-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
190 lines (177 loc) · 28 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0,viewport-fit=cover"><title>shallot's blog</title><meta name="author" content="shallot"><meta name="copyright" content="shallot"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta property="og:type" content="website">
<meta property="og:title" content="shallot's blog">
<meta property="og:url" content="http://example.com/index.html">
<meta property="og:site_name" content="shallot's blog">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://i.loli.net/2021/02/24/5O1day2nriDzjSu.png">
<meta property="article:author" content="shallot">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://i.loli.net/2021/02/24/5O1day2nriDzjSu.png"><link rel="shortcut icon" href="/img/favicon.png"><link rel="canonical" href="http://example.com/index.html"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox/fancybox.min.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = {
root: '/',
algolia: undefined,
localSearch: undefined,
translate: undefined,
noticeOutdate: undefined,
highlight: {"plugin":"highlight.js","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
copy: {
success: '复制成功',
error: '复制错误',
noSupport: '浏览器不支持'
},
relativeDate: {
homepage: false,
post: false
},
runtime: '',
dateSuffix: {
just: '刚刚',
min: '分钟前',
hour: '小时前',
day: '天前',
month: '个月前'
},
copyright: undefined,
lightbox: 'fancybox',
Snackbar: undefined,
infinitegrid: {
js: 'https://cdn.jsdelivr.net/npm/@egjs/infinitegrid/dist/infinitegrid.min.js',
buttonText: '加载更多'
},
isPhotoFigcaption: false,
islazyload: false,
isAnchor: false,
percent: {
toc: true,
rightside: false,
},
autoDarkmode: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
title: 'shallot\'s blog',
isPost: false,
isHome: true,
isHighlightShrink: false,
isToc: false,
postUpdate: '2024-12-10 20:35:28'
}</script><script>(win=>{
win.saveToLocal = {
set: (key, value, ttl) => {
if (ttl === 0) return
const now = Date.now()
const expiry = now + ttl * 86400000
const item = {
value,
expiry
}
localStorage.setItem(key, JSON.stringify(item))
},
get: key => {
const itemStr = localStorage.getItem(key)
if (!itemStr) {
return undefined
}
const item = JSON.parse(itemStr)
const now = Date.now()
if (now > item.expiry) {
localStorage.removeItem(key)
return undefined
}
return item.value
}
}
win.getScript = (url, attr = {}) => new Promise((resolve, reject) => {
const script = document.createElement('script')
script.src = url
script.async = true
script.onerror = reject
script.onload = script.onreadystatechange = function() {
const loadState = this.readyState
if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
script.onload = script.onreadystatechange = null
resolve()
}
Object.keys(attr).forEach(key => {
script.setAttribute(key, attr[key])
})
document.head.appendChild(script)
})
win.getCSS = (url, id = false) => new Promise((resolve, reject) => {
const link = document.createElement('link')
link.rel = 'stylesheet'
link.href = url
if (id) link.id = id
link.onerror = reject
link.onload = link.onreadystatechange = function() {
const loadState = this.readyState
if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
link.onload = link.onreadystatechange = null
resolve()
}
document.head.appendChild(link)
})
win.activateDarkMode = () => {
document.documentElement.setAttribute('data-theme', 'dark')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
}
}
win.activateLightMode = () => {
document.documentElement.setAttribute('data-theme', 'light')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
}
}
const t = saveToLocal.get('theme')
if (t === 'dark') activateDarkMode()
else if (t === 'light') activateLightMode()
const asideStatus = saveToLocal.get('aside-status')
if (asideStatus !== undefined) {
if (asideStatus === 'hide') {
document.documentElement.classList.add('hide-aside')
} else {
document.documentElement.classList.remove('hide-aside')
}
}
const detectApple = () => {
if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
document.documentElement.classList.add('apple')
}
}
detectApple()
})(window)</script><meta name="generator" content="Hexo 7.0.0"></head><body><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="https://i.loli.net/2021/02/24/5O1day2nriDzjSu.png" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="sidebar-site-data site-data is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">14</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">14</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">1</div></a></div><hr class="custom-hr"/></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header"><nav id="nav"><span id="blog-info"><a href="/" title="shallot's blog"><span class="site-name">shallot's blog</span></a></span><div id="menus"><div id="toggle-menu"><a class="site-page" href="javascript:void(0);"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="site-info"><h1 id="site-title">shallot's blog</h1></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/2024/12/10/%E7%AC%AC%E4%B8%80%E6%AC%A1%E6%B8%97%E9%80%8F/" title="春秋云镜 initial">春秋云镜 initial</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-12-10T11:02:46.493Z" title="发表于 2024-12-10 19:02:46">2024-12-10</time></span></div><div class="content">春秋云镜 initial记录第一次渗透第一次渗透感觉收获还是很多的
之前一直敬而远之,上手之后发现也没有想象中的难,但是在很多工具利用的过程中出现了非常非常多意想不到的问题,配软件的能力的得到了提升说是(。
外网打点打开网址是thinkphp框架,先用工具开扫
https://github.com/bewhale/thinkphp_gui_tools
这时候我遇上了第一个问题,这也是我经验不足的体现,这是官方给的执行命令java -Dfile.encoding="UTF-8" --module-path "C:\Program Files\Java\javafx-sdk-11.0.2\lib" --add-modules "javafx.controls,javafx.fxml,javafx.web" -jar "xxx.jar"这时候可以看到我们是需要额外下载一个javafx-sdk的,但是我直接下载了上面的11.0.2的版本,出现了不兼容问题,后面查阅资料我又下载了匹配本地jdk版本的sdk。
这时候还 ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/2024/05/28/ciscn_web/" title="CISCN">CISCN</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-05-28T11:24:11.208Z" title="发表于 2024-05-28 19:24:11">2024-05-28</time></span></div><div class="content">CISCNWEB主要写的是新学到的两个知识点涉及到的两个题,分别是Python原型链污染,以及python栈帧沙箱逃逸。
sanic/src扫描下载源码。
1234567891011121314151617181920212223242526272829303132333435363738from sanic import Sanicfrom sanic.response import text, htmlfrom sanic_session import Sessionimport pydash# pydash==5.1.2class Pollute: def __init__(self):passapp = Sanic(__name__)app.static("/static/", "./static/")Session(app)@app.route('/', methods=['GET', 'POST'])async def index(request): return ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/2024/05/22/week4/" title="hgameweek4">hgameweek4</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-05-22T15:37:51.472Z" title="发表于 2024-05-22 23:37:51">2024-05-22</time></span></div><div class="content">week4webReverse and Escalation打开网站需要登录抓个包,感觉activemq有点眼生,查一下发现是一个CVE-2023-46606,默认admin和admin登录一下github上有专用的工具https://github.com/SaumyajeetDas/CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ/按照步骤执行一下成功反弹shellcat /flag一下发现 Permission denied查找资料,原来是权限不够,涉及到提权的知识匹配一下可以用find命令提权find / -perm -g=s -type f 2>/dev/null find . -exec /bin/sh -p \; -quit 反弹一个有root权限的shell就可以啦
everse and Escalation.IIfind 命令会出现一个很奇怪的东西怀疑把find命令内部改过了,把文件base64复制下来,粘贴到010editor,用ida打开查看main函数观察函数,会以时间为种子生成伪随机数,需要我们一次性输入伪随 ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/2024/05/22/week3/" title="hgameweek3">hgameweek3</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-05-22T15:36:52.617Z" title="发表于 2024-05-22 23:36:52">2024-05-22</time></span></div><div class="content">week3webwebvpn审计源代码,发现最后一段函数,要求我们从本地访问该网站,才能进行读文件操作
联想到SSRF但是怎么进行攻击?
接着审计代码,发现了典型能造成的原型链污染的函数update原型链污染的逻辑是
1原型链污染简单来说就是如果能够控制并修改一个对象的原型,就可以影响到所有和这个对象同一个原型的对象
而本网站的作用是构造一个VPN访问外网,联想到我们需要从本地访问,也就是说构造一个127.0.0.1的网站供我们访问同时注意函数禁用了__proto__因此我们采用constructor.prototype,而根据代码要求我们在user/info发送post请求同时调用req.body作为update函数的参数因此我们可以构造payload,考虑到访问ip地址默认80端口,而本地开放3000端口,因此访问的时候利用3000端口访问/flag就可以得到flag啦
ZeroLink网页是一个存储记忆的东西(?)可以查询记忆查看源码,发现以管理员身份登录后还可以上传文件等操作,因此我们先登录(登录界面也只能以管理员身份登录)但是远程的密码数据库中并不能查询到,通过询问 ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/2024/05/22/week2/" title="hgameweek2">hgameweek2</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-05-22T15:34:24.133Z" title="发表于 2024-05-22 23:34:24">2024-05-22</time></span></div><div class="content">hgameweek2webWhat the cow say?打开网站,是一个让我们输入内容并且会由牛牛输出的框框,首先试了一些常见的注入命令,发现分别出现了WAF和ERROR,对一些常见关键词如&&出现了WAF过滤初步猜测是命令行注入,查了好久的绕过,原来是利用$()内联执行但是WAF了cat,flag绕过一下,发现显示该文件是个目录,没办法读取!
paylod=$( c$@at /f$@lag_is_here)
再ls+cat flag 就好啦
myflask打开网页是一串python代码要求我们把cookie中的username改为admin才能回显数据,刚开始试了改包,但是没成功,上网查询资料之后发现要伪造session,密钥是开靶机的时间,然后在网上找了脚本加密一下运行,在code里面数据不对,在虚拟机里的数据才是正确的,成功改了cookie。(感觉coded的版本太高了)随后发送post请求,发现 有一个pickle.loads函数。查阅发现能进行pickle的rce然后构造一个简单的脚本,同样在虚拟机里运行。然后cat /flag 就好啦
Sele ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/2024/05/22/week1/" title="hgame">hgame</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-05-22T14:42:50.145Z" title="发表于 2024-05-22 22:42:50">2024-05-22</time></span></div><div class="content">hgame week1webezhttp题目要求从vidar.club进入修改请求头之后,根据题目修改use-agent并从本地访问,这里普通的 X-Forwarded-For: 127.0.0.1,或client-ip:127.0.0.1都不可以,查阅资料,我们发现了X-Real-IP:127.0.0.1可以实现功能刚开始以为是需要抓包,尝试了半天结果是上方给的密文,试了一下base64解码,得到flag
bypass it题目要求我们登录,但是首先要注册,点击注册会根据弹窗返回登陆页面,根据提示,我们禁用js,成功登录
Select Courses这题模拟的是选课系统,随机会有课放出来,因此我们搞个爬虫判断课程是否有余量并不断发送请求
12345678910111213141516171819202122232425262728import jsonimport requestsfor i in range(5): while(1): a=requests.get('http://47.100.137.175:30125/api/courses ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/2024/01/06/BUU-PHP/" title="PHP">PHP</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-01-06T03:52:03.983Z" title="发表于 2024-01-06 11:52:03">2024-01-06</time></span></div><div class="content">BUU-PHP爆破目录下载源码查看网址,通过备份网站的线索可以想到是可以通过爆破目录下载源码的,我们直接尝试www.zip,获得源码。
代码审计源码,我们获得了flag.php,经过尝试是一个假flag,于是接着进行代码审计。
123456789101112131415161718192021222324252627282930313233343536373839404142434445#index.php<!DOCTYPE html><head> <meta charset="UTF-8"> <title>I have a cat!</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/2.0/reset.min.css"> <link rel="stylesheet" href=" ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/2024/01/02/buu%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E/" title="文件上传">文件上传</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2024-01-02T11:31:37.312Z" title="发表于 2024-01-02 19:31:37">2024-01-02</time></span></div><div class="content">buu 文件上传漏洞此题是让我们上传文件我们通过尝试,发现需要图片并且是jpg格式,我们首先尝试构造一个一句话木马,方便后续进行读取flag我们通过修改content-type和文件后缀上传文件要求不能是php文件,我们尝试php2,php3,phtml的后缀,最后发现phtml成功绕过这条线索要求不能有<?即不能有php文件内容,我们通过Js内嵌php代码可以实现绕过
<script language='php'>@eval($_POST['cmd']);</script>还是不可以,可能是文件头没有修改,我们查找资料发现jpg的文件头为FFD8FF。通过010editor我们修改文件内容成功绕过,并上传文件(图偷的)
我们想要读取文件,在文件上传漏洞中一般在upload或根目录下,然后就可以进进行一句话木马的常规操作读取flag啦。
</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/2023/12/15/hgamemini-TuTu'sDiary%20Book/" title="hgamemini-TuTu's Diary Book">hgamemini-TuTu's Diary Book</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-12-15T12:53:42.856Z" title="发表于 2023-12-15 20:53:42">2023-12-15</time></span></div><div class="content">hgamemini-TuTu’s Diary Book打开界面,是一个可以输入心情和内容的日记本,通过观察没有任何可以下手的地方,首先我们通过爆破网站目录或者根据经验获取网站源码以进行代码审计。
源码获取这里注意常见的源码文件:
1234561.www.zip2.www.tar.gz3.src.zip4.src.tar.gz5.www.tar6./.git/
123456789101112131415161718192021222324252627// newdiary.php<?php $diary_template = "<?xml version='1.0' encoding='utf-8'?> <diary> <date>%s</date> <feeling>%s</feeling> <content>%s</content> ...</div></div></div><div class="recent-post-item"><div class="recent-post-info no-cover"><a class="article-title" href="/2023/12/10/hgamemini-%E5%9B%BE%E7%89%87%E9%9A%90%E5%86%99%E6%80%BB%E7%BB%93/" title="hgamemini-Misc总结">hgamemini-Misc总结</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-12-10T11:03:02.867Z" title="发表于 2023-12-10 19:03:02">2023-12-10</time></span></div><div class="content">hgamemini-图片隐写总结复原图片尺寸
是一张看不出来任何文字和图像的乱码文字,可能是修改了图片的长和宽
通过010 Editor载入png模板,查看到图片的长和高利用Python脚本计算正确的尺寸
12345678910111213import osimport binasciiimport structcrcbp = open("xxx.png", "rb").read() #打开图片for i in range(2000): for j in range(2000): data = crcbp[12:16] + \ struct.pack('>i', i)+struct.pack('>i', j)+crcbp[24:29] crc32 = binascii.crc32(data) & 0xffffffff if(crc32 == 0x38162a34): #图片当前CRC ...</div></div></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><a class="page-number" href="/page/2/#content-inner">2</a><a class="extend next" rel="next" href="/page/2/#content-inner"><i class="fas fa-chevron-right fa-fw"></i></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="https://i.loli.net/2021/02/24/5O1day2nriDzjSu.png" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">shallot</div><div class="author-info__description"></div></div><div class="card-info-data site-data is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">14</div></a><a href="/tags/"><div class="headline">标签</div><div class="length-num">14</div></a><a href="/categories/"><div class="headline">分类</div><div class="length-num">1</div></a></div><a id="card-info-btn" target="_blank" rel="noopener" href="https://github.com/xxxxxx"><i class="fab fa-github"></i><span>Follow Me</span></a></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn fa-shake"></i><span>公告</span></div><div class="announcement_content">This is my Blog</div></div><div class="sticky_layout"><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2024/12/10/%E7%AC%AC%E4%B8%80%E6%AC%A1%E6%B8%97%E9%80%8F/" title="春秋云镜 initial">春秋云镜 initial</a><time datetime="2024-12-10T11:02:46.493Z" title="发表于 2024-12-10 19:02:46">2024-12-10</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2024/05/28/ciscn_web/" title="CISCN">CISCN</a><time datetime="2024-05-28T11:24:11.208Z" title="发表于 2024-05-28 19:24:11">2024-05-28</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2024/05/22/week4/" title="hgameweek4">hgameweek4</a><time datetime="2024-05-22T15:37:51.472Z" title="发表于 2024-05-22 23:37:51">2024-05-22</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2024/05/22/week3/" title="hgameweek3">hgameweek3</a><time datetime="2024-05-22T15:36:52.617Z" title="发表于 2024-05-22 23:36:52">2024-05-22</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2024/05/22/week2/" title="hgameweek2">hgameweek2</a><time datetime="2024-05-22T15:34:24.133Z" title="发表于 2024-05-22 23:34:24">2024-05-22</time></div></div></div></div><div class="card-widget card-categories"><div class="item-headline">
<i class="fas fa-folder-open"></i>
<span>分类</span>
</div>
<ul class="card-category-list" id="aside-cat-list">
<li class="card-category-list-item "><a class="card-category-list-link" href="/categories/hgame-mini-wp/"><span class="card-category-list-name">hgame-mini wp</span><span class="card-category-list-count">1</span></a></li>
</ul></div><div class="card-widget card-tags"><div class="item-headline"><i class="fas fa-tags"></i><span>标签</span></div><div class="card-tag-cloud"><a href="/tags/PHP-md5-%E7%A2%B0%E6%92%9E/" style="font-size: 1.23em; color: #999ea6">PHP md5 碰撞</a> <a href="/tags/%E6%B8%97%E9%80%8F/" style="font-size: 1.23em; color: #999ea6">渗透</a> <a href="/tags/PHP-%E4%BC%AA%E5%8D%8F%E8%AE%AE/" style="font-size: 1.23em; color: #999ea6">PHP 伪协议</a> <a href="/tags/web%E5%B0%8F%E7%BB%83%E4%B9%A0/" style="font-size: 1.1em; color: #999">web小练习</a> <a href="/tags/web/" style="font-size: 1.23em; color: #999ea6">web</a> <a href="/tags/misc-web/" style="font-size: 1.5em; color: #99a9bf">misc web</a> <a href="/tags/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0/" style="font-size: 1.23em; color: #999ea6">文件上传</a> <a href="/tags/xxe%E6%B3%A8%E5%85%A5/" style="font-size: 1.23em; color: #999ea6">xxe注入</a> <a href="/tags/PHP/" style="font-size: 1.23em; color: #999ea6">PHP</a> <a href="/tags/PHP-%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0/" style="font-size: 1.23em; color: #999ea6">PHP 文件上传</a> <a href="/tags/PHP-%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96/" style="font-size: 1.37em; color: #99a4b2">PHP 反序列化</a> <a href="/tags/%E4%B8%80%E5%8F%A5%E8%AF%9D%E6%9C%A8%E9%A9%AC/" style="font-size: 1.23em; color: #999ea6">一句话木马</a> <a href="/tags/%E5%9B%BE%E7%89%87%E9%9A%90%E5%86%99/" style="font-size: 1.23em; color: #999ea6">图片隐写</a> <a href="/tags/web-python/" style="font-size: 1.23em; color: #999ea6">web python</a></div></div><div class="card-widget card-archives"><div class="item-headline"><i class="fas fa-archive"></i><span>归档</span></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2024/12/"><span class="card-archive-list-date">十二月 2024</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2024/05/"><span class="card-archive-list-date">五月 2024</span><span class="card-archive-list-count">5</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2024/01/"><span class="card-archive-list-date">一月 2024</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/12/"><span class="card-archive-list-date">十二月 2023</span><span class="card-archive-list-count">3</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/11/"><span class="card-archive-list-date">十一月 2023</span><span class="card-archive-list-count">3</span></a></li></ul></div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>网站资讯</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">文章数目 :</div><div class="item-count">14</div></div><div class="webinfo-item"><div class="item-name">本站访客数 :</div><div class="item-count" id="busuanzi_value_site_uv"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">本站总访问量 :</div><div class="item-count" id="busuanzi_value_site_pv"><i class="fa-solid fa-spinner fa-spin"></i></div></div><div class="webinfo-item"><div class="item-name">最后更新时间 :</div><div class="item-count" id="last-push-date" data-lastPushDate="2024-12-10T12:35:28.838Z"><i class="fa-solid fa-spinner fa-spin"></i></div></div></div></div></div></div></main><footer id="footer"><div id="footer-wrap"><div class="copyright">©2020 - 2024 By shallot</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside-config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="回到顶部"><span class="scroll-percent"></span><i class="fas fa-arrow-up"></i></button></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox/fancybox.umd.min.js"></script><div class="js-pjax"></div><script src="https://cdn.jsdelivr.net/npm/prismjs/prism.min.js"></script><script src="https://cdn.jsdelivr.net/npm/prismjs/plugins/autoloader/prism-autoloader.min.js"></script><script src="https://cdn.jsdelivr.net/npm/prismjs/plugins/line-numbers/prism-line-numbers.min.js"></script><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></body></html>