-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
311 lines (268 loc) · 62.3 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><title>BaiKer</title><meta name="author" content="BaiKer"><meta name="copyright" content="BaiKer"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta name="description" content="网络安全">
<meta property="og:type" content="website">
<meta property="og:title" content="BaiKer">
<meta property="og:url" content="http://baiker.top/index.html">
<meta property="og:site_name" content="BaiKer">
<meta property="og:description" content="网络安全">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="http://baiker.top/img/avatar.png">
<meta property="article:author" content="BaiKer">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="http://baiker.top/img/avatar.png"><link rel="shortcut icon" href="/img/favicon.png"><link rel="canonical" href="http://baiker.top/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6/css/all.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = {
root: '/',
algolia: undefined,
localSearch: undefined,
translate: undefined,
noticeOutdate: undefined,
highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
copy: {
success: '复制成功',
error: '复制错误',
noSupport: '浏览器不支持'
},
relativeDate: {
homepage: false,
post: false
},
runtime: '天',
date_suffix: {
just: '刚刚',
min: '分钟前',
hour: '小时前',
day: '天前',
month: '个月前'
},
copyright: undefined,
lightbox: 'fancybox',
Snackbar: undefined,
source: {
justifiedGallery: {
js: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery@2/dist/fjGallery.min.js',
css: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery@2/dist/fjGallery.min.css'
}
},
isPhotoFigcaption: false,
islazyload: false,
isAnchor: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
title: 'BaiKer',
isPost: false,
isHome: true,
isHighlightShrink: false,
isToc: false,
postUpdate: '2023-03-14 21:34:08'
}</script><noscript><style type="text/css">
#nav {
opacity: 1
}
.justified-gallery img {
opacity: 1
}
#recent-posts time,
#post-meta time {
display: inline !important
}
</style></noscript><script>(win=>{
win.saveToLocal = {
set: function setWithExpiry(key, value, ttl) {
if (ttl === 0) return
const now = new Date()
const expiryDay = ttl * 86400000
const item = {
value: value,
expiry: now.getTime() + expiryDay,
}
localStorage.setItem(key, JSON.stringify(item))
},
get: function getWithExpiry(key) {
const itemStr = localStorage.getItem(key)
if (!itemStr) {
return undefined
}
const item = JSON.parse(itemStr)
const now = new Date()
if (now.getTime() > item.expiry) {
localStorage.removeItem(key)
return undefined
}
return item.value
}
}
win.getScript = url => new Promise((resolve, reject) => {
const script = document.createElement('script')
script.src = url
script.async = true
script.onerror = reject
script.onload = script.onreadystatechange = function() {
const loadState = this.readyState
if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
script.onload = script.onreadystatechange = null
resolve()
}
document.head.appendChild(script)
})
win.activateDarkMode = function () {
document.documentElement.setAttribute('data-theme', 'dark')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
}
}
win.activateLightMode = function () {
document.documentElement.setAttribute('data-theme', 'light')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
}
}
const t = saveToLocal.get('theme')
if (t === 'dark') activateDarkMode()
else if (t === 'light') activateLightMode()
const asideStatus = saveToLocal.get('aside-status')
if (asideStatus !== undefined) {
if (asideStatus === 'hide') {
document.documentElement.classList.add('hide-aside')
} else {
document.documentElement.classList.remove('hide-aside')
}
}
const detectApple = () => {
if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
document.documentElement.classList.add('apple')
}
}
detectApple()
})(window)</script><meta name="referrer" content="no-referrer" /><link rel="stylesheet" href="https://baiker.top/css/essay.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/Zfour/[email protected]/cardlistpost.css"/><meta name="generator" content="Hexo 5.4.0"></head><body><div id="web_bg"></div><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="/img/avatar.png" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="site-data is-center"><div class="data-item"><a href="/archives/"><div class="headline">文章</div><div class="length-num">40</div></a></div><div class="data-item"><a href="/tags/"><div class="headline">标签</div><div class="length-num">22</div></a></div><div class="data-item"><a href="/categories/"><div class="headline">分类</div><div class="length-num">45</div></a></div></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 时间轴</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page group" href="javascript:void(0);"><i class="fa-fw fas fa-list"></i><span> 清单</span><i class="fas fa-chevron-down"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/essay"><span> 随笔</span></a></li></ul></div><div class="menus_item"><a class="site-page" href="/Gallery/"><i class="fa-fw fas fa-images"></i><span> 照片</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header" style="background-image: url('https://baiker.top/img/wallhaven-w8zv1q.jpg')"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">BaiKer</a></span><div id="menus"><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 时间轴</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page group" href="javascript:void(0);"><i class="fa-fw fas fa-list"></i><span> 清单</span><i class="fas fa-chevron-down"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/essay"><span> 随笔</span></a></li></ul></div><div class="menus_item"><a class="site-page" href="/Gallery/"><i class="fa-fw fas fa-images"></i><span> 照片</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div><div id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="site-info"><h1 id="site-title">BaiKer</h1><div id="site-subtitle"><span id="subtitle"></span></div><div id="site_social_icons"><a class="social-icon" href="https://github.com/baiker" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="/[email protected]" target="_blank" title="Email"><i class="fas fa-envelope"></i></a></div></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div class="recent-post-item"><div class="post_cover left"><a href="/5dc390d54be4.html" title="Apache Log4j2 远程代码执行漏洞 - CVE-2021-44228"><img class="post_bg" src="https://baiker.top/img/wallhaven-gj977q.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Apache Log4j2 远程代码执行漏洞 - CVE-2021-44228"></a></div><div class="recent-post-info"><a class="article-title" href="/5dc390d54be4.html" title="Apache Log4j2 远程代码执行漏洞 - CVE-2021-44228">Apache Log4j2 远程代码执行漏洞 - CVE-2021-44228</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-12-21T02:48:34.000Z" title="发表于 2021-12-21 10:48:34">2021-12-21</time><span class="article-meta-separator">|</span><i class="fas fa-history"></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-12-28T02:27:18.878Z" title="更新于 2021-12-28 10:27:18">2021-12-28</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/">漏洞利用</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/">Web服务器漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/">常规漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Apache/">Apache</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/">远程代码执行漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Apache/Log4j2/">Log4j2</a></span><span class="article-meta tags"><span class="article-meta-separator">|</span><i class="fas fa-tag"></i><a class="article-meta__tags" href="/tags/%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/">远程代码执行漏洞</a></span></div><div class="content">简介Apache Log4j2 是 Apache 软件基金会下的一个开源的基于 Java 的日志记录工具。Log4j2 是一个 Log4j 1.x 的重写,并且引入了大量丰富的特性。该日志框架被大量用于业务系统开发,用来记录日志信息。由于其优异的性能而被广泛的应用于各种常见的 Web 服务中。
Java 日志体系在 2001 年之前,Java不存在日志库,打印日志均通过 system.out 和 system.err
该方式有以下缺点:
大量 IO 操作
无法合理控制输出,并且输出内容不能保存
无法定制日志格式
在 2001 年,软件开发者 Ceki Gulcu 设计出了一套日志库为Log4j,并且该项目加入Apache
为了方便开发者选择使用,Apache 推出了日志门面 JCL (Jakarta Commons Logging),它提供了一个日志抽象层,在运行时动态的绑定日志来实现组件来工作(如Log4j,java.util.logging)。导入哪个就绑定哪个,不需要再修改配置。如果没有导入的话内部有一个Simple logger的简单实现,但是功能很弱,直接忽略 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/f6a9bc23287a.html" title="XSS-跨站脚本漏洞"><img class="post_bg" src="https://baiker.top/img/wallhaven-gj977q.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="XSS-跨站脚本漏洞"></a></div><div class="recent-post-info"><a class="article-title" href="/f6a9bc23287a.html" title="XSS-跨站脚本漏洞">XSS-跨站脚本漏洞</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-11-24T05:46:03.000Z" title="发表于 2021-11-24 13:46:03">2021-11-24</time><span class="article-meta-separator">|</span><i class="fas fa-history"></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-11-25T07:22:38.529Z" title="更新于 2021-11-25 15:22:38">2021-11-25</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/">漏洞利用</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/">常规漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/XSS/">XSS</a></span><span class="article-meta tags"><span class="article-meta-separator">|</span><i class="fas fa-tag"></i><a class="article-meta__tags" href="/tags/XSS/">XSS</a></span></div><div class="content">简介跨站脚本攻击-XSS(Cross Site Script),为不和层叠样式表(Cascading Style Sheets,CSS)的缩写混淆,故将跨站脚本攻击缩写为XSS。
是指攻击者通过Web页面中写入恶意JavaScript代码,造成用户在浏览页面时,嵌入其中的JavaScript代码会被执行,导致控制用户浏览器进行操作的攻击方式。
XSS 的危害
盗取 Cookie
流量劫持
网络钓鱼
篡改页面信息
获取信息
恶意弹框
配合CSRF进行蠕虫攻击
XSS 漏洞分类反射型非持久型,常见的就是在URL中构造,将恶意链接发送给目标,诱导目标访问该链接,造成用户向目标服务器发起GET请求
整个过程中,服务端只是接受数据然后处理,返回数据到浏览器,服务器并不储存XSS代码
储存型持久型,当攻击者提交一段XSS代码后,被服务器接收并储存,当访客访问这个页面时,这段代码被程序运行响应给浏览器,造成XSS攻击。
常见的地方就是在博客留言板,反馈投诉,论坛文章、评论等,将恶意代码和正常的提交都保存在数据库,每次访问都会触发该代码
1<srcipt>a ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/a5e49e0e2f90.html" title="Atlassian Crowd 未授权访问漏洞 - CVE-2019-11580"><img class="post_bg" src="https://baiker.top/img/wallhaven-gj977q.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Atlassian Crowd 未授权访问漏洞 - CVE-2019-11580"></a></div><div class="recent-post-info"><a class="article-title" href="/a5e49e0e2f90.html" title="Atlassian Crowd 未授权访问漏洞 - CVE-2019-11580">Atlassian Crowd 未授权访问漏洞 - CVE-2019-11580</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-11-01T06:17:44.000Z" title="发表于 2021-11-01 14:17:44">2021-11-01</time><span class="article-meta-separator">|</span><i class="fas fa-history"></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-11-02T05:58:02.739Z" title="更新于 2021-11-02 13:58:02">2021-11-02</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/">漏洞利用</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/">服务器应用漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/">常规漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian-Crowd/">Atlassian Crowd</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E/">未授权访问漏洞</a></span><span class="article-meta tags"><span class="article-meta-separator">|</span><i class="fas fa-tag"></i><a class="article-meta__tags" href="/tags/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E/">未授权访问漏洞</a></span></div><div class="content">简介 Atlassian Crowd和Atlassian Crowd Data Center都是澳大利亚Atlassian公司的产品。Atlassian Crowd是一套基于Web的单点登录系统。该系统为用用户、网络应用程序和目录服务器提供验证、授权等功能
漏洞原理 Atlassian Crowd Data Center是Crowd的集群部署版。Atlassian Crowd和Crowd Data Center在其某些发行版本中错误地启用了了pdkinstall开发插件,使其存在安全漏漏洞洞。攻击者利用该漏洞可在未授权访问的情况下对Atlassian Crowd和Crowd Data Center安装任意的恶意插件,执行任意代码/命令,从而获得服务器权限
影响版本Atlassian Crowd = 2.1.x
Atlassian Crowd = 3.0.x ~3.0.4
Atlassian Crowd = 3.1.x ~ 3.1.5
Atlassian Crowd = 3.2.x ~ 3.2.7
Atlassian Crowd = 3.3.x ~ 3. ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/209eabddaf61.html" title="Apache ActiveMQ 未授权访问&弱口令漏洞"><img class="post_bg" src="https://baiker.top/img/wallhaven-gj977q.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Apache ActiveMQ 未授权访问&弱口令漏洞"></a></div><div class="recent-post-info"><a class="article-title" href="/209eabddaf61.html" title="Apache ActiveMQ 未授权访问&弱口令漏洞">Apache ActiveMQ 未授权访问&弱口令漏洞</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-10-29T01:36:16.000Z" title="发表于 2021-10-29 09:36:16">2021-10-29</time><span class="article-meta-separator">|</span><i class="fas fa-history"></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-11-02T05:57:47.528Z" title="更新于 2021-11-02 13:57:47">2021-11-02</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/">漏洞利用</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/">Web服务器漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/">常规漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Apache/">Apache</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E/">未授权访问漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Apache/ActiveMQ/">ActiveMQ</a></span><span class="article-meta tags"><span class="article-meta-separator">|</span><i class="fas fa-tag"></i><a class="article-meta__tags" href="/tags/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E/">未授权访问漏洞</a></span></div><div class="content">简介ActiveMQ 是 Apache 研发的开源消息服务器,它支持Java消息服务、集群、Spring Framework等。
ActiveMQ 是一个完全支持JMS1.1和J2EE 1.4规范的 JMS Provider实现
随着中间件的启动,会打开两个端口,61616是工作端口,消息在这个端口进行传递;8161是Web管理页面端口
ActiveMQ的web控制台分三个应用,admin、api和fileserver
其中admin是管理员页面,api是接口,fileserver是储存文件的接口。
admin和api都需要登录后才能访问,fileserver无需登录
漏洞原理默认情况下,ActiveMQ服务是没有配置安全参数。恶意人员可以利用默认配置弱点发动远程命令执行攻击,获取服务器权限,从而导致数据泄露
影响版本
Apache ActiveMQ 全版本
环境复现下载地址:http://activemq.apache.org/components/classic/download/
解压文件夹
启动
1234ActiveMQ/bin/ActiveMQ.batcd ActiveMQ ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/8ead4fcca5cb.html" title="Apache ActiveMQ 未授权访问漏洞 - CVE-2021-26117"><img class="post_bg" src="https://baiker.top/img/wallhaven-gj977q.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Apache ActiveMQ 未授权访问漏洞 - CVE-2021-26117"></a></div><div class="recent-post-info"><a class="article-title" href="/8ead4fcca5cb.html" title="Apache ActiveMQ 未授权访问漏洞 - CVE-2021-26117">Apache ActiveMQ 未授权访问漏洞 - CVE-2021-26117</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-10-29T01:36:16.000Z" title="发表于 2021-10-29 09:36:16">2021-10-29</time><span class="article-meta-separator">|</span><i class="fas fa-history"></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-11-02T05:57:55.209Z" title="更新于 2021-11-02 13:57:55">2021-11-02</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/">漏洞利用</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/">Web服务器漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/">常规漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Apache/">Apache</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E/">未授权访问漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Apache/ActiveMQ/">ActiveMQ</a></span><span class="article-meta tags"><span class="article-meta-separator">|</span><i class="fas fa-tag"></i><a class="article-meta__tags" href="/tags/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E/">未授权访问漏洞</a></span></div><div class="content">简介ActiveMQ 是 Apache 研发的开源消息服务器,它支持Java消息服务、集群、Spring Framework等。
ActiveMQ 是一个完全支持JMS1.1和J2EE 1.4规范的 JMS Provider实现
随着中间件的启动,会打开两个端口,61616是工作端口,消息在这个端口进行传递;8161是Web管理页面端口
ActiveMQ的web控制台分三个应用,admin、api和fileserver
其中admin是管理员页面,api是接口,fileserver是储存文件的接口。
admin和api都需要登录后才能访问,fileserver无需登录
漏洞原理默认情况下,ActiveMQ服务是没有配置安全参数。恶意人员可以利用默认配置弱点发动远程命令执行攻击,获取服务器权限,从而导致数据泄露
影响版本
Apache ActiveMQ Artemis < 2.16.0
Apache ActiveMQ < 5.16.1
Apache ActiveMQ < 5.15.14
环境复现下载地址:http://activemq.apache.org/compo ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/c6e96e4efcf5.html" title="文件包含漏洞"><img class="post_bg" src="https://baiker.top/img/wallhaven-gj977q.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="文件包含漏洞"></a></div><div class="recent-post-info"><a class="article-title" href="/c6e96e4efcf5.html" title="文件包含漏洞">文件包含漏洞</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-10-28T08:14:08.000Z" title="发表于 2021-10-28 16:14:08">2021-10-28</time><span class="article-meta-separator">|</span><i class="fas fa-history"></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-11-02T06:04:36.177Z" title="更新于 2021-11-02 14:04:36">2021-11-02</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/">漏洞利用</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/">常规漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E/">文件包含漏洞</a></span><span class="article-meta tags"><span class="article-meta-separator">|</span><i class="fas fa-tag"></i><a class="article-meta__tags" href="/tags/%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E/">文件包含漏洞</a></span></div><div class="content">简介文件包含是指当前脚本文件可通过include等函数,导入其他文件的代码到本文件引发的漏洞。
如果“其他文件”可以是本地文件(本机上的文件)那就是本地文件包含漏洞,如果“其他文件”可以远程文件(其他机器上的文件)那就是远程文件包含漏洞。也就是说这两种漏洞产生的位置是一样的,只是因为利用形式不同才把他们区分开来
本地文件包含漏洞本地包含漏洞可以查看本地敏感文件
本地包含漏洞可以配置文件上传漏洞执行恶意代码
远程文件包含漏洞远程文件包含漏洞可以包含执行远程主机上的恶意代码
</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/6d3d85286059.html" title="Fastjson反序列化"><img class="post_bg" src="https://baiker.top/img/wallhaven-gj977q.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Fastjson反序列化"></a></div><div class="recent-post-info"><a class="article-title" href="/6d3d85286059.html" title="Fastjson反序列化">Fastjson反序列化</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-09-21T07:45:15.000Z" title="发表于 2021-09-21 15:45:15">2021-09-21</time><span class="article-meta-separator">|</span><i class="fas fa-history"></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-12-28T01:56:18.596Z" title="更新于 2021-12-28 09:56:18">2021-12-28</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/">漏洞利用</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/">Web应用漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/">常规漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Json/">Json</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E/">反序列化漏洞</a></span><span class="article-meta tags"><span class="article-meta-separator">|</span><i class="fas fa-tag"></i><a class="article-meta__tags" href="/tags/%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E/">反序列化漏洞</a></span></div><div class="content">简介Fastjson是阿里巴巴的开源的 Java JSON 解析库,它可以解析JSON格式的字符串,支持将Java Bean 序列化为 JSON 字符串,也可以从 JSON 字符串反序列化到 JavaBean
漏洞原理Fastjson提供了反序列化功能,允许用户在输入JSON串时通过@type键对应的value指定任意反序列化类名
Fastjson自定义的反序列化机制会使用反射生成上述指定类的实例化对象,并自动调用该对象的setter方法及部分getter方法
那么当组件开启了aototype功能并且反序列化不可信数据时,攻击者可以构造数据,使目标应用的代码执行流程进入特定类的特定setter或者getter方法中,若指定类的指定方法中有可被恶意利用的逻辑(也就是通常所指的Gadget),则会造成一些严重的安全问题。并且在Fastjson 1.2.47及以下版本中,利用其缓存机制可实现对未开启autotype功能的绕过。
影响版本
<=FastJson 1.2.47
漏洞利用RMI模式getshell编写代码EXPloit.java
1234567891011121314151 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/239b0b1943ac.html" title="SSRF服务端请求伪造漏洞"><img class="post_bg" src="https://baiker.top/img/wallhaven-gj977q.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="SSRF服务端请求伪造漏洞"></a></div><div class="recent-post-info"><a class="article-title" href="/239b0b1943ac.html" title="SSRF服务端请求伪造漏洞">SSRF服务端请求伪造漏洞</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-09-14T07:34:41.000Z" title="发表于 2021-09-14 15:34:41">2021-09-14</time><span class="article-meta-separator">|</span><i class="fas fa-history"></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2023-02-10T17:27:47.813Z" title="更新于 2023-02-11 01:27:47">2023-02-11</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/">漏洞利用</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/">常规漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/SSRF/">SSRF</a></span><span class="article-meta tags"><span class="article-meta-separator">|</span><i class="fas fa-tag"></i><a class="article-meta__tags" href="/tags/SSRF/">SSRF</a></span></div><div class="content">SSRF漏洞SSRF(Server-Side Request Forgery,服务器端请求伪造)是一种由攻击者构造形成由服务端发起请求的一个安全漏洞
SSRF 漏洞的产生原因是服务端提供了能够从其他服务器应用获取数据的功能
一般情况下,SSRF攻击的目标是从外网无法访问的内部系统。(正是因为它是由服务端发起的,所以它能够请求到与它相连而与外网隔离的内部系统)
漏洞原理服务端提供了从其他服务器应用获取数据的功能,且没有对目标地址做过滤限制。
SSRF利用存在缺陷的Web应用作为代理攻击远程和本地的服务器。
PHP使用的协议
协议
说明
格式
http
web端口访问
url=http://127.0.0.1:8080
https
web端口访问
url=https://127.0.0.1:8080
file
本地文件传输
url=file:///C:/windows/win.ini
dict
字典协议
url=dict://127.0.0.1:3306
sftp
SSH文件传输协议
url=sftp://test.com:9999/ nc -lvp 9999 ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/44b9cec07681.html" title="CSRF跨站请求伪造漏洞"><img class="post_bg" src="https://baiker.top/img/wallhaven-gj977q.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="CSRF跨站请求伪造漏洞"></a></div><div class="recent-post-info"><a class="article-title" href="/44b9cec07681.html" title="CSRF跨站请求伪造漏洞">CSRF跨站请求伪造漏洞</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-09-13T05:52:14.000Z" title="发表于 2021-09-13 13:52:14">2021-09-13</time><span class="article-meta-separator">|</span><i class="fas fa-history"></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-11-02T05:58:17.440Z" title="更新于 2021-11-02 13:58:17">2021-11-02</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/">漏洞利用</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/">常规漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/CSRF/">CSRF</a></span><span class="article-meta tags"><span class="article-meta-separator">|</span><i class="fas fa-tag"></i><a class="article-meta__tags" href="/tags/%E8%B7%A8%E5%9F%9F%E6%BC%8F%E6%B4%9E/">跨域漏洞</a></span></div><div class="content">CSRF跨站请求伪造简单来说就是盗用用户的身份,以用户的身份发送恶意请求
漏洞原理网站的cookie在浏览器中不会过期,只要不关闭浏览器或者退出登录,以后访问这个网站,都会默认用户是登录状态
用户C打开浏览器,访问受信任网站A,并登录网站A
在用户成功登录网站A后,网站A产生cookie信息返回给浏览器,浏览器保存在本地
在用户未退出网站A之前,在同一浏览器中,新打开一个标签访问网站B
网站B接收到用户C的请求后,返回恶意代码,并发出一个请求访问第三方网站A
浏览器接到网站B的请求,在用户不知情的情况下携带cookie,向网站A发送请求,以用户C的cookie和权限执行恶意请求
漏洞特征当已经登陆的用户所做的所有修改操作,都可以被CSRF漏洞利用
抓取一个登录之后的请求包,如果HTTP头部里面不包含Referer字段和token,那么可能存在CSRF漏洞
如果有Referer字段,但是去掉Referer之后再重新提交,如果该提交有效,那么可能存在CSRF漏洞
漏洞利用构造带有恶意代码的网站B
下面代码中访问了目标网站A,并提交了POST请求,修改了新的密码
只要诱导用户访问网站B, ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/bb41611ac1d5.html" title="MySQL提权"><img class="post_bg" src="https://baiker.top/img/wallhaven-gj977q.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="MySQL提权"></a></div><div class="recent-post-info"><a class="article-title" href="/bb41611ac1d5.html" title="MySQL提权">MySQL提权</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-09-12T06:30:21.000Z" title="发表于 2021-09-12 14:30:21">2021-09-12</time><span class="article-meta-separator">|</span><i class="fas fa-history"></i><span class="article-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-11-02T01:48:18.776Z" title="更新于 2021-11-02 09:48:18">2021-11-02</time></span><span class="article-meta"><span class="article-meta-separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/">漏洞利用</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/">服务器应用漏洞</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Mysql%E6%95%B0%E6%8D%AE%E5%BA%93/">Mysql数据库</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F/">内网渗透</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F/%E6%8F%90%E6%9D%83/">提权</a><i class="fas fa-angle-right article-meta-link"></i><a class="article-meta__categories" href="/categories/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F/%E6%8F%90%E6%9D%83/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%8F%90%E6%9D%83/">数据库提权</a></span><span class="article-meta tags"><span class="article-meta-separator">|</span><i class="fas fa-tag"></i><a class="article-meta__tags" href="/tags/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F/">内网渗透</a><span class="article-meta-link">•</span><a class="article-meta__tags" href="/tags/%E6%8F%90%E6%9D%83/">提权</a></span></div><div class="content">MySQL提权必要条件:
具有MySQL的root权限
具有执行SQL语句的权限
查询MySQL账号密码123456# MySQL <= 5.6 版本mysql> select host, user, password from mysql.user;# MySQL >= 5.7 版本mysql > select host,user,authentication_string from mysql.user;# 查询到的值是Hash加密的
MOF提权利用了C:\Windows\System32\wbem\MOF目录下的nullevt.mot文件
利用该文件每分钟会去执行一次的特性,向该文件中写入cmd命令,就会被执行
这个 MOF 里面有一部分是 VBS 脚本,所以可以利用这个 VBS 脚本来调用 CMD 来执行系统命令,如果 MySQL 有权限操作 mof 目录的话,就可以来执行任意命令了
利用条件:
只适用于低版本的Windows系统
对C:\Windows\System32\wbem\MOF目录有读写权限
上传MOF文件内容
123456 ...</div></div></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><a class="page-number" href="/page/2/#content-inner">2</a><span class="space">…</span><a class="page-number" href="/page/4/#content-inner">4</a><a class="extend next" rel="next" href="/page/2/#content-inner"><i class="fas fa-chevron-right fa-fw"></i></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="/img/avatar.png" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">BaiKer</div><div class="author-info__description">网络安全</div></div><div class="card-info-data is-center"><div class="card-info-data-item"><a href="/archives/"><div class="headline">文章</div><div class="length-num">40</div></a></div><div class="card-info-data-item"><a href="/tags/"><div class="headline">标签</div><div class="length-num">22</div></a></div><div class="card-info-data-item"><a href="/categories/"><div class="headline">分类</div><div class="length-num">45</div></a></div></div><a id="card-info-btn" target="_blank" rel="noopener" href="https://github.com/xxxxxx"><i class="fab fa-github"></i><span>Follow Me</span></a><div class="card-info-social-icons is-center"><a class="social-icon" href="https://github.com/baiker" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="/[email protected]" target="_blank" title="Email"><i class="fas fa-envelope"></i></a></div></div><div class="sticky_layout"><div class="card-widget card-categories"><div class="item-headline">
<i class="fas fa-folder-open"></i>
<span>分类</span>
</div>
<ul class="card-category-list" id="aside-cat-list">
<li class="card-category-list-item parent"><a class="card-category-list-link" href="/categories/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F/"><span class="card-category-list-name">内网渗透</span><span class="card-category-list-count">1</span><i class="fas fa-caret-left "></i></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F/%E6%8F%90%E6%9D%83/"><span class="card-category-list-name">提权</span><span class="card-category-list-count">1</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F/%E6%8F%90%E6%9D%83/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%8F%90%E6%9D%83/"><span class="card-category-list-name">数据库提权</span><span class="card-category-list-count">1</span></a></li></ul></li></ul></li><li class="card-category-list-item parent"><a class="card-category-list-link" href="/categories/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/"><span class="card-category-list-name">渗透测试</span><span class="card-category-list-count">2</span><i class="fas fa-caret-left "></i></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86/"><span class="card-category-list-name">信息收集</span><span class="card-category-list-count">2</span></a></li></ul></li><li class="card-category-list-item parent"><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/"><span class="card-category-list-name">漏洞利用</span><span class="card-category-list-count">38</span><i class="fas fa-caret-left "></i></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">Web应用漏洞</span><span class="card-category-list-count">4</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Active-UC/"><span class="card-category-list-name">Active-UC</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Json/"><span class="card-category-list-name">Json</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Lanproxy/"><span class="card-category-list-name">Lanproxy</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Yapi/"><span class="card-category-list-name">Yapi</span><span class="card-category-list-count">1</span></a></li></ul></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">Web服务器漏洞</span><span class="card-category-list-count">15</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Apache/"><span class="card-category-list-name">Apache</span><span class="card-category-list-count">4</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Apache/ActiveMQ/"><span class="card-category-list-name">ActiveMQ</span><span class="card-category-list-count">2</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Apache/Log4j2/"><span class="card-category-list-name">Log4j2</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/Apache/Shiro/"><span class="card-category-list-name">Shiro</span><span class="card-category-list-count">1</span></a></li></ul></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/Web%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%BC%8F%E6%B4%9E/JBoss/"><span class="card-category-list-name">JBoss</span><span class="card-category-list-count">11</span></a></li></ul></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">常规漏洞</span><span class="card-category-list-count">30</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/CORS/"><span class="card-category-list-name">CORS</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/CSRF/"><span class="card-category-list-name">CSRF</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/HPP/"><span class="card-category-list-name">HPP</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/SQL%E6%B3%A8%E5%85%A5/"><span class="card-category-list-name">SQL注入</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/SSRF/"><span class="card-category-list-name">SSRF</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/XSS/"><span class="card-category-list-name">XSS</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E5%85%B6%E4%BB%96%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">其他漏洞</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">反序列化漏洞</span><span class="card-category-list-count">6</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">文件上传漏洞</span><span class="card-category-list-count">3</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">文件包含漏洞</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">未授权访问漏洞</span><span class="card-category-list-count">7</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">注入漏洞</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">目录遍历漏洞</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E8%B6%8A%E6%9D%83%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">越权漏洞</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%B8%B8%E8%A7%84%E6%BC%8F%E6%B4%9E/%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">远程代码执行漏洞</span><span class="card-category-list-count">3</span></a></li></ul></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">开发框架漏洞</span><span class="card-category-list-count">1</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E5%BC%80%E5%8F%91%E6%A1%86%E6%9E%B6%E6%BC%8F%E6%B4%9E/Spring-Boot/"><span class="card-category-list-name">Spring Boot</span><span class="card-category-list-count">1</span></a></li></ul></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">操作系统漏洞</span><span class="card-category-list-count">1</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E6%BC%8F%E6%B4%9E/Windows/"><span class="card-category-list-name">Windows</span><span class="card-category-list-count">1</span></a></li></ul></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">服务器应用漏洞</span><span class="card-category-list-count">5</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian-Crowd/"><span class="card-category-list-name">Atlassian Crowd</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Elasticsearch/"><span class="card-category-list-name">Elasticsearch</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Mysql%E6%95%B0%E6%8D%AE%E5%BA%93/"><span class="card-category-list-name">Mysql数据库</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Redis%E6%95%B0%E6%8D%AE%E5%BA%93/"><span class="card-category-list-name">Redis数据库</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/SSH/"><span class="card-category-list-name">SSH</span><span class="card-category-list-count">1</span></a></li></ul></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/"><span class="card-category-list-name">网络设备漏洞</span><span class="card-category-list-count">1</span></a><ul class="card-category-list child"><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/%E4%B8%AD%E5%9B%BD%E7%A7%BB%E5%8A%A8/"><span class="card-category-list-name">中国移动</span><span class="card-category-list-count">1</span></a></li></ul></li></ul></li>
</ul></div><div class="card-widget card-archives"><div class="item-headline"><i class="fas fa-archive"></i><span>归档</span></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/12/"><span class="card-archive-list-date">十二月 2021</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/11/"><span class="card-archive-list-date">十一月 2021</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/10/"><span class="card-archive-list-date">十月 2021</span><span class="card-archive-list-count">3</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/09/"><span class="card-archive-list-date">九月 2021</span><span class="card-archive-list-count">17</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/08/"><span class="card-archive-list-date">八月 2021</span><span class="card-archive-list-count">4</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/07/"><span class="card-archive-list-date">七月 2021</span><span class="card-archive-list-count">8</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/05/"><span class="card-archive-list-date">五月 2021</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/04/"><span class="card-archive-list-date">四月 2021</span><span class="card-archive-list-count">3</span></a></li></ul></div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>网站资讯</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">文章数目 :</div><div class="item-count">40</div></div><div class="webinfo-item"><div class="item-name">已运行时间 :</div><div class="item-count" id="runtimeshow" data-publishDate="2021-04-14T16:00:00.000Z"></div></div><div class="webinfo-item"><div class="item-name">本站总字数 :</div><div class="item-count">48.5k</div></div><div class="webinfo-item"><div class="item-name">本站访客数 :</div><div class="item-count" id="busuanzi_value_site_uv"></div></div><div class="webinfo-item"><div class="item-name">本站总访问量 :</div><div class="item-count" id="busuanzi_value_site_pv"></div></div><div class="webinfo-item"><div class="item-name">最后更新时间 :</div><div class="item-count" id="last-push-date" data-lastPushDate="2023-03-14T13:34:08.019Z"></div></div></div></div></div></div></main><footer id="footer" style="background-image: url('https://baiker.top/img/wallhaven-w8zv1q.jpg')"><div id="footer-wrap"><div class="copyright">©2020 - 2023 By BaiKer</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="回到顶部"><i class="fas fa-arrow-up"></i></button></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.js"></script><div class="js-pjax"><script>function subtitleType () {
if (true) {
window.typed = new Typed("#subtitle", {
strings: ["今日事,今日畢","Never put off till tomorrow what you can do today"],
startDelay: 300,
typeSpeed: 150,
loop: true,
backSpeed: 50
})
} else {
document.getElementById("subtitle").innerHTML = '今日事,今日畢'
}
}
if (true) {
if (typeof Typed === 'function') {
subtitleType()
} else {
getScript('https://cdn.jsdelivr.net/npm/typed.js/lib/typed.min.js').then(subtitleType)
}
} else {
subtitleType()
}</script></div><link rel="stylesheet" href="https://baiker.top/css/custom.css"><script id="click-heart" src="https://cdn.jsdelivr.net/npm/butterfly-extsrc@1/dist/click-heart.min.js" async="async" mobile="false"></script><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div><script>"use strict";if("serviceWorker"in navigator){navigator.serviceWorker.register("service-worker.js").then((function(reg){reg.onupdatefound=function(){var installingWorker=reg.installing;installingWorker.onstatechange=function(){switch(installingWorker.state){case"installed":if(navigator.serviceWorker.controller){console.log("New or updated content is available.")}else{console.log("Content is now available offline!")}break;case"redundant":console.error("The installing service worker became redundant.");break}}}}))["catch"]((function(e){console.error("Error during service worker registration:",e)}))}</script></body></html>