Penetration_Testing_POC/books/易宝OA代码审计[ExecuteSqlForSingle SQL注入_ UploadFile文件上传_DownloadRptFile文件下载].html

<!DOCTYPE html> <html><!--
 Page saved with SingleFile 
 url: https://forum.butian.net/share/2849 
--><meta charset=utf-8>
<meta http-equiv=X-UA-Compatible content="IE=edge">
<meta name=viewport content="width=device-width, initial-scale=1">
<meta name=csrf-token content=VD0owLiLrat8LaN2vBAqJtnLFngrtZgXtzYM7DqG>
<title>易宝OA代码审计[ExecuteSqlForSingle SQL注入+ UploadFile文件上传+DownloadRptFile文件下载]</title>
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
<meta name=description content=奇安信攻防社区-某oa代码审计>
<meta name=author content="QIANXIN Team">
<meta name=copyright content="2021 QIANXIN.com">
<style>@media(max-width:767px){}</style>
<style>/*!
 * Bootstrap v3.4.1 (https://getbootstrap.com/)
 * Copyright 2011-2019 Twitter, Inc.
 * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
 *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}a:active,a:hover{outline:0}img{border:0}textarea{color:inherit;font:inherit;margin:0}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}:after,:before{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{-webkit-tap-highlight-color:rgba(0,0,0,0)}a:focus,a:hover{color:#23527c;text-decoration:underline}a:focus{outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}img{vertical-align:middle}h1,h3,h4{font-family:inherit;font-weight:500;line-height:1.1;color:inherit}h3{margin-top:20px;margin-bottom:10px}h3{font-size:24px}p{margin:0 0 10px}@media(min-width:768px){}.text-muted{color:#777}ul{margin-top:0;margin-bottom:10px}.list-inline{padding-left:0;list-style:none;margin-left:-5px}.list-inline>li{display:inline-block;padding-right:5px;padding-left:5px}@media(min-width:768px){}code{color:#c7254e}.container{padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media(min-width:768px){.container{width:750px}}@media(min-width:992px){.container{width:970px}}@media(min-width:1200px){.container{width:1170px}}.row{margin-right:-15px;margin-left:-15px}.col-xs-12{position:relative;min-height:1px;padding-right:15px;padding-left:15px}.col-xs-12{float:left}.col-xs-12{width:100%}@media(min-width:768px){}@media(min-width:992px){.col-md-9{float:left}}@media(min-width:1200px){}@media screen and (max-width:767px){}@media screen and (-webkit-min-device-pixel-ratio:0){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(max-device-width:480px) and (orientation:landscape){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(max-width:767px){}@media(min-width:768px){}@media(min-width:768px){}@media(max-width:767px){}@media(min-width:768px){}@media(min-width:768px){}@media(min-width:768px){}@media(max-width:767px){}@media(max-width:767px){}@media screen and (min-width:768px){}@-webkit-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@-o-keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@keyframes progress-bar-stripes{from{background-position:40px 0}to{background-position:0 0}}@media(min-width:768px){}@media(min-width:992px){}@media all and (transform-3d),(-webkit-transform-3d){}@media screen and (min-width:768px){}.btn-group-vertical>.btn-group:after,.btn-group-vertical>.btn-group:before,.btn-toolbar:after,.btn-toolbar:before,.clearfix:after,.clearfix:before,.container-fluid:after,.container-fluid:before,.container:after,.container:before,.dl-horizontal dd:after,.dl-horizontal dd:before,.form-horizontal .form-group:after,.form-horizontal .form-group:before,.modal-footer:after,.modal-footer:before,.modal-header:after,.modal-header:before,.nav:after,.nav:before,.navbar-collapse:after,.navbar-collapse:before,.navbar-header:after,.navbar-header:before,.navbar:after,.navbar:before,.pager:after,.pager:before,.panel-body:after,.panel-body:before,.row:after,.row:before{display:table;content:" "}.btn-group-vertical>.btn-group:after,.btn-toolbar:after,.clearfix:after,.container-fluid:after,.container:after,.dl-horizontal dd:after,.form-horizontal .form-group:after,.modal-footer:after,.modal-header:after,.nav:after,.navbar-collapse:after,.navbar-header:after,.navbar:after,.pager:after,.panel-body:after,.row:after{clear:both}@-ms-viewport{width:device-width}@media(max-width:767px){}@media(max-width:767px){}@media(max-width:767px){}@media(max-width:767px){}@media(min-width:768px) and (ma
<style>/*!
 *  Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
 *  License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
 */@font-face{font-family:"FontAwesome";src:url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3LiphOmnPTyAZxjrQ9lRKwD77u5eSmhrBLETRy5y0q7+cl6NpoI9clO3BQ6aaUaNZDPffO+traDZca5SYUKaliYYTGS0z4QL/5nuR0uiGifjLt
<style>@media(min-width:1200px){}@media(min-width:768px){}@media(max-width:767px){}@media(max-width:767px){}@media(min-width:768px){}@media(min-width:992px){}@media(min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mt-10{margin-top:10px}.mt-30{margin-top:30px}.taglist-inline{list-style:none;padding:0;font-size:0}.taglist-inline li{padding:0;font-size:13px}.taglist-inline>li{display:inline-block;margin-right:5px}.taglist-inline>li:last-child{margin-right:0}.widget-article .quote{padding:25px;background:#f3f5f9;line-height:24px;overflow:hidden}@media(min-width:768px){}.word-wrap{word-wrap:break-word;word-break:normal}::-webkit-scrollbar{width:6px;height:6px}::-webkit-scrollbar-thumb{background-color:#e4e6eb;outline:0;border-radius:2px}::-webkit-scrollbar-track{box-shadow:none;border-radius:2px}</style>
<style>a{text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}@media(max-width:767px){}@media(max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#e7f2ed;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}</style>
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#ffebe9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#fff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body a{background-color:transparent;color:var(--color-accent-fg);text-decoration:none}.markdown-body a:active,.markdown-body a:hover{outline-width:0}.markdown-body strong{font-weight:600}.markdown-body h1{margin:.67em 0;padding-bottom:.3em;font-size:2em;border-bottom:1px solid var(--color-border-muted)}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body a:hover{text-decoration:underline}.markdown-body h1,.markdown-body h3,.markdown-body h4{margin-top:24px;margin-bottom:16px;font-weight:600;line-height:1.25}.markdown-body h3{font-weight:600;font-size:1.25em}.markdown-body h4{font-weight:600;font-size:1em}.markdown-body ol{padding-left:2em}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0 !important}.markdown-body>*:last-child{margin-bottom:0 !important}.markdown-body a:not([href]){color:inherit;text-decoration:none}.markdown-body p,.markdown-body ol{margin-top:0;margin-bottom:16px}.markdown-body li+li{margin-top:.25em}.markdown-body code{padding:.2em .4em;mar
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
<!--[if lt IE 9]>
    <script src="/static/js/html5shiv.min.js"></script>
    <script src="/static/js/respond.min.js"></script>
    <![endif]-->
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
 * Waves v0.7.5
 * http://fian.my.id/Waves
 * 
 * Copyright 2014-2016 Alfiana E. Sibuea and other contributors
 * Released under the MIT license
 * https://github.com/fians/Waves/blob/master/LICENSE
 */</style><style>@media(max-height:620px){}@media(max-height:783px){}@-webkit-keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}@keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}</style><style>@-webkit-keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@media(pointer:coarse){}</style><style>:root{--sr-annote-color-0:#b4d9fb;--sr-annote-color-1:#ffeb3b;--sr-annote-color-2:#a2e9f2;--sr-annote-color-3:#a1e0ff;--sr-annote-color-4:#a8ea68;--sr-annote-color-5:#ffb7da}</style><style>@-webkit-keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@-webkit-keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes fadeOut{0%{opacity:1}to{opacity:0}}@keyframes fadeOut{0%{opacity:1}to{opacity:0}}@-webkit-keyframes fadeIn{0%{opacity:0}to{opacity:1}}@keyframes fadeIn{0%{opacity:0}to{opacity:1}}@-webkit-keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:transl
<body>
<div class="global-nav mb-50" style="display:none !important">
 
</div>
<div class="top-alert mt-60 clearfix text-center" style="display:none !important">
 <!--[if lt IE 9]>
    <div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>，放学别走，升级完浏览器再说
        <a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
    </div>
    <![endif]-->
 
 </div>
<div class=wrap>
 <div class=container>
 <div class="row mt-10">
 <div class="col-xs-12 col-md-9 main">
 <div class=widget-article>
 <h3 class="title word-wrap">易宝OA代码审计</h3>
 <ul class=taglist-inline>
 <li class=tagPopup><a class=tag href=https://forum.butian.net/topic/47>渗透测试</a></li>
 </ul>
 <div class="content mt-10">
 <div class="quote mb-20">
 某oa代码审计
 </div>
 <textarea id=md_view_content style=display:none>简介
==

这次是一次网盘搜索找到的代码。原本因为要下载一些资源顺手充了个网盘会员，结果发现意外的发现网盘搜索出来的资源还挺丰富。于是便开始搜索一些源码。。。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-a762c5360242fdc6cc2352d028f1821b44e1fa12.png)

然后安装完毕之后进入web目录中，将web目录单独打包出来。  
ps: 由于源码貌似是个备份文件，所以不是很完整，缺少数据库文件源码无法本地安装。（痛点）

找到关键的dll文件，放入dnspy然后导出工程方便之后在vs中打开查看。首先拿到.net源码应该查看webconfig文件。在webconfig文件中可以找到重要的dll，比如web的Controller是哪个dll的。这里不多赘述，详情可看msdn文档，非常之详细。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-4eeeda67821a35b3ff4f88a3774a2da270bbef2a.png)

### 0x01 逻辑缺陷

首先是身份认证逻辑的缺陷，对于用户身份的识别程序没有选择传统的session中判断用户是否登录，而是要求用传递一个token的值，通过判断token值是否等于某字符串来进行一个登录的校验。这个漏洞也将作为基础导致了接下来的一系列未授权漏洞的出现。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-f710e297fb8a98fa042bd03bcdafd79225340f1e.png)  
首先看到代码 **base.IsAuthorityCheck() == null** 判断了登录状态是否为空，这里可以跟进**IsAuthorityCheck**函数看看具体的判断逻辑。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-31f184fb2169d3be545edc771a5d147d6d533d1e.png)

因为条件**base.IsAuthorityCheck() == null** 判断了是否为空，那么我们只需要让**IsAuthorityCheck**返回一个非空的值就可以了。根据逻辑往下走，发现`byValue == “zxh”` 的时候会返回一个UserInfo对象，那么也就是返回一个非空值。

回看到第25行，跟进`getByValue`函数

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-9b9b326fec4b9fe26a7dbd548fbc4e09ded7cea9.png)

getByValue函数如下：  
![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-5dc3d56829597091b22121b6825fd5a3099992b4.png)

这段代码是Web中用于从请求的参数中获取特定值。解释一下：

1. `base.Request.Properties["MS_HttpContext"]`：这部分代码通过基类的Request对象获取一个名为 "MS\_HttpContext" 的属性，该属性用于存储HttpContextBase对象。
2. `(HttpContextBase)`：这是一个类型转换操作，将上一步获取的属性值转换为HttpContextBase类型的对象。`HttpContextBase`是.net中的http类，简单看成是一个http请求即可，详情：[https://learn.microsoft.com/zh-cn/dotnet/api/system.web.httpcontextbase?redirectedfrom=MSDN&amp;amp;amp;view=netframework-4.8](https://learn.microsoft.com/zh-cn/dotnet/api/system.web.httpcontextbase?redirectedfrom=MSDN&amp;amp;view=netframework-4.8)
3. `.Request[value]`：最后，从上述转换后的 HttpContextBase 对象中获取名为 "value" 的请求参数的值。value是刚刚传递过来的参数，也就是25行的token。

因此，整体来说，这段代码是从 HTTP 请求的参数中获取名为 "token" 的参数。然后判断参数是否是zxh，如果是则返回一个UserInfo对象，然后通过身份认证。也就是说和cookie，session等身份认证不挂钩，登录判断只需要有token字段并且内容是zxh即可。

&amp;gt; 这也是api中常见的安全问题，因为有时候api确实不好做登录验证，常常都会使用一个字段去判断是否登录，但是如果这个字段是静态的，固定不变的则可能引发未授权访问等一系列安全问题。

### 0x02 sql注入

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-9d1e07113e047ce6bfdd7de1e8cca41798099895.png)  
绕过了token验证之后，程序从http中获取了sqlParamenters参数，然后再次判断sqlParamenters是否为空如果不为空就执行ExecuteSqlForSingle函数。其中sql参数则是要执行的sql语句。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-e44ad5f3dd8190cf14ab1fce822c04f641c58d6e.png)  
其实到这里可以选择跟进或者是不跟进，因为如果跟进的话，还需要分析另外的一个dll。一般情况下我都是会直接试一下poc，如果能够运行成功，那么则不跟进，反之则跟进函数看看是否存在一些过滤。像这种看样子是没过滤的，可以尝试直接试一下是否存在注入。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-ea1b96eb46468c043815bb3ff1f373f4464b39cd.png)

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-54e11cc1ce3ee1c915fbfe8d02f713e307b77051.png)

可以看到确实存在sql注入，能够直接执行sql语句。

#### 后话：

如果想跟进看看具体原理就是找到这个Service的dll。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-a727c3fabe28b106dbb7aa20ba59d87cf2416083.png)

然后找到systemService的ExecuteSqlForSingle函数

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-d59d8fa914b946677e4343d83324eca8b1e126bd.png)

然后跟进ExecuteScalarSQLToObject可以发现没有任何过滤，直接执行sql语句。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-8670dea7f5cb8c99c6169f6fd7cd780a353b4394.png)

#### 题外话：

还能够看看webconfig文件的sql配置，如果默认用户是sa的话，可以通过sa这个用户直接使用xp\_cmdshell直接执行windows cmd命令。这也是.net中比较有意思的一点，注入有时候就是rce。因为.net大多数都是用sql server作为数据库，而sql server有个xp\_cmdshell可以执行系统命令。

### 0x03 文件上传1

对于.net的文件上传来说可以通过一些controller命名的方式寻找突破口，比如很多开发都习惯性命名为fileController表示文件操作的控制器，比如uploadController，fileController，downloadController等等命名的Controller就是极好的一个突破口，很容易能寻找到各种文件操作的控制器。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-7a0bdc2be74d0234269b0f71210c3da4f09acaaa.png)

这套源码就存在了一个较为常见的文件上传。通常oa系统都会需要上传一些文档比如xls表格或者word，pdf等附件之类的用于办公需求，但是如果没有对后缀名进行过滤，那么就会造成黑客通过文件上传漏洞获取服务器权限。

比如代码如下Upload函数，token已经通过漏洞1的逻辑缺陷进行了绕过。然后程序获取了FileName以及fs两个参数，其中fs就是文件的内容。

fs经过了JsonConvert的反序列化，将字符串内容转换成了Byte数组。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-a6e5d42aec1498ac6cc38607b98132c5029bca76.png)

跟进Upload函数，发现FileName就是传递过来的文件名。最后作为一个path给到文件流，文件流最后会写入成真正的文件。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-515f21c8644dd38a936839e68ff224c84d6d57c6.png)

MemoryStream 是一个在内存中创建和操作字节流的类。它继承自 Stream 类，提供了读取和写入字节数组的方法，可以方便地进行内存中的数据操作。也就是说我们传递的http参数fs将会以byte编码的方式传递到fs变量fs变量经过了MemoryStream然后写入到文件。

比如http传入的是\[97,97,97\]这个byte数组那么经过MemoryStream写入文件就是aaa的形式，因为a的ascii码是97

![1711438160800.jpg](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-a506ccdf2a7262a8e782ce656f7600f9d63b7e29.jpg)

然后a.txt只是为了省事随便写的，实际上是由http参数传递过去的。现在看看真正的效果。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-c889c51de7ac1ff360853e499e22a20aa513ceaf.png)

访问发现

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-637354f625f25433a369e42f8222b68202da79f8.png)

### 0x04 文件读取

同文件上传类似，基本上一个Controller某个方法如果没有任何防护，基本上整个Controller都没有防护。比如对上传的文件名没有做任何限制，那么对于文件读取的文件名大概率也是没有任何限制的。任意文件读取危害可大可小。任意文件读取在某些情况下危害是同等于文件上传的。比如某些api是对上传没有任何限制但是只限于后台文件上传，这个时候可以用任意文件读取读取数据库的备份文件从而寻找密码进行getshell。还有java的一些文件读取，比如java应用使用了shiro组件的同时还存在任意文件读取漏洞，那么攻击者完全可以通过读取java的shiro的jar包获取shirokey进行getshell。也可以通过读取ssh密钥（需要高权限）等等方式去进行利用。

程序代码如下：

![1711460694276.jpg](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-eba0e264fb7c3dadf50056cbedfd5845285b128b.jpg)

通过requestFileName参数作为文件名然后去读取文件。可以看到虽然限制了文件夹路径，但是并没有过滤掉../的方式，还是可以通过../的方式去对目录进行跨越从而造成任意文件读取。

![1711460729394.jpg](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-b1a4bcda599be9526c97399a66a2c9937b1adc75.jpg)

![1711460674240.jpg](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-f9370fa61faf71e57d2af8363d18058a32ad8767.jpg)

跟进getBinaryFile

![1711460748509.jpg](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-be78bb56d8f30a311cb68a0c7e3b5bffe4012bfc.jpg)

然后读取文件。

![图片.png](https://shs3.b.qianxin.com/attack_forum/2024/03/attach-e283e5e24a141aaddfeff7253f57684b000bfdbe.png)</textarea>
 <div id=layer-photos-demo>
 <div id=md_view><div class=markdown-body><h1 blockindex=0>简介</h1>
<p blockindex=1>这次是一次网盘搜索找到的代码。原本因为要下载一些资源顺手充了个网盘会员，结果发现意外的发现网盘搜索出来的资源还挺丰富。于是便开始搜索一些源码。。。</p>
<p blockindex=2><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA5oAAAMSCAYAAAALFrs+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzde3RU9b3//+feMyEJFyFBLgG5VxCRngCx+Pul1SqgTVPTaNFjUYRaF2A9EuOv9Sy1HEppsfVn5YRv+RbQiscgdXGoxUuMXy5W2mIbGy7W+jsQJYhgEgwmIYEQkpn9+f0xl8wkk2SSTLi+HmtRmT2fz96fcTqrfa3352IZYwwiIiIiIiIiMWKf6wGIiIiIiIjIxUVBU0RERERERGJKQVNERERERERiSkFTREREREREYkpBU0RERERERGJKQVNERERERERiSkFTREREREREYkpBU0RERERERGJKQVNERERERERiSkFTREREREREYkpBU0RERERERGLKfa4HcLYYYyJetyzrLI9ERERERETk4nZRB822wmV7bRQ8RUREREREuueiDZrRhMyu9FMQFRERERERad9FGTSd+iNUnYrv1j1Onz7d6T4jRo7q1jNFREREREQuBpbpaunvPOXUHwE4J0EzQIFTREREREQuZRfVrrOBkHmuHfn0MDXHy8/1MERERERERM6Jiyponm8UNkVERERE5FJ00QTN86Wa2VLN8XIFThERERERuaTEfDMg78fLsCs34G1qwnGcTvT07ebqTnBjUpbhGjkHLBswwfcuZIGwOeDylHM8EhERERERkZ4V+4pm2W/xNJ7pZMgEgwEMnoYmXE4dnvJd4DRyMYTMUKpuioiIiIjIxS7mQdPrQFf2sbWCgdJw5mQDbvsUTvkfwXvGf/ni2RxXYVNERERERC5m580aTV9FExzHwbIMZ06cwqYBb/kfMd7TYFmAwua5UJKXRVpOQVd6kpeVRuuuBeSkZZFXEuWzs/KIoqmIiIiIiJwnYr5G07IsHMdg2xZdOaLT19/BAs7UniL+MvCWv4Nr6A3g7s3FsmYTfGGzec3mZvjNv4U3uOLXcOvs9m/y4T3wp+3Q70G4Z0mPjJOMGaTPWUpaDhTnZbbftiCHtKWwrDiPDlpGoYDV+WWkL8thfLfvJSIiIiKXjKpiNm3eQ43/5ZgZC5g1LrTBQbat28EhgAFTmX1nGsmd6X9wG+t2HAq8y4wFswi7fURtP7OqeBOb99S06tF63J39nKHtqpkW1ThjwzJdSYPtaHxnZJf6BQfheGHQIzjuUbisRgw28X0T8Jo47CHXY/XqB8bxbxQULnTn2apT8V0aR8Dp06e71b9f715RtRtweUpzWLxmB3xtkv+dD2HDDKibCQ9saPsGrw8FZsLR7XB9BUxqu2lHSvKymJNf1ul+w+Zu5LWckCgYDJsP8nHWHEoXLoOlS9nVwX3SlxUTmmM7M55WYxARERGRS9RBtq3bTdLsO0lLxh+yShkbeE0VxZs2Uz3NF8qqijexuXoaC4IJrYP+LUJb6/6RdPTMlh9hG+t2J7UOwJ36nCH32nGI6ANxbMS8otlVBrAxOJaFhY1tOTiOB8uyOXOynvg+CTgVf4QhX8OKTzrXw42dY8t9IbNVSJwE91T4guSG5ZGrlceWw1Hg+sfgxHYo3QyTOqiAdmTYXDa+Fm0FsYS8rDnsaHk5M4/iTCjISSO/DNLJJK84tL5ZQE7aWsZufI02s2FJHj/ML2sVPlsrICdtKXxJIVNEREREgIOlHBozjVmBsJWcxrQxeyitBl9qq6a6Zgxj/YkreexYBmwu5SDjfCGso/7Jady5oPlxrfpH1MEzwz8A23ZUM3X2rHZCZjSfEw5uW8eOQwOYOmMqpTuq27tbzPXoGs32iqUt3/OtwLSwTBPGcxzH7ofl6oex+4LdmzOnXdh2PM6xv2MaI1cb7d4jYjn8s6LGdb9v2mtblcivPAh1q+HDCO+VvAHMhEmTYNQoOLqlg6cVkJMWac1kO0ryyOpsH//azK03b2TusM70C+n/w3zKhs3lwe7PvxURERGRS8m4WS0qhQcpPTSApECtqqqa6gFJBEtXyUkkUU11VZT9W6gqLaVmzNj2K4UdPTO0afFuDo2ZFl6VjCSKcY6btYAFC+4k7RzU6XqsommMwbIs2sqyluWEtAkETbAsN9Ruxmr6BKwEbMu3JtNgaKy16JXQi8bjm+k1dV3E+9q9R4RNob0gjLq97feG3A79VkPVh4Sn0Q/h8GG44ke+l+O/Bf/0B9IuTp8dn/MaxTnh1wpW51OWvozXIga+8eS8Vkx4F3+FcVkxeZkl5K0NXM4hbWn45Nldc9LID7xIXxZc/1mQMwffjNl85qTl01p6jNaAioiIiMjFrYriTTuonjq7ufJXXU0N0SavCP2DbwXWRw5g6uwOJqRG/cyD7N5Dx/frzDjPkR4Kmr4AaYwXPCfACnmMBThN4O6PZdkY4/ja4o+TlgvLOQkn/09zF8t3+IkxhjO1EOdyAZGDJvgrm6c+75mPdq7U/A9hCfLYK1AHTPFPlQ0E0r3LYVKMNgUqyWPtrmHM3RhtpCshL2stYzcWR54SGxImO37mQkrnBAJr+PtZc0qjHI+IiIiIXLp8m+9UT53NnaHlwaQkBnSnf0ByGncuSPO320Sxf22kb7qqv82YGb6qY7TPPFjKoQFjmdbicRHvGe04z5EeCpoWxjhgJ+K68lGsXoMxOP53LEzj53hLn8IYD5YrEYwJ7iNrAdguIAGMweD4K53+yqcxeLDoaKudywcN5njlRRY2Q723usWU20kwZSb86Q04tgSG+C+X5JE1J5+wLXWWppG21PfX4CY6kdr55YdWHiMaxtyNr5Ezfjw5r70Wct1X8fS5mfSlS8kpyGx/zeX4HF4rzgEKWlRK21DyMb6lzSIiIiIifv5qY9KMBdzZsjiYnERSTSnBpYxV1VSTxNjkKPu3Mo6xY3YE10aOm7Wg9TTaaJ4JHCw9xICx01qtzYx4z06P8+zqoaBpYzzVuK74V4hLwns4D8udDDg43lPYg2/Ffc1v8fzzPkxDuS9Yhi7Z9JUvwU7Acvf17TIbeqRJlPvkXj5oMF8cr+ziZ+jeESqOtymqdsnbvgKjWm2n09qAiSEvNvs2AWI1/GZ167YlH8IQfwINBjcIn9baok9YO/+OrztmRNwYqO33fPdvd3fZkJDbUqSNf3ZFbJ/e4vUwxl7Z3kNFRERE5JIREr4ib+qaRNKAQ+wurmJcWrJ/jeW05iDXUf9WO8L610ZOa29QHTzT92CqqwcwtmU5s8uf89zqsYqmZRwsdz/Mid04J97DihsEeAELz0dFuEbl4v6X32Gq3gE7sTnXGQMYsFyYE8U4VTvBlYCFgzHNlc1odD1knkX9gcOvhBxr0kJgimxyyPsfbgFGwe1FzZXLgNeHtn+/aBTkMCcf5m6MtPtse2dbttxdtvl+aUsPMWwYzHg6fKfZkrws5pQubHNKbUe7zpYU7qCMMdp0VkREREQA/+Y8QM2OdawLqec0nzGZTNqdM6het5l1e/CfaTku+v7jZjG7ehOb1+3xvzOAqS2PFGml/Wf6VFNdQ/SrRzv8nOdWj63RxL9G03L1xnL1xXL1Bcv4psm6L8M5uhZOH8RKHIPx1GCFVBANgNOIPfJBTOMxzKkDYCcAXn/Y7JlRnxNfeRBeWQ0fLom8iU+rKbJA6XbftZYhE2DsTPhTO/eLQgFjmTtsl2/KbNi6yhLyspayK30ZkfJka77jT/LLAlNrC8hJy6GgOI/MwOZA6csofvBKSqBTR6qEHq+Zvuw1MqM5MkVERERELnrJaXeyIK2jVuOYtSByGoumf3TPiP6Z0b3fjTG0OJLlbOiximbwP40DGIxzBrx1YMfhC6K9cCrfAKeR1tNUXZjGJqw+V0FcMqbxOMQNwHL19h+LcnEkzeQhI4ElcP0B+NNQqNoRUon8EDbMgLqZ8EDI5j6BszOvaWOn2knZvnM5I56p2UbFsWWrzBzIzPGtkSzIIS107uqwuWzsaEOfFlNo05cFwl8mecWQk5bGUtJZVlwc3Dk2+mwYaadb/Gs1x3CzQqaIiIiIyDnXY8ebAL7So2WB48HqPRTXqJ+BHY/xnZgJlk3k
<p blockindex=3>然后安装完毕之后进入web目录中，将web目录单独打包出来。<br>
ps: 由于源码貌似是个备份文件，所以不是很完整，缺少数据库文件源码无法本地安装。（痛点）</p>
<p blockindex=4>找到关键的dll文件，放入dnspy然后导出工程方便之后在vs中打开查看。首先拿到.net源码应该查看webconfig文件。在webconfig文件中可以找到重要的dll，比如web的Controller是哪个dll的。这里不多赘述，详情可看msdn文档，非常之详细。</p>
<p blockindex=5><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZwAAAFhCAYAAABETRz+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9e3RU15ng+zulUukt9OIpRBEw0DV9e5q0pcB4ZGZR48ZoTUcrwk0uC0XEMLNCNO04UmzmjtVGMy0SpWdIIrWbbpncHkhQRHtCDFnKzOXR7mIGq4kw5e7M+OaqQYZQLssGI/RAb6ke949T56jeKj3Q8/utpaWqs/fZ5zuP2t/5Hntv5emnn/YSBa8HFAVGBr189skIK1YmkpAKXsWDohh8dbwoBgWvGwYfQ3dPPytWpWJKBBS1nYefPeTBZw/0dg0GAx6PR/+/bt060tLSuH//Po8ePVLb9aqiKYqC1+tFURR++7d/G7fbzT/+4z+yefNmvF4vbrcbj8dDQkICcXFx9Pb2ApCRkQHAr3/9a3JycgBwu93Ex8ejKAqdnZ381m/9FoqiRLsEgiAIwgxg1D5onXs4PG4YGXaRYIrHlOzF6wUUBY/HrSodZXz/pGTo6oLRIS/xCb628ZK9PJu09DTu3r3LqlWryMzMpL+/n46ODuLi4khLSwNg5cqVLF++nLi4OAYHB3E4HGzZsiVAPq/Xi9frJT4+Hq/Xi9PpxO12k5ubi8fjQVEUPB6PKrvHg9frJSsrC6PRyL1791i1ahWKotDV1YXL5SIuLk6UjiAIwhPGCOPKIvg/gGcMujrHGB5yY8DIfacBt2eUlWsSMZjA6/WAv64ygIKBx70juFxxpGYZ8CrQ/egRDx8+JCMjg/v37/PggWrtpKSkkJWVhdPpZM2aNQwMDPDpp5+iKAqKomAymbh79y4ej4exsTEsFouuTO7evcvQ0BCKorBy5UocDgfLly8nOTmZ4eFhPB4P3d3dKIrCZ599hsFgwGQycf/+fQwGA263m97eXjIzM6MqXEEQBGHqaC/0Rn8lo1kD2neArs5RXKOqW82UAG63C4/HQ+dnQ2TlmFCMYVo3uHC5oL8fkpcl4lUgNTWN0dFRTCYTy3OW+6RQLZDR0VGys7PxuFVFkpWVpbrDvOguubGxMe7du4fb7cbtdgOQm5tLR0cHg4ODupJKTk7G7Xbj9aiutvT0dD777DNWrFiB2+2mv7+fZcuW0d3djdfrJT0tXW9PEARBmFk0ZaMoyriF4/F49D/NZYUXRoZGAEhNTyIpxQ0KDPQp9D8e48GDEXKWJ0HceONeICPLSG/3KGMjXlyjLoiD/v5+enp6dJdXMOvWrUNRFFwuF729vQwPDwfEcNxuN16vF5fLhcvl0mM3o6OjGI1GkpOT6e3tpbe3F5PJhMs9Xi8xMVFvNzExkbGxMTo7OwFwuV1P8loLgiAsaTRvlcFgQPn85z/v1RSN5Zv/NaBia83uSTdus9mwWq369+3Vl6K2GVyu1ZnMfv5lf/mXfwnAv/23/zakXcehj0K2mU+tC1sWbrv51LqQ7/51/Mu1suDyybYZqa1YyoLLw8kSXBZp+0TyTeYcJttmOJmCn7NI22ab4Ocy3HOqbfMvD/fMh9snXBnMj3MXhIlQPv/5z3s1N1VfX9+MNCoP/8IkksKZr/g/Z0v5mVvK5y4sLJStW7d6PR4PLpeL/v7+uZZHmGWiWSGCIAgziR7DkSytpYkoGUEQZgvDXAsgCIIgLA1E4QiCIAizQrhRNGH56Cvnn6QcgiAIwiJl3U/2AJNQOAC/84t/80SEEQRBEBYnH3zxr/TP4lITBEEQZgVROIIgCMKsIApHEARBmBVE4QiCIAizgigcQRAEYVYQhSMIgiDMCqJwBEEQhFlBFI4gCIIwK0xq4GckcrbtY19BZpQad7hy4gq3o+yf3/0Wl8JV2LyLl3ZtDLvfh1ca9H027y5nw90GLt3exO6XnuOpCaUOkinnC+zf9zTcfIc7G5+jIGty5yAIgiBEZ0YUDkDXzZ9y9sajMCXZbNv/dMCWqArGV76Lv1Hbu32FE7dRFc+G33DiUrtfzU3s3p+J/ex7ftvauXSiPXJ7YY6lKss7XDnRwG2y2bYxWLlsYvdLn4t6/oIgCAuZQ4cOcujQi5w69SNOnTodVPYihw4dDFs2GWZM4WQVfJmXCiKV3uHKtFrPZls+XDnbrloi+d2cvdQ+8W4x0HnjLU7cEIUiCMLS5tSp06SlpXLo0Iv09fVx7tzPANi79w85dOgg5879bFrKBmbTwglrocRGzrbfJ9P+FjcAOt/jSvc+dm9uj2ghxU422/Z/WXefPfVSOfk33+EOG9n1Ujm7Aure4e50DycIgjCP+bM/+3MAvvnNb+jbvvnNb3Du3M/0sukwYwonMo+4cfYKOdv20dX9vr71qV3lvBTQowd+77qpfdpEfkEmTxFcfxebb/9mBmRr4IYWJ/rwHc7eaIcb7apyEwRBWGIEK52ZUDaX/sNhdv/JyZlROJ137sK+aC41UGMkqgWkurHGS4JjOmrMRWM8JuNfLydnE+TAhhmQf3NmFl3c4U7359i27XMUFIRPUohsxQmCICwe+vr6/D73z1i7M2PhdL7H2RPvhS0azx6bRHM33uKs9sWXPTaeNKZZOt3cfOv9MHtPlk1kcpcuMui+8Rs27IYTJ9SIU7RkA0EQhMWIf8wGCInpTIXdf3KSS//h8HQVTmAMJCJP+ZRE1/u8dfYOG/c/TffZaCnG49lnnX7KLDS7bRO7p3cC5Gz7HNz5DRRkAO1curSJ3S+V+6VVa5ZbNzffeosbndM8oCAIwjwlXKZaX18/3/zmN0hLS5tW0sAMuNR8MRCAnC+we+MdLgVZA6EWTjbhHVZToZ1LPlNoIp0XiSx6uNMJ+f5t+rnwxMIRBGEpECktWv3s5dChg4CXU6d+NOVjzFjSQE5WN92ZX+al/e/z1tn3eFKGwHiywcxYHLdvvAdsmgHJBEEQFi6nTp2OaMGoSuhH0z7GjCmcztvtdN5u162d8bjLHa5cCq4dLu04KAut633sBM1i0PU+b53wV2b+Lj31OJt3l7Mr7DQDYZIaPnwnKE07nIvQb7+uJ6tMBUEQFjPK1q1bvW63G5fLxcDAQMSKH33lPL/zi38zS2L5xXBm6YiCIAjCzPPBF/+KdT/ZA8zKOJypMB6bEQRBEBYHMlu0IAiCMCuIwhEEQRBmBVE4giAIwqwgCkcQBEGYFUThCIIgCLOCKBxBEARhVhCFIwiCIMwKonAEQRCEWcHodrsZHR3F5XJNWHl4eHAWRBIEQRAWI2LhCIIgCLOCweudaxEEQRCEpYBYOIIgCMKsIApHEARBmBVE4QiCIAizgigcQRAEYVYQhSMIgiDMCqrCkUw1QRAE4QkjFo4gCIIwK8zTJaYFQRCWLu3f+vVcizAlNv3gt6OWGw0GBWO8ERQYGxubJbEEQRCEaPyLt/7VXIswKf7nvv8+YR1xqQmCIAizgigcQRAEYVaQGM48Y9269XMtgiAIs8hHH92baxGeOI5DH2E+tU4Uznykp6d3rkUQBGEWyMhYNtcizCohCmd79SX9c2vNbn3bR3dlLRxBEARhajgOfRSocLZXX9KVjP/31prd8JXzsy6gIAiCsDgwn1oXmjSwvfqS/jc1LFReuEl98QTViuu4UGkJ2WafcEewVJ6fuH1h8VB0DFvjYbZMdr8th2m0naZ80js+STZT3niF2qK5lmOqPEH55+X9EmaSEIWjWTS6ZTNp2qgrOQbV5wnWJ/4UW81cu9Smfq6PXncqWCrP+5SXqgDtdr+/CxUcrr8ZqvDmLc9Ta7uCTfurfT5MebgfaoTtWw7TOJUOfNJEkms+EUlGtWO1+V932zEWjp5YCNdeWGpETRoIdrGFYqHywhlK88KXFjbepNR/g7OJspJ62iwVHDRfo6oNoBir+Ron24BNYRoprsNeXRim4Cb26sAtLTUFVDQDlgpqd1yjrKQZsASW6Vwm+cJ3qLy0h7q2KKc41xQdw3ZkG63Hd2G9OL6tsfw3lDXc9m24zI/P7eN162Yabt2O1NIcMMdy3TpJmfXkBJWiy9h6fBdVftfdZrvCs/7bZpTNlDeeIO/sTLQ/X5+JKMR
<h3 blockindex=6>0x01 逻辑缺陷</h3>
<p blockindex=7>首先是身份认证逻辑的缺陷，对于用户身份的识别程序没有选择传统的session中判断用户是否登录，而是要求用传递一个token的值，通过判断token值是否等于某字符串来进行一个登录的校验。这个漏洞也将作为基础导致了接下来的一系列未授权漏洞的出现。</p>
<p blockindex=8><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABq8AAAJLCAYAAAB5bQyLAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d5xdV3nv/V1r7XL6mZkzvaj3bjVLrpILYBuMDZgWBxJazAWSEBMwBBJCrybASw2XJJdqOsFgG9wwlgWucpFt9Tq9n352Wev9Y58ZybJkyyS5hNz5SedzZvbs8qyy9/rtp4qlS5caIQQAUkoKhQLVapVsNotBAAKQhBqUipHPVwgDiTESKSWZxjS+qVIaHSfmKxSCeCKBSEuqVg0ZBggTIqRAowEw2mA0CCPAGLQO0VoDBgCto2/XdZBySjZFpVJBKYXWur5/JLPjOAghMAaMASltvJoGBEJ4hNrDGIOUNgIXqSAMywghsCwLIQRKKQCq1Sq27YARFEtFmhqb0MaA0YSBRgiQQuD7PjoMo/YIkMpCyqhPqLdEAEpKBAYdhigpEEJjAoEOBB4aIwWW1NiWhecLjFEoywJhQPgYE2KMBiQgqVZCwCIWD0H4YGJgFIgArQWVqkEpF9/3sS2N6xiUpRAChDDT/TkFrUOQAmM0E5OTpJJJpFQYYwhDXe9Xg9YGoy0qFZdaNSDXLBEyYHS0QGNDK74vqHljZLIatETiIETUEUJKDLJ+xameMRhhpsf8qYiuaU76NxCIaO78t8Op2jODGcxgBn8cEEIS+CHpTJrm5mbCMCQIAhYuXEginiAMQxDROm2MRgqJshTlcpknnngSx3bRRhMGIUEYEoZhfa00iOlnpEEKgZCCKf4hhIwW0xPlkREPMfU1/+RCR2u/AGqeR6GQry81Tz2f0Tra6bQQyWmIxDJ1/nL84VUtCKQiZtnUKhWa29vZ+ryL+e73v4dXrtKezVEOPIrCp9zUxcoXvYqJ+++i8MCdeMqiGErWX/wKumcv4o5vfxYzMUDSTmMJgTA+CBOtwacr8rSEJ2vksfVJSIlAEIYa13WxbZtEIsHQ4FC9v5/LeU+8xjEud3riCgQRf5MGlBSgFNK2CP2AMAjqjOHYFU4Px7X3hK1TLYlm5LG/nrSF9XklBChloXWI0WaaN52Kp5xcklNDnPB90vMYUCLBRN6w8aVvItu9gF98/aM0ORUqQQlDiAIKYUD7kiVc+Lznc8ftdzC4fx8pBLYxSD8g1P4pJXpqHwjy+TwrVy7n4x//Oz7+8Q/x8I4jKLuZqnEpBYbJSoWOnrmsXreJDRtW09HZwI9/ciN33nUPGb9KAz5O0qPoeyzf/Co6eubxtev/mraWRrRJRfwyLFE1sGDFajaddy4/u+km+nfeR2tnE9LzoeZRmRwjFsvSPf8M9g17zFm7lZ5mw23f/yQt2QzKKAaKMGf1mWx8/sV884Zv4QwdImuSjE928MGP/j3f/+n7ePjhRyFs58wtF9M2fy43ffNbpHyfS65+NYdGh6gN9fP4/b9DCnAcC4RGSAMy6n+jQWqwhEQiMDqgVhxk/cJm3vOCVfz0G//O7wow7jYQWo0oKbF1hYQeY9OyNi7Y+nx83+bA3kfZtv1unihIQivB685azmP33899E5KGBofXXjgfx4V/v2MHZGfx0P6Q582G582P8f1dZbYNGFKxOCs6srx96wI++7kf8HA8R95qQJmAuJVn7cpWkm4H2+/agxESpKImLQJpsPUErh5n3fwcS1et5P/73u2oRAa0y5xkwFXnLiI2Itjxyx3sT2U4Eo+hzThZWeDvrtjCQ/c/zDceniDVmOJl581heLzIzdsPMFmLgdtBNhanVpykEPRy2fNWsjVdJl4e5ou35LnmbRcx+WQfv374CPflXdJJny3r25iTbuP2H/6GoXSCPh1y1bpmGkWV7909StGdT2hnaWlySenDvGLjGiZ/ex93HRricK6JmkxQNTbGVDHlQd5ywTyanZD/fVsfE7KVUqlEaDxybRkumt/IGzbOI9M1C9p7KJkaWmqSA2Xuve13fO432znoC1pSbcRiMYaKQxQnJ5nXAS9cvpZ5nssND23Hn9/OSxcsZOjBR7lhNGSvTJAYH+S82TnedvHz+PLXvsMBC9asms/W1esoixr37n6Qdoqs6szxle2D3Lm3wJuet5Hnr13FZz/7b8hMCwNSM1oskMtk0MLgG5+1zYY/37KEZMsCxj1FIRzBSkhUkCGe7uZ17/go6Y5OaliMjIecfc6L+Zu/fjnf+eY/cNON20jFuij74GmFdDL85Tv+hqtf9xJu+cUNfODat6LLPgknR2NDM6OjY1zx5nfysr/5a3pqNTpb3OknQrESkIpb/Ormb/GjG2/iVW99P/n+g3zqr17FcFGQmL2Rt/3VX7H1/PO5/u1v55ff+wEveM8HeP5rrmZuYTdXXHg2/aqR9Wdv4WMf+HuKRx7lg297FY0Lz+MvPvgdlrbGaLfKyNYWQFEIPILAIMaOsnnzBnaNjdPU2MFfvuZ/cd111+Kk4owWx7hz+7184gPv5siex2hIZyiUNU1LLuAHP/whjaWHeeVVl3P/oTxGG1LUcBMLuOKV7+baa65gYP9v+PuPf5Zf3HoXd/zmTs5YuZwt688kKJWZyOdJNGUpErDx3C186p++wGO/vpXPvOvtHMmPIhsySJMg9G0IFeP5PN+/6cdcsHE173j+Gex49DFG4i1YuflcePlrue7PXkwjQ9C9/GnP3gdu/wlnXfin3HXzLcyOT7Lu/EtpW7iGz37tS1gpRULnKQ4e4E1/+0HCWBOf/Nj7OevMdeSynXz3u99h95ODvPnPX8VE3wP8+V/9PW2rLuNj7/9fPHn/D/nVPb286Kq/pMcu87mPvI9zX/lnbDpnMx94w4u56NxNvOTP3ky8pQt4qg4D+vnyJz7Dt7/wTUYDm6GKx5WvvoL3vvs6Ltl0HmHVw47HqBlNFY0vBYVKlYsuuIDr/vZv+cQHP8B992zDTSUJDGgdcY/T4wmnyzlOlxU82/lm3uFn8HTMzJoZzGAGM/jvAxkEAZ7n4bouQ0NDXHPNNdx6662Mjo4i6soEaQyWgepkkb9/53v51If+iS9d/y985iP/THnEpz3bwL988Wt89Z/+la985t94yQteDRWBE4KFQkkbM60BEgihUMpFqThSpLFVC3FnFgl3Dpbsor11OXG3Ax3GMFphjCAIApLJJK7rkkgkSKfTZDIZEokEACa6AEJAGATkmmYhyBKEkXErl8thjEM61YNjNXDmmZu5+uqricVikTIOCMOw/rsmnUnz0Y9+FDfmEoYBuq4IM4A2BsuycGOx6OO4KFGnY3pKmREpnTyvRhgaYvEkRhp8aoyXa5R1ioZUD3aQpFws4YcebqyRWKIVY1xqNR8IQdRAlEH4VKs1Lr3kpVz54tfg2EnCIMSENuCitY8QIe1tPcRjDbS3zcZ1XUJdQusqom4oMubYR2uNkJLh4WFa29r48Ic/PG0cNMbUlVgaQwgioOZVWLZkAx94/xeoVWPUqg6f/MSXGR/V9HSu4fV//lbKlXykoDSyPtbw1GX/v6PRaQYzmMEMZjCDZ0fd9IbBwoSGhOPiG1i0Zi2rzj6Hr3/nBpR0iDlJAm2TaWhEyIBc0iEd1LCAQigRVpxUPIklfQqT/SRjSbQvUJLIyUVEBr3n/lIcOYac/HPMYGMiNxC01pTLZYaGhpBKPvvp/5NhMGgzpciKDKJKScDU+dS0CXH6+7mqC07c89gZTjzfST7CYNBIJUmlk4RaTzve/EcUFnU6PG2vfTbjnAEQgkAbGnLN9PWPUSz6pBsbCQmwhcFBY0lDPO5QKRc4dHAvtVqBcjlPsTCBVy0TBLVnuMqJFzXEUwnu/u12Dhwd4bIX/wkd3d0ExgPp4ocW2YYcR3fex50//wrvf8cb+cA734ej41x4/uWIVI5BBMOFIsqyqHg1LMch3dSE7TikMxnyhQKVmgfaEFcKV0NTLE5DSyc6VAQhhAaamnJYlkVvby+pVAppKYSwsVUSIZNIN4vlJtBBgJISHYZ4pSrjwyP4XhVjAixLEXcS6IpgYrhES1M3b3/H+/j7D1+PXw3p23eQbXffSdEr0jV7Fr4WjI4
首先看到代码 <strong>base.IsAuthorityCheck() == null</strong> 判断了登录状态是否为空，这里可以跟进<strong>IsAuthorityCheck</strong>函数看看具体的判断逻辑。</p>
<p blockindex=9><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABG0AAAHECAYAAACDRddGAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3wc9Z34/9fM9qpdtVWv7gWMS9zoBgymhmJKIEASAkcaSS45Qi653CUh5O6XQAr5Uu5CTQgOmAQwmGADwTTjgjHutiyra1VX2/v8/ljJ2l1J1kqWLdn+PB8PHg88Mzt6T/nM7rzn83mPVFZWpjAaBcvRnVdK7NX/JerpmygjlVRD434U9KiW/xvGqhb8jz1GLNa7iHoy2pu/jtb9Cr7V6xjdHz81hEvyiJTkYvpo93iHIgiCIAiCIAiCIAjCcSaP6lO6eWgvnE18w1NJCRtAykc9b0nvSoPEdu8npq9Cc3p2/zL581DbA0QPfiwSNoIgCIIgCIIgCIIgCENQj/wjFlQXrEB16G+EIsXIjr7pGqRpl6M11RHom9SwltD+aRjm34i69Y9EPVPQnDsX2fkhwW3usdmCo2QymTCbzTidzvEOZQCV24fUON5RCIIgCIIgCIIgCIIwHkaRtDEi23JRT/sK6s8NnKvs/Yj44X90EXvtYYIX3o5u5QMY5DDxug/wv/JS/zLjzGw243A4JmjSxo/K7R/vMARBEARBEARBEARBGAfSqGvanCQcDgcOh4Pt27ePdyiCIAiCIAiCIAiCIAiHja6mjSAIgiAIgiAIgiAIgnBMiaSNIAiCIAiCIAiCIAjCBHTKD4+ayMQrvwVBEARBEARBEATh1CV62giCIAiCIAiCIAiCIExAImkjCIIgCIIgCIIgCIIwAYmkjSAIgiAIgiAIgiAIwgR0yidtTCYTDodjvMMYlMrtQ9vYMd5hCIIgCIIgCIIgCIIwDk75pI3ZbJ7ASRs/msb28Q4jI1k3FFNUMNxSagpuL8B+PAISBEEQBEEQBEEQhBPcKZ+0EcaAPZtCe4D21mGWm5NLTthD93EJShAEQRAEQRAEQRBObOpRf9K6AM2y5WjL85BVCorfSXTHm4Q2bGbQd4jbzkV3jp3I318iPuo/KkxElgstBD+sI3LEpdTkL1DT+YLvOEU1kGZmFtmVeuxlCk1/aMMzbpEcPd1CB1UX5mAzy8S9HppebaBx2yhbllaP44sllFfpURHDv7eZvc/1EAynLyhjXl5E1WIrJr2MEg7S/mYdNRtSj3xmsUmYLixm0llZGLUQ6+qm9k8ttDelXT0yjS3fQtnKQgpLtMjRMK6tTexb7SOWvglGAwU3FVFaYUCtVoh1dXPwyWY62lLXVXJ1PoUlBtRqiAcDdH3YzME3AgPXd0qRybqhCOunjTTsHmx+hsc0mdZM5fcKiK0+QP2g6zwVjGK/HUmGbeH4t9PEuqqX9l0/wvTsaOHgKg+h0W1pyrptt0ymPNTAp6sCo4htPOiwX2REixrDlCzMrU3seCEw/MeEcXLqtFP94lzKz8rFnq1CiscItvfQ/HILzprBtnW474XUdZ947VQQBGFiGF3SxnIWupUXIR1YS2DN+8SjduQFN2FYch26cCvBjY29C+ahufbbaPNkJIMBnO8Oc2MvnHDsNgqyPBzaNsxy03PI8Xeze4TdbCwrJzFrrn6IuX7qf3+QpsYhZqdR5xuwTbNhV3XTNLIwJhR5loNpV9oJf1jLx6+E0C0vZsbKKqTQgQx+NKXTkH97BZVZPex7uAaXz0TpV8uZdavEp4+7ktqrhHVlFdMrfNQ8sYeOOgXj5ys4/ZISArW1NDeOLDbdshKmn6ej85X9fLYljvXqCqbdUQy/aaS9e4SxaY2U3VZGvq+Vnf/VSSAvm+rbK5glH+TT5JsgrZGyr1dgb2lk5/1u/FEdJV+bzKQbw/h+00EAQGul+u5SzDUNiWX8EpqZ2Uy6ropZlrT1DWPwczdOtMeH850WGj8MH05g5985i+rKQVZS28iHj7pguoPTb83DmDRLCUfwN3fR+EoHXaO9ccjE2UXMO8cCGjVabYimTwdfLLNjmkzCdn0RBZb4KNqjgbJ/q6Y4faxlNEqgtZv6l9oS+2RZKYsvzOqd2UPNvQ0k8nM2pjxQQg5Adzs7fulMSuIaKP1+NYXt9Xz8hHvEkY3UyPfbEWTYFsajnepWlDNrqp9dD+3G4wLNvDymXlnGtHhfbEnHZFARWv+6l9otA+fI8wqomqkltjV9TqbXt+GMLjbL1dXM+JyGrrUH2P9ONO0zaoxlJozIGHL1SG0cJxqyry6gdI4Vo1Yi7vXhfK+J+nfCgz5Q0y3Mo+Kc3ht44kQ7XNQ+nZboRsJ0YSGVC21YzDLEYwSb26l5rAP3SXLTfcq002UlzFyo0PT3/ezfGQWbkYIvlFF1i0T0/iY6+45nht8LyY59OxUEQTh5qbKysn4y0g9JC65Hb91L8OW1xGOAEkRpOoBSdCZah0T0s929vW1CKK0HiO77jJhpGmptK5HD8yYGn8+H0+kc7zAGFS7JIzijfEIXIzauyMO4p43OliMtJZF7uZ3I2g68I+poI2E/O5/4JzXseLSFekVHaa6HnT+ppeaDHmIV2RhCnXQ3ZLa26CEvnQYDpUUx2t73cWL+llTjuK6MPJ+T3c94iKAQqfETn+agrDKGc1NgZD3Z5uQz9SwtHa/W07JXQQmG6fGpKDg7G01HJ66+IW9zCph5DjQ81kR7c28LLjBhz4/Qtc5LIDaS2EyU3lSAvqaRvWsCxGNxgjtCqJcWUpDno+WzyIhi01xYxNSpERr+2EKXC5SeAG69kbJFJqJbe/AGE8tl3VBJheRk5//1EIwAMQnddAtGn5vm7SEUQLO8kMlWF7se6cbfG0a8PUBXTEvZEgPBtz1kmrYJ7+yiWdJT4vCx92c17H+jjebNHkKFdsrPsqPu7sLV2258W9poXNdGY6tE7mlq2p/dw44/t9G4pTf4Dh/O7TGyFutxvbSHz55qo+VgCLkqn6oLbEhtLtzH6qavPYhrXw/tLQrW6VqCn3bRM+CSlOExTSLPcjDlXDMqOYZ30HUeSZSe99uJTM7H1FzH5l810rCuHeehMLrTC6mYp8K70UvwgJtmj5r86TLOZ2tpPryPgnS2StizXOx4qAN/8qrtVgrma9DYIfCul+BIwhqxke+3I8msLYxPO805vwSLu4P6jYm2Fm/x4bVbKD1dS+BtDwGCdK7zolpgR73nIJsfakq0iXUdtLVFMVRbMcW9OHemJT+0Rsq+UEiWRiLq7E6dn+n1bVijiy0aBrUphOsDL4EB330RPFvddG3twZ9vxY5n4LaNOQnrykqmzVJo+XMNu59vo82npnB5MTZVD521ad8e0x3MWmnFu+Ygu59ppeHdCOZL8rHEXbTv619Ws6yU086UaXmqlj0vOmlsVuE4OxtVVyeu5mO1LQZK78hB2Xo8vstPlXZqoOi6QpQtNdR9FEcBlGAEz4E41nPz0Ec76Kzt3YiMvheSHJd2KgiCcPIaXU0bWUbKnYm6OnliN7H2LqSsHKTD02IoXYeIO/cS6zqRB6MIg9JmUVgYwLllmDRcRS559OAc8U2lCSOdNL4R6u8yHCeR9POHaPnQjabQMNKVnthKbOSWSrhr3ElDCqK07fMglVrJHWGV55wz7Oh8HrqTj+E2N509WnJmm3snSOTOs6OudaUcw8g7TWz7RUv/k7dMY1tqI98SoXuXNynB5KOrJoSuyoptRLFpyZ9uQWpxpzz5jbzlplu2kL24tzOhNou8qSo6t3enxNb+xH62PeM+HIferAZ/dMCNerwjSkgrozry7hwgHlcgHCPSu4/iriAdzzTR3K0l7zTLwA/EQEFBGWwcVluMCDGi7sT+iNV5aX68ltomLSVXOsga5CNjwh8h0BAi8HFw6IRVhse0n4HiFTYCbzuPosaVghKHaDDa+zcVIgfd1L7Sgd9iI2dBYqn4Rj/uuBadQ0r5tOxQ49/hGjA0R55rIPZBOy6NCev0UQeXmRHvtyPJsC2MSzuFQLuPmEqV0ob8PRFIaVeJY6rEk79T4oS3d7LnkWaCeSbSr/iWK4rIdTXTMEjyPtPYMjPy2OI13Rx6sp2u49aLZhjT86m
<p blockindex=10>因为条件<strong>base.IsAuthorityCheck() == null</strong> 判断了是否为空，那么我们只需要让<strong>IsAuthorityCheck</strong>返回一个非空的值就可以了。根据逻辑往下走，发现<code>byValue == “zxh”</code> 的时候会返回一个UserInfo对象，那么也就是返回一个非空值。</p>
<p blockindex=11>回看到第25行，跟进<code>getByValue</code>函数</p>
<p blockindex=12><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAqMAAAAbCAYAAABImYZZAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d5Bl133f+Tnn3Htffq9z9/R0T46YDAwAIhCBcSVSJGVLJmWVuZTklVwOMl1lbZBd9trrsqXalRx2196qLe9uLWVJlkjVSpSYiUACRCSIMIPJ3dM9nfOL991wztk/7n0dBjPgIBDArvCrev36pZPD93x/4YgdO3ZZ3rQIrLUIACGAGyUl1h8m/VwJiTYahEUIgQUsyetOGsKCQCCsePPFu/VqYI1BSom1Ni3vuyvWWnK5HCMjI8zOzrK2tobrum9rHlLKLfkJIdbfa/ltlJel1DNMqXeEGI/uSomNtjFINNJGRO0mUdhCSZBSgDEIQAog7V2BeU2ramMAy8zsHAD1ev1tqdfw8DYASsVimm4DAN/3sUDL97FYwiAAoLurC4D+/j4AlFSdVllPs1MVgWV+bgYBVKvVG+Qub/CewCKwyPSRvN78SdI+hs5sAPAyGQAq5fL6928oIkmzUCgAkMl4N//uJonjGIBaLWn3ZOzfXJrNJgCtVuuGn/f29gDQ39+/5f0oSvIJgvYtleuNilIOALlcdsv7vp/kNzExccPfCZG06bZtQwCUy+Utny8sLAKQzWbT58wtlGaj/25NOuvjhly9mpTXGAOw3q+joyOvk+fm50S0Tn4/PT0FgOcl42JoaOgNlO/1JCn35OQksDEuOmvI8PAwAMV0HnbG28zMDLBRr97e3i2prq6uAhv9oZTi7ZRO+vPz86/7vU65c7nclvc79ezMh+ulM48EyT524OB+ZDrWhEj+GK2ZnZ4BLPV6HSFl2n0bY2H9pRA3HFUjIyNbytmRRiMpV71RJVl7b7Z23GiteiNisRbiOMJaS7PVBiTWgpQOxibrmsRgjcVaiZUCbdP9oVO2TcXrzMn35Vbkja41721x3trPLRtj58c1il0f+tYahAArwGLYaFR7a0m93WLBWnAcl2azied5CUj+MZvzT7xY1uI4b7GLbkGEEOuLwGZQaq3Fmhh0G4gR1l0HRRKTgE0bA3odWpGCLtaPHu8FaL8h6yUUAiUE1hiUEBhjkOk5JG2JTX87snXyi9cMVJEMpOskOU/daitYRGczW39Ok77FFN6Xd1PeyAbxds6MG+V7PUi9MWh9c/JemtXvUbFgU8AlhMAYDZ3/rU0mtk2+aIxGSpXsi3bzwfBmJA/cvD9vpb9fL903IjZZM4VM62exVuA4Aq1BSoWyBiRExiKFxHYqaXh/GL0v6/KTRzr/HxFjDH19fRw+fJgnn3xyy2nz3TitCSHQWvPqq68ipXzb2QHYYF425ylSYJYso5ZWq0Ym52JQ2KJASIkgWVjDKEJKiTAWKcX68iakSE68PwbMB+0Ai70pw/BGpdNPK8srAMymjGtnYZfpSZ30MFTO5hFYtvf3YrRJAZ9I6975/92TDnO7uLiAFXJ96+gw5JmUsevu7sECmUyHuUu+aUzy3GEkO8xYZyw5TpJOh/lZW1sDEgYZIIqiJLW3eCjrMEmzs7NvKZ2bSWeujoxsf0O/q1QqAJTLlfSdpJ4bjHEN2GDSOozfzdcDC+uH61sRseWhtU5Sua69O/Pj/PkLwAbzPTy8PX2d9GOHCb106eKW33cOtNczop3xscF0b823M146zx0JwwgQhGEIbLTXj5NOvdrtZDzm8/kbfq8zDhcWFgDo60s0FtczqMvLywAsLi7eUv43k23bEk3K9cz4zaSnp2dL/ktLS+ufdeporUVJhZISqRRSQKVSptVqEccx1lhirREiaT/Xc0lXT4TYGGNvhvvq9Euj0QAs3d3dALiu1ykkIFheWQG78f2bSWf89PUlGo+NsiUr5LVr11hZWWH3rt3Ua3XKpSJBO8CzGmsUAYq52TmGB/sRViM7KFS+j0Tflw15qzz9Frn5xJEIZKpy7zBnEmzyvOW1TYHMOwgEOgBMCLG+AUsptzCG74ZYa1FKvWPlsNauA1QhRDI4TIQ0IdK0kba98WxDhImSBzoBeesq54Tde2d7cTNTeR3Tvi52XQ0urEUKUEKkZbWbYMHrlTxRMGFFYkpir8snsS/Z+lgv00YKr5eDFdc/Ot9M58k67H9joEdc9/o1tVqfn7eaqkCk5dlshnCTBtio3w3K9uNb5Z0UsXmksLXdb1bOBIiK9RYQIATXr2ZWiORg0WGI1jUSmzVEb6Sknb9p/143djqZi00/sNf9/mZq3I3Sv37ukh/Xa1vnY6dFN0xUbvb9jTxunLfk+r7ZaO9OD97od68/zpI+ulH/2k3z8bV5CSxCSKw1aBMT6yjR/FmDNYbVlRUkEEcRYdBm2+AgfrNFqVhESZUyohBrk2iluG403Or0SL8jUvL1dX9+o+l3qw8L1kA247F92xBrq0vk8xlW1hpUaw10YxlH+zRih97tuynnM0R+HVeAYqNsN1ut35e/XPKWmVELSCEx1iRwRIAwqarRAmyAOkeCRtI2BmE1AotOFfUyBT9Kvl3qgzcn7zYAvV46avPO808yny15AtZq0ICOk4VWR4ltE4BJrR/TU/b6Qmc7i3P64nWWmUazgcW+hqF9Q+VOHxKD1ondbztIwHFSik2MskgWey+TMIo9AwMIwAiJlXITHJXrKXdMoTfMGATWKpSwKCGxNk42EGsTYGG3Lvid7dciEUIl/4sbbApbvp8WN82zVCxjrKBUKifl91wsEZmMh0AilENiq5UcqIJ2wnR0GL1ms4mwlkzWwyLoTW06OwxbLpdDIslnCmhhCOKEkY2CAIGg2UyYsw5jtW4TZxMwqoUltppavYkF4ljjKrXOwLYCP21LkUI2g0Rs2ihf22K3Ip326RwgO0xVh/HT+saM3WttFTeNfUCnDJVOD8tKOQhgaGgAISxOWi+TAsikPQwIjSsdMAks1UIibQJQjbVIpQi1QaQ2ySJJhDAKEcKwtLgIFuK4o7+8gRkIGwoHIZKZJ23HLMauaz+B1E7R0tvTA1bguR5mExhdXV1FIBJmb70zNkBgX08yTnr6ureUIWHOBbOzS0hrUGj0TTGjJllEZJKHtSgpUFaQdR2sNRijEVKtM8Nh6INI5llSz05bGLYAT6HSWarYsLdO6A1rY4xNLNsBpOoQH2K9mhtr1ObyJqvXZiArRDphrVk/cCX7hIO0EQqdlEw5aCNQSlEq5/jlL/wSzWaLp598ChNrrDXcfuoUx44d44//+I/5wJ13cuDAAf7BF7+IIx38OMAS43pOqpsxSR1sAnI7RRKvwyhawJoEJZo4xlEy6XdrKZfK63VECMKU0V5aWt7UxkkfJ4ejRHIpg12pdLF5rrZ9H2xy+Orr6eLzX/x7hLHlP//F9/j8X/8FyrXz/MZv/g/0334v//yf/iP+j3/ya2RtwJqvkSLpR43FrJ/U3jvH0fflnZe3BEbXoYbSxDoksgqDQ6aQQTkuyAxWCyI/QsYREotRLngZnIwEEeNKhUWgTYjEENaqdBQW8M4MzA4DGUURYRhucex5N6Wjno/j+B23X11fnGyymSQbp2Z9qzMprW5hnSUQ62+weZG/2QKzDl7fRNVUyjqFaQLKJOloBBKDh8VYiDvbik1gqSsESiSAYwMokrJYEmMFwkoQqV3z+q4lMFZiDGjj4EiNEhKEJDIxRqSb3g0bs9Mencrq9AM3/TAmyel6Z4MO7yLTOQJKOhRLJTzP0m77RJFJ4bZEiA1QtPn3CTVmOwVBCkkUR2idqAtB4AgHRyWbVhDFCcCIWjhuflM6FkQA1kGQAwTCGow1ZPN5SqUulJR0lTxWlxcQNrtuXiAtuBa0SGq/UZrrR8abA6ZvXTbGwXq7CwkoEKljo+2AvwScGAmBtqhsCawmI3yIDFIojGUdUKy7bgonBUcSrRNbZZlml4wOgxAGhEm1RlvLd31bJcNKgFXXUWACa10MDpJg3TRvwxd0o45i/ZDEDdYYkR7NJAKDsVEKZAzWKqwQSN3A1WtkdIQLYBPzDys8ilGJSCkccmhAWYs0gkzq4OgYi8
<p blockindex=13>getByValue函数如下：<br>
<img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABEQAAABWCAYAAADG1EOgAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9eZBlyXXe9zuZd3lb7dXV+97Ts2/Y18FKDAALpAwyRBokRSssWiIVYcoM8y/RoqWwLcmhoGhToiXaEk2GRIsmCTIMmgBBBkiDBGYGswCYfaa7p/etumt9+72ZefxH3ldVPdM9M8D0DMzg+zpeVHXVu/fmzcyb9c6X3/mO7Nt3QHlVSPUC0Or1yveoavU2wWBIsWTWgireOwKKCw6xIBLfHwIohsUwxNdz5k2NVrAYheAdJX7jn6CY12jpa2HrnWyFhth2VxaEEBBjERFMkiByvSPeZIgiqqBKs9Xg1qNHefH4CdbW24iR64xAvDOJh9785ojgnMNau/GzJElwzo2aiwE0BEQMIXjSLMOFwFA9LktYLwcMyyGzu3fjrTCZ5ri1DqHdIwtgjKAKqGKMIYSwcW0fQry3aix0dMvx7VsGVUAghBB/bgxBQYzBoBgNBFWCEVQMa4MBC3fexiATirINvR7l+WVqJUwmNTxQGiVo7NQ8GNJgsAIioN6BKmKqBhiDoqgBHwKhGqnRuFgxBOexxgJCADS1DINHBSQo1geMGF7xnIlUxynBB8RIdZ9KmiSUpcNYgyDolmO1OjaEQAiBJEvx3oPE+XLNVZTY9xpAlaCBoB4UEmOwKCYoxnkSa9GgdC30MhP7AUgDpArGgwlgRAgCQ1G8xJbVxZD5gFclWEM7gbbEe8mNoVlC5pWAYpMkri1VW4MPoDD0nsn5OdxUizNXLjG1bRumdDTXBmTO47xHjEF91d8KQT0heIKAI46bGEtwnsTYas4JqgEfFB88SZpiraVqwsY6NJrvRgUVKIHSWprb5nHWEIxBvOJ6fcR5tChj31nLwIC3QlmW2AA1hAQhMRbxAaMhPlMiGCN471GJ42rExjEOik0MPniGvsRJIAiIjc+ABkVVscZQx2B9XLuNmGoNEUJQgoIiG6/RM6ciFMGTthoMROmJUrOW2nofAwzxGFUSINFAokoSlEQFCzSnp+hbWBv2QaF0Lq6tm0/qG17Pr4cglpKUIJtr1WhtCSGQ65A0DFEUEanWlNG6YnCS4rxWYx770BgDQIJigq/OGZ9F7wNJklTPYsBai/M+PsMCrnSIEbwoRSjjGipSrdabiMc5Rk/l1t8a3px1fYwxxhhjjDHGGGMMSF77LXqD7699j1S/DiI4A87CwMQAJhEhCQErAlWwJYDBgBFym9IDCu/pe08qBjTgCWAEUUFe9fpvDKOANssyVEMVHFT0j+pbTopsfhzWGMyOPry/pa3Y0h7Va8gQkRikjX6nRvAAVeCAtXiNQb6xFnUlC/UmzekZli8skqiyNBySNOrUspxSthBqAhBiFBCvAPbaOx+9zapgkWo+VSOmgtdRsKdk1mI1BpPxEoLxSjCBySxj5fgJhgRKV9BIU+qkJDYGw6U19MwmvRCvqfjRtSS22UQ+AN2gQMC/LIIRAV8F4aOBdCKUKIURvIAVIWMU/LzsniUGVYTYN4LGALg6hzejebJl3EZfRQkG1Jj4TNlXzqRILCnGKCHE3vRGMElGMSwioYSSGSFPknj7RvAGBtUNGsBW7bcIRiIZ5UwkRJzRSNYExUhcKzyKDdAwFakXwBsoJD73XgMqRPJI4viJVzplwdVzZ2ExA4G1lTaIwUtKbgyaGlDBiMGIVgxWDI4jCRDHSNWRWgu6hXBSQYxg492gIbY1EMkeGREWKohGgipFoPSsnzqHA7xCIeBTSz3LyG1Cwxisj3OkALAG0UDqIQTPOo5aVqNuapRuAPh408agBsSmFStUjb9WY24trnB49eT1vFo24pwXBFety6M5NaLbFAhGNvr22jBcMdaQrPdohgA2kmU1NXEeWsEJOAJWIVHIiX2sWo3XlkmoW8iQtxohVMSkCAYlkVD9Rq/5kxLEIppsrHWbhMno7R4bVzqoiJFEAO83lyvv4x/VikjMbLyOiiHN6gTVjbXIWrPRDE81vsT5pcF/z/prjDHGGGOMMcYY468SXgchAq+XiBBi8OVFKCUGMmoh8YHEFWQiJFs/YIriXMmRo4c5s7JMsdqmV3haWR6JCYkf6DcDxDdGiLxCQXHt53/QQC3PKH3Ah4BXvjcKEWKAAkLpHO12p9rVfzOv+OonNyMVhIKxBmMMRVFWPxJuFO445zh8+CBPf+ubpFPT1L1namISPzPLYq+Dcx5rU7huP19fjWQ2Iq1NVcw1Q7mhConzzQRQEcIG8RJJlIW5WRavLnFk7z4uXbyE957UGmwiGB8qpcXmmbUiIQIa52ZFLPiq+zZINBTdomYZhaKhUloEjTvwAcEr1e5/HHNv7Ct6cnSmoCNibCRXkCo+jgHq9Xpro01mk+S7Tpdu9H8Y9Y8xKHD5yhU++pnP4DUgqiRKVPRUKom+hW7FlYlCPUAeIlk1emILE9/nJAaDeVDqXrf054jsGLU50i9ShZleokJspLJJbQpJElUYYhBrQAQ3LNCixLuS0njURNo1EYMNBgiIBFxFXRnV6goGUcFqRTSgFQFiq/kVd/QNBquVgsMK1lrSJKGWZiRYjLGoMfFZEMPAQCc4yqLAFyVp4UjE0LMwrGLhTKHpFGsTtF7jqW8+hesWdPpDMDZe1SRVMG+iQkUUwUdFgrEYlHq9TtDRnL1m4mz07wh+9PxIpQyRkUpky7zRgATIMRskFxjEx8GXeIsE2eBo8AJaqWnSRg0VcO31rU15edNuOgTFEDZ/8LL1/npk47W4MXEjmzTPdwxFEZNQFEoZIGhJ06ZY4rpUShxjK4r4AtEhIvFexuqQMcYYY4wxxhhjjDcP8topM68TVVDqjOCMUFqDWoOGgA2B1AesxlBny+UB6IeAE0gkwQQlt2m1Axffa4ygW/7/3cIAdssprm2Jgjq2bdvGvoOH+NpDD2OS9HtCiOhIbkOMTUPwiJjN37/iiGp3nTcird7cQX41RBm/wSaW4bDYOFY390ivgUpgGAqSVNDgIISY4uEVp4IhwZr0BkOrsLGbK1XHyIbAPwblMbDdDOfie7zGYNtIDOiCBqhSNpSYWuC8r3aPhSzJcc6RZBYjQPB4Bb8lkhwlFVQ6B67h6Tb5ohvQOJHIMToK86u0hS1EyogceEWfbwlX4xjfkNq4LkbnvtERoVJsUfUXRFJpZWWFX/2N/4NvXT5HR2I6idki5BlN02vIqFFwXSkCNASCKL46QCTeeSKCqXbgZTSGIRKgIViCZJQhw4sSTJ8cpe5juOokajcMSkGgrBoxUhmpeIKNa4rHUPOGCWcpJTAUz8AqhQSmS6XmlXYiBGOpBcGKEIzgKrWJCYrVQN0JdRdVOk6UYaIU4lEDSYCWi6RKQWyjbnR2VMqYDeLh2nEwENdHm5AlGX/xx1/lyunLmLSFZBPYLGNpZZlhZ52pRs7q8hW0HJDgSCUQNT8BLwGvMWAXufZpuNHAq1TzcWOObyWrK6VPiAG5r9qeiKnGc/QUVNesnsfURhJpfn6eAFy6sljNp2sb8eYF+VIRjNdfy+IzeP0jVTTSYTdoXJz73/nfAwWcGDStM7/rLpLGLBOTwuLFM5ihx2Qt1iRnMBxSdtawxTq10MP6ASYUGwqpMcYYY4wxxhhjjDFuPl6nQuS1sRlObyExRn4XWu1QK/iw9aNqfG9qTUVUBESEoG5DMBC9NG5SG7cEb6MYdmMHX+OH9jzPCD7KlbeIIt5yKJuqDKlUA6r6PWnLVngdBVxbAwPZ2M1/OUbpNjGFxqBGCJi4y6xaBWTXP3aUAjO6xuhn12o2rt393hxYZaRR8FwrQJEqhz+xlkCIO+8hYAFC9M6gUiSkW64WEIJsmTkjkuF1xEibO9PXUBvXBGee6xMXG1cMYYOge71h2VaFyo00VnZL52wG0DHAXV9rc/zsWdaSDcrt2mM1pkuM4KQKnkekTdi6q175dhAQgVRG6oOKaNJQzXGDCwlOWtEbw3TJg9DyOc44CluSaUIaLIUoDq1S3SBIIIjHS0FpAoURGi5huswZ
<p blockindex=14>这段代码是Web中用于从请求的参数中获取特定值。解释一下：</p>
<ol blockindex=15>
<li><code>base.Request.Properties["MS_HttpContext"]</code>：这部分代码通过基类的Request对象获取一个名为 "MS_HttpContext" 的属性，该属性用于存储HttpContextBase对象。</li>
<li><code>(HttpContextBase)</code>：这是一个类型转换操作，将上一步获取的属性值转换为HttpContextBase类型的对象。<code>HttpContextBase</code>是.net中的http类，简单看成是一个http请求即可，详情：<a href="https://learn.microsoft.com/zh-cn/dotnet/api/system.web.httpcontextbase?redirectedfrom=MSDN&amp;view=netframework-4.8">https://learn.microsoft.com/zh-cn/dotnet/api/system.web.httpcontextbase?redirectedfrom=MSDN&amp;amp;view=netframework-4.8</a></li>
<li><code>.Request[value]</code>：最后，从上述转换后的 HttpContextBase 对象中获取名为 "value" 的请求参数的值。value是刚刚传递过来的参数，也就是25行的token。</li>
</ol>
<p blockindex=16>因此，整体来说，这段代码是从 HTTP 请求的参数中获取名为 "token" 的参数。然后判断参数是否是zxh，如果是则返回一个UserInfo对象，然后通过身份认证。也就是说和cookie，session等身份认证不挂钩，登录判断只需要有token字段并且内容是zxh即可。</p>
<p blockindex=17>&gt; 这也是api中常见的安全问题，因为有时候api确实不好做登录验证，常常都会使用一个字段去判断是否登录，但是如果这个字段是静态的，固定不变的则可能引发未授权访问等一系列安全问题。</p>
<h3 blockindex=18>0x02 sql注入</h3>
<p blockindex=19><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB2IAAAGACAYAAAB/ZaKwAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeViU5frA8e8MzLDLviOLKLnhkltZbrhWSpmZWuZPrTxm6VHLNLM6pZmZqaflZJt6ytLSFk0rN1wyT6Km4o6ioIDs+zowM78/GGCAYRUE6/5cl5fMuzzv/TzzDsvccz+Pol27ID0t2Lp1awGYMmVqg/ZXL5dPt+WwK9SdzaWbQhKJHKtmzDOOnC47TsPCjxJghS9LozQs/CiagM1BPB1mvL/ituDJ1/jOx5kxsal85+NM0BKbkh2B6exepeET42sazp/sbcn6Ob4sxeiYWuPJ5dNtqVyd48vSqMr7qunvHDXTXoC5hjbHLopk2GF/ro41Os/kdavvb8VtuXy6LY4BVc6z5+VQdzbXdn6MqTEqjb+e7dbUj8B0dq9Khu/9GbpeXbfnpsKYNlU/hRBC1Ienp89Nt6FQmJOWlmRyn1ptdtPt1yY3N5e8vLwmv44QQgghhBBCCCGEEKLu/P3bVnjcsWNQreecOxdZ4bGyUSNqRAqFosJjX9/WZV/r9boq2xpFmC0HvJNZOVlTvi0kncnY8ZNREm5A39yyr4MnJzDZ255dYeX7T/9mR0zvVFb2gfUbbUxfKzCdhSEAapY+48/6uAIC/BoWj0neD7Bg1Xwe8C7dYMOu8EyGTdDAEZuyxOTmw/YM6JtOgHGbhuvOCilvbuyiRMYaNV/tGITkMAB7Xg4NIqjsnzcHyGRYSB3Or64PdWzX1PiZ7IefBr84V+auV5fE0C+bsuGv7rlpQDx16qcQQgghhBBCCCGEEEIIIYT4yzFv7gDqaubMmcyb92KVbY3LhqdDvfl0WzSRD5dus+fl0IoVlQfIIXJbnNH+SlWNUTbsi0tmMq7VJ0yjHLk0IZLI2YbH4d4EhQGB9Y+nrjYftufN2ZkcOOxevjHMlgOz4xgQ7s3Txted48ruVeXxHVgdZLS/+jEY2zcTwr0rVXnasCsc3uybC2GqGs+vTl3bpdL+avsR5sj6sdF8ty0ZgJhwe2JKT6vuufEub7mp+imEEEIIIYQQQgghhBBCCCH+GhQtfWriCRPGM2zYMKB8+mG9Xo9CoSiblnjXrl1s3LjpFkRjarpZUT9/lzH8u/RTCCGal0xNLIQQQgghhBBCCCGEaAqNMTVxi66IVSgUbNy4qUqStXTaYuN1YRUKBXp9i84pCyGEEEIIIYQQQgghhBBCCCH+Jlp0IrY+iVVJwgohhBBC/E0NXsp3L9+Fo/G2y98RMu3D5oroL+BRVm2fTldro01xu3jqiWVcabaYhBBCCCGEEEIIIW4vLToR2/KoWfpM7WXHoiZ/lzH8u/RTCCGEaCEk8drIvmXOyG/LH/ZcwJfPNl80QgghhBBCCCGEELcjScQKIYQQQohaKTpNwvKeYMzt1KAtQHvtNwq2bUdX3NyRCSGEEEIIIYQQQgjRMt2WiVgLCwuKi4vRarUNOn/rkvsAeHDRL40ZlhBCCCHEX1OHp7C+V03htn+RfyMXhecILELvw/pBDbnf7aLlLhBxDz7/HYeLYXpdTcQ3XFz8O9rgRwh8qT92KoBsUtYvI3ZH9i2OLRDX1TPw9lZV2q5FmxZHyp7vSdh8pQWPrRBCCCGEEEIIIYSojbK5A2gIJycnli5dipmZWb3P3brkPrwC2uIV0LYsISuEEEIIIaqnbO2DMjcR7Y1cAPQ3fqUgPBL8e2Lu1szB1eh3Yp9eR0KKltyDKzm/+He0AKe3EPXOIXKKc0jduKpqEnb4U/j9w73W1u1enoVr64bGFkXy7AVcPZMP8Yc4N24WJ8fO4uTkN4k6kIXd6Gfwm+TR0MbryB+X16fSyqGJLyOEEEIIIYQQQgjxN3VbJmIBBg8OqXcytjQJW6rZk7H+IwjY8AIu/s0XQqNrjj79FcdRCCGEaEH0qYnoFGoUxhvTs9GhRmHdXFHVkSYLbaEOXVF+xerSYh16vR59YWGVU6yDPDBTVNlcSUesPS1uMrgi9DpAryv5HyA3hbyv13EjogD7PoOxUt/kJWriFIi1y205QY4QQgghhBBCCCHEbeG2feclKSkJgKVLl7Jw4cJapymunIRtXF64vDMb1/iNnF91ogW1Vcs1PI023QjjyrxfqfpWpADA+wEWvDAY49qYxD3vsmxHXKUDuzD1m0foAkAyexa8z/arhl39x7P62Y6GB5X21XRek+wD8GDkqhkMid/C7Hciyrv6+EzmhbpWGYKID19l7cEaxkgIIcRflv74R+Qer7TR0Q5lwQ200c0RUVNRoRo2Dq+73ND/VsNhag/sngvFzR0SmiSOIooyctEH2aKyhnxNE1zCpi1OcwbhaHWdjCZoXgghhBBCCCGEEELcxolYrVbLwoULWbp0aa3J2OqSsPFXL1dZJ7ZB68f6d8GOJAp6BGPHCeq8wlj0r1yd+GvjtNUAmWteJP5Qydd2c5bTZk7izSd/TfWpipJEsHpr+fXrp9L5dbpmw3k/MJ8XhiSxYc5cjN+D7jFlJatWnWbDnHWG7R6MXPUI7tv+w+yvEkoSr8vGkzBuE8fowtTRKbwz7lXioNK+ms5rin0GAZ0JJpnEnh3pSUTZ9riv3mf2V0YdDRjCS8tciJAkrBBCCABsUHYMxaKPI5qwj6j5o3C3kQrrxgKDX6bb4JIvs/e+SdSaRAAspy8gaLBX2bQy3ivfwxuAeOLmLiP5OqgenIhnb1fUNlkkf3YJ62kP4OZpBYXpZP7+I9c/PoFWRw1UqBxsUORfpyivdJsVluMn4jOiPbY2KvRFmWSfPED8e3soKDA61aMnrjNG4BbkhspMjy4nhZzkTPL2riNhZ8lvlq1eeZs2XawMJ3SizafvGTp6litzPyZLMrNCCCGEEEIIIYQQjeK2TcRC/ZKxpngFtOXoVzNN7tu65L46J2Mt7uoMx78mxXM2dvdCdoOSi43fVn1kHz0DvW7NtW4rPabwQvAZVszZQVyPKayaGAycJiIiGCLmsiJpPi9M6cHxdcdLEpte59j9laE25uB+9oyeQZf+cOxgBGvnGLV78BwRzw7AIwCghvOuN8E+Q0LVu28HOLaZ3V4Vt1fW85H+JH74ankCVwghxN+X/ySsx/TArDiboj83UnQ+tbkjajyntxD12BYgENfVM2h1YXlZ8tVYwZplRKzBkLhtS9b8kuSrMV1cLHn5fjh4WeL8pB0521dzek8Kiu7D8Z4xiTYWBVxefb7iVMkGCqcA7B4fjU93KzJ37DVUw6qwmj6LwL6Q8vUKruxKQdE9BM+nRhAwT8OlNw9SrANohcOMh3DI+plLT/2BJscCi/sfofXj3bBytwDDR/yyFs/nJMD90+j0iILrknwVQgghhBBCCCGEaBK3dSIWSpKxSUlJdOzYAbVaTX5+fpVjHlz0S4WqWONK2KNfzaTX4+/fxNTFXtj1gOwP48n2OYPPgyNIPVQ6xW9p5eZGmD4Be8MZZZWo/iMIWOJGysQvDG+L1aOtsqmEu+O1obztgu2rubopvuSB/wgCloRgWfm6Jvrg8mBnCo7vMdpWQ7sV9iWRvD0J1x5JJfFU6pPF+BdoM9LNcN4ZYieexq703OnLsX8wjCvzIrAz1TeT8Rtdu/T8D8GrwjhWjL3kusb7BqPZnoTryM4m+lZRjy7BROyeS5z3AyyYiKEqtgdTVrmRtAviju8hYlUXenCc461dcD92zihhmUBCPAS39qDKxIX9O9KFZDZcBfrXdF5T7EsAPOjeE06/l8Cx1ueYOHoI3gf3UHmiZfqPZ6LXQd6RalghhBAA0V+Q9+4mFN73oho0CRu/o+Rt2EKNxZ0thJ1RhWu57CZZlkF7bD8pbkG4d3Qi58v/kPSnYW7h49tJONSeO/r1x87hfHny07s/nTb3Lz0bbVocKVv+Q8Jmw+8PgcPxuMeatLVvk7DPUCJ7fCexGRYEvDEEtwHHiN+XB7iiapVL9vdH0eTogHwKf/6SaEsbvFzMmqCnQgghhBBCCCGEEKImt30i9vnnn6
绕过了token验证之后，程序从http中获取了sqlParamenters参数，然后再次判断sqlParamenters是否为空如果不为空就执行ExecuteSqlForSingle函数。其中sql参数则是要执行的sql语句。</p>
<p blockindex=20><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABGIAAAA0CAYAAADBq55mAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9ebQt113f+fntXVVnvOObNT7LlmzLs2V5xqMAOxDHGBMvBjOsjoHVrE6Tblanm6bTYXXCGAI2Jm5ougndcYAVAjEY24AMxrJxPMiWZMmSLVmSn9483PHcM1TV3r/+Y++qc84d3nv3SXp6Av/Wuvfce06dXbv28Bu+v2HLwrWH1asnFU9mDUZBFISdSQX0PJ/vRAKImql31HvSLEVVQRXny0to+cL3nXzd/On6Ro9bX/5yfuVXf5VzS0v8y5/5GR649z4ajQYqgBi8+ie8X3FEnoR2L0TKxc/g5e7jdve6lNX29CZVh4jhqVkf36THS0rgkxdLgTdO70tBkfj/5h2rAmICL+12ugDMzs4C0Gg2AMjSLFyroTWpf1+g7+ELPPLIowDkeX7xD3IeEgn3Pnz4cOhnI9v2OucCr93Y6AFw5sxZAIqi2N39AIOACKo+DGD1+LoTXwsCcPN4mydMBjxefroz77Zy8W2rargyzolX/7i4rBEz9X2pfxRRv+NTO/V49Vhr8d6fd8949SBxTpHIIzd/YfOdtt5ZUcQAOBCPSNBDwAJhT6kqqt/kvyCoyLZrQ1QuyE9UPJO7aasOuOM3uXS5/3TQq/6+0eY5uVLG6nw8/YlZRxUfZOqHKN3H7Yd9Nn3PsF9qocWVMWZXJolU4iwYsFtmTkD99Pip11ozOt9cf3Pkn3wyYibmAgSHUKIRcPAQ/q5IqPW4oAsrqBChhCDnJbZY60Y7zWIEPnb67BJn//zfHD9rkiUGVcGKqTT22N8nf9kZI/hq0EXwGgZOL8O9x6TMdrvcc9fd3PLiF+O9Z3FhgVarGZTVoLGddwqfTlQprucb483s6PI+99+FUf4mfZMeH02qBtZaFGi12wB0Z2ZQoNMNAIwx2xs24z2+O2Wy3+8DTxwAU9Hc3BwAWZae9zprw/NUwFKn0wFgaWkZgOXl8Or9kwGOMw3YRNoMwhhjorH+TX4Fu+HaERTb9J1J+Q9R/ZBpORXemlSYL6Rc7dSD0JqIIMYiEoygoMRJUOCY6Eekap89aetuF3Tx7go576ffpKeatmE2l5Ee752f3qvqqej9xdxzM6T9TboQicgYiBHBxNfNpKL18Hr1iJEa6PqmKL9SSDe9MgZdLnY7yIUDSq4kSkQr1Ehgi8fvyVuZRkzdfPDOjZUrkfMDBU80JUlCs9kksZYksVN9qvpiRHBP450ankWid4odAa/t/BbfpKeCxvOz1et7pdLjWS2VQrq5jWmv0XZ0pY/OpZpCwRsWgfor/SGvUKoiLYGLGMNpQR9WY/iuMWbaAN92Mp/ORq9MPe/FXk/8jqrfEhWzPekUP6t4nFdFjNTOj0pWyQTGGNQTmWwqKtu7gIFk/If3LnCX2Ib62qVax29Mgpyq+rh58U6g6fmoGqPN8vrCcvrSgKqnI+mmwbgy2WVk5hP4uBB1shi1+FTQpd718UXQCdsZyhdDTwwQqohM+qt3iqwLPGkL//8mPWl0Kc54iVGvFY/251lawREgtVrgK1tvF/eabu/vPn+9HDQ1juqJMTDh/6eNDXRplEBYmFO6/mVYV9X9qkXt60m4vF5GEaEoSsqyJEmSLfdWX6mm+rRWaRSNzxKEz9/xdf00pigQZPcK+5VBW42Fat+c389T+6m3GBgBDBfQrUacxPevLNIaRJk2hIKhPwaWgjIgUvG8cSpSaCVYFLNz86jA3r37wnjUS2MCWGV73jTJ1y+05athXF1dvegnvRhK0wSAhYWF0I9dMh9rAzi+Z88eYByps76+fvGNbKdnbxqwYBuMDXFlQjmojTupv1+B25sbqjLMzg9qXPwYjNfE9PrwCMpkxKawfRLJRdxjIlKyjgaZ+L31+jEUMy0zN18/6d0aX6+TC5Mon9g8/iFCRaqQ4eji0mouZLuVvdmVMP1/iGxS8CHuxXtF8KjzqApGAvgy5kY61dKkkX8pI10ZAdt8sqnP8a+LNEqqNIct/a3/2m42L4YzyMTUXUl8dkIOxL5dWvzfE0c13jsJ5koFLlZ8YXJWpMYRn6qR3TVU9wQFayhsK7c3763aTjjPNZdw5/BaT8o2ZngVIVfx+AvcbDuZVqd/XohEan6320HdnMppNoGQ28QWXPG0WRYJ4CfY0NYMEsU7R7AdHV412pMm/kyvGGNCNka8yXjuBc7HEytHxU5zfcWRaJQLJkoHN6GTVr+r8QlyUXfPETbR2F6mbn+zLVPZoNO6vDESF/QmzUknv7X1GcOzbKeDXOwz6HaL6rJSUg395fYi1FujYoSiE4Ls8qQnVRuwUsAFQqgaEl4jA/aqOOfw3oEIzrkYCjf+uSI34maaUJ53XKRXpGH794UiE6xqWnCRgvwKIZkSZPE9DWx4szN7M98zxuKcj+kC0yZEbV6I1h7l2phjzDcu3pv/ZNJYXAjh2dUHoNtYG1IxxURFoVL0FK8loh67RQ6OlbOxDJXxXtax4hIAq/itCgiYUgafTqvp8VNt6LB1bWyOwhwb+EF1Udk0xqGR8dqMFtTkmp+SAZWBtSMv3d1arfo1WUfIS4oXU+8lnbh2dxRVXImRqkSAUHXTuE3kW8umdydkd3gvNqsepFqD8T5azcu4eohG5dlAqJUgUNdrkQCWRNZYB+5KnU49qdDFHtV7SOoRCXLeRuYTflQMoooVD5iYqlQpjhNtV1EpUqm1l8ZvxkDMZnNps4Vb6SZyESlRQdn2IhiUZAIcnKyJsAOkxlZFebpnseNPKfuYNjhjlOR22vpTSNN1CLR+LxgZFudKvNeJqKiqnsFkSt7leY56n6pOBekQey6bl2f1Uu2DiTYuhVQ3r/lpc7n+ka3gwnZAw8WQCHivaKwLY7zg1QU5odV+M3Way/hGU1rIDm1vPxYSZcr5+jkJwmyR1jt8sdoPk6NYddlMzteFMaQrlowx9dyrjNfCdma9Vx8Ae5HI8xSwoCnTK8sjRhFLtL91YpwrW1TG+9GHJW9ihGZt4m+OTrzM+/fCFNa5x6BYBIfFEdaxGa80tYTaaB4VT4jNuICNeN57hkizeqR0MxAz1o0rmralo6ipda/tIZZt77uJ9265+ikGW85HiSAYDVNV854JUGS3dLGsuUYWKyZbgxmPB43b6V47tFpNdsWsqv9NpbiFxWHUI5JgsRMejihEvcc597j6djlIKgO/uqtW1XnGPaiMZqNmwoCb8MdKxE1lq+r4+Ps3LUC8TCtftVOU8TWTAuh87SYavl8Y6pBFo5D6cI/yvMLqQiv6iZ9Bjcb6OFXwymUgF0NRJCJ+zJIdTIePRkBhs8JdMWSJhtlY36mDuuP+1StqmJz40FdHUPLUIiapQV9F8RpAXhO1vi1RApVyEEHhqjhv5aCbVMa2004r3jZpKJ9viIbDIQD9/uDxPfwmmp0NtWF2Ks57sVQpOxeb3jE5LqrbSAAJRkjAVkpUckQKREoMHVSbETiDKhqrykEP7NSM20fjPCsXEp6XYL4DVdHb2nVSPUR0IunOco6duVi4PiqeoqjmhH2XMYYcxr2u1tRkAzkBkGrE9Zobjygk1frTyV6boKjJCBEXiuSKAVLA4kgRlcAnTGU06YSsFsRUBk4ERLY8sEIsJCuxT4qLgI4J94t7zhhIxJAmBKXPB/m+mZ9U8mYK39nFREr9KkCOyJDEZ6S+xcAqA+NJVDCbikjvVIdosvxT0J8MqMHiSSaAm6oEsypkqqQThnRuhEIMaAJRt9n6xB7F7e5hJ597woj2MgbkjUKmYHVap6jGyiO1F3y8AqOhpEIatdVSJDyjCMYriY71lMtNW/YGMdJbgk5pJAmG5AQfq2pNOecelx65a4qL2KtBKoNVQ+ShiAMpQRx1esBm1glb5NUTTjLec0bH+65aE7tdkV4Dr1MNfNsr44LcdRp4aNkg+IloCq3mcTtDMr5u7k8FWFdgG5u+qYRC2PU9djmY9TjEbj2ZU/FkU7X/vYAXxUsKpkFTha
其实到这里可以选择跟进或者是不跟进，因为如果跟进的话，还需要分析另外的一个dll。一般情况下我都是会直接试一下poc，如果能够运行成功，那么则不跟进，反之则跟进函数看看是否存在一些过滤。像这种看样子是没过滤的，可以尝试直接试一下是否存在注入。</p>
<p blockindex=21><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABOoAAAFQCAYAAAABa5FrAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOydeXwV1dnHv2eWuyS5WQmEJWHfBEQEUURRUbEudX+rqPW1Wn27uFC1Wvt20Wp93bVarLtt3arW1tqida2C4oICsokIQVkDhIRsd5vlvH+cmbn3JgESXNH7+3xCwp05c86cmTvnmd/ze55HSEdKugFXSkAgNBCi43Yp1Q8S/AMLAdKVIPx9dt6lrms4jguApmkI0Xl/XRu0BZoJtR/yymNP0EvoRFwHU9rEdZukbgMu/og1QLgOupRo0kXzfn/uEBpS05Cajuv9lpoWbNaEgaWZJGLlrI8nOeH8S0G2khICGx0HjRAGYTR2dap2Fa43PY7t4LhO9pYdtlPXNvOjfdED7xZk5reQWf/v7qA1kJ/BifqH6NY3uJtdCLp/etuBzJ6yXWgrpVQ/SIT3MFD3jTfO7GMLut2Z2OUHTOfo8vkKkC4gJNJ7znTlGZlHHnnksdtBSkT2WtqVJgjQdCQaUgj1zMzaLtr/fA0en8Fq1O5k1LIisJBEhKDRsXnnP7M54rCpuMtX88Lfn8KwEpRiU26Ci4UUdhfXIrWYOkIiNZBCIIXoYAJIdr5GSanW6Zy2QmCaJlY6jW3bSEDXNAzDQEqJ7tgY3ba1JY2JFBO+fylO1UAcx6Gr91VgRyAR2zU+t7eQC88uUe12hzXbP19NaMhdNhw/hSGXRx555JFHt2Cg7XynbOyMAtouoZazCHbthdgwMoOTEhyni2SdJCBSNNsB24ECE1rjuBvXkIg3o2OhCxtpuEjdBhwUqSRwkWiuowwN10VIiXCdLo97V+EKcIWGjcAS4AiBm3WBNM0kLSI0R6pocsPqQxHB8EYWRqB9CSSdGpv3O6Rjon8JI/giINr9/gwO9VngK01uZvBpSD8R/LuDA3TY9OVOTHfOV+h4O39dvzt55JFHHl8QdpM1sWsQnf5P9+lOYaCLKABt9XU0rvmIItei2EmBm0IXaYTm0JFuy4X0qBtXSBzh4GguNi6u4kUDIkoIr992/xdCoAmhyDnvRaC980sCaSlBCAx/m5QE1rVrI93uEXUCSLUmISrQddD1/BraNXytviR55JFHHl9LiPcXLOqya0QIoRR1AnRNR9M0dENXC7WUOI6D67i40lWLepbgyHUVCQayy54n3+ujCQ1ElvdrB2ydJhRjJKWDISSmlETRKNQ17NZmWhsaiYXDSOkicbGEi62pvyXq3ISUCE9JJ6SLkK4nefl8IREgNFwhkELDRf0WnvdYEwJb12k0w7RKQUE4gpu2wHG9ufJ/dHZKamRBeIyC5qkkA09ozjy396LJrD5EoIhD/S+zzw5c25l+lMLMP8evpv3Q/vzdrP+3V9bt7AQ07+crDgmariGEQNd1zxDXlOd5Z19hQfAscBwno4bLUtZ2Ba4r0TSB66r594+juhAITQTPh05PoBueXyGEp/AUaJqhFJ6a9z3owvn65xmcr+uNtQvn67pKZeJKl+48I/PII488dgcIJJ5Vo+wrz1rpCiQCBw1XGLjCxEXDFZk1VB1TZv7ezVU/AuERYK7n/G6/iGjEUyn222c8TY7FnNmvc8whh7B58yY2rF6FlkoRcy2KHAtdOmg7iWzwOg3sT1fXcHUNW0ocb01zXAekIsJ0XQ/WyszYpKcwcwMFfPfOWWJIt9uKOiEFtoSmwkpajIKAQOxS26yxb/e1QjGIHT4UCC+SRNnA8ouIuslCd20pJIFq8NNFD+z6dytv1+SRRx55dA/GnmPHdH3vrGe7H+Lquq5avA0t+Nxb73Pguj5N172HtZalxNvh2uLzRtlwbHBcpaiz0hAeSEUk2uW+O3bQHbT3JLrep9kxeu0HvPPFUwIVKLPBwKIQ0NDAlZ6cUevScT4v+PeFusSSHS3qvpEn+KqScztDZ+e2sxPZLU/0KwPX9Z4xYgfqXQ+7ahRK6T13pP+8Up9rGjkh/dkQHf7YNQSEZt6gzSOPPL5GEAEx5zs+u/PCL0AzAB2EjhS51El7t+Q3YZV1vRnQsHCwAOjRsxeRnr0wgIJuHa0zAzqDNGA7Lq7rYhg6kc84TcRngV547lO369c/I+rbAVG3k9BXIVQUi9vJLr5gQbY3HDqLJf6cIcm8T2lfUo4Z13V3PYVRHnnkkcc3EEaX9/TXcW+9EcJTuwgNzYDNm+qJRCIUlxRlETUKQmRCI0XWv92BlOA6Kkdep619/stT8mi6UIGgmgBTg5CZSaTmwXXBsmyEJnLXUE0oo9LnvZTWrUujdpFI18WVmd+2bVNUUOLt4ZAb3uaSMTlFVk+i07VbAhHUwm+ge7os6U3wZ6/SklJ57twsw1pKME0TgEQiTjSaMQkDQZygS7F/XVUcffUgvX9FoCCUyOCvHWO3POEvFP7zQ+W3zBD/Wie3ePZ2v12G6OqOU0BDSpkxYkXWbQxYloNp6p/r1euoZM0jjzzy+DrBRdlB3VXmZEIlpcx17smsP7Jdobs7tr8UZBT9uiMIefmcLSCKsgRdsi3CrsxIxnB3pfJxO66KjmlqakLTNEpLS5G2S0s6jZQurrsdp5LIjqzoKiQCF7Ej9Z9Ua6RuGOi6jpQSK5UmVlJKMpkkmU4rx3XXu0Q3dCKREJq2vZDZHSsEkskU6bSVc60Ewos4MgiFTPSvdvLlLiFbbAGd22I7g67vBpEkeeSRRx5fIRjdtWi8WhKZF2KPHRPadl4wd+yo60bHfl872o7HWWlkR95q3kapGSRa4xREC0BXRKOuq5dzgWqHzBhHSu2V/cK/8xPRQCU7BqSmIVyJ0A2SyVYikSJs28IwdHJDJzMhkyKLEtxeb3qHre0Isc9qzoPDC/ziByrM2SWVSgEQCoWzwppFrmEpO/zRKaTMNUgdR6LrXT+B9rPYmV6xfR+fHh0pOf9uyXSzPap19zfaPm/41yqRSBONhrAtF8PUcN2OBmK2eleIbFWnQ3egvL3+fawFyuB0ysZxHUJmiHTaxjSNjKoPcpwEeeSRRx557AS7UkzJ5+l8m/PrwsbtAJ3bLbmWsHBB8+Rc4e0eqYvz7aWxAS+ttFCqMV1oKv+clAgJulD6SE37LNXfXRijZ+pKKXFdF8u2EJpGU1OTpxjTukwQ+qkukJJ02kLTbM9R155M6kgoS+9FyHdkm6aR5dBWcKWLa6WxrDQdbGP/OO6Oilh89ghSFLkyY7t0qSEIL6TAf08Cujz27NRH3yx01xmRRx555JGLrinquuoEEVm/RO5nnxZCA+Eqkkg3Oh+QX2wisyh4j0mRCcstKCrAStlgK3WebhjomsqFF6h4giNmP2A1CFLeauTSQbn7CWGgkVafGhqaq6HrIWwniWFEiCeaKYgWAeB6ZILWPlbYP3ZW+J2mZdRDjuOiayo3l+tmkYu5J9ApukVaSY/A8IfjGTIZ9ZGGbdu4riQcCmE7bk4RkKxRYdt24AXVNA3HcTxjKTMY5bVT/08m00QioSCcut3hsoeoQg9QqsvsXMKO481b+3PuhFiR/jy2/3w78yVRXmdTA9tvFhixEoHmkUUSIYys48luqaZUuKf05qrzfXxyamdezkB9tgNiKft+8o/pi1Gzj+/3mR2C2tl+uwLpfYVN0yCZTAcJojs7bnvyTgg8otfwtrudGN9dG4OUEAobJJMutqMM+XTawjTNnHPe1fPtLimdRx555LF7Q6NDbpQuQ9laIqDr2uOb8Cz1LCRPVShd2WkK5Uz6kR0cqX2xhyDtQq4V7Ntojq1stnBYxXVYloVt2YQjYaQE27YC+7DjeCTJZJKCgoIO5J6U6li6rqPpBkiJEBqOq/Je+/v749N0jba2ViLRKJrQcRzLqxyrcsVGowWk06kdnrv0ol3UMVVIpuM4qiqtZWXv2ek8+nmZDcPE0M1ArJC2LGzbyqR28Zzb0lMD+rm8VeSOKgDn28RSgmPbXXL+OY4T5AsUQuA6Xj5gJIZuoOl6cI103QiuoesZaV24PdpNmLKj/LzB6vy7Qr5l7FaZeT
<p blockindex=22><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABPwAAAF5CAYAAAALeDQ6AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOydd5wcxZm/n+owcdNs3lXaVUQ5IYERCCFMEEKAwcCBsWWwDRifz8b57LPNOYD9A2MMBz6Sz2DA2JhoLEAggohGWCjnnHa12hwmdajfH90zO7tagQhaCajn85ndme7q6uru2a23vvW+bwkppUShUCgUCoVCoVAckUgpEULQ1dXF4sWLmTNnzuFukkKhUCgUiiMc7XA3QKFQKBQKhUKhUCgUCoVCoVB8eBgAEnABDYnA7VVE5Lw+Gsic30JKQCCE99n79FG6GoVCoVAoFAqFQqFQKBQKheLgMcAT+xwpcYWDjuO5/WUDfTXvJTRfLMtIZTKnUI6Elrupx4ZeSEC8i+yWe6jIiJI9zy56FumxUZAR/PxPYv9jFAqFQqFQKBSKjy8uuLkT+hKkBM0kaxxr7G/DS+nvFn3b3Ln1Zbf2LNnLlM/udukePbg5+/cbPoiMxe8d6PovHemX7W3VZ8rRczzjnzNzqWosoFAoFIpPApqUEh0whdc52qSBLiAFIgDCBOEALgJBZzLlHem64CZBWoDb7SaY+e0C0s35kPOS/it3s5R9FvXUSO+3lWm1f2gasHtV4et6gP/bSYHmbRSyp0ypUCgUCoVCoVB8XJHS9m1hBzTX+00C9DRYKUjhKWC5drd3pG/ru9h4NriTWyRr70tw071sfkluEQeJnbG+fRs+lVPSyvlMrr7n4AuVCSCBJEEClw7AwQFpd5fNnt4bGWTrc7vry4xw7A/r5ioUCoVCcYRjCNEdxCuxWL3un6y54x5irXGSoTzSQqOyvAQRK2PWf3yfvFDQ6yk1vM5dgPdD7x1Li9dT6+zn/deXe57MKdNje/dx2fhjuvv2DDoHmHk0XUi1gx2EsIkUEonuTVqq6T2FQqFQKBQKxccSiRAa6IK1//tzdi1bBVaI8sIC2hp2Up/QOfPzXyNyzpyeM+ISELY34S8yXnVejI1B7wTggqzPnOyVGlyA9CsWGU/CHq3r/p2Z39cECDdnJzaQwkX67TAAHQ2t7xl86bWlRxX+SZTdr1AoFIpPGhqA60g0IIROYv0WytMu5VIgEkmczjac3Vswt25k5Q03QJflqWvooIVAaHidcU63KsCbjcsogzl5AGXOS8OfacTr5R3XEwo1/6VL0GwwHRAuuis9K0BzEVgIEhjYCCw03O5IggyNm3n799/n+et+CBu3gpYG2YJtdeI4zqG8rwqFQqFQKBQKxWEkI8alkG0rGZKfwmxP07CrGTdUSFnY5YW7f4K9+IXumXMNEBaQBi2NLdJACkEKHQcd2wvwzZSVgGP2FPt8k99zB3DRcTBc7xhH91IHhfEn8gGTFCYd2MRJkcpmE8KQoDm4ONg4pLAJYRGTEs3RvHNm2pGN09VBCoJYSCwc3fbGGkISdBwKAPMQ33WFQqFQKI4UDABD787LN3HocPYO3Myw0gqmXXQRRKtw/3QDK5asIBrvgp07YNQwL35WOn64rw2OA9IEGfREOz2OlzAj2N0hZ9ztNbywAifpHSsL/NlEf37P8QvrAkTaO8AVYAkwBGgSXdMIu5nQBL8u6R9DAAhBSGdUxGBt+05o3goMwkzZENBB0/vzPisUCoVCoVAoFIcBh0LToS3ezqzvXQvTJkO6A+sPN7Ht1YUYAX8SPGPT22lP9NMdDDQMdC98VuD9tu1uNz8nD5xMlI/vRifwRUOJkAa4prc/YKOLDiAITgCERAgbnRS6kLiYGLgg28B3RQAXDZcALgHww4dNrw4JyCSQ8kOKA3hSooVBp99A3Tu/Y3rt03V6ZhBUKBQKheLji5F95wKaxt59DazfvZPBQwZhhjSw96BNm0rTopfJq9ahMOwJc8117P7jXaxdvpyghKpYPsMv+hwce6onum1ey86n/8Hq55YTyy9hxNgxGBLeXPwKx3z+s+Rf9AW23PQr1r/0GjMu/wkFs2ZC2GDDQ/ez/e/PUjFsMBN++nOw9kJdA5sefJxdz76CFivELSpi1pVfg9FjIRKAznqeveor6K0NEHQJVQ/nuIu/wZLH/0S0aRXlkQirH/gVnU89wjFX/QhqKw/fHVcoFAqFQqFQKPoNjbCeR5tuQVfaS2bXmcDWwjhdLm2b1lE4bRp0dOAu/RdP3XYbJDowKosJVA3mpJ/+xhsnBAX2U0/w+p23YYsUSWFzyhW/xPj0HJb+4D8Jte1lzLEzSXc2s3nDYhrrOhk19NOUX/0DKAKEAXuXs+TWB2l6exOt8SaKq0s5dd6FcO7nCBkhIM0fvzyXAQVlzDjlC6x/eyl71i3F0eCsiy6Ek08DU4ddq3nl9/9D165N5IU0Nu7ZyRdvux0GTYSNS9n39JOsXbmGRMplUOUIxpx1EUyZAGaQbsFPLd+hUCgUio83Ru/8F44G+dEIojMBu/ZBUYxN9z9BaWUNkaG1UFEEO9ew5s/3EK3bzsiBRYQiBdgNu9nxf//D4EGjoKCA+LMLaFyznGGjh1MYq6Spow2nsZVRpeXkB4KAQ3lIJ10QpMAMZRPyxUI6siBEadQALNi5hV2LFiOb9jB96micvDCNVopX7/0fZsz/Ikw5mgXXfJfx5aUMGjOShq5m4kUDoaicASNGkkysx3FtBg+uob3qKAjn9fMtVigUCoVCoVAoDhcGTW0pHCsFLVtggw4N26jfvI50pJDCcUeBnoe7fBFrX3ie8UOqKC0YRmfAoa69nRXX/icTvvddWL+Jl594iBPHjsUKauyOt2PkhwAoD9uELY23X3+L6uG1lNUehWnsIWI1wsJHYf5nYMMq3rrnVsz2CFMnHU+Du4dgTOf1Z5+gfMsOhv3gZ2ClGFUcJWil2LlyBRFdMHR4LbKji5Yly4kdNR4Gazx/xy1E9u1ieGUFZiTIoKNGQqID4lvZ9MzDuKuXM3lIDW64gK6GNC1P/YNYcR6MHuOvPqy9yz1TKBQKheKjj+fhl819J7F1iZ5Ks/ONf5F4Yy1CDyNTNmNOnY15wYVgN9K2ey3N+9YzZngZzDoDigfAgsfZ9a9lsHU9FJaw65WX0YM6Iy4/DybOonzTKjY88AjWhl0gwkAQV5O4WtJriS886sJFihSaSAJx2LuLPW+8Qe2QwUTOngtRE23pP2l9bTM0roLOCHbHbuzoALjgC5QbBhRWQ2Ex1QVziKfepn5bK/mzziF/5pmozB0KhUKhUCgUik8OGmk9REhzaFp0L/rfOwm7SUorR1D7hS/ChNHQuY61b75G69ZNjP3s2TB1DJF920g/8zRO82bYtwqad2AlW9BGnETwxBMZGgxCQSFonbi0UdfWQO1Jl1N04ZkQgNIlz7L85uvI22wxrHMuqbfeonBbC4OnnkDws1dQNriL+LpFOJ2PsvGfCxm2bT5UFhHTDBKpFMNra9Ev+AzsWc2OPz1E06rNxBqbYdAgii2LsO0w7PJ/98J0I0Eor4W3nmDP2uXMHFYN0ybCqDEUPrOUfz21hPGrVxIYWguBML2XHlEoFAqF4uOIkfVk939HHJcUGrGiUmonHEdXvJONr/0DMwYgwYZ9mzZgdXawbXUje9Zupc7RicaTlOcXMzDZDmGTgBnCCOfDUVO8iqsGMXzMCLasXQ5GCgBHSnTbAdHuSY8yjox3EdHBTXQCCUglKCyI0rhvHxt/ezPJSIBOU5BnhrycIXaYaTPPYNWzL7L1J9+hUySYddFXKTj+EtCiSIrochOgaZBO4ZgmuvLeVygUCoVCoVB8IpAU5UdpsiRaWQ1Fw8Ls3bWM0vIY1AyCrnZSO7eiJeKMqK7mzUcfwX7yYWRQYAHlVQMhLqF0OBXDxvLyswtoe+ov1E4Yydh5X4Zxx4EMkEilKDp2cneUbFUpImgTyRNQt5V0ooOwaRKsKoeqIKAROWo0dtefKQ7ngxEAoePoOma0EH3yCZB0oDCPispKWlZu83L/6aWUTJrG2kUL2HLtdbhSMvuUEwmfcxp0tWBIm03rNtG1eRctgWcIihJkcS
<p blockindex=23>可以看到确实存在sql注入，能够直接执行sql语句。</p>
<h4 blockindex=24>后话：</h4>
<p blockindex=25>如果想跟进看看具体原理就是找到这个Service的dll。</p>
<p blockindex=26><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4YAAAA4CAYAAAChW+aVAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9ebRkx13n+YmIe3N9mS/fvtdeqirVZm2WrcXINhhsDM0A7QbcZ6DpHsDdDcMMf8w5M4dpznS7T9MzQ+Ohp5nhNOAGDIyxgTGWLduSXNpKKlWpVKpSSap9e1Vvf/lyz7tExPxx783MV1Wy5EWLmfqdk5Wv8t4bN+IXEb/4fX+/X/xCTG3cYAEEXRKAsHwHJDt/WWtJp9NMTk4yODjIoUOHcF33Oyk0JvNt3i9Y1yoLylH0F/uZmp7i3LlzNBoNhBCvWwLY+PPWUjabxXVdGo0G1trO5+0iAUhrUVikBYnt9L8VYIQgtBaDiLghBEJEf1trsYAQEhv9AUJgTW9/WaSMfsdaEGBN/G0tAsG36oXXq7MArDUIaxHJOywYa5Eyqo/G3tDHybPGWGRSX6J2GBGNNHHd3cLKqE+sRUiQUqCNRSqF1iZqV+c50fNOu+7bWouQMnpWSmzMc7FunEU8sdYi4/dbIbBc3w4Ldv1IF4AWAoNA2qj/fAFaJOXauH9F1BXWomL+WxvxSkoFVpJKOSBCshkXYaFY7EcA2VweK6I+pyM9BMbaaGz01FAIwfLyCkLA0uJi8itGWIywCDwkfsz95CmJsA4Q1QMUFoUVBouOy1X0F/IIa5mYnIyejwet73mAZXlpAQm06o2Iqwa0NBhhCAgRQuKYNNYItAKBwbXJHEi4RTwuBCb+jmdMt1uFgHgECUTE26RvZDxGEQhk1I6E33FfJfMPDCKWcwKBtLbTt8IKjJBYBCbp9J5xZYiui3XjISoTDMZolJRIwBjTGXvGWrSCUFjSWuBaQUOBLyFtDK7VSHyUsEgrMEYicCAemQaJQQISY8EKHyF1/G4J1ol5JRBoBCHdmRI9J6yI+RO311qsiOauBqxUWAygEWgQBmFl9Im5IEnGYvTs9ZLbWosUKuobYdFWI2QseTpzN+mZaL5LZMTB5LoQUYeKqD2mI+MsVpjOGIjGoUUjMUJ2ynZNNKJCFfWyNBHnsF0JKLBIa7HCxsMqlhud2iU9G82fWPpGH+sCLlqEaKGjeW1F9A6d9Bg9cy2We6LLrUj+xTIhvk3IiLd2nRyN2qCFQFmBY6PnojkagtDxqJQIm4r7ynT6N3m7QiOticsWGKuxFqR0MAi0NZ31hp5aY03PetOdCRE3on7rHQc2lusSwFiEiOWvSaR9NA6J+0QBLgZlNaEQBKI774ygh4NdmY9VvNvoW6+r4g3vuv5KIlG6kvEW3aJb9PeNnLf6BV7bo9lsvQEAe2tIQKT0J2DEWowxpFIppJRv9PjbRlrrtx0MXk9WyFixj3QR2bPYGuisEKLn986C3aM4JWoM1/V3pLOZaOGOAUtS4HdmhEgeTxSDRCmjo3RbwetDTisiUJg0uAccdhWMXiOJIbldCIGOldfQWKyQSBGB6fWjqrt4dhSJmF8Rf8262omeZ2L1dL3+HzMqUf5v4AURgIiAJJ17Y7yMIfm2HX1KCIGMlddCPo8QgmKxH4B0OgVY0ik34pE1SSPoQFnR07qeSnWhkqVWW4sNARFXrY1baAWSrgLefVYirUTa7nussFhkpJQICUIwNDKIRWOEXsdlNx0ZoMYnJhEImjEwXF1cRkqNF7YRwiGC3dH4S8CgYyJFWsSNs4hIWbYRuLY9gMbGIITevrLdNiASJVjGV2VPz5rrVCsbq9qmR9nsUlcpX/+ehGQPiEgu95YRybsIrEohOuALIdGAJ0BJgzQ6Br8GSYhER/1gHTQKpETbpO4RryIAa5DCRlDOBjFASGZi1O4IPIVRzayMQYNAWtnhn4gNU8ZarDRoIQhExE9lBSkjyRiNLyVBXE+BjcsRICJgoa83BgnR4WtiyIrZ0eVpzDlpI+OJjNspY/4nZhUTG8NsjxEkApzJ353ZQQILk/6K5qDs9FHST71Ao7cP1yvvoiM4hUjkaFSCsInkScZP950WEWHZGDiLzjM9cjy+1xfReHeNRZGM+a7ASaBzIjO7UssiCAEdgVpAxn3SHevdlorYCBJ9dGQAEgIlTAzoIlApRTJn1nMlEfRCrp8tydxIvk2nDT38jseGsab7aCxfhYxnvbUoDClrsFaghYxnPLEckp0HI4NHArjfTj2nd+R0KTHwrQOtNwNxiQB/vSrbZNT1rEydtbb311t0i27R3yf6roFhIoRuJl2klLS9Nnat/I4AscRqn5AQglCHXLt6Dc/zeHuF+OtTGIaxh+tG79bbQz0KOF2LO6y3uNLzG9AF3GL9lcSQ20u9HqH1IOA7pWQZ7lWp4trGioWNQYi4QbmISHaeEmhjsKpraY4Uenud8h8rgLGH0gqBTjx5VuBicU2krGnBuhaLuNz1yl58teOe7W0dCGE79U58E9L23rG+LGEj670RtgPmhYWMgVBAU0XfSkiEMTh0QWa3v22nrzpKa+y5IgaQkZc4UT6646YLByNlwsZAMlHAbLei3R4TDtqK66zwsX9NSrCmA9wg8gpbIiOKsV04FT0oukphp4d7+RzxSFjV8VpYY1BSoY3GAEFSlJQdJZAez0yibkVAp6cfOl6vHrUpemHMocRXK+O/beS5lBZhImVexa3pKHNxx3R/uRl8iK8kHkdxI+jovT8yliQ9HIFVx0LWgLRRm2XsASIGOAYfKSL/Tsyc+H09HqcOKFUR320vDEiMArbT/sSz2h0/3S7UJIaACCS6RnSe0cLSlhITe5OF8JAYHJtCGYkQBi263v91XLpe8Nyg03ZRQtQ/yf+icWYhHtNx/YVIAiDWK89Ax0vaHfSxbLFgzDp9PB4m8fNJdIDpAjk6vtS4/yKvrxUgpYpvi/of1nua1xkLhO3UUhABO2lFbEyKKBSKQAryWpMxmpaKoHy3dokw7PahwWJkLHOFxgqDayx5LXGMJBAuoVCEAgQaSQCEIMJIlghL3OsxyIoBOAqRzBdLdwx1AI3AXNeHESDtwGg00TgQMY61trtGJE8YE71XCZk4/7HC4BPNz+6YJZ7naQRu/HSIxCOZbW8fTOoaDISMZ7pN2tdtf7dvY8nUkb3J+LVxe68ru2dc98oQYeMoG7pr0y1weItu0d8v+q6B4fqQuV7LnSAMNfV6nUqlglLqbfaIdUFW8lprLZ7n0Wq1MMZ0Fop3Box1SYjesKR3jqzghoV2nUJPr+Jz/f/XP/jt9HSvYvSmn+n5twfS3lCbCBTe5FnRVXgiha0LIiJLfAI4ohVSRlphB2x1faPRAmliJSVRaONXcD2HbgZQb9YyRDd01xArdTZSR+RNedW1ECfQJfKuCdAGqRSuUjhKks9lIAwZ7OtDIujL9UWzV6nrSuyCiHWz+7pw0V5YSY83pNlsAhbf93qASHJrrLwbC9Lp9p7oKmFKRPxVPe0CS7E/8mi6qRRdbnPDoJNKIYBCHAKbzxewwGp5BQuUy6sR0NRRaKUxERgQcShuEt6WtL0LZLqGhs41Yr+giMLhovEcAdsukIxCSU3sktfWRKHOcV8pEQeKGouUXfBKMoaTgXsDJR5gm/T6ddfFunt74UHkiUtCWaN2KRv9nnjBLDYK6YuV8QQc9ZaYABas6pl8XYU/eR8kQCT+WED2Kvi9nv9ozCejMgJMklBYDJHH16WNsmHs8Y3CS23s3Rf2ZrxKqvat5+HN5VzPqBegwxAVz5nIgCJuVLDXjdzEZGBv8PqvB4fQvSpu8v8oHB268rrbo7EZoaes9XEQvSM6ma+KbjxB9FHW4MRh1Yhu+Z23xR5KheiEtFphsUJD5FsmYwyOkRgpCYXECJCECBuSjEMrQgw6MtZ0oJzEGI0QDqozni3aWky8JaFX4qzjtu2CQxnzVfY2V3RbmQDuKKTYRvLdRjcaIgODkaCMiI0mtudd3V6x13Hn7aP1b1+3tlhIPLrra2fjJU2QmJxuqLddH2fTY2aIeRy/S9xs5b9Ft+gWfb/TWxdKKkDr8I3veysrEG2EoneV1KEmCAMc5ZDs43pDXf1
<p blockindex=27>然后找到systemService的ExecuteSqlForSingle函数</p>
<p blockindex=28><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABE4AAAC/CAYAAADgvZkjAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9V5Rd13nn+dt7n3PuuakyqgqxEAqJAEkwAQwgRYjK0ZbUrZbkltv2rO61vNo9T7NmnuzVL7PmaayxPLJ7ZDm2aZOSLIuSGMQcEYicCwWgUKic4w0n7L3n4dx7UYgESInBqj/WBVC3zj1n352///6+/ydal7TbhsYGSqUSQghuFQL7jtfYG/x0JZRSRFGE67porW+5PDeHa33Pa5fLCIXGQaFxbIy97pW/bryXp956u/66YYXBYC8vWu1Hkfyx76LclY9YC0LKWy3Vgte7eLB5Fx+rPvk9NJH4YDrkRxLvtp4X6/gWIOx7mq0sFikEyWC+uTsJRG3oXm92Nzdo+8X2XcS/NQgh3tWe7t3CWou1H62B9E6189H6Nov4t4zqWP6ojbFFLOKjCinlZeNNCEE+n8fJ1+WJowjXUWijKxfd/GKb3FLcAhVx7d8IISiXy2QyGYwxNzU53MgIeueN8BUW+/WegcDgILE1ksh+IESEffe7eyv5MJEnVli0MGgRs9DEStYFgUSijHOdXnWD+1JdXETlXh+dBeY90DUfopb9cMO+B25LCJAfne70gcJiMQvnqptZUuwlQ0/WJvabJU2StqkuGfIa5IkWNx5jUiySJ4v46GMhWfJ+EhnvJ0HzTpBSYox5x/equF7Jq9PW4rTwq4OsHGZd2TettR+qPrSIf9t4v0nlRXx0cL11YiGcdDpNoVC44uJbWSrELX/ieshkMuTzeeI4xhiDEOK6C78V13/mr3I4WARayAWb+RujWuYblf1d4T0RAbdGhv36kZgwVpjLvpElMV7se/TrqdU/JBbvNW9VffMKI01QcVdZUF/VdrzGRLvwcivspZPvhde8Q5+4aS+I6vNtlcBjcXd3BW5q3AlxeRsv3MBxeY8QfPhGz4cdC3pnglr/f6fPLOjKV46/a43HynWXCI9Ld7lhe12j3X8TcOXYWDzB/GDxK98jwGXrzELD4Fo/LyzHrdz/Wp/5MPWha66x76J8i8vqrx7Xa4dFI3YR7zc+THPWIj4cuNl5yGlsbGRubrZCVPyaS3UdVNm/bDZLQ0MD8/PzRFH0oZhMLQKNRNnKJucdyvTr2AzdNKreQh98tb0LWKwlcdG/heoTQqC1TupdJCaT1hrXc4ljjXKcq+pDCIHRGoRASZm48Vf6vxBgjEXKS6ECxlQ3i7DQrJZCJs+PTWKqSa461q6esBhjkDK5/lqM5sKPXdl8lkq9VA2dan0ZizEGpRx+U7d4VxoA1TmjGuanlLp0TVKRyTWVa4UAo81ldSqlBCEwOkZKhTGapHF/c1Ctx6r3n7zZsDdR+Yy4RJS4rkMYhoDEWnONeyXjzFb9z8SlsZa0z8LnJ+OxOkalFFhT+bQxFZZLVp51qQzVMSWkqLSpwdiK72CVSPs3joVrkzGGVCpFHMcf7Jr1G4zqGIvjuBaa/F72PNW1pXqaL2pznKgdRF05P17r5PVGRH917VJK1e4JH64wnV8VcbKIXz0W2+HdY7HufnVYrMtFXIlbWXullBJrbnwa+H5Aa00qlUIpVVuUPwydWwqLKzRSgpNKo63EcnXoixDiKoPgfdtMVNzcvVQKx3Vq7300kPQ913UBCMMIbMWj6CZ95xPyQJHJZFDKwWKZm5tL+pTnXXZKViUvAKIopFgqUS6VKgadQAqJlIowDCmVS0RRtKANL/dOEVIQ65gwChGyYnxd0d5CCBzHIZVK4TjOdV0EBZDyPDzXvdR0lWuVkjW9ltrnLbXnGfveNCU+qqgaBFJKMpkMjuPU3odk/Gmta4SnVBIlJbLSD6QQCCEva49qyGChUAAEpVIJKSQpP4X5DajlK8dIte/fyjxmjMFRDplMFqVUxQADx3VobGq6ijiM45goCnGUg5RqQVku/adcLlEuV3W4KkSLtbV7CSEw1pLNZmttqlQyTxvAVMJ3JJV2T75U8tlbrqWPLhzHwff9yzwQ3q2+2SLeHRbuFarkRKlUAsD3fbwFa9bNwlpLuVxGCFFbS6WUhGFIEARIKYnjmFKpRBAE1/QcqfYJY0ztmmr5rtzLVNe16vhexCIWsYhFLOI3ATIIAsyHgKCoIgzDqxbsDwrWWtAxRCV0HJJraKahuQVtrq1zYq3F8zzWrl2LlBKl1GVGyK8D1yJsBMlJ7EdiO2Mv/Wu0Bgue54GwGMw7kieXnawhKBQLSCEplcq12wtYsPkzyck0iWeJ1joxviq/N9ZcisxZ8Jw41mgdJ7/nEoFhTEJeVL0YrixtlQC83gbUCmrhRHEcJyfAUAtvMNZitMFoneiZ1I7QRc0ATMr84RnD7xeu3PyXSgnRtfBUtOY9Yi26Uo/WXKOurL08ugSQMjEilJAoqRBCvqPH2UcdxpjLXlUD6WbmMEsyfgQJASmAYqmEMZYwDImjuEJWVUmZpI0cR1UIrqrX46WT7oUeEpeT6ZePp0vRdIJisVDT6rrMk6tCNlpAOQ4p30dJWXvvvQg0f1ixkAir1pXWmiAIriLJFg3g9weX99tkbah62FY9KG+VzPJ9H611Lcy5Og8uJBcXzpfV50RxdNkaVe0nC9+rCuQtvE8cx2itL3vmB71fW8QiFrGIRSzi1w2xceNmWyoV3zEG/Qa34NbO7K7Wr6gu2J7nIaWkXC6/o9vqO2mc3NjevrLMV5cJEi8YbQWBTrQrtt15B1IIjh09iueqyllmAiklQRCwYcMG1q5dy0svvYTv+5TLFQP+mtoWNef0y0p2qVSJUKKwgDBYcQ3Rmoq9F2uNNjFCWBzloMSCEBWbuK7/unDLwl5VcVgZY4RBm4goiMGAlEnZXVchkbjWRVjB1TVVuZUQWJEYbFobhJRMTU+hHIXreSgp8Vw38SQBhJQYbEKExBpEYiArJZEqOe3WRmNJ3P4dFBZLpCOkECghQAqsEGgdo7VBIjHa4PkewgqkcZIQAwxxHBFFUXKdUqRcF8dRNRUGTWJwCgFhHCfhQ8ohCTXQGKMxJjEMHakqoUFxjZhzlMIYW+nz16qhpG8LKZO+coNxcXV/vHS6X6UKq9mOEkPTJO9YUftsQu4kG+3r+cFcnTEpubO1GiEsNzunXN72yXwRR7oSgmEREjwvhRASrQ3aGrRJ6q4a0iVEYkRLpRA28XSLdYjWhihKXOgdmYR0SaWQiJsSEa0Sfkmd3DhDlMWgpETHGqHkZX1dVDwlrBCV2q1QtlZeIuwuBRoln6yFp9x8ZiohZMWJyaDjkFKphJ9K4aZSzM7NkctmUVJhrcBUw22u6Ey2UlhbIfJiG4OAKAgTIsWRSX0rBVYihSLWMZEOEuLUWLyUl5xkI5OyS0FsNFpHSWiaBsdVOG5CZFljEbYq3GvRcYwSDtLKSmaeJJuOESTjXmtibXBcF9/3ieMIawy2EoopxbXXAgBpJQpVq20jDBaTPNtahFRUOTkpJFbHIAVaWBQSaZO551flH3ZpvAouH6vmqrbXJhHi1johoOrq81Dpy7YS+rTQOH7XEJW12V6/HivUfsUTDC6tv1eP+4VhJgulnUX1PrbyPQW/snpFJn1YiWReT0K/boxbCXey1iJkZU2zljCKscZWPOYsbsWToxpGdZ2FL/GSFMl4DMIAgcDqZE7wM+lkzgKQEmMtsY4wNpmzpZQ1skYKVSM0YxMTxRECBVbgugqlJMYkrWZJiJKwHNbK53kubmXvVpvvrnWwVBlbtXBIbG1+oyq/L0ztHguZTCtMQmbbZAa87OBKVPcHld9U7mmq4X43mAPfaaW5US9exCIWsYhF/NvAwrDWKq6bVadYLFb0Ez5Yz46F7qoLTzk+SCSLu8QRgmwmQy6XY3xs7CrX/qoGQLlcZsOGDZw8eZIgCGoZgi4jFWoGFWirCeOQuBIOYiqLvgQQEqEc0iqFi0IoKqfdVxgrlZj/trZ2Vq1eyXxxmv7efgpzJaRKDMRLm9NrwNa2oNf+9TtsGxaeDN80eWIr2TOEQxgXCXWZnQ
<p blockindex=29>然后跟进ExecuteScalarSQLToObject可以发现没有任何过滤，直接执行sql语句。</p>
<p blockindex=30><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA10AAABQCAYAAADiDR8cAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d5ilV3Xu+Vt7f+Gkyl2dW62W1MoBBEiIIBCILAHCGC42YxtmPA6Mr+8dz3OvsYcxNtcGE8zDeOB6TDLGWGQwxiabYDASBgnl1FLn7uqqrnTqhC/sMH/s75yqapVQMPbYviw9rT79nXN23muv911r7SOnnbbbg7AqvvqzVoTBZ5QoHp1U5Qk45/AiuHX1AVL92/thTco7BIcXj0eBT4AcL22UdjjrEN8CPwpiAYdHcKIoJAWg5vpEWBwy7JEH/CnVh2cCHjQgHsKrteOx0bg8Flkdy7X1W/F4cYBDeSHyCtB49AZteOi2yIZPQfDDURBP9boqw3uU6OHzYQ0iOBSeCI8izNyDZm+1Dh9qEqUwIhiBY4uzvPsD72W5yOmKp6sVsfeMGocRRVdHFCKUCrQXYic0LCQOvHiceKz3WPE4saf0Wm04FuFJ6K9WoX+nzvmPEl/1UIsMy35EMy9hFVpxlBisgBHQPiJ2CalTpFbRjgu6kSF1oJ0AMUYUuQa8ENkw2ut66n019h7xHrVmPvFhzJUXIhGsgBXBqcFs+Wpy/Lrvrx2vh+gOYYyl2jRVm8QCpipP0F6hvEK8QtbtGwtiV+fCg/gYRwOPwnmDJceQE5kSj0UpiJ3QiSNy0aROiLwHHApL5G3VB0i8IkVRCliB2Cm012RKkysolMGJrcZuba8UsdMkTpE4QXthKYaODu8rhNiDdhrxMUKOki5OXFiPojFKh90ga0r2QuwVI0ZwAivakXhDy5Z0tGMx8sQ2IrYavGw47oO1i/gwr1XLBUixxFX/h33xCpEIS1hrE/E0b/7Pb2VsbBqvI0o1SanGqLtZ6ixQ5j1M1sFmHWKxaAzeW1ylfxzulHWxqpMf1M7BQy8b6gQPiETVGnoo2XhjhjVqkTXtObX0H4c2/nGL9x6RR6Fs1nxPKYX3D6XXf3SZD/W9MAehhI12uvZC5AXlN54JozxGVs+EU1vl1+2tDRu+ro1SnUSCoIT1egWq876aWwnr4NGeuw81VkLYo4NdJZ5qT7tQp2xc1+pTGY5i+Oyw0VUFG7RzzR4O9o1CTj2M5KHnb1jro15SghfBV+PrK7232pu1+mfjupW3qOH+O9VG3ODx4N3HuAf+vUrsDYkvcaJxKiL3OVYLSe000sZ2nA12ngOsd2F9egfO4MwirpgDV4Cz/3935SfyY5Bo/T8FeRgFAI8FeqwargPTb+173q8a8hsqzErxrqx0aI1o8ApnDSI8hFIY9CUAKREQUVhrUVrjnAuKbm2bvAufd1QHw6lleh7q4Hp0soFil8HBo4d1yjqlGOpdazgOR7QyztaW/qPkwaP7YAC4/t1g8IZPDeCrbHi+DIoLw+7wSrA4lrIef3fzTXS0kGlBe0/LeixCrhSGYDRHXoi9kFqIK6DkBIwPxq4Tt6a5sjolG4AuGY7Z0Ix9hCJDEkBV071qXIbFtJEBGiodzK3DeguVASHEiI+BCPE6GO5YRBReBOMrcCmgPBU4WT8zCl8REaFPg9ehyQKiwqdEYQGnFEpkCNTwrjJ6Bit77Yg83AF5qtkd+giDw1VYVRnV+hVBxOKdwePRCNqD8hrxNUDhvKeVKCwlhQ/grGdLvPe4wcatAJ+ggoFIMBDDeHi0d3gqw0kJFh96rCXMAf4Ug1KBqCFQtAIGIROPjVRYNxYip0m8kOLxlBjJK8MMvGic0mthLwPDRntFYsGIp68h9YYRW5IrT08FIKecCutqg5EOgGu4qob9B9AYtLh1XwzjrvBOEBXxvCuuZXR6O9ZpojhBdILznjRp4PsrSJygXQ2b98K4URmQw2pWdVwY/VXQt7rfVj81MI43JjXCuli7YwZny8MZZX54Dv1rhFYPLY/V2BSRH3nuPqwGe4hq154MG9XhJZy/fgCATtnmfmiwVw9OadWj6W4AlRVx6xXeB521Vr94b0BcVXm1Fx7GHjlVTh0rEan0afWfh7DTFWsoxg36V33/Icpd/cDDty9srY3h4MPN/cOp541AzlB7DPe0rNvV64vduAKlAugN5T+8XTgs7V8YcK0dv7V1P9L2nlrW4LtrXz9UfY+oPD8gDxzOWiwG4oikXkd0QpLUQWKMc4g1OOvA27DvRA/X3U9g7L8PWQe6/tn2yuDEHgKdwckteG+HoCsc5GrDTeuco1ZrAgbvPEVhSRMFylU6efXACJuiUrYV4zMoM44iiqIYGubOu8pw8CgRlBLErWWHBqLgIVnXRyNrlPvQvlFr/mi8t4gCb3nQTltrEgXPWHg2YEkfqTIYHLKyBrxstLWHHjLvEBUMd7waIKsN++ecA+VRWoO3lEoom3X6ymO0wnroObDOYVlts/jgZfAejPeBqQNs5WFwQ4P0EYis++tRygBirnkiq2DiQabHYMy9WwMGLBqH8h4vEUZiMokpJKZpNQ0r5EooNCAlgiX1wQsVoLcw8PzCqudX8Cgc4t2QcPAVeLNKYyXGieC8EClP7A3iHGtJ3FPNCzll3zwaGQDjMD9hngZlKlE4AwqFEjVcO9qH9jgErRVKxTgb4RDKOKbA0bKGRDyZEoxoxEXBS+biIZFiMZSuIMBMQ1GDnhREzhF5UA4UumK3186t4FUATisaVsSjrCNRKvhzSxdAsndo+jgsTkW4wbclItHxOjCBCMZ6vCgy5yi9o1QQi8I6TYxnBAieKYV3G5lwfj2DXokbgFpRiPI4v2Zt+spAcEIradHNCtq5pVlvUDhPQYFRnrnFOc7ZOc3555zF1770eVxFEgzqW23Neqon/F0ZGT4A2NUFs/4bGy2dU/efcw6lHm20xE/knyIDI3FjY9FjvcEBWvS6c8QLVaTDwEPyTxOlFMZYlNI4LwhxKNtXZ74I4hXOB6834tGisBXDv3bdPOJzznu01jDUBZXPxwtaIjwO8yj68FhH4UdRXI8FHAzLEsEYQxRFG4Ovgc5/RAfhGlaFyqawq6+t/dfraRGRoW4ZrPNHO66DtTIY00G5g/cG/z4V5A3qUkrhnBt+ZlXXeZz3FVXpiZOIbpmT1mo8+znX8MUvfx2tY3QEmpR+PwukhHMVmfoT+fck60DXgNH4Z5c1TgqFIMOFtWoADFz9zjkCEPGIxIiv0+v12bJ5J71eF+sMBG6fIYvjHd55clOCyRCEWr3O2Ngoc3MnqdVqgU33jlVzwyNKUE6F5/+c4yCeEJ4VNpX3ERBTllCWjunJcUy2vNEXhwZngCBhnAQhz3JEhDiJH7pKgIqtlyrUA1YB2OD9UM1afjN8x9hwYIoKCkGpYAyu/eygmYigRYN3OJOjRYLnwMigFjRCFJwRFeQMLXKAq8CNlxDC5aSa4TUhfz9Kfpz8+AC8D7q2FuDjB+PnoWJOvYDy4bWq8KnG0fQ5LVeSi7ASB6ZViSJ2VQhX5dmR4RyvNerXcJRehp+F4JHzCFaEUofQO+0sadajnneZbjXBGuYcdKMYUMP5Xg+01x+6j2RcIIQNairfVzXw1hqcMUSiiHUU5rc6jCyWNBIUUIsiPDBfdilNCAVsao1XCaUoUgc156rxKPEURElMt9ulMAVpo44jAJEaNRpljPeWkVaTXrcdgOopYUOCkEdCFgfwUzce58DaEu8hQpM4Q9P1mHKzFCripIxTBLgbQlYHBMCafRO8UBbtHZGxNEXQWmNVFBj2aumGpeJDCMlar5WsnYfVeVcVcRQ2sR32YWgch01InhcARHGEUoo4ToiiOmVu2LlrJy++7jkc3n8/vaxHrPyD9+2DJ3gYGJjGCXmW0Wg26fV6D2LoNvITrNupQ8b8wUbMv7Q8XKge/Aivxr8xWUsWAUPDcCAOQUUxZWnw3mGLkiiKghHvXGUsOtQ/YZ7WznmaJIDQyzNEDGlaR2tFr9ejKAqiSEhijRvsW4F6vY5Sin6//zAAcr0opYYgUrQMPWfODbwIgApeeOsewsu1pu2xTUhdjUIX5DoL73shtXWU1xQ6w6jyMY/
<h4 blockindex=31>题外话：</h4>
<p blockindex=32>还能够看看webconfig文件的sql配置，如果默认用户是sa的话，可以通过sa这个用户直接使用xp_cmdshell直接执行windows cmd命令。这也是.net中比较有意思的一点，注入有时候就是rce。因为.net大多数都是用sql server作为数据库，而sql server有个xp_cmdshell可以执行系统命令。</p>
<h3 blockindex=33>0x03 文件上传1</h3>
<p blockindex=34>对于.net的文件上传来说可以通过一些controller命名的方式寻找突破口，比如很多开发都习惯性命名为fileController表示文件操作的控制器，比如uploadController，fileController，downloadController等等命名的Controller就是极好的一个突破口，很容易能寻找到各种文件操作的控制器。</p>
<p blockindex=35><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAY4AAAAeCAYAAAA7FfmLAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9ebQkR33n+4klMytrr7r77X3fJHVLam2AEAgJA5LAz4ZhM2DEsBhmDB7AgI0xhgc2zBub8WA0BtswxixCNotALDJoBSSB9pa6W+q9++5r1a09MyPi/ZHVLeHDPB/seQdxjn731LmVVZmVkZkR8f2t3xBnn322A3DOARCGIblcjieLEOLMf+cczrkzn/0icvoc//ZjBcZYBAIhBNZZQFBbWqZSqSKVpBdFnP55a82Z45VUNOp1Ot0evuczPjaGVprl5SWSxNDrdfB9n3yxiO8HJEkCOKQCKQRxkiARSKEQGAQGLSwKhxAS5xS4ACsEPdHFYjHGYo0DJNaBcY4gkyUIszQ6NeKkQzbI0GmuEAiLsWB1Dg/woxbO83DZHOWcotdYIO4maJVBZXPkSyWUEiilcNZhE8HKYoc4cjgnkErRiXoYEWFlTCAlGItzAQhNdbBMoZBnaWmZVmOZbEZgrcUYsNaBEAgncMYSO4MTEAYZpJDgIO7FSCeR2SwNAabXo6A8EmeIbIK1AufAigSlBRntEXXaKBHjUFgXgjAgOiipCbwQTwucTTCmizUxxml8L0C7mG67AVKAVDgUCQlGJEgqKKoI2UTINtKBcJLAL9FuxxgBmWyWdtQDCWCBtB86a7HOYJIEZxwCkV4f9uf0QAvCgpOQ9gSEUzgnwIHAIaUDEhBdEG2cy+LsAMZGCNnF9wI8P0CJBIjAWVqtNkGmgBQ+SQKdOCZXLmN7CTqBdtwhVhYlHbgE5TTKqX47JQ5J2nJHOkLEk9rbwMl6f1viXAFBAZMEgJfuLzU4DaKHoIUQ3fS9rSBsCeQiTjQQtoAgQMoIiBBEgIcSBaTyyOVztLsrGHpIL0LomHbLYBKFQCPRJIlFiARBGykNYHAuCy4Pog2iiUCnbXN+2i5AyPTqnHD9J/e0/LJFP3nj9IRurUUpBTwx2Z+W09v/8vNfRP5txwpAoJWH7YMILm3v2rXr8bRHo9kk8GU6wEmvQwhBHEdMT09x7W+/nrPPPps77riT79/8z6xetYqVWo2rr7mGvXvPY/+BA9z4rW8xMDCIczYdjE7ghEBJBSgEHtK59CW6ICOEkEgnwCVI6TDEGCxKCFASnEAIhXMSIcB022gETmnipEUQWEIlSIzB6C7CSiwKYy30OjRdG1+3GB4pEagMLqySkE1By1mMi4l7DRx1lAdKShKTwdMZpBBYqVFCIITDOUUY5ijkiwghKBVLCJtgeg2cs2lb8cEGaNFFqgRBBiMV1nRwLiGJLOViCRPHJEkT2euRC0OwBoXAl4ASGGtxMsHzBQcfeZhdO3birAY01imckP17K+h2Wix3Fwh8Qz5bxfczJFaDUDhh0EGAEBJrBdZKBD1arVkkEdViof+80/srhAAR4QWngb2NpxISa3G4n1GEpAClFWgQpM9KynSyMolBSol1FgFIlfY558BZgUSmfdm59Ht5uq8qpApwToMzJEkPqXso6YEVWJGAiAEIQh9HhCFGKChlMkjaKE+i+/dHKoWSFuEUvtF4zsMgMULiUP1rT1BKY4wjBUYLIkTI00AisM5HCIlSDmtjkALnIsClwCfSZyNEgrAJzrZBxEglEM6ATcFOoPsTvEWIBlEU01k0JK5OwjJ+pohUIc5lkFKngIzE9zQ4H0EGMOl5pQLnkWp7QQrEpM8RwRmgSEEjBY6nweOXL/LJG0+2KH6e/HvA4t8n4sxLSIlWHkp5SKmJejGXXfZcNm/egjEWpTVKabRSaK1QUiKlRCnFNS9+Mbt27WJwcADP1ygp8DzNpo0b2Lx5E1dfczVLS4uAQ/ePEafPKxRSpAMmSQwr9SVm5o9zYnI/p04dZHrqCPXlSYTrIEkQLkEKi5IWrSyecARC4gPaWYS1bFi/Dk87ED2MjajXZ5ifexQrlsEX5MtFBqsVBioVxlaNcdmle9m7ZyO+J5DKQwkfLXy00nRay2zfuYa3v+N1VKsCaxrgDMKBRAMShMRaR6FQAAfSCTytGRgYpFQZRCsP4QTCSaKepd2Yx0azONfFCUe3N8/J4/cjkia9Vg2lYmYnDhPGTTKmgycjpIhQIkEJg5aGuFfnt17967z5Ta+m01rE91Is1SoFONA4Z5EyRusmmbCB0j2EEGjl45zEOYHSHlJ4KOmjhI9zjhdd/Tze+tZr6XaX6XXbKOGDUyk42zbN5hTN1iTW1pGihyRKnwsJEoMUNgUOCVpKtFJImVpxOIdUEikFUgiklAhUqiRIhVISIRxSWpQ0KGmQJCjpkBKkUChhcK5OrzeLSebTNrgnbIIzXZsYIXpAm/ryBAMFjze85mWMVEOki3DWEkURxkQI06FTn2GlNsXy0iSt5gLWdlNrRApwDiUFgtMTfBbhsghClEiBTMkE59oo2UWrFkLMI2UTgUMrDy0ljh7ONYAYrSRKJigVoZVDCYHCB2vJZhOuufqZ+EGPc89bxVUvPovELhDHXbQHUlmEsDhncNb0+5gPNoMkC87DJDHOSLAZbKIRzkNJfQbgHemc9DRoPHVE/uu7PBXkCRdXEifU63XqtRqe1rztbW/j3e95O5VKlTiOkUIi4IwbS/QnglKpTLVa5b777uOmb38bZy1JEqO15rrrrmN+YZFisUQ2zDI2Npa6a5CA1zeZJQhIbJet28p85GOv4zNf+j1uuvOj3PS9j/HNb/w5H/jg26ivLCBcQNSRGNPXUI1FI/EsuMggjCOX9ZmeOQ62g4m7WB3wht95Pdf91XsYqljGx4cZHRtieKzKC1/4fHZv38XY0BhrVq1FS5B9YDo9+SU2oVgqsfucPXgiIOt7SNsG0cOJGCsjrIhYu3Ydvg5Sa8ilrjwpJdmwwNDwagq5CknS4ty9a/j9976ELdtqSO8EUXKK5zx3mO/c9HEG8hFZz4IX84ZrX8Wfv/+9ZJIWzfoUQjRxqo0SPTQxznUYGs4xPBSgRB1lVvBEF02ExCKlxLkmu88d5YMfegPr1hvarZMIejhrUEIjEWgUCoV0PlrkUWQp5gfYsWM7w8N5Ur+YBgfGdqnVT/CBP3kLH/rwm6jXD+OSHsoJtAMPhS8UnlBoJAoFTmAtgMQYSBKHs2BtqgFbK4hjSxyfducZrIuwttefZHtYF+McCDxwAXHSZnDY8qGPvJXLrzibVnsOIUE4jbQByvpoq9FWIWMDUYfQs+RCx84dayjkU3ui19a0m4Zup8f03MN84EOv4LrPvIOvfetjvO3tL0B50xgWkKpNp1sD0cGJBtBDK0W32yWJY7AJ5XzIyuIMq0cqZEjwTAMRTdBaOk4pU0AZjSdDtBLESR1rHUrmMMYSJx2MbeHopsNSxOQLCRddchbGRIyuyrF2vcDzumTCEEcLxBJKN9F+F6l6HD32CNVBhWUZR50gE7Nm7SClsk+5EpDNgaOJIyJ1GT7hWnxanjqi//VdngoicM7S6/bodHskiWFoaIRnPvOZvPSlLwWgvtLAOodLlS6kSF0M1jo87ZEkCUkcMzE5wcLCAls3babTajEyMsLhI4cpFoqEmQyTU1NUjx4jF2ZTs1+Ivgc5tbiEkpw49Th//onbWIjneO8HXs5Pv/kAD9xxCOeNs37Ddh5//BQjq8ZZWllA+opiMSReaaJMyMryPDL08H0PqXskSY3x8VFqTcWpiVNcfMEeJFUUBpu0GRgfpljIcuiRRQ7t2wcmpkMZp9N7YpxhZnaC2LS57c7beOSBB1iZWcTLFFEywCkFnsKYDoV8Dq0M1grCjKTRaiI9H4dECovAUigViJIGc3PHyeYzDA7XaT5maUV5zj3vHNbtKHDBnvXc/qPH8IsVKpWAQw/ch+jWCPwe3W6XoFhGmQQTG7TqEUU1TLRA1m+TRAmeV0TKItZlcGSo108xWCnyjIvX8dCDVU4dPYFN2vQiGBoch7hNEkUoL8Aa6HUTPKX43s0/4Nabf4g2AflMDmsVCZY4aTEyGrBlSxGpu4yNSA
<p blockindex=36>这套源码就存在了一个较为常见的文件上传。通常oa系统都会需要上传一些文档比如xls表格或者word，pdf等附件之类的用于办公需求，但是如果没有对后缀名进行过滤，那么就会造成黑客通过文件上传漏洞获取服务器权限。</p>
<p blockindex=37>比如代码如下Upload函数，token已经通过漏洞1的逻辑缺陷进行了绕过。然后程序获取了FileName以及fs两个参数，其中fs就是文件的内容。</p>
<p blockindex=38>fs经过了JsonConvert的反序列化，将字符串内容转换成了Byte数组。</p>
<p blockindex=39><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABG8AAAEQCAYAAAAOH1lCAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3QUVRvA4d/23fTee0LvRbqKAaRJR0VABAQFQUSxggLSRUFBEBQLKggKWFARUIIfNfQYOiEkpPdeNlu/P5JAGiWQmCD3OYdzyO7M7Du7s7Mz7733vZJ27dqZqQH5+fkUFBTUxKYEQRAEQRAEQRAEQRCEEtK6DkAQBEEQBEEQBEEQBEG4MZG8EQRBEARBEARBEARBqMdE8kYQBEEQBEEQBEEQBKEeE8kbQRAEQRAEQRAEQRCEekwkbwRBEARBEARBEARBEOoxeV0HIAiCIAj1iqYPi9b0ImzsDH6o61gEoSY1eZHPlw0hQF3msdT9zHxyDqE04cXPlzGk7JMFF/lu6mQ+j/63AxUEQfgPk41g4SdB7Ju+gF2FdR2McC8RyRtBEARBuOYBZqweCZufF4kb4b8pbT8zx8whtNIT5/l4Qj8+vvZ3LxZvHPpvRiYIgnB/MG5m8fbFfLJ8MpcnryGyruMR7hn3XfJG0mwM6q4tkFsrwajFGLMf7fbfMBnqOrKa0Bb77p2xdO2AIvYZog7dfGmL1lOwtgOFY2scnGOJWjuP3H8nUOEeIAl4ALuH3ZFZOGHV1Bv97+8Sv6NmX8Oiw3Q+GK/m60lLONloLA4+fth66En8euG/eizeznfh0YVfMTByIVO/vPwvRnablEZeaqDDT2Ei0D0P1wxHOh75t0/vJkY1LqKzjY7mahXT96kJq4VXCfIsYoqjCQvLItq6wa49drydU1Nb19Bn0as0Pz+LcTtFU9i/wutRJgxvS0DLTnTwM3J04TBm7qnroKpP5j0cx4aNsPKyIvvXt0jPqOuIBKHuuTw0hhFtHdA4BtKseQM8bVPYNXYMS2PqOjLhXqQIfIxxAxrh3fRBOvkXsG/OSObf4l6nPsv7fRbfdtnEwnkXGDF7b12HI9wj7q/kTZMJWHRTUrR9LoWJ+Ujc+6Aa2BeLQTryt+3GXNfx3TUPNH6dcPVxJjf+1ksrXBti7QQyO2csZLdaoTteL7yKl9UVIj+dRmp2jQRcmfdwApc/hHWFh81FueRf2Efch7vQ5tfSa/+rrLF5500CWlbYU7MefUYMqT9+T+rupDo9JiVO7lgE+SKX2mDpbEFNf+QWHaaz/EUfDrz1CkcAjWMDHJu3wcZ4lMQafq1buZ3vwu5ZC2mwdj6reOfuEjhueYT1y8AeABmRoe4En5MCBjYNS6CLLVBkzcZf7Zl5u0kJmYnmzlr85WYcHIqQZt55eHfOTBOnQrr45mGZ6gLAkE7JfNS06IZr6JOcGbdDw/6yD9po2d0vlcBCe2b/YcVGXfl1XGx1tHAxIFMX4WChqtnCbT3eYWKjSD4ZVp8SdG1xGz8bX5dkrm6YRlLcjd/Pe5JDAA1btKG5nw1S6uTArRFSu0Bsm3TAURNNjeUS/0t8BjPzzRF0a+CCWgZgpCgnjUt/vs/rq0/yHzuqb4uqy0c0DQ5Ed3I553fsxVSXwXSYyYYFPfG46V1BMvveeIa5x66flF1GLmPN2DbYy41kHF/LxNe3lfsW2/o2oGEjJ2QaF1xtlUjuPEBmblhAz5IAzYl7eWPcfI7roMPMDSzo6XH9hiZuJ2PHLOU/lR9S9cfnuRdwV5wjYt1rZNynLa0ylwAatexEUz8bZMaCmy7rMmM9m/v73HgBcx4nPxnIq9tqOMhqMfHn4m30+3YCs9rvZeHxuoxFuFfcVwWLpd5eSPOTMSYW3/2bE3eiPXoJ/Nojd6nj4GrEbySs/4LUrNtbOnvXS1ze+BIXd4dx6zbmI2SeDSflzD5yaitxAxC7lcjnt5GeV0TmT+8S9vg0wp56mwubzkOT/gS91evOM45eQ/B9u2tNRnsXcsmZ/w7n/k7EnHaMiFHTCHt8OuEzviYp1Qn38RNx7aKo0whNR7cTP+tjrr71OSkJt15e1nsc3pMCb2vbZRM3G+KKHys8NItzx67cRcR37va+C5dZPekdzneYz6rxQXf+YklWdPjViXi9kuN/epQkbgDkPLXNi+8v27NsazUSNwCFCib+bU/PvxyYH6m689juioy3D5R//Z9CXRl21IqiIiu+3+aD75fF/5pu9uCrCDXYaelrU2EzeUp2RNoSdkVNSIXEDcChc9b0/MueR/bZcbVG7/i8mDG6PTmHPuGuO360XEyDnn41EBPAWbLPhZF69hA5yfXtFvdBFmwJIWTbInrc6SbC1/L6s/soPg1kkXyPtqLqT79HxG39lt6BoDk06PdAbWz5X9KJtxdPoWdjZ7RnvmBsr358dUaHysaVpl3601Z96y3UD93wHv02ljW0Nd2lA6RcDCP1YljdJm4Aji5i9ID1nNUW/xn/1yR6BgcT3HcEr647SJzWDLjg/4hPuRuHlP3/49iZC1w8e5L/7d5XqZEn4tt3mDp5MpPHbuWC9q4CZNHoAawvCVDi3o5Rg+xLQh/No+/sJclQEvd/LXEDoDt07Ro8rwYSN/LuKwmot6cUZ6Z/+RchO1cxpsIz2sMrmfFmKMm33IY1D3vaA3oS9y1h9MqTxcem7hxfD3yOr8KzQaLGyb9RLcRfTXlb+T5cTrexY9HUdSzCPeG+St6Y05MxSSpk/jNzMaFEYlFXUd0rCsn/30yu7Nha+y1kJgNmswljVnrx34Ycin7/jpj98cj8m2N7k0T6zcg7eqC+82afWmDCbDRjLirEqCv+2xQbTvqynaQXOGLXrVVdB1gNCpSNXFDexpJVJW7uHTWTwNEVSdGaJOj0lQ9Ig15GbH27R78LBpMEMxIMZbqR5RfImbvfmfeiTbRwqdC/zCTlo2M2DDst/3d7YLUcRzvvaI5/cvcHpZWnB7IaO9cUURg6lyu/fk2Bvqa2WUO8OuBpX5MbNGIQo9Uq0fh4oqhXv13V1KknTVxkQByH399IjFHLt9P6ExwcTK9R8zl8Vzf1/yL3Nlha1twHYU7bSvyWd0iJrCc9zor015JIZoO2+P9FKZzc9A4TF/1NokGCW4M+uJVdJ3Y7S155gckvvsHHf6XWchKqCP21F7ChaZ8x+JfexeiNmMrG/V9jziQ35C2idv9KFW0a1WSDjavzXfSCqmW2vfB3vsvbU4U/jd2sMeedY/uS3eV6Q5rzLrP5i2PEm+S4eLe/u9epESaOfHWS1EYPMcmzrmMR7gX3V/LmxBryv91U/sRub41Um4gxuo6CuofIHLpi7VtXZxYTxtgs9BIVUtvqritF1qYvHn0b3hvjBLMuU5QjRaaqqx4U1SVD0etJPDveuvvavZ24KVVDPXDuexLW/WPDMWPFwYFm/B0NDLX/dwcNevUOwi0llv13lTxQoWoxG59WrjX64yq1ewBr/4D6dbFt35235vfA9766ivi3KVA0fg2fdt7I6jqU+5zEtifuvR/BriY7xCrc0QR1Q30P/NQXHVjKN3+FEXYxDqtyrTTW+PQYxYvTn6ZbxfHutUWvQ2cGhf9DTOpzdy9q3XwQE6Y9z8CGt9P0VJdkyJ27Ye3tenebkdhg0XkO3g1rqv9YzZLYtmfiguE0u9vwlO4UpV4g7M8tfF9Fclh/5gt2HbpIVI6EgLt8qZpgjjlCbJY3jQeKvjfCrd0T97K1wxJp04GoOtqjC1mDsY6i0HRZiKe/PWqLJGJ+jcPp8cE42ysxF6WSEbqKK/87gglwGbOTAD8g+kdCv/mseOVuq+gUHARc5sq8qaSU3zKWDy8hsHMDLJQmipLDidk2k/S06kbYHZ9pb+JhY8IslaINW8I/V6uuCSJ1G4FX/6G4utsgk5owZkYQs/1Nkq/WRFOqFJm3HYqiNLSnyzysDsB+xpO4N3NDqTChT44g6duvSD9S8pp2XfFa/iROpb/vLZ+k9ZYnAdCHf8/Z+QfLLKMnd88nRK6NpGxNGlP8Pi5N34rW6WHcXm6JSmWLhYuanM1vE3+kDS6vD8XN3xZJwVUSVq4kXd4X90H+aOzySZl1EOVrI/FoYIvUVEjeiV+Ifv8QN6
<p blockindex=40>跟进Upload函数，发现FileName就是传递过来的文件名。最后作为一个path给到文件流，文件流最后会写入成真正的文件。</p>
<p blockindex=41><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABEQAAAIdCAYAAAA01KgmAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3QU1dvA8e/O9vS+SUiBUELvXUTpSFMEFAsI2PAFETuiWJBmQREs2LHxU5qCqICCioKhQ+iQBNJ7z2b77PtHElLBAAkBvJ9zOIfM3p15ZnenPXPvM4ouXbo4KWU0GikuLkYQBEEQBEEQBEEQBOF6JjV0AIIgCIIgCIIgCIIgCFeaSIgIgiAIgiAIgiAIgvCfo2roAARBEARBuEroh7Lgg0EcnPQkqxo6llrqOusr5g9uhLrCtOQtDzBhURx0ncVX8wfTqMKLhdEfMmXmd2Rf8UgFQRCuX4YprzPHewNPLv4bS0MHIwgXQSRE6oHBYMBgMBAdHd3QoVRjDfHHFuKHa9Txhg5FEARBuKp048n37oZvH75mkiFlUrY8wORFcdVf2LuICUMWlf99x9t82/vKxSUIgvBfkb7ibf5+fSGLJsbz+JeJDR2OINTalUmI6NugHjwabWM/FConzsJkrH9/hfVYepWG7ki97kXXpQVKLTizj2PetAJ7mrVCGyWK1nei7dkOlZcLCuw4s2Ow/PUdtricK7I6wtWoM94398LV0B114n2c2Xnh1i4dp+HuBWrfjvj4J3Jm+VwKr0ygwjVAEdENr5uCULr44dY6FNtPr5D8c90uw6X7TN6couOLqYvYHzkJn7DGeAbbSP1i/hX9LdZmWxg8/3NGxc5n+mcxVzCyWtI4eKy5lcZqmaZBRRhyfOmx60rn+mXuaWmhl4eVtjotM7frOFgPS2nWyMI0XxkXVwudA2HzVi9eKKiruesZuuAp2h5/nsmbTIAfrl3H4hHYEnfVn8T98D32ulqUIFyzGjHogXG0cdPh36IdbZsF4R6/jiEPvoutoUMTrkEutL39PgY2C6dDn64EZf/Ms5Pf4lBDh3Wp5FS+nb+RrsvnMevEfSza3dABCULt1P9ZoxSB+ta7UGX8iPG9XTgxoLxpEvpB94N5Cda4sqfaKJG6TULfzRv7n4spPmpD2f8B9KMfwvzdu9hLcx2K9g/icnMA9u0fYYw+g1MyoOx9N7oRU1FsrDg/4b8lGH3jnhjC/ClM/vfWakML3P1A6eWPi/Lf3nAzIf/3FCFuccR+OIPM/DoJuLrQsTR9qy/uVSY7LYUYT2wn6e3NmI31tOwryh2PObOIaF9lTZ02bDkJZK77jswtaThrfvMVofALwqVZOCrJA1d/F+r6K3fpPpO3Hg3j7+eeYBeg922Ob9tOeDh2k1rHy/o3tdkWtjw/n+bLX+Vd5lxeUiSwiIPDcvAGQElsVBD9j0mAnf+NSaG3J2Bx55sfvZld2wt9pUxbfzNNVE58fCxIuZce3qVz0srPRO/wIlwzAwAY3TOdJa3P32nYlubP5J/1/FVxooeZLcMyaWry5sVf3PjGWvk9AZ5W2gXYUeos+Lho67YI2IA5PBgZy/tjyr5fD7SBHQho1wQp9q8LvvW/qtn4l3l2bE+a+GhKvgu7mbysY2x88Smuxtxh/etI4OSXCDdkkvDNDFITzQ0aTb95q3mhty+KCzVK2syU+17j7LkDTiMefG85d7ZyRbJn8vcbd/Hir3KFN/jQpHkkkR7gFmTA/XLOovvNY/ULvfFVAMgk/PwAk988i5N+zFv9Ar19yyOPXTeEB9+9vlIu6i6v0eaWtshHPuToDxtwNHRADUJLUNOWdOoRSaibhPWC4/jaMWflO/QLPH8LOXsHi8bN4be6DvNi5K7jnS39WPLw47TZ/TZHGzIWQail+i+q6tUcpa8TOe0YTjtgT8fx+3qsuX6o23YtP1BpO6PuEAExW7AeSipp9+cWbLamaHt0K20UjqpNY5yHV2E5eAanXDq/7V9iSXCrPD/hP2YjKSs+JTOvdq3zNz9GzDePcXLLQUz/2noXuUejyTiynYL6SoYAJK4h9uG1ZBdZyP3+FQ6Om8HBu17gxP+OQ6vhNHtu0KVnMENGE/7CDXUZ7WUopODVORz7IxVn1h5O3zODg+NmEv3kF6Rl+hE05UEMvdX/Ppt6JO/eQPLzy4h/7hMyUv69vXLIZEKnNq3VvCsmQ75OKplm2vk8x/bU0N3/CqjdthDDe1PncLz7q7w7pdmlLyzNje4/+pFs07D31+DSZAiAirvWhvBdjDeL11xEMgTApObBP7wZ+JsPr8ZqLz22y6Lkhb8rL//7KANjdrthsbjx3dowwj8r+df622A+P60DLzO3eFSZTZGGn2M9ORinY1uVZAjAzmPuDPzNm37bvYiv0wHaITx5b1cKdr7P1nPT4sjZ+AgJMfVzk8Fr7FKCfOtl1lfGgAW89lBfmnoVsnfJGPoPX0uMpMMrsD19b4ts6Ohqr90Cmg+6jG26kmPkHTtIxrGd5Kc3bDIE4PcXxjFiXWxpcv0sG27rT//+/Rl+z3N8uTejpMdTcDNGuFV8VzLbtu/l6MmTHNm7lc075SpzPcxHzz7CI488woRNsZeXuP/9BcaNWEesE0AirNfDDJIAfueFcQNYFJWLszTu6y0ZAmCP+ZOME4fIOLGrDpIhrQi+dx6edRBXvWgzm6+3bmP9G6OqvJDLr288xpsHa9HDPaQbge7gNMezec5DrDhaBEDhvqWMfmI1J4tAcvGnaXjdh39xZBJX/USM501MHtNQx2RBuDj1nxAxpiHnWkHnWj5NzkMutqLQ6M9NUrTogsqzEHtsdPkBxrIfW0I+Umh7lFoAVxR6BbKxaofubGSjpdL8GlJRURHp6VWHA10dlAVGNElZDR3GNcaE8c/ZxP28pv6LRMl2nE4ZR17pbQJ7AZafVpLwVzLKJm3xDLu02ap6BKO7qrKFMk6HE6fFhMNa8recGE324k1kF/vi1adDQwd4EdRoIgPQ1KJlTcmQa0fdJEWsFgmzrMBqq/6DtNuUJF5HldjssgInCuwVrpqMxSpe/suf187KtAuocjklSyzZ48GYw6or21Oo/WS6hJ5l7/tX6kd5A67+uiu0rPoxYEBkSU+nuD+YtSEXTO/x0MD+9O8/mElvnmzo8GrNtVEwqjo7Nlgx73qFMxtWUFxDQq8hmOxlCQ0H9tKMryl1FyuemcziqGycUiitxlS+1RD73Ss89sgjzJj9ETvqu1emyc65lIt3J0ZPKe85aZPlSnFfb5z5P5OyZjZpJ+rgfNm7F66eV++DM8P7hOF9mduZS/OmBLjK5B5cxds7KiaqZfIPfsF3hzJx6gxEtL285dSJwt9Yc8REqwETCGjoWAShFup/72E5hHXlq1j2p1VYqheSi4Qj/XRp8kOJIigQyZSBI73iRu7AmZOD0y0YZQBACo5MK6pW/VBWyn24oFBTYX4Ny2g0XsUJkWLUSZkNHcY1R+lzA+7hjRpo6TKOxDxsCi3SRd/+kFB2uoXgW1pcGxWU82KwFEgotdfKXQUl6kF30qjHvx/yr+1kSJk66inyn6fg40Me7HFUPWI5aeJr53bvK3skCxnSjMCMRP66Ehdeqgi8RtxPkL/yCixMOD8NmrYvEN7BUKc9ayWvrrg3aXoFTi4vl4nNr/6PPw7v51RaUOXPwKsJw+6byczx3a7YelitVkBD5KCn6HlZC/Wi87iHmfngUEKvqpsgNVAGoGvWF73L5c1G4XYDhuG34HNVnjYoCeg7k+eGNedyb9l6eJtIO76Xzd/9QvV8YzF/ff0ru08lUqhtqHPViqycOpiMNawdA6/K70UQKrvy10jeHVD1GYna+Bem3WVdxP2RPHRgzkOuMuTBmZ2PrAhC8g+AxAwcUTuxjx2C/m4PLNvXYjudhaLlGDTux7H+3jBdzoVLo+89n0ZNvNG5pJHwYxJ+427D31uD05JJTtS7xP25CxkImLiJiMbA2XVEfflRyZv7vEvP/s2AGOLmTiej8pxxvWkRTXs1x0UjY0mPJmHtbLIvumPMzYTNmEWwh4xTkjAfXMSh+JprLEiB4wkZfjuGIA+Ukowj9zQJG2aRHl8XVxgSylAv1JYszIcrTNZF4P3knQS1CU
<p blockindex=42>MemoryStream 是一个在内存中创建和操作字节流的类。它继承自 Stream 类，提供了读取和写入字节数组的方法，可以方便地进行内存中的数据操作。也就是说我们传递的http参数fs将会以byte编码的方式传递到fs变量fs变量经过了MemoryStream然后写入到文件。</p>
<p blockindex=43>比如http传入的是[97,97,97]这个byte数组那么经过MemoryStream写入文件就是aaa的形式，因为a的ascii码是97</p>
<p blockindex=44><img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAABVwAAAEfCAYAAAC9Aw1sAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOydd5xkVZ32vyfcUFUdZgZGoquACgqiLIqiSIYZGBBUUEQFUSRHBQVMqIgiAg5RxV1MBAOIhBnCsOzg7rKAi+gKRqKSJ/R0V7jhhPePe6u6qsMEZgZw3374DN3VVXXvOeee+Jzn9xzx7LPP+iRJMMYQBAHLli1jjz32oL+/n2q1SrPZxBhDnucACCF6fnrvWZPw3nPssccyd+5cBgYGsNbive/cxznX+X3l7u2KzwowElwAW+70ejbdcxOWqaVYLNPsAI/c9gS/X/gHAitRHqQH5UB4OemVMxmTxOtw/DHH8/1zvkRYncZjbl2OOvEErpr7WQLfpOk0Uoc4k3HqKSdy4QUXoPHkaQsjI1xlPY4/9gR+cOHXkLaJlJKl9ZyPf/LzXHLJRWzcL1lWH+HwT36Riy65DNV4jiCq8LFPfoGk2eBn3/k6NZVRbzTwzhGGIUIIhATnLFEUkCQJSkvmz5/H7rvsgdaaO+64g2q1yg477IBzjnnz5rHPPvvgTVHWzVaLShzjvOc/fvUrtt9+e371H//BrL32ZP78+cyePZs8z/Hes3DhQnbeeWe896hQoZUiNzkLFtzBrrvsQhzHeO+5fcECdtlxFwBuu+025syZQ57nKKWYP38+e+65J7Is7yAI8N5z883zmD17NlmeUYljbl1wK7vssgtRFNFoNPjP//xPdtxxR8IwJEkS5t82n/332w9jLVJKvPckSUIcx9x2223stvNuSClRSpEkCUEQ9D7TVka1ViNpJYRhgHOuk96958wht1lv7Srf/+///m923nlnMpsCcPPN85gzZ2+cdUglufPOO9lll13QIuCWW25hr732whiDUqrndTv/rVaLarU2vn1I13Pfzt/bbUK4cd9ZHpZXv6cwhSlM4aVCe9zvHufzPGezzTbj1ltvJQgCrBdr9J6ZKca0u++9hzCoIlUfWkUMjQwzODhI0kp604gFQGnB9ME+Nn/tZhRzDgfCITpJL/pZOW7Ksmr9dTekBy0hyTOuuPKnHHbkx2nkxTwnF8X8pWYgBK792S/4wEfew5CFTEI5fcMvJwWhhwEP37voYj5xxBF451Bar1IavQC8RDkJwmF8QobmptvvYemyBu/dZ08EZoXXac83pZDF/EYIHIIfXHUDAsNRh72XwGfl+OmwqrimcJp22a8ZjCmtFY2348bXlU2LG3P99s8x33/B119TeOH1t8CqpTfLEhqNOgMDAyilJyj/0dfSS4SXeMBKSSye4m/3f5dXv6qKTTRqcD1Ic8CAHAbvwPZjvMKoou1GagA3MoycJkiCmfyl8Trm3XYHh85+Na/oS/n9Q//L1tvNJmVzsmyAKLcIHEYZnJDgQmDiNiP96PzLC4cTDicNoXuSZx66hldtHGNTiZq2DjSaRe6cxRqLVJKfXnsjTVsjZwDjZ5CKKpXpr+DQw06mlUM9AVmBXIEVRUkHgLYwU8FlF17OkZ84jOU9Q+ccOtA88/QzzFhnBlr15sWN635Hn6cXkEuJ8BAb0K4oCtVKoNHk7i+cDT+9kY0bDbzIivKmwkNkRIfsz/Znnk5zYAAxbTqtRh1hHBUlkVqTxworILASCTgnVmpdmOc5QRAghOBn11zNoYcexGIR8NGL7+E5vREqiLBC4iiuq10x38+UBCQidcTpCNP803z9pHcyM4eaHe2/Tj75ZIQQfPOb3yjXYZ4oijj77LM46aQTUSqcNG1F4nvbw9KlS5g2bTrOWbQOeub9nfotHEaaoi0YT592iPxZssajSLkEIZtI74p+Vjqee/RhNJ5IKgIZgjA41Syu4yvE8YYosRFyo7dA/gqgDy8cVhb/nADfec7FT7HSNEBvXTMmxTrHD3/4Q6wxtJLe8dWa4sKnnHJKz/1eOFa3/14BVvt6q3Y/Y1KGh4eZMWOdcWvCFUNy9Y+v5vBPHAJ2iCxtEVbXBwSterFmFh5MPUH3x5D+DR6Zx5+uvARhAx5P+9j9tMsZ6X8llWqFQME3z7+QY489FmttZ8zuzXf7p0BR1BsPtAS0FNz1wANUZ65LphUjWUajlZV1rfjeokWLqVWrtJKEkb8/yqE7b8fGg5pLLzufE44/ESUHiMIK199wNV8/51vABvzspz/lFQMJwg1z+umnc9///Jll6SDvO/CDnPLJT5C2hrj99gVcc83VXHnlVT0llOc5Wis+/enPcNZZZ6GUQimJlGoVy3rtoHj208mybFyaWirizG//kqbq6/ytPV1u95HWu85r7z0Wj3fFezVb5+vHv59ayWlMhPHz2VWDE5PV9zHznna7WuF8Z1X7h942Y61ZpfbUU8dXAnrWrFl47zHGEMcx1113HWEYkmUZ1lqybJRgak901yaMMR1SNUkSlBqtRNYWi5s1TfK+UEjvkC7HuwynA+pJwsmfOpI0HcGajCgKOO6oE7nokkvRQcT5F8zl0588hXPP+SphFCBVRMM5rDcMt5pUpSWOA4KqQkcaFQa0siYgsdbhTEYtDjnxxGP52kXnAxAYC9ZinGewrw9jLd7m+MwghKM+nCADTSAlSmmUUnjvEUJ0yHStNUmS4JxDlg3gvnvvZYd3vQslJbvuuhsLF97FPnPmcMMNNzBr1izSNCWOY4wxGGNI05Qoipg/vyBIvfO0Wi1c+azSNCVJWhhjGBgYIIoikiQhDEOklLRaLYIgQAvN/Pnz2WGHdyGkYPbs2dxyyy3svvtu1Ot1Go0GSilarRZSSur1OmEYkud5SaTKDtmapilKyg7xKoXo/P2uu+5i9913B+Db3/42AEcddRSVShVnLVorhCgWb93w3uOcI4oibrzxRmbPno2Ukne+850sXLiQ3ffcDVnW2Tiu0Gw0aDVbZFmOdx7jC5I1z3Occzjnel5LKZFKTUi2TmEKU5jCFNYeKtUK1li222477r3nfqTKEGGAlJJly5YRhVHP59sbf7W+ATbdZJMXN7HC4YTsTKIl8Oc/Po6RmlyEKAdxnhJiyU1KbuDHV/0nmYgRopjXeTRukklq6Bsc86Ed12oW6vUGchUI1+7XbhIiawpTWDk4wIAo619J1ksEyjsUAkyGiCuMGMFzaYWf33YPf/3z0yzb4VX06wwlBOBptYapVGbgjO8QqdLLSdvWC4VUuhA2BCEHvf8DZD4m8xVy+slFHz+/4d8xScKPfnArldqGLEuSkigr8hkqC60Rjv3oB3j++efXaNqWi7JslRBgc0gyqsPLMM4gcVgcXsCQX0ZfPB2xbARURFWHjCQNKnGIz3ICrxBSYq3H4QuOHPAvYOPNiYKAcOXvThRrMe814PCAdK78XeLRBFD0uxRE/j80hBv9B0CxmeW9xdiEMG2ANHQ2EMvP4IE1RAO014FHHXlksV4bs6FX0HJgTCH4WmUCdCyWs0EzMVaPwFnl660ywbtqHx8L2+ZSWg2W/vlBXjH4DGLdDalEfTTqw4RCEoTAskfhyd/zn1d8j0ElGbYV9jj6VFwQF3XGeZxamcQ4ijLweA9xTZCn4DJDluTY+gjL0hayEuGdp6ZksalTlss/9QdEkSTTmmTmIJtv9EqEXYZwAusg1JIkSdhj91nsvsc+WDMdrENIg5QR37r0u5hMM9KKiasSAehaH/vuuy/77rvvuNQGQUAQaL72ta9RrVbI8xXPVV4uUA5OOWY/ki4ett1ndW+4Q/FE2q28/bfYg+rVl01hNaFvuOEGpJQ899xzfOxjHyMMQ5RSGGM6BOeLQbS2ccIJJxAEAaeeeiqXXXYZzrmOyvXlBoHDtoa4aO55nHTiKUipOf+Cr3Liicdy0onHcu753yTu7+foE07Gm4xKIDlv7kWIsEKSp5zyqU+yOBHoKOTTn/0sPqnzne9+h+OOP5FEKo459liu/M5cTvjkiaRScsJxR3P5t77CJReex2dOOp3UOSIJl110AdJBK8uRLkd5g/IGPKgoQFdifvnLXxKGITfffDN77703e+5ZKFWFECilO
<p blockindex=45>然后a.txt只是为了省事随便写的，实际上是由http参数传递过去的。现在看看真正的效果。</p>
<p blockindex=46><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABX0AAAFGCAYAAAA2HTy9AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzde3hU5b33/0/OhJBAEkIAQSAEFG0rilJRKVICSnXX1r2L8OiuW6nHPoru54e1rYhorce2IFuoW6k/2/pAtd31WFCieGqxgIq2njAEEBTCISEBAjk/f0y+SWZlJjN3MpPD5P26Lq5kZt1rrXvWWjOzcvNZ3xVXU1PTIAAAAAAAAABATIjv6g4AAAAAAAAAACKHQV8AAAAAAAAAiCGJr69d29V9AAAAAAAAAABESFxDQwM1fQEAQLfwyurVmjZzZld3AwAAAAB6NMo7AAAAAAAAAEAMYdAXAAAAAAAAAGIIg74AAAAAAAAAEEMY9AUAAAAAAACAGMKgLwAAAAAAAADEEAZ9AQAAAAAAACCGMOgLAAAAAAAAADGEQV8AAAAAAAAAiCEM+gIAAAAAAABADGHQFwAAAAAAAABiCIO+AAAAAAAAABBDGPQFAAAAAAAAgBjCoC8AAAAAAAAAxBAGfQEAAAAAAAAghjDoCwAAAAAAAAAxhEFfAAAAAAAAAIghDPoCAAAAAAAAQAxh0BcAAAAAAAAAYgiDvgAAAAAAAAAQQxj0BQAAAAAAAIAYkhhWqxWnSxsCTbhAemRRRDsEAADgjHMVAAAAAGjSwaTvi9I1CyPTk66yeaF0zenSXU90dU8AAEDExcC5CgAAAAA4chv0nfgr6ZFNvn/fObHxyRelzZHvWKfZvbWrewAAACIlFs9VAAAAAMBReOUdAjl1uvTMJ62f37xQWv5i8+NhN0gLLvdvs/qy5nmH3SCdvrbxsV2C+aZ0zc2+6ddtksZ75vMuM+Q6WyzPPPIn6a5/lXY1Pt61VLpmaeD+AgCAnqfd5yoBzhuu2ySNb/H8d/4k6actlh+gjIR3PTbfzBGND3Y0n4uEXF6wPoX7mgAAAAD0Ju0v7/Di0sZfLvAflPX+cbNrqX/phBWn+/8Btmtp4D/IwhVynQH+SAIAALGvXecqYZ43PPOvnvOXF/3PdwKtx+Zb8Wbr5zf9tPXymtqF6FM4518AAAAAehW3pO+Gmz03STlRWmQplDeb/1hpSp5YgmWptPlyafATzfNP/JU0d7L8Ui7OwllncWPbAAmcBZuCp4cBAEDP0+FzlTbOG1pqed5g5xK71kp7Lpf0RPN6ms53WrTb8Ih0wWRpcIvl7RotPfJ73+92U7oNhb5597TVpzBe03gBAAAA6GXaX95Bkq77ffMfLJsLm59ffnrrtrt3SLI/Wk70/bEjSRoh/csFgdMwoYSzzvF5jQ9elK5pXIffpZUAACBmuZ6rhHve8C8t/qN45jXSMzdL+kTaIwU+3/G0e2+HNLPF8r5zZfPvEy6QNrQ4LxrcRp/Cek2c8wAAAAC9jVt5h2E3+N8YZfnpPeDGKJOlR37l/9Qz/yqt3tE13QEAANHT4XOVdpw3NCVxHQxxGYjlXAYAAACAm/YlfWfeLW1qLMmwfKHvUsOmFIr8byzS0h5rYwmXEZJ2SM+3kfJ9501pfGMZiE2e2r/hrFOS74+lTb5f7dLKTa9JM1ukdHa14w82AADQPbX3XEVS8POGFvM//4Q0vvE8oql28ImNqeIW5zsvvtmivMMjnnYugvTpqnBfEwAAAIDepJ3lHUZIV90gLVwq341GCqS5l0sTl/pq0HkvL7S6d4PPlYYt9f0B9sy/Ss8EW/5kaaIa69m1qM037ERJLQZ+B4exzj1PNPbT4/RzfT+HjG5cZuMlk9T2BQAgBrTzXKXN84bPmx/vWipd42k38ZrGwdwW62lVY7hluzC11afBI0K/JgAAAAC9jlt5h5YGX9586eSGm32XGM5tcTllS0MthTJCWvAnaViLaRN/FXieuZ523/mTFKBUXeh1BtCyNt/4Rb4BZgAAEFvada4SQKCavt/5Vevzmbkt6vfO3SRdd0HrZV23yb9de7XsU3teEwAAAICYFtfQ0NDQ1Z1oukwx1J2yAQBATHtl9WpNmzkzdMMu8aZ0zc2+X7kpLAAAAIBurP1JXwAAAAAAAABAt8OgLwAAAAAAAADEEAZ9AQAAAAAAACCGdI+avgAAAOruNX0BAAAAoGcg6QsAAAAAAAAAMYRBXwAAAAAAAACIIQz6AgAAAAAAAEAMYdAXAAAAAAAAAGIIg74AAAAAAAAAEEMSu7oDAAD0BCdc9ZsOzf/po1dGqCcAAAAAALSNpC8AACF0dMA3UssAAAAAACAcDPoCANCGSA7WMvALAAAAAOgMlHcAAMDBKaNylDdkQMh2VTW1enXz5zpWUxeR9e7fv1//+Mc/NHXq1IgsDwAAAAAQuxj0BQDAwS+vPlfDBqaHbNfQIF3xqzVa//GXEVnv2rVrdfXVV6usrEyJib6v7507d6qurk5HjhzRrl27dMopp2jw4MERWZ/5/PPPtWjRItXX17fZLj4+XgsXLtTxxx8f0fUDAAAAANwx6AsAgIMLbv8fZWekhmx3tLpWpYeORWy9EydO1OHDh7V582adfvrpkqQf//jHeu6553To0CHFxcUpKSlJS5Ys0bXXXhux9QIAAAAAep52D/puW/uI1hS1fCZLE2d/TxMyO96pnqVYy86bpEWbWzw1fqHWv3S98rqsT5GyU6uuvUKvTXlcv54z3H/Kymt15Y7LtfbWSV3UNwDoGsdq6vTFgcOdvt7Ro0dryJAhevPNN5sGfaurq1VdXa1XX31VU6dO1UMPPaQbbrhBU6dO1QknnBCR9R5//PFasWJFRJbV2QpvytWlK1s+M14L17+k63v+F7Qj3/f5ipbnbflz9Ztfz9HwoPP0FLF6rlKmd556ShsOtHgq+wzNnnWaonKqve0VLV8jnX/dNI2KxvIBAADQ6Tp0I7fsibN03XXX6LrrrtHsidKGVa9oWzuXVfbO01r+1LsqC/FcdzXnyRKVlJSopGS9FmqRJt1U2NVdAgBEQZ+kBB2X3a/Nf32SEqKy7smTJ+utt97ye+6b3/xmU53fG2+8UVlZWXr11Vejsv6eaPzC9Y3fzyVav1BaNOkmtfcbunjZeco9b5mKQzzXXRXcVai1hYVaW/i45mqFrrx3fVd3CSHkn39N47n2LE3URq1a294zbQAAAPQ2ESvvkDnhdOVveFlF26ZpVK+OCOTp+vlztOiBLSpWQQykfQEALT2/6GIdn9N2Td/aunq98c9duu2Jt3QggiUezjnnHP3sZz/ze65fv36tHh86dChi64ylmr5518/XnEWX6oXCxSoo6OredKXhmn15gVY8sV07NSkG0r69QaYmnJGvDRvLVKZR0Un7AgAAIKZEqaav75K00jNmSGteVpHyGy8X26a1y1+WXV2Yf/41mj6qZamIUq1avlHKn6Hz9bLfc9ddN8t3mVvmDF03vXlUueydp7Vq6+joXe4WCcXLdN6kRbIKEHOeLNHigsbLTvWkShYXNDY7T5OevaipNETxsvM0acv8pund23rdV7CgKT1VcFehfjSp8dLKFSN1Z+Gt8l1c2XiJ6ci7eujllgB6uwW/fUtDsvq12aZvSqLmnHui7r3yG7pqycsRW/fkyZO1d+9effrppxEr39B7+cozbZn/pHTppVqpOXqyZLEKVKibci+VVYXw+85eKUmbNSl3kTTnST2pS/2eKylZ7yv5NO5Jv+9u7/d7t7Rzpa69YoW2Nj607/H19xbodjV/Z+9cea2ufH1KU2mInlVCIdbOVQKfVzefh89S1kYrEeEtw+aZNz/fcdnec3wAAAB0NxEb9C17Z5OKss/Q7BZnfUVrinX+dddouq+F3nnqZZVNnKXrJmRKZe/qqVVP653Z39OE6ddodpZ38Nb/OUm+hMOaYm2bPqrx5HKbNm0oVf753+tGA76FuunSlRq/cH3TH3aFa6TlJSW+x4U3KffSm3RhyWIVXDhHakoEF2vNs9J4Pas1xdfr+jypeMtmjR/b9X8ebl1xhaYHKufY9PfsTq26doG2zX1ca+cMb/zD8VqtevzXmj3n17pzR4Fuv3eK1t4
<p blockindex=47>访问发现</p>
<p blockindex=48><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAhoAAABVCAYAAAAPKE22AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO2da2wc13XH/7tcPkVKlEQpoiQqlO1Eip1SjhO7spQGquPUCpCYQj8EEmi7sQOkllG0aAo7EhKzBdVCshTEyJfYgREYiCNIaFHAdINGQWJZdqBHHnZo1o7jpK5oUxJJi3qQSy65736Y+e/jcIczszuzu6TODyAWy53HnXvvzNzzv+ecGxgeHk7HYjHMzs7iueeew9NPPw3lxmJiYgIA0NjYCACoq6urZHEURVGURUSo0gVQKkcikQAAzM7OAgBaWloqWRxFURRlERKsdAEURVEURVm8qKJxA5JOpwEA165dAwA0NDQAAIJBHXcqiqIo3hLq7e1FMplEMpnE8PBwpcuj+EAymUQ8kUQylUQqlUYqlQIATEdmAAAxcwolUKPjTkVRFMVbQn19fch1BlUWD7F4AtFYLKNgkGg0CgCIzBgDjfbW1rKXTVEURbkxCD733HOYMV84yuIgnkhgajqC2Wh0ziDDV8p5LkVRFGVBoFp5FcEBH6c2lixZ4voY8UQCM7PRebeZnDTCWWtqavI+SyINIBAo/TiKoijKoiI0PDyMw4cPI5lMYmRkpNLlUUogkUjaDjJ8Q8cYiqIoSgFCHR0d+MpXvoJAIKA+Gj6TTCYBALFYDAAQiUQAANPT0wCAeDwOAFi9erXrY6dSKUTMfBhWMF9GZNo474qVK1yfR1EURVHcoPGMiwS7QYaiKIqiVALffTQikQgOHTHSmvf987f8Pl1Bzv36N0Aa+PQdt6O2trYs54xEIvjZz1/GwMAgRsfGAADr163Fho4O3HXnHaivr0cikcDJU6/hnh2fAwDU19fnfTolFk8glbJ2xKSSQt+MYI0xvqyvc3cepTChkAc+LooyD4lEstJFUJSi8XWgwUHGB8MX0LF+nZ+nsiU8NYXX3xgoy2Djl6fP4tjx/8Bs1FAZakNGNY99eBljH17G79/5A/7is9tw4eJFvPvHP2UGGsUSjbn3y3jjjQG89dY7uHr9GpYtXYa77voMvrjzr0ooxTj6996LEzt/gWe620o4jnMGB9+a87+W5kZXx7g+OeVq+yDcRdYk5xkAFiIacxcBVhdyd701Lvt+bTDh7vj17hyYE1F3SpzbwKbW5ctcbf/++SFX28+6vPcalyx1tX1To5FMr+P9H+DzJ3bi5WfuR3nuLkXxjsDDDz+czk3Y9eqrr3pyYDnI2P/EN9DU1OTJsd0Sj8fx+u8GEA5PoaW52bPBBkNHmZciGo3iN6//Dv0v/QQAcNutm7Hlzz6JlaYvxPj4FQy+9Tbe/eOf8o6z9+tfAwCsWGFs19bm/FHiJMokHA4DAK6MjwMAXj75CkbHxnDrrbdi3dp2jH04jnO/+hWWLV2Kx/b+LZqbmwEAU6bvyHyMXPrAcVkB4NLIh662X9660tX2OtCYHx1ozE+1DjR+/tDfAD8ewBNdrnZXlKrAl4Rd1TTIAIDa2lp8+lO3ZwYbfikbMzMz+K+f/DcA4Is7v4CP3XwTgOyApK1tJe7Z8TmEw2HccpPx28c/fkvGCZSfHLgUotB7i4pJIc4PvY8Z0+l0MjwJANiypQtbAITMTKCf2LwJn9i8CXV1dUil044GGIqilI+j6MELOshQFiieO4NW2yCDcLDR0tKcmUbhi92OdDqNdDqdSdUeDocRDocxMjKS9/fyK6+iJhjEbbduxi03bUQ6ncZbb/0eb7/9Tt4fBxkkEAggEAigubk5oyZ4QSqVMqJRZiKIzEQy10ESyQQSyQQmJycyf1evXkEikcis7KooShXQcx8y44zxl7C363ZsMf/29o/Ps+MgDudsu+WpQfHzkexve18CjzTe/5jxPff3rsfAU433P5b33Zg6zT+GohBPBxrVOsggpQw2nDA0NAQA6PrkbQCAt99+x7NjK4py49L3NQ4zxtH/Q+DA4ADeHBzAmyf7gCfvxeHBwvsNPvUz7OS2gz9Cz9GHsgOT8Zew94Hz6Dtp/n4AOJ17nNO9+PxP7zP3HcDLB4Dee45gEEBbdx/6tp9B7w/NHQafR+/pHrygPiRKATx1Bj14+LsYvnARADB84SIe+/t/st1nQ8d6z6JRzv36NwiHnc+5c7Cx9c/vzPs/rXnmnZiamsr7ZOZOyfiVqwCMKRI3g4zGRmOeva6uzvE+TgiHw5idnUEiPr86weuZnZ1FTU0QUfO6W5Ya88nNSwyVJehFBlFFUVyzPfP2bkP3N+/P/tC2DTu3AyfOjwNdc1/xXd98PPcbdvYAD/7hEtDdBlx6F2ewEXu5W9v9yPfj7sEL38zO17R1P4qeJx/CicHH0dXVhu4DfThxz7Po/1of8MxR9Px4ADq7oxQiRDm9rGti5FCp82bwIaOlKhmKonhJ/hBiEIe7HsLRnP9s22m1pxEN1ns651895mfXfejBQ3iw6yi2HSgQLbZ9E9bm/WMtNuUOatrux4EDJ/D5e+4FtvfhZR1lKBaE3nvvPcTjccRiMUxOTpZ0sP1PfCOjamzoWI99j/9jWadOtt51p+028Xgcr78xgPDUFFpamvHpT90+ZxvWw9WrhkJhpWBIVq5Ygds+sdlxeQOBAILBoKd+GUA282g4PImZmRmkXUZK8HonJ4x6CJnOpk1N7tdeURTFQ8Zfwt57erHxxwN4swvIhJUX3NgYkJw/8Au8+YwxiBh86nY8mPm9C08MDuCJwSPY8sC92PIk0FNsZEtnp06ZKJYEN27ciM7OTmzYsAEtLS0lHaypqQn7n/gGOtavwwfDF3DoyNOZNNvVQKFBhpeRJ3+968ueHUtRFEUyfvoEzmzvwyNOBgODP8NR9GCvXV6brsfx5uAAXugBjv40x0nj9Lu4lLfhJbx7Gti40Tze+Et48kmg76Th+2HlJ6IoQa+nLqp1sOFmkMGpJEZtOKGYKI1gMIja2lo0NTV5qvxMT09jenoa0WjUE2fXVCo9b+ZRRVHKSM4AYLy/N29axIgGMRw2Dc7jPMNABo/gwdz5lsEjOYODcZwfArZtzp0sOYoHc6JUBp96CEczg5xx9D/ZizM9j6K7rQuPHNiGow/knldRsgSB7IvVq0FHtQ02/FYyAGN6IRQKoSZUg9dOn8Frp89g7PJlT8+hKMqNjRHtcRQPmiGnT+JR9G232LjrcbzQcwa995jhqT+9Dy/05P7+MDY9w9DVe9Hb+aN8P43tfXhh87OZ8NYHh/oymUkHn7rXiDIxnUUz5dLwVqUAgffeey/NhF3PP/88vve973l28EgkkuezUcm1TsJh54OMK1eu5H265fzQEE6eeg2xWByf277Ncrv6hgbc8aktWL58ueNjzycs0DdjZGQEAJBIxPHhZXe3/ZIlWWUlEDCin1vN8hXyJamGzKBcyyUSmUZTY/0cFarFLHdtgagerzKDbrl9rq+PFVS/RkdHC/6+ZInhC+OmXxQD+3cyaZSH7b3UjDayW3Pn+rVrAIBYPJb3/7pao55bfS6/HTSc6HMVFVlI6XPklY8U29WtwVZjRnMFg8w2kJ/OP27e17yOZMro7wHTk53RYQ0NDUWVe3Z2Ju/4SAPXf/kdPPLLbTj2b19Ah8v6uWwaWOl0/n24bKmRpbW+yHLyPq8W2F6BgA8RBYuMEKcHUqmU5xEgVDYOHv5uxaNL/FIyCrGxsxMP7GnH4P+8jU2bPma53YoVK1FbG3K1iNq8N5t5Y9dyka90CqtWFe+iFTRvoKUtxoOGL6BcWpd+0tUxP/4xdw+LGgcLls3MGA/K8XG+OM1znP9P/N13RvHV7/di50qgocFM1z14BFseOI++k99H902FjqgoFWTwefSe3oa+A+peqSwOQrmDDD8GA01NTTjwL9/2/LhucBKN4jX19fW48zN3FPTd4Ei4paUFdXXerbkyMWGszuplErJkMpV5cfu9giRTr0ciF/HKv34dp7f9AN/a0WpfRtPCo8Wapuyz7st4+mmgKTSBiQkgMm1O3617BK+8AgBXcHUe0arJVHcyAxQ
<h3 blockindex=49>0x04 文件读取</h3>
<p blockindex=50>同文件上传类似，基本上一个Controller某个方法如果没有任何防护，基本上整个Controller都没有防护。比如对上传的文件名没有做任何限制，那么对于文件读取的文件名大概率也是没有任何限制的。任意文件读取危害可大可小。任意文件读取在某些情况下危害是同等于文件上传的。比如某些api是对上传没有任何限制但是只限于后台文件上传，这个时候可以用任意文件读取读取数据库的备份文件从而寻找密码进行getshell。还有java的一些文件读取，比如java应用使用了shiro组件的同时还存在任意文件读取漏洞，那么攻击者完全可以通过读取java的shiro的jar包获取shirokey进行getshell。也可以通过读取ssh密钥（需要高权限）等等方式去进行利用。</p>
<p blockindex=51>程序代码如下：</p>
<p blockindex=52><img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAArMAAAD/CAYAAADi4l4lAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy955ddV533+dnphHurJNkwPfOOv2N6+lkPNNgGK1g5WrINjQndgDG0cztHsDHBZLAtWapStGRjN5jwdFirZ82a+SPmbfNMg6WqG07YYV6cc26qKkm2ZDBwvmsdle695+x0dvju7/7t3xYf+tCHAhPYtm0bZ8+epdfrsW7dOi4H3nsAQggIIUb//0tAEP4d3S9WBCCnPspLFJufDWAm/oCcuWH6s5gJX4bp5wX1uxTT8Y0fu3j4o/yM0jX9dzb5s/kV9fPN117IqfSsxOrpXyv8FU/PhHup8pvFbHnOpqdFixYtWrRo8d5Cz34hhMA5R5qmlxWA954Qwoi8ThLaFi1atGjRokWLFi3eS4hZZdYYg5SSXq+HUurdB/wXQmhbZbZVZi+WnhYtWrRo0aLFe4upkbpRVxtl9i/FVKBFixYtWrRo0aLFnyZWmBlkWYZSCu89UsrLJrTvWoltFLwZhXLN7//UMKvcrpXPtX5/jzGpTF5KxVztuXfyzB8STbouJ52BsWIswrQq/X7NX4sWLVq0aNGiwhRzEkKwY8eOEYlt7F8vdf2lYu2l7z9NePHnl6eLwYtJ84mVv03+bdGiRYsWLVq8P7FCmbXWUhQFcRyTZRlar7hlBa6E0I7IxFpBXCLolTaLl4hPXPy5xgZ2ZLt50fj9Kgpy9bciQb5Of3WPDHKFjW0Tz9VWAC9XOZ3M3zsty8l4Gqy0gW3+887Dfqfxr57Xprwn38tFykWM7/eCadl2BjKsrB/vpgxbtGjRokWLFu8eK5hqFEVorSnLkg0bNtDr9d672IVHyNoTQoAQGqV3kiRCRURmN9aMRWWlFNbai5Nq4QmAl2tv0JG+JrAhIIWoXI6JAMKvqdDJ4PHCg5CAHIUxIk0T93rhaxK1ctOUZ4ZgTZDeqbjXMkMYbbyClSR7TLRHZB5FwIGwE5lReD8OI4g6baIi4mO3a64qkzpMOZEmL+2KPIbgqmcn0y480+90euNX81kGiRceEfzURKDZGLYijCARPiCUJARHEFW5O8ZlLwJYEQhynCYZQAqx0qxG2OkYJn5uyuVSm8RatGjRokWLFu8dVozCp0+fBipS+9vf/nZkbjDpfutKEMT4Qk77pBVC4Ah4wegKUlD6Ep1IyjCkPzyPjgRFmSGlQhpdkRIpUJFZkd4QAsYokI6du7aQdhReZgxDj4w+ZZRTRjnb9m1l2/6t3HzrwSotWhGEJ0k1OgFEhhNDCjeorx6l65HZAUJ7cjnAzCuCDHQ686N83fLJW8iKIVGkMUbhcOw9sJeytAihCEiCqC4vJDZ4vPRIA+d7/8X23Vvw5JQ+x+NQkSJKYgrrUdIQvCDRCTJIoihBaQ1asHvPVoTMUbFgWPZRkSLuJAQp8Eikjqr/y4LcX2DvzTvxylNKyLH0Qo89t+wmvnaOMkCQCiE0IQT6WZ/CDZCRZc+BHVgydKyrNKoB+w5tY1D0iCINyoEKKGnQKkI4g8IQa0V/+W32H9pbkXwjR+/cBvBIlEoYDnKEDzibEUWO0i+xc98WcttDxxIvLXtv3o2QgSjSdV2SaGKCVxRFgdeOoRqw87bdZGWGiCSlKti69ya6G+awwSOkQIqqDna63SotOPYf3EXhl4hTRxB9hMkoWSYrfo9QJV7Ukxmqa1S3W7Ro0aJFixZ/EKxQZhvXXEVRsGHDBoqieM8iDz4Q8BRFwaFDt3H69Kt4Z5lwzEQUx+zctZ0TJxax1mKMJs9z4tigtWDLlq2cOXMGbQy2LFfEIRWV+usCp86eYdvOmzhz7jS7du8gTiOs9YQgOH36NMEGtNcIpfHOIZXEUrB//17OLy8x1+1inavUvMYcwQcKV0AiWFw4yTWd/5Wl80sE40EGBv1ltDGcX16iW/vuzbIBg7yPjg1BTLg/Ex6lAkJ6BkWfuWtTjp48zM7duzh18lW8cGRZTpJ0IRIQCfILQ7wtSZIEIR1F1iOdi3jtjVfZtusmzp56jTgRlLbPYLiM0QlCKrz0LC2d55prFKX1BCEIwbN73x5OnTmJLR05Q5b6bxN35/ADR8BT2oIk1ajUc+CW3Rx+8WVUZEBYOt2I/vA8TuREHbjQ/x1pJ0EKRX95gNYxJjIIERjkPeau7fLy0Z9w882HOHp0gdKCMTHeS5SSlGUfYQI2FOg4UPoBXud4nZNuMJR2gJUlQRZ05hPyXjY14VpeXqbzgZhN2zayeG4Bqywex+59e/npsZ8QzcVc6F8gTTu4bIhH0EnnOL+0RNASoRxCVtdgsMTOnTuI45j+YEA3SQlecerkz/70Nym2aNGiRYsWf8JYQWadc1hriaKIchVyeLUhtGbf7l28+PJLJEkHIcR4WV3Axi2f4Pip4wQkWnXQWqOUYDDssWP3Dk4tnkJKDUHS6w2Z63QmQvdoDUWREUUdbPCcWDyLl4FOJ+aHP/oB2qRIoZEYFIpZsbooCs4vL3Fi8TRRmuKcZbScHUBicaLkpj1bkVLS7/dRSuAUbN++jaPHFzFGkkYpkTHs2LmTxYUTHLrtECdPnEZqM1EYnu27thEoiRNFVmaVqYMKfPLvD7G8NISgieMU5+DkseNEkSaWii1br0eagIk1hS+Ym1/PMBuwa89mhAxINErFZMOCM2deA2npzhsKZzl0y+0cfukESZqgtCXPf0eUKpRwSOXI8iXm4i7BOnRwoC03brqeouxx4OA2gjP0e57XX38Dj8SGkv0HdyCFIM9zzpx6HRGnuODZvecTeEri2JDbDK0h9312HLgJoTTGdHBWoJTh2JFXiLRBCMeWrRtBOZy0hNhy47aPEkcprnDkrs+mzR9DYZBWcfzYcYKAufmI0pWcPn2adD7FWUd33TwLx44hRa3E6kCW9ehGKVhPf7CMUuC0Z+uOmzi2eBRjNFEUYZKYk6fP4K3FliW7du5/j1tHixYtWrRo0eJSWEFmd+zYwZkzZ66aWcGlEIJnrjtHkiRIKXFT+8s9SkG3m+KsYtDPMCYmywbEiamJrcb76pn5+TmCm7aJPf/2Ehuu2UBpSxwOpRXeF/jSccuhW4mjFIHBlR5NRKRjDr94GKV0RVw1dDodouZENFEr1UKC1wQviOMu3c4czga08Agh2b59K8dPHYfg2LNnP6dOnWL7zp0cW1zEOctrP3udfTfvY/HkyVFewaMTycLiCaSR2DLHBlspxB7m59bT62XEUZfdu/fiQqBjuvgs443XXmdgl9m64yZePXcOFxTGSLRyOF+ya+cezpw5SwgCYwxZmWOMIeBr21mPtQXLS30OHDhI4SqVc+/ePZQZpCScPH6corBEWpKmHY4ceYVYJ3gn2Lf3IMNhj127dnHq5FmybID3lltvu4XSlbigWL/+GmSiObG4gNKS0g7xOKxzaGVwDpAGpQy33HwrQgcK16e0OWdeO0fpM6JOxJatmzl2cpFOkqCCYvuWbRxZWMAEQ6o6KK2wtsBEhh17d1Oqkowhxmi279gBNrB4boH+YJm9e3fgMktCh1PHToAAIQLbd2zm+KkFsqzP7bd/hjMnT9UmK5qhLZmfn0eqVpFt0aJFixYt/thYQWaTJCHPc7z374nrrSa8KnzYsWMbxxZeIc9zoqiKzxhNUQ44cGAfi8ePVcu4IUJLyXAwRGnJ7t07WVhYQIUYIWSlYE6EX0Gxbv6DSCHZvWcj0jiyMuP4yUWEMLx66jSegBCKYliSmITbDv1d7ZrMkyQJgzKrib0HUXDg0Maa0EqE63Dy2M9x1mNtQBtDnhWsm5tHKs/NB/eSDzOOHHmJW2+9lZ/89EfEcQxIiiLj+PFFDtx8iMOHD6O0QErB8cVF+r0+nfmUOI5RQVGUBc468jxH1vk7dvQoCoMtJUZ0sGWGUl3Wzf0VttQgNVIk2HKA9xCZdSjZZdDPAIEIMdZZDty6E2v7qCTj1ls+w4kT5+gtL4Mp2LtnDz879xYXfj8gFjGKmPm5LrnrQ0gILsW6BG8dw
<p blockindex=53>通过requestFileName参数作为文件名然后去读取文件。可以看到虽然限制了文件夹路径，但是并没有过滤掉../的方式，还是可以通过../的方式去对目录进行跨越从而造成任意文件读取。</p>
<p blockindex=54><img src=data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAqAAAAEUCAYAAAD0j4Q7AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy92ZNk133n9znb3TKzqhuAxNGYsh5mwgrbYb/4kWGJFAlwAUASCyFRXCRIpEisjQZ6X6q6q7u6el+wk6JMcYcALgAXCQBBaoYj6z+wFeGYcHhkSyOSQHdXZeZdz+KHm5m1dBcaGwmSqm9ERlZm1j333HvP8j3f33LEb/3WbwXeQDjnmJmZ4dChQxhjaJpm1Wdr7ar/r6qKOI5xzqGUwhjD4uIis7OzHD9+HOccnU6H++67j9OnT1OWJUIItNYIIahte7x1DmctPgSMMezevZuFhQW8c0il2LF9OydOnsQ3ftX5d+3axdmzZ6mqCiklD9y3jXPnzlKUJUpKdu3axbFjx5BSEcLqYwEc7o28fRvYwAZ+jghidZ8Wa36Xa0fHIFd99GsPYPz7mrFidJ615XlWl7eBV4cg1rt/fvX76P6LNc9P+tWfx7+H0XMdP9/xZ3GZOWBVeWH1ccv1nPzHOvUcl3/58tbDpe3v5XFJ+3uVx29gA28k9JtdgV6vh/eeqqpIkoQQAvPz88zPzwOwZ88ezp07x6lTp9iyZQtnzpyhqio6nQ5FUWCdo2MM23fswFmL0hq3huS+HJRSbN26lRACIQSMjNixYychBJx75eVsYAMb2MAGNrCBDWzgleHnRkCFuPxSK4RAXddEUcTdd99Nt9udkE8hBHEc471HSsmZM2fYtWsXAGfOnCHLMhKRYJsGZy0LCwsMhgOmpzehlXpF9aqqirNnzxJCoCgKdu/YPflcliWzs7Pr1n0DG9jABjawgQ1sYAOvHj93BTSEcNnPQghOnTpFkiRYa9Fa45xDCDFRSAGOHj0KQNM0QGsCt02D0hrrHN1OlyzL6C8tobRGSIEQYvK+FsYYyrKk2+0ihCBJEuq6odfrovTy7QnBE0LYIKMb2MAGNrCBNxxrze8b2MCvOn4mBLSqKowx5HlOlmUTsuj9pf4z49/G5K6ua6SUeO8RQmCtJYSAUgqt9eT/x0Swk2Y01iKlZPfu3auUz2PHjyG8RArZvgeJX+PzpdDs3b0Pow0heISQzM7OorXCWof3DiHkhIBegg0+uoENbOCVYo0P4sb48SZg7TN4E7Gez+eGb+YG/jXgZ0JApZSToKK6rlEjUiilvCQISYjLK5OvFM578uGQw4cPUVUVaZrhvWP79h1455GIiX/n5QhkXdecPn0a5yxZ1uHOO+/k9OlTeO/Jsg5bttwLMDl+QwHdwAY2sIFfPoggf6HI5wY28K8dbzgBHZuy2yAeNzGlK6WQ8jV0/smg4WgjBscKppz4aaZZihASpdrIeCkVVVW1aipqQoRXkuExoijCe0eUJpR1G1EfQmhN8U0NeIQM+ODxYiNm9Y2GXBEFOr67l4tsvVL06QY28PowanOXRAm/se1uQ9l6ZViOOn+1R66T1WBEPK8UVb4crf7y0eljyDX/59eNyr98ua8Ub1S72Wh/G/hFwhtOQOu65sSJE+zYsYMoihBCTFIwFUXxKhVEueJ16fdCQCdNKcscIVqFUmtFkRdMTU0RRRFKaKSURFFEFEU416ZNGpv5iyIniiLyUd0GxRAVGQZ5ftkaedEOYios//2vrVOHFdf7evyW1g7e7b3coPi/tFhL1sLKvuuXf3/TVajVqXZeFkFeel0b+IXApc/vTX5OQW64VGxgA68CbzgBHRO8EydOTL4bK6JKqcv7Ub4MBoMc79t0Sc5bhBQQFIQIAGs9PgSUEGzfto1IxwghOL5wnDTOsNZOIulDCCQmoa5rhJdsv38bJ04cn9QR4OjxY2TdLtv37MAoRVVU1EVJ3E0YFDmR0IgAZjTWVerNmUwvN3mOyeDKVf5rJcdrfZFWnm9lmeOrf7VEVOJXqZprVc+xGrqWpP6yQfjVN+YSRU2+vhlrvbyVk+f2ukp/BXkxV2LF8/SiPTiE0RAj/Boip0flr3bJebV5D698fXLNO8sEOIzrsVy3tf1KBL+ahIpLF02ry/Xr1LM95wY/uRJW51FdHhf8ZX9fV6lcs9hZr12tXfCu7T9XGn9W2cTEcv3W5pcd13NtHtL18Ep9Qde/rtWfX7uivIEN/Owg3uhE9FfClQjoaoVUY2vIOgnD4SJZpyWPICcEtGz6xLHCOodWatLBjTGEEGiaBucccdwS03JYrkp8vzIwyhEIPiCNwroGLSTSBaIoYljnxFnaRtwHiFzb+SslcW/CrLKeevNGDTBrSawbjZtqPK5fMlG/yvIvR0CDxAtJEJcS0F9GE7z3Hvxq3+NLEp/LcMkUt/reLk9Ylw1YWFHe2t+DYHRPL1fupJbrlw+r1MrLPuN1JlqAgIYQjchoDWJENoOGoJFBjr4fP+PL1e9SrL2O5TNeRtkMawnoiAiOxpnxOdfL2jZpd+uooOslqt8gAK8Vlybyv7JSvbINj45/3QR0tHHAqyGgoyPgtRPQV5sofoOAbuCXGW96Ivr10XbUxtcMy0DazbDOX7IizrIOVV2gVUtCx/PIcDgEQGs9Mf8DZEmHqqrQWlHXDVovzzw6CJRSxCqi9gEtFXnRx+LRRrdEQhmcc9Qja0sQfrWs8XMyL64cSFYO0E6uvj/jAerVDjxj94K1n41v361sBaTX436w/i4mv7zK58p7JoVEmLU3aK0CuubXdXfWubR8AHEZN4aV5YyVt/Wf08soelxm55i17WididaP1KAQNAiPFxqEbI8PGnzSHi6WVcPLlr+29HV3mBmf/eX638rfRvX0bhRgOFYo1eh9pSK6guBcoT6v3MdwVN4GIRhhTBRXtKdR27rySLBCHV1nofBKx6m1/zdpT6/QfeSKZPmybipXxnoEcqP9beCXGb/ABLQlOEpLkIHaBobDIWmajjpZ25G1NiBi8mGfTreLbzxlWTI1NUVZllRVRbfbJU1TcGBMmxs0Hw7pdrsjRXW5I7rGUlhHkkb0+328BBNHFHWJa2qiKGlnofG49PO+KZfBuO5BXH4AeqMHGbGG5LwWeOQ6q31/GZXgl5OMemn5H/7nf4cXa3bUGpt7GSlxYiVpW4F1JqcrkdDJ4Vckn6vrc0n5E1L28udf+3z8xJwtIej28+QeSKSPWgtGkCDLS9TtV6vqrPf75bGa8J7/8QXypYZhvyQExWoFzvPL2vZ+6SGuvCi5NEDMc2m8wGvFmsXKqr74Zvswb2ADvxrQv/3bv/1zPeFaE/w4+fvS0tIoCXxLCINozSNCSOIkY2lpQJJkSCkphwOyToLWEucbnGvIi4KprIO3y4ntYVnBGW/TKb2cmN2ddyjVpoHyjFMteYRSEAmqpkbrVj3NOglVXpBl3dXX4QMyXNm14I3COG3VOCWUXENSQgirCCksE7tXg/VM8HU/Z3p6GksgrwqUNIjwMivvNZNEXdeEEIjjGCnbrAVVVdHtdKmb8pJzL9f/jcHKVFpSyslzG2dIGAenaa2JooilpSU6nQ5lWU7cOl4O480TpJS89d9fw1v/+w4vFf8MQL/fJ8uS5euiNcFP6na567wMCV39bx4ZVrT3kU+pdx5UGwTkX9ZT8tJ2sXrBsrxQmGS3GOXiVUoTgl3lxiIVSK3b+zbVQ8kRAR2dp8gbZIj51Ce38rnP/TmIcpUfaJqkDPp9sjTFh9b9xY7Oh5IURYF3nk63wyDPieN4+VaJ9vna0Ra6Uqp1TesAykW8Jflf+L//j3/mH//LBbRIEBjqskKpgDKBZuTTPrm+cd9a0w58GFsc5GXv6rp7gXs3aV9a65/bOPKLh0tN79C2OaUURVGsyqIihFhFQMdtc23/NiamKhukGvX9sY1sHUVTjbKm5GWBkHJ0Tj+xmAE0jSNJkokb1zIuVW/X/rZqXPUefDueKylpbENkIqxzRElMnueT8ic+qVdoHmvH/sm51hlDr1TeBjbws8SbpoBOJswxAel2CaMJJ4SAFyMSCtSuobdpMwRJWZYknS61LRFaEYTHWkuWplTOYpRZNSGPJ4QgFUrKkclvGV
<p blockindex=55><img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAArMAAAD/CAYAAADi4l4lAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy955ddV533+dnphHurJNkwPfOOv2N6+lkPNNgGK1g5WrINjQndgDG0cztHsDHBZLAtWapStGRjN5jwdFirZ82a+SPmbfNMg6WqG07YYV6cc26qKkm2ZDBwvmsdle695+x0dvju7/7t3xYf+tCHAhPYtm0bZ8+epdfrsW7dOi4H3nsAQggIIUb//0tAEP4d3S9WBCCnPspLFJufDWAm/oCcuWH6s5gJX4bp5wX1uxTT8Y0fu3j4o/yM0jX9dzb5s/kV9fPN117IqfSsxOrpXyv8FU/PhHup8pvFbHnOpqdFixYtWrRo8d5Cz34hhMA5R5qmlxWA954Qwoi8ThLaFi1atGjRokWLFi3eS4hZZdYYg5SSXq+HUurdB/wXQmhbZbZVZi+WnhYtWrRo0aLFe4upkbpRVxtl9i/FVKBFixYtWrRo0aLFnyZWmBlkWYZSCu89UsrLJrTvWoltFLwZhXLN7//UMKvcrpXPtX5/jzGpTF5KxVztuXfyzB8STbouJ52BsWIswrQq/X7NX4sWLVq0aNGiwhRzEkKwY8eOEYlt7F8vdf2lYu2l7z9NePHnl6eLwYtJ84mVv03+bdGiRYsWLVq8P7FCmbXWUhQFcRyTZRlar7hlBa6E0I7IxFpBXCLolTaLl4hPXPy5xgZ2ZLt50fj9Kgpy9bciQb5Of3WPDHKFjW0Tz9VWAC9XOZ3M3zsty8l4Gqy0gW3+887Dfqfxr57Xprwn38tFykWM7/eCadl2BjKsrB/vpgxbtGjRokWLFu8eK5hqFEVorSnLkg0bNtDr9d672IVHyNoTQoAQGqV3kiRCRURmN9aMRWWlFNbai5Nq4QmAl2tv0JG+JrAhIIWoXI6JAMKvqdDJ4PHCg5CAHIUxIk0T93rhaxK1ctOUZ4ZgTZDeqbjXMkMYbbyClSR7TLRHZB5FwIGwE5lReD8OI4g6baIi4mO3a64qkzpMOZEmL+2KPIbgqmcn0y480+90euNX81kGiRceEfzURKDZGLYijCARPiCUJARHEFW5O8ZlLwJYEQhynCYZQAqx0qxG2OkYJn5uyuVSm8RatGjRokWLFu8dVozCp0+fBipS+9vf/nZkbjDpfutKEMT4Qk77pBVC4Ah4wegKUlD6Ep1IyjCkPzyPjgRFmSGlQhpdkRIpUJFZkd4QAsYokI6du7aQdhReZgxDj4w+ZZRTRjnb9m1l2/6t3HzrwSotWhGEJ0k1OgFEhhNDCjeorx6l65HZAUJ7cjnAzCuCDHQ686N83fLJW8iKIVGkMUbhcOw9sJeytAihCEiCqC4vJDZ4vPRIA+d7/8X23Vvw5JQ+x+NQkSJKYgrrUdIQvCDRCTJIoihBaQ1asHvPVoTMUbFgWPZRkSLuJAQp8Eikjqr/y4LcX2DvzTvxylNKyLH0Qo89t+wmvnaOMkCQCiE0IQT6WZ/CDZCRZc+BHVgydKyrNKoB+w5tY1D0iCINyoEKKGnQKkI4g8IQa0V/+W32H9pbkXwjR+/cBvBIlEoYDnKEDzibEUWO0i+xc98WcttDxxIvLXtv3o2QgSjSdV2SaGKCVxRFgdeOoRqw87bdZGWGiCSlKti69ya6G+awwSOkQIqqDna63SotOPYf3EXhl4hTRxB9hMkoWSYrfo9QJV7Ukxmqa1S3W7Ro0aJFixZ/EKxQZhvXXEVRsGHDBoqieM8iDz4Q8BRFwaFDt3H69Kt4Z5lwzEQUx+zctZ0TJxax1mKMJs9z4tigtWDLlq2cOXMGbQy2LFfEIRWV+usCp86eYdvOmzhz7jS7du8gTiOs9YQgOH36NMEGtNcIpfHOIZXEUrB//17OLy8x1+1inavUvMYcwQcKV0AiWFw4yTWd/5Wl80sE40EGBv1ltDGcX16iW/vuzbIBg7yPjg1BTLg/Ex6lAkJ6BkWfuWtTjp48zM7duzh18lW8cGRZTpJ0IRIQCfILQ7wtSZIEIR1F1iOdi3jtjVfZtusmzp56jTgRlLbPYLiM0QlCKrz0LC2d55prFKX1BCEIwbN73x5OnTmJLR05Q5b6bxN35/ADR8BT2oIk1ajUc+CW3Rx+8WVUZEBYOt2I/vA8TuREHbjQ/x1pJ0EKRX95gNYxJjIIERjkPeau7fLy0Z9w882HOHp0gdKCMTHeS5SSlGUfYQI2FOg4UPoBXud4nZNuMJR2gJUlQRZ05hPyXjY14VpeXqbzgZhN2zayeG4Bqywex+59e/npsZ8QzcVc6F8gTTu4bIhH0EnnOL+0RNASoRxCVtdgsMTOnTuI45j+YEA3SQlecerkz/70Nym2aNGiRYsWf8JYQWadc1hriaKIchVyeLUhtGbf7l28+PJLJEkHIcR4WV3Axi2f4Pip4wQkWnXQWqOUYDDssWP3Dk4tnkJKDUHS6w2Z63QmQvdoDUWREUUdbPCcWDyLl4FOJ+aHP/oB2qRIoZEYFIpZsbooCs4vL3Fi8TRRmuKcZbScHUBicaLkpj1bkVLS7/dRSuAUbN++jaPHFzFGkkYpkTHs2LmTxYUTHLrtECdPnEZqM1EYnu27thEoiRNFVmaVqYMKfPLvD7G8NISgieMU5+DkseNEkSaWii1br0eagIk1hS+Ym1/PMBuwa89mhAxINErFZMOCM2deA2npzhsKZzl0y+0cfukESZqgtCXPf0eUKpRwSOXI8iXm4i7BOnRwoC03brqeouxx4OA2gjP0e57XX38Dj8SGkv0HdyCFIM9zzpx6HRGnuODZvecTeEri2JDbDK0h9312HLgJoTTGdHBWoJTh2JFXiLRBCMeWrRtBOZy0hNhy47aPEkcprnDkrs+mzR9DYZBWcfzYcYKAufmI0pWcPn2adD7FWUd33TwLx44hRa3E6kCW9ehGKVhPf7CMUuC0Z+uOmzi2eBRjNFEUYZKYk6fP4K3FliW7du5/j1tHixYtWrRo0eJSWEFmd+zYwZkzZ66aWcGlEIJnrjtHkiRIKXFT+8s9SkG3m+KsYtDPMCYmywbEiamJrcb76pn5+TmCm7aJPf/2Ehuu2UBpSxwOpRXeF/jSccuhW4mjFIHBlR5NRKRjDr94GKV0RVw1dDodouZENFEr1UKC1wQviOMu3c4czga08Agh2b59K8dPHYfg2LNnP6dOnWL7zp0cW1zEOctrP3udfTfvY/HkyVFewaMTycLiCaSR2DLHBlspxB7m59bT62XEUZfdu/fiQqBjuvgs443XXmdgl9m64yZePXcOFxTGSLRyOF+ya+cezpw5SwgCYwxZmWOMIeBr21mPtQXLS30OHDhI4SqVc+/ePZQZpCScPH6corBEWpKmHY4ceYVYJ3gn2Lf3IMNhj127dnHq5FmybID3lltvu4XSlbigWL/+GmSiObG4gNKS0g7xOKxzaGVwDpAGpQy33HwrQgcK16e0OWdeO0fpM6JOxJatmzl2cpFOkqCCYvuWbRxZWMAEQ6o6KK2wtsBEhh17d1Oqkowhxmi279gBNrB4boH+YJm9e3fgMktCh1PHToAAIQLbd2zm+KkFsqzP7bd/hjMnT9UmK5qhLZmfn0eqVpFt0aJFixYt/thYQWaTJCHPc7z374nrrSa8KnzYsWMbxxZeIc9zoqiKzxhNUQ44cGAfi8ePVcu4IUJLyXAwRGnJ7t07WVhYQIUYIWSlYE6EX0Gxbv6DSCHZvWcj0jiyMuP4yUWEMLx66jSegBCKYliSmITbDv1d7ZrMkyQJgzKrib0HUXDg0Maa0EqE63Dy2M9x1mNtQBtDnhWsm5tHKs/NB/eSDzOOHHmJW2+9lZ/89EfEcQxIiiLj+PFFDtx8iMOHD6O0QErB8cVF+r0+nfmUOI5RQVGUBc468jxH1vk7dvQoCoMtJUZ0sGWGUl3Wzf0VttQgNVIk2HKA9xCZdSjZZdDPAIEIMdZZDty6E2v7qCTj1ls+w4kT5+gtL4Mp2LtnDz879xYXfj8gFjGKmPm5LrnrQ0gILsW6BG8dw
<p blockindex=56>跟进getBinaryFile</p>
<p blockindex=57><img src=data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAxkAAAEgCAYAAADYCb6zAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9ebDl51nf+XmX33bOuUu3ZAyBGMgMVVPU8AeuChNcLHYsW6Dg2BR2hLX1vi9q7TI2Dl4kI6mllrrV+97ajDF2EoMxli2UTEwgVa75I1M1zEwVZCoJGCx1971n+S3vNn+8v3Pu0t1qtWwZQ92n6qp17/md37s97/s832d7xdve9rbANVCSJPzET/wE3/zmN8nzHCHEtXz9mqjRUOaKt/3Yj/Lf/suf00GTuPiZ0wIvQLa9H/dDXGU0ctnnUiZUvmSuvsB9d9/PmQPnALCqwUuPCooQAhs3buTU6VPX1H8PNNIhOpZbNv0K504/Rzr4QZra44qLbNy1huMnT1BbA8DmTZs4eOAIWZawY8cODuw/gBaatevWcfzYCYQQ5HmXjRs3cujQIdI0xQbH2jVrOXb8GEoqdu6+k72PP06iM5SH3Ru38cypMwihsNYig0RrTVlVpEmKEgJrLdZaALSQCCEQMuBVoMkEG3ds5dixI5RliVKKdevWcez4MbI0Y82aNZw5cwaAD3/4w3zxi1+kLEsQnu3bt3PkyKH23Z5NmzZx/PhJpJTs3LmTQ4cOoWTCxYsXuPfe+zh67CjBCzZv3szTB58mSzMANm3axOnTpwG44447eOGFF7g4d5EiL9i0aROHDh0CYPv27Zw4cQJj4nxuX7+NL5z8IkoIhqpPv5pny9YtnD56hll1Ha+c/zZqlWfDjvUcPXaUsiwpioLbbruNZ599Fm8d29Zt5tTRk0ifMpXNEiqNtAnBKryAIDxOWaxscLpi5C8i8sDGLWs4c+YshZqmP5pn3a4Pc+TgGabtKpqRRc0Ybr7jQ5w7+zxSagDSNOW2227jueeeo65rtq7ZxjMHnyOx6YSndJKgpIzrl6a4dt0uR1ZZmqRi/ZZ1HDx4kCzL0Fqzdu1ajh8/jveeDRs28PzzzzM/P0+WZaxbt47nnnsOlSqsa+gP59mz+04OHTiEqyyZz9EhRaFAKoIUBAFBBoIAYxruvHM3B57ej2ka8l7OunVrOH78aOTfIkUrzZq1a3hi31PknVU0ssHkAzau3cALh76ECgm2GHDHrbfw2YO/w1QyDUBVVgj5+s8boxo+tOHXOPXCSZx1CClYt3Ydp8+cRinFxrWbefqpo6jCs/nef8XTTz7HdPMDyKBZu/tXOXj0IK4PIkgefPBBnj5wAKEFGzZs4OmnD6CUxgvPli2bOXPmLN47bl9zOydOnMAHT5qmk7065s/nzj2HMXay3w8fPIKUkl27dnH48GFGoyHOee594F6efPJJVCpZv349J0+fQGnN3PkR23Zv4MyZMwgtuGPj7Zw8eZpMJ4QR3L39Xo7sP4qpDL1siuH8EJlIbtt6K8+eeYa86SCCpEkqnLQIPMrLCY+ZvGbN+jt4/tRnoVIkNscDVjdU6Yg6KxnphnXbb+Hk4edRQ5hKenF9qpIkSVizZi3Hjx9DSkWSaIQQbNm8hcNHDlOVFQD3P/AAR588Sj7okoUcKRUAIQRC8PgQsKrh5p0f4uRzJ+Lev/12zp47R9M0aK1oaLhjx62cPnaOtzY/hOgr8iLnVfMK81MXWb/1Dn73yBdJXIo1BiEEKlWsX7+e06dPY53DY7n99js4e/YsIQR27NjBkSOHyfOCwWDAjq07OHz4MM57sixj7e1reeaZZwBYd8s6nj/1WVzl0Vrhnb8meWh0w7o717D/+FPkec5wMGTN2jWcPn2aJEnYeMcmnjv8AiqX/Mut/4LnTj/H6lffSkLKB7a9j1O/cwJvPTIodu/ezf79+1FKsW3bVo4ePTY5z26++WZ+7/c+z2hUsnnzJo4cOUqWZZTliB1bd07O77Vr13L06FF6U1NUZcnOLbs4+uQxlNeTPm/atImj7ffrUGHSms07N3P8+HGqqiJJNOvWref48ePoXHLL+g9y+PBZgoWuzrhr290cP3gW1whcY+gUiqG4wK333sLxg6dYNf9WMtPBSA/CI4N/zTmUqNc93yu0Qiv0vSdxrSAD4O1vfzvf/OY3SZJkopy+GWQUlCrwj3/0bfzX//P/ZlXRRbW9dQK8AOGXdv+NgAyvHWUYsn7NBp4//gIiyAnIAMh0zvr16zlx4sQ19d8LcNJz+/qbKeV5tMg4/dTnyZMupTgPmeGO9etYtWoVc3NznDp1Cmscd+7ajbUWpRRnz57l9ltuRQjFyZMnsc6hVcJtt91GWhQ4azlz9iwAN3/415mZmQEk+5/az+7tO3DDhjzNOHb0OFoq1qxZx6lTp9BK05iGYBcOca3VBGCAx0lwmcQ4y7p16xAikGUZhw4dojENO3fuIgTP2TNn2bRpE957rLM8c+4Z5ubmmJructttt7Fq1cxkfN57QggYY7j77nvx3jMcjjh37ixZWtAf9El0wq233joBscePH0cqiXcepRVr7lhDnucURcFT+/dTVSUAeV6w5o47WLV6FXMX5zh74hmYDyRK0yQVW7ZvQkhBIjJOPHmSLE8odUnNiLXr10e+co4zZ85grGXHlu1oJDJIzhyLglH7BOlTFBofIh8GabHS4nSFlSXbdm1CaEtdG84dfwGhBTevfT95WnDqic+yce1m5KyhaoYolSOF4viJE6y54w7SNMUYQ5IknD56BlEqtFsQ8hs3buTkyZMorWmaBiXllflPeipKRAa33XYbWZahpOLY4WM477HGMD09zYdvuQWtFDpJOHnyJPPDOaane4zqEdt3biN4SyITnn7qIMprkpCggsILOQEZY8C1dds2vPNoLXh6/wGyLPIqwnPq1CmkjGBq7do1HDt2Epl0kbnkppv/Od1siqK5njMnz3HLhg+A8PT8DMcPHAOikn78+LHXvf+ctFS6ZMvOzQghKMuSY8ePk8qEbdu342zg4P7D7NizlVK+ghYpp/d9Aek1Nptj/aY1dPQUrgmcPn0G7x1VVZHnOevWriPtpDjrOHL0CMEHjG8iUFu/ntmZGc5fuMAz555Zwp+33PJhVq1ezdzFOU6dPoVwAh881ljuvudulFJUVcXxk3GNtm3dRuNqpJQ459CZZjQacfbsWbbu2IqhxuEo0gJfgx8GXjj3WWwdDQo4wY7d27FZQzWqef5YPN+ManDKIoNHBB1BhvD8+qZfx3lDQYdnTr6A9i34UA1G19y67cP41NHIChEkedPl6NNxTXZu3UmaJphWJgQfOHbsKABSRrCUpFHhP33mDMIICtObABzvHT7EAzq0IGOUDFm79Q4ATpw4QZZlNE0TgcvOzZRqhBla3hJ+kGP74vnsC8uv7/wQXjkK0yX1OYcOHUIIQZqmrFl/B846lFZYYzl+6vjk7HPes23bNuq6JpEJx44ew3lHkiTUdU2qMjZt3AjAyeOn6KkpbG0RQrB9+/YJoHw9ZJWlFEM27dhIXddorTl69CiJStm+fTuucTxz7DnuWHc7c8l5tEj4twd/H2kVc8kFbt96K8EGOlmHEydOEEJAKY1zlrXr1sXxWMuzzz7bnrkW7x3bt2/HGEuSaE4cO4lSUVF3zrF582acc2RZxtGDR1E2iXzU0ubNWzhy+DBZljE/mkd1BEYaNmzYQPCBXq8b5UPTsG3Xdqwc4Z0nkTmu8vgSXnjucyQhpRxVKBnYsHstplcSrOS5fZ8jMx2ctK0RcQVkrNAK/X2mawYZaZoyGAxQSiGlfFM9GUFA0PEQ0Qhs3Uw+EyIqN4t/h2sHGcZHwX37htv47HO/Q92vkUHGQ056lNJs3bqFMyfPUI7K1913ESRBgPMWnWlMGKFVSmI61HWNyD21NxTdDnVTx/G2gClPUqxr0FpT1zX4qPQXRUFZlngXUFpjnEVrTZ7n8ftSYI0FJN5aRIBe0aUpS9I0xduo3EsZvRmvvvoqeaeD1nEtl5LHCxiZmm6nS2OqiYC3zpFojdYa5zzD4YDe1BRaKbz3rSfBY52j282pqoro1wFjHHme45xrPTMdjLGMhkPSNEWI+A6to1BXKv
<p blockindex=58>然后读取文件。</p>
<p blockindex=59><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABkoAAAJhCAYAAAAOkezuAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzde3xU1b3//3dCJgk3CUkgJFxzAQMiRIFIioJouAkWrRVBWsGiRfAAtqhH2yJFjkd71K+g1RSRKqflB5V61HKRS1ABY7gpYFVuIYAgJEAS7pAMZH5/ZGYySWYys5OZTJJ5PR8PHmb2+uy11swecK989loryGw2WwQAAAAAAAAAABCAgv3dAQAAAAAAAAAAAH8hUQIAAAAAAAAAAAIWiRIAAAAAAAAAABCwSJQAAAAAAAAAAICARaIEAAAAAAAAAAAELBIlAAAAAAAAAAAgYIUYPuHx/r7oR4Nw9c0t1ZYXX7miQzk5OlNYqOLi4lq3FxYWpojISMUnJSksPNxlnNlsVn5+vi5evCiz2Vzrdhsyk8mk5s2bKyYmRiaTyWWct6+VNzWG6+7pdQAAAAAAAAAAfwsym80WT4MDOUli4ypZUnzlir7etk0du3RRXPv2Cg0Lq3VbJcXFOv7jjzp6+LBuTk11+ktzs9ms3NxcRUdHKzIyMuB/KW02m1VYWKjTp08rISHB6efhi2vlTY3huntyHQAAAAAAAACgPvA4UUKSpJyzZMneb79Vy+uuU+eEBK+3dyQ3V+fPnVNyz55Vyo4dO6ZmzZqpbdu2Xm+3ITt58qQuXbqkDh06VCnz5bXypsZw3au7DgAAAAAAAABQH7BHiZecKSxUu/bt3cZdvnxZW7ZsUWZmprZu3aorV664Padd+/Y6U1jotOzixYtq3bq14f42dq1bt9bFixedlnl6rfytMVz36q4DAAAAAAAAANQHhvcogXPFxcUK82AJpw8//FC7d++2v96/f79++ctfVntOWFiYy300zGYzyxo5YTKZXO7b4em1qq0ff/xRFoulxrMp6sN1P3PmjCQpIiKiRudXdx0AAAAAAAAAoD4gUeJjR48e1UcffaTmzZsrLS1N3333nfr06aMxY8boo48+0rZt27Rjxw5lZWWppKREDzzwgDp16uTvbqMa+fn52rhxo5KTk9WrVy+Xcf5OEBw+fFhnz55VUlKSmjdvXqM6SktLvdwrAAAAAAAAAKhfSJT40NGjR/XOO+8oPDxcBQUF2rdvn0JCQjRgwABJUmpqqr766istX75coaGhatmypRYtWqRHH32UPR3qoeLiYn3++efatm2bSktLFRQUVG2ixN9OnTqloqIinTp1Sp07d1ZCQoKaNGni724BAAAAAAAAQL3ih0RJsjTn71I7x2ObpMm/9U1zHaZLsx7ybRsufPTRRwoPD9fUqVMVGhqqffv2KS4uzr4Bd1xcnGbOnKkffvhBCQkJCg4O1p///GetX79eDz/8cJ32VZIKtizWe1mn7a+jB0zUhP5Rdd6PMjla9WqWoiZOkN+6YGWxWPTtt99q3bp1unDhgoKDg5WWlqZBgwb5t2NupKSk6MCBA/rxxx916NAh5eXl6frrr6/3G8ADAAAAAAAAQF2q40TJXdKC5+u2ST9q0aKFCgoKFBoaqqZNmyolJUVS2ZJMhYWFioyMVEREhH3/hwsXLuj8+fNKSkqq457maNWrH2tv9ABNnDlBtrxEwZbFWpUzQSPrujv1yKlTp7R69WodPnxYktSpUyeNHDmyxsmGw4cP2+tyFBoaqp/85Ce16GlVJpNJPXr0UPv27bVnzx6dO3dOu3btUnR0tJKTk9WsWbMa1VtYWKhCJ5vMh4SEqEuXLrXsNQAAAAAAAID6bP5Ak57MdlGY9or2bJqhhvUr5bV1nChJTbf+UGl2x5T/V6fdqCuJiYnau3evcnJydOONN+rq1atas2aNsrKyVFpaquDgYA0YMEDDhw9XSEiIcnNzVVJSop49e9ZpP3NWfay9yaM1s1JGJKr/BI2s057UHyUlJdq4caO2bNmi0tJSNW/eXEOGDFGvXr0UFBTkUR1BQUGyWCwVjoWGhmrjxo1VYm+66Sav9NuZVq1a6ZZbbtGxY8eUk5Oj06dP68svv1R8fLzi4+MVHBzs8lxn78H2Xa2sffv2Xu87AAAAAAAAABiRM3+guj+ZrUdWmpUxzLNz/LRHyUDpnmTpo71lLzMqLYk1ZYeUYntxRJp7n3RM5cto5f2vtFDWJbUk7XpOylhtjXectXJEWlT1l9K+VlhYqEWLFun06dMKDQ21b86+Zs0abd68Wb169VJSUpIOHjyozZs3S5JGjRqlhIQEhYeHa9GiRUpISNCECRMUHh7u284WbFHW3mgNmOgmx1ewRYvfy5JtYa7k0TOtM00KtGXxeyoYMFFRWe+pbOWuaA2otGRWxWW9kjV65khrVtE6m6VKvf5z4MABrVy5UufOnVNQUJBSU1M1ePBgw9ciKCioymbocXFx6tatm/bv328/FhwcrIEDB3ql79X1pWPHjoqJidH+/ft1/PhxHTx4UCdOnFDPnj3ts5o8cd1116lNmzY6depUhfoTEhJ80XUAAAAAAAAA9ciMTWbNkCSt1RTTKL2jR7TSnCEPcxI+d3Cvq+kurrl+lNwXtv1W2mX9ecTfpQU7pDnTHQKSpTmOSRJJ6izN+kCqsLf5oPIkiSSlTLKWV17aq7M06SHVtZ07d+r06dO65ZZbNHXqVLVq1Upms1lZWVnq1auXxo8fr1tuuUUPPvigUlNTlZWVJbPZrBYtWmj69Onq2bOncnNzdeDAAd93tqhApxWtaDf7gOQckEbNnKmZM2dq5uhk7f14lXIcyvd+vFIaVVY+Ovm0slZuUYHt3FWv6r2saI22nT8xSqdzpLIky8c6PWCi9fgAnf54sbYUVG2/Lq1bt07nzp2TJN17770aMWKEVxNWlfc2SUlJMZSoqI3Q0FD17NlT119/vSTp0qVLOnjwoOF6EhMTK7yOi4tT06ZNvdJHAAAAAAAAAA3b2ikmmUyOf6Zorb00R/MHmmQyDdT8tfM10GSSaYqtdK2m2M8ZqPk5tteO51euf6Dm55TXO+qdsph3RlnPy7G2UakOR3WbKJGkjL7Sok3lr9s9JC2wLr2V+mvrJu+bpMl9y/58ckRSZ6lvssM5kub2lSY/Zz3QWYpTpaW9rOc7tlVHrl69Kkm66667FBsbK6lslklpaWmVXzB37dpVpaWl9j0foqKi1K9fP0lle5nUF0n9+9v3LlHrKEXrtE47JDSiB4yyzyBJ6j9A0acLVCQ5zFgZWb4uXVR/9U+SlLNFWaeTNcB2YlRXXR99WvsO+DdTMnjwYPv+HR999JEyMzNVUlLitfrj4uLsiYomTZrotttu81rd7pjNZu3Zs8c+oyU8PFzx8fGG67HNKpGYTQIAAAAAAADAUY72flf52DsaNXB+hYfvJemDF55U+fyPHM0fOErv2F9n68nujq9tMeXJkPK4albsSUrWDW567J+lt7b9Vtomlc8AGSilOgYMLJtt4krexrKluLRa2vV8+QyUuM5l/92VWR57/HBZfXXI9kv21atXq3///oqLi1NkZKSCg4N1+PBh9e/f3x6bm5ur4OBgRUZGSpK+/fZbbd26VZLUvHlz33e2dZSitU+nC6Qkl7NKypbXsq+cJUmK1vWOr1xNSbHOWBngpLjg9GlJp/Xxq3srHI++vmpsXerRo4fi4+P16aef6quvvlJWVpb+/e9/a9iwYerRo4dX2hg0aJD27dtXp7NJfvzxRx04cEAlJSUKCgpSly5dlJiYqCZNmtSovsTERJ06dYrZJAAAAAAAAAAcJDkszyXZl+jK3quDksNG79nSfXtk3mQ9snaKdZN4h6W81k6RyTErsvbVKjG2PUkGzpc2bTIreUpZIsVxj5JhZrMyqulxHW/m/v+kuLfL9yZRrpQn6ywSB3n/K81+ver5HYZ61k5KuiTrniV9B1Ub6gv9+vXTyZMntXv3bn399dd65pln1KJFC6WlpenLL79UWFiYEhMTdejQIW3ZskU/+clPZDKZtHPnTi1btkytWrXS4MGD1bVrV993Nqqrro/O0r4DBeof5SLZYZ35Yd9XpGCLFr+3z7P6q0
 </div>
 <div class="post-opt mt-30">
 <ul class="list-inline text-muted">
 <li>
 <i class="fa fa-clock-o"></i>
 发表于 2024-04-03 10:00:00
 </li>
 
 
 
 </ul>
 </div>
 </div>
 
 </div>
 
 
 </div>
 
 
 </div>
 </div>
</div>