mirror of
https://github.com/Mr-xn/Penetration_Testing_POC.git
synced 2025-08-12 02:56:17 +00:00
512 lines
3.8 MiB
HTML
512 lines
3.8 MiB
HTML
|
<!DOCTYPE html> <html style><!--
|
|||
|
|
Page saved with SingleFile
|
|||
|
|
url: https://forum.butian.net/article/547
|
|||
|
|
--><meta charset=utf-8>
|
|||
|
|
<meta http-equiv=X-UA-Compatible content="IE=edge">
|
|||
|
|
<meta name=viewport content="width=device-width, initial-scale=1">
|
|||
|
|
<meta name=csrf-token content=3Pc1iiU7gFPnX4v6YCLymt20lxE5MuCVXQFHbYzN>
|
|||
|
|
<title>某通电子文档管理系统 SecretKeyService SQL注入漏洞</title>
|
|||
|
|
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
|
|||
|
|
<meta name=description content="奇安信攻防社区-某通电子文档管理系统 SecretKeyService SQL注入漏洞">
|
|||
|
|
<meta name=author content="QIANXIN Team">
|
|||
|
|
<meta name=copyright content="2021 QIANXIN.com">
|
|||
|
|
<style>@media (max-width:767px){}</style>
|
|||
|
|
<style>/*!
|
|||
|
|
* Bootstrap v3.4.1 (https://getbootstrap.com/)
|
|||
|
|
* Copyright 2011-2019 Twitter, Inc.
|
|||
|
|
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
|
|||
|
|
*//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}footer,nav{display:block}template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}img{border:0}button,input,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button{text-transform:none}button{-webkit-appearance:button}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" ("attr(href)")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre{border:1px solid #999;page-break-inside:avoid}img{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}}@font-face{font-family:"Glyphicons Halflings";src:/* original URL: https://forum.butian.net/static/css/bootstrap/fonts/glyphicons-halflings-regular.woff2 */url(data:font/woff2;base64,d09GMgABAAAAAEZsAA8AAAAAsVwAAEYJAAECTQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACMcggEEQgKgqkkgeVlATYCJAOGdAuEMAAEIAWHIgeVUT93ZWJmBhtljDXsmI+A80Cgwj/+vggK2vaIIBusdPb/n5SghozBk8fY3CwzKw8ycQ3LRhauWU8b7AQmPrHpsWLSbaQ1gVqO5kgksapZihmcvXvsSAlqZIYL1YkM/LIl97nZp395IqcEA/f21yuNQLmMXb2rZZ/7e/rS+3aQoE5jiykOu275k8k/fj/okKRo8gD/nl/nJmkfxsrIHdGdBcGkiz+6PvzlXksg+3a0LRtj240x7fSAEokyS6Dhebf1LCdu5KvgAAco8DNFd2ngQgUXgqAmqf8L6c5UtGxo2DBNGtLY2tKGZOVZ2HLx77Kss250ad5d3Xl1cpW0vK77me4TVlhzag6hop7lZ01uGarTmUiBV5Wpw9QIIHIy9D5pVGBWN7jNUiixqMnPGuD/K6BvNvMnY8XIQrCP5gbrNOe31s653X+Hg4vjv5quVAldYVtRZDwzd3E4LI6F7nJUSRahOOESHI4wPkW4P/kqRajnl6aVI8/6NyeN7N39hlMJDAtvY/vKt+1fizcmIyrRKym9s6DQKzRhAbBBNrZjjOd5sdmjhmYoYhlG6ebk/+m0JDt7IFlBwzF2UC10R/j/jOHAsRXNIvuwldsBQ8JmLSBXgveuAprUmc51S9awSwjjI63tDuSs1ipLhjzb/AQgKNHf69T31/9a/mDZqwzltVuXJepZBVSKrHslr8mKJIitEKBze2/v7RmcF/KIgxjVu+92dCJw4Jw0YMjq36mKz6R9bwxg47PdFPonbhRl3D4K5EceNXMAevNfTvMKklBL06Z2bVXeC8m+e3q93PLu8/+fGfh/+IyHIjNgbA2SHAOWVyPUkL1eGEArjSwHY7nJa2+pjUFPG3AVbnW1p9R685Z6Sin13M6lHveY2zHHfeHh/0893n+ttoB4vlLGxGDBSolgp3GDFaWCVXMvvyv4a9J2xzF4bBrd3+dqEmwFlkVs7FxuRIzIw8a2r1aGseb/0Gpnm3taZOWJCHo3jwsUNf/fIQR4bcI1b8JbBxy9v3Xv+ya3rzHagkgQQmtB4uwIcXLqzlKQxA2jt7AWjyhcZ2j0EBTIN4ns0op5jz2GSLVa81VQaOnQJDgQUmfTBcQYgHrCZ82tyU46i+AAMXWsJNyFr6Shnj5S/V3l+hSXDqasIp/0Zje8lwv1S69efyeYquu9M5MrRS+8xF6JWVU1XahOQhcu3sqLpdI438Urzs2POI/5LHyJe018jEGKEeV1YXzQYYiSf+yO1d7LhdWdJQAKf2xLR6JQ7SwXTnUU5tzUa/5j7zhtWEDa02T/F8yYP3/x/NrzoudZ0ybP/nvq9pT4s8fPDj/bUNworhRHil22v8/G5K/kT+SP5Lfk1+SX5AZyLbmSXExGyQg5lywmp5N55DhyrPu0+zP3H9yfuD9wv+8+6n7b/br7FXPo5P8Fi54S0BCi00THCKR68zH6oT8SXFU1FnE9rdl00XrUkg6GJlqQbmqiJeltTbQifbyJ1nRr3kQbundooi09/22iHb1CE+3p9Tc28fSugyY60rvJcXQiC9YxOpMVrOvQlaypdTv0IktfoS9KZNZjMJZssvUcMB2yxSdeAxZCtvk4VkO21XpnsAayvawPBlsgO8r6ZOwK2VnWF2J/yIN1HQ6HvKl1O5xAnip9AQZ5iXwMLqmsJ0M+E1xnPRvyOeBW68WQrwG3W2+GfGfwoPVekB8MnrY+ivxkvAo5rc/H++QX7tjF+JQKKkV8QaUOj+MbKk2tW+NbKm1P3A7fUel6HD9Q6W7dGz9SKVmPwW9UJlvPAVUqi5U1EMBT2QxNQgv+7AShpfBbsxMKrYTfb1lEaK0Y1Xvs0Sx9MTxmjSYCNmikGIYnj4F/B8qlVSNWqAjeEa28H6GlRftEfyJUwaXeqdAGokFEOYP/ZUK5OqkHBhXEJQ8CT5zBINLQBBPxgofYRhJ1im4gFjc/JVIDRzQihLhmqWfHwUbquoEgDmE9gpEts9VRl+G9eStCvSzE+NAyw8sT1oU1opWH8JmEjHhuoQUVzqoEZiohobPm62zifEdYUfgg3oNVcJTkCsVFdSDCQJ4Bj6blLfCABB9Eby42WVr2gi0mYT5mEj+bAKuTTo9OnKIJXdRPL147XNoOwkrKDc9CBsdFc0pyGQSqkBkBoMSa9cYPFCfyhWcSL+Pj0UIXJZ+hHm8gH0P16rpulTeL3DoFfPV5g0t0sib3JKfYc698ufV3UIj5xFxpXb4kWhJAKwHNDLa21YA5MHhdu3K4rSW+yNUr9gdSVaxFbYcrFtywqqM7d6B1rMA5L0m8BdQ3yDfVprlR/mx1XKZ50A5XixBOKes4idywdlnuKnW0bQKUobG/6eKp4gS6bSgJZgbKRb3y/0c4sgyiaiNJrL1SjswX+XoMI3G437ffAQYJhClZoNckiwvh0JuGY18lv20teyEwLWALO+HlhazxFGh5VvXkwV1IdiEJzx90HGG9XEvvxRAeBqVbzDF7GgMi52ogNkDsljNUMCWlE78P6c6YIsfUmcZaSYZH5AabU5P3jYIusxHEzqNwB4HG06xTxjFl6fvZk8TYm535DFnBHv92uzgaCGSxXLFCoRdsoVP7/lIpBtIT04bn+a+WroALewJJitOG9NIlnZSvPvsw0I7aprNc8CeUY2e9MiU0oFGORKEKMM2SM0KyIslNjtWOJoDbimhJFcfC2qfSUmcQt01FpKGpobaaDUm9zigHqd7VNVWWRF0MffIdmQdi7Tgkl4fsOKg+8+FYIAGyB2
|
|||
|
|
<style>/*!
|
|||
|
|
* Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
|
|||
|
|
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
|
|||
|
|
*/@font-face{font-family:"FontAwesome";src:/* original URL: https://forum.butian.net/static/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 */url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3L
|
|||
|
|
<style>@media (min-width:1200px){.navbar-form{width:235px}}@media (min-width:768px){.navbar-form .form-control{width:100%}}@media (max-width:767px){.global-nav{width:100%;text-align:center;z-index:1000}}@media (max-width:767px){}.global-nav .nav{height:44px;padding:0}.navbar-form .btn{position:absolute;top:8px;right:30px;color:#999;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}.navbar-form .btn:hover,.navbar-form .btn:focus{color:#777}pre{white-space:pre-wrap}@media (min-width:768px){}@media (min-width:992px){}@media (min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}button,input,textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mb-50{margin-bottom:50px}.mt-10{margin-top:10px}.mt-15{margin-top:15px}.mt-30{margin-top:30px}.mt-60{margin-top:60px}.ml-10{margin-left:10px}.mr-5{margin-right:5px}.span-line{margin-left:8px;margin-right:8px;color:#999}.logo{float:left;margin:0;display:inline-block;width:150px}.logo a{display:block;height:50px;width:145px;background-image:/* original URL: https://forum.butian.net/css/default/logo.svg */url(data:image/svg+xml;base64,PHN2ZyBpZD0i5Zu+5bGCXzEiIGRhdGEtbmFtZT0i5Zu+5bGCIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQyNi4xMyAxMTEuNDIiPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+5aWH5a6J5L+h5pS76Ziy56S+5Yy6X2xvZ288L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTExMiw1Ny4zM3YtNGgzNy43OHY0aC00LjM5VjcxLjE4cS4wOCw1LjUzLTUuMTksNS40NGgtNC44OXYtNGgyLjM0YzEuMiwwLDEuNzgtLjYyLDEuNzUtMS45M1Y1Ny4zM1ptMS44LTExLjkydi00aDEzLjg1VjM4LjkzaDYuNDh2Mi41MWgxMy45M3Y0SDEzNi4zNXEzLDIuNTEsMTAuOTIsNC4zMXYzLjQ3UTEzNiw1MS42NSwxMzAuODcsNDcuNXEtNS4xLDQuMTQtMTYuMzYsNS42OVY0OS43MmM1LjI1LTEuMiw4Ljg4LTIuNjQsMTAuOTItNC4zMVptMi4wOSwyNy4yOFY1OS43NmgxOS4zN3Y3LjM2Yy4xMSwzLjgzLTEuNjcsNS42OC01LjM1LDUuNTdabTUuNDgtNGg2LjQ1YzEuMzkuMDksMi4wNS0uNjEsMi0yLjA5VjYzLjc4aC04LjQxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1My42Nyw1OC43MlY1NC41M2g0LjY5VjUwLjMxaDYuNTJ2NC4yMmgxNS42OVY1MC4zMWg2LjUzdjQuMjJoNC44MXY0LjE5aC01LjA2YTE1LjM2LDE1LjM2LDAsMCwxLTcuNTcsMTEuODgsOTIuNiw5Mi42LDAsMCwwLDEyLjIxLDIuMzR2NHEtMTIuMTMtMS4yNS0xOC43OC0zLjQ3LTYuNTcsMi4yMi0xOC43LDMuNDd2LTRhMTA0LDEwNCwwLDAsMCwxMi4xNy0yLjM0LDE1LjA2LDE1LjA2LDAsMCwxLTcuNTctMTEuODhabTM2LjYxLTE2Ljg2djcuMzZoLTYuMTVWNDZIMTYxLjM3djMuMjJoLTYuMTVWNDEuODZoMTMuODlWMzkuMDloNy4ydjIuNzdaTTE3Mi43NSw2OC4yMXE2LjY5LTMuMTgsNy42MS05LjQ5SDE2NS4wOVExNjUuOTMsNjUsMTcyLjc1LDY4LjIxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE5OSw3N1Y1Mi43M2EyNywyNywwLDAsMS0zLjQ3LDEuNDNWNTAuMzVhMTcuMiwxNy4yLDAsMCwwLDUuOS0xMWg1LjlhMzIuODYsMzIuODYsMCwwLDEtMi42OCw3LjdWNzdabTcuNzQtMzF2LTRoMTBWMzkuM2g2Ljd2Mi43NmgxMC4xMnY0Wm0xLjM0LDMwLjVWNjIuMjNIMjMxLjd2Ny43cS4xNyw2LjgxLTYuMTUsNi42MVptLjEzLTI0di0zLjhoMjMuNDJ2My44Wm0wLDYuN1Y1NS40MWgyMy40MnYzLjgxWm0xNy44NiwxMC42MlY2Ni4ySDIxMy43MXY2LjMyaDEwLjEyQzIyNS4zOSw3Mi42MywyMjYuMTMsNzEuNzQsMjI2LjA1LDY5Ljg0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTIzNy43Niw0Ni40NnYtNGgxNC40OHY0SDI0OFY2NS4yNGMxLjQyLS4zLDMtLjcxLDQuNzMtMS4yMXY0LjE0YTU1LjQxLDU1LjQxLDAsMCwxLTE1LjE0LDMuNzdWNjYuNzljMS4yNS0uMDgsMi43OC0uMjQsNC42LS40NlY0Ni40NlptMTMuNDMsOC4wN1Y1MC44MXE0LjY5LTQsNS40NC0xMS41NWg2LjExYTMyLjMxLDMyLjMxLDAsMCwxLTEuMDUsNC40NGgxMy43N3Y0aC0zcS0uODQsMTEuODUtNS44NiwxOC4yYTQzLjI2LDQzLjI2LDAsMCwwLDguNDksNi44MnY0LjQ0YTQ5LjQxLDQ5LjQxLDAsMCwxLTEyLTcuNTMsNTIuMTMsNTIuMTMsMCwwLDEtMTIuNjQsNy41N1Y3Mi44MUE0MC4wNyw0MC4wNywwLDAsMCwyNTkuNzMsNjZhMzQuMzgsMzQuMzgsMCwwLDEtNS42MS0xMi44QTIxLjc4LDIxLjc4LDAsMCwxLDI1MS4xOSw1NC41M1ptOC4yNS0zLjcyYTM2LjQsMzYuNCwwLDAsMCwzLjc2LDEwLjVxMi43MS00Ljg5LDMuNDMtMTMuNTZIMjU5LjlhMTUuMSwxNS4xLDAsMCwxLTIuNDcsMy4wNloiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yODAuNTYsNzYuOTFWNDAuNjRoMTMuNzN2NGEyNS44NiwyNS44NiwwLDAsMS0yLjY0LDEwLDExLjMyLDExLjMyLDAsMCwxLDMsNy40cS4xNyw4LjUzLTcuOT
|
|||
|
|
<style>a{text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}.navbar-inverse{background-color:#2a8c70;border-color:#2b7a5c}.navbar-inverse .navbar-nav>li>a{color:#fff;padding-left:6px;padding-right:6px}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#008151}@media (max-width:767px){}@media (max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#E7F2ED;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}.btn-primary{border-color:#008151;background-color:#009a61;color:#fff}.btn-primary.active,.btn-primary:active,.btn-primary:focus,.btn-primary:hover,.open>.btn-primary.dropdown-toggle{border-color:#00432a;background-color:#006741;color:#fff}.btn-primary.active,.btn-primary:active,.open>.btn-primary.dropdown-toggle{background-image:none}.btn-success{border-color:#4cae4c;background-color:#5cb85c;color:#fff}</style>
|
|||
|
|
<style>@font-face{font-family:qax-design-icons;src:/* original URL: https://forum.butian.net/static/js/qaxd/fonts/qax-design-icons.woff */url(data:font/woff;base64,d09GRgABAAAAAG4oAAsAAAAA2pQAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFY9Fkm8Y21hcAAAAYAAAAdUAAARKjgK0qlnbHlmAAAI1AAAWZoAALGMK9tC4GhlYWQAAGJwAAAALwAAADYU7r8iaGhlYQAAYqAAAAAdAAAAJAfeBJpobXR4AABiwAAAABUAAARkZAAAAGxvY2EAAGLYAAACNAAAAjR9hqpgbWF4cAAAZQwAAAAfAAAAIAIxAJhuYW1lAABlLAAAAUoAAAJhw4ylAXBvc3QAAGZ4AAAHsAAADQvkcwUbeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2BkYWCcwMDKwMHUyXSGgYGhH0IzvmYwYuRgYGBiYGVmwAoC0lxTGByeLXh+irnhfwNDDHMDQwNQmBEkBwD5Vw1OeJzd1/W3l3UWxfH359JdUoPBYMugiNjJDAx2dzMY2N3d3d0oJd1IIx12d+s5JoPiICbuh/0H+Puw1ot17113rfu98ey9D1AHqCX/kNp68xeK3qLmR320rP54LRqu/njtmkV6vxMd9Xk10T+GxKSYFUtjeazKVtk+O2bn7JG9sk8uzCWrVoE+Z0AMjckxO5bFiqzJ1tkhO2WX7Jm9s28urj7nL/4Vfb1ObEJP9mcE45hHsJSVpWHpVrqXfjVdV39OjV5jbX0ndalHfRro9TaiMU1oSjOa04KWtGINWtOGtrSjPX+jA2uyFmuzjr6bv+srrMt6rM8GbMhGbKyv11nfdxc2ZTO6sjnd2ILubMlWbM02bMt2bM8O7MhO7Mwu9OCf/EuvsBf/pje7shu7swd7shd7sw/7sp9e+wEcyEEczCEcymEczhEcyVEczTEcSx/+Q1+O43hO4ET6cRIncwqnchqncwZnchZncw7nch7ncwEXchEXcwmXchmXcwVXchVXcw3Xch3XcwM3chM3cwu3chu3cwd3chd3cw/3ch/38wAP8hAP8wiP8hiP8wT9eZKnGMBABjGYITzNUIYxXD/tkYxiNGMYq5/7eCYwkUk8w2SmMJVpTGcGM5nFs8xmDnP1m5nPAhayiMUs4Tme5wXe4E3e4kXe5h1e4mVe4VVe411e5z3e5wM+5CM+5hM+5TM+5wv9bpMv+Yqv+YZv+U6/6f+yjO/5geX8yP9YwU+s5Gd+4Vd+43f+YFWhlFJTapXapU6pW+qV+qWB/joalcalSWlampXmpUVpWVqVNUrr0qa0Le30B1P3L//u/v//Na7+a9LV71Q/lehv1VMfA0xPFjHQqpSIQVYlRQy2KkFiiOkJJIaankVimOmpJIabnk9ihFXJEiNNzywxyqpXF6NNzzExxvREE2NNzzYxzvSUE+NNzzsxwfTkExNNGUBMMqUBMdmUC8QUU0IQU01ZQUwzqp/PdFN+EDNMSULMNGUKMcuULsRsU84Qc0yJQ8w1ZQ8xz5RCxHxTHhELTMlELDRlFLHIlFbEYlNuEUtMCUY8Z8oy4nlTqhEvmPKNeNGUdMRLpswjXraqDeIVUw4Sr5oSkXjNlI3E66aUJN4w5SXxpik5ibdMGUq8bUpT4h1TrhLvmhKWeM+UtcT7ptQlPjDlL/GhKYmJj0yZTHxsSmfiE1NOE5+aEpv4zJTdxOemFCe+MOU5EaZkJ9KU8cSXprQnvjLlPvG1qQGIb0xdQHxragXiO1M/EEtNTUEsM3UG8b2pPYgfTD1CLDc1CrHC1C3ET6aWIVaa+ob42dQ8xC+mDiJ+NbUR8Zupl4jfTQ1F/GHqKmKVqbXIGlN/kbVMTUbWNnUaWcfUbmRdU8+R9UyNR9Y3dR/ZwNSCZENTH5KNTM1INjZ1JNnE1JZkU1Nvks1MDUo2N3Up2cLUqmRLU7+SrUxNS7Y2dS7ZxtS+ZFtTD5PtTI1Mtjd1M9nB1NLkmqa+JtcyNTe5tqnDyXVMbU52NPU62cnU8OS6pq4n1zO1Prm+qf/JDUxLgNzQtAnIjUzrgNzYtBPITUyLgexs2g5kF9OKIDc17QlyM9OyILuaNga5uWltkN1Mu4PcwrRAyO6mLUJuaVol5FamfUJubVoq5DamzUJua1ov5HamHUNub1o05A6mbUPuaFo55E6mvUPubFo+5C6mDUT2MK0hsqdpF5G9TAuJ7G3aSuSuptVE7mbaT+TupiVF7mHaVOSepnVF7mXaWeTepsVF7mPaXuS+phVG7mfaY+T+pmVGHmDaaOSBprVGHmTabeTBpgVHHmLacuShplVHHmbad+ThpqVHHmHafOSRpvVHHmXageTRpkVIHmPahuSxppVI9jHtRbKvaTmSx5k2JHm8aU2SJ5h2JXmiaWGS/UxbkzzJtDrJk037kzzFtETJU02blDzNtE7J0007lTzDtFjJM03blTzLtGLJs017ljzHtGzJc00blzzPtHbJ8027l7zAtIDJC01bmLzItIrJi037mLzEtJTJS02bmbzMtJ7Jy007mrzCtKjJK03bmrzKtLLJq017m7zGtLzJa00bnLzOtMbJ6027nLzBtNDJG01bnbzJtNrJm037nbzFtOTJW02bnrzNtO7J2007n7zDtPjJO03bn7zLdAWQd5vuAfIe02VA3mu6Ecj7TNcCeb/pbiAfMF0Q5IOmW4J8yHRVkA+b7gvyEdOlQT5qujnIx0zXB/m46Q4hnzBdJGR/021CPmm6UsinTPcKOcB0uZADTTcMOch0zZCDTXcNOcR04ZBPm24dcqjp6iGHme4fcrjpEiJHmG4icqTpOiJHme4kcrTpYiLHGOr1HGvVoZ/jrOidHG+l6vwJVqrOn2il6vxJVqrOf8aqyyonW6k6f4qVqvOnWqk6f5qVqvOnW6k6f4aVqvNnWqk6f5aVqvOftVJ1/mwrVefPsVJ1/lwrVefPs1J1/nwr2v+5wErV/wutVP2/2ErV/0ustPsTkfxhoXicrL0JYFvVlTD87n3aV2u3LVvWYkl2HCu2ZUl2nNjPibM6GyGrQxKFhCRAEkKAsIYIaIeUJYQBSsO0YEjLsJXSQqa0LBVbof0oy7TTUjpQt512Ol9ppzt0Gr3859z7nvTkWCTM9yfWffu9525nv+cKegH+iYdEk+AQ4kKn0C/MEwQS8PcMkWxvMhF1EoM3YDSk6BBJJnrhZk/A74Wb0RnUaPD6e3KEXaZI5RE/J72/sDRYXu/rm3V04HXz7Yeal/STphs7g8HXl7++fHT09ablzWOdh8yeBgu5zmw+7mg1249bGrdZLMftMYv9uDlI7v6F2fz6wNFZfX2vWxo/uLGJ9C9pPtTZvLzp9dFRyOP1pqYNnYcsDR4zNUFJx+3mVshhm6XR8hQ7NQuiIJwsioIoCXVCm9AF9Yr0ZDOu3kQsEjX4XF5/Wu9zkGgimYmlSNI1SHKREAm4HMTYQXxQt2yGjBPB4XY75CKmRCDZlVkitWcJybarx4LkbnITAR6zl2TJ4ZbG27PZ9nF8qchfkvHlcXwOza0DuP4uviYuFDxChzAozAfIEoMkRAzGEBkkmTRAkCIz4EbAn81lE8mEwYiPAwhmwuDh3ZGAR/5AiBgdcDNpNIRIjhJdU2aaranRNTCUlOjYyMgYvdb5qU2bjtR7l69e++XcrFuuW0gkeu7SpfvOeSM02k+Cb2R7t2z95dpV7vmLf3qswfeK3RKzk2JwmjWY6TA2Bdw9EcgDcgptutIo7tpwzv3t8a6l7ea5VyxaeqFRPyZ/840g6R8NvbH7p4vnu1et/eXWLb1jvoZvYx8KRqjnSXGvOCJYBL8wJGwQzhMuFq6G2mZ6E9gDaRhlUWMmzS6bSbonRI0iVD4C9RQTgzQdywxSfyAb4IcQbcbadmCXxTKJGSQWNbSQCLR
|
|||
|
|
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}@media print{}pre code.hljs{overflow-x:auto}.hljs{color:#000}.hljs-comment{color:green}.hljs-built_in,.hljs-keyword{color:#00f}.hljs-literal,.hljs-string{color:#a31515}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#FFEBE9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#ffffff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body strong{font-weight:600}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:0.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body h2{margin-top:24px;margin-bottom:16px;line-height:1.25}.markdown-body h2{font-weight:600;padding-bottom:0.3em;font-size:1.5em;border-bottom:1px solid var(--color-border-muted)}.markdown-body ul{padding-left:2em}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body pre{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace;word-wrap:normal}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0!important}.markdown-body>*:last-child{margin-bottom:0!important}.markdown-body p,.markdown-body ul,.markdown-body pre{margin-top:0;margin-bottom:16px}.markdown-body li+li{margin-top:0.25em}.markdown-body code{padding:0.2em 0.4em;margin:0;font-size:85%;background-color:var(--color-neutral-muted);border-radius:6px}.markdown-body pre c
|
|||
|
|
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
|
|||
|
|
<!--[if lt IE 9]>
|
|||
|
|
<script src="/static/js/html5shiv.min.js"></script>
|
|||
|
|
<script src="/static/js/respond.min.js"></script>
|
|||
|
|
<![endif]-->
|
|||
|
|
<style>.hot{z-index:10}</style>
|
|||
|
|
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
|
|||
|
|
* Waves v0.7.5
|
|||
|
|
* http://fian.my.id/Waves
|
|||
|
|
*
|
|||
|
|
* Copyright 2014-2016 Alfiana E. Sibuea and other contributors
|
|||
|
|
* Released under the MIT license
|
|||
|
|
* https://github.com/fians/Waves/blob/master/LICENSE
|
|||
|
|
*/</style><style>@media (max-height:620px){}@media (max-height:783px){}@-webkit-keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}@keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}</style><style>@-webkit-keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@media (pointer:coarse){}</style><style>:root{--sr-annote-color-0:#b4d9fb;--sr-annote-color-1:#ffeb3b;--sr-annote-color-2:#a2e9f2;--sr-annote-color-3:#a1e0ff;--sr-annote-color-4:#a8ea68;--sr-annote-color-5:#ffb7da}</style><style>@-webkit-keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@-webkit-keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes fadeOut{0%{opacity:1}to{opacity:0}}@keyframes fadeOut{0%{opacity:1}to{opacity:0}}@-webkit-keyframes fadeIn{0%{opacity:0}to{opacity:1}}@keyframes fadeIn{0%{opacity:0}to{opacity:1}}@-webkit-keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:tra
|
|||
|
|
<body>
|
|||
|
|
<div class="global-nav mb-50">
|
|||
|
|
<nav class="navbar navbar-inverse navbar-fixed-top">
|
|||
|
|
<div class="container nav">
|
|||
|
|
<div class="visible-xs header-response sf-hidden">
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
<div class="row hidden-xs">
|
|||
|
|
<div class="col-sm-9 col-md-9 col-lg-9">
|
|||
|
|
<div class=navbar-header>
|
|||
|
|
<button type=button class="navbar-toggle collapsed sf-hidden" data-toggle=collapse data-target=#global-navbar>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
</button>
|
|||
|
|
<div class=logo><a class="navbar-brand logo" href=https://forum.butian.net/></a></div>
|
|||
|
|
</div>
|
|||
|
|
<div class="collapse navbar-collapse" id=global-navbar>
|
|||
|
|
<ul class="nav navbar-nav">
|
|||
|
|
<li><a href=https://forum.butian.net/>首页 <span class=sr-only>(current)</span></a></li>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<li><a href=https://forum.butian.net/questions>问答</a></li>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<li><a href=https://forum.butian.net/shop>商城</a></li>
|
|||
|
|
|
|||
|
|
<li><a href=https://forum.butian.net/community>实战攻防技术</a></li>
|
|||
|
|
<li><a href=https://forum.butian.net/articles>漏洞分析与复现</a>
|
|||
|
|
<span class=hot>NEW</span>
|
|||
|
|
</li>
|
|||
|
|
<li><a href=https://forum.butian.net/movable>活动</a></li>
|
|||
|
|
<li><a href=https://forum.butian.net/questions/Play>摸鱼办</a>
|
|||
|
|
|
|||
|
|
</li>
|
|||
|
|
</ul>
|
|||
|
|
<form role=search id=top-search-form action=https://forum.butian.net/search method=GET class="navbar-form hidden-sm hidden-xs pull-right">
|
|||
|
|
<span class="btn btn-link"><span class=sr-only>搜索</span><span class="glyphicon glyphicon-search"></span></span>
|
|||
|
|
<input type=text name=word id=searchBox class=form-control placeholder value>
|
|||
|
|
</form>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</nav>
|
|||
|
|
</div>
|
|||
|
|
<div class="top-alert mt-60 clearfix text-center">
|
|||
|
|
<!--[if lt IE 9]>
|
|||
|
|
<div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>,放学别走,升级完浏览器再说
|
|||
|
|
<a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
|
|||
|
|
</div>
|
|||
|
|
<![endif]-->
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
<div class=wrap>
|
|||
|
|
<div class=container>
|
|||
|
|
<div class="row mt-10">
|
|||
|
|
<div class="col-xs-12 col-md-9 main" style=width:100%>
|
|||
|
|
<div class=widget-article>
|
|||
|
|
<h3 class="title word-wrap">某通电子文档管理系统 SecretKeyService SQL注入漏洞</h3>
|
|||
|
|
<ul class=taglist-inline>
|
|||
|
|
<li class=tagPopup><a class=tag href=https://forum.butian.net/topic/48>漏洞分析</a></li>
|
|||
|
|
</ul>
|
|||
|
|
<div class="content mt-10">
|
|||
|
|
<div class="quote mb-20">
|
|||
|
|
某通电子文档管理系统 SecretKeyService SQL注入漏洞
|
|||
|
|
</div>
|
|||
|
|
<textarea id=md_view_content style=display:none value="影响版本
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
V5.6.3.152.186 20240811之前
|
|||
|
|
|
|||
|
|
产品简介
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
某通电子文档安全管理系统是一款综合性的数据智能安全产品,涵盖了透明加密、数据分类分级、访问控制等多项核心技术。该系统保护范围广泛,包括终端电脑、智能终端以及各类应用系统,能有效防止数据泄露,满足数据安全合规要求。该系统采用事前主动防御、事中实时控制、事后及时追踪的设计理念,全方位保障用户终端数据安全。此外,亿赛通在信息安全行业享有良好声誉,服务、售后等方面均表现出色。
|
|||
|
|
|
|||
|
|
资产测绘
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
body="/CDGServer3/index.jsp"
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
代码审计
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
首先进入`WEB-INF`的web.xml页面中,`Fn+F`搜索`SecretKeyService`
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
`Ctrl`点击键入该类中,该类位于`/com/esafenet/key/service/SecretKeyService.class`中,这个是一个servlet文件,找到与前端交互的方法即`service`方法
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
```php
|
|||
|
|
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
|||
|
|
// 从请求中获取"command"参数
|
|||
|
|
String command \= request.getParameter("command");
|
|||
|
|
|
|||
|
|
// 检查命令是否为"sameKeyName",如果是,则调用sameKeyName方法处理请求
|
|||
|
|
if ("sameKeyName".equals(command)) {
|
|||
|
|
this.sameKeyName(request, response);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 检查命令是否为"sameKeyValue",如果是,则调用sameKeyValue方法处理请求
|
|||
|
|
if ("sameKeyValue".equals(command)) {
|
|||
|
|
this.sameKeyValue(request, response);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 从请求头中获取"command"参数
|
|||
|
|
String serNameString \= request.getHeader("command");
|
|||
|
|
|
|||
|
|
// 检查请求头中的命令是否为"getSecretKeyValue",如果是,则调用getSecretKeyValue方法处理请求
|
|||
|
|
if ("getSecretKeyValue".equals(serNameString)) {
|
|||
|
|
this.getSecretKeyValue(request, response);
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
**方法签名**: 该方法是重写的`service`方法,用于处理HTTP请求。它接受两个参数:`HttpServletRequest`和`HttpServletResponse`,并可能抛出`ServletException`和`IOException`。
|
|||
|
|
|
|||
|
|
**获取命令参数**: 使用`request.getParameter("command")`来获取用户请求中的`command`参数。
|
|||
|
|
|
|||
|
|
**处理不同命令**:
|
|||
|
|
|
|||
|
|
- 首先检查是否为"sameKeyName"命令,如果是,则调用相应的方法以处理该请求。
|
|||
|
|
- 然后检查是否为"sameKeyValue"命令,如是,则调用对应的方法。
|
|||
|
|
|
|||
|
|
**处理请求头中的命令**:
|
|||
|
|
|
|||
|
|
- 从请求头中获取名为`command`的值,判断是否为"getSecretKeyValue",如是则调用相应的方法处理请求。
|
|||
|
|
|
|||
|
|
**然后在service代码下面第五十五行**
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
在`SecretKeyDAO`类中的`findNumByKeyName`和`findNumByKeyValue`方法调用中,如果这些方法中的实现使用了未经过滤的用户输入构造SQL查询,则有可能导致SQL注入
|
|||
|
|
|
|||
|
|
跟进`findNumByKeyName`,搜索`keyName`
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
SQL语句中将`keyValue`参数直接拼接到查询中,直接调用query方法执行sql语句,几乎没有做什么过滤,从而造成了sql注入漏洞
|
|||
|
|
|
|||
|
|
**poc**
|
|||
|
|
|
|||
|
|
如果sql语句执行成功就会延迟五秒
|
|||
|
|
|
|||
|
|
`keyName=1'+WAITFOR+DELAY+'0:0:5'`
|
|||
|
|
|
|||
|
|
漏洞复现
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
修复建议
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
```php
|
|||
|
|
public String getKeyNameBykeyValue(String keyValue) throws Exception {
|
|||
|
|
// SQL查询语句,使用?作为占位符以避免SQL注入
|
|||
|
|
String sql \= "SELECT keyName FROM SecretKey WHERE keyValue = ?";
|
|||
|
|
Connection conn \= null; // 数据库连接对象
|
|||
|
|
QueryRunner qr \= null; // QueryRunner对象用于执行数据库操作
|
|||
|
|
|
|||
|
|
String result; // 用于存储查询结果
|
|||
|
|
try {
|
|||
|
|
conn \= getConnection(); // 获取数据库连接
|
|||
|
|
qr \= new QueryRunner(); // 初始化QueryRunner
|
|||
|
|
// 使用参数化查询执行SQL,并通过ResultSetHandler处理结果
|
|||
|
|
result \= (String) qr.query(conn, sql, new ResultSetHandler<String\>() {
|
|||
|
|
public String handle(ResultSet rs) throws SQLException {
|
|||
|
|
// 如果查询结果为空,返回"默认密钥",否则返回查询到的keyName
|
|||
|
|
return !rs.next() ? "默认密钥" : rs.getString(1);
|
|||
|
|
}
|
|||
|
|
}, keyValue); // 将keyValue作为参数传递,避免直接拼接
|
|||
|
|
} finally {
|
|||
|
|
DbUtils.closeQuietly(conn); // 确保数据库连接被关闭
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return result; // 返回查询结果
|
|||
|
|
}
|
|||
|
|
```">影响版本
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
V5.6.3.152.186 20240811之前
|
|||
|
|
|
|||
|
|
产品简介
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
某通电子文档安全管理系统是一款综合性的数据智能安全产品,涵盖了透明加密、数据分类分级、访问控制等多项核心技术。该系统保护范围广泛,包括终端电脑、智能终端以及各类应用系统,能有效防止数据泄露,满足数据安全合规要求。该系统采用事前主动防御、事中实时控制、事后及时追踪的设计理念,全方位保障用户终端数据安全。此外,亿赛通在信息安全行业享有良好声誉,服务、售后等方面均表现出色。
|
|||
|
|
|
|||
|
|
资产测绘
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
body="/CDGServer3/index.jsp"
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
代码审计
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
首先进入`WEB-INF`的web.xml页面中,`Fn+F`搜索`SecretKeyService`
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
`Ctrl`点击键入该类中,该类位于`/com/esafenet/key/service/SecretKeyService.class`中,这个是一个servlet文件,找到与前端交互的方法即`service`方法
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
```php
|
|||
|
|
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
|||
|
|
// 从请求中获取"command"参数
|
|||
|
|
String command \= request.getParameter("command");
|
|||
|
|
|
|||
|
|
// 检查命令是否为"sameKeyName",如果是,则调用sameKeyName方法处理请求
|
|||
|
|
if ("sameKeyName".equals(command)) {
|
|||
|
|
this.sameKeyName(request, response);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 检查命令是否为"sameKeyValue",如果是,则调用sameKeyValue方法处理请求
|
|||
|
|
if ("sameKeyValue".equals(command)) {
|
|||
|
|
this.sameKeyValue(request, response);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 从请求头中获取"command"参数
|
|||
|
|
String serNameString \= request.getHeader("command");
|
|||
|
|
|
|||
|
|
// 检查请求头中的命令是否为"getSecretKeyValue",如果是,则调用getSecretKeyValue方法处理请求
|
|||
|
|
if ("getSecretKeyValue".equals(serNameString)) {
|
|||
|
|
this.getSecretKeyValue(request, response);
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
**方法签名**: 该方法是重写的`service`方法,用于处理HTTP请求。它接受两个参数:`HttpServletRequest`和`HttpServletResponse`,并可能抛出`ServletException`和`IOException`。
|
|||
|
|
|
|||
|
|
**获取命令参数**: 使用`request.getParameter("command")`来获取用户请求中的`command`参数。
|
|||
|
|
|
|||
|
|
**处理不同命令**:
|
|||
|
|
|
|||
|
|
- 首先检查是否为"sameKeyName"命令,如果是,则调用相应的方法以处理该请求。
|
|||
|
|
- 然后检查是否为"sameKeyValue"命令,如是,则调用对应的方法。
|
|||
|
|
|
|||
|
|
**处理请求头中的命令**:
|
|||
|
|
|
|||
|
|
- 从请求头中获取名为`command`的值,判断是否为"getSecretKeyValue",如是则调用相应的方法处理请求。
|
|||
|
|
|
|||
|
|
**然后在service代码下面第五十五行**
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
在`SecretKeyDAO`类中的`findNumByKeyName`和`findNumByKeyValue`方法调用中,如果这些方法中的实现使用了未经过滤的用户输入构造SQL查询,则有可能导致SQL注入
|
|||
|
|
|
|||
|
|
跟进`findNumByKeyName`,搜索`keyName`
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
SQL语句中将`keyValue`参数直接拼接到查询中,直接调用query方法执行sql语句,几乎没有做什么过滤,从而造成了sql注入漏洞
|
|||
|
|
|
|||
|
|
**poc**
|
|||
|
|
|
|||
|
|
如果sql语句执行成功就会延迟五秒
|
|||
|
|
|
|||
|
|
`keyName=1'+WAITFOR+DELAY+'0:0:5'`
|
|||
|
|
|
|||
|
|
漏洞复现
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
修复建议
|
|||
|
|
----
|
|||
|
|
|
|||
|
|
```php
|
|||
|
|
public String getKeyNameBykeyValue(String keyValue) throws Exception {
|
|||
|
|
// SQL查询语句,使用?作为占位符以避免SQL注入
|
|||
|
|
String sql \= "SELECT keyName FROM SecretKey WHERE keyValue = ?";
|
|||
|
|
Connection conn \= null; // 数据库连接对象
|
|||
|
|
QueryRunner qr \= null; // QueryRunner对象用于执行数据库操作
|
|||
|
|
|
|||
|
|
String result; // 用于存储查询结果
|
|||
|
|
try {
|
|||
|
|
conn \= getConnection(); // 获取数据库连接
|
|||
|
|
qr \= new QueryRunner(); // 初始化QueryRunner
|
|||
|
|
// 使用参数化查询执行SQL,并通过ResultSetHandler处理结果
|
|||
|
|
result \= (String) qr.query(conn, sql, new ResultSetHandler<String\>() {
|
|||
|
|
public String handle(ResultSet rs) throws SQLException {
|
|||
|
|
// 如果查询结果为空,返回"默认密钥",否则返回查询到的keyName
|
|||
|
|
return !rs.next() ? "默认密钥" : rs.getString(1);
|
|||
|
|
}
|
|||
|
|
}, keyValue); // 将keyValue作为参数传递,避免直接拼接
|
|||
|
|
} finally {
|
|||
|
|
DbUtils.closeQuietly(conn); // 确保数据库连接被关闭
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
return result; // 返回查询结果
|
|||
|
|
}
|
|||
|
|
```</textarea>
|
|||
|
|
<div id=layer-photos-demo>
|
|||
|
|
<div id=md_view><div class=markdown-body><h2 blockindex=0>影响版本</h2>
|
|||
|
|
<p blockindex=1>V5.6.3.152.186 20240811之前</p>
|
|||
|
|
<h2 blockindex=2>产品简介</h2>
|
|||
|
|
<p blockindex=3>某通电子文档安全管理系统是一款综合性的数据智能安全产品,涵盖了透明加密、数据分类分级、访问控制等多项核心技术。该系统保护范围广泛,包括终端电脑、智能终端以及各类应用系统,能有效防止数据泄露,满足数据安全合规要求。该系统采用事前主动防御、事中实时控制、事后及时追踪的设计理念,全方位保障用户终端数据安全。此外,亿赛通在信息安全行业享有良好声誉,服务、售后等方面均表现出色。</p>
|
|||
|
|
<h2 blockindex=4>资产测绘</h2>
|
|||
|
|
<p blockindex=5>body="/CDGServer3/index.jsp"</p>
|
|||
|
|
<p blockindex=6><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACxgAAAVgCAYAAAB2Hxq3AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd1wT9x8G8OcuYaMoiIIg4sBVce+9Z3HgrFq3rf7ctVr3qHtWrdbZ1lX3qHu1VqtV61ZciANXHYiggIwkd78/IoGYBBIMxvG8Xy9fJvcd9w0JAS7PfU5QuOaVQURERERERERERERERERERERERERERARAtPUCiIiIiIiIiIiIiIiIiIiIiIiIiIiI6P3BgDERERERERERERERERERERERERERERHpMGBMREREREREREREREREREREREREREREOgwYExERERERERERERERERERERERERERkQ4DxkRERERERERERERERERERERERERERKTDgDERERERERERERERERERERERERERERHpMGBMREREREREREREREREREREREREREREOgwYExERERERERERERERERERERERERERkQ4DxkRERERERERERERERERERERERERERKTDgDERERERERERERERERERERERERERERHpMGBMREREREREREREREREREREREREREREOgwYExERERERERERERERERERERERERERkQ4DxkRERERERERERERERERERERERERERKTDgDERERERERERERERERERERERERERERHpMGBMREREREREREREREREREREREREREREOgwYExERERERERERERERERERERERERERkQ4DxkRERERERERERERERERERERERERERKTDgDERERERERERERERERERERERERERERHpMGBMREREREREREREREREREREREREREREOgwYExERERERERERERERERERERERERERkQ4DxkRERERERERERERERERERERERERERKSjtPUCiIiIiIiIiIiIiIiIiIiIiIiIiIgyShAEKBRChsZqNDJkWbbyiog+fAwYE70HxHKlILVpBofqFSH5+9l6OURERERERERERPQJEcPvIfHovxA37YB05oKtl0NERERERERE7zFBAERBgCgKUCgUUAoCJEmGStJAkmRABiTIeGd5XQFwtFdARMbCxQAAhfa/+EQ1GDMmSiEoXPPye4LIlqaPhd2XbWy9CiIiIiIiIiIiIiKoVm8Cvvve1ssgIiIiIiIiIhtQCAKUShFKUYSoECGKr8PEggh7pWjRXLIMqDQaqCUJKpWExCQ1NG+kjpUKEQ52CtgpFVCIIkRRgABAI8mQZQkx8UmQJBkayXjEUSEKcLBTZPThmpSoliBpJIaN6ZPHgDGRDSnWLoZYqyoAQFy2GsKuAxCvXrftooiIiIiIiIiIiOiTIhUrAvnzBpB6fam9f/gfaDr0tvGqiIiIiIiIiOhdUAgCHO2VcLBXZkpYN5ksA0kqNeIS1VCKApwc7GCXTmj5RVwCAEACIEsSklQpod/MChenppFlqNWSyYAz0ceOAWMiW3lduVgMvw9h4EgGi4mIiIiIiIiIiMimpGJFIM+bAsk/DysZExEREREREX3EBEFAwXy5Ubt6KZQvWxT29kpbL8moQd/N098gA4lJaiSpNMji6vDO1iFJEuLiVVCrpXe2T6L3AQPGRDYglisFxY7VAABF8y8ZLiYiIiIiIiIiIqL3glSsCDTbtccuNc2+hHTmgo1XRERERERERETW4uLiiCoViqN29ZLwye1p6+WkyyBgbGNJSWq8SlBBZuKSPhHv56kHRB85qU0zKACIy1YzXExERERERERERETvDfHqdcjLVkPq9SWkNs0ABoyJiIiIiIiIPnhuWVzQqH5F1K1VCg729rZezgfL3l4JQSEiLi4JMlPG9AlgwJjIBhyqV4QEQNh1wNZLISIiIiIiIiIiItIj7DoA9PoSDtUrItHWiyEiIiIiIiKit1Kp/Gf4sn09uLo42XopHwU7hYgszvaIeZXISsb00RNtvQCiT5Hk7wcArF5MRERERERERERE753k45bJxzGJiIiIiIiI6MPVp0cQw8VWplCKcHFmJWj6+DFgTERERERERERERERERERERERERERkJjulAg72SlsvgyhTMWBMRERERERERERERERERERERERERGQBRyc7KATB1ssgyjQMGBMRERERERERERERERERERERERERWUAE4ODAKsb08WLAmIiIiIiIiIiIiIiIiIiIiIiIiIjIQvb2SrCIMX2sGDAmIiIiIiIiIiIiIiIiIiIiIiIiIrKQIABKpcLWyyDKFAwYExERERERERERERERERERERERERFlgL09A8b0cWLAmIiIiIiIiIiIiIiIiIiIiIiIiIgoA+wUIgRBsPUyiKyOAWMiIiIiIiIiIiIiIiIiIiIiIiIiogwQBAFKBaOY9PFR2noBNpXfD2KpQGgKFwSKFYbolRNiDneIuTx1XaSISGgeP4XiSQSEx08hPfgP0oXLEM6FQI6NteHiiYiIiIiIiIiIiIiIiIiIiIiIiMjW7O0UUKk1tl4GkVUZBIyFgvkgjRsKZaVyEF2c3ski5HOXoJo0B8LJs5m/r2oVITatD3XtqnD08wUAKNLoL3p6QPT0AAKL6vom90/69yyUuw5Cs3UPEBWVqet+k+DsCPHbfkhq1hCOub3eyT4T7j2A3frfIc1dYvW5Fbm9oGlQC7JHdu2Gy9ch7P/L6vshIiIiIiIiIiIiIiIiIiIiIiIisiY7OwWQAEC29UqIrEcvYCy6Z4ewcw2Ublnf6SKEMiVgv3UFVA3bAiHXrD+/qysU3dpD6tQaijw+AKxTutm+YlmgYllg5GBo1m+FsHgl5PsPrTBz+pSzJgItGsHxnexNy9HPFxjWD3B0gDRtvtXmFb76EuL4YXizSLz62g2gbU/Ike82vE1ERERERERERERERERERERERERkLkEA7JQKqFSsYkwfD71Mp9SrE8R3HC5OzX5AL6vOJ7i6Qh41COLZgxBGDNSFi61NdHKAXbcvoPx3H6QF0yD7+2XKfpIJBfMBLRpl6j7SohjQC4KLi1XmEiqWhXL8MKNtyqKFIM2dbJX9EBEREREREREREREREREREREREWUWe6XC1ksgsiq9Qr5y8aK2WgcAQF2skNXmUtSvBXnaaNh757LanOZwCG4KBDeFZs4iSLN+ypR9CCWKZcq8FgnIB1y4/NbTCL06pdluX7c61IUKQL5x6633RURERERERERERERERERERET0JjdBRJCrG2o6u6KEnRPyKe2RTVRAFASbrkuSZURLGtxRJ+GSKh5HXsViZ+wLvJAlm66LiIxT2olAvK1XQWQ9egFjpZ3SVL93Qnn1BpLedpLs2SFOGw0xqIE1lpRhim/6QKpfC0LPwZDvP7Tu5HZ21p0vA+Sw8LeeQ3Bzg6JJvXT7SW2CIEye+9b7IyIiIiIiIiIiIiIiIiIiIiJKFujghAHZcqCLi7vNw8TGiIIAd4US7golyjo4o5urByRPGSvjnmN+9DOEJDLJSPQ+EQUBSqUCarXG1kshsgq9RLEgirZaBwBANW/p201QryY0cyfCzj27xUPVd+8D50Ig3Q43aLMPKABN2ZJQ+HhZNKddYFEkHtwERY9BkP85ZfGaTJEUCtiymLq04GcgLvat5xFbNDKrn7JtC2gYMCYiIiIiIiIiIiIiIiIiIiIiK5nukRtDsuW09TIsJgoCurl6oJurB2ZHP8V3kf/ZeklElIq9UmTAmD4ati1Z/Jp85gI0U+dBvnw9w3OIbYKgmDcF5tb2TXj2HIrteyEfPw3x1DnIkVEAAGPnIqle/y/l9IBQqTxQvSLEZo0gZnFNdz8OWbMAm36G6tvxwNotZq7u/aS+ex/Sxh0QflhslfmENs3N6id6ekCuXRXSX/9YZb9ERERERERERERERERERERE9GkKdHDCcs88KOvgbOulvLUh2XKilpMrekbcZzVjoveEvZ0CrxJU6Xck+gCYHTBWN+kA+UJIZq4lw8QvgqGYPcG8zpeuQj13CRT7DgHQBoplc3f0NBLyjn3Ajn3QDJ0AObgp5MG9
|
|||
|
|
<h2 blockindex=7>代码审计</h2>
|
|||
|
|
<p blockindex=8>首先进入<code>WEB-INF</code>的web.xml页面中,<code>Fn+F</code>搜索<code>SecretKeyService</code></p>
|
|||
|
|
<p blockindex=9><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAC7wAAAamCAYAAAAg9VcoAAAAAXNSR0IArs4c6QAAAHhlWElmTU0AKgAAAAgABAEaAAUAAAABAAAAPgEbAAUAAAABAAAARgEoAAMAAAABAAIAAIdpAAQAAAABAAAATgAAAAAAAACQAAAAAQAAAJAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAC7ygAwAEAAAAAQAABqYAAAAAU+Y11wAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAQABJREFUeAHs3XeQW1eW5/kDJJA+k+mYSZ8kk957UoYUKYnyKqkkVZXKdVW76emJ2ZjY2J2IjY39Y/6Y2Iid3dmZ3e3tnZ7u6emq7qnu6pJKqqqWdxRFSqLovffeJMn0Bglgz7nIBz4ggfQkk+T3SkkA791n8MEDmHz43fMC1Xll8WgsKrF4VCQeloD+5/6P60OblqMP9b7ek854RLp0Wle8SwLBoFRVVsn48eNldHWNVFRWSElJiRQUFEpBfoEEQkHJC+dKICdHgrrKWDzu1hPX+24D+mc8HpNAIGj39L7Od/dtvjXdqO2NTk8sI7qegFuPm61/BHV+TPvZ/lmL6Y9bm27Dm2frYPv4c/zx/rPPCT5/7JPSfQjz+cvfP/z9y+8f+nnA71/8/snv3/z7w/715DX+/cW/P/n3N+cfOP/C+afE3wmcf+P8o51H85p3jpXzrwkRzj9z/p3vHxLnWL3PBr5/4fsnvn/j+ze+f+P7N75/4/tHvn+1fyvw/aspkP8h/0T+i/wb3z/z/Tvfv/P9O9+/8/17PBqVSGdELJPe3tkhnW3t0tLaKo0NDXLj5g05f+6cXLx4USoqKmTixElSVTVaKisqJWgnmTQfbv/ZNxT2OB6LS0zX09HRqbcxaW9vl0B1qDguwZBEtVdUw+y6jIbbdVJMT9TpgjENhEXi7dJpofhgXKZOmSorVq2SKdPqXKi8S3cwsWI93a9fhkR1xfaPmoBuzP1nO6HTXTBd12X3rbk+etf7MtEmB7r7ug76hz22D0KveV8o+Kd706yPTY9q/xzfcvHudbL9xAcq/hx/9l7h/aefF3z+8PmbOPdkf3Xx90/335X2+WDN//esPfb+rvVP96Z5/fn7l98/+P3r1u+t/P7J7//8+4d///HvT/79aSf0+Pc3//6235X59zf//ub8A+d/Of9tn4Z6HHD+hfNPnH9K/n5o7wn/eTZ77J1r80/3pnn9Of/G+TfOv3H+zfvenPOPnH/k/CPnHzn/yPlHzj9y/pXzz5x/tn8rcv6Z88+cf+b880g8/2yhdT35pan1RAbdfm+xALsVWQ9pAXXb51PHT8jePXvkxIkTMn7ceBd8Hz26OhF8t9B7d248mKMp9sRHvgR12UBFMF9/E9TK7vZlbCDmTqpZ57iu1Sq8t8Y7Ja7LLFy0SJ54cr3k5uVJZ2enpvA75UZjgzQ1NbvkfFdXRGJdWv3dAu8agrcTb9YsWU9DAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQuL8ELONuOXRrQQ23ez9hDaqHw2HJzc+T0pJSGVVSInn5+ZITDkmbVn/f8MmncvDgAcnLzZfCwmIJhUJuHYlMe2Kgo63LCkUEykIlGmsXCetPSHJEC7Nrgj4qbbGIdMYjUlUzWr73+g+kqKRYWlta5Wp9vTQ2NkqrbqijoyOZpHdb4A8EEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBLoFLLSen5srRUVFUlxaIqMrq6SgsEAabzbIr998Q5qbWlwYviC/UJew8Ly/4LqG3itzK7Scu13wKOoqvwfjOdIaa5GITlu2coWsf/ppaWxulmtXrkhDQ6M0tbRIVCu4eyXjeSUQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEOhLwCq5FxcXSZlWfR9dUyPFRYXy4fsfyP79+yUvr0CKCoqtZLyuxvLtetd+qsKjNPAekJgLw8e1snubdAXi8sxzz8q8BQvlwqWLWtG9Sa5fv07Qva9XgPkIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACWQWs4nsolCPl5RVSVloqNdXVsmvnTtm8ebOEw3kpoXer+J5TECz4NxKP6goD0h7r1MruXS7sPmvePDl39qxcv3FdK7s3uLB71q0yAwEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQACBfgjEYjFpb2+XzkhEOjs6pG7GdMkNh+XUyRNa4D0gOVoJ3prWcZdQotR7XLSrdMY7ZenyZTJrzly5cO68XK2vlw5dQTRqgXgaAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAJDF7CMenNzczKrPm/hArmu+fXDhw5LTk5Yq71r6F0T70ELvMc0Bd8ejUjl6Cp57PHH5cKFC3KzscGl5gm7D/3FYA0IIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACqQJW6b2trU1uNDTIxYsXZe2Tj0tRcaG0tjWLxC3pLonAe0csInGNvr/y2nfkyrVrLuje3NwitgIaAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAK3Q8Ay6y0tLZph75Br167Li996STo72qVdfyQekGA0EJVIvEsWLFyoofeAdLS1y/WbN5Ol4W/HTrFOBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQRMIBqNyvXr1zX03ibh3FyZOWumdFjgXWIS7IpFJabV3Vc+9Iir7N7U1CRdXRHkEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBC4IwIWem9qapZWDb2vfOghrfDeJh2RTq3wHovI5MmTXci9vb1dmlqaJR6/I/vERhBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQ0Ax7XFq0eHtHW7vEY3GZNGmSRDo18N4lUZk3f4FErUNLq5aDj8GFAAIIIIAAAggggAACCCCAAAIIIIAAAg+oQEFBwV195jk5OVJZWSlFRYV3dT/YeHaBYCAg1dXV2TuM0Dl2bAWDwX7tnT1H+7lXWlVVZb/3d7ifl/eezdXLy9IQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEBiqQFcsJq2trRLTbPuMmbO0ynurhALBgFTV1GjQPepmWjKehgACCCCAAAIIIIAAAggggAACCCCAAAIPnkAoFJIffv91aWtrk507d8qhw0fcycQ7IWFh2e+99qqUlJa64O6lS5fkjbfeHtSmLSy/YtlyOXr0qJy7cCG5jvz8fBk1qjT5eCB3rl65OiiLh1etlJkzZrhN7d23T7bt2DmQzfboa+HioTY7BxzTk8UDbaWlJbJowUKZPq1ObGDEhx99LEeOHRvoanr0f2r9epk8aaKb/uWWLbJv3/4efbwJdpy8+u2XpagwMSDird/+Turr673Zvd4+9eQTMkWvdnrl2jU5feq0bN2+PWv/Rx95RObOmS1Xr16Vk6dOyfadu7L2HcgMOzZDOaGBLCIdWrnGrs6arZUUFcl3X3tNmpubZdeu3bL/4EF3vt/f3wLxc+fMkUkTJogdQz/7u//mquT4+wz2/uyZM2XtY2vc4u0dHfL++x+kvO8Gu16WQwABBBBAAAEEEEAAAQQQQAABBBBAAAEEEHg
|
|||
|
|
<p blockindex=10><code>Ctrl</code>点击键入该类中,该类位于<code>/com/esafenet/key/service/SecretKeyService.class</code>中,这个是一个servlet文件,找到与前端交互的方法即<code>service</code>方法</p>
|
|||
|
|
<p blockindex=11><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAC7wAAAamCAYAAAAg9VcoAAAAAXNSR0IArs4c6QAAAHhlWElmTU0AKgAAAAgABAEaAAUAAAABAAAAPgEbAAUAAAABAAAARgEoAAMAAAABAAIAAIdpAAQAAAABAAAATgAAAAAAAACQAAAAAQAAAJAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAC7ygAwAEAAAAAQAABqYAAAAAU+Y11wAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAQABJREFUeAHsvYd7FFe69ft2q5WREJLISSByzsEEgzHgnNOEM+HMzDn3fs93/4f7V3zPM+fOOZM94xnH8YwD2IAxxsbkLLIAgUCAUM7qvu/arV3sLnVLLbUAAeu1W1W1a9euXb8K3exae+3AiMyCSGe4U8KRTpFIugT0P/N/RBeRlqaLOq9z0hZplw5N64h0SCAYlOKiYhk7dqwMHzFSCosKJS8vT7KzcyQ7K1sCoaBkpmdIIC1NglpkOBIx5UR03uxA/0YiYQkEgpjTeV1v5rEeoTtFbTQ9uo1oOQFTjlmtf4K6Pqz5UD9EWD+mNN2HXYcyuH/y5/XH+w/PCT5/8KQ0D2E+f/n9w+9f/v7Q5wF/f/H3J39/898f+NeTDf77i//+5L+/2f7A9he2P0W/E9j+xvZHtKPZsG2sbH+NEmH7M9vf+f4h2sZqnw18/8L3T3z/xvdvfP/G9298/8b3j3z/in8r8P0rKFD/Q/0T9V/Uv/H9M9+/8/0737/z/Tvfv0c6O6W9rV2gSW9pa5W25hZpbGqSutpauV1zW65UVEhlZaUUFhbK+PETpLh4uBQVFkkQjUyqD8d/eEOB5Ug4ImEtp7W1TadhaWlpkcCI0JCIBEPSqbk6Vcyu26i4XZPC2lCnG4ZVENYeaZE2iOKDEZk8abIsW7FCJk0pNaLyDq1gtGBt7teXIZ1aMP5RE9Cdmf9QCU03wnQtC/MIk0dn7ctEJAe68poM+gfLeBDasC8U3HSbhjxI79T8ac52ka4yuf/oA5X8ef3hXuH9p88LPn/4/I22PeGri98/Xd+VeD4g3O9ZLNvvWjfdptn8/P7l7w/+/rrzu5W/P/n7n//+4b//+O9P/vsTDXr89zf//Y3fyvz3N//9zfYHtv+y/RtPQ70O2P7C9ie2P3m/D3FPuO1sWLZtbW66TbP52f7G9je2v7H9zb43Z/sj2x/Z/sj2R7Y/sv2R7Y9sf2X7M9uf8W9Ftj+z/Zntz2x/HoztzxCta+OXqtajGnT8boGAHSbrITVQR53Lz52Xo0eOyPnz52XsmLFG+D58+Iio8B2i9y7deDBNVezRR74EddtAYTBLfwmqsztexgbCplENmSNaKhzemyJtEtFt5i9YIBue3CgZmZnS1tamKvw2uV1XK/X1DUY539HRLuEOdX+H4F1F8Gh4Q0BZzyABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEni4CEDjDh06IqjidvtJV6F6enq6ZGRlSn5evgzNy5PMrCxJSw9Js7q/7/hym5w8eUIyM7IkJ2eIhEIhU0ZU0x7t6IiyYBQRKAjlqaxdJF0/IUkTNWZXBX2nNIfbpS3SLsUjh8ubb/1QcvOGSFNjk9y4dUvq6uqkSXfU2trqKenNHviHBEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABLoIQLSelZEhubm5MiQ/T4YXFUt2TrbU1dTK+++9Kw31jUYMn52Vo1tAPO8arqvovSijUO3cMeBRp3F+D0bSpCncKO2atmT5Mtm4ebPUNTTIzaoqqa2tk/rGRulUB3drGc8zQQIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAK9EYCT+5AhuVKgru/DR46UIbk5suWzz+X48eOSmZktudlDYBmvxUDfrrP4FKcPVcF7QMJGDB9RZ/dm6QhE5KlnnpY58+bL1WuV6uheL9XV1RS693YGuJ4ESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESCAhATi+h0JpMmxYoRTk58vIESPk0MGD8s0330h6emaM6B2O72nZwez/VyKdWmBAWsJt6uzeYcTuM+bMkYrLl6X6drU6u9casXvCvXIFCZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACZAACSRBIBwOS0tLi7S1t0tba6uUTpsqGenpUn7hvBq8ByRNneAR6uMuoajVe0Q0q7RF2mTx0iUyY9ZsuVpxRW7cuiWtWkBnJwTxDBIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARJInQA06g0NDZ5Wfc78eVKt+vVTZackLS1d3d5V9K6K9yAE72FVwbd0tkvR8GJ5/Ikn5OrVq1JTV2tU8xS7p34yWAIJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkEAsATi9Nzc3y+3aWqmsrJR1Tz4huUNypKm5QSQCpbtEBe+t4XaJqPT9lddel6qbN43QvaGhUVAAgwRIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgATuBgFo1hsbG1XD3io3b1bL8y+8KG2tLdKiH4kEJNgZ6JT2SIfMmz9fRe8BaW1ukeqaGs8a/m5UimWSAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAh0dnZKdXW1it6bJT0jQ6bPmC6tELxLWIId4U4Jq7v78pWrjLN7fX29dHS0kxwJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkAAJ3BMCEL3X1zdIk4rel69cqQ7vzdLa3qYO7+F2KSkpMSL3lpYWqW9skEjkntSJOyEBEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiAB1bBHpFHN21ubWyQSjsiECROkvU0F7x3SKXPmzpNOZGhsUjv4MHGRAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAk8QASys7Pva23T0tKkqKhIcnNz7ms9uPPEBIKBgIwYMSJxhkG6BtdWMBhMqnY4RnwelCguLkq6vgN9XPaezdDhQBkkQAIkQAL3l0AoFDK/ofA7Kt7n/tbuwd07uT645441JwESIAESIAESIAESIAESIAESIAESIIGOcFiampokrNr2adNnqMt7k4QCwYAUjxypQvdOsxLKeAYJkAAJkAAJkAAJkAAJkAAJkAAJkAAJkMCDQQBinh/94C1pbm6WgwcPStmp06bx517UHmLZN197VfLy841w99q1a/LuBx/2a9cQeC1bslTOnDkjFVevemVkZWXJ0KH53nJfZm5U3egXi8dWLJfp06aZXR09dkz2HTjYl912ywtxcaqBNruwNu71NfLz82TBvPkydUqpoGPElq1fyOmzZ/taTLf8mzZulJIJ40367j175Nix493y2ARcJ6++/JLk5kQ7RHzwj4/l1q1bdnWP001PbpBJOjpl1c2bcrH8ouzdvz9h/tWrVsnsWTPlxo0bcqG8XPYfPJQwb19W4NoMpYX6som0qt
|
|||
|
|
<pre blockindex=12><code class="hljs language-php"><span class=hljs-keyword>protected</span> <span class=hljs-keyword>void</span> service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
|||
|
|
<span class=hljs-comment>// 从请求中获取"command"参数 </span>
|
|||
|
|
<span class=hljs-keyword>String</span> command \= request.getParameter(<span class=hljs-string>"command"</span>);
|
|||
|
|
|
|||
|
|
<span class=hljs-comment>// 检查命令是否为"sameKeyName",如果是,则调用sameKeyName方法处理请求 </span>
|
|||
|
|
<span class=hljs-keyword>if</span> (<span class=hljs-string>"sameKeyName"</span>.equals(command)) {
|
|||
|
|
this.sameKeyName(request, response);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-comment>// 检查命令是否为"sameKeyValue",如果是,则调用sameKeyValue方法处理请求 </span>
|
|||
|
|
<span class=hljs-keyword>if</span> (<span class=hljs-string>"sameKeyValue"</span>.equals(command)) {
|
|||
|
|
this.sameKeyValue(request, response);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-comment>// 从请求头中获取"command"参数 </span>
|
|||
|
|
<span class=hljs-keyword>String</span> serNameString \= request.getHeader(<span class=hljs-string>"command"</span>);
|
|||
|
|
|
|||
|
|
<span class=hljs-comment>// 检查请求头中的命令是否为"getSecretKeyValue",如果是,则调用getSecretKeyValue方法处理请求 </span>
|
|||
|
|
<span class=hljs-keyword>if</span> (<span class=hljs-string>"getSecretKeyValue"</span>.equals(serNameString)) {
|
|||
|
|
this.getSecretKeyValue(request, response);
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
</code></pre>
|
|||
|
|
<p blockindex=13><strong>方法签名</strong>: 该方法是重写的<code>service</code>方法,用于处理HTTP请求。它接受两个参数:<code>HttpServletRequest</code>和<code>HttpServletResponse</code>,并可能抛出<code>ServletException</code>和<code>IOException</code>。</p>
|
|||
|
|
<p blockindex=14><strong>获取命令参数</strong>: 使用<code>request.getParameter("command")</code>来获取用户请求中的<code>command</code>参数。</p>
|
|||
|
|
<p blockindex=15><strong>处理不同命令</strong>:</p>
|
|||
|
|
<ul blockindex=16>
|
|||
|
|
<li>首先检查是否为"sameKeyName"命令,如果是,则调用相应的方法以处理该请求。</li>
|
|||
|
|
<li>然后检查是否为"sameKeyValue"命令,如是,则调用对应的方法。</li>
|
|||
|
|
</ul>
|
|||
|
|
<p blockindex=17><strong>处理请求头中的命令</strong>:</p>
|
|||
|
|
<ul blockindex=18>
|
|||
|
|
<li>从请求头中获取名为<code>command</code>的值,判断是否为"getSecretKeyValue",如是则调用相应的方法处理请求。</li>
|
|||
|
|
</ul>
|
|||
|
|
<p blockindex=19><strong>然后在service代码下面第五十五行</strong></p>
|
|||
|
|
<p blockindex=20><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB64AAALGCAYAAAD1D79zAAAAAXNSR0IArs4c6QAAAHhlWElmTU0AKgAAAAgABAEaAAUAAAABAAAAPgEbAAUAAAABAAAARgEoAAMAAAABAAIAAIdpAAQAAAABAAAATgAAAAAAAACQAAAAAQAAAJAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAB66gAwAEAAAAAQAAAsYAAAAAjtFwPAAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAQABJREFUeAHs3Qd4HNd1+O1D9F4JsIEkCPbeq6jCpmbJkqxm2bJl++8WJ3bsOE7sFKc4+eLYSZzEihWX2I4UySpW7xKpRomkWMTeC0ASIEESvRL9u2cWsx0gsLPAovzu8yx2duqdd3YHM3NuGbFw8dKOKQX5ounQoUPWO38QQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBIaPQEFBgbWzp06dishOR0Vkq2wUAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQACBTgEC13wVEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQiKkDgOqL8bBwBBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAgMA13wEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgYgKELiOKD8bRwABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBAgcM13AAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAgogIEriPKz8YRQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBAhc8x1AAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEIioAIHriPKzcQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABAtd8BxBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEIipA4Dqi/GwcAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQIDANd8BBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAIGIChC4jig/G0cAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQIHDNdwABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAIKICBK4jys/GEUAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQIXPMdQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBCIqACB64jys3EEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQLXfAcQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBCIqQOA6ovxsHAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEECAwDXfAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQACBiAoQuI4oPxtHAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEECBwzXcAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQCCiAgSuI8rPxhFAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEECFzzHUAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQiKgAgeuI8rNxBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEC13wHEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQiKkDgOqL8bBwBBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAgMA13wEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgYgKELiOKD8bRwABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBAgcM13AAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAgogIEriPKz8YRQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBGIgCJ9ATEyMpKSkWCusra2Vtra28K2cNSGAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAJDVIDAdZgObGZmpixatEiSkpKsNX744Ydy8eLFMK2d1SCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAJDV4DAtcNjO2LECJkyZYpMnz5ddJiEAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAAAIIINA7AQLXvfPymTsxMVEWLlwo2dnZ1vi6ujp3U+E+M/IBAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQKBLgagupzDhigJay1qD1h0dHXL8+HHZvn37FZfpyxmioqJEg+k9TVpDXOcPpaZ4QkKC6PZ6m3S56Ojo3i7G/AgggAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAgggMIQFqHHt8OBevnxZdu/eLWVlZe7+rXu7yrFjx8rcuXOltbVVNm3aFLB4bGysrFmzxgowa3C8srLSZ56CggLJy8uT1NRUK5is66mtrZXDhw9LeXm5z7z6Ydy4cTJ58mSrdrgGkdvb2635z58/bwXgAxboHKH9eI8fP15ycnKsfdWAvebl4MGDkpGRYTWX3tDQIJs3b/ZZhQbHZ8yYIWPGjLGC1ro9XU7NCgsLpaWlxWd+PiCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAwPASIHDt4HifO3dODh06JM3NzQ7WIlYwNy4ursuayFojOj4+3tqGf23lxYsXiwa+NWkgWYPWMTExokHmlStXyv79++X06dPWdP0zb948mThxovuzDmjN6fT0dOuVkpJiBeJ9ZjAfNCi+fPly0SC6nTRfWVlZsmrVKrlw4YLoPuj2vZPOv2LFCp8m1HV7WlPdfm3bts3Ku/dyDCOAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAwPARIHDt4FhfvHjRwdLOF9Vgsx20PnXqlBw5ckTa2tqsAPSCBQskLS1Npk2bJmfOnLECwxp8njBhgrVhzfuxY8esmtYafM7Pz5dRo0ZZNbdPnjwpNTU17gxqQHrZsmVW0FrXr9vRQLUGynNzc2XmzJnufLgXMgMa2F6yZIkVtNZa1hrk1+U0+K751ryNHDnSCqbv3bvXe1GGEUAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEBgGAkQuB7EB1uDxpo0mKxBYQ0ka6qurpadO3daQWoNHmutZ60VrgFoDXBrEFn75NblNGkQu66uzgpC6/xaE9o7cK0B7aSkJGveffv2SXFxsTWsf4qKiqSxsVGWLl0a0Fe2NimugWlNe/bskZKSEmtY/xw9etSq6T1lyhQrn5p/mgx38zCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACCCCAwLASiBpWezvEdrapqcnaI63BPGnSJJ/AcX19vdXHtXdT5trftX62a2Z7c2jf1HawOjk52XuS1X+1jtB+s72D1vZMWou6oqLC/uh+136vNWlevIPW9gxas9tOWnuchAACCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAggggAACw1OAGteD+LhrTWkNXmv/17Nnz5apU6fKpUuXrCByaWmpXL58OejeJSQkWH1ga2BZl9Ua2dovdlfBY3u8HdgOttKqqiqrprb3NHs5DYQvWrTIe1LAsOalrKwsYDwjEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEBg6AsQuB7Ex1gD01u3brWC1toktzYFPm7cOOs1Z84cK4itTXtrU9
|
|||
|
|
<p blockindex=21>在<code>SecretKeyDAO</code>类中的<code>findNumByKeyName</code>和<code>findNumByKeyValue</code>方法调用中,如果这些方法中的实现使用了未经过滤的用户输入构造SQL查询,则有可能导致SQL注入</p>
|
|||
|
|
<p blockindex=22>跟进<code>findNumByKeyName</code>,搜索<code>keyName</code></p>
|
|||
|
|
<p blockindex=23><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAC7wAAAamCAYAAAAg9VcoAAAAAXNSR0IArs4c6QAAAHhlWElmTU0AKgAAAAgABAEaAAUAAAABAAAAPgEbAAUAAAABAAAARgEoAAMAAAABAAIAAIdpAAQAAAABAAAATgAAAAAAAACQAAAAAQAAAJAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAC7ygAwAEAAAAAQAABqYAAAAAU+Y11wAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAQABJREFUeAHsvYd3HMe57fvNYJADA8AcABDMOQcxiEEklbNs2T7BJ993133/w/sr7lrn3rvuObaPZcmKtmwFUiIpilEMIJgzQBLMJIicMfO+XYMa1DR6BgOApCByf9Kgu6urq6t/3dM9rN61KzA6c3ikK9wl4UiXSCRdAvqf+T+ii0hL00Wd1zlpj3RIp6Z1RjolEAxKUWGRTJgwQUaNHiMjC0dKfn6+ZGfnSHZWtgRCQclMz5BAWpoEtchwJGLKiei82YH+jUTCEggEMafzut7MYz1Cd4raaHp0G9FyAqYcs1r/BHV9WPOhfoiwfkxpug+7DmVw/+TP64/fP9wneP/BndLchHn/5fOHz1/+/tD7AX9/8fcnf3/z3x/415MN/vuL//7kv7/Z/sD2F7Y/RZ8JbH9j+yPa0WzYNla2v0aJsP2Z7e98/xBtY7X3Br5/4fsnvn/j+ze+f+P7N75/4/tHvn/FvxX4/hUUqP+h/on6L+rf+P6Z79/5/p3v3/n+ne/fI11d0tHeIdCkt7a3SXtLqzQ1N0t9XZ08qH0g16ur5ebNmzJy5EiZNGmyFBWNksKRhRJEI5Pqw/Ef3lBgORKOSFjLaWtr12lYWltbJTA6lBeRYEi6NFeXitl1GxW3a1JYG+p0w7AKwjoirdIOUXwwIlNKp8jylSuldGqZEZV3agWjBWtzv74M6dKC8Y+agO7M/IdKaLoRpmtZmEeYPDprXyYiOdCd12TQP1jGjdCGfaHgpts05EF6l+ZPc7aLdJfJ/UdvqOTP6w/fFX7/9H7B+w/vv9G2Jzy6+Pzpflbi/oBwn7NYts9aN92m2fx8/vL3B39/9fxu5e9P/v7nv3/47z/++5P//kSDHv/9zX9/47cy//3Nf3+z/YHtv2z/xt1QrwO2v7D9ie1Psd+H+E647WxYtm1tbrpNs/nZ/sb2N7a/sf3Nvjdn+yPbH9n+yPZHtj+y/ZHtj2x/Zfsz25/xb0W2P7P9me3PbH8eiu3PEK1r45eq1qMadPxugYAdJushNVBHnasuXZYTx4/L5cuXZcL4CUb4PmrU6KjwHaL3bt14ME1V7NFbvgR128DIYJb+ElRnd7yMDYRNoxoyR7RUOLw3R9olotssWLhQNj23WTIyM6W9vV1V+O3yoL5OGhoajXK+s7NDwp3q/g7Bu4rg0fCGgLKeQQIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIkQAIk8GQRgMYdOnREUMXt9pOuQvX09HTJyMqUgvwCGZafL5lZWZKWHpIWdX/f9e0OOXPmtGRmZElOTp6EQiFTRlTTHu3oiLJgFBEYHspXWbtIun5CkiZqzK4K+i5pCXdIe6RDisaMkp+/+0vJzc+T5qZmuXv/vtTX10uz7qitrS2mpDd74B8SIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAES6CYA0XpWRobk5uZKXkG+jCoskuycbKmvrZNPPv5IGhuajBg+OytHt4B43jVcV9F7YcZItXPHgEddxvk9GEmT5nCTdGja0hXLZfPWrVLf2Cj37tyRurp6aWhqki51cLeW8TwTJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJEACJNAXATi55+XlynB1fR81Zozk5ebItq++llOnTklmZrbkZufBMl6Lgb5dZ/EpSh+mgveAhI0YPqLO7i3SGYjI8y++IHPnL5Abt26qo3uD1NTUUOje1xngehIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIgARIggYQE4PgeCqXJiBEjZXhBgYwZPVqOlZfL3r17JT09M070Dsf3tOxg9v8nkS4tMCCt4XZ1du80YveZc+dK9bVrUvOgRp3d64zYPeFeuYIESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAEUiAQDoeltbVV2js6pL2tTcqmT5OM9HSpqrysBu8BSVMneIT6uEsoavUeEc0q7ZF2WbJsqcycPUduVF+Xu/fvS5sW0NUFQTyDBEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABAZPABr1xsbGmFZ97oL5UqP69XNnz0laWrq6vavoXRXvQQjew6qCb+3qkMJRRfLsxo1y48YNqa2vM6p5it0HfzJYAgmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQQDwBOL23tLTIg7o6uXnzpqx/bqPk5uVIc0ujSARKd4kK3tvCHRJR6fubb78jd+7dM0L3xsYmQQEMEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEngUBKBZb2pqUg17m9y7VyOvvPqatLe1Sqt+JBKQYFegSzoinTJ/wQIVvQekraVVamprY9bwj6JSLJMESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAESIAEQKCrq0tqampU9N4i6RkZMmPmDGmD4F3CEuwMd0lY3d1XrFptnN0bGhqks7OD5EiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEiABEjgsRCA6L2hoVGaVfS+YtUqdXhvkbaOdnV4D3dISUmJEbm3trZKQ1OjRCKPpU7cCQmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmohj0iTWre3tbSKpFwRCZPniwd7Sp475QumTtvvnQhQ1Oz2sGHiYsESIAESIAESIAESIAESIAESIAESIAESOApJpCdnf2jHn1aWpoUFhZKbm7Oj1oP7jwxgWAgIKNHj06cYYiuwbUVDAZTqh2OEZ+fShQVFaZc34d9XPY7m6HDizJIgARI4EkmkJWVZX6f4DeK95Oenv4kH/ojPTZyfaR4WTgJkAAJkAAJkAAJkAAJkAAJkAAJkAAJ/OQIdIbD0tzcLGHVtk+fMVNd3pslFAgGpGjMGBW6d5mVUMYzSIAESIAESIAESIAESIAESIAESIAESIAEnk4CoVBIfvWLd6WlpUXKy8vl7LnzpjHpcdCAWPbnb78l+QUFRrh769Yt+ejTzwa0a4jQli9dJhcuXJDqGzdiZUBQNWxYQWy5PzN379wdEItnVq6QGdOnm12dOHlSDh8t789ue+WFuHiwgTbAsDYW9jcKCvJl4fwFMm1qmaBjxLbt38j5ixf7W0yv/Fs2b5aSyZNM+r6DB+XkyVO98tgEXCdvvfG65OZEO0R8+ufP5f79+3Z10umW5zZJqY52eefePblSdUUOHTmSMP+a1atlzuxZcvfuXamsqpIj5ccS5u3PClybobR
|
|||
|
|
<p blockindex=24>SQL语句中将<code>keyValue</code>参数直接拼接到查询中,直接调用query方法执行sql语句,几乎没有做什么过滤,从而造成了sql注入漏洞</p>
|
|||
|
|
<p blockindex=25><strong>poc</strong></p>
|
|||
|
|
<p blockindex=26>如果sql语句执行成功就会延迟五秒</p>
|
|||
|
|
<p blockindex=27><code>keyName=1'+WAITFOR+DELAY+'0:0:5'</code></p>
|
|||
|
|
<h2 blockindex=28>漏洞复现</h2>
|
|||
|
|
<p blockindex=29><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACXYAAAWgCAIAAAB/1x5WAAAAAXNSR0IArs4c6QAAAERlWElmTU0AKgAAAAgAAYdpAAQAAAABAAAAGgAAAAAAA6ABAAMAAAABAAEAAKACAAQAAAABAAAJdqADAAQAAAABAAAFoAAAAABYjRC+AABAAElEQVR4Aey9B5gcx3E2vLPx9gIOOWeCBEEiMIAESTCAYs4SFaxk65cty3L6ZVvJlmylz7Kkz7LkIFmWZUsWlUWJpEUJpBjEBAaABAEwAAQBIucMXNo831tVO7O9M7t7s3d7AUD1Q9bWVFdXV7/dM4fp7pq2UqlUqDwd78xCMHZUM2g4HC7P1CtFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBE4rRHQFcTTuvu18YqAIqAIKAKKgCKgCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAopAvQjoEmO9iKm+IqAIKAKKgCKgCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAInBaI6BLjKd192vjFQFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFIF6EdAlxnoRU31FQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFF4LRGQJcYT+vu18YrAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAvUioEuM9SKm+oqAIqAIKAKKgCKgCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAorAaY2ALjGe1t2vjVcEFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAE6kVAlxjrRUz1FQFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFIHTGgFdYjytu18brwgoAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAjUi4AuMdaLmOorAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAqc1ArrEeFp3vzZeEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEagXAV1irBcx1VcEFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAETmsEdInxtO5+bbwioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCioAiUC8CusRYL2KqrwgoAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAic1gjoEuNp3f3aeEVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUAUWgXgQGdYnRDoXwnyZFYGAQKIRC+I+SjjTBQakioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAIqAI9B8B2y6b2PZcVrV/6k1TSotOvXZV7UJvhr/rT2MwvODo9XBHYAAG66AuMQq+/ptwuOOu/ikCioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAIqAINBSBk2ii2LIss+meSzNL+VMbAe36U7t/tXX1IhCtt0B/9IuP4fLHcX8MatnTEAEstCNZxYBFc41ceApktEKmnPSdUsRL8kucHP1VBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUgQFHIMhqDZYhg6gNuK99q4AnxG2eyfTPWPbN5NCWskMnc3cMDHZli88DU4VaVQQag4AxWOtdH6mm712JaYyjakURUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBHoHwIn4/pitejMavL+ITSopYewO4KgF0RnUPHSyhSBUx2BwYpizKWBZHbTM6C5jU+B2h37XWwtXgC1jRVUN0sZRQAIWDbFJtqWsSIejkASnjgXNDb/JtDIhNmgkDH1Ev/g8ku8ZfRaEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBAYXgXw+jwpTaaLZbA7UWTeqFkXTSP9kCS0SCaPSZFMcpmMxmoesK3nW4dI58jyTScNmIUvtAuPRqct+XcpSUSxGCwHJJqLhcOUZ1AofgvPVVGCldIpakclkQQsFmrkduCTWTY/RO6guHo8CxkRTDHwYX7XjNGio2t3HUWF23QOgue1rqPJsJ1FOut7hIKG/wwWBAt8j4eJNTl7ZzaNBY7MW466JzbuGRE0tRKukausp5r1ZpWi/xbjV+21DDSgCioAioAgoAoqAIqAIKAKKgCKgCCgCioAioAgoAoqAIqAInEYIDNqKkR9TqbrazHY1ud+OKzGLDGG7XH9OAWbIYXQdMDv3FABWm3D6IOCO4T432UqlUp7Cxztp98HYUc2gVXc0eMrUuMyRtfSzd4FmX7gH1M5naqhrliJQHQFZEffuiwm3T0CRphs+BhqZvqh6cc1RBBQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUgWGKQC5PkSqdnT2gEqmWiFPUXf8nwettcIZjDSVKL5mMwwHxpF47PT09KNvDMX+JBMdERmmGEytSg9YoWf3qSWVRY4GCD0MjRpAnFWb+K4SJlmIIJX6xsyPFdiiiqSkZgfFItZhIqqoBCdVxE0qeSJyrtKgYndnMX7wL1R1v2gf/7NQJuNR93+dRNr9zbWULFnlr8/f2JKKxsppKFYGhRsCy6K6Jnr0MtOmaPyd3/LGMFZ4MpChJ1mycqwH4lUfYABhWk4pAEQEdYzoUFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBFQBBSBUwYBLOEMn7Y4S1x98Uga4p+9HPwGehYU++yAFKzWrr5g1FsZP3pSos9N6K3C3vOrudR7SdVQBE45BAb8LMb8jnUArTx+0VzX9EaknXIIa4MaiEDl0WKfOIB19NST/4Wamt/2f6i+ppEgw+hfIuSTJkVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFFQBGogICs2XR30/f2inFpSY60G6IJvkiMZrCjHHHoeEVn/vEhgBX8LxNxxE+eAwa7e+gsybZWKhuNFqfih2RtLBYjKDu76IuDXd1EW1sSoGWLuRXQLs3ky/mLhQI1r601ilYMbkNKEYpyOmY0TpKO4/TFRMGWw0RxNbAp8/SPUEHV+EWp3CbcKsA5sK6pdUUgEAK2xePT5lhbm0Kbc689DpqecCZoYvFbQctSzaFcekaUlWncxeA+aBrnt1o6JRDQHSWnRDdqIxQBRUARUAQUAUVAEVAEFAFFQBFQBBQBRUARUAQUgSFDoIFzjKfMbHkDMRmyfm1ExadMhzYCDLVxOiIw4FGM2c1PA1e7ICc+hnHL2SHauxHilfzTEXJtcyMQwN8w4/FNK+WFQ9vI8MHdyApPpyhGJENHBERrfjq4pKacIqAIKAKKgCKgCCgCioAioAgoAoqAIqAIKAKKgCKgCAwCAoUCxdPkchRP09baRPN75XEz5ZOBA+5RmCPQElGKk0uFieZyNKcd4bMhe6mePc9kaQ7SwpGS4XA0ShGZFScqezHlZKP5/bQgJ641J8nisWM8V99CXjlzpb1HIqXTGTQhkaAFBc9nV9nOwBH5sp14WOKj3C9NyRjAyWQoljERbxo4J1zLuU1PuTyiwQoYq+61MorAyYCAxfGLpqc2xzJmN62AsEIUo6nq4wd7/A/yHwNfe1VwiiBQ409yjaxTpPHaDEVAEVAEFAFFQBFQBBQBRUARUAQUAUVAEVAEFAFF4BRFQJbTpHEuf5LO+MFttwn96a7GNr9vLjXWh/6gYZbtW1tMC/3hgcnwhKU/jdKypycCuJX6NpgHPIrR7jlMXeKs5cNLXiIt24Vi8xXCGzUpAj4EaBXctmh/ijlCzAFkh3j3So523+RynaD0dXOkKuGKZl
|
|||
|
|
<h2 blockindex=30>修复建议</h2>
|
|||
|
|
<pre blockindex=31><code class="hljs language-php"><span class=hljs-keyword>public</span> <span class=hljs-keyword>String</span> getKeyNameBykeyValue(<span class=hljs-keyword>String</span> keyValue) throws <span class=hljs-built_in>Exception</span> {
|
|||
|
|
<span class=hljs-comment>// SQL查询语句,使用?作为占位符以避免SQL注入 </span>
|
|||
|
|
<span class=hljs-keyword>String</span> sql \= <span class=hljs-string>"SELECT keyName FROM SecretKey WHERE keyValue = ?"</span>;
|
|||
|
|
Connection conn \= <span class=hljs-literal>null</span>; <span class=hljs-comment>// 数据库连接对象 </span>
|
|||
|
|
QueryRunner qr \= <span class=hljs-literal>null</span>; <span class=hljs-comment>// QueryRunner对象用于执行数据库操作 </span>
|
|||
|
|
|
|||
|
|
<span class=hljs-keyword>String</span> result; <span class=hljs-comment>// 用于存储查询结果 </span>
|
|||
|
|
<span class=hljs-keyword>try</span> {
|
|||
|
|
conn \= getConnection(); <span class=hljs-comment>// 获取数据库连接 </span>
|
|||
|
|
qr \= <span class=hljs-keyword>new</span> QueryRunner(); <span class=hljs-comment>// 初始化QueryRunner </span>
|
|||
|
|
<span class=hljs-comment>// 使用参数化查询执行SQL,并通过ResultSetHandler处理结果 </span>
|
|||
|
|
result \= (<span class=hljs-keyword>String</span>) qr.query(conn, sql, <span class=hljs-keyword>new</span> ResultSetHandler<<span class=hljs-keyword>String</span>\>() {
|
|||
|
|
<span class=hljs-keyword>public</span> <span class=hljs-keyword>String</span> handle(ResultSet rs) throws SQLException {
|
|||
|
|
<span class=hljs-comment>// 如果查询结果为空,返回"默认密钥",否则返回查询到的keyName </span>
|
|||
|
|
<span class=hljs-keyword>return</span> !rs.next() ? <span class=hljs-string>"默认密钥"</span> : rs.getString(<span class=hljs-number>1</span>);
|
|||
|
|
}
|
|||
|
|
}, keyValue); <span class=hljs-comment>// 将keyValue作为参数传递,避免直接拼接 </span>
|
|||
|
|
} <span class=hljs-keyword>finally</span> {
|
|||
|
|
DbUtils.closeQuietly(conn); <span class=hljs-comment>// 确保数据库连接被关闭 </span>
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
<span class=hljs-keyword>return</span> result; <span class=hljs-comment>// 返回查询结果 </span>
|
|||
|
|
}
|
|||
|
|
</code></pre></div></div>
|
|||
|
|
</div>
|
|||
|
|
<div class="post-opt mt-30">
|
|||
|
|
<ul class="list-inline text-muted">
|
|||
|
|
<li>
|
|||
|
|
<i class="fa fa-clock-o"></i>
|
|||
|
|
发表于 2024-08-29 09:33:34
|
|||
|
|
</li>
|
|||
|
|
<li>阅读 ( 228 )</li>
|
|||
|
|
<li>分类:<a href=https://forum.butian.net/articles/Web111 target=_blank rel="noopenner noreferrer">Web服务器</a>
|
|||
|
|
</li>
|
|||
|
|
<li><a href=# class=report_btn data-source_type=vulnerabilities_article data-source_id=547 data-toggle=modal data-target=#send_report_model><i class="fa fa-flag-o"></i> 举报</a></li>
|
|||
|
|
</ul>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div class="text-center mt-30 mb-20">
|
|||
|
|
<button id=support-button class="btn btn-success btn-lg mr-5" data-loading-text=加载中... data-source_type=article data-source_id=547 data-support_num=0> 0 推荐</button>
|
|||
|
|
<button id=collect-button class="btn btn-default btn-lg" data-loading-text=加载中... data-source_type=article data-source_id=547> 收藏</button>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class="widget-answers mt-15">
|
|||
|
|
<h2 class="h4 post-title">0 条评论</h2>
|
|||
|
|
<div class=comment>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class="widget-comment-form row mb-20">
|
|||
|
|
<form class=col-md-12>
|
|||
|
|
<div class=form-group>
|
|||
|
|
<textarea id=comment-content name=content placeholder=写下你的评论 class=form-control value></textarea>
|
|||
|
|
</div>
|
|||
|
|
</form>
|
|||
|
|
<div class="col-md-12 text-right">
|
|||
|
|
|
|||
|
|
<button type=submit data-token=3Pc1iiU7gFPnX4v6YCLymt20lxE5MuCVXQFHbYzN data-source_id=547 data-source_type=article class="btn btn-primary btn-sm ml-10 comment-btn">提交评论</button>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class=text-center>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<footer id=footer>
|
|||
|
|
<div class=container>
|
|||
|
|
<div class=text-center>
|
|||
|
|
<a href=https://forum.butian.net/>奇安信攻防社区</a><span class=span-line>|</span>
|
|||
|
|
<a href=mailto:butian_report@qianxin.com target=_blank rel="noopenner noreferrer">联系我们</a><span class=span-line>|</span>
|
|||
|
|
<a href=https://forum.butian.net/sitemap>sitemap</a>
|
|||
|
|
</div>
|
|||
|
|
<div class="copyright mt-10">
|
|||
|
|
Copyright © 2013-2023 BUTIAN.NET 版权所有 <a href=https://beian.miit.gov.cn/#/Integrated/index>京ICP备18014330号-2</a>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</footer>
|
|||
|
|
<div class="modal fade sf-hidden" id=sendTo_message_model tabindex=-1 role=dialog aria-labelledby=exampleModalLabel>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
<div class="modal fade sf-hidden" id=send_report_model role=dialog aria-labelledby=exampleModalLabel>
|
|||
|
|
|
|||
|
|
</div> <div class="modal fade in sf-hidden" id=payment-qrcode-modal-article-547 tabindex=-1 role aria-labelledby=exampleModalLabel aria-hidden=false>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div style="display:none;position:fixed;top:40%;left:50%;z-index:9999;transform:translate(-50%,-50%);padding:3px 15px;border-radius:8px;background:rgba(120,120,120,0.7);box-shadow:1px 1px 3px 1px rgba(160,160,160,0.6);text-align:center;font-size:12px;color:#fff"></div><div id=windowLoading class="modal fade sf-hidden" tabindex=-1 role=dialog>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span id=cnzz_stat_icon_1279782571></span>
|
|||
|
|
<div class="geetest_panel geetest_wind" style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
|
|||
|
|
* Pico.css v1.5.6 (https://picocss.com)
|
|||
|
|
* Copyright 2019-2022 - Licensed under MIT
|
|||
|
|
*/#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c
|