-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
232 lines (202 loc) · 45.5 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
<!DOCTYPE html><html lang="zh-CN" data-theme="light /dark"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>h11ba1's blog - h11ba1 的博客</title><meta name="keywords" content="安全,白帽子,二次元,求道人"><meta name="author" content="h11ba1"><meta name="copyright" content="h11ba1"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta name="description" content="主要记录一些日常学习中的笔记">
<meta property="og:type" content="website">
<meta property="og:title" content="h11ba1's blog">
<meta property="og:url" content="http://example.com/index.html">
<meta property="og:site_name" content="h11ba1's blog">
<meta property="og:description" content="主要记录一些日常学习中的笔记">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="http://example.com/img/favicon.png">
<meta property="article:author" content="h11ba1">
<meta property="article:tag" content="安全,白帽子,二次元,求道人">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="http://example.com/img/favicon.png"><link rel="shortcut icon" href="/img/favicon.png"><link rel="canonical" href="http://example.com/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = {
root: '/',
algolia: undefined,
localSearch: {"path":"search.xml","languages":{"hits_empty":"找不到您查询的内容:${query}"}},
translate: undefined,
noticeOutdate: undefined,
highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
copy: {
success: '复制成功',
error: '复制错误',
noSupport: '浏览器不支持'
},
relativeDate: {
homepage: false,
post: false
},
runtime: '天',
date_suffix: {
just: '刚刚',
min: '分钟前',
hour: '小时前',
day: '天前',
month: '个月前'
},
copyright: undefined,
lightbox: 'fancybox',
Snackbar: undefined,
source: {
jQuery: 'https://cdn.jsdelivr.net/npm/jquery@latest/dist/jquery.min.js',
justifiedGallery: {
js: 'https://cdn.jsdelivr.net/npm/justifiedGallery/dist/js/jquery.justifiedGallery.min.js',
css: 'https://cdn.jsdelivr.net/npm/justifiedGallery/dist/css/justifiedGallery.min.css'
},
fancybox: {
js: 'https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@latest/dist/jquery.fancybox.min.js',
css: 'https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@latest/dist/jquery.fancybox.min.css'
}
},
isPhotoFigcaption: false,
islazyload: false,
isanchor: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
title: 'h11ba1\'s blog',
isPost: false,
isHome: true,
isHighlightShrink: false,
isToc: false,
postUpdate: '2022-04-10 22:43:47'
}</script><noscript><style type="text/css">
#nav {
opacity: 1
}
.justified-gallery img {
opacity: 1
}
#recent-posts time,
#post-meta time {
display: inline !important
}
</style></noscript><script>(win=>{
win.saveToLocal = {
set: function setWithExpiry(key, value, ttl) {
if (ttl === 0) return
const now = new Date()
const expiryDay = ttl * 86400000
const item = {
value: value,
expiry: now.getTime() + expiryDay,
}
localStorage.setItem(key, JSON.stringify(item))
},
get: function getWithExpiry(key) {
const itemStr = localStorage.getItem(key)
if (!itemStr) {
return undefined
}
const item = JSON.parse(itemStr)
const now = new Date()
if (now.getTime() > item.expiry) {
localStorage.removeItem(key)
return undefined
}
return item.value
}
}
win.getScript = url => new Promise((resolve, reject) => {
const script = document.createElement('script')
script.src = url
script.async = true
script.onerror = reject
script.onload = script.onreadystatechange = function() {
const loadState = this.readyState
if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
script.onload = script.onreadystatechange = null
resolve()
}
document.head.appendChild(script)
})
win.activateDarkMode = function () {
document.documentElement.setAttribute('data-theme', 'dark')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
}
}
win.activateLightMode = function () {
document.documentElement.setAttribute('data-theme', 'light')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
}
}
const t = saveToLocal.get('theme')
if (t === 'dark') activateDarkMode()
else if (t === 'light') activateLightMode()
const asideStatus = saveToLocal.get('aside-status')
if (asideStatus !== undefined) {
if (asideStatus === 'hide') {
document.documentElement.classList.add('hide-aside')
} else {
document.documentElement.classList.remove('hide-aside')
}
}
const detectApple = () => {
if (GLOBAL_CONFIG_SITE.isHome && /iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
document.documentElement.classList.add('apple')
}
}
detectApple()
})(window)</script><meta name="generator" content="Hexo 5.4.0"><link rel="alternate" href="/atom.xml" title="h11ba1's blog" type="application/atom+xml">
</head><body><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="/img/favicon.png" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="site-data"><div class="data-item is-center"><div class="data-item-link"><a href="/archives/"><div class="headline">文章</div><div class="length-num">44</div></a></div></div><div class="data-item is-center"><div class="data-item-link"><a href="/tags/"><div class="headline">标签</div><div class="length-num">49</div></a></div></div><div class="data-item is-center"><div class="data-item-link"><a href="/categories/"><div class="headline">分类</div><div class="length-num">7</div></a></div></div></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="javascript:void(0);"><i class="fa-fw fas fa-list"></i><span> 清单</span><i class="fas fa-chevron-down expand"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/links/"><i class="fa-fw fas fa-link"></i><span> 友情连接</span></a></li><li><a class="site-page child" href="/bangumis"><i class="fa-fw bangumis"></i><span> 番剧</span></a></li></ul></div></div></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header" style="background-image: url('/img/top_img/index.jpg')"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">h11ba1's blog</a></span><div id="menus"><div id="search-button"><a class="site-page social-icon search"><i class="fas fa-search fa-fw"></i><span> 搜索</span></a></div><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw fas fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="javascript:void(0);"><i class="fa-fw fas fa-list"></i><span> 清单</span><i class="fas fa-chevron-down expand"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/links/"><i class="fa-fw fas fa-link"></i><span> 友情连接</span></a></li><li><a class="site-page child" href="/bangumis"><i class="fa-fw bangumis"></i><span> 番剧</span></a></li></ul></div></div><div id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="site-info"><h1 id="site-title">h11ba1's blog</h1><div id="site_social_icons"><a class="social-icon" href="https://github.com/h1iba1" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:[email protected]" target="_blank" title="Email"><i class="fas fa-envelope"></i></a><a class="social-icon" href="/atom.xml" target="_blank" title="RSS"><i class="fa fa-rss"></i></a></div></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div class="recent-post-item"><div class="post_cover left_radius"><a href="/2022/01/19/%E4%BA%91%E5%8E%9F%E7%94%9F%E5%AE%89%E5%85%A8/5.CVE-2018-15664-%E7%AC%A6%E5%8F%B7%E8%BF%9E%E6%8E%A5%E6%9B%BF%E6%8D%A2%E6%BC%8F%E6%B4%9E/" title="5.CVE-2018-15664-符号连接替换漏洞"> <img class="post_bg" src="/2022/01/19/%E4%BA%91%E5%8E%9F%E7%94%9F%E5%AE%89%E5%85%A8/5.CVE-2018-15664-%E7%AC%A6%E5%8F%B7%E8%BF%9E%E6%8E%A5%E6%9B%BF%E6%8D%A2%E6%BC%8F%E6%B4%9E/1.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="5.CVE-2018-15664-符号连接替换漏洞"></a></div><div class="recent-post-info"><a class="article-title" href="/2022/01/19/%E4%BA%91%E5%8E%9F%E7%94%9F%E5%AE%89%E5%85%A8/5.CVE-2018-15664-%E7%AC%A6%E5%8F%B7%E8%BF%9E%E6%8E%A5%E6%9B%BF%E6%8D%A2%E6%BC%8F%E6%B4%9E/" title="5.CVE-2018-15664-符号连接替换漏洞">5.CVE-2018-15664-符号连接替换漏洞</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-01-19T13:04:49.000Z" title="发表于 2022-01-19 21:04:49">2022-01-19</time></span><span class="article-meta"><span class="article-meta__separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E4%BA%91%E5%8E%9F%E7%94%9F%E5%AE%89%E5%85%A8/">云原生安全</a></span></div><div class="content">简介在18.06.1-ce-rc2版本之前的Docker中,docker cp命令对应的后端API存在基于竞争的符号链接替换漏洞,能够导致目录穿越。攻击者可以利用此漏洞以root权限实现宿主机文件系统的任意读写,CVSS 3.x评分为7.5分。
漏洞原理CVE-2018-15664是一个TOCTOU(time-of-check to time-of-use)问题,属于竟态条件漏洞。
这个问题指的是对象进行安全检查和使用该对象的步骤之间存在间隙,攻击者可以先构造并放置一个能够通过安全检查的合法对象,顺利通过目标程序的安全检查流程,然后立即使用恶意对象替换之前的合法对象。这样一来,目标程序真正使用的实际上是被替换后的恶意对象。
漏洞原理流程图
攻击首先利用合法文件进行合法校验,正常文件校验通过之后再把合法文件替换为恶意文件。达到恶意利用的目的。以上就是TOCTOU问题的原理。这个问题看起来很抽象, ...</div></div></div><div class="recent-post-item"><div class="post_cover right_radius"><a href="/2022/01/11/xsstrike%E6%BA%90%E7%A0%81%E8%B5%8F%E6%9E%90/" title="xsstrike源码赏析"> <img class="post_bg" src="/2022/01/11/xsstrike%E6%BA%90%E7%A0%81%E8%B5%8F%E6%9E%90/1.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="xsstrike源码赏析"></a></div><div class="recent-post-info"><a class="article-title" href="/2022/01/11/xsstrike%E6%BA%90%E7%A0%81%E8%B5%8F%E6%9E%90/" title="xsstrike源码赏析">xsstrike源码赏析</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2022-01-11T13:04:49.000Z" title="发表于 2022-01-11 21:04:49">2022-01-11</time></span><span class="article-meta"><span class="article-meta__separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E5%AE%89%E5%85%A8%E5%BC%80%E5%8F%91/">安全开发</a></span></div><div class="content">XSStrike作为一个在github有9.9k start的xss检测工具。架构,检测思路对于研究xss检测还是很有帮助的,下面将从以下五个部分来赏析一下xsstrike源码。
1.项目架构1234567891011121314151617181920212223242526272829303132333435XSStrike├── core│ ├── __init__.py│ ├── arjun.py #查找页面中的input标签name属性作为参数。携带xsschecker请求参数查看回显来判断风险参数│ ├── checker.py #判断输入的特殊字符是否被编码,并根据编码情况进行打分│ ├── colors.py #为输出添加颜色│ ├── config.py #记载所有配置。如:启动xsstrike时输入的参数记载在globalVariables。│ ├── dom.py #domxss检测。正则匹配domxss的 source,sink。source能够流出sink则进行标记│ ├── encoders ...</div></div></div><div class="recent-post-item"><div class="post_cover left_radius"><a href="/2021/08/29/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/fastjson%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E5%8E%9F%E7%90%86%E5%8F%8A%E6%89%A9%E5%B1%95/" title="fastjson反序列化漏洞原理及扩展"> <img class="post_bg" src="/2021/08/29/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/fastjson%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E5%8E%9F%E7%90%86%E5%8F%8A%E6%89%A9%E5%B1%95/31.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="fastjson反序列化漏洞原理及扩展"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/08/29/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/fastjson%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E5%8E%9F%E7%90%86%E5%8F%8A%E6%89%A9%E5%B1%95/" title="fastjson反序列化漏洞原理及扩展">fastjson反序列化漏洞原理及扩展</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2021-08-29T10:05:49.000Z" title="发表于 2021-08-29 18:05:49">2021-08-29</time></span><span class="article-meta"><span class="article-meta__separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/">代码审计</a></span></div><div class="content">内部分享中分享的一些fastjson知识点,这里简单记录一下。
文章中涉及的代码均已上传到github:https://github.com/h1iba1/fastjsonVulnDemo
fastjson原理浅析Fastjson反序列化采用两个函数:JSON.parseObject(),JSON.parse()。
简单写一个demo来查看两者区别:
parseObject:默认返回 fastjson.JSONObject 类。
parse:默认返回@type指定的user类。
parseObject也可以添加Object.class参数来返回user类。
@type如果利用过fastjson漏洞,会发现几乎所有的payload中都存在@type,那这个@type有啥含义呢?
@type参数能将我们序列化后的类转为@type中指定的类,然后在反序列化过程中会自动调用类中的setter和getter和构造函数。
写一个简单的dome进行尝试:
EvilEntity.java
1234567891011121314151617181920212223242526package com.e ...</div></div></div><div class="recent-post-item"><div class="post_cover right_radius"><a href="/2021/08/25/java%E7%B3%BB%E7%BB%9F%E9%AA%8C%E8%AF%81%E7%A0%B4%E8%A7%A3/" title="jar包修改绕过系统license验证"> <img class="post_bg" src="/2021/08/25/java%E7%B3%BB%E7%BB%9F%E9%AA%8C%E8%AF%81%E7%A0%B4%E8%A7%A3/index.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="jar包修改绕过系统license验证"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/08/25/java%E7%B3%BB%E7%BB%9F%E9%AA%8C%E8%AF%81%E7%A0%B4%E8%A7%A3/" title="jar包修改绕过系统license验证">jar包修改绕过系统license验证</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2021-08-25T02:05:49.000Z" title="发表于 2021-08-25 10:05:49">2021-08-25</time></span><span class="article-meta"><span class="article-meta__separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/">代码审计</a></span></div><div class="content">最近做的一个项目领导要求破解一个系统。emmmm,只能硬着头皮分析一波。
搭建环境远程debug。因为该项目基于tomcat搭建,找到catalina.sh
添加如下配置,重启。
1CATALINA_OPTS="-server -Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005"
ieda配置远程jvm调试即可:
定位关键验证代码通过反编译所有jar包搜索关键字+debug跟踪定位到关键代码如下。
验证绕过分析通过简单查看license验证代码,大概确定两个方法。
1.license.key采用ras算法验证,可以尝试根据代码写一个license.key生成器。
翻看了一下代码只找到rsa的公钥,license.key是根据机器码生成。推测是机器码+rsa私钥生成license.key。上传license.key之后,系统采用公钥解密验证。这个方法感觉没啥希望。
2.更改license验证jar包中的关键代码,再 ...</div></div></div><div class="recent-post-item"><div class="post_cover left_radius"><a href="/2021/08/10/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/s2-001%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/" title="s2-001复现分析"> <img class="post_bg" src="/2021/08/10/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/s2-001%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/index.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="s2-001复现分析"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/08/10/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/s2-001%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/" title="s2-001复现分析">s2-001复现分析</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2021-08-10T13:05:49.000Z" title="发表于 2021-08-10 21:05:49">2021-08-10</time></span><span class="article-meta"><span class="article-meta__separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/">代码审计</a></span></div><div class="content">1.漏洞原因官方说明:https://cwiki.apache.org/confluence/display/WW/S2-001
1The 'altSyntax' feature of WebWork 2.1+ and Struts 2 allows OGNL expressions to be inserted into text strings and is processed recursively. This allows a malicious user to submit a string, usually through an HTML text field, containing an OGNL expression that will then be executed by the server if the form validation has failed. For example, say we had this form that required the 'phoneNumber' field to not be b ...</div></div></div><div class="recent-post-item"><div class="post_cover right_radius"><a href="/2021/08/10/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/s2-005%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/" title="s2-005复现分析"> <img class="post_bg" src="/2021/08/10/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/s2-005%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/index.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="s2-005复现分析"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/08/10/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/s2-005%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/" title="s2-005复现分析">s2-005复现分析</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2021-08-10T13:05:49.000Z" title="发表于 2021-08-10 21:05:49">2021-08-10</time></span><span class="article-meta"><span class="article-meta__separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/">代码审计</a></span></div><div class="content">1.漏洞简介官方描述:https://cwiki.apache.org/confluence/display/WW/S2-005
s2-005是对s2-003的绕过,s2-003通过将#字符加入了黑名单来限制简单对象的执行,但是#字符可通过编码来绕过,比如:unicode编码(\u0023)或者8进制(\43)。
12345('\u0023' + 'session\'user\'')(unused)=0wn3dwhich will look as follows once URL encoded:('\u0023'%20%2b%20'session\'user\'')(unused)=0wn3d
而后为了修复,官方增加安全配置禁止静态方法调用(allowStaticMethodAcces)和类方法执行(MethodAccessor.denyMethodExecution)等来修补。但是并没有完全解决该漏洞,ognl表达式依旧可以执行,通过ognl表达式将安全配置修 ...</div></div></div><div class="recent-post-item"><div class="post_cover left_radius"><a href="/2021/07/05/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/java%E5%8F%8D%E5%B0%84%E6%9C%BA%E5%88%B6/" title="java反射机制"> <img class="post_bg" src="/2021/07/05/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/java%E5%8F%8D%E5%B0%84%E6%9C%BA%E5%88%B6/index.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="java反射机制"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/07/05/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/java%E5%8F%8D%E5%B0%84%E6%9C%BA%E5%88%B6/" title="java反射机制">java反射机制</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2021-07-05T13:04:49.000Z" title="发表于 2021-07-05 21:04:49">2021-07-05</time></span><span class="article-meta"><span class="article-meta__separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/">代码审计</a></span></div><div class="content">0x01 反射原理反射中几个极为重要的方法:
1234获取类的⽅法: forName实例化类对象的⽅法: newInstance获取函数的⽅法: getMethod执⾏函数的⽅法: invoke
方法详解:
forName():
forName两种使用形式:
1234567891011Class<?> forName(String name) //name:class名称Class<?> forName(String name, **boolean** initialize, ClassLoader loader)//name:class名称//initialize:是否进行“类初始化”//loader:加载器//第一种调用形式等同于第二种,其实就是第二种形式的封装,默认进行"类初始化”,默认加载器根据类名(完整路径)来加载Class.forName(className) Class.forName(className, true, currentLoader)
newInstance():
newInstance()没有参数输入,所以newIns ...</div></div></div><div class="recent-post-item"><div class="post_cover right_radius"><a href="/2021/07/05/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96URLDNS/" title="反序列化URLDNS"> <img class="post_bg" src="/2021/07/05/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96URLDNS/index.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="反序列化URLDNS"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/07/05/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96URLDNS/" title="反序列化URLDNS">反序列化URLDNS</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2021-07-05T13:04:49.000Z" title="发表于 2021-07-05 21:04:49">2021-07-05</time></span><span class="article-meta"><span class="article-meta__separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/">代码审计</a></span></div><div class="content">学习java反序列化自然绕不开cc链,ysoserial。ysoserial中最简单的链条就属urldns,用来作为入门学习很不错,下面简单分析,跟一下流程。
0x01 利用链123456HashMap->readObject()HashMap->hash()URL->hashCode()URLStreamHandler->hashCode()URLStreamHandler->getHostAddress()InetAddress->getByName()
依此跟进分析:
java.util.HashMap#readObjectr():1234567891011121314151617181920212223242526272829303132333435363738394041424344private void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException { // Read in th ...</div></div></div><div class="recent-post-item"><div class="post_cover left_radius"><a href="/2021/07/01/arl_poc%E7%BC%96%E5%86%99/" title="arl_poc编写"> <img class="post_bg" src="/2021/07/01/arl_poc%E7%BC%96%E5%86%99/index.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="arl_poc编写"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/07/01/arl_poc%E7%BC%96%E5%86%99/" title="arl_poc编写">arl_poc编写</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2021-07-01T13:04:49.000Z" title="发表于 2021-07-01 21:04:49">2021-07-01</time></span><span class="article-meta"><span class="article-meta__separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E5%AE%89%E5%85%A8%E5%BC%80%E5%8F%91/">安全开发</a></span></div><div class="content">最新版的arl增加了poc编写与探测的功能。打算自己编写一些常用poc来提高杀伤力。
因为主要用来做资产发现,本人更注重于指纹识别以及一些简单的poc探测。主要关注一下几个方面
指纹识别:12345shirostruts2weblogicspringsolr
简单的poc探测:123springboot未授权swagger接口文档发现...
敏感资产发现:123系统后台管理系统...
1. arl poc框架arl poc工具存在于v2.3.1镜像中。
1docker pull tophant/arl:v2.3.1
进入镜像:
12345docker exec -it arl_web /bin/bashfind / -name poccd /opt/ARL-NPoC/xing/ # 进入poc框架目录,可直接将ARL-NPoC打包拷贝出来进行本地使用
Arl-npoc本地使用:
1234567891011121314151617181920xing -husage: xing [-h] [--version] [--quit] [--log { ...</div></div></div><div class="recent-post-item"><div class="post_cover right_radius"><a href="/2021/06/05/hugo+github%20page%E6%90%AD%E5%BB%BA%E8%87%AA%E5%AE%9A%E4%B9%89%E5%9F%9F%E5%90%8D%E7%9A%84https%E5%8D%9A%E5%AE%A2/" title="hugo+github page搭建自定义域名的https博客"> <img class="post_bg" src="/2021/06/05/hugo+github%20page%E6%90%AD%E5%BB%BA%E8%87%AA%E5%AE%9A%E4%B9%89%E5%9F%9F%E5%90%8D%E7%9A%84https%E5%8D%9A%E5%AE%A2/index.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="hugo+github page搭建自定义域名的https博客"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/06/05/hugo+github%20page%E6%90%AD%E5%BB%BA%E8%87%AA%E5%AE%9A%E4%B9%89%E5%9F%9F%E5%90%8D%E7%9A%84https%E5%8D%9A%E5%AE%A2/" title="hugo+github page搭建自定义域名的https博客">hugo+github page搭建自定义域名的https博客</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2021-06-05T13:04:49.000Z" title="发表于 2021-06-05 21:04:49">2021-06-05</time></span><span class="article-meta"><span class="article-meta__separator">|</span><i class="fas fa-inbox"></i><a class="article-meta__categories" href="/categories/%E6%9D%82%E8%AE%B0/">杂记</a></span></div><div class="content">1.部署hugomac安装Hugo:12brew install hugohugo version 查看hugo版本
hugo创建博客:1hugo new site h11ba1.com #在当前目录下创建h11ba1.com文件夹
生成新的文章:1hugo new posts/first-post.md
文章内容如下:12345---title: "My First Post"date: 2021-07-01T13:46:58+08:00draft: flase---
将草稿draft改为flase。
配置博客主题:123git initgit submodule add https://github.com/miiiku/hugo-theme-kagome.git ./themes/kagome # 将此存储库作为Git - 子模块,这样将更容易获取这个主题的更新echo theme = \"kagome\" >> config.toml # 更改配置文件,将主题加入配置
本地预览 ...</div></div></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><a class="page-number" href="/page/2/#content-inner">2</a><span class="space">…</span><a class="page-number" href="/page/5/#content-inner">5</a><a class="extend next" rel="next" href="/page/2/#content-inner"><i class="fas fa-chevron-right fa-fw"></i></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="/img/favicon.png" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">h11ba1</div><div class="author-info__description">主要记录一些日常学习中的笔记</div></div><div class="card-info-data"><div class="card-info-data-item is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">44</div></a></div><div class="card-info-data-item is-center"><a href="/tags/"><div class="headline">标签</div><div class="length-num">49</div></a></div><div class="card-info-data-item is-center"><a href="/categories/"><div class="headline">分类</div><div class="length-num">7</div></a></div></div><a class="button--animated" id="card-info-btn" target="_blank" rel="noopener" href="https://github.com/h1iba1"><i class="fab fa-github"></i><span>Follow Me</span></a><div class="card-info-social-icons is-center"><a class="social-icon" href="https://github.com/h1iba1" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:[email protected]" target="_blank" title="Email"><i class="fas fa-envelope"></i></a><a class="social-icon" href="/atom.xml" target="_blank" title="RSS"><i class="fa fa-rss"></i></a></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn card-announcement-animation"></i><span>公告</span></div><div class="announcement_content">好好学习</div></div><div class="card-widget card-pixiv"><div class="card-content"><div class="item-headline"><i class="fa fa-image" aria-hidden="true"></i><span>P站Top50</span><iframe src="https://cloud.mokeyjay.com/pixiv" frameborder="0" style="width:99%;height:380px;margin:0;"></iframe></div></div></div><div class="sticky_layout"><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item"><a class="thumbnail" href="/2022/01/19/%E4%BA%91%E5%8E%9F%E7%94%9F%E5%AE%89%E5%85%A8/5.CVE-2018-15664-%E7%AC%A6%E5%8F%B7%E8%BF%9E%E6%8E%A5%E6%9B%BF%E6%8D%A2%E6%BC%8F%E6%B4%9E/" title="5.CVE-2018-15664-符号连接替换漏洞"><img src="/2022/01/19/%E4%BA%91%E5%8E%9F%E7%94%9F%E5%AE%89%E5%85%A8/5.CVE-2018-15664-%E7%AC%A6%E5%8F%B7%E8%BF%9E%E6%8E%A5%E6%9B%BF%E6%8D%A2%E6%BC%8F%E6%B4%9E/1.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="5.CVE-2018-15664-符号连接替换漏洞"/></a><div class="content"><a class="title" href="/2022/01/19/%E4%BA%91%E5%8E%9F%E7%94%9F%E5%AE%89%E5%85%A8/5.CVE-2018-15664-%E7%AC%A6%E5%8F%B7%E8%BF%9E%E6%8E%A5%E6%9B%BF%E6%8D%A2%E6%BC%8F%E6%B4%9E/" title="5.CVE-2018-15664-符号连接替换漏洞">5.CVE-2018-15664-符号连接替换漏洞</a><time datetime="2022-01-19T13:04:49.000Z" title="发表于 2022-01-19 21:04:49">2022-01-19</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2022/01/11/xsstrike%E6%BA%90%E7%A0%81%E8%B5%8F%E6%9E%90/" title="xsstrike源码赏析"><img src="/2022/01/11/xsstrike%E6%BA%90%E7%A0%81%E8%B5%8F%E6%9E%90/1.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="xsstrike源码赏析"/></a><div class="content"><a class="title" href="/2022/01/11/xsstrike%E6%BA%90%E7%A0%81%E8%B5%8F%E6%9E%90/" title="xsstrike源码赏析">xsstrike源码赏析</a><time datetime="2022-01-11T13:04:49.000Z" title="发表于 2022-01-11 21:04:49">2022-01-11</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2021/08/29/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/fastjson%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E5%8E%9F%E7%90%86%E5%8F%8A%E6%89%A9%E5%B1%95/" title="fastjson反序列化漏洞原理及扩展"><img src="/2021/08/29/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/fastjson%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E5%8E%9F%E7%90%86%E5%8F%8A%E6%89%A9%E5%B1%95/31.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="fastjson反序列化漏洞原理及扩展"/></a><div class="content"><a class="title" href="/2021/08/29/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/fastjson%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E5%8E%9F%E7%90%86%E5%8F%8A%E6%89%A9%E5%B1%95/" title="fastjson反序列化漏洞原理及扩展">fastjson反序列化漏洞原理及扩展</a><time datetime="2021-08-29T10:05:49.000Z" title="发表于 2021-08-29 18:05:49">2021-08-29</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2021/08/25/java%E7%B3%BB%E7%BB%9F%E9%AA%8C%E8%AF%81%E7%A0%B4%E8%A7%A3/" title="jar包修改绕过系统license验证"><img src="/2021/08/25/java%E7%B3%BB%E7%BB%9F%E9%AA%8C%E8%AF%81%E7%A0%B4%E8%A7%A3/index.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="jar包修改绕过系统license验证"/></a><div class="content"><a class="title" href="/2021/08/25/java%E7%B3%BB%E7%BB%9F%E9%AA%8C%E8%AF%81%E7%A0%B4%E8%A7%A3/" title="jar包修改绕过系统license验证">jar包修改绕过系统license验证</a><time datetime="2021-08-25T02:05:49.000Z" title="发表于 2021-08-25 10:05:49">2021-08-25</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2021/08/10/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/s2-001%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/" title="s2-001复现分析"><img src="/2021/08/10/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/s2-001%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/index.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="s2-001复现分析"/></a><div class="content"><a class="title" href="/2021/08/10/java%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/s2-001%E5%A4%8D%E7%8E%B0%E5%88%86%E6%9E%90/" title="s2-001复现分析">s2-001复现分析</a><time datetime="2021-08-10T13:05:49.000Z" title="发表于 2021-08-10 21:05:49">2021-08-10</time></div></div></div></div><div class="card-widget card-categories"><div class="item-headline">
<i class="fas fa-folder-open"></i>
<span>分类</span>
</div>
<ul class="card-category-list" id="aside-cat-list">
<li class="card-category-list-item "><a class="card-category-list-link" href="/categories/CTF/"><span class="card-category-list-name">CTF</span><span class="card-category-list-count">19</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/web%E5%AE%89%E5%85%A8/"><span class="card-category-list-name">web安全</span><span class="card-category-list-count">7</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E4%BA%91%E5%8E%9F%E7%94%9F%E5%AE%89%E5%85%A8/"><span class="card-category-list-name">云原生安全</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1/"><span class="card-category-list-name">代码审计</span><span class="card-category-list-count">11</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E5%86%85%E7%BD%91%E6%B8%97%E9%80%8F/"><span class="card-category-list-name">内网渗透</span><span class="card-category-list-count">1</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E5%AE%89%E5%85%A8%E5%BC%80%E5%8F%91/"><span class="card-category-list-name">安全开发</span><span class="card-category-list-count">4</span></a></li><li class="card-category-list-item "><a class="card-category-list-link" href="/categories/%E6%9D%82%E8%AE%B0/"><span class="card-category-list-name">杂记</span><span class="card-category-list-count">1</span></a></li>
</ul></div><div class="card-widget card-tags"><div class="item-headline"><i class="fas fa-tags"></i><span>标签</span></div><div class="card-tag-cloud"><a href="/tags/CTF/" style="font-size: 1.5em; color: #99a9bf">CTF</a> <a href="/tags/CVE-2018-15664/" style="font-size: 1.1em; color: #999">CVE-2018-15664</a> <a href="/tags/Thinkphp-5-0-15-SQL/" style="font-size: 1.1em; color: #999">Thinkphp 5.0.15 SQL</a> <a href="/tags/URLDNS/" style="font-size: 1.1em; color: #999">URLDNS</a> <a href="/tags/arl/" style="font-size: 1.1em; color: #999">arl</a> <a href="/tags/arl-poc/" style="font-size: 1.1em; color: #999">arl poc</a> <a href="/tags/burpsuite%E5%AE%9E%E9%AA%8C%E5%AE%A4/" style="font-size: 1.37em; color: #99a4b2">burpsuite实验室</a> <a href="/tags/cors/" style="font-size: 1.1em; color: #999">cors</a> <a href="/tags/cs%E4%B8%8A%E7%BA%BF/" style="font-size: 1.1em; color: #999">cs上线</a> <a href="/tags/django/" style="font-size: 1.1em; color: #999">django</a> <a href="/tags/django%E5%AD%A6%E4%B9%A0/" style="font-size: 1.1em; color: #999">django学习</a> <a href="/tags/django%E5%AE%89%E5%85%A8%E5%BC%80%E5%8F%91/" style="font-size: 1.1em; color: #999">django安全开发</a> <a href="/tags/fastjson-jdbc%E5%BA%8F%E5%88%97%E5%8C%96/" style="font-size: 1.1em; color: #999">fastjson jdbc序列化</a> <a href="/tags/fastjson%E5%8F%8D%E5%BA%8F%E5%88%97/" style="font-size: 1.1em; color: #999">fastjson反序列</a> <a href="/tags/fastjson%E9%93%BE%E6%9D%A1%E5%88%86%E6%9E%90/" style="font-size: 1.1em; color: #999">fastjson链条分析</a> <a href="/tags/hugo/" style="font-size: 1.1em; color: #999">hugo</a> <a href="/tags/hugo-https/" style="font-size: 1.1em; color: #999">hugo https</a> <a href="/tags/hugo-gethub-page/" style="font-size: 1.1em; color: #999">hugo+gethub page</a> <a href="/tags/ios-m1-app-%E6%8A%93%E5%8C%85/" style="font-size: 1.1em; color: #999">ios m1 app 抓包</a> <a href="/tags/jar%E4%BF%AE%E6%94%B9/" style="font-size: 1.1em; color: #999">jar修改</a> <a href="/tags/java%E5%8F%8D%E5%B0%84/" style="font-size: 1.1em; color: #999">java反射</a> <a href="/tags/jsonp/" style="font-size: 1.1em; color: #999">jsonp</a> <a href="/tags/license%E9%AA%8C%E8%AF%81%E7%BB%95%E8%BF%87/" style="font-size: 1.1em; color: #999">license验证绕过</a> <a href="/tags/m1-clarles/" style="font-size: 1.1em; color: #999">m1 clarles</a> <a href="/tags/m1%E6%8A%93%E5%8C%85/" style="font-size: 1.1em; color: #999">m1抓包</a> <a href="/tags/poc%E7%BC%96%E5%86%99/" style="font-size: 1.1em; color: #999">poc编写</a> <a href="/tags/s2-001/" style="font-size: 1.1em; color: #999">s2-001</a> <a href="/tags/s2-005/" style="font-size: 1.1em; color: #999">s2-005</a> <a href="/tags/sql%E6%B3%A8%E5%85%A5/" style="font-size: 1.1em; color: #999">sql注入</a> <a href="/tags/ssrf%E6%BC%8F%E6%B4%9E/" style="font-size: 1.1em; color: #999">ssrf漏洞</a> <a href="/tags/struts2/" style="font-size: 1.23em; color: #999ea6">struts2</a> <a href="/tags/thinkphp-sql%E6%B3%A8%E5%85%A5/" style="font-size: 1.1em; color: #999">thinkphp sql注入</a> <a href="/tags/webgoat/" style="font-size: 1.37em; color: #99a4b2">webgoat</a> <a href="/tags/webgoat-%E7%8E%AF%E5%A2%83%E6%9E%84%E5%BB%BA/" style="font-size: 1.1em; color: #999">webgoat 环境构建</a> <a href="/tags/webgoat-%E7%99%BB%E5%BD%95%E6%B3%A8%E5%86%8C%E6%A8%A1%E5%9D%97%E5%AE%A1%E8%AE%A1/" style="font-size: 1.23em; color: #999ea6">webgoat 登录注册模块审计</a> <a href="/tags/wireshark%E4%BD%BF%E7%94%A8/" style="font-size: 1.1em; color: #999">wireshark使用</a> <a href="/tags/xray-poc/" style="font-size: 1.1em; color: #999">xray poc</a> <a href="/tags/xss/" style="font-size: 1.1em; color: #999">xss</a> <a href="/tags/xsstrike/" style="font-size: 1.1em; color: #999">xsstrike</a> <a href="/tags/xxe%E5%AE%9E%E6%88%98/" style="font-size: 1.1em; color: #999">xxe实战</a></div></div><div class="card-widget card-archives"><div class="item-headline"><i class="fas fa-archive"></i><span>归档</span><a class="card-more-btn" href="/archives/" title="查看更多">
<i class="fas fa-angle-right"></i></a></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2022/01/"><span class="card-archive-list-date">一月 2022</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/08/"><span class="card-archive-list-date">八月 2021</span><span class="card-archive-list-count">4</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/07/"><span class="card-archive-list-date">七月 2021</span><span class="card-archive-list-count">3</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/06/"><span class="card-archive-list-date">六月 2021</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/05/"><span class="card-archive-list-date">五月 2021</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/04/"><span class="card-archive-list-date">四月 2021</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/03/"><span class="card-archive-list-date">三月 2021</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2020/10/"><span class="card-archive-list-date">十月 2020</span><span class="card-archive-list-count">2</span></a></li></ul></div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>网站资讯</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">文章数目 :</div><div class="item-count">44</div></div><div class="webinfo-item"><div class="item-name">已运行时间 :</div><div class="item-count" id="runtimeshow" data-publishDate="2020-12-11T16:00:00.000Z"></div></div><div class="webinfo-item"><div class="item-name">本站访客数 :</div><div class="item-count" id="busuanzi_value_site_uv"></div></div><div class="webinfo-item"><div class="item-name">本站总访问量 :</div><div class="item-count" id="busuanzi_value_site_pv"></div></div><div class="webinfo-item"><div class="item-name">最后更新时间 :</div><div class="item-count" id="last-push-date" data-lastPushDate="2022-04-10T14:43:47.039Z"></div></div></div></div></div></div></main><footer id="footer"><div id="footer-wrap"><div class="copyright">©2020 - 2022 <i id="heartbeat" class="fa fas fa-heartbeat"></i> h11ba1</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/HCLonely/images@master/others/heartbeat.min.css"></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="回到顶部"><i class="fas fa-arrow-up"></i></button></div></div><div id="local-search"><div class="search-dialog"><div class="search-dialog__title" id="local-search-title">本地搜索</div><div id="local-input-panel"><div id="local-search-input"><div class="local-search-box"><input class="local-search-box--input" placeholder="搜索文章" type="text"/></div></div></div><hr/><div id="local-search-results"></div><span class="search-close-button"><i class="fas fa-times"></i></span></div><div id="search-mask"></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="/js/search/local-search.js"></script><div class="js-pjax"></div><script data-pjax src="https://cdn.jsdelivr.net/gh/tzy13755126023/tzy13755126023.github.io/js/chocolate.js"></script> <script async src="https://cdn.jsdelivr.net/gh/tzy13755126023/tzy13755126023.github.io/js/cursor.js"></script><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></body></html>