VJasfrIlc07KWubZ87R/rpq87U+laWbueur5wfV9VRFXbBosNKzd82ijceK06oHpPjWHN0pp3m/ibLm/239xca1RbUftxi2hL79bQrS11VnWV9cT6ovpHDUkNXT+yfmxqNGisaPy8Tbytb3vc9hNNHk1NOwx3rNiJ7izc+XRX+q6Lu4N2tzU7NG/do7enYi/YW7j32U8ZP13fF76vcz9rf/PPlj/XHGAcKG9BWopbBlqFrX1tqW2XDk4+2Nnu3X7glwm/bDtkeqj6sO7hFUeoR0qPDB8tOTrYIel4cSz72IPO6Z23jqccv3oi9sT5k+EnT58KOXW8i9119LTP6UNnvM4cPMs623rO/VxLt1v3gV/dfj1w3v18ywWPC20XPS+2X5p06chlv8vHrgRdOXWVc/Xctahrl64nXu/tSe/p6+X3PrmRd+PVzaKbQ7cW3CbcLr+jeafyruHdut9sf9vT5953+F7Qve778fdvPeA9eP5Q9vBTf+kj2qPKxyaPm544Pzn0NOTpxWdTnvU/lzwfelH2L61/1by0efnz7/6/dw+kDPS/kr4afr3sjf6bbX+4/tE5GDN4
<p>可以看到没有对<strong>execute()</strong>过滤。</p>
<p>直接可以使用. "".execute()执行命令或者直接unicode编码。</p>
<h3 id=toc-3>0x03 目录遍历分析</h3>
<p> <a href=https://issues.apache.org/jira/browse/OFBIZ-13006 target=_blank>https://issues.apache.org/jira/browse/OFBIZ-13006</a> 官方给出了漏洞点,</p>
<p><a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12 target=_blank>ofbiz-framework</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12/framework target=_blank>framework</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12/framework/webapp target=_blank>webapp</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12/framework/webapp/src target=_blank>src</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12/framework/webapp/src/main target=_blank>main</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12/framework/webapp/src/main/java target=_blank>java</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12/framework/webapp/src/main/java/org target=_blank>org</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12/framework/webapp/src/main/java/org/apache target=_blank>apache</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12/framework/webapp/src/main/java/org/apache/ofbiz target=_blank>ofbiz</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp target=_blank>webapp</a>/<a href=https://github.com/apache/ofbiz-framework/tree/release18.12.12/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control target=_blank>control</a></p>
<p>/ControlFilter.java</p>
<p>18.12</p>
<p><a id=img2 href=https://xzfile.aliyuncs.com/media/upload/picture/20240530152649-fa356d30-1e55-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABhAAAAJ7CAYAAAAC6tuSAAAMKWlDQ1BJQ0MgUHJvZmlsZQAAeJyVVwdUk8kWnr+kQkIJoCAl9CZKJ4CU0CO9F1EJSSChhJgEFOzK4gquXURBUWBRLOjqCshaEAsW1q5gXSzYn4u62FB5kwR0y3nvnTc5k/vl5ptv7r3/zH9mAKB3cyWSPFQTgHyxXBoXGsBMSU1jkp4ABH4AsAFkLk8mYcfERMBfYNT+tb29ruSCKw4KrX/+/1+bNl8g4wGApEOcyZfx8iHuAACT8CRSOQAER+g3nymXKHACxDpSGCDEQgXOVuE5CpypwiuVnIS4QIgbACCrc7nSbABoe6GfWcTLhjq0ixA7ivkiMQB0RQy+PCGXD7E/xOPz8wsUWJGHDeRLIF4LMSvzT5rZf9HP/KrP5WZ/xaq8lI0cJJJJ8rjF/2dp/nfLzyscncMKdnWhNCxOYWENe3MLwhWYCvFDcWZU9Ij/pYiv5Cv8H4WFYYlAWQQU58kC00awNp8bFK7ioExxXpTimetBbJclCuGodFB/kZyTMMoXyILjIYarCI2QFsSNzIWmZ0kD2YpnDLGQK1XOqwNxSWFuIntk7HKhgKPQxyGuKREmJENMhHhLkSgpakSzUZYbHz7CbykRBkaNcE5IC+NG4z8rEIcGjODeLGmIIne4dtBH+TLlvNCP6QlFnBFNzEIuTAhT5Yi58rjf4heI2aOavQJZSsSony8ICv6arzgxfpQjkQfEjfolecr9oeLkhY7UH/OVFcUHq+qAhcnh4hzxp0nkMV9rmMOdHKOqG8YHaYALZCAPFADxAZ3OhmvqbeQuOYgHuSAHCIAU5IMIyCiGXQrCgUjpzQMlSCyIVIyBHjm0UuWIR0p+AGQoOHyoywPCEZUo8BCqyOHnLYiBamKIuJCVB7/ZIAuIUH2IcpQY/lKO5IJsICC6Eq1htwVMaIOInkQnojuug7NwNu6He+NuuCfhEeFyVUGxV5IQhAGR8XGozYTqQuNzIAgqyYAEziIAOVm+Cg5uiPviPnB8ALT+f2IosvyWkwAUwriZMAuBUq0YchRIBP/nKVliyFBkIlHWBmZEMaX4UViUSIod7M6UUDqZ7kBn0p3pxlgt1oZ1Y4exVlgd0UhtcmFFFJUJhkg53rHLsd7xoGOP4wvHBrlgllyxmAILJMVSUbZQzmTDN56AyRHzJoxnOjs6uwKgeH+qtuSbXuV7EdEjf/NJ4D7yDILPuP6bL9MAgFa4j/Up33wW2wDQSAGgZQGvUFqk8uGKLwJcORpwF+kDY2AO388OwBm4A2/gDyOeDKJBAkgF05TPKR/GPxPMAQtBGagAK8E6sBHUgnqwHewG+0ArOASOgVPgHLgIroFboA/0g+dgAK6DIQRBSAgNYSD6iAliidgjzggL8UWCkQgkDklFMpBsRIwUInOQxUgFshrZiGxFmpCfkIPIMeQMcgm5gdxDniKvkY8ohqqjOqgRaoVORFkoGw1HE9CpaDY6Ay1BS9HlaBVah+5CW9Bj6Dn0GtqHPkcHMYCpYXqYKeaAsbBALBpLw7IwKTYPK8cqsTqsGWvHurArWB/2AvuAE3EGzsQd4HoLwxNxHj4Dn4cvwzfi2/EW/AR+Bb+HD+BfCDSCIcGe4EXgEFII2YSZhDJCJaGRcIBwknCN0E94SyQS9eAa9iCGEVOJOcTZxGXETcQ9xA7iJeID4iCJRNIn2ZN8SNEkLklOKiNtIO0iHSVdJvWT3pPVyCZkZ3IIOY0sJi8iV5J3kI+QL5Mfk4comhRLihclmsKnFFNWUBoo7ZQLlH7KEFWLak31oSZQc6gLqVXUZupJ6m3qGzU1NTM1T7VYNZHaArUqtb1qp9XuqX1Q11a3Uw9UT1cvVF+uvk29Q/2G+hsajWZF86el0eS05bQm2nHaXdp7OoM+gc6h8+nz6dX0Fvpl+ksNioalBltjmkaJRqXGfo0LGi80KZpWmoGaXM15mtWaBzV7NAe1GFpOWtFa+VrLtHZondF6ok3SttIO1uZrl2rXax/XfsDAGOaMQAaPsZjRwDjJ6Nch6ljrcHRydCp0duuc1xnQ1dZ11U3SnaVbrXtYt08P07PS4+jl6a3Q26d3Xe/jGKMx7DGCMUvHNI+5PObd2HFj/ccKxpaP3TP22tiP+kz9YP1c/VX6rfp3DHADO4NYg5kGmw1OGrwYpzPOexxvXPm4feNuGqKGdoZxhrMN6w27DQeNjI1CjSRGG4yOG70w1jP2N84xXmt8xPipCcPE10RkstbkqMkzpi6TzcxjVjFPMAdMDU3DTAtNt5qeNx0yszZLNFtktsfsjjnVnGWeZb7WvNN8wMLEItJijsVOi5uWFEuWpdByvWWX5Tsra6tkqyVWrVZPrMdac6xLrHda37ah2fjZzLCps7lqS7Rl2ebabrK9aIfaudkJ7artLtij9u72IvtN9pfGE8Z7jhePrxvf46DuwHYoctjpcG+C3oSICYsmtE54OdFiYtrEVRO7Jn5xdHPMc2xwvOWk7TTZaZFTu9NrZztnnnO181UXmkuIy3yXNpdXrvauAtfNrr1uDLdItyVunW6f3T3cpe7N7k89LDwyPGo8elg6rBjWMtZpT4JngOd8z0OeH7zcveRe+7x+93bwzvXe4f1kkvUkwaSGSQ98zHy4Plt9+nyZvhm+W3z7/Ez9uH51fvf9zf35/o3+j9m27Bz2LvbLAMcAacCBgHeBXoFzAzuCsKDQoPKg88HawYnBG4PvhpiFZIfsDBkIdQudHdoRRggLD1sV1sMx4vA4TZyByR6T504+Ea4eHh++Mfx+hF2ENKI9Eo2cHLkm8naUZZQ4qjUaRHOi10TfibGOmRHzSywxNia2OvZRnFPcnLiueEb89Pgd8W8TAhJWJNxKtEksTOxM0khKT2pKepcclLw6uS9lYsrclHOpBqmi1LY0UlpSWmPa4JTgKeum9Ke7pZelX59qPXXW1DPTDKblTTs8XWM6d/r+DEJGcsaOjE/caG4ddzCTk1mTOcAL5K3nPef789fynwp8BKsFj7N8slZnPcn2yV6T/VToJ6wUvhAFijaKXuWE5dTmvMuNzt2WO5yXnLcnn5yfkX9QrC3OFZ8oMC6YVXBJYi8pk/TN8JqxbsaANFzaKENkU2Vtch14UO0utCn8rvBekW9RddH7mUkz98/SmiWe1V1sV7y0+HFJSMmPs/HZvNmdc0znLJxzby577tZ5yLzMeZ3zzeeXzu9fELpg+0LqwtyFvy5yXLR60R+Lkxe3lxqVLih98F3odzvL6GXSsp4l3ktqv8e/F31/fqnL0g1Lv5Tzy89WOFZUVnxaxlt29genH6p+GF6etfz8CvcVm1cSV4pXXl/lt2r7aq3VJasfrIlc07KWubZ87R/rpq87U+laWbueur5wfV9VRFXbBosNKzd82ijceK06oHpPjWHN0pp3m/ibLm/239xca1RbUftxi2hL79bQrS11VnWV9cT6ovpHDUkNXT+yfmxqNGisaPy8Tbytb3vc9hNNHk1NOwx3rNiJ7izc+XRX+q6Lu4N2tzU7NG/do7enYi/YW7j32U8ZP13fF76vcz9rf/PPlj/XHGAcKG9BWopbBlqFrX1tqW2XDk4+2Nnu3X7glwm/bDtkeqj6sO7hFUeoR0qPDB8tOTrYIel4cSz72IPO6Z23jqccv3oi9sT5k+EnT58KOXW8i9119LTP6UNnvM4cPMs623rO/VxLt1v3gV/dfj1w3v18ywWPC20XPS+2X5p06chlv8vHrgRdOXWVc/Xctahrl64nXu/tSe/p6+X3PrmRd+PVzaKbQ7cW3CbcLr+jeafyruHdut9sf9vT5953+F7Qve778fdvPeA9eP5Q9vBTf+kj2qPKxyaPm544Pzn0NOTpxWdTnvU/lzwfelH2L61/1by0efnz7/6/dw+kDPS/kr4afr3sjf6bbX+4/tE5GDN4
<p>18.10</p>
<p><a id=img3 href=https://xzfile.aliyuncs.com/media/upload/picture/20240530152657-ff0cde9c-1e55-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABNQAAAGHCAYAAAB4ag93AAAMKWlDQ1BJQ0MgUHJvZmlsZQAAeJyVVwdUk8kWnr+kQkIJoCAl9CZKJ4CU0CO9F1EJSSChhJgEFOzK4gquXURBUWBRLOjqCshaEAsW1q5gXSzYn4u62FB5kwR0y3nvnTc5k/vl5ptv7r3/zH9mAKB3cyWSPFQTgHyxXBoXGsBMSU1jkp4ABH4AsAFkLk8mYcfERMBfYNT+tb29ruSCKw4KrX/+/1+bNl8g4wGApEOcyZfx8iHuAACT8CRSOQAER+g3nymXKHACxDpSGCDEQgXOVuE5CpypwiuVnIS4QIgbACCrc7nSbABoe6GfWcTLhjq0ixA7ivkiMQB0RQy+PCGXD7E/xOPz8wsUWJGHDeRLIF4LMSvzT5rZf9HP/KrP5WZ/xaq8lI0cJJJJ8rjF/2dp/nfLzyscncMKdnWhNCxOYWENe3MLwhWYCvFDcWZU9Ij/pYiv5Cv8H4WFYYlAWQQU58kC00awNp8bFK7ioExxXpTimetBbJclCuGodFB/kZyTMMoXyILjIYarCI2QFsSNzIWmZ0kD2YpnDLGQK1XOqwNxSWFuIntk7HKhgKPQxyGuKREmJENMhHhLkSgpakSzUZYbHz7CbykRBkaNcE5IC+NG4z8rEIcGjODeLGmIIne4dtBH+TLlvNCP6QlFnBFNzEIuTAhT5Yi58rjf4heI2aOavQJZSsSony8ICv6arzgxfpQjkQfEjfolecr9oeLkhY7UH/OVFcUHq+qAhcnh4hzxp0nkMV9rmMOdHKOqG8YHaYALZCAPFADxAZ3OhmvqbeQuOYgHuSAHCIAU5IMIyCiGXQrCgUjpzQMlSCyIVIyBHjm0UuWIR0p+AGQoOHyoywPCEZUo8BCqyOHnLYiBamKIuJCVB7/ZIAuIUH2IcpQY/lKO5IJsICC6Eq1htwVMaIOInkQnojuug7NwNu6He+NuuCfhEeFyVUGxV5IQhAGR8XGozYTqQuNzIAgqyYAEziIAOVm+Cg5uiPviPnB8ALT+f2IosvyWkwAUwriZMAuBUq0YchRIBP/nKVliyFBkIlHWBmZEMaX4UViUSIod7M6UUDqZ7kBn0p3pxlgt1oZ1Y4exVlgd0UhtcmFFFJUJhkg53rHLsd7xoGOP4wvHBrlgllyxmAILJMVSUbZQzmTDN56AyRHzJoxnOjs6uwKgeH+qtuSbXuV7EdEjf/NJ4D7yDILPuP6bL9MAgFa4j/Up33wW2wDQSAGgZQGvUFqk8uGKLwJcORpwF+kDY2AO388OwBm4A2/gDyOeDKJBAkgF05TPKR/GPxPMAQtBGagAK8E6sBHUgnqwHewG+0ArOASOgVPgHLgIroFboA/0g+dgAK6DIQRBSAgNYSD6iAliidgjzggL8UWCkQgkDklFMpBsRIwUInOQxUgFshrZiGxFmpCfkIPIMeQMcgm5gdxDniKvkY8ohqqjOqgRaoVORFkoGw1HE9CpaDY6Ay1BS9HlaBVah+5CW9Bj6Dn0GtqHPkcHMYCpYXqYKeaAsbBALBpLw7IwKTYPK8cqsTqsGWvHurArWB/2AvuAE3EGzsQd4HoLwxNxHj4Dn4cvwzfi2/EW/AR+Bb+HD+BfCDSCIcGe4EXgEFII2YSZhDJCJaGRcIBwknCN0E94SyQS9eAa9iCGEVOJOcTZxGXETcQ9xA7iJeID4iCJRNIn2ZN8SNEkLklOKiNtIO0iHSVdJvWT3pPVyCZkZ3IIOY0sJi8iV5J3kI+QL5Mfk4comhRLihclmsKnFFNWUBoo7ZQLlH7KEFWLak31oSZQc6gLqVXUZupJ6m3qGzU1NTM1T7VYNZHaArUqtb1qp9XuqX1Q11a3Uw9UT1cvVF+uvk29Q/2G+hsajWZF86el0eS05bQm2nHaXdp7OoM+gc6h8+nz6dX0Fvpl+ksNioalBltjmkaJRqXGfo0LGi80KZpWmoGaXM15mtWaBzV7NAe1GFpOWtFa+VrLtHZondF6ok3SttIO1uZrl2rXax/XfsDAGOaMQAaPsZjRwDjJ6Nch6ljrcHRydCp0duuc1xnQ1dZ11U3SnaVbrXtYt08P07PS4+jl6a3Q26d3Xe/jGKMx7DGCMUvHNI+5PObd2HFj/ccKxpaP3TP22tiP+kz9YP1c/VX6rfp3DHADO4NYg5kGmw1OGrwYpzPOexxvXPm4feNuGqKGdoZxhrMN6w27DQeNjI1CjSRGG4yOG70w1jP2N84xXmt8xPipCcPE10RkstbkqMkzpi6TzcxjVjFPMAdMDU3DTAtNt5qeNx0yszZLNFtktsfsjjnVnGWeZb7WvNN8wMLEItJijsVOi5uWFEuWpdByvWWX5Tsra6tkqyVWrVZPrMdac6xLrHda37ah2fjZzLCps7lqS7Rl2ebabrK9aIfaudkJ7artLtij9u72IvtN9pfGE8Z7jhePrxvf46DuwHYoctjpcG+C3oSICYsmtE54OdFiYtrEVRO7Jn5xdHPMc2xwvOWk7TTZaZFTu9NrZztnnnO181UXmkuIy3yXNpdXrvauAtfNrr1uDLdItyVunW6f3T3cpe7N7k89LDwyPGo8elg6rBjWMtZpT4JngOd8z0OeH7zcveRe+7x+93bwzvXe4f1kkvUkwaSGSQ98zHy4Plt9+nyZvhm+W3z7/Ez9uH51fvf9zf35/o3+j9m27Bz2LvbLAMcAacCBgHeBXoFzAzuCsKDQoPKg88HawYnBG4PvhpiFZIfsDBkIdQudHdoRRggLD1sV1sMx4vA4TZyByR6T504+Ea4eHh++Mfx+hF2ENKI9Eo2cHLkm8naUZZQ4qjUaRHOi10TfibGOmRHzSywxNia2OvZRnFPcnLiueEb89Pgd8W8TAhJWJNxKtEksTOxM0khKT2pKepcclLw6uS9lYsrclHOpBqmi1LY0UlpSWmPa4JTgKeum9Ke7pZelX59qPXXW1DPTDKblTTs8XWM6d/r+DEJGcsaOjE/caG4ddzCTk1mTOcAL5K3nPef789fynwp8BKsFj7N8slZnPcn2yV6T/VToJ6wUvhAFijaKXuWE5dTmvMuNzt2WO5yXnLcnn5yfkX9QrC3OFZ8oMC6YVXBJYi8pk/TN8JqxbsaANFzaKENkU2Vtch14UO0utCn8rvBekW9RddH7mUkz98/SmiWe1V1sV7y0+HFJSMmPs/HZvNmdc0znLJxzby577tZ5yLzMeZ3zzeeXzu9fELpg+0LqwtyFvy5yXLR60R+Lkxe3lxqVLih98F3odzvL6GXSsp4l3ktqv8e/F31/fqnL0g1Lv5Tzy89WOFZUVnxaxlt29genH6p+GF6etfz8CvcVm1cSV4pXXl/lt2r7aq3VJasfrIlc07KWubZ87R/rpq87U+laWbueur5wfV9VRFXbBosNKzd82ijceK06oHpPjWHN0pp3m/ibLm/239xca1RbUftxi2hL79bQrS11VnWV9cT6ovpHDUkNXT+yfmxqNGisaPy8Tbytb3vc9hNNHk1NOwx3rNiJ7izc+XRX+q6Lu4N2tzU7NG/do7enYi/YW7j32U8ZP13fF76vcz9rf/PPlj/XHGAcKG9BWopbBlqFrX1tqW2XDk4+2Nnu3X7glwm/bDtkeqj6sO7hFUeoR0qPDB8tOTrYIel4cSz72IPO6Z23jqccv3oi9sT5k+EnT58KOXW8i9119LTP6UNnvM4cPMs623rO/VxLt1v3gV/dfj1w3v18ywWPC20XPS+2X5p06chlv8vHrgRdOXWVc/Xctahrl64nXu/tSe/p6+X3PrmRd+PVzaKbQ7cW3CbcLr+jeafyruHdut9sf9vT5953+F7Qve778fdvPeA9eP5Q9vBTf+kj2qPKxyaPm544Pzn0NOTpxWdTnvU/lzwfelH2L61/1by0efnz7/6/dw+kDPS/kr4afr3sjf6bbX+4/tE5GDN4
<p>可以看到使用<strong>httpRequest.getRequestURI()</strong> 获取url这么一看就有两种绕过的。<strong>"../"</strong><strong>";"</strong>进行截断绕过filter处理。</p>
<p>来看看修复方式,</p>
<p>18.13</p>
<p><a id=img4 href=https://xzfile.aliyuncs.com/media/upload/picture/20240530152706-049ec35c-1e56-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABUsAAAG8CAYAAADn+fS9AAAMKWlDQ1BJQ0MgUHJvZmlsZQAAeJyVVwdUk8kWnr+kQkIJoCAl9CZKJ4CU0CO9F1EJSSChhJgEFOzK4gquXURBUWBRLOjqCshaEAsW1q5gXSzYn4u62FB5kwR0y3nvnTc5k/vl5ptv7r3/zH9mAKB3cyWSPFQTgHyxXBoXGsBMSU1jkp4ABH4AsAFkLk8mYcfERMBfYNT+tb29ruSCKw4KrX/+/1+bNl8g4wGApEOcyZfx8iHuAACT8CRSOQAER+g3nymXKHACxDpSGCDEQgXOVuE5CpypwiuVnIS4QIgbACCrc7nSbABoe6GfWcTLhjq0ixA7ivkiMQB0RQy+PCGXD7E/xOPz8wsUWJGHDeRLIF4LMSvzT5rZf9HP/KrP5WZ/xaq8lI0cJJJJ8rjF/2dp/nfLzyscncMKdnWhNCxOYWENe3MLwhWYCvFDcWZU9Ij/pYiv5Cv8H4WFYYlAWQQU58kC00awNp8bFK7ioExxXpTimetBbJclCuGodFB/kZyTMMoXyILjIYarCI2QFsSNzIWmZ0kD2YpnDLGQK1XOqwNxSWFuIntk7HKhgKPQxyGuKREmJENMhHhLkSgpakSzUZYbHz7CbykRBkaNcE5IC+NG4z8rEIcGjODeLGmIIne4dtBH+TLlvNCP6QlFnBFNzEIuTAhT5Yi58rjf4heI2aOavQJZSsSony8ICv6arzgxfpQjkQfEjfolecr9oeLkhY7UH/OVFcUHq+qAhcnh4hzxp0nkMV9rmMOdHKOqG8YHaYALZCAPFADxAZ3OhmvqbeQuOYgHuSAHCIAU5IMIyCiGXQrCgUjpzQMlSCyIVIyBHjm0UuWIR0p+AGQoOHyoywPCEZUo8BCqyOHnLYiBamKIuJCVB7/ZIAuIUH2IcpQY/lKO5IJsICC6Eq1htwVMaIOInkQnojuug7NwNu6He+NuuCfhEeFyVUGxV5IQhAGR8XGozYTqQuNzIAgqyYAEziIAOVm+Cg5uiPviPnB8ALT+f2IosvyWkwAUwriZMAuBUq0YchRIBP/nKVliyFBkIlHWBmZEMaX4UViUSIod7M6UUDqZ7kBn0p3pxlgt1oZ1Y4exVlgd0UhtcmFFFJUJhkg53rHLsd7xoGOP4wvHBrlgllyxmAILJMVSUbZQzmTDN56AyRHzJoxnOjs6uwKgeH+qtuSbXuV7EdEjf/NJ4D7yDILPuP6bL9MAgFa4j/Up33wW2wDQSAGgZQGvUFqk8uGKLwJcORpwF+kDY2AO388OwBm4A2/gDyOeDKJBAkgF05TPKR/GPxPMAQtBGagAK8E6sBHUgnqwHewG+0ArOASOgVPgHLgIroFboA/0g+dgAK6DIQRBSAgNYSD6iAliidgjzggL8UWCkQgkDklFMpBsRIwUInOQxUgFshrZiGxFmpCfkIPIMeQMcgm5gdxDniKvkY8ohqqjOqgRaoVORFkoGw1HE9CpaDY6Ay1BS9HlaBVah+5CW9Bj6Dn0GtqHPkcHMYCpYXqYKeaAsbBALBpLw7IwKTYPK8cqsTqsGWvHurArWB/2AvuAE3EGzsQd4HoLwxNxHj4Dn4cvwzfi2/EW/AR+Bb+HD+BfCDSCIcGe4EXgEFII2YSZhDJCJaGRcIBwknCN0E94SyQS9eAa9iCGEVOJOcTZxGXETcQ9xA7iJeID4iCJRNIn2ZN8SNEkLklOKiNtIO0iHSVdJvWT3pPVyCZkZ3IIOY0sJi8iV5J3kI+QL5Mfk4comhRLihclmsKnFFNWUBoo7ZQLlH7KEFWLak31oSZQc6gLqVXUZupJ6m3qGzU1NTM1T7VYNZHaArUqtb1qp9XuqX1Q11a3Uw9UT1cvVF+uvk29Q/2G+hsajWZF86el0eS05bQm2nHaXdp7OoM+gc6h8+nz6dX0Fvpl+ksNioalBltjmkaJRqXGfo0LGi80KZpWmoGaXM15mtWaBzV7NAe1GFpOWtFa+VrLtHZondF6ok3SttIO1uZrl2rXax/XfsDAGOaMQAaPsZjRwDjJ6Nch6ljrcHRydCp0duuc1xnQ1dZ11U3SnaVbrXtYt08P07PS4+jl6a3Q26d3Xe/jGKMx7DGCMUvHNI+5PObd2HFj/ccKxpaP3TP22tiP+kz9YP1c/VX6rfp3DHADO4NYg5kGmw1OGrwYpzPOexxvXPm4feNuGqKGdoZxhrMN6w27DQeNjI1CjSRGG4yOG70w1jP2N84xXmt8xPipCcPE10RkstbkqMkzpi6TzcxjVjFPMAdMDU3DTAtNt5qeNx0yszZLNFtktsfsjjnVnGWeZb7WvNN8wMLEItJijsVOi5uWFEuWpdByvWWX5Tsra6tkqyVWrVZPrMdac6xLrHda37ah2fjZzLCps7lqS7Rl2ebabrK9aIfaudkJ7artLtij9u72IvtN9pfGE8Z7jhePrxvf46DuwHYoctjpcG+C3oSICYsmtE54OdFiYtrEVRO7Jn5xdHPMc2xwvOWk7TTZaZFTu9NrZztnnnO181UXmkuIy3yXNpdXrvauAtfNrr1uDLdItyVunW6f3T3cpe7N7k89LDwyPGo8elg6rBjWMtZpT4JngOd8z0OeH7zcveRe+7x+93bwzvXe4f1kkvUkwaSGSQ98zHy4Plt9+nyZvhm+W3z7/Ez9uH51fvf9zf35/o3+j9m27Bz2LvbLAMcAacCBgHeBXoFzAzuCsKDQoPKg88HawYnBG4PvhpiFZIfsDBkIdQudHdoRRggLD1sV1sMx4vA4TZyByR6T504+Ea4eHh++Mfx+hF2ENKI9Eo2cHLkm8naUZZQ4qjUaRHOi10TfibGOmRHzSywxNia2OvZRnFPcnLiueEb89Pgd8W8TAhJWJNxKtEksTOxM0khKT2pKepcclLw6uS9lYsrclHOpBqmi1LY0UlpSWmPa4JTgKeum9Ke7pZelX59qPXXW1DPTDKblTTs8XWM6d/r+DEJGcsaOjE/caG4ddzCTk1mTOcAL5K3nPef789fynwp8BKsFj7N8slZnPcn2yV6T/VToJ6wUvhAFijaKXuWE5dTmvMuNzt2WO5yXnLcnn5yfkX9QrC3OFZ8oMC6YVXBJYi8pk/TN8JqxbsaANFzaKENkU2Vtch14UO0utCn8rvBekW9RddH7mUkz98/SmiWe1V1sV7y0+HFJSMmPs/HZvNmdc0znLJxzby577tZ5yLzMeZ3zzeeXzu9fELpg+0LqwtyFvy5yXLR60R+Lkxe3lxqVLih98F3odzvL6GXSsp4l3ktqv8e/F31/fqnL0g1Lv5Tzy89WOFZUVnxaxlt29genH6p+GF6etfz8CvcVm1cSV4pXXl/lt2r7aq3VJasfrIlc07KWubZ87R/rpq87U+laWbueur5wfV9VRFXbBosNKzd82ijceK06oHpPjWHN0pp3m/ibLm/239xca1RbUftxi2hL79bQrS11VnWV9cT6ovpHDUkNXT+yfmxqNGisaPy8Tbytb3vc9hNNHk1NOwx3rNiJ7izc+XRX+q6Lu4N2tzU7NG/do7enYi/YW7j32U8ZP13fF76vcz9rf/PPlj/XHGAcKG9BWopbBlqFrX1tqW2XDk4+2Nnu3X7glwm/bDtkeqj6sO7hFUeoR0qPDB8tOTrYIel4cSz72IPO6Z23jqccv3oi9sT5k+EnT58KOXW8i9119LTP6UNnvM4cPMs623rO/VxLt1v3gV/dfj1w3v18ywWPC20XPS+2X5p06chlv8vHrgRdOXWVc/Xctahrl64nXu/tSe/p6+X3PrmRd+PVzaKbQ7cW3CbcLr+jeafyruHdut9sf9vT5953+F7Qve778fdvPeA9eP5Q9vBTf+kj2qPKxyaPm544Pzn0NOTpxWdTnvU/lzwfelH2L61/1by0efnz7/6/dw+kDPS/kr4afr3sjf6bbX+4/tE5GDN4
<p>equals进行判断不一致直接抛出。</p>
<p>18.14</p>
<p><a id=img5 href=https://xzfile.aliyuncs.com/media/upload/picture/20240530152718-0beebc5c-1e56-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABRAAAAHdCAYAAABlpVX9AAAMKWlDQ1BJQ0MgUHJvZmlsZQAAeJyVVwdUk8kWnr+kQkIJoCAl9CZKJ4CU0CO9F1EJSSChhJgEFOzK4gquXURBUWBRLOjqCshaEAsW1q5gXSzYn4u62FB5kwR0y3nvnTc5k/vl5ptv7r3/zH9mAKB3cyWSPFQTgHyxXBoXGsBMSU1jkp4ABH4AsAFkLk8mYcfERMBfYNT+tb29ruSCKw4KrX/+/1+bNl8g4wGApEOcyZfx8iHuAACT8CRSOQAER+g3nymXKHACxDpSGCDEQgXOVuE5CpypwiuVnIS4QIgbACCrc7nSbABoe6GfWcTLhjq0ixA7ivkiMQB0RQy+PCGXD7E/xOPz8wsUWJGHDeRLIF4LMSvzT5rZf9HP/KrP5WZ/xaq8lI0cJJJJ8rjF/2dp/nfLzyscncMKdnWhNCxOYWENe3MLwhWYCvFDcWZU9Ij/pYiv5Cv8H4WFYYlAWQQU58kC00awNp8bFK7ioExxXpTimetBbJclCuGodFB/kZyTMMoXyILjIYarCI2QFsSNzIWmZ0kD2YpnDLGQK1XOqwNxSWFuIntk7HKhgKPQxyGuKREmJENMhHhLkSgpakSzUZYbHz7CbykRBkaNcE5IC+NG4z8rEIcGjODeLGmIIne4dtBH+TLlvNCP6QlFnBFNzEIuTAhT5Yi58rjf4heI2aOavQJZSsSony8ICv6arzgxfpQjkQfEjfolecr9oeLkhY7UH/OVFcUHq+qAhcnh4hzxp0nkMV9rmMOdHKOqG8YHaYALZCAPFADxAZ3OhmvqbeQuOYgHuSAHCIAU5IMIyCiGXQrCgUjpzQMlSCyIVIyBHjm0UuWIR0p+AGQoOHyoywPCEZUo8BCqyOHnLYiBamKIuJCVB7/ZIAuIUH2IcpQY/lKO5IJsICC6Eq1htwVMaIOInkQnojuug7NwNu6He+NuuCfhEeFyVUGxV5IQhAGR8XGozYTqQuNzIAgqyYAEziIAOVm+Cg5uiPviPnB8ALT+f2IosvyWkwAUwriZMAuBUq0YchRIBP/nKVliyFBkIlHWBmZEMaX4UViUSIod7M6UUDqZ7kBn0p3pxlgt1oZ1Y4exVlgd0UhtcmFFFJUJhkg53rHLsd7xoGOP4wvHBrlgllyxmAILJMVSUbZQzmTDN56AyRHzJoxnOjs6uwKgeH+qtuSbXuV7EdEjf/NJ4D7yDILPuP6bL9MAgFa4j/Up33wW2wDQSAGgZQGvUFqk8uGKLwJcORpwF+kDY2AO388OwBm4A2/gDyOeDKJBAkgF05TPKR/GPxPMAQtBGagAK8E6sBHUgnqwHewG+0ArOASOgVPgHLgIroFboA/0g+dgAK6DIQRBSAgNYSD6iAliidgjzggL8UWCkQgkDklFMpBsRIwUInOQxUgFshrZiGxFmpCfkIPIMeQMcgm5gdxDniKvkY8ohqqjOqgRaoVORFkoGw1HE9CpaDY6Ay1BS9HlaBVah+5CW9Bj6Dn0GtqHPkcHMYCpYXqYKeaAsbBALBpLw7IwKTYPK8cqsTqsGWvHurArWB/2AvuAE3EGzsQd4HoLwxNxHj4Dn4cvwzfi2/EW/AR+Bb+HD+BfCDSCIcGe4EXgEFII2YSZhDJCJaGRcIBwknCN0E94SyQS9eAa9iCGEVOJOcTZxGXETcQ9xA7iJeID4iCJRNIn2ZN8SNEkLklOKiNtIO0iHSVdJvWT3pPVyCZkZ3IIOY0sJi8iV5J3kI+QL5Mfk4comhRLihclmsKnFFNWUBoo7ZQLlH7KEFWLak31oSZQc6gLqVXUZupJ6m3qGzU1NTM1T7VYNZHaArUqtb1qp9XuqX1Q11a3Uw9UT1cvVF+uvk29Q/2G+hsajWZF86el0eS05bQm2nHaXdp7OoM+gc6h8+nz6dX0Fvpl+ksNioalBltjmkaJRqXGfo0LGi80KZpWmoGaXM15mtWaBzV7NAe1GFpOWtFa+VrLtHZondF6ok3SttIO1uZrl2rXax/XfsDAGOaMQAaPsZjRwDjJ6Nch6ljrcHRydCp0duuc1xnQ1dZ11U3SnaVbrXtYt08P07PS4+jl6a3Q26d3Xe/jGKMx7DGCMUvHNI+5PObd2HFj/ccKxpaP3TP22tiP+kz9YP1c/VX6rfp3DHADO4NYg5kGmw1OGrwYpzPOexxvXPm4feNuGqKGdoZxhrMN6w27DQeNjI1CjSRGG4yOG70w1jP2N84xXmt8xPipCcPE10RkstbkqMkzpi6TzcxjVjFPMAdMDU3DTAtNt5qeNx0yszZLNFtktsfsjjnVnGWeZb7WvNN8wMLEItJijsVOi5uWFEuWpdByvWWX5Tsra6tkqyVWrVZPrMdac6xLrHda37ah2fjZzLCps7lqS7Rl2ebabrK9aIfaudkJ7artLtij9u72IvtN9pfGE8Z7jhePrxvf46DuwHYoctjpcG+C3oSICYsmtE54OdFiYtrEVRO7Jn5xdHPMc2xwvOWk7TTZaZFTu9NrZztnnnO181UXmkuIy3yXNpdXrvauAtfNrr1uDLdItyVunW6f3T3cpe7N7k89LDwyPGo8elg6rBjWMtZpT4JngOd8z0OeH7zcveRe+7x+93bwzvXe4f1kkvUkwaSGSQ98zHy4Plt9+nyZvhm+W3z7/Ez9uH51fvf9zf35/o3+j9m27Bz2LvbLAMcAacCBgHeBXoFzAzuCsKDQoPKg88HawYnBG4PvhpiFZIfsDBkIdQudHdoRRggLD1sV1sMx4vA4TZyByR6T504+Ea4eHh++Mfx+hF2ENKI9Eo2cHLkm8naUZZQ4qjUaRHOi10TfibGOmRHzSywxNia2OvZRnFPcnLiueEb89Pgd8W8TAhJWJNxKtEksTOxM0khKT2pKepcclLw6uS9lYsrclHOpBqmi1LY0UlpSWmPa4JTgKeum9Ke7pZelX59qPXXW1DPTDKblTTs8XWM6d/r+DEJGcsaOjE/caG4ddzCTk1mTOcAL5K3nPef789fynwp8BKsFj7N8slZnPcn2yV6T/VToJ6wUvhAFijaKXuWE5dTmvMuNzt2WO5yXnLcnn5yfkX9QrC3OFZ8oMC6YVXBJYi8pk/TN8JqxbsaANFzaKENkU2Vtch14UO0utCn8rvBekW9RddH7mUkz98/SmiWe1V1sV7y0+HFJSMmPs/HZvNmdc0znLJxzby577tZ5yLzMeZ3zzeeXzu9fELpg+0LqwtyFvy5yXLR60R+Lkxe3lxqVLih98F3odzvL6GXSsp4l3ktqv8e/F31/fqnL0g1Lv5Tzy89WOFZUVnxaxlt29genH6p+GF6etfz8CvcVm1cSV4pXXl/lt2r7aq3VJasfrIlc07KWubZ87R/rpq87U+laWbueur5wfV9VRFXbBosNKzd82ijceK06oHpPjWHN0pp3m/ibLm/239xca1RbUftxi2hL79bQrS11VnWV9cT6ovpHDUkNXT+yfmxqNGisaPy8Tbytb3vc9hNNHk1NOwx3rNiJ7izc+XRX+q6Lu4N2tzU7NG/do7enYi/YW7j32U8ZP13fF76vcz9rf/PPlj/XHGAcKG9BWopbBlqFrX1tqW2XDk4+2Nnu3X7glwm/bDtkeqj6sO7hFUeoR0qPDB8tOTrYIel4cSz72IPO6Z23jqccv3oi9sT5k+EnT58KOXW8i9119LTP6UNnvM4cPMs623rO/VxLt1v3gV/dfj1w3v18ywWPC20XPS+2X5p06chlv8vHrgRdOXWVc/Xctahrl64nXu/tSe/p6+X3PrmRd+PVzaKbQ7cW3CbcLr+jeafyruHdut9sf9vT5953+F7Qve778fdvPeA9eP5Q9vBTf+kj2qPKxyaPm544Pzn0NOTpxWdTnvU/lzwfelH2L61/1by0efnz7/6/dw+kDPS/kr4afr3sjf6bbX+4/tE5GDN4
<p>url包含 <strong>".."</strong> 或者<strong>";"</strong> 替换为空,然后比较。</p>
<p>整个漏洞点很简单绕过filter。</p>
<h3 id=toc-4>0x04 复现</h3>
<p> 这里直接使用18.10的环境,懒得下了。</p>
<p><a id=img6 href=https://xzfile.aliyuncs.com/media/upload/picture/20240530152728-11a2b3e2-1e56-1.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABDQAAALqCAYAAADKCgQfAAAMKWlDQ1BJQ0MgUHJvZmlsZQAAeJyVVwdUk8kWnr+kQkIJoCAl9CZKJ4CU0CO9F1EJSSChhJgEFOzK4gquXURBUWBRLOjqCshaEAsW1q5gXSzYn4u62FB5kwR0y3nvnTc5k/vl5ptv7r3/zH9mAKB3cyWSPFQTgHyxXBoXGsBMSU1jkp4ABH4AsAFkLk8mYcfERMBfYNT+tb29ruSCKw4KrX/+/1+bNl8g4wGApEOcyZfx8iHuAACT8CRSOQAER+g3nymXKHACxDpSGCDEQgXOVuE5CpypwiuVnIS4QIgbACCrc7nSbABoe6GfWcTLhjq0ixA7ivkiMQB0RQy+PCGXD7E/xOPz8wsUWJGHDeRLIF4LMSvzT5rZf9HP/KrP5WZ/xaq8lI0cJJJJ8rjF/2dp/nfLzyscncMKdnWhNCxOYWENe3MLwhWYCvFDcWZU9Ij/pYiv5Cv8H4WFYYlAWQQU58kC00awNp8bFK7ioExxXpTimetBbJclCuGodFB/kZyTMMoXyILjIYarCI2QFsSNzIWmZ0kD2YpnDLGQK1XOqwNxSWFuIntk7HKhgKPQxyGuKREmJENMhHhLkSgpakSzUZYbHz7CbykRBkaNcE5IC+NG4z8rEIcGjODeLGmIIne4dtBH+TLlvNCP6QlFnBFNzEIuTAhT5Yi58rjf4heI2aOavQJZSsSony8ICv6arzgxfpQjkQfEjfolecr9oeLkhY7UH/OVFcUHq+qAhcnh4hzxp0nkMV9rmMOdHKOqG8YHaYALZCAPFADxAZ3OhmvqbeQuOYgHuSAHCIAU5IMIyCiGXQrCgUjpzQMlSCyIVIyBHjm0UuWIR0p+AGQoOHyoywPCEZUo8BCqyOHnLYiBamKIuJCVB7/ZIAuIUH2IcpQY/lKO5IJsICC6Eq1htwVMaIOInkQnojuug7NwNu6He+NuuCfhEeFyVUGxV5IQhAGR8XGozYTqQuNzIAgqyYAEziIAOVm+Cg5uiPviPnB8ALT+f2IosvyWkwAUwriZMAuBUq0YchRIBP/nKVliyFBkIlHWBmZEMaX4UViUSIod7M6UUDqZ7kBn0p3pxlgt1oZ1Y4exVlgd0UhtcmFFFJUJhkg53rHLsd7xoGOP4wvHBrlgllyxmAILJMVSUbZQzmTDN56AyRHzJoxnOjs6uwKgeH+qtuSbXuV7EdEjf/NJ4D7yDILPuP6bL9MAgFa4j/Up33wW2wDQSAGgZQGvUFqk8uGKLwJcORpwF+kDY2AO388OwBm4A2/gDyOeDKJBAkgF05TPKR/GPxPMAQtBGagAK8E6sBHUgnqwHewG+0ArOASOgVPgHLgIroFboA/0g+dgAK6DIQRBSAgNYSD6iAliidgjzggL8UWCkQgkDklFMpBsRIwUInOQxUgFshrZiGxFmpCfkIPIMeQMcgm5gdxDniKvkY8ohqqjOqgRaoVORFkoGw1HE9CpaDY6Ay1BS9HlaBVah+5CW9Bj6Dn0GtqHPkcHMYCpYXqYKeaAsbBALBpLw7IwKTYPK8cqsTqsGWvHurArWB/2AvuAE3EGzsQd4HoLwxNxHj4Dn4cvwzfi2/EW/AR+Bb+HD+BfCDSCIcGe4EXgEFII2YSZhDJCJaGRcIBwknCN0E94SyQS9eAa9iCGEVOJOcTZxGXETcQ9xA7iJeID4iCJRNIn2ZN8SNEkLklOKiNtIO0iHSVdJvWT3pPVyCZkZ3IIOY0sJi8iV5J3kI+QL5Mfk4comhRLihclmsKnFFNWUBoo7ZQLlH7KEFWLak31oSZQc6gLqVXUZupJ6m3qGzU1NTM1T7VYNZHaArUqtb1qp9XuqX1Q11a3Uw9UT1cvVF+uvk29Q/2G+hsajWZF86el0eS05bQm2nHaXdp7OoM+gc6h8+nz6dX0Fvpl+ksNioalBltjmkaJRqXGfo0LGi80KZpWmoGaXM15mtWaBzV7NAe1GFpOWtFa+VrLtHZondF6ok3SttIO1uZrl2rXax/XfsDAGOaMQAaPsZjRwDjJ6Nch6ljrcHRydCp0duuc1xnQ1dZ11U3SnaVbrXtYt08P07PS4+jl6a3Q26d3Xe/jGKMx7DGCMUvHNI+5PObd2HFj/ccKxpaP3TP22tiP+kz9YP1c/VX6rfp3DHADO4NYg5kGmw1OGrwYpzPOexxvXPm4feNuGqKGdoZxhrMN6w27DQeNjI1CjSRGG4yOG70w1jP2N84xXmt8xPipCcPE10RkstbkqMkzpi6TzcxjVjFPMAdMDU3DTAtNt5qeNx0yszZLNFtktsfsjjnVnGWeZb7WvNN8wMLEItJijsVOi5uWFEuWpdByvWWX5Tsra6tkqyVWrVZPrMdac6xLrHda37ah2fjZzLCps7lqS7Rl2ebabrK9aIfaudkJ7artLtij9u72IvtN9pfGE8Z7jhePrxvf46DuwHYoctjpcG+C3oSICYsmtE54OdFiYtrEVRO7Jn5xdHPMc2xwvOWk7TTZaZFTu9NrZztnnnO181UXmkuIy3yXNpdXrvauAtfNrr1uDLdItyVunW6f3T3cpe7N7k89LDwyPGo8elg6rBjWMtZpT4JngOd8z0OeH7zcveRe+7x+93bwzvXe4f1kkvUkwaSGSQ98zHy4Plt9+nyZvhm+W3z7/Ez9uH51fvf9zf35/o3+j9m27Bz2LvbLAMcAacCBgHeBXoFzAzuCsKDQoPKg88HawYnBG4PvhpiFZIfsDBkIdQudHdoRRggLD1sV1sMx4vA4TZyByR6T504+Ea4eHh++Mfx+hF2ENKI9Eo2cHLkm8naUZZQ4qjUaRHOi10TfibGOmRHzSywxNia2OvZRnFPcnLiueEb89Pgd8W8TAhJWJNxKtEksTOxM0khKT2pKepcclLw6uS9lYsrclHOpBqmi1LY0UlpSWmPa4JTgKeum9Ke7pZelX59qPXXW1DPTDKblTTs8XWM6d/r+DEJGcsaOjE/caG4ddzCTk1mTOcAL5K3nPef789fynwp8BKsFj7N8slZnPcn2yV6T/VToJ6wUvhAFijaKXuWE5dTmvMuNzt2WO5yXnLcnn5yfkX9QrC3OFZ8oMC6YVXBJYi8pk/TN8JqxbsaANFzaKENkU2Vtch14UO0utCn8rvBekW9RddH7mUkz98/SmiWe1V1sV7y0+HFJSMmPs/HZvNmdc0znLJxzby577tZ5yLzMeZ3zzeeXzu9fELpg+0LqwtyFvy5yXLR60R+Lkxe3lxqVLih98F3odzvL6GXSsp4l3ktqv8e/F31/fqnL0g1Lv5Tzy89WOFZUVnxaxlt29genH6p+GF6etfz8CvcVm1cSV4pXXl/lt2r7aq3VJasfrIlc07KWubZ87R/rpq87U+laWbueur5wfV9VRFXbBosNKzd82ijceK06oHpPjWHN0pp3m/ibLm/239xca1RbUftxi2hL79bQrS11VnWV9cT6ovpHDUkNXT+yfmxqNGisaPy8Tbytb3vc9hNNHk1NOwx3rNiJ7izc+XRX+q6Lu4N2tzU7NG/do7enYi/YW7j32U8ZP13fF76vcz9rf/PPlj/XHGAcKG9BWopbBlqFrX1tqW2XDk4+2Nnu3X7glwm/bDtkeqj6sO7hFUeoR0qPDB8tOTrYIel4cSz72IPO6Z23jqccv3oi9sT5k+EnT58KOXW8i9119LTP6UNnvM4cPMs623rO/VxLt1v3gV/dfj1w3v18ywWPC20XPS+2X5p06chlv8vHrgRdOXWVc/Xctahrl64nXu/tSe/p6+X3PrmRd+PVzaKbQ7cW3CbcLr+jeafyruHdut9sf9vT5953+F7Qve778fdvPeA9eP5Q9vBTf+kj2qPKxyaPm544Pzn0NOTpxWdTnvU/lzwfelH2L61/1by0efnz7/6/dw+kDPS/kr4afr3sjf6bbX+4/tE5GDN49
<p><a id=img7 href=https://xzfile.aliyuncs.com/media/upload/picture/20240530152735-15b0f6ba-1e56-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABGQAAALRCAYAAAAdo3U5AAAMKWlDQ1BJQ0MgUHJvZmlsZQAAeJyVVwdUk8kWnr+kQkIJoCAl9CZKJ4CU0CO9F1EJSSChhJgEFOzK4gquXURBUWBRLOjqCshaEAsW1q5gXSzYn4u62FB5kwR0y3nvnTc5k/vl5ptv7r3/zH9mAKB3cyWSPFQTgHyxXBoXGsBMSU1jkp4ABH4AsAFkLk8mYcfERMBfYNT+tb29ruSCKw4KrX/+/1+bNl8g4wGApEOcyZfx8iHuAACT8CRSOQAER+g3nymXKHACxDpSGCDEQgXOVuE5CpypwiuVnIS4QIgbACCrc7nSbABoe6GfWcTLhjq0ixA7ivkiMQB0RQy+PCGXD7E/xOPz8wsUWJGHDeRLIF4LMSvzT5rZf9HP/KrP5WZ/xaq8lI0cJJJJ8rjF/2dp/nfLzyscncMKdnWhNCxOYWENe3MLwhWYCvFDcWZU9Ij/pYiv5Cv8H4WFYYlAWQQU58kC00awNp8bFK7ioExxXpTimetBbJclCuGodFB/kZyTMMoXyILjIYarCI2QFsSNzIWmZ0kD2YpnDLGQK1XOqwNxSWFuIntk7HKhgKPQxyGuKREmJENMhHhLkSgpakSzUZYbHz7CbykRBkaNcE5IC+NG4z8rEIcGjODeLGmIIne4dtBH+TLlvNCP6QlFnBFNzEIuTAhT5Yi58rjf4heI2aOavQJZSsSony8ICv6arzgxfpQjkQfEjfolecr9oeLkhY7UH/OVFcUHq+qAhcnh4hzxp0nkMV9rmMOdHKOqG8YHaYALZCAPFADxAZ3OhmvqbeQuOYgHuSAHCIAU5IMIyCiGXQrCgUjpzQMlSCyIVIyBHjm0UuWIR0p+AGQoOHyoywPCEZUo8BCqyOHnLYiBamKIuJCVB7/ZIAuIUH2IcpQY/lKO5IJsICC6Eq1htwVMaIOInkQnojuug7NwNu6He+NuuCfhEeFyVUGxV5IQhAGR8XGozYTqQuNzIAgqyYAEziIAOVm+Cg5uiPviPnB8ALT+f2IosvyWkwAUwriZMAuBUq0YchRIBP/nKVliyFBkIlHWBmZEMaX4UViUSIod7M6UUDqZ7kBn0p3pxlgt1oZ1Y4exVlgd0UhtcmFFFJUJhkg53rHLsd7xoGOP4wvHBrlgllyxmAILJMVSUbZQzmTDN56AyRHzJoxnOjs6uwKgeH+qtuSbXuV7EdEjf/NJ4D7yDILPuP6bL9MAgFa4j/Up33wW2wDQSAGgZQGvUFqk8uGKLwJcORpwF+kDY2AO388OwBm4A2/gDyOeDKJBAkgF05TPKR/GPxPMAQtBGagAK8E6sBHUgnqwHewG+0ArOASOgVPgHLgIroFboA/0g+dgAK6DIQRBSAgNYSD6iAliidgjzggL8UWCkQgkDklFMpBsRIwUInOQxUgFshrZiGxFmpCfkIPIMeQMcgm5gdxDniKvkY8ohqqjOqgRaoVORFkoGw1HE9CpaDY6Ay1BS9HlaBVah+5CW9Bj6Dn0GtqHPkcHMYCpYXqYKeaAsbBALBpLw7IwKTYPK8cqsTqsGWvHurArWB/2AvuAE3EGzsQd4HoLwxNxHj4Dn4cvwzfi2/EW/AR+Bb+HD+BfCDSCIcGe4EXgEFII2YSZhDJCJaGRcIBwknCN0E94SyQS9eAa9iCGEVOJOcTZxGXETcQ9xA7iJeID4iCJRNIn2ZN8SNEkLklOKiNtIO0iHSVdJvWT3pPVyCZkZ3IIOY0sJi8iV5J3kI+QL5Mfk4comhRLihclmsKnFFNWUBoo7ZQLlH7KEFWLak31oSZQc6gLqVXUZupJ6m3qGzU1NTM1T7VYNZHaArUqtb1qp9XuqX1Q11a3Uw9UT1cvVF+uvk29Q/2G+hsajWZF86el0eS05bQm2nHaXdp7OoM+gc6h8+nz6dX0Fvpl+ksNioalBltjmkaJRqXGfo0LGi80KZpWmoGaXM15mtWaBzV7NAe1GFpOWtFa+VrLtHZondF6ok3SttIO1uZrl2rXax/XfsDAGOaMQAaPsZjRwDjJ6Nch6ljrcHRydCp0duuc1xnQ1dZ11U3SnaVbrXtYt08P07PS4+jl6a3Q26d3Xe/jGKMx7DGCMUvHNI+5PObd2HFj/ccKxpaP3TP22tiP+kz9YP1c/VX6rfp3DHADO4NYg5kGmw1OGrwYpzPOexxvXPm4feNuGqKGdoZxhrMN6w27DQeNjI1CjSRGG4yOG70w1jP2N84xXmt8xPipCcPE10RkstbkqMkzpi6TzcxjVjFPMAdMDU3DTAtNt5qeNx0yszZLNFtktsfsjjnVnGWeZb7WvNN8wMLEItJijsVOi5uWFEuWpdByvWWX5Tsra6tkqyVWrVZPrMdac6xLrHda37ah2fjZzLCps7lqS7Rl2ebabrK9aIfaudkJ7artLtij9u72IvtN9pfGE8Z7jhePrxvf46DuwHYoctjpcG+C3oSICYsmtE54OdFiYtrEVRO7Jn5xdHPMc2xwvOWk7TTZaZFTu9NrZztnnnO181UXmkuIy3yXNpdXrvauAtfNrr1uDLdItyVunW6f3T3cpe7N7k89LDwyPGo8elg6rBjWMtZpT4JngOd8z0OeH7zcveRe+7x+93bwzvXe4f1kkvUkwaSGSQ98zHy4Plt9+nyZvhm+W3z7/Ez9uH51fvf9zf35/o3+j9m27Bz2LvbLAMcAacCBgHeBXoFzAzuCsKDQoPKg88HawYnBG4PvhpiFZIfsDBkIdQudHdoRRggLD1sV1sMx4vA4TZyByR6T504+Ea4eHh++Mfx+hF2ENKI9Eo2cHLkm8naUZZQ4qjUaRHOi10TfibGOmRHzSywxNia2OvZRnFPcnLiueEb89Pgd8W8TAhJWJNxKtEksTOxM0khKT2pKepcclLw6uS9lYsrclHOpBqmi1LY0UlpSWmPa4JTgKeum9Ke7pZelX59qPXXW1DPTDKblTTs8XWM6d/r+DEJGcsaOjE/caG4ddzCTk1mTOcAL5K3nPef789fynwp8BKsFj7N8slZnPcn2yV6T/VToJ6wUvhAFijaKXuWE5dTmvMuNzt2WO5yXnLcnn5yfkX9QrC3OFZ8oMC6YVXBJYi8pk/TN8JqxbsaANFzaKENkU2Vtch14UO0utCn8rvBekW9RddH7mUkz98/SmiWe1V1sV7y0+HFJSMmPs/HZvNmdc0znLJxzby577tZ5yLzMeZ3zzeeXzu9fELpg+0LqwtyFvy5yXLR60R+Lkxe3lxqVLih98F3odzvL6GXSsp4l3ktqv8e/F31/fqnL0g1Lv5Tzy89WOFZUVnxaxlt29genH6p+GF6etfz8CvcVm1cSV4pXXl/lt2r7aq3VJasfrIlc07KWubZ87R/rpq87U+laWbueur5wfV9VRFXbBosNKzd82ijceK06oHpPjWHN0pp3m/ibLm/239xca1RbUftxi2hL79bQrS11VnWV9cT6ovpHDUkNXT+yfmxqNGisaPy8Tbytb3vc9hNNHk1NOwx3rNiJ7izc+XRX+q6Lu4N2tzU7NG/do7enYi/YW7j32U8ZP13fF76vcz9rf/PPlj/XHGAcKG9BWopbBlqFrX1tqW2XDk4+2Nnu3X7glwm/bDtkeqj6sO7hFUeoR0qPDB8tOTrYIel4cSz72IPO6Z23jqccv3oi9sT5k+EnT58KOXW8i9119LTP6UNnvM4cPMs623rO/VxLt1v3gV/dfj1w3v18ywWPC20XPS+2X5p06chlv8vHrgRdOXWVc/Xctahrl64nXu/tSe/p6+X3PrmRd+PVzaKbQ7cW3CbcLr+jeafyruHdut9sf9vT5953+F7Qve778fdvPeA9eP5Q9vBTf+kj2qPKxyaPm544Pzn0NOTpxWdTnvU/lzwfelH2L61/1by0efnz7/6/dw+kDPS/kr4afr3sjf6bbX+4/tE5GDN4
<p>直接替换为18.13的framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ControlFilter.java</p>
<p><a id=img8 href=https://xzfile.aliyuncs.com/media/upload/picture/20240530152748-1dd7b3ec-1e56-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABOIAAALWCAYAAADrvTzHAAAMKWlDQ1BJQ0MgUHJvZmlsZQAAeJyVVwdUk8kWnr+kQkIJoCAl9CZKJ4CU0CO9F1EJSSChhJgEFOzK4gquXURBUWBRLOjqCshaEAsW1q5gXSzYn4u62FB5kwR0y3nvnTc5k/vl5ptv7r3/zH9mAKB3cyWSPFQTgHyxXBoXGsBMSU1jkp4ABH4AsAFkLk8mYcfERMBfYNT+tb29ruSCKw4KrX/+/1+bNl8g4wGApEOcyZfx8iHuAACT8CRSOQAER+g3nymXKHACxDpSGCDEQgXOVuE5CpypwiuVnIS4QIgbACCrc7nSbABoe6GfWcTLhjq0ixA7ivkiMQB0RQy+PCGXD7E/xOPz8wsUWJGHDeRLIF4LMSvzT5rZf9HP/KrP5WZ/xaq8lI0cJJJJ8rjF/2dp/nfLzyscncMKdnWhNCxOYWENe3MLwhWYCvFDcWZU9Ij/pYiv5Cv8H4WFYYlAWQQU58kC00awNp8bFK7ioExxXpTimetBbJclCuGodFB/kZyTMMoXyILjIYarCI2QFsSNzIWmZ0kD2YpnDLGQK1XOqwNxSWFuIntk7HKhgKPQxyGuKREmJENMhHhLkSgpakSzUZYbHz7CbykRBkaNcE5IC+NG4z8rEIcGjODeLGmIIne4dtBH+TLlvNCP6QlFnBFNzEIuTAhT5Yi58rjf4heI2aOavQJZSsSony8ICv6arzgxfpQjkQfEjfolecr9oeLkhY7UH/OVFcUHq+qAhcnh4hzxp0nkMV9rmMOdHKOqG8YHaYALZCAPFADxAZ3OhmvqbeQuOYgHuSAHCIAU5IMIyCiGXQrCgUjpzQMlSCyIVIyBHjm0UuWIR0p+AGQoOHyoywPCEZUo8BCqyOHnLYiBamKIuJCVB7/ZIAuIUH2IcpQY/lKO5IJsICC6Eq1htwVMaIOInkQnojuug7NwNu6He+NuuCfhEeFyVUGxV5IQhAGR8XGozYTqQuNzIAgqyYAEziIAOVm+Cg5uiPviPnB8ALT+f2IosvyWkwAUwriZMAuBUq0YchRIBP/nKVliyFBkIlHWBmZEMaX4UViUSIod7M6UUDqZ7kBn0p3pxlgt1oZ1Y4exVlgd0UhtcmFFFJUJhkg53rHLsd7xoGOP4wvHBrlgllyxmAILJMVSUbZQzmTDN56AyRHzJoxnOjs6uwKgeH+qtuSbXuV7EdEjf/NJ4D7yDILPuP6bL9MAgFa4j/Up33wW2wDQSAGgZQGvUFqk8uGKLwJcORpwF+kDY2AO388OwBm4A2/gDyOeDKJBAkgF05TPKR/GPxPMAQtBGagAK8E6sBHUgnqwHewG+0ArOASOgVPgHLgIroFboA/0g+dgAK6DIQRBSAgNYSD6iAliidgjzggL8UWCkQgkDklFMpBsRIwUInOQxUgFshrZiGxFmpCfkIPIMeQMcgm5gdxDniKvkY8ohqqjOqgRaoVORFkoGw1HE9CpaDY6Ay1BS9HlaBVah+5CW9Bj6Dn0GtqHPkcHMYCpYXqYKeaAsbBALBpLw7IwKTYPK8cqsTqsGWvHurArWB/2AvuAE3EGzsQd4HoLwxNxHj4Dn4cvwzfi2/EW/AR+Bb+HD+BfCDSCIcGe4EXgEFII2YSZhDJCJaGRcIBwknCN0E94SyQS9eAa9iCGEVOJOcTZxGXETcQ9xA7iJeID4iCJRNIn2ZN8SNEkLklOKiNtIO0iHSVdJvWT3pPVyCZkZ3IIOY0sJi8iV5J3kI+QL5Mfk4comhRLihclmsKnFFNWUBoo7ZQLlH7KEFWLak31oSZQc6gLqVXUZupJ6m3qGzU1NTM1T7VYNZHaArUqtb1qp9XuqX1Q11a3Uw9UT1cvVF+uvk29Q/2G+hsajWZF86el0eS05bQm2nHaXdp7OoM+gc6h8+nz6dX0Fvpl+ksNioalBltjmkaJRqXGfo0LGi80KZpWmoGaXM15mtWaBzV7NAe1GFpOWtFa+VrLtHZondF6ok3SttIO1uZrl2rXax/XfsDAGOaMQAaPsZjRwDjJ6Nch6ljrcHRydCp0duuc1xnQ1dZ11U3SnaVbrXtYt08P07PS4+jl6a3Q26d3Xe/jGKMx7DGCMUvHNI+5PObd2HFj/ccKxpaP3TP22tiP+kz9YP1c/VX6rfp3DHADO4NYg5kGmw1OGrwYpzPOexxvXPm4feNuGqKGdoZxhrMN6w27DQeNjI1CjSRGG4yOG70w1jP2N84xXmt8xPipCcPE10RkstbkqMkzpi6TzcxjVjFPMAdMDU3DTAtNt5qeNx0yszZLNFtktsfsjjnVnGWeZb7WvNN8wMLEItJijsVOi5uWFEuWpdByvWWX5Tsra6tkqyVWrVZPrMdac6xLrHda37ah2fjZzLCps7lqS7Rl2ebabrK9aIfaudkJ7artLtij9u72IvtN9pfGE8Z7jhePrxvf46DuwHYoctjpcG+C3oSICYsmtE54OdFiYtrEVRO7Jn5xdHPMc2xwvOWk7TTZaZFTu9NrZztnnnO181UXmkuIy3yXNpdXrvauAtfNrr1uDLdItyVunW6f3T3cpe7N7k89LDwyPGo8elg6rBjWMtZpT4JngOd8z0OeH7zcveRe+7x+93bwzvXe4f1kkvUkwaSGSQ98zHy4Plt9+nyZvhm+W3z7/Ez9uH51fvf9zf35/o3+j9m27Bz2LvbLAMcAacCBgHeBXoFzAzuCsKDQoPKg88HawYnBG4PvhpiFZIfsDBkIdQudHdoRRggLD1sV1sMx4vA4TZyByR6T504+Ea4eHh++Mfx+hF2ENKI9Eo2cHLkm8naUZZQ4qjUaRHOi10TfibGOmRHzSywxNia2OvZRnFPcnLiueEb89Pgd8W8TAhJWJNxKtEksTOxM0khKT2pKepcclLw6uS9lYsrclHOpBqmi1LY0UlpSWmPa4JTgKeum9Ke7pZelX59qPXXW1DPTDKblTTs8XWM6d/r+DEJGcsaOjE/caG4ddzCTk1mTOcAL5K3nPef789fynwp8BKsFj7N8slZnPcn2yV6T/VToJ6wUvhAFijaKXuWE5dTmvMuNzt2WO5yXnLcnn5yfkX9QrC3OFZ8oMC6YVXBJYi8pk/TN8JqxbsaANFzaKENkU2Vtch14UO0utCn8rvBekW9RddH7mUkz98/SmiWe1V1sV7y0+HFJSMmPs/HZvNmdc0znLJxzby577tZ5yLzMeZ3zzeeXzu9fELpg+0LqwtyFvy5yXLR60R+Lkxe3lxqVLih98F3odzvL6GXSsp4l3ktqv8e/F31/fqnL0g1Lv5Tzy89WOFZUVnxaxlt29genH6p+GF6etfz8CvcVm1cSV4pXXl/lt2r7aq3VJasfrIlc07KWubZ87R/rpq87U+laWbueur5wfV9VRFXbBosNKzd82ijceK06oHpPjWHN0pp3m/ibLm/239xca1RbUftxi2hL79bQrS11VnWV9cT6ovpHDUkNXT+yfmxqNGisaPy8Tbytb3vc9hNNHk1NOwx3rNiJ7izc+XRX+q6Lu4N2tzU7NG/do7enYi/YW7j32U8ZP13fF76vcz9rf/PPlj/XHGAcKG9BWopbBlqFrX1tqW2XDk4+2Nnu3X7glwm/bDtkeqj6sO7hFUeoR0qPDB8tOTrYIel4cSz72IPO6Z23jqccv3oi9sT5k+EnT58KOXW8i9119LTP6UNnvM4cPMs623rO/VxLt1v3gV/dfj1w3v18ywWPC20XPS+2X5p06chlv8vHrgRdOXWVc/Xctahrl64nXu/tSe/p6+X3PrmRd+PVzaKbQ7cW3CbcLr+jeafyruHdut9sf9vT5953+F7Qve778fdvPeA9eP5Q9vBTf+kj2qPKxyaPm544Pzn0NOTpxWdTnvU/lzwfelH2L61/1by0efnz7/6/dw+kDPS/kr4afr3sjf6bbX+4/tE5GDN4
<p>可以看到,使用<strong>";"</strong> 截断就可以绕过检测。</p>
<p><a id=img9 href=https://xzfile.aliyuncs.com/media/upload/picture/20240530152756-224ca018-1e56-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABOcAAAKjCAYAAABWe2vxAAAMKWlDQ1BJQ0MgUHJvZmlsZQAAeJyVVwdUk8kWnr+kQkIJoCAl9CZKJ4CU0CO9F1EJSSChhJgEFOzK4gquXURBUWBRLOjqCshaEAsW1q5gXSzYn4u62FB5kwR0y3nvnTc5k/vl5ptv7r3/zH9mAKB3cyWSPFQTgHyxXBoXGsBMSU1jkp4ABH4AsAFkLk8mYcfERMBfYNT+tb29ruSCKw4KrX/+/1+bNl8g4wGApEOcyZfx8iHuAACT8CRSOQAER+g3nymXKHACxDpSGCDEQgXOVuE5CpypwiuVnIS4QIgbACCrc7nSbABoe6GfWcTLhjq0ixA7ivkiMQB0RQy+PCGXD7E/xOPz8wsUWJGHDeRLIF4LMSvzT5rZf9HP/KrP5WZ/xaq8lI0cJJJJ8rjF/2dp/nfLzyscncMKdnWhNCxOYWENe3MLwhWYCvFDcWZU9Ij/pYiv5Cv8H4WFYYlAWQQU58kC00awNp8bFK7ioExxXpTimetBbJclCuGodFB/kZyTMMoXyILjIYarCI2QFsSNzIWmZ0kD2YpnDLGQK1XOqwNxSWFuIntk7HKhgKPQxyGuKREmJENMhHhLkSgpakSzUZYbHz7CbykRBkaNcE5IC+NG4z8rEIcGjODeLGmIIne4dtBH+TLlvNCP6QlFnBFNzEIuTAhT5Yi58rjf4heI2aOavQJZSsSony8ICv6arzgxfpQjkQfEjfolecr9oeLkhY7UH/OVFcUHq+qAhcnh4hzxp0nkMV9rmMOdHKOqG8YHaYALZCAPFADxAZ3OhmvqbeQuOYgHuSAHCIAU5IMIyCiGXQrCgUjpzQMlSCyIVIyBHjm0UuWIR0p+AGQoOHyoywPCEZUo8BCqyOHnLYiBamKIuJCVB7/ZIAuIUH2IcpQY/lKO5IJsICC6Eq1htwVMaIOInkQnojuug7NwNu6He+NuuCfhEeFyVUGxV5IQhAGR8XGozYTqQuNzIAgqyYAEziIAOVm+Cg5uiPviPnB8ALT+f2IosvyWkwAUwriZMAuBUq0YchRIBP/nKVliyFBkIlHWBmZEMaX4UViUSIod7M6UUDqZ7kBn0p3pxlgt1oZ1Y4exVlgd0UhtcmFFFJUJhkg53rHLsd7xoGOP4wvHBrlgllyxmAILJMVSUbZQzmTDN56AyRHzJoxnOjs6uwKgeH+qtuSbXuV7EdEjf/NJ4D7yDILPuP6bL9MAgFa4j/Up33wW2wDQSAGgZQGvUFqk8uGKLwJcORpwF+kDY2AO388OwBm4A2/gDyOeDKJBAkgF05TPKR/GPxPMAQtBGagAK8E6sBHUgnqwHewG+0ArOASOgVPgHLgIroFboA/0g+dgAK6DIQRBSAgNYSD6iAliidgjzggL8UWCkQgkDklFMpBsRIwUInOQxUgFshrZiGxFmpCfkIPIMeQMcgm5gdxDniKvkY8ohqqjOqgRaoVORFkoGw1HE9CpaDY6Ay1BS9HlaBVah+5CW9Bj6Dn0GtqHPkcHMYCpYXqYKeaAsbBALBpLw7IwKTYPK8cqsTqsGWvHurArWB/2AvuAE3EGzsQd4HoLwxNxHj4Dn4cvwzfi2/EW/AR+Bb+HD+BfCDSCIcGe4EXgEFII2YSZhDJCJaGRcIBwknCN0E94SyQS9eAa9iCGEVOJOcTZxGXETcQ9xA7iJeID4iCJRNIn2ZN8SNEkLklOKiNtIO0iHSVdJvWT3pPVyCZkZ3IIOY0sJi8iV5J3kI+QL5Mfk4comhRLihclmsKnFFNWUBoo7ZQLlH7KEFWLak31oSZQc6gLqVXUZupJ6m3qGzU1NTM1T7VYNZHaArUqtb1qp9XuqX1Q11a3Uw9UT1cvVF+uvk29Q/2G+hsajWZF86el0eS05bQm2nHaXdp7OoM+gc6h8+nz6dX0Fvpl+ksNioalBltjmkaJRqXGfo0LGi80KZpWmoGaXM15mtWaBzV7NAe1GFpOWtFa+VrLtHZondF6ok3SttIO1uZrl2rXax/XfsDAGOaMQAaPsZjRwDjJ6Nch6ljrcHRydCp0duuc1xnQ1dZ11U3SnaVbrXtYt08P07PS4+jl6a3Q26d3Xe/jGKMx7DGCMUvHNI+5PObd2HFj/ccKxpaP3TP22tiP+kz9YP1c/VX6rfp3DHADO4NYg5kGmw1OGrwYpzPOexxvXPm4feNuGqKGdoZxhrMN6w27DQeNjI1CjSRGG4yOG70w1jP2N84xXmt8xPipCcPE10RkstbkqMkzpi6TzcxjVjFPMAdMDU3DTAtNt5qeNx0yszZLNFtktsfsjjnVnGWeZb7WvNN8wMLEItJijsVOi5uWFEuWpdByvWWX5Tsra6tkqyVWrVZPrMdac6xLrHda37ah2fjZzLCps7lqS7Rl2ebabrK9aIfaudkJ7artLtij9u72IvtN9pfGE8Z7jhePrxvf46DuwHYoctjpcG+C3oSICYsmtE54OdFiYtrEVRO7Jn5xdHPMc2xwvOWk7TTZaZFTu9NrZztnnnO181UXmkuIy3yXNpdXrvauAtfNrr1uDLdItyVunW6f3T3cpe7N7k89LDwyPGo8elg6rBjWMtZpT4JngOd8z0OeH7zcveRe+7x+93bwzvXe4f1kkvUkwaSGSQ98zHy4Plt9+nyZvhm+W3z7/Ez9uH51fvf9zf35/o3+j9m27Bz2LvbLAMcAacCBgHeBXoFzAzuCsKDQoPKg88HawYnBG4PvhpiFZIfsDBkIdQudHdoRRggLD1sV1sMx4vA4TZyByR6T504+Ea4eHh++Mfx+hF2ENKI9Eo2cHLkm8naUZZQ4qjUaRHOi10TfibGOmRHzSywxNia2OvZRnFPcnLiueEb89Pgd8W8TAhJWJNxKtEksTOxM0khKT2pKepcclLw6uS9lYsrclHOpBqmi1LY0UlpSWmPa4JTgKeum9Ke7pZelX59qPXXW1DPTDKblTTs8XWM6d/r+DEJGcsaOjE/caG4ddzCTk1mTOcAL5K3nPef789fynwp8BKsFj7N8slZnPcn2yV6T/VToJ6wUvhAFijaKXuWE5dTmvMuNzt2WO5yXnLcnn5yfkX9QrC3OFZ8oMC6YVXBJYi8pk/TN8JqxbsaANFzaKENkU2Vtch14UO0utCn8rvBekW9RddH7mUkz98/SmiWe1V1sV7y0+HFJSMmPs/HZvNmdc0znLJxzby577tZ5yLzMeZ3zzeeXzu9fELpg+0LqwtyFvy5yXLR60R+Lkxe3lxqVLih98F3odzvL6GXSsp4l3ktqv8e/F31/fqnL0g1Lv5Tzy89WOFZUVnxaxlt29genH6p+GF6etfz8CvcVm1cSV4pXXl/lt2r7aq3VJasfrIlc07KWubZ87R/rpq87U+laWbueur5wfV9VRFXbBosNKzd82ijceK06oHpPjWHN0pp3m/ibLm/239xca1RbUftxi2hL79bQrS11VnWV9cT6ovpHDUkNXT+yfmxqNGisaPy8Tbytb3vc9hNNHk1NOwx3rNiJ7izc+XRX+q6Lu4N2tzU7NG/do7enYi/YW7j32U8ZP13fF76vcz9rf/PPlj/XHGAcKG9BWopbBlqFrX1tqW2XDk4+2Nnu3X7glwm/bDtkeqj6sO7hFUeoR0qPDB8tOTrYIel4cSz72IPO6Z23jqccv3oi9sT5k+EnT58KOXW8i9119LTP6UNnvM4cPMs623rO/VxLt1v3gV/dfj1w3v18ywWPC20XPS+2X5p06chlv8vHrgRdOXWVc/Xctahrl64nXu/tSe/p6+X3PrmRd+PVzaKbQ7cW3CbcLr+jeafyruHdut9sf9vT5953+F7Qve778fdvPeA9eP5Q9vBTf+kj2qPKxyaPm544Pzn0NOTpxWdTnvU/lzwfelH2L61/1by0efnz7/6/dw+kDPS/kr4afr3sjf6bbX+4/tE5GDN4
<p>最后也是成功执行。</p>
<h3 id=toc-5>0x05 修复建议</h3>
<p> 升级到官网最新版本。</p>
</div>
<div class=post-user-action style=margin-top:34px>
<span class="btn btn-default pull-right" id=mark data-action=topic data-pk=14733>
<span id=mark-text>点击收藏 </span><span class=i-seprator> | </span><span id=mark-count>0</span>
</span>
<span class="btn btn-default pull-right" id=follow_topic data-pk=14733>
<span>关注</span><span class=i-seprator> | </span><span id=follow-count>1</span>
</span>
<span class="btn btn-default pull-right">
<span>
<span id=ready_reward data-toggle=modal data-target=#myModal>打赏</span>
</span>
</span>
<div class=clearfix></div>
</div>
<div class=related-section>
<div class=related-box>
<span><a class=pull-left href=https://xz.aliyun.com/t/14732 title=jdk新入口挖掘><span class=related-label style="padding:3px 4px;margin-right:3px">上一篇:</span>jdk新入口挖掘</a></span>
<span><a class=pull-left href=https://xz.aliyun.com/t/14735 title="调用Windows API实现命令行工具Sharp4Cmd"><span class=related-label>下一篇:</span>调用Windows API实现命令...</a></span>
</div>
</div>
</div>
</div>
</div>
<div class="modal fade" id=myModal role=dialog aria-labelledby=myModalLabel aria-hidden=true>
<div class=modal-dialog>
<div class=modal-content>
<div class=modal-header>
<h4 class=modal-title id=myModalLabel style=text-align:center>
积分打赏
</h4>
</div>
<div class=modal-body id=button-value>
<div style=text-align:center>
<div role=group>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type1>
1分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type2>
2分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type3>
5分
</button>
</div>
<br>
<div style=margin-top:20px>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type4>
8分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type5>
10分
</button>
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type6>
20分
</button>
</div>
</div>
</div>
<div class=modal-footer id=confirm>
<button type=button class="btn btn-default" data-dismiss=modal>关闭</button>
<button type=button class="btn btn-primary" id=reward_topic data-pk=14733>确定</button>
</div>
</div>
</div>
</div>
<div class="row box">
<ol class=breadcrumb>
<li class=active>0 条回复</li>
</ol>
<div class="box-container post-container">
<ul>
<li style=min-height:50px;line-height:60px;margin-left:15px><strong>动动手指,沙发就是你的了!</strong></li>
</ul>
</div>
</div>
<div class="row box" id=reply-box>
<div class="box-container clearfix">
<div class=reminder>
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F14733&amp;from_type=xianzhi"><strong>登录</strong></a> 后跟帖
</div>
</div>
</div>
</div>
</div>
</div>
<footer class=bs-docs-footer>
<div class="container text-center">
<div class=links>
<a href=https://xz.aliyun.com/feed target=_blank>RSS</a>
<a href=https://xz.aliyun.com/about target=_blank><span>关于社区</span></a>
<a href=https://xz.aliyun.com/partner target=_blank><span>友情链接</span></a>
<a href=https://xz.aliyun.com/notice>社区小黑板</a>
<a href=https://xz.aliyun.com/connection>联系我们</a>
<a href=https://report.aliyun.com/ target=_blank>举报中心</a>
<a href=https://www.aliyun.com/complaint target=_blank>我要投诉</a>
</div>
</div>
</footer>
<div id=waf_nc_block style=display:none></div>
Reference in New Issue Copy Permalink